Skip to content

feat: add use-refund-protocol skill#32

Open
erhnysr wants to merge 1 commit into
circlefin:masterfrom
erhnysr:add/use-refund-protocol
Open

feat: add use-refund-protocol skill#32
erhnysr wants to merge 1 commit into
circlefin:masterfrom
erhnysr:add/use-refund-protocol

Conversation

@erhnysr

@erhnysr erhnysr commented Jun 21, 2026

Copy link
Copy Markdown

Summary

Adds a new skill for integrating the Circle Refund Protocol — a non-custodial escrow system for USDC payment disputes and chargebacks on Arc.

What's included

  • 8 implementation patterns covering the full payment lifecycle: arbiter setup, pay(), withdraw(), all three refund paths (refundByRecipient, refundByArbiter, earlyWithdrawByArbiter), updateRefundTo, and debt settlement
  • TypeScript examples using viem/wagmi (consistent with other skills in this repo)
  • Solidity function signatures alongside each pattern for quick reference
  • 7 antipatterns (AP1–AP7) with ❌/✅ examples, including a prominent security warning for the known earlyWithdrawByArbiter drain vulnerability documented in the refund-protocol README
  • Decision guide table: which refund path to use in which scenario
  • Security rules + best practices in the Rules section
  • Use cases: merchant chargeback protection, gig economy milestone payouts, agent-validated escrow
  • Alternatives section pointing to use-gateway, bridge-stablecoin, and direct transfer when escrow isn't needed

Security note

The earlyWithdrawByArbiter vulnerability acknowledged in the circlefin/refund-protocol README is documented in both the skill body (Refund Path C section) and Antipattern AP7, with an explicit warning not to use it in production until Circle publishes a fix.

Related

Adds a new skill for integrating the Circle Refund Protocol on Arc — a
non-custodial escrow system for USDC payment disputes and chargebacks.

Covers:
- Full payment lifecycle: pay(), withdraw(), refundByRecipient(),
  refundByArbiter(), earlyWithdrawByArbiter()
- Arbiter setup: setLockupSeconds(), depositArbiterFunds(), settleDebt()
- 8 implementation patterns with TypeScript (viem/wagmi) + Solidity signatures
- 7 antipatterns (AP1–AP7) including the known earlyWithdrawByArbiter
  drain vulnerability, documented with an explicit security warning
- Decision guide, use cases (merchant, gig economy, agent-validated escrow),
  and alternatives
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant