feat: add SwapProxy contract for permit2-less swap flow

[marktoda]

---

✨ Claude-Generated Content

Summary

Introduces a stateless SwapProxy contract that enables a 2-transaction swap flow (approve + swap) without requiring Permit2 signed messages. This provides an alternative integration path for platforms that cannot or prefer not to support EIP-712 signed permits.

Changes

• Add SwapProxy.sol contract that pulls ERC20 tokens from users directly into the Universal Router, then executes UR commands with payerIsUser=false
• Add ISwapProxy.sol interface with NatSpec documentation
• Add DeploySwapProxy.s.sol deployment script
• Add comprehensive Foundry tests covering:
  • Exact input swaps via proxy
  • Exact output swaps with sweep for unused tokens
  • Revert on insufficient approval
  • Revert on expired deadline
  • Token safety checks (no tokens stuck in proxy/router)
  • Gas comparison benchmark vs direct Permit2 flow

How It Works

User -> approve SwapProxy (one-time)
User -> SwapProxy.execute() (each swap)
         |-> transferFrom(user -> UR, amount)
         |-> UR.execute(commands, inputs, deadline)

Integration Notes

• All swap commands must use payerIsUser=false
• All recipient addresses must be the user's explicit address, NOT MSG_SENDER (which resolves to the proxy contract)
• For exact output swaps, include a SWEEP command to return unused input tokens
• This contract is for token-input actions; ETH-input actions should be sent directly to the UR

[github-actions]

🤖 Claude Code Review

✅ Review complete

Clean, minimal proxy contract that enables a 2-tx (approve + swap) flow without Permit2 signatures. The design is sound:

• Stateless, no constructor, no storage -- minimal attack surface
• router as a parameter (per hensha256's feedback) avoids re-approvals on UR upgrades
• payable removed (per earlier review discussion) since this contract is for token inputs only
• Tokens transfer atomically with router.execute, so a revert in the router rolls back the transfer too
• Solmate's SafeTransferLib no-code-check caveat is documented inline

One consideration worth noting:

router parameter is caller-controlled: The user specifies which router to send tokens to and call execute on. This is fine since the caller is spending their own allowance -- a malicious router address only harms the caller themselves. But integrators should be aware that frontends must ensure the router address is correct, as a compromised frontend could direct tokens to a malicious contract. This is inherent to the design and documented well enough in the NatSpec.

Tests cover the main flows (exact in, exact out + sweep, reverts, no stuck tokens, gas comparison). Looks good to ship.

---

_{💡 Want a fresh review? Add a comment containing @request-claude-review to trigger a new review at any time.}

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

Superseded by new review after PR update

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

Superseded by new review after PR update

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

Superseded by new review after PR update

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

Superseded by new review after PR update

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

Superseded by new review after PR update

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.

[github-actions]

📋 Review verdict: APPROVE

👆 The main review comment above is the source of truth for this PR review. It is automatically updated on each review cycle, so always refer to it for the most current feedback.

This formal review submission is for the verdict only.