Disable validation on denyList/allowList at plt token transfers

packages/sdk/CHANGELOG.md

@@ -47,6 +47,12 @@
   with `buildAccountSigner`
 - A new optional field `createPlt` to `AuthorizationsV1` which exposes the access structure for PLT creation.
 
+## 10.0.0-alpha.13
+
+### Changed
+
+- Disable `denyList`/`allowList` validation on plt token transfers.
+
 ## 10.0.0-alpha.12
 
 ### Breaking changes

packages/sdk/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@concordium/web-sdk",
-    "version": "10.0.0-alpha.12",
+    "version": "10.0.0-alpha.13",
     "license": "Apache-2.0",
     "engines": {
         "node": ">=16"

packages/sdk/src/plt/Token.ts

@@ -18,7 +18,7 @@
     TokenAddDenyListOperation,
     TokenBurnOperation,
     TokenMintOperation,
     TokenModuleAccountState,
     TokenModuleState,
     TokenOperation,
     TokenOperationType,
@@ -375,26 +375,29 @@
         throw new InsufficientFundsError(sender, TokenAmount.fromDecimal(payloadTotal, decimals));
     }
 
-    if (!token.moduleState.allowList && !token.moduleState.denyList) {
-        // If the token neither has a deny list nor allow list, we can skip the check.
-        return true;
-    }
-
-    // Check that sender and all receivers are NOT on the deny list (if present), or that they are included in the allow list (if present).
-    const receiverInfos = await Promise.all(payloads.map((p) => token.grpc.getAccountInfo(p.recipient.address)));
-    const accounts = [senderInfo, ...receiverInfos];
-    accounts.forEach((r) => {
-        const accountToken = r.accountTokens.find((t) => t.id.value === token.info.id.value)?.state;
-        const accountModuleState =
-            accountToken?.moduleState === undefined
-                ? undefined
-                : (Cbor.decode(accountToken.moduleState) as TokenModuleAccountState);
-
-        if (token.moduleState.denyList && accountModuleState?.denyList)
-            throw new NotAllowedError(TokenHolder.fromAccountAddress(r.accountAddress));
-        if (token.moduleState.allowList && !accountModuleState?.allowList)
-            throw new NotAllowedError(TokenHolder.fromAccountAddress(r.accountAddress));
-    });
+    // FIXME: This is currently disable as a hacky-fix until some changes in the node are implemented/released.
+    // https://linear.app/concordium/issue/COR-1650/empty-deny-list-blocking-transfer
+
+    // if (!token.moduleState.allowList && !token.moduleState.denyList) {
+    //     // If the token neither has a deny list nor allow list, we can skip the check.
+    //     return true;
+    // }
+
+    // // Check that sender and all receivers are NOT on the deny list (if present), or that they are included in the allow list (if present).
+    // const receiverInfos = await Promise.all(payloads.map((p) => token.grpc.getAccountInfo(p.recipient.address)));
+    // const accounts = [senderInfo, ...receiverInfos];
+    // accounts.forEach((r) => {
+    //     const accountToken = r.accountTokens.find((t) => t.id.value === token.info.id.value)?.state;
+    //     const accountModuleState =
+    //         accountToken?.moduleState === undefined
+    //             ? undefined
+    //             : (Cbor.decode(accountToken.moduleState) as TokenModuleAccountState);
+
+    //     if (token.moduleState.denyList && accountModuleState?.denyList)
+    //         throw new NotAllowedError(TokenHolder.fromAccountAddress(r.accountAddress));
+    //     if (token.moduleState.allowList && !accountModuleState?.allowList)
+    //         throw new NotAllowedError(TokenHolder.fromAccountAddress(r.accountAddress));
+    // });
 
     return true;
 }