fix: multiple deposits of unknown brand

packages/agoric-cli/test/agops-oracle-smoketest.sh

@@ -63,13 +63,14 @@ agd query vstorage keys published.priceFeed
 # verify that the round started
 agoric follow :published.priceFeed.ATOM-USD_price_feed.latestRound
 
+# Set it to $13 per ATOM
 # second round, first oracle
 PROPOSAL_OFFER=$(mktemp -t agops.XXX)
-bin/agops oracle pushPriceRound --price 1102 --roundId 2 --oracleAdminAcceptOfferId "$ORACLE_OFFER_ID" >|"$PROPOSAL_OFFER"
+bin/agops oracle pushPriceRound --price 120000000 --roundId 2 --oracleAdminAcceptOfferId "$ORACLE_OFFER_ID" >|"$PROPOSAL_OFFER"
 agoric wallet send --offer "$PROPOSAL_OFFER" --from gov1 --keyring-backend="test"
 # second round, second oracle
 PROPOSAL_OFFER=$(mktemp -t agops.XXX)
-bin/agops oracle pushPriceRound --price 1202 --roundId 2 --oracleAdminAcceptOfferId "$ORACLE2_OFFER_ID" >|"$PROPOSAL_OFFER"
+bin/agops oracle pushPriceRound --price 14000000 --roundId 2 --oracleAdminAcceptOfferId "$ORACLE2_OFFER_ID" >|"$PROPOSAL_OFFER"
 agoric wallet send --offer "$PROPOSAL_OFFER" --from gov2 --keyring-backend="test"
 
 # see new price

packages/inter-protocol/test/smartWallet/test-psm-integration.js

@@ -307,26 +307,15 @@ test('govern offerFilter', async t => {
   // vote didn't raise an error.
 });
 
-test('deposit unknown brand', async t => {
-  const rial = withAmountUtils(makeIssuerKit('rial'));
-  assert(rial.mint);
-
-  const wallet = await t.context.simpleProvideWallet('agoric1queue');
-
-  const payment = rial.mint.mintPayment(rial.make(1_000n));
-  // @ts-expect-error deposit does take a FarRef<Payment>
-  const result = await wallet.getDepositFacet().receive(harden(payment));
-  // successful request but not deposited
-  t.deepEqual(result, { brand: rial.brand, value: 0n });
-});
-
-test.failing('deposit > 1 payment to unknown brand #6961', async t => {
+// XXX belongs in smart-wallet package, but needs lots of set-up that's handy here.
+test('deposit multiple payments to unknown brand', async t => {
   const rial = withAmountUtils(makeIssuerKit('rial'));
 
   const wallet = await t.context.simpleProvideWallet('agoric1queue');
 
-  for await (const _ of [1, 2]) {
-    const payment = rial.mint.mintPayment(rial.make(1_000n));
+  // assume that if the call succeeds then it's in durable storage.
+  for await (const amt of [1n, 2n]) {
+    const payment = rial.mint.mintPayment(rial.make(amt));
     // @ts-expect-error deposit does take a FarRef<Payment>
     const result = await wallet.getDepositFacet().receive(harden(payment));
     // successful request but not deposited

packages/smart-wallet/src/smartWallet.js

@@ -354,7 +354,7 @@ export const prepareSmartWallet = (baggage, shared) => {
         /**
          * Put the assets from the payment into the appropriate purse.
          *
-         * If the purse doesn't exist, we hold the payment until it does.
+         * If the purse doesn't exist, we hold the payment in durable storage.
          *
          * @param {import('@endo/far').FarRef<Payment>} payment
          * @returns {Promise<Amount>} amounts for deferred deposits will be empty
@@ -374,11 +374,13 @@ export const prepareSmartWallet = (baggage, shared) => {
             return E(invitationPurse).deposit(payment);
           }
 
-          // When there is no purse, queue the payment
+          // When there is no purse, save the payment into a queue.
+          // It's not yet ever read but a future version of the contract can
           if (queues.has(brand)) {
-            queues.get(brand).push(payment);
+            const extant = queues.get(brand);
+            queues.set(brand, harden([...extant, payment]));
           } else {
-            queues.init(brand, harden([payment])); // TODO: #6961 fix this.
+            queues.init(brand, harden([payment]));
           }
           return AmountMath.makeEmpty(brand);
         },