@aptos-labs/ts-sdk 3.0.0 → 3.1.1

package/src/internal/account.ts

@@ -17,6 +17,9 @@ import {
 } from "../client";
 import {
   AccountData,
+  AnyNumber,
+  anyPublicKeyVariantToString,
+  CommittedTransactionResponse,
   CursorPaginationArgs,
   GetAccountCoinsDataResponse,
   GetAccountCollectionsWithOwnedTokenResponse,
@@ -31,12 +34,28 @@ import {
   PaginationArgs,
   PendingTransactionResponse,
   TokenStandardArg,
-  TransactionResponse,
   WhereArg,
 } from "../types";
 import { AccountAddress, AccountAddressInput } from "../core/accountAddress";
-import { Account, Ed25519Account, MultiEd25519Account } from "../account";
-import { AnyPublicKey, Ed25519PublicKey, PrivateKey } from "../core/crypto";
+import {
+  Account,
+  Ed25519Account,
+  FederatedKeylessAccount,
+  KeylessAccount,
+  MultiEd25519Account,
+  MultiKeyAccount,
+  SingleKeyAccount,
+} from "../account";
+import {
+  AbstractMultiKey,
+  AccountPublicKey,
+  AnyPublicKey,
+  BaseAccountPublicKey,
+  Ed25519PublicKey,
+  MultiEd25519PublicKey,
+  MultiKey,
+  PrivateKeyInput,
+} from "../core/crypto";
 import { queryIndexer } from "./general";
 import { getModule as getModuleUtil, getInfo as getInfoUtil } from "./utils";
 import {
@@ -48,6 +67,8 @@ import {
   GetAccountOwnedTokensQuery,
   GetAccountTokensCountQuery,
   GetAccountTransactionsCountQuery,
+  GetAuthKeysForPublicKeyQuery,
+  GetAccountAddressesForAuthKeyQuery,
 } from "../types/generated/operations";
 import {
   GetAccountCoinsCount,
@@ -58,16 +79,27 @@ import {
   GetAccountOwnedTokensFromCollection,
   GetAccountTokensCount,
   GetAccountTransactionsCount,
+  GetAuthKeysForPublicKey,
+  GetAccountAddressesForAuthKey,
 } from "../types/generated/queries";
-import { Secp256k1PrivateKey, AuthenticationKey, Ed25519PrivateKey, createObjectAddress } from "../core";
+import { Secp256k1PrivateKey, AuthenticationKey, Ed25519PrivateKey, createObjectAddress, Hex } from "../core";
 import { CurrentFungibleAssetBalancesBoolExp } from "../types/generated/types";
 import { getTableItem } from "./table";
 import { APTOS_COIN } from "../utils";
 import { AptosApiError } from "../errors";
+import { Deserializer } from "../bcs";
 import { signAndSubmitTransaction, generateTransaction } from "./transactionSubmission";
-import { EntryFunctionABI, RotationProofChallenge, TypeTagU8, TypeTagVector } from "../transactions";
+import {
+  EntryFunctionABI,
+  InputGenerateTransactionOptions,
+  RotationProofChallenge,
+  TypeTagU8,
+  TypeTagVector,
+} from "../transactions";
 import { U8, MoveVector } from "../bcs";
-import { waitForTransaction } from "./transaction";
+import { waitForTransaction, waitForIndexer } from "./transaction";
+import { view } from "./view";
+import { getLedgerInfo } from "./general";
 
 /**
  * Retrieves account information for a specified account address.
@@ -183,9 +215,9 @@ export async function getTransactions(args: {
   aptosConfig: AptosConfig;
   accountAddress: AccountAddressInput;
   options?: PaginationArgs;
-}): Promise<TransactionResponse[]> {
+}): Promise<CommittedTransactionResponse[]> {
   const { aptosConfig, accountAddress, options } = args;
-  return paginateWithCursor<{}, TransactionResponse[]>({
+  return paginateWithCursor<{}, CommittedTransactionResponse[]>({
     aptosConfig,
     originMethod: "getTransactions",
     path: `accounts/${AccountAddress.from(accountAddress).toString()}/transactions`,
@@ -755,61 +787,44 @@ export async function getAccountOwnedObjects(args: {
 
 /**
  * Derives an account from the provided private key and Aptos configuration.
- * This function helps in obtaining the account details associated with a given private key,
- * considering both unified and legacy authentication schemes.
+ *
+ * This function queries all owned accounts for the provided private key and returns the most
+ * recently used account. If no account is found, it will throw an error unless `throwIfNoAccountFound` is set to false.
+ *
+ * If `throwIfNoAccountFound` is set to false, the function will return the default account for the private key via `Account.fromPrivateKey`.
  *
  * NOTE: There is a potential issue once the unified single signer scheme is adopted by the community.
  * Because one could create two accounts with the same private key with this new authenticator type,
- * we’ll need to determine the order in which we look up the accounts: first unified scheme and then legacy scheme,
+ * we'll need to determine the order in which we look up the accounts: first unified scheme and then legacy scheme,
  * or first legacy scheme and then unified scheme.
  *
  * @param args - The arguments for deriving the account.
  * @param args.aptosConfig - The Aptos configuration used for account lookup.
  * @param args.privateKey - The private key used to derive the account.
+ * @param args.options.throwIfNoAccountFound - If true, throw an error if no existing account is found on chain. Default is false.
  * @throws Error if the account cannot be derived from the private key.
  * @group Implementation
  * @deprecated Note that more inspection is needed by the user to determine which account exists on-chain
  */
 export async function deriveAccountFromPrivateKey(args: {
   aptosConfig: AptosConfig;
-  privateKey: PrivateKey;
+  privateKey: PrivateKeyInput;
+  options?: {
+    throwIfNoAccountFound?: boolean;
+  };
 }): Promise<Account> {
-  const { aptosConfig, privateKey } = args;
-  const publicKey = new AnyPublicKey(privateKey.publicKey());
-
-  if (privateKey instanceof Secp256k1PrivateKey) {
-    // private key is secp256k1, therefore we know it for sure uses a single signer key
-    const authKey = AuthenticationKey.fromPublicKey({ publicKey });
-    const address = authKey.derivedAddress();
-    return Account.fromPrivateKey({ privateKey, address });
-  }
+  const { aptosConfig, privateKey, options } = args;
+  const throwIfNoAccountFound = options?.throwIfNoAccountFound ?? false;
 
-  if (privateKey instanceof Ed25519PrivateKey) {
-    // lookup legacy ed25519
-    const legacyAuthKey = AuthenticationKey.fromPublicKey({
-      publicKey: publicKey.publicKey as Ed25519PublicKey,
-    });
-    const isLegacyEd25519 = await isAccountExist({ authKey: legacyAuthKey, aptosConfig });
-    if (isLegacyEd25519) {
-      const address = legacyAuthKey.derivedAddress();
-      return Account.fromPrivateKey({ privateKey, address, legacy: true });
-    }
-    // lookup single sender ed25519
-    const singleSenderTransactionAuthenticatorAuthKey = AuthenticationKey.fromPublicKey({
-      publicKey,
-    });
-    const isSingleSenderTransactionAuthenticator = await isAccountExist({
-      authKey: singleSenderTransactionAuthenticatorAuthKey,
-      aptosConfig,
-    });
-    if (isSingleSenderTransactionAuthenticator) {
-      const address = singleSenderTransactionAuthenticatorAuthKey.derivedAddress();
-      return Account.fromPrivateKey({ privateKey, address, legacy: false });
+  const accounts = await deriveOwnedAccountsFromPrivateKey({ aptosConfig, privateKey });
+  if (accounts.length === 0) {
+    if (throwIfNoAccountFound) {
+      throw new Error(`No existing account found for private key.`);
     }
+    // If no account is found, return the default account. This is a legacy account for Ed25519 private keys.
+    return Account.fromPrivateKey({ privateKey });
   }
-  // if we are here, it means we couldn't find an address with an
-  // auth key that matches the provided private key
-  throw new Error(`Can't derive account from private key ${privateKey}`);
+  return accounts[0];
 }
 
 /**
@@ -830,18 +845,73 @@ export async function isAccountExist(args: { aptosConfig: AptosConfig; authKey:
     authenticationKey: authKey.derivedAddress(),
   });
 
+  return doesAccountExistAtAddress({ aptosConfig, accountAddress });
+}
+
+/**
+ * Checks if an account exists at a given address.
+ *
+ * @param args - The arguments for checking account existence.
+ * @param args.aptosConfig - The configuration for the Aptos client.
+ * @param args.accountAddress - The address of the account to check.
+ * @param args.options.withAuthKey - An optional authentication key which will also be checked against if provided.
+ * @returns A promise that resolves to a boolean indicating whether the account exists.
+ * @group Implementation
+ */
+async function doesAccountExistAtAddress(args: {
+  aptosConfig: AptosConfig;
+  accountAddress: AccountAddress;
+  options?: { withAuthKey?: AuthenticationKey };
+}): Promise<boolean> {
+  const { aptosConfig, accountAddress, options } = args;
   try {
-    await getInfo({
-      aptosConfig,
-      accountAddress,
-    });
-    return true;
-  } catch (error: any) {
-    // account not found
-    if (error.status === 404) {
+    // Get the account resources and the balance of the account.  We need to check both because
+    // an account resource can exist with 0 balance and a balance can exist without an account resource (light accounts).
+    const [resources, ownedObjects] = await Promise.all([
+      getResources({
+        aptosConfig,
+        accountAddress,
+      }),
+      getAccountOwnedObjects({
+        aptosConfig,
+        accountAddress,
+        options: {
+          limit: 1,
+        },
+      }),
+    ]);
+
+    const accountResource: MoveResource<{ authentication_key: string }> | undefined = resources.find(
+      (r) => r.type === "0x1::account::Account",
+    ) as MoveResource<{ authentication_key: string }> | undefined;
+
+    // If the account resource is not found and the balance is 0, then the account does not exist.
+    if (!accountResource && ownedObjects.length === 0) {
       return false;
     }
-    throw new Error(`Error while looking for an account info ${accountAddress.toString()}`);
+
+    // If no auth key is provided as an argument, return true.
+    if (!options?.withAuthKey) {
+      return true;
+    }
+
+    // Get the auth key from the account resource if it exists. If the account resource does not exist,
+    // then the auth key is the account address by default.
+    let authKey;
+    if (accountResource) {
+      authKey = accountResource.data.authentication_key;
+    } else {
+      authKey = accountAddress.toStringLong();
+    }
+
+    if (authKey !== options.withAuthKey.toString()) {
+      return false;
+    }
+
+    // Else the account exists and the auth key matches.
+    return true;
+  } catch (error: any) {
+    throw new Error(`Error while checking if account exists at ${accountAddress.toString()}: ${error}`);
   }
 }
 
@@ -888,27 +958,34 @@ export async function rotateAuthKey(
   args: {
     aptosConfig: AptosConfig;
     fromAccount: Account;
+    options?: InputGenerateTransactionOptions;
   } & (
     | { toAccount: Account; dangerouslySkipVerification?: never }
     | { toNewPrivateKey: Ed25519PrivateKey; dangerouslySkipVerification?: never }
     | { toAuthKey: AuthenticationKey; dangerouslySkipVerification: true }
   ),
 ): Promise<PendingTransactionResponse> {
-  const { aptosConfig, fromAccount, dangerouslySkipVerification } = args;
+  const { aptosConfig, fromAccount, dangerouslySkipVerification, options } = args;
   if ("toNewPrivateKey" in args) {
     return rotateAuthKeyWithChallenge({
       aptosConfig,
       fromAccount,
       toNewPrivateKey: args.toNewPrivateKey,
+      options,
     });
   }
   let authKey: AuthenticationKey;
   if ("toAccount" in args) {
     if (args.toAccount instanceof Ed25519Account) {
-      return rotateAuthKeyWithChallenge({ aptosConfig, fromAccount, toNewPrivateKey: args.toAccount.privateKey });
+      return rotateAuthKeyWithChallenge({
+        aptosConfig,
+        fromAccount,
+        toNewPrivateKey: args.toAccount.privateKey,
+        options,
+      });
     }
     if (args.toAccount instanceof MultiEd25519Account) {
-      return rotateAuthKeyWithChallenge({ aptosConfig, fromAccount, toAccount: args.toAccount });
+      return rotateAuthKeyWithChallenge({ aptosConfig, fromAccount, toAccount: args.toAccount, options });
     }
     authKey = args.toAccount.publicKey.authKey();
   } else if ("toAuthKey" in args) {
@@ -921,6 +998,7 @@ export async function rotateAuthKey(
     aptosConfig,
     fromAccount,
     toAuthKey: authKey,
+    options,
   });
 
   if (dangerouslySkipVerification === true) {
@@ -957,9 +1035,10 @@ async function rotateAuthKeyWithChallenge(
   args: {
     aptosConfig: AptosConfig;
     fromAccount: Account;
+    options?: InputGenerateTransactionOptions;
   } & ({ toNewPrivateKey: Ed25519PrivateKey } | { toAccount: MultiEd25519Account }),
 ): Promise<PendingTransactionResponse> {
-  const { aptosConfig, fromAccount } = args;
+  const { aptosConfig, fromAccount, options } = args;
   const accountInfo = await getInfo({
     aptosConfig,
     accountAddress: fromAccount.accountAddress,
@@ -1000,6 +1079,7 @@ async function rotateAuthKeyWithChallenge(
       ],
       abi: rotateAuthKeyAbi,
     },
+    options,
   });
   return signAndSubmitTransaction({
     aptosConfig,
@@ -1017,8 +1097,9 @@ async function rotateAuthKeyUnverified(args: {
   aptosConfig: AptosConfig;
   fromAccount: Account;
   toAuthKey: AuthenticationKey;
+  options?: InputGenerateTransactionOptions;
 }): Promise<PendingTransactionResponse> {
-  const { aptosConfig, fromAccount, toAuthKey } = args;
+  const { aptosConfig, fromAccount, toAuthKey, options } = args;
   const authKey = toAuthKey;
   const rawTxn = await generateTransaction({
     aptosConfig,
@@ -1028,6 +1109,7 @@ async function rotateAuthKeyUnverified(args: {
       functionArguments: [MoveVector.U8(authKey.toUint8Array())],
       abi: rotateAuthKeyUnverifiedAbi,
     },
+    options,
   });
   return signAndSubmitTransaction({
     aptosConfig,
@@ -1035,3 +1117,388 @@ async function rotateAuthKeyUnverified(args: {
     transaction: rawTxn,
   });
 }
+
+export type AccountInfo = {
+  accountAddress: AccountAddress;
+  publicKey: BaseAccountPublicKey;
+  lastTransactionVersion: number;
+};
+
+export async function getAccountsForPublicKey(args: {
+  aptosConfig: AptosConfig;
+  publicKey: BaseAccountPublicKey;
+  options?: { includeUnverified?: boolean; noMultiKey?: boolean };
+}): Promise<AccountInfo[]> {
+  const { aptosConfig, publicKey, options } = args;
+  const noMultiKey = options?.noMultiKey ?? false;
+  if (noMultiKey && publicKey instanceof AbstractMultiKey) {
+    throw new Error("Multi-key accounts are not supported when noMultiKey is true.");
+  }
+  const allPublicKeys: BaseAccountPublicKey[] = [publicKey];
+
+  // For Ed25519, we add the both the legacy Ed25519PublicKey and the new AnyPublicKey form.
+  if (publicKey instanceof AnyPublicKey && publicKey.publicKey instanceof Ed25519PublicKey) {
+    allPublicKeys.push(publicKey.publicKey);
+  } else if (publicKey instanceof Ed25519PublicKey) {
+    allPublicKeys.push(new AnyPublicKey(publicKey));
+  }
+
+  // Run both operations in parallel
+  const [defaultAccountData, multiPublicKeys] = await Promise.all([
+    // Check the provided public key for the default account. In the case of Ed25519, this will check both the legacy Ed25519PublicKey
+    // and the AnyPublicKey form and may an existing account for each.
+    Promise.all(
+      allPublicKeys.map(async (publicKey) => {
+        const addressAndLastTxnVersion = await getDefaultAccountInfoForPublicKey({ aptosConfig, publicKey });
+        if (addressAndLastTxnVersion) {
+          return { ...addressAndLastTxnVersion, publicKey };
+        }
+        return undefined;
+      }),
+    ),
+    // Get multi-keys for the provided public key if not already a multi-key.
+    !(publicKey instanceof AbstractMultiKey) && !noMultiKey
+      ? getMultiKeysForPublicKey({ aptosConfig, publicKey, options })
+      : Promise.resolve([]),
+  ]);
+
+  const result: {
+    accountAddress: AccountAddress;
+    publicKey: BaseAccountPublicKey;
+    lastTransactionVersion: number;
+  }[] = [];
+
+  // Add any default accounts that exist to the result.
+  for (const data of defaultAccountData) {
+    if (data) {
+      result.push(data);
+    }
+  }
+
+  // Add any multi-keys to allPublicKeys
+  allPublicKeys.push(...multiPublicKeys);
+
+  // Get a map of the auth key to the public key for all public keys.
+  const authKeyToPublicKey = new Map(allPublicKeys.map((key) => [key.authKey().toString(), key]));
+
+  // Get the account addresses for the auth keys.
+  const authKeyAccountAddressPairs = await getAccountAddressesForAuthKeys({
+    aptosConfig,
+    authKeys: allPublicKeys.map((key) => key.authKey()),
+    options,
+  });
+
+  for (const authKeyAccountAddressPair of authKeyAccountAddressPairs) {
+    // Skip if the account address is already in the result.
+    // This can happen in the rare edge case where the default account has been rotated but has been rotated back to the original auth key.
+    if (result.find((r) => r.accountAddress === authKeyAccountAddressPair.accountAddress)) {
+      continue;
+    }
+    // Get the public key for the auth key using the map we created earlier.
+    const publicKey = authKeyToPublicKey.get(authKeyAccountAddressPair.authKey.toString());
+    if (!publicKey) {
+      throw new Error(
+        `No publicKey found for authentication key ${authKeyAccountAddressPair.authKey}. This should never happen.`,
+      );
+    }
+    result.push({
+      accountAddress: authKeyAccountAddressPair.accountAddress,
+      publicKey,
+      lastTransactionVersion: authKeyAccountAddressPair.lastTransactionVersion,
+    });
+  }
+  // Sort the result by the last transaction version in descending order (most recent first).
+  return result.sort((a, b) => b.lastTransactionVersion - a.lastTransactionVersion);
+}
+
+export async function deriveOwnedAccountsFromSigner(args: {
+  aptosConfig: AptosConfig;
+  signer: Account | PrivateKeyInput;
+  options?: { includeUnverified?: boolean; noMultiKey?: boolean };
+}): Promise<Account[]> {
+  const { aptosConfig, signer, options } = args;
+
+  if (signer instanceof Ed25519PrivateKey || signer instanceof Secp256k1PrivateKey) {
+    return deriveOwnedAccountsFromPrivateKey({ aptosConfig, privateKey: signer, options });
+  }
+
+  if (signer instanceof Ed25519Account || signer instanceof SingleKeyAccount) {
+    return deriveOwnedAccountsFromPrivateKey({ aptosConfig, privateKey: signer.privateKey, options });
+  }
+
+  if (signer instanceof KeylessAccount || signer instanceof FederatedKeylessAccount) {
+    return deriveOwnedAccountsFromKeylessSigner({ aptosConfig, keylessAccount: signer, options });
+  }
+
+  if (signer instanceof MultiKeyAccount) {
+    if (signer.signers.length === 1) {
+      return deriveOwnedAccountsFromSigner({ aptosConfig, signer: signer.signers[0], options });
+    }
+  }
+
+  if (signer instanceof MultiEd25519Account) {
+    if (signer.signers.length === 1) {
+      return deriveOwnedAccountsFromPrivateKey({ aptosConfig, privateKey: signer.signers[0], options });
+    }
+  }
+
+  throw new Error("Unknown signer type");
+}
+
+async function deriveOwnedAccountsFromKeylessSigner(args: {
+  aptosConfig: AptosConfig;
+  keylessAccount: KeylessAccount | FederatedKeylessAccount;
+  options?: { includeUnverified?: boolean; noMultiKey?: boolean };
+}): Promise<Account[]> {
+  const { aptosConfig, keylessAccount, options } = args;
+  const addressesAndPublicKeys = await getAccountsForPublicKey({
+    aptosConfig,
+    publicKey: keylessAccount.getAnyPublicKey(),
+    options,
+  });
+
+  const keylessAccountParams = {
+    proof: keylessAccount.proofOrPromise,
+    jwt: keylessAccount.jwt,
+    ephemeralKeyPair: keylessAccount.ephemeralKeyPair,
+    pepper: keylessAccount.pepper,
+    verificationKeyHash: keylessAccount.verificationKeyHash,
+  };
+
+  const accounts: Account[] = [];
+  for (const { accountAddress, publicKey } of addressesAndPublicKeys) {
+    if (publicKey instanceof AbstractMultiKey) {
+      if (publicKey.getSignaturesRequired() > 1) {
+        continue;
+      }
+      if (publicKey instanceof MultiEd25519PublicKey) {
+        throw new Error("Keyless authentication cannot be used for multi-ed25519 accounts. This should never happen.");
+      } else if (publicKey instanceof MultiKey) {
+        accounts.push(new MultiKeyAccount({ multiKey: publicKey, signers: [keylessAccount], address: accountAddress }));
+      }
+    } else {
+      if (keylessAccount instanceof FederatedKeylessAccount) {
+        accounts.push(
+          FederatedKeylessAccount.create({
+            ...keylessAccountParams,
+            address: accountAddress,
+            jwkAddress: keylessAccount.publicKey.jwkAddress,
+          }),
+        );
+      } else {
+        accounts.push(
+          KeylessAccount.create({
+            ...keylessAccountParams,
+            address: accountAddress,
+          }),
+        );
+      }
+    }
+  }
+  return accounts;
+}
+
+async function deriveOwnedAccountsFromPrivateKey(args: {
+  aptosConfig: AptosConfig;
+  privateKey: Ed25519PrivateKey | Secp256k1PrivateKey;
+  options?: { includeUnverified?: boolean; noMultiKey?: boolean };
+}): Promise<Account[]> {
+  const { aptosConfig, privateKey, options } = args;
+  const singleKeyAccount = Account.fromPrivateKey({ privateKey, legacy: false });
+  const addressesAndPublicKeys = await getAccountsForPublicKey({
+    aptosConfig,
+    publicKey: new AnyPublicKey(privateKey.publicKey()),
+    options,
+  });
+
+  const accounts: Account[] = [];
+
+  // Iterate through the addressesAndPublicKeys and construct the accounts.
+  for (const { accountAddress, publicKey } of addressesAndPublicKeys) {
+    if (publicKey instanceof AbstractMultiKey) {
+      // Skip multi-key accounts with more than 1 signature required as the user does not have full ownership with just 1 private key.
+      if (publicKey.getSignaturesRequired() > 1) {
+        continue;
+      }
+      // Construct the appropriate multi-key type.
+      if (publicKey instanceof MultiEd25519PublicKey) {
+        accounts.push(
+          new MultiEd25519Account({ publicKey, signers: [privateKey as Ed25519PrivateKey], address: accountAddress }),
+        );
+      } else if (publicKey instanceof MultiKey) {
+        accounts.push(
+          new MultiKeyAccount({ multiKey: publicKey, signers: [singleKeyAccount], address: accountAddress }),
+        );
+      }
+    } else {
+      // Check if the public key is a legacy Ed25519PublicKey, if so, we need to use the legacy account constructor.
+      const isLegacy = publicKey instanceof Ed25519PublicKey;
+      accounts.push(Account.fromPrivateKey({ privateKey, address: accountAddress, legacy: isLegacy }));
+    }
+  }
+  return accounts;
+}
+
+/**
+ * Gets the multi-keys for a given public key.
+ *
+ * This function retrieves the multi-keys that contain the provided public key.
+ * It performs the following steps:
+ * 1. Constructs a where condition for the public key where the public key matches the provided public key.
+ * 2. Queries the indexer for the multi-keys.
+ * 3. Returns the multi-keys.
+ *
+ * @param args.aptosConfig - The configuration settings for the Aptos network.
+ * @param args.publicKey - The public key to get the multi-keys for. This public key cannot itself be a multi-key.
+ * @returns The multi-keys (MultiKey or MultiEd25519PublicKey) that contain the given public key.
+ */
+async function getMultiKeysForPublicKey(args: {
+  aptosConfig: AptosConfig;
+  publicKey: Ed25519PublicKey | AnyPublicKey;
+  options?: { includeUnverified?: boolean };
+}): Promise<(MultiKey | MultiEd25519PublicKey)[]> {
+  const { aptosConfig, publicKey, options } = args;
+  if (publicKey instanceof AbstractMultiKey) {
+    throw new Error("Public key is a multi-key.");
+  }
+  const includeUnverified = options?.includeUnverified ?? false;
+  const anyPublicKey = publicKey instanceof AnyPublicKey ? publicKey : new AnyPublicKey(publicKey);
+  const baseKey = anyPublicKey.publicKey;
+  const variant = anyPublicKeyVariantToString(anyPublicKey.variant);
+
+  const whereCondition: any = {
+    public_key: { _eq: baseKey.toString() },
+    public_key_type: { _eq: variant },
+    ...(includeUnverified ? {} : { is_public_key_used: { _eq: true } }),
+  };
+
+  const graphqlQuery = {
+    query: GetAuthKeysForPublicKey,
+    variables: {
+      where_condition: whereCondition,
+    },
+  };
+
+  const { public_key_auth_keys: data } = await queryIndexer<GetAuthKeysForPublicKeyQuery>({
+    aptosConfig,
+    query: graphqlQuery,
+    originMethod: "getMultiKeysForPublicKey",
+  });
+
+  const authKeys = data.map((entry) => {
+    switch (entry.signature_type) {
+      case "multi_ed25519_signature":
+        return MultiEd25519PublicKey.deserializeWithoutLength(Deserializer.fromHex(entry.account_public_key!));
+      case "multi_key_signature":
+        return MultiKey.deserialize(Deserializer.fromHex(entry.account_public_key!));
+      default:
+        throw new Error(`Unknown multi-signature type: ${entry.signature_type}`);
+    }
+  });
+  return authKeys;
+}
+
+/**
+ * Gets the account addresses for the given authentication keys.
+ *
+ * This function retrieves the account addresses that are associated with the provided authentication keys.
+ * It performs the following steps:
+ * 1. Constructs a where condition for the authentication keys where auth key matches any of the provided auth keys.
+ * 2. Queries the indexer for the account addresses and gets the results ordered by the last transaction version (most recent first).
+ * 3. Returns the account addresses.
+ *
+ * @param args.aptosConfig - The configuration settings for the Aptos network.
+ * @param args.authKeys - The authentication keys to get the account addresses for.
+ * @param args.options.includeUnverified - Whether to include unverified accounts in the results. Unverified accounts
+ * are accounts that can be authenticated with the signer, but there is no history of the signer using the account.
+ * Default is false.
+ * @returns The account addresses associated with the given authentication keys.
+ */
+async function getAccountAddressesForAuthKeys(args: {
+  aptosConfig: AptosConfig;
+  authKeys: AuthenticationKey[];
+  options?: { includeUnverified?: boolean };
+}): Promise<{ authKey: AuthenticationKey; accountAddress: AccountAddress; lastTransactionVersion: number }[]> {
+  const { aptosConfig, authKeys, options } = args;
+  const includeUnverified = options?.includeUnverified ?? false;
+  if (authKeys.length === 0) {
+    throw new Error("No authentication keys provided");
+  }
+  const whereCondition: any = {
+    auth_key: { _in: authKeys.map((authKey) => authKey.toString()) },
+    ...(includeUnverified ? {} : { is_auth_key_used: { _eq: true } }),
+  };
+
+  const graphqlQuery = {
+    query: GetAccountAddressesForAuthKey,
+    variables: {
+      where_condition: whereCondition,
+      order_by: [{ last_transaction_version: "desc" }],
+    },
+  };
+  const { auth_key_account_addresses: data } = await queryIndexer<GetAccountAddressesForAuthKeyQuery>({
+    aptosConfig,
+    query: graphqlQuery,
+    originMethod: "getAccountAddressesForAuthKeys",
+  });
+  return data.map((entry) => ({
+    authKey: new AuthenticationKey({ data: entry.auth_key }),
+    accountAddress: new AccountAddress(Hex.hexInputToUint8Array(entry.account_address)),
+    lastTransactionVersion: Number(entry.last_transaction_version),
+  }));
+}
+
+/**
+ * Returns the last transaction version that was signed by an account.
+ *
+ * If an account was created but has not signed any transactions, the last transaction version will be 0.
+ *
+ * @param args.aptosConfig - The configuration settings for the Aptos network.
+ * @param args.accountAddress - The account address to get the latest transaction version for.
+ * @returns The last transaction version that was signed by the account.
+ */
+async function getLatestTransactionVersionForAddress(args: {
+  aptosConfig: AptosConfig;
+  accountAddress: AccountAddressInput;
+}): Promise<number> {
+  const { aptosConfig, accountAddress } = args;
+  const transactions = await getTransactions({ aptosConfig, accountAddress, options: { limit: 1 } });
+  if (transactions.length === 0) {
+    return 0;
+  }
+  return Number(transactions[0].version);
+}
+
+/**
+ * Gets the default account info for a given public key. 'Default account' means the account
+ * is address is the same as the auth key derived from the public key and the account auth key has
+ * not been rotated.
+ *
+ * @param args - The arguments for getting the default account info for a given public key.
+ * @param args.aptosConfig - The configuration settings for the Aptos network.
+ * @param args.publicKey - The public key to use to derive the address.
+ * @returns An object containing the account address and the last transaction version, or undefined if the account does not exist.
+ */
+async function getDefaultAccountInfoForPublicKey(args: {
+  aptosConfig: AptosConfig;
+  publicKey: AccountPublicKey;
+}): Promise<{ accountAddress: AccountAddress; lastTransactionVersion: number } | undefined> {
+  const { aptosConfig, publicKey } = args;
+  const derivedAddress = publicKey.authKey().derivedAddress();
+
+  const [lastTransactionVersion, exists] = await Promise.all([
+    getLatestTransactionVersionForAddress({
+      aptosConfig,
+      accountAddress: derivedAddress,
+    }),
+    doesAccountExistAtAddress({
+      aptosConfig,
+      accountAddress: derivedAddress,
+      options: { withAuthKey: publicKey.authKey() },
+    }),
+  ]);
+  if (exists) {
+    return { accountAddress: derivedAddress, lastTransactionVersion };
+  }
+  return undefined;
+}