Cherry-picking commits from main to release/8.0.0 for PR #32062

[runway-github]

• fix(money-account): use celing division in getSharesForWithdrawal cp-8.0.0 (fix(money-account): use celing division in getSharesForWithdrawal cp-8.0.0 #32062)

Description

mUSD withdrawals were failing intermittently with
TellerWithMultiAssetSupport__MinimumAssetsNotMet (0x9883d840). The
root cause is a double-truncation bug: getSharesForWithdrawal() uses
BigInt floor division to compute the number of shares, and then the
on-chain teller's mulDivDown floors again when converting shares back
to assets. This causes assetsOut to land up to 1 base unit below
minimumAssets, triggering a revert.

For example, a $1.96 withdrawal at rate ≈1,000,094 computed shareAmount = 1,959,815 (floored), which the contract converted back to assetsOut = 1,959,999 — 1 unit below the minimumAssets of 1,960,000. A $1.00
withdrawal at the same rate passed only by coincidence (the double-floor
happened to land exactly on the minimum).

This PR applies two defense-in-depth fixes in
moneyAccountTransactions.ts:

1. Ceiling division for shares: getSharesForWithdrawal now uses
   (amount * SCALAR + rate - 1n) / rate instead of floor division,
   guaranteeing enough shares to cover the requested withdrawal amount
   after the contract's mulDivDown.
2. 1-unit slippage on minimumAssets: minimumAssets is now set to
   amount - 1n (with a 0n guard) instead of the exact amount. This
   tolerates any residual rounding error without affecting the user — the
   subsequent ERC-20 transfer still uses the original amount.

Changelog

CHANGELOG entry: Fixed a bug causing mUSD withdrawals to fail
intermittently due to a rounding precision error

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/MUSD-1029

Manual testing steps

Feature: mUSD withdrawal rounding fix

  Scenario: user withdraws a non-round mUSD amount successfully
    Given the user has an mUSD money account with a balance of at least $5
    And the vault rate is not exactly 1:1

    When user initiates a withdrawal of $1.96
    Then the withdrawal transaction completes successfully
    And the user receives the expected USDC amount

  Scenario: user withdraws $1.00 successfully
    Given the user has an mUSD money account with a balance of at least $2

    When user initiates a withdrawal of $1.00
    Then the withdrawal transaction completes successfully

  Scenario: repeated withdrawals have a high success rate
    Given the user has an mUSD money account with sufficient balance

    When user performs 10+ withdrawals of varying amounts ($1.00, $1.50, $1.96, $2.50, $5.00)
    Then all withdrawal transactions complete successfully
    And none revert with MinimumAssetsNotMet

Joao Tavares' visual agent testing tool can be used to run withdrawals
at volume against a branch to verify success rate (previously very low,
should now be ~100%).

Screenshots/Recordings

N/A — This is a pure arithmetic fix in transaction encoding logic with
no UI changes. Verification is via automated withdrawal testing and unit
tests.

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor
  Docs and MetaMask Mobile
  Coding
  Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format
  if applicable
• I've applied the right labels on the PR (see labeling
  guidelines).
  Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
• Use these power-user
  SRPs
  to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production
  performance metrics
• See trace() for usage and
  addToken
  for an example

For performance guidelines and tooling, see the Performance
Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the
  app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described
  in the ticket it closes and includes the necessary testing evidence such
  as recordings and or screenshots.

---

Note

Medium Risk
Touches live withdrawal transaction encoding for money accounts; logic
is narrow and well-tested but incorrect rounding could still affect
on-chain success or slippage checks.

Overview
Fixes intermittent mUSD withdrawal reverts from
MinimumAssetsNotMet when floor division in
getSharesForWithdrawal and on-chain mulDivDown both
truncate, so assetsOut can sit one base unit below the encoded
minimum.

getSharesForWithdrawal now uses ceiling division so share
count is high enough that contract-side conversion back to assets meets
the requested amount. buildMoneyAccountWithdrawBatch sets
minimumAssets to amount - 1 (or 0 for zero-amount
placeholder batches) as a second guard; the follow-on ERC-20 transfer
still uses the full amount, so payout to the user is unchanged.

Tests add the reported $1.96 case, rate sweeps, and calldata
checks for shareAmount and minimumAssets.

^{Reviewed by Cursor Bugbot for commit
b43d77d. Bugbot is set up for automated
code reviews on this repo. Configure
here.}

[2c1e0b9](https://github.com/MetaMask/metamask-mobile/commit/2c1e0b92164ca2e945f5f5255a98c08a0b512a9e)

[github-actions]

🔍 Smart E2E Test Selection

⏭️ Smart E2E selection skipped - PR targets a release or stable branch (release/* or stable)

All E2E tests pre-selected.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud