feat(examples): Add "Spending limit account" account abstraction example

[theiari]

Description of change

Implement "Account with Spending limit" example for abstract accounts.

Links to any relevant issues

fixes #8651

How the change has been tested

• Basic tests (linting, compilation, formatting, unit/integration tests)
• Patch-specific tests (correctness, functionality coverage)
• I have added tests that prove my fix is effective or that my feature works
• I have checked that new and existing unit tests pass locally with my changes

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

6 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
apps-backend	Ignored	Preview		Oct 22, 2025 2:12pm
apps-ui-kit	Ignored	Preview		Oct 22, 2025 2:12pm
iota-evm-bridge	Ignored	Preview		Oct 22, 2025 2:12pm
iota-multisig-toolkit	Ignored	Preview		Oct 22, 2025 2:12pm
rebased-explorer	Ignored	Preview		Oct 22, 2025 2:12pm
wallet-dashboard	Ignored	Preview		Oct 22, 2025 2:12pm

[TheMrAI]

Haven't checked the tests yet, just skimmed the rest.

[TheMrAI]

Now I am not entirely sure which direction we are going in, but if we want this to be in the utilities and accounts
direction, then don't forget to supply detach and rotate functions as well.

[theiari]

Same as above, added both detach and rotate in 7ae3716.

[TheMrAI]

I think this is a public function not a view one, but I get confused on this from time to time.

[theiari]

Moved to public function section here: 7ae3716.

[TheMrAI]

The pattern I tried to follow was to name the dynamic field and the containing module the same way.
spending_limit, SpendLimit, seems to be in minor inconsistency. Maybe it should be "SpendingLimit"?

[theiari]

Makes sense. I changed it to SpendingLimit in 7ae3716.

[TheMrAI]

Can you help me understand how this account type needs to work?
It looks somewhat odd that this amount is passed in as a value. The account can't really provide any protection in this regard right?
I have some vague memory that this is why we have the AuthContext, TxCommands fields, and vaguely remember you raising that there are some technical issues in calculating the gas I believe.

[Dkwcs]

Good point from Davo. It’s not clear for me how it can be used for real authentication if we trust only the passed value? I assume we need some logic behind the arguments, like Davo mentioned, using Context etc., to work with a gas.

[theiari]

Yeah, that's a good point. I guess a solution might be to rely on vector<Coin<T>> type instead of u64.
I added a possible implementation here : 7ae3716 .

Not sure if that's enough, maybe there must be some extra logic behind AuthContext

[Dkwcs]

I guess all of these empty comment sections should be cleaned up?
In account.move as well

[TheMrAI]

Not necessarily. I started using that pattern to avoid issues in the future where we violate the code conventions.
Others follow different patterns, but this is probably the cleanest as the section names should always be the same and always in the same order.

[theiari]

Just followed the latest flow 😄

[Dkwcs]

In this case it’s a minor thing, but for the full-fledged example it would be nice to have an appropriate functions to change the limit(e.g. Update())

[theiari]

Yep, you're right. Added both detach and rotate functions here: 7ae3716.

[theiari]

Not entirely sure this is ok and if it should be kept public as well

[lzpap]

I don't get how this authenticate function prevents me from spending from the account. Some coins are passed here as auth inputs, but who to say that there are no more coins as PTB inputs that the authenticated transactions can spend?

On another note, spending limit without a time frame is rather useless, no? If I can spend $100 at a time, but I can repeat it as many times as I can then it's pretty easy to overspend

If the intention is to have an account where you can only spend $X/period, it's pretty tought to implement without write access in the auth function.