@arkade-os/boltz-swap 0.2.6 → 0.2.7

package/dist/index.cjs

@@ -49,7 +49,8 @@ __export(index_exports, {
   isReverseFinalStatus: () => isReverseFinalStatus,
   isSubmarineFinalStatus: () => isSubmarineFinalStatus,
   isSubmarineRefundableStatus: () => isSubmarineRefundableStatus,
-  isSubmarineSwapRefundable: () => isSubmarineSwapRefundable
+  isSubmarineSwapRefundable: () => isSubmarineSwapRefundable,
+  verifySignatures: () => verifySignatures
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -129,12 +130,14 @@ var TransactionRefundedError = class extends SwapError {
 };
 
 // src/arkade-lightning.ts
-var import_sdk = require("@arkade-os/sdk");
+var import_sdk3 = require("@arkade-os/sdk");
 var import_sha2 = require("@noble/hashes/sha2.js");
-var import_base = require("@scure/base");
+var import_base2 = require("@scure/base");
 var import_utils = require("@noble/hashes/utils.js");
 
 // src/boltz-swap-provider.ts
+var import_sdk = require("@arkade-os/sdk");
+var import_base = require("@scure/base");
 var isSubmarineFinalStatus = (status) => {
   return [
     "invoice.failedToPay",
@@ -168,7 +171,7 @@ var isSubmarineRefundableStatus = (status) => {
   ].includes(status);
 };
 var isSubmarineSwapRefundable = (swap) => {
-  return isSubmarineRefundableStatus(swap.status) && isPendingSubmarineSwap(swap) && swap.refundable !== false;
+  return isSubmarineRefundableStatus(swap.status) && isPendingSubmarineSwap(swap) && swap.refundable !== false && swap.refunded !== true;
 };
 var isGetReverseSwapTxIdResponse = (data) => {
   return data && typeof data === "object" && typeof data.id === "string" && typeof data.timeoutBlockHeight === "number";
@@ -191,6 +194,9 @@ var isGetSwapPreimageResponse = (data) => {
 var isCreateReverseSwapResponse = (data) => {
   return data && typeof data === "object" && typeof data.id === "string" && typeof data.invoice === "string" && typeof data.onchainAmount === "number" && typeof data.lockupAddress === "string" && typeof data.refundPublicKey === "string" && data.timeoutBlockHeights && typeof data.timeoutBlockHeights === "object" && typeof data.timeoutBlockHeights.refund === "number" && typeof data.timeoutBlockHeights.unilateralClaim === "number" && typeof data.timeoutBlockHeights.unilateralRefund === "number" && typeof data.timeoutBlockHeights.unilateralRefundWithoutReceiver === "number";
 };
+var isRefundSubmarineSwapResponse = (data) => {
+  return data && typeof data === "object" && typeof data.transaction === "string" && typeof data.checkpoint === "string";
+};
 var BASE_URLS = {
   mutinynet: "https://api.boltz.mutinynet.arkade.sh",
   regtest: "http://localhost:9069"
@@ -337,6 +343,29 @@ var BoltzSwapProvider = class {
       throw new SchemaError({ message: "Error creating reverse swap" });
     return response;
   }
+  async refundSubmarineSwap(swapId, transaction, checkpoint) {
+    const requestBody = {
+      checkpoint: import_base.base64.encode(checkpoint.toPSBT()),
+      transaction: import_base.base64.encode(transaction.toPSBT())
+    };
+    const response = await this.request(
+      `/v2/swap/submarine/${swapId}/refund/ark`,
+      "POST",
+      requestBody
+    );
+    if (!isRefundSubmarineSwapResponse(response))
+      throw new SchemaError({
+        message: "Error refunding submarine swap"
+      });
+    return {
+      transaction: import_sdk.Transaction.fromPSBT(
+        import_base.base64.decode(response.transaction)
+      ),
+      checkpoint: import_sdk.Transaction.fromPSBT(
+        import_base.base64.decode(response.checkpoint)
+      )
+    };
+  }
   async monitorSwap(swapId, update) {
     return new Promise((resolve, reject) => {
       const webSocket = new globalThis.WebSocket(this.wsUrl);
@@ -450,6 +479,17 @@ var getInvoicePaymentHash = (invoice) => {
   return decodeInvoice(invoice).paymentHash;
 };
 
+// src/utils/signatures.ts
+var import_sdk2 = require("@arkade-os/sdk");
+var verifySignatures = (tx, inputIndex, requiredSigners) => {
+  try {
+    (0, import_sdk2.verifyTapscriptSignatures)(tx, inputIndex, requiredSigners);
+    return true;
+  } catch (_) {
+    return false;
+  }
+};
+
 // src/arkade-lightning.ts
 function getSignerSession(wallet) {
   const signerSession = wallet.identity.signerSession;
@@ -578,7 +618,7 @@ var ArkadeLightning = class {
    * @returns The created pending submarine swap.
    */
   async createSubmarineSwap(args) {
-    const refundPublicKey = import_base.hex.encode(
+    const refundPublicKey = import_base2.hex.encode(
       await this.wallet.identity.compressedPublicKey()
     );
     if (!refundPublicKey)
@@ -611,7 +651,7 @@ var ArkadeLightning = class {
   async createReverseSwap(args) {
     if (args.amount <= 0)
       throw new SwapError({ message: "Amount must be greater than 0" });
-    const claimPublicKey = import_base.hex.encode(
+    const claimPublicKey = import_base2.hex.encode(
       await this.wallet.identity.compressedPublicKey()
     );
     if (!claimPublicKey)
@@ -619,7 +659,7 @@ var ArkadeLightning = class {
         message: "Failed to get claim public key from wallet"
       });
     const preimage = (0, import_utils.randomBytes)(32);
-    const preimageHash = import_base.hex.encode((0, import_sha2.sha256)(preimage));
+    const preimageHash = import_base2.hex.encode((0, import_sha2.sha256)(preimage));
     if (!preimageHash)
       throw new SwapError({ message: "Failed to get preimage hash" });
     const swapRequest = {
@@ -633,7 +673,7 @@ var ArkadeLightning = class {
       id: swapResponse.id,
       type: "reverse",
       createdAt: Math.floor(Date.now() / 1e3),
-      preimage: import_base.hex.encode(preimage),
+      preimage: import_base2.hex.encode(preimage),
       request: swapRequest,
       response: swapResponse,
       status: "swap.created"
@@ -646,31 +686,30 @@ var ArkadeLightning = class {
    * @param pendingSwap - The pending reverse swap to claim the VHTLC.
    */
   async claimVHTLC(pendingSwap) {
-    const preimage = import_base.hex.decode(pendingSwap.preimage);
+    const preimage = import_base2.hex.decode(pendingSwap.preimage);
     const aspInfo = await this.arkProvider.getInfo();
     const address = await this.wallet.getAddress();
-    let receiverXOnlyPublicKey = await this.wallet.identity.xOnlyPublicKey();
-    if (receiverXOnlyPublicKey.length == 33) {
-      receiverXOnlyPublicKey = receiverXOnlyPublicKey.slice(1);
-    } else if (receiverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid receiver public key length: ${receiverXOnlyPublicKey.length}`
-      );
-    }
-    let serverXOnlyPublicKey = import_base.hex.decode(aspInfo.signerPubkey);
-    if (serverXOnlyPublicKey.length == 33) {
-      serverXOnlyPublicKey = serverXOnlyPublicKey.slice(1);
-    } else if (serverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid server public key length: ${serverXOnlyPublicKey.length}`
-      );
-    }
+    const ourXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      await this.wallet.identity.xOnlyPublicKey(),
+      "our",
+      pendingSwap.id
+    );
+    const boltzXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      import_base2.hex.decode(pendingSwap.response.refundPublicKey),
+      "boltz",
+      pendingSwap.id
+    );
+    const serverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      import_base2.hex.decode(aspInfo.signerPubkey),
+      "server",
+      pendingSwap.id
+    );
     const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
       network: aspInfo.network,
       preimageHash: (0, import_sha2.sha256)(preimage),
-      receiverPubkey: import_base.hex.encode(receiverXOnlyPublicKey),
-      senderPubkey: pendingSwap.response.refundPublicKey,
-      serverPubkey: import_base.hex.encode(serverXOnlyPublicKey),
+      receiverPubkey: import_base2.hex.encode(ourXOnlyPublicKey),
+      senderPubkey: import_base2.hex.encode(boltzXOnlyPublicKey),
+      serverPubkey: import_base2.hex.encode(serverXOnlyPublicKey),
       timeoutBlockHeights: pendingSwap.response.timeoutBlockHeights
     });
     if (!vhtlcScript)
@@ -678,7 +717,7 @@ var ArkadeLightning = class {
     if (vhtlcAddress !== pendingSwap.response.lockupAddress)
       throw new Error("Boltz is trying to scam us");
     const spendableVtxos = await this.indexerProvider.getVtxos({
-      scripts: [import_base.hex.encode(vhtlcScript.pkScript)],
+      scripts: [import_base2.hex.encode(vhtlcScript.pkScript)],
       spendableOnly: true
     });
     if (spendableVtxos.vtxos.length === 0)
@@ -695,17 +734,17 @@ var ArkadeLightning = class {
         signedTx = import_btc_signer.Transaction.fromPSBT(signedTx.toPSBT(), {
           allowUnknown: true
         });
-        (0, import_sdk.setArkPsbtField)(signedTx, 0, import_sdk.ConditionWitness, [preimage]);
+        (0, import_sdk3.setArkPsbtField)(signedTx, 0, import_sdk3.ConditionWitness, [preimage]);
         return signedTx;
       },
-      xOnlyPublicKey: receiverXOnlyPublicKey,
+      xOnlyPublicKey: ourXOnlyPublicKey,
       signerSession: getSignerSession(this.wallet)
     };
-    const rawCheckpointTapscript = import_base.hex.decode(aspInfo.checkpointTapscript);
-    const serverUnrollScript = import_sdk.CSVMultisigTapscript.decode(
+    const rawCheckpointTapscript = import_base2.hex.decode(aspInfo.checkpointTapscript);
+    const serverUnrollScript = import_sdk3.CSVMultisigTapscript.decode(
       rawCheckpointTapscript
     );
-    const { arkTx, checkpoints } = (0, import_sdk.buildOffchainTx)(
+    const { arkTx, checkpoints } = (0, import_sdk3.buildOffchainTx)(
       [
         {
           ...spendableVtxos.vtxos[0],
@@ -716,15 +755,15 @@ var ArkadeLightning = class {
       [
         {
           amount: BigInt(vtxo.value),
-          script: import_sdk.ArkAddress.decode(address).pkScript
+          script: import_sdk3.ArkAddress.decode(address).pkScript
         }
       ],
       serverUnrollScript
     );
     const signedArkTx = await vhtlcIdentity.sign(arkTx);
     const { arkTxid, finalArkTx, signedCheckpointTxs } = await this.arkProvider.submitTx(
-      import_base.base64.encode(signedArkTx.toPSBT()),
-      checkpoints.map((c) => import_base.base64.encode(c.toPSBT()))
+      import_base2.base64.encode(signedArkTx.toPSBT()),
+      checkpoints.map((c) => import_base2.base64.encode(c.toPSBT()))
     );
     if (!this.validFinalArkTx(
       finalArkTx,
@@ -735,11 +774,11 @@ var ArkadeLightning = class {
     }
     const finalCheckpoints = await Promise.all(
       signedCheckpointTxs.map(async (c) => {
-        const tx = import_btc_signer.Transaction.fromPSBT(import_base.base64.decode(c), {
+        const tx = import_btc_signer.Transaction.fromPSBT(import_base2.base64.decode(c), {
           allowUnknown: true
         });
         const signedCheckpoint = await vhtlcIdentity.sign(tx, [0]);
-        return import_base.base64.encode(signedCheckpoint.toPSBT());
+        return import_base2.base64.encode(signedCheckpoint.toPSBT());
       })
     );
     await this.arkProvider.finalizeTx(arkTxid, finalCheckpoints);
@@ -757,32 +796,29 @@ var ArkadeLightning = class {
     const aspInfo = await this.arkProvider.getInfo();
     const address = await this.wallet.getAddress();
     if (!address) throw new Error("Failed to get ark address from wallet");
-    let receiverXOnlyPublicKey = await this.wallet.identity.xOnlyPublicKey();
-    if (receiverXOnlyPublicKey.length == 33) {
-      receiverXOnlyPublicKey = receiverXOnlyPublicKey.slice(1);
-    } else if (receiverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid receiver public key length: ${receiverXOnlyPublicKey.length}`
-      );
-    }
-    let serverXOnlyPublicKey = import_base.hex.decode(aspInfo.signerPubkey);
-    if (serverXOnlyPublicKey.length == 33) {
-      serverXOnlyPublicKey = serverXOnlyPublicKey.slice(1);
-    } else if (serverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid server public key length: ${serverXOnlyPublicKey.length}`
-      );
-    }
+    const ourXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      await this.wallet.identity.xOnlyPublicKey(),
+      "our",
+      pendingSwap.id
+    );
+    const serverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      import_base2.hex.decode(aspInfo.signerPubkey),
+      "server",
+      pendingSwap.id
+    );
+    const boltzXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      import_base2.hex.decode(pendingSwap.response.claimPublicKey),
+      "boltz",
+      pendingSwap.id
+    );
     const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
       network: aspInfo.network,
-      preimageHash: import_base.hex.decode(
+      preimageHash: import_base2.hex.decode(
         getInvoicePaymentHash(pendingSwap.request.invoice)
       ),
-      receiverPubkey: pendingSwap.response.claimPublicKey,
-      senderPubkey: import_base.hex.encode(
-        await this.wallet.identity.xOnlyPublicKey()
-      ),
-      serverPubkey: aspInfo.signerPubkey,
+      receiverPubkey: import_base2.hex.encode(boltzXOnlyPublicKey),
+      senderPubkey: import_base2.hex.encode(ourXOnlyPublicKey),
+      serverPubkey: import_base2.hex.encode(serverXOnlyPublicKey),
       timeoutBlockHeights: pendingSwap.response.timeoutBlockHeights
     });
     if (!vhtlcScript)
@@ -790,15 +826,15 @@ var ArkadeLightning = class {
     if (vhtlcAddress !== pendingSwap.response.address)
       throw new Error("Boltz is trying to scam us");
     const spendableVtxos = await this.indexerProvider.getVtxos({
-      scripts: [import_base.hex.encode(vhtlcScript.pkScript)],
+      scripts: [import_base2.hex.encode(vhtlcScript.pkScript)],
       spendableOnly: true
     });
     if (spendableVtxos.vtxos.length === 0) {
       throw new Error("No spendable virtual coins found");
     }
     const vhtlcIdentity = {
-      sign: async (tx, inputIndexes) => {
-        const cpy = tx.clone();
+      sign: async (tx2, inputIndexes) => {
+        const cpy = tx2.clone();
         let signedTx = await signTransaction(
           this.wallet,
           cpy,
@@ -808,14 +844,14 @@ var ArkadeLightning = class {
           allowUnknown: true
         });
       },
-      xOnlyPublicKey: receiverXOnlyPublicKey,
+      xOnlyPublicKey: ourXOnlyPublicKey,
       signerSession: getSignerSession(this.wallet)
     };
-    const rawCheckpointTapscript = import_base.hex.decode(aspInfo.checkpointTapscript);
-    const serverUnrollScript = import_sdk.CSVMultisigTapscript.decode(
+    const rawCheckpointTapscript = import_base2.hex.decode(aspInfo.checkpointTapscript);
+    const serverUnrollScript = import_sdk3.CSVMultisigTapscript.decode(
       rawCheckpointTapscript
     );
-    const { arkTx, checkpoints } = (0, import_sdk.buildOffchainTx)(
+    const { arkTx: unsignedRefundTx, checkpoints: checkpointPtxs } = (0, import_sdk3.buildOffchainTx)(
       [
         {
           ...spendableVtxos.vtxos[0],
@@ -826,37 +862,78 @@ var ArkadeLightning = class {
       [
         {
           amount: BigInt(spendableVtxos.vtxos[0].value),
-          script: import_sdk.ArkAddress.decode(address).pkScript
+          script: import_sdk3.ArkAddress.decode(address).pkScript
         }
       ],
       serverUnrollScript
     );
-    const signedArkTx = await vhtlcIdentity.sign(arkTx);
+    if (checkpointPtxs.length !== 1)
+      throw new Error(
+        `Expected one checkpoint transaction, got ${checkpointPtxs.length}`
+      );
+    const unsignedCheckpointTx = checkpointPtxs[0];
+    const {
+      transaction: boltzSignedRefundTx,
+      checkpoint: boltzSignedCheckpointTx
+    } = await this.swapProvider.refundSubmarineSwap(
+      pendingSwap.id,
+      unsignedRefundTx,
+      unsignedCheckpointTx
+    );
+    const boltzXOnlyPublicKeyHex = import_base2.hex.encode(boltzXOnlyPublicKey);
+    if (!verifySignatures(boltzSignedRefundTx, 0, [boltzXOnlyPublicKeyHex])) {
+      throw new Error("Invalid Boltz signature in refund transaction");
+    }
+    if (!verifySignatures(boltzSignedCheckpointTx, 0, [
+      boltzXOnlyPublicKeyHex
+    ])) {
+      throw new Error(
+        "Invalid Boltz signature in checkpoint transaction"
+      );
+    }
+    const signedRefundTx = await vhtlcIdentity.sign(unsignedRefundTx);
+    const signedCheckpointTx = await vhtlcIdentity.sign(unsignedCheckpointTx);
+    const combinedSignedRefundTx = (0, import_sdk3.combineTapscriptSigs)(
+      boltzSignedRefundTx,
+      signedRefundTx
+    );
+    const combinedSignedCheckpointTx = (0, import_sdk3.combineTapscriptSigs)(
+      boltzSignedCheckpointTx,
+      signedCheckpointTx
+    );
     const { arkTxid, finalArkTx, signedCheckpointTxs } = await this.arkProvider.submitTx(
-      import_base.base64.encode(signedArkTx.toPSBT()),
-      checkpoints.map((c) => import_base.base64.encode(c.toPSBT()))
+      import_base2.base64.encode(combinedSignedRefundTx.toPSBT()),
+      [import_base2.base64.encode(unsignedCheckpointTx.toPSBT())]
     );
-    if (!this.validFinalArkTx(
-      finalArkTx,
-      serverXOnlyPublicKey,
-      vhtlcScript.leaves
-    )) {
-      throw new Error("Invalid final Ark transaction");
+    const tx = import_btc_signer.Transaction.fromPSBT(import_base2.base64.decode(finalArkTx));
+    const inputIndex = 0;
+    const requiredSigners = [
+      import_base2.hex.encode(ourXOnlyPublicKey),
+      import_base2.hex.encode(boltzXOnlyPublicKey),
+      import_base2.hex.encode(serverXOnlyPublicKey)
+    ];
+    if (!verifySignatures(tx, inputIndex, requiredSigners)) {
+      throw new Error("Invalid refund transaction");
     }
-    const finalCheckpoints = await Promise.all(
-      signedCheckpointTxs.map(async (c) => {
-        const tx = import_btc_signer.Transaction.fromPSBT(import_base.base64.decode(c), {
-          allowUnknown: true
-        });
-        const signedCheckpoint = await vhtlcIdentity.sign(tx, [0]);
-        return import_base.base64.encode(signedCheckpoint.toPSBT());
-      })
+    if (signedCheckpointTxs.length !== 1) {
+      throw new Error(
+        `Expected one signed checkpoint transaction, got ${signedCheckpointTxs.length}`
+      );
+    }
+    const serverSignedCheckpointTx = import_btc_signer.Transaction.fromPSBT(
+      import_base2.base64.decode(signedCheckpointTxs[0])
     );
-    await this.arkProvider.finalizeTx(arkTxid, finalCheckpoints);
-    const finalStatus = await this.getSwapStatus(pendingSwap.id);
+    const finalCheckpointTx = (0, import_sdk3.combineTapscriptSigs)(
+      combinedSignedCheckpointTx,
+      serverSignedCheckpointTx
+    );
+    await this.arkProvider.finalizeTx(arkTxid, [
+      import_base2.base64.encode(finalCheckpointTx.toPSBT())
+    ]);
     await this.savePendingSubmarineSwap({
       ...pendingSwap,
-      status: finalStatus.status
+      refundable: true,
+      refunded: true
     });
   }
   /**
@@ -1039,7 +1116,7 @@ var ArkadeLightning = class {
    * @returns True if the final Ark transaction is valid, false otherwise.
    */
   validFinalArkTx = (finalArkTx, _pubkey, _tapLeaves) => {
-    const tx = import_btc_signer.Transaction.fromPSBT(import_base.base64.decode(finalArkTx), {
+    const tx = import_btc_signer.Transaction.fromPSBT(import_base2.base64.decode(finalArkTx), {
       allowUnknown: true
     });
     if (!tx) return false;
@@ -1066,32 +1143,20 @@ var ArkadeLightning = class {
     serverPubkey,
     timeoutBlockHeights
   }) {
-    let receiverXOnlyPublicKey = import_base.hex.decode(receiverPubkey);
-    if (receiverXOnlyPublicKey.length == 33) {
-      receiverXOnlyPublicKey = receiverXOnlyPublicKey.slice(1);
-    } else if (receiverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid receiver public key length: ${receiverXOnlyPublicKey.length}`
-      );
-    }
-    let senderXOnlyPublicKey = import_base.hex.decode(senderPubkey);
-    if (senderXOnlyPublicKey.length == 33) {
-      senderXOnlyPublicKey = senderXOnlyPublicKey.slice(1);
-    } else if (senderXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid sender public key length: ${senderXOnlyPublicKey.length}`
-      );
-    }
-    let serverXOnlyPublicKey = import_base.hex.decode(serverPubkey);
-    if (serverXOnlyPublicKey.length == 33) {
-      serverXOnlyPublicKey = serverXOnlyPublicKey.slice(1);
-    } else if (serverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid server public key length: ${serverXOnlyPublicKey.length}`
-      );
-    }
+    const receiverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      import_base2.hex.decode(receiverPubkey),
+      "receiver"
+    );
+    const senderXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      import_base2.hex.decode(senderPubkey),
+      "sender"
+    );
+    const serverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      import_base2.hex.decode(serverPubkey),
+      "server"
+    );
     const delayType = (num) => num < 512 ? "blocks" : "seconds";
-    const vhtlcScript = new import_sdk.VHTLC.Script({
+    const vhtlcScript = new import_sdk3.VHTLC.Script({
       preimageHash: (0, import_legacy.ripemd160)(preimageHash),
       sender: senderXOnlyPublicKey,
       receiver: receiverXOnlyPublicKey,
@@ -1214,6 +1279,24 @@ var ArkadeLightning = class {
       });
     }
   }
+  /**
+   * Validate we are using a x-only public key
+   * @param publicKey
+   * @param keyName
+   * @param swapId
+   * @returns Uint8Array
+   */
+  normalizeToXOnlyPublicKey(publicKey, keyName, swapId) {
+    if (publicKey.length === 33) {
+      return publicKey.slice(1);
+    }
+    if (publicKey.length !== 32) {
+      throw new Error(
+        `Invalid ${keyName} public key length: ${publicKey.length} ${swapId ? "for swap " + swapId : ""}`
+      );
+    }
+    return publicKey;
+  }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
@@ -1236,5 +1319,6 @@ var ArkadeLightning = class {
   isReverseFinalStatus,
   isSubmarineFinalStatus,
   isSubmarineRefundableStatus,
-  isSubmarineSwapRefundable
+  isSubmarineSwapRefundable,
+  verifySignatures
 });

package/dist/index.d.cts

@@ -1,4 +1,5 @@
-import { Wallet, ServiceWorkerWallet, ArkProvider, IndexerProvider, VHTLC } from '@arkade-os/sdk';
+import { Transaction, Wallet, ServiceWorkerWallet, ArkProvider, IndexerProvider, VHTLC } from '@arkade-os/sdk';
+import { Transaction as Transaction$1 } from '@scure/btc-signer';
 
 interface SwapProviderConfig {
     apiUrl?: string;
@@ -81,6 +82,10 @@ declare class BoltzSwapProvider {
     getSwapPreimage(id: string): Promise<GetSwapPreimageResponse>;
     createSubmarineSwap({ invoice, refundPublicKey, }: CreateSubmarineSwapRequest): Promise<CreateSubmarineSwapResponse>;
     createReverseSwap({ invoiceAmount, claimPublicKey, preimageHash, description, }: CreateReverseSwapRequest): Promise<CreateReverseSwapResponse>;
+    refundSubmarineSwap(swapId: string, transaction: Transaction, checkpoint: Transaction): Promise<{
+        transaction: Transaction;
+        checkpoint: Transaction;
+    }>;
     monitorSwap(swapId: string, update: (type: BoltzSwapStatus, data?: any) => void): Promise<void>;
     private request;
 }
@@ -131,6 +136,7 @@ interface PendingSubmarineSwap {
     type: "submarine";
     createdAt: number;
     preimage?: string;
+    refunded?: boolean;
     refundable?: boolean;
     status: BoltzSwapStatus;
     request: CreateSubmarineSwapRequest;
@@ -345,6 +351,14 @@ declare class ArkadeLightning {
      * User should manually retry or delete it if refund fails.
      */
     refreshSwapsStatus(): Promise<void>;
+    /**
+     * Validate we are using a x-only public key
+     * @param publicKey
+     * @param keyName
+     * @param swapId
+     * @returns Uint8Array
+     */
+    private normalizeToXOnlyPublicKey;
 }
 
 interface ErrorOptions {
@@ -392,4 +406,6 @@ declare const decodeInvoice: (invoice: string) => DecodedInvoice;
 declare const getInvoiceSatoshis: (invoice: string) => number;
 declare const getInvoicePaymentHash: (invoice: string) => string;
 
-export { ArkadeLightning, type ArkadeLightningConfig, BoltzSwapProvider, type BoltzSwapStatus, type CreateLightningInvoiceResponse, type DecodedInvoice, type FeeConfig, type FeesResponse, type IncomingPaymentSubscription, InsufficientFundsError, InvoiceExpiredError, InvoiceFailedToPayError, type LimitsResponse, type Network, NetworkError, type PendingReverseSwap, type PendingSubmarineSwap, type RefundHandler, type RetryConfig, SchemaError, type SendLightningPaymentRequest, type SendLightningPaymentResponse, SwapError, SwapExpiredError, type TimeoutConfig, TransactionFailedError, type Vtxo, decodeInvoice, getInvoicePaymentHash, getInvoiceSatoshis, isPendingReverseSwap, isPendingSubmarineSwap, isReverseClaimableStatus, isReverseFinalStatus, isSubmarineFinalStatus, isSubmarineRefundableStatus, isSubmarineSwapRefundable };
+declare const verifySignatures: (tx: Transaction$1, inputIndex: number, requiredSigners: string[]) => boolean;
+
+export { ArkadeLightning, type ArkadeLightningConfig, BoltzSwapProvider, type BoltzSwapStatus, type CreateLightningInvoiceResponse, type DecodedInvoice, type FeeConfig, type FeesResponse, type IncomingPaymentSubscription, InsufficientFundsError, InvoiceExpiredError, InvoiceFailedToPayError, type LimitsResponse, type Network, NetworkError, type PendingReverseSwap, type PendingSubmarineSwap, type RefundHandler, type RetryConfig, SchemaError, type SendLightningPaymentRequest, type SendLightningPaymentResponse, SwapError, SwapExpiredError, type TimeoutConfig, TransactionFailedError, type Vtxo, decodeInvoice, getInvoicePaymentHash, getInvoiceSatoshis, isPendingReverseSwap, isPendingSubmarineSwap, isReverseClaimableStatus, isReverseFinalStatus, isSubmarineFinalStatus, isSubmarineRefundableStatus, isSubmarineSwapRefundable, verifySignatures };

package/dist/index.d.ts

@@ -1,4 +1,5 @@
-import { Wallet, ServiceWorkerWallet, ArkProvider, IndexerProvider, VHTLC } from '@arkade-os/sdk';
+import { Transaction, Wallet, ServiceWorkerWallet, ArkProvider, IndexerProvider, VHTLC } from '@arkade-os/sdk';
+import { Transaction as Transaction$1 } from '@scure/btc-signer';
 
 interface SwapProviderConfig {
     apiUrl?: string;
@@ -81,6 +82,10 @@ declare class BoltzSwapProvider {
     getSwapPreimage(id: string): Promise<GetSwapPreimageResponse>;
     createSubmarineSwap({ invoice, refundPublicKey, }: CreateSubmarineSwapRequest): Promise<CreateSubmarineSwapResponse>;
     createReverseSwap({ invoiceAmount, claimPublicKey, preimageHash, description, }: CreateReverseSwapRequest): Promise<CreateReverseSwapResponse>;
+    refundSubmarineSwap(swapId: string, transaction: Transaction, checkpoint: Transaction): Promise<{
+        transaction: Transaction;
+        checkpoint: Transaction;
+    }>;
     monitorSwap(swapId: string, update: (type: BoltzSwapStatus, data?: any) => void): Promise<void>;
     private request;
 }
@@ -131,6 +136,7 @@ interface PendingSubmarineSwap {
     type: "submarine";
     createdAt: number;
     preimage?: string;
+    refunded?: boolean;
     refundable?: boolean;
     status: BoltzSwapStatus;
     request: CreateSubmarineSwapRequest;
@@ -345,6 +351,14 @@ declare class ArkadeLightning {
      * User should manually retry or delete it if refund fails.
      */
     refreshSwapsStatus(): Promise<void>;
+    /**
+     * Validate we are using a x-only public key
+     * @param publicKey
+     * @param keyName
+     * @param swapId
+     * @returns Uint8Array
+     */
+    private normalizeToXOnlyPublicKey;
 }
 
 interface ErrorOptions {
@@ -392,4 +406,6 @@ declare const decodeInvoice: (invoice: string) => DecodedInvoice;
 declare const getInvoiceSatoshis: (invoice: string) => number;
 declare const getInvoicePaymentHash: (invoice: string) => string;
 
-export { ArkadeLightning, type ArkadeLightningConfig, BoltzSwapProvider, type BoltzSwapStatus, type CreateLightningInvoiceResponse, type DecodedInvoice, type FeeConfig, type FeesResponse, type IncomingPaymentSubscription, InsufficientFundsError, InvoiceExpiredError, InvoiceFailedToPayError, type LimitsResponse, type Network, NetworkError, type PendingReverseSwap, type PendingSubmarineSwap, type RefundHandler, type RetryConfig, SchemaError, type SendLightningPaymentRequest, type SendLightningPaymentResponse, SwapError, SwapExpiredError, type TimeoutConfig, TransactionFailedError, type Vtxo, decodeInvoice, getInvoicePaymentHash, getInvoiceSatoshis, isPendingReverseSwap, isPendingSubmarineSwap, isReverseClaimableStatus, isReverseFinalStatus, isSubmarineFinalStatus, isSubmarineRefundableStatus, isSubmarineSwapRefundable };
+declare const verifySignatures: (tx: Transaction$1, inputIndex: number, requiredSigners: string[]) => boolean;
+
+export { ArkadeLightning, type ArkadeLightningConfig, BoltzSwapProvider, type BoltzSwapStatus, type CreateLightningInvoiceResponse, type DecodedInvoice, type FeeConfig, type FeesResponse, type IncomingPaymentSubscription, InsufficientFundsError, InvoiceExpiredError, InvoiceFailedToPayError, type LimitsResponse, type Network, NetworkError, type PendingReverseSwap, type PendingSubmarineSwap, type RefundHandler, type RetryConfig, SchemaError, type SendLightningPaymentRequest, type SendLightningPaymentResponse, SwapError, SwapExpiredError, type TimeoutConfig, TransactionFailedError, type Vtxo, decodeInvoice, getInvoicePaymentHash, getInvoiceSatoshis, isPendingReverseSwap, isPendingSubmarineSwap, isReverseClaimableStatus, isReverseFinalStatus, isSubmarineFinalStatus, isSubmarineRefundableStatus, isSubmarineSwapRefundable, verifySignatures };

package/dist/index.js

@@ -80,13 +80,16 @@ import {
   ConditionWitness,
   CSVMultisigTapscript,
   setArkPsbtField,
-  VHTLC
+  VHTLC,
+  combineTapscriptSigs
 } from "@arkade-os/sdk";
 import { sha256 } from "@noble/hashes/sha2.js";
-import { base64, hex } from "@scure/base";
+import { base64 as base642, hex } from "@scure/base";
 import { randomBytes } from "@noble/hashes/utils.js";
 
 // src/boltz-swap-provider.ts
+import { Transaction } from "@arkade-os/sdk";
+import { base64 } from "@scure/base";
 var isSubmarineFinalStatus = (status) => {
   return [
     "invoice.failedToPay",
@@ -120,7 +123,7 @@ var isSubmarineRefundableStatus = (status) => {
   ].includes(status);
 };
 var isSubmarineSwapRefundable = (swap) => {
-  return isSubmarineRefundableStatus(swap.status) && isPendingSubmarineSwap(swap) && swap.refundable !== false;
+  return isSubmarineRefundableStatus(swap.status) && isPendingSubmarineSwap(swap) && swap.refundable !== false && swap.refunded !== true;
 };
 var isGetReverseSwapTxIdResponse = (data) => {
   return data && typeof data === "object" && typeof data.id === "string" && typeof data.timeoutBlockHeight === "number";
@@ -143,6 +146,9 @@ var isGetSwapPreimageResponse = (data) => {
 var isCreateReverseSwapResponse = (data) => {
   return data && typeof data === "object" && typeof data.id === "string" && typeof data.invoice === "string" && typeof data.onchainAmount === "number" && typeof data.lockupAddress === "string" && typeof data.refundPublicKey === "string" && data.timeoutBlockHeights && typeof data.timeoutBlockHeights === "object" && typeof data.timeoutBlockHeights.refund === "number" && typeof data.timeoutBlockHeights.unilateralClaim === "number" && typeof data.timeoutBlockHeights.unilateralRefund === "number" && typeof data.timeoutBlockHeights.unilateralRefundWithoutReceiver === "number";
 };
+var isRefundSubmarineSwapResponse = (data) => {
+  return data && typeof data === "object" && typeof data.transaction === "string" && typeof data.checkpoint === "string";
+};
 var BASE_URLS = {
   mutinynet: "https://api.boltz.mutinynet.arkade.sh",
   regtest: "http://localhost:9069"
@@ -289,6 +295,29 @@ var BoltzSwapProvider = class {
       throw new SchemaError({ message: "Error creating reverse swap" });
     return response;
   }
+  async refundSubmarineSwap(swapId, transaction, checkpoint) {
+    const requestBody = {
+      checkpoint: base64.encode(checkpoint.toPSBT()),
+      transaction: base64.encode(transaction.toPSBT())
+    };
+    const response = await this.request(
+      `/v2/swap/submarine/${swapId}/refund/ark`,
+      "POST",
+      requestBody
+    );
+    if (!isRefundSubmarineSwapResponse(response))
+      throw new SchemaError({
+        message: "Error refunding submarine swap"
+      });
+    return {
+      transaction: Transaction.fromPSBT(
+        base64.decode(response.transaction)
+      ),
+      checkpoint: Transaction.fromPSBT(
+        base64.decode(response.checkpoint)
+      )
+    };
+  }
   async monitorSwap(swapId, update) {
     return new Promise((resolve, reject) => {
       const webSocket = new globalThis.WebSocket(this.wsUrl);
@@ -378,7 +407,7 @@ var BoltzSwapProvider = class {
 };
 
 // src/arkade-lightning.ts
-import { Transaction } from "@scure/btc-signer";
+import { Transaction as Transaction2 } from "@scure/btc-signer";
 import { ripemd160 } from "@noble/hashes/legacy.js";
 
 // src/utils/decoding.ts
@@ -402,6 +431,17 @@ var getInvoicePaymentHash = (invoice) => {
   return decodeInvoice(invoice).paymentHash;
 };
 
+// src/utils/signatures.ts
+import { verifyTapscriptSignatures } from "@arkade-os/sdk";
+var verifySignatures = (tx, inputIndex, requiredSigners) => {
+  try {
+    verifyTapscriptSignatures(tx, inputIndex, requiredSigners);
+    return true;
+  } catch (_) {
+    return false;
+  }
+};
+
 // src/arkade-lightning.ts
 function getSignerSession(wallet) {
   const signerSession = wallet.identity.signerSession;
@@ -601,27 +641,26 @@ var ArkadeLightning = class {
     const preimage = hex.decode(pendingSwap.preimage);
     const aspInfo = await this.arkProvider.getInfo();
     const address = await this.wallet.getAddress();
-    let receiverXOnlyPublicKey = await this.wallet.identity.xOnlyPublicKey();
-    if (receiverXOnlyPublicKey.length == 33) {
-      receiverXOnlyPublicKey = receiverXOnlyPublicKey.slice(1);
-    } else if (receiverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid receiver public key length: ${receiverXOnlyPublicKey.length}`
-      );
-    }
-    let serverXOnlyPublicKey = hex.decode(aspInfo.signerPubkey);
-    if (serverXOnlyPublicKey.length == 33) {
-      serverXOnlyPublicKey = serverXOnlyPublicKey.slice(1);
-    } else if (serverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid server public key length: ${serverXOnlyPublicKey.length}`
-      );
-    }
+    const ourXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      await this.wallet.identity.xOnlyPublicKey(),
+      "our",
+      pendingSwap.id
+    );
+    const boltzXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      hex.decode(pendingSwap.response.refundPublicKey),
+      "boltz",
+      pendingSwap.id
+    );
+    const serverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      hex.decode(aspInfo.signerPubkey),
+      "server",
+      pendingSwap.id
+    );
     const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
       network: aspInfo.network,
       preimageHash: sha256(preimage),
-      receiverPubkey: hex.encode(receiverXOnlyPublicKey),
-      senderPubkey: pendingSwap.response.refundPublicKey,
+      receiverPubkey: hex.encode(ourXOnlyPublicKey),
+      senderPubkey: hex.encode(boltzXOnlyPublicKey),
       serverPubkey: hex.encode(serverXOnlyPublicKey),
       timeoutBlockHeights: pendingSwap.response.timeoutBlockHeights
     });
@@ -644,13 +683,13 @@ var ArkadeLightning = class {
           cpy,
           inputIndexes
         );
-        signedTx = Transaction.fromPSBT(signedTx.toPSBT(), {
+        signedTx = Transaction2.fromPSBT(signedTx.toPSBT(), {
           allowUnknown: true
         });
         setArkPsbtField(signedTx, 0, ConditionWitness, [preimage]);
         return signedTx;
       },
-      xOnlyPublicKey: receiverXOnlyPublicKey,
+      xOnlyPublicKey: ourXOnlyPublicKey,
       signerSession: getSignerSession(this.wallet)
     };
     const rawCheckpointTapscript = hex.decode(aspInfo.checkpointTapscript);
@@ -675,8 +714,8 @@ var ArkadeLightning = class {
     );
     const signedArkTx = await vhtlcIdentity.sign(arkTx);
     const { arkTxid, finalArkTx, signedCheckpointTxs } = await this.arkProvider.submitTx(
-      base64.encode(signedArkTx.toPSBT()),
-      checkpoints.map((c) => base64.encode(c.toPSBT()))
+      base642.encode(signedArkTx.toPSBT()),
+      checkpoints.map((c) => base642.encode(c.toPSBT()))
     );
     if (!this.validFinalArkTx(
       finalArkTx,
@@ -687,11 +726,11 @@ var ArkadeLightning = class {
     }
     const finalCheckpoints = await Promise.all(
       signedCheckpointTxs.map(async (c) => {
-        const tx = Transaction.fromPSBT(base64.decode(c), {
+        const tx = Transaction2.fromPSBT(base642.decode(c), {
           allowUnknown: true
         });
         const signedCheckpoint = await vhtlcIdentity.sign(tx, [0]);
-        return base64.encode(signedCheckpoint.toPSBT());
+        return base642.encode(signedCheckpoint.toPSBT());
       })
     );
     await this.arkProvider.finalizeTx(arkTxid, finalCheckpoints);
@@ -709,32 +748,29 @@ var ArkadeLightning = class {
     const aspInfo = await this.arkProvider.getInfo();
     const address = await this.wallet.getAddress();
     if (!address) throw new Error("Failed to get ark address from wallet");
-    let receiverXOnlyPublicKey = await this.wallet.identity.xOnlyPublicKey();
-    if (receiverXOnlyPublicKey.length == 33) {
-      receiverXOnlyPublicKey = receiverXOnlyPublicKey.slice(1);
-    } else if (receiverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid receiver public key length: ${receiverXOnlyPublicKey.length}`
-      );
-    }
-    let serverXOnlyPublicKey = hex.decode(aspInfo.signerPubkey);
-    if (serverXOnlyPublicKey.length == 33) {
-      serverXOnlyPublicKey = serverXOnlyPublicKey.slice(1);
-    } else if (serverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid server public key length: ${serverXOnlyPublicKey.length}`
-      );
-    }
+    const ourXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      await this.wallet.identity.xOnlyPublicKey(),
+      "our",
+      pendingSwap.id
+    );
+    const serverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      hex.decode(aspInfo.signerPubkey),
+      "server",
+      pendingSwap.id
+    );
+    const boltzXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      hex.decode(pendingSwap.response.claimPublicKey),
+      "boltz",
+      pendingSwap.id
+    );
     const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
       network: aspInfo.network,
       preimageHash: hex.decode(
         getInvoicePaymentHash(pendingSwap.request.invoice)
       ),
-      receiverPubkey: pendingSwap.response.claimPublicKey,
-      senderPubkey: hex.encode(
-        await this.wallet.identity.xOnlyPublicKey()
-      ),
-      serverPubkey: aspInfo.signerPubkey,
+      receiverPubkey: hex.encode(boltzXOnlyPublicKey),
+      senderPubkey: hex.encode(ourXOnlyPublicKey),
+      serverPubkey: hex.encode(serverXOnlyPublicKey),
       timeoutBlockHeights: pendingSwap.response.timeoutBlockHeights
     });
     if (!vhtlcScript)
@@ -749,25 +785,25 @@ var ArkadeLightning = class {
       throw new Error("No spendable virtual coins found");
     }
     const vhtlcIdentity = {
-      sign: async (tx, inputIndexes) => {
-        const cpy = tx.clone();
+      sign: async (tx2, inputIndexes) => {
+        const cpy = tx2.clone();
         let signedTx = await signTransaction(
           this.wallet,
           cpy,
           inputIndexes
         );
-        return Transaction.fromPSBT(signedTx.toPSBT(), {
+        return Transaction2.fromPSBT(signedTx.toPSBT(), {
           allowUnknown: true
         });
       },
-      xOnlyPublicKey: receiverXOnlyPublicKey,
+      xOnlyPublicKey: ourXOnlyPublicKey,
       signerSession: getSignerSession(this.wallet)
     };
     const rawCheckpointTapscript = hex.decode(aspInfo.checkpointTapscript);
     const serverUnrollScript = CSVMultisigTapscript.decode(
       rawCheckpointTapscript
     );
-    const { arkTx, checkpoints } = buildOffchainTx(
+    const { arkTx: unsignedRefundTx, checkpoints: checkpointPtxs } = buildOffchainTx(
       [
         {
           ...spendableVtxos.vtxos[0],
@@ -783,32 +819,73 @@ var ArkadeLightning = class {
       ],
       serverUnrollScript
     );
-    const signedArkTx = await vhtlcIdentity.sign(arkTx);
+    if (checkpointPtxs.length !== 1)
+      throw new Error(
+        `Expected one checkpoint transaction, got ${checkpointPtxs.length}`
+      );
+    const unsignedCheckpointTx = checkpointPtxs[0];
+    const {
+      transaction: boltzSignedRefundTx,
+      checkpoint: boltzSignedCheckpointTx
+    } = await this.swapProvider.refundSubmarineSwap(
+      pendingSwap.id,
+      unsignedRefundTx,
+      unsignedCheckpointTx
+    );
+    const boltzXOnlyPublicKeyHex = hex.encode(boltzXOnlyPublicKey);
+    if (!verifySignatures(boltzSignedRefundTx, 0, [boltzXOnlyPublicKeyHex])) {
+      throw new Error("Invalid Boltz signature in refund transaction");
+    }
+    if (!verifySignatures(boltzSignedCheckpointTx, 0, [
+      boltzXOnlyPublicKeyHex
+    ])) {
+      throw new Error(
+        "Invalid Boltz signature in checkpoint transaction"
+      );
+    }
+    const signedRefundTx = await vhtlcIdentity.sign(unsignedRefundTx);
+    const signedCheckpointTx = await vhtlcIdentity.sign(unsignedCheckpointTx);
+    const combinedSignedRefundTx = combineTapscriptSigs(
+      boltzSignedRefundTx,
+      signedRefundTx
+    );
+    const combinedSignedCheckpointTx = combineTapscriptSigs(
+      boltzSignedCheckpointTx,
+      signedCheckpointTx
+    );
     const { arkTxid, finalArkTx, signedCheckpointTxs } = await this.arkProvider.submitTx(
-      base64.encode(signedArkTx.toPSBT()),
-      checkpoints.map((c) => base64.encode(c.toPSBT()))
+      base642.encode(combinedSignedRefundTx.toPSBT()),
+      [base642.encode(unsignedCheckpointTx.toPSBT())]
     );
-    if (!this.validFinalArkTx(
-      finalArkTx,
-      serverXOnlyPublicKey,
-      vhtlcScript.leaves
-    )) {
-      throw new Error("Invalid final Ark transaction");
+    const tx = Transaction2.fromPSBT(base642.decode(finalArkTx));
+    const inputIndex = 0;
+    const requiredSigners = [
+      hex.encode(ourXOnlyPublicKey),
+      hex.encode(boltzXOnlyPublicKey),
+      hex.encode(serverXOnlyPublicKey)
+    ];
+    if (!verifySignatures(tx, inputIndex, requiredSigners)) {
+      throw new Error("Invalid refund transaction");
     }
-    const finalCheckpoints = await Promise.all(
-      signedCheckpointTxs.map(async (c) => {
-        const tx = Transaction.fromPSBT(base64.decode(c), {
-          allowUnknown: true
-        });
-        const signedCheckpoint = await vhtlcIdentity.sign(tx, [0]);
-        return base64.encode(signedCheckpoint.toPSBT());
-      })
+    if (signedCheckpointTxs.length !== 1) {
+      throw new Error(
+        `Expected one signed checkpoint transaction, got ${signedCheckpointTxs.length}`
+      );
+    }
+    const serverSignedCheckpointTx = Transaction2.fromPSBT(
+      base642.decode(signedCheckpointTxs[0])
     );
-    await this.arkProvider.finalizeTx(arkTxid, finalCheckpoints);
-    const finalStatus = await this.getSwapStatus(pendingSwap.id);
+    const finalCheckpointTx = combineTapscriptSigs(
+      combinedSignedCheckpointTx,
+      serverSignedCheckpointTx
+    );
+    await this.arkProvider.finalizeTx(arkTxid, [
+      base642.encode(finalCheckpointTx.toPSBT())
+    ]);
     await this.savePendingSubmarineSwap({
       ...pendingSwap,
-      status: finalStatus.status
+      refundable: true,
+      refunded: true
     });
   }
   /**
@@ -991,7 +1068,7 @@ var ArkadeLightning = class {
    * @returns True if the final Ark transaction is valid, false otherwise.
    */
   validFinalArkTx = (finalArkTx, _pubkey, _tapLeaves) => {
-    const tx = Transaction.fromPSBT(base64.decode(finalArkTx), {
+    const tx = Transaction2.fromPSBT(base642.decode(finalArkTx), {
       allowUnknown: true
     });
     if (!tx) return false;
@@ -1018,30 +1095,18 @@ var ArkadeLightning = class {
     serverPubkey,
     timeoutBlockHeights
   }) {
-    let receiverXOnlyPublicKey = hex.decode(receiverPubkey);
-    if (receiverXOnlyPublicKey.length == 33) {
-      receiverXOnlyPublicKey = receiverXOnlyPublicKey.slice(1);
-    } else if (receiverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid receiver public key length: ${receiverXOnlyPublicKey.length}`
-      );
-    }
-    let senderXOnlyPublicKey = hex.decode(senderPubkey);
-    if (senderXOnlyPublicKey.length == 33) {
-      senderXOnlyPublicKey = senderXOnlyPublicKey.slice(1);
-    } else if (senderXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid sender public key length: ${senderXOnlyPublicKey.length}`
-      );
-    }
-    let serverXOnlyPublicKey = hex.decode(serverPubkey);
-    if (serverXOnlyPublicKey.length == 33) {
-      serverXOnlyPublicKey = serverXOnlyPublicKey.slice(1);
-    } else if (serverXOnlyPublicKey.length !== 32) {
-      throw new Error(
-        `Invalid server public key length: ${serverXOnlyPublicKey.length}`
-      );
-    }
+    const receiverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      hex.decode(receiverPubkey),
+      "receiver"
+    );
+    const senderXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      hex.decode(senderPubkey),
+      "sender"
+    );
+    const serverXOnlyPublicKey = this.normalizeToXOnlyPublicKey(
+      hex.decode(serverPubkey),
+      "server"
+    );
     const delayType = (num) => num < 512 ? "blocks" : "seconds";
     const vhtlcScript = new VHTLC.Script({
       preimageHash: ripemd160(preimageHash),
@@ -1166,6 +1231,24 @@ var ArkadeLightning = class {
       });
     }
   }
+  /**
+   * Validate we are using a x-only public key
+   * @param publicKey
+   * @param keyName
+   * @param swapId
+   * @returns Uint8Array
+   */
+  normalizeToXOnlyPublicKey(publicKey, keyName, swapId) {
+    if (publicKey.length === 33) {
+      return publicKey.slice(1);
+    }
+    if (publicKey.length !== 32) {
+      throw new Error(
+        `Invalid ${keyName} public key length: ${publicKey.length} ${swapId ? "for swap " + swapId : ""}`
+      );
+    }
+    return publicKey;
+  }
 };
 export {
   ArkadeLightning,
@@ -1187,5 +1270,6 @@ export {
   isReverseFinalStatus,
   isSubmarineFinalStatus,
   isSubmarineRefundableStatus,
-  isSubmarineSwapRefundable
+  isSubmarineSwapRefundable,
+  verifySignatures
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arkade-os/boltz-swap",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "type": "module",
   "description": "A production-ready TypeScript package that brings Boltz submarine-swaps to Arkade.",
   "main": "./dist/index.js",
@@ -30,7 +30,7 @@
   "author": "Arkade-OS",
   "license": "MIT",
   "dependencies": {
-    "@arkade-os/sdk": "0.3.3",
+    "@arkade-os/sdk": "0.3.4",
     "@noble/hashes": "2.0.0",
     "@scure/base": "2.0.0",
     "@scure/btc-signer": "2.0.1",