fix(sdk-core): bypass TSS recipient guard generically for staking intents

BSC/BNB hot wallet staking breaks after WAL-375 SDK bump because the
staking wallet calls signTransaction without txParams, and staking
intentType strings were absent from the recipient bypass set.

Instead of enumerating every staking intentType string (which drifts as
new coins add staking support), detect staking intents generically via
the presence of stakingRequestId on the intent — a required field on
BaseStakeIntent in @bitgo/public-types that all staking intents inherit.

Fix:
- NO_RECIPIENT_TX_TYPES retains only the 8 non-staking ECDSA types
- resolveEffectiveTxParams checks stakingRequestId as a generic staking
  signal; throws only if no recipients, not staking, and not an ECDSA
  no-recipient type
- Keep intent.intentType fallback so txType propagates to downstream
  verifyTssTransaction callers
- Revert verifyTssTransaction bypass list in abstractEthLikeNewCoins.ts
  back to 8 original ECDSA types
- Remove stale verifyTssTransaction override from bsc.ts (parent handles)
- Tests: updated makeTxRequest to accept stakingRequestId; realistic tests
  using delegate/stake + stakingRequestId; negative test confirms delegate
  without stakingRequestId still throws

Refs: WAL-756

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

TICKET: WAL-756

Author: mrdanish26

modules/sdk-core/src/bitgo/utils/tss/recipientUtils.ts

@@ -4,7 +4,8 @@ import { PopulatedIntent, TxRequest } from './baseTypes';
 
 /**
  * Transaction types that legitimately carry no explicit recipients.
- * verifyTransaction handles no-recipient validation for these internally.
+ * These are non-staking ECDSA types where verifyTransaction handles
+ * no-recipient validation internally.
  * Mirrors the bypass list in abstractEthLikeNewCoins.ts verifyTssTransaction.
  */
 export const NO_RECIPIENT_TX_TYPES = new Set([
@@ -15,7 +16,7 @@ export const NO_RECIPIENT_TX_TYPES = new Set([
   'consolidate',
   'bridgeFunds',
   'enableToken',
-  'customTx', // DeFi/WalletConnect smart contract interactions have no traditional recipients
+  'customTx',
 ]);
 
 /**
@@ -25,8 +26,13 @@ export const NO_RECIPIENT_TX_TYPES = new Set([
  * (native amount = 0, so buildParams is empty). Falls back to intent recipients
  * mapped to ITransactionRecipient shape when txParams.recipients is absent.
  *
+ * Staking intents (BSC delegate/undelegate, CELO stake/unstake, etc.) are
+ * identified generically by the presence of `stakingRequestId` on the intent —
+ * a required field on BaseStakeIntent in @bitgo/public-types. These intents
+ * have no txParams recipients by design; validation is done at the coin layer.
+ *
  * Throws InvalidTransactionError if no recipients can be resolved and the
- * transaction type is not a known no-recipient type.
+ * transaction is not a known no-recipient type.
  */
 export function resolveEffectiveTxParams(
   txRequest: TxRequest,
@@ -43,7 +49,21 @@ export function resolveEffectiveTxParams(
     recipients: txParams?.recipients?.length ? txParams.recipients : intentRecipients,
   };
 
-  if (!effectiveTxParams.recipients?.length && !NO_RECIPIENT_TX_TYPES.has(effectiveTxParams.type ?? '')) {
+  // Fall back to intent.intentType when txParams.type is not explicitly set.
+  // Staking wallets call signTransaction without txParams, so the type lives only in the intent.
+  const txType = effectiveTxParams.type ?? (txRequest.intent as PopulatedIntent)?.intentType ?? '';
+
+  // Propagate the resolved type so downstream callers (e.g. verifyTssTransaction) can use it.
+  if (!effectiveTxParams.type && txType) {
+    effectiveTxParams.type = txType;
+  }
+
+  // All staking intents (BSC delegate/undelegate, CELO stake/unstake, etc.) carry
+  // stakingRequestId as a required field on BaseStakeIntent (@bitgo/public-types).
+  // Use its presence as a generic staking signal — no need to enumerate every intentType.
+  const isStakingIntent = !!(txRequest.intent as any)?.stakingRequestId;
+
+  if (!effectiveTxParams.recipients?.length && !isStakingIntent && !NO_RECIPIENT_TX_TYPES.has(txType)) {
     throw new InvalidTransactionError(
       'Recipient details are required to verify this transaction before signing. Pass txParams with at least one recipient.'
     );

modules/sdk-core/test/unit/bitgo/utils/tss/recipientUtils.ts

@@ -5,11 +5,15 @@ import * as assert from 'assert';
 const getModule = () => require('../../../../../src/bitgo/utils/tss/recipientUtils');
 
 function makeTxRequest(
-  intentRecipients?: { address: { address: string }; amount: { value: string }; data?: string }[]
+  intentRecipients?: { address: { address: string }; amount: { value: string }; data?: string }[],
+  intentType = 'payment',
+  stakingRequestId?: string
 ): any {
   return {
     txRequestId: 'test-req-id',
-    intent: intentRecipients ? { intentType: 'contractCall', recipients: intentRecipients } : { intentType: 'payment' },
+    intent: intentRecipients
+      ? { intentType: 'contractCall', recipients: intentRecipients }
+      : { intentType, ...(stakingRequestId ? { stakingRequestId } : {}) },
     transactions: [],
     unsignedTxs: [],
     state: 'pendingUserSignature',
@@ -23,7 +27,7 @@ function makeTxRequest(
 
 describe('recipientUtils', function () {
   describe('NO_RECIPIENT_TX_TYPES', function () {
-    it('contains exactly the 8 expected exempted types', function () {
+    it('contains all expected exempted types', function () {
       const { NO_RECIPIENT_TX_TYPES } = getModule();
       const expected = [
         'acceleration',
@@ -105,8 +109,8 @@ describe('recipientUtils', function () {
       'tokenApproval',
       'consolidate',
       'bridgeFunds',
-      'enableToken', // TSS wallets do not populate recipients for token enablement
-      'customTx', // DeFi/WalletConnect smart contract interactions have no traditional recipients
+      'enableToken',
+      'customTx',
     ];
 
     NO_RECIPIENT_TYPES.forEach((type) => {
@@ -117,5 +121,44 @@ describe('recipientUtils', function () {
         result.type.should.equal(type);
       });
     });
+
+    it('allows staking intent with no recipients when stakingRequestId is present (BSC delegate)', function () {
+      const { resolveEffectiveTxParams } = getModule();
+      // Simulate BSC staking wallet: no txParams, intent has stakingRequestId
+      const txRequest = makeTxRequest(undefined, 'delegate', 'staking-req-123');
+      const result = resolveEffectiveTxParams(txRequest, undefined);
+      result.type.should.equal('delegate');
+    });
+
+    it('allows staking intent with no recipients when stakingRequestId is present (CELO stake)', function () {
+      const { resolveEffectiveTxParams } = getModule();
+      const txRequest = makeTxRequest(undefined, 'stake', 'staking-req-456');
+      const result = resolveEffectiveTxParams(txRequest, undefined);
+      result.type.should.equal('stake');
+    });
+
+    it('throws for unknown staking-like type without stakingRequestId', function () {
+      const { resolveEffectiveTxParams } = getModule();
+      // No stakingRequestId, no recipients, unknown type — should throw
+      const txRequest = makeTxRequest(undefined, 'delegate');
+      assert.throws(
+        () => resolveEffectiveTxParams(txRequest, undefined),
+        /Recipient details are required to verify this transaction before signing/
+      );
+    });
+
+    it('propagates intent.intentType into effectiveTxParams.type when txParams.type is absent', function () {
+      const { resolveEffectiveTxParams } = getModule();
+      const txRequest = makeTxRequest(undefined, 'stake', 'staking-req-789');
+      const result = resolveEffectiveTxParams(txRequest, {});
+      result.type.should.equal('stake');
+    });
+
+    it('does not override txParams.type when already set', function () {
+      const { resolveEffectiveTxParams } = getModule();
+      const txRequest = makeTxRequest(undefined, 'delegate', 'staking-req-000');
+      const result = resolveEffectiveTxParams(txRequest, { type: 'acceleration' });
+      result.type.should.equal('acceleration');
+    });
   });
 });