Access keys authorized with a per-period spending limit (e.g. 10 pathUSD per day) can't silent-sign on mppx-served payment pages. The wallet approval dialog opens instead, because the chain rejects the tx with a KeyAuthorization signer-recovery error.
What's happening
The KeyAuthorization is signed correctly with period at authorization time. But when mppx's bundled Tempo button builds the eth_estimateGas / eth_sendTransaction call, period gets dropped from limits[]:
// What was signed (in IDB):
"limits": [{ "token": "0x20c0…", "limit": "0x989680", "period": 86400 }]
// What goes on-chain:
"limits": [{ "token": "0x20c0…", "limit": "0x989680" }]The chain recomputes the typed-data digest from the period-less payload, gets a different hash than what was signed, and can't recover the signer:
Revm error: failed to recover signer from KeyAuthorization signature
Where it comes from
pnpm-workspace.yaml overrides pin ox: '0.14.7', which predates period in KeyAuthorization (the field was added around 0.14.12). The bundled serializer therefore doesn't know about the field and silently drops it when encoding.
The override is also out of sync with the main package.json, which declares "ox": "0.14.15". The override wins, so 0.14.7 is what actually runs everywhere.
Repro
- Authorize a Tempo access key with
limits[0].period: 86400 (per day)
- Open a payment link served via
tempo.charge
- Click Pay → approval dialog opens with
eth_sendTransaction instead of signing silently
Limits without period work fine because the signed digest and the on-chain payload have the same shape.
Fix
Aligning both ox declarations on 0.14.18:
pnpm-workspace.yaml: override 0.14.7 → 0.14.18package.json: "ox": "0.14.15" → "ox": "0.14.18"
Both sources agree, the override stays exact-pin, and the bundled serializer handles period. Tested locally against mpp-playground.
Access keys authorized with a per-period spending limit (e.g.
10 pathUSD per day) can't silent-sign on mppx-served payment pages. The wallet approval dialog opens instead, because the chain rejects the tx with aKeyAuthorizationsigner-recovery error.What's happening
The
KeyAuthorizationis signed correctly withperiodat authorization time. But when mppx's bundled Tempo button builds theeth_estimateGas/eth_sendTransactioncall,periodgets dropped fromlimits[]:The chain recomputes the typed-data digest from the period-less payload, gets a different hash than what was signed, and can't recover the signer:
Where it comes from
pnpm-workspace.yamloverrides pinox: '0.14.7', which predatesperiodinKeyAuthorization(the field was added around0.14.12). The bundled serializer therefore doesn't know about the field and silently drops it when encoding.The override is also out of sync with the main
package.json, which declares"ox": "0.14.15". The override wins, so0.14.7is what actually runs everywhere.Repro
limits[0].period: 86400(per day)tempo.chargeeth_sendTransactioninstead of signing silentlyLimits without
periodwork fine because the signed digest and the on-chain payload have the same shape.Fix
Aligning both
oxdeclarations on0.14.18:pnpm-workspace.yaml: override0.14.7→0.14.18package.json:"ox": "0.14.15"→"ox": "0.14.18"Both sources agree, the override stays exact-pin, and the bundled serializer handles
period. Tested locally against mpp-playground.