Skip to content

feat(tokens): hide legacy non-upgradeable Hypha Platform tokens (HCREDITS, HVOICE)#2312

Open
n0umen0n wants to merge 2 commits into
mainfrom
hide-legacy-hcredits-token
Open

feat(tokens): hide legacy non-upgradeable Hypha Platform tokens (HCREDITS, HVOICE)#2312
n0umen0n wants to merge 2 commits into
mainfrom
hide-legacy-hcredits-token

Conversation

@n0umen0n

@n0umen0n n0umen0n commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Summary

The Hypha Platform space (web3 space id 241) has two legacy space tokens — HCREDITS (0xb8591aDE4ceDA2dd14B1924dC81D23B765C2820d) and HVOICE (0x24e0b2bfee025d57a19f9dae4c3849a4a6bf9626). On-chain investigation showed both are directly-deployed, non-proxy contracts:

  • All ERC1967 proxy slots are empty; no upgradeTo / upgradeToAndCall / proxiableUUIDnot upgradeable.
  • They're an older contract generation (no isAuthorizedMinter), and their burnFrom lacks the executor privilege the current burn-proposal flow relies on, so they can't be burned via a DAO proposal either.

Since they can't be upgraded or retired through governance, this PR hides them from the UI so they no longer appear in treasuries, profiles, holder breakdowns, transfer pickers, or vaults. (New replacement tokens issued through the current factory get new addresses and are unaffected.)

Changes

  • Add a centralized HIDDEN_TOKEN_ADDRESSES denylist + isHiddenToken() helper in packages/core/src/common/web3/tokens.ts.
  • Apply the filter at every token-listing surface:
    • Treasury assets (spaces/[spaceSlug]/assets and assets-without-balances)
    • Profile assets (people/[personSlug]/assets)
    • Holder breakdown (getTokenHoldingsBySpaceSlug)
    • Transfer pickers (wallet-transferable-tokens)
    • Vaults (spaces/[spaceSlug]/vaults)
    • All DB-token-driven lists (findAllTokens)

Filters run after the Hypha-Platform shared-token injection in getTokenHoldingsBySpaceSlug, so the denylist still wins there. Filters are placed before the per-token RPC/multicall work, so the heavier endpoints make slightly fewer calls.

Test plan

  • Hypha Platform treasury no longer lists HCREDITS / HVOICE
  • Member profiles no longer show HCREDITS / HVOICE balances
  • Token holdings view for hypha-platform excludes both tokens
  • Transfer / mint / burn token pickers don't offer them
  • Other spaces' tokens are unaffected

Made with Cursor

n0umen0n and others added 2 commits June 8, 2026 11:11
@n0umen0n
feat(tokens): filter out hidden tokens from various asset routes
2b5ed40 
Updated multiple asset retrieval routes to exclude hidden tokens using the new isHiddenToken utility. This change ensures that deprecated or non-visible tokens are not included in the token lists returned by the API, enhancing the clarity and relevance of the data presented to users.
@n0umen0n @cursoragent
feat(tokens): hide legacy HVOICE token from UI
74cf45f 
Add the Hypha Platform (space 241) HVOICE contract to the hidden-token
denylist. Like HCREDITS, it is a non-upgradeable, directly-deployed legacy
token that cannot be managed via governance.

Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@n0umen0n, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 13 minutes and 30 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 28e2f3d6-b4cd-46d8-a57f-03dd87b36a4a

📥 Commits

Reviewing files that changed from the base of the PR and between ddfc617 and 74cf45f.

📒 Files selected for processing (8)
  • apps/web/src/app/api/v1/people/[personSlug]/assets/route.ts
  • apps/web/src/app/api/v1/spaces/[spaceSlug]/assets-without-balances/route.ts
  • apps/web/src/app/api/v1/spaces/[spaceSlug]/assets/route.ts
  • apps/web/src/app/api/v1/spaces/[spaceSlug]/vaults/route.ts
  • apps/web/src/app/api/v1/spaces/[spaceSlug]/wallet-transferable-tokens/route.ts
  • packages/core/src/assets/server/queries.ts
  • packages/core/src/common/web3/tokens.ts
  • packages/core/src/governance/server/get-token-holdings-by-space-slug.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch hide-legacy-hcredits-token

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown

🔗 Custom preview URL: https://pr-2312.preview-app.hypha.earth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@n0umen0n