fix

corey · corey · commit 36856e490c51 · 2025-12-30T10:47:19.000+08:00
diff --git a/token-price-oracle/client/l2_client.go b/token-price-oracle/client/l2_client.go
@@ -70,15 +70,18 @@ func NewL2Client(rpcURL string, cfg *config.Config) (*L2Client, error) {
 		fromAddr := common.HexToAddress(cfg.ExternalSignAddress)
 		ethSigner := types.NewLondonSigner(chainID)
 
-		// Create opts with a placeholder signer for building transactions
-		// The actual signing will be done by external signer
+		// Create opts with a placeholder signer for building transactions.
+		// This allows contract bindings to construct transaction objects so we can
+		// extract the calldata and target address. The placeholder signature is never
+		// actually broadcast - the real signing happens via external signer.
+		// SAFETY: NoSend is always true, and tx_manager.go only extracts To() and Data()
+		// from the placeholder tx, then creates a new properly signed transaction.
 		l2Client.opts = &bind.TransactOpts{
 			From:   fromAddr,
-			NoSend: true, // We'll handle sending manually
+			NoSend: true, // CRITICAL: Must always be true for external signing mode
 			Signer: func(address common.Address, tx *types.Transaction) (*types.Transaction, error) {
-				// This is a placeholder signer - we don't actually sign here
-				// The transaction will be signed by external signer later
-				// We need to return the transaction with correct signer hash for gas estimation
+				// Placeholder signer - returns tx with dummy signature to satisfy bind package.
+				// This tx is NEVER sent; only used to extract calldata for external signing.
 				return tx.WithSignature(ethSigner, make([]byte, 65))
 			},
 		}
diff --git a/token-price-oracle/config/config.go b/token-price-oracle/config/config.go
@@ -229,8 +229,8 @@ func LoadConfig(ctx *cli.Context) (*Config, error) {
 		if cfg.ExternalSignAddress == "" || cfg.ExternalSignUrl == "" ||
 			cfg.ExternalSignAppid == "" || cfg.ExternalSignChain == "" ||
 			cfg.ExternalSignRsaPriv == "" {
-			return nil, fmt.Errorf("external sign is enabled but missing required config: address=%s, url=%s, appid=%s, chain=%s",
-				cfg.ExternalSignAddress, cfg.ExternalSignUrl, cfg.ExternalSignAppid, cfg.ExternalSignChain)
+			return nil, fmt.Errorf("external sign is enabled but missing required config: address=%s, url=%s, appid=%s, chain=%s, rsa_priv_set=%t",
+				cfg.ExternalSignAddress, cfg.ExternalSignUrl, cfg.ExternalSignAppid, cfg.ExternalSignChain, cfg.ExternalSignRsaPriv != "")
 		}
 
 		// Validate address format
diff --git a/token-price-oracle/updater/tx_manager.go b/token-price-oracle/updater/tx_manager.go
@@ -116,6 +116,33 @@ func (m *TxManager) sendWithExternalSign(ctx context.Context, txFunc func(*bind.
 		return nil, fmt.Errorf("external signer is not initialized")
 	}
 
+	fromAddr := m.l2Client.WalletAddress()
+
+	// Check if there are pending transactions by comparing nonces
+	confirmedNonce, err := m.l2Client.GetClient().NonceAt(ctx, fromAddr, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get confirmed nonce: %w", err)
+	}
+
+	pendingNonce, err := m.l2Client.GetClient().PendingNonceAt(ctx, fromAddr)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get pending nonce: %w", err)
+	}
+
+	if pendingNonce > confirmedNonce {
+		// There are pending transactions, don't send new one
+		log.Warn("Found pending transactions, skipping this round",
+			"address", fromAddr.Hex(),
+			"confirmed_nonce", confirmedNonce,
+			"pending_nonce", pendingNonce,
+			"pending_count", pendingNonce-confirmedNonce)
+		return nil, fmt.Errorf("pending transactions exist (confirmed: %d, pending: %d)", confirmedNonce, pendingNonce)
+	}
+
+	log.Info("No pending transactions, proceeding to send",
+		"address", fromAddr.Hex(),
+		"nonce", confirmedNonce)
+
 	// Get transaction options (returns a copy) with NoSend=true to get calldata
 	auth := m.l2Client.GetOpts()
 	auth.Context = ctx
