@arkade-os/boltz-swap 0.3.39 → 0.3.40

package/dist/{arkade-swaps-DG9UepoS.d.cts → arkade-swaps-CObmwpZQ.d.cts}

@@ -428,6 +428,23 @@ declare class ArkadeSwaps {
         vhtlcScript: VHTLC.Script;
         vhtlcAddress: string;
     };
+    /**
+     * Reconstruct a swap's VHTLC by matching the persisted `lockupAddress`
+     * against the current and deprecated server signers, returning the matched
+     * script together with the server key it was minted under.
+     *
+     * Recovery paths (claim/refund/lookup) must use this instead of building the
+     * VHTLC from the current signer alone: a swap created before a planned arkd
+     * signer rotation is locked to a now-deprecated signer, so the current key
+     * would yield the wrong address and strand the funds. The returned
+     * `serverXOnlyPublicKey` is the original (possibly deprecated) key and MUST
+     * be threaded into downstream signing/verification.
+     *
+     * Throws a descriptive mismatch error when no candidate reproduces the
+     * lockup address (e.g. the swap predates an already-pruned deprecated
+     * signer) — replacing the previous current-signer-only equality check.
+     */
+    private resolveVHTLCForLockup;
     /**
      * Retrieves fees for swaps.
      * - No arguments: returns lightning (submarine/reverse) fees

package/dist/{arkade-swaps-Uet3tgN6.d.ts → arkade-swaps-DnRiRcdW.d.ts}

@@ -428,6 +428,23 @@ declare class ArkadeSwaps {
         vhtlcScript: VHTLC.Script;
         vhtlcAddress: string;
     };
+    /**
+     * Reconstruct a swap's VHTLC by matching the persisted `lockupAddress`
+     * against the current and deprecated server signers, returning the matched
+     * script together with the server key it was minted under.
+     *
+     * Recovery paths (claim/refund/lookup) must use this instead of building the
+     * VHTLC from the current signer alone: a swap created before a planned arkd
+     * signer rotation is locked to a now-deprecated signer, so the current key
+     * would yield the wrong address and strand the funds. The returned
+     * `serverXOnlyPublicKey` is the original (possibly deprecated) key and MUST
+     * be threaded into downstream signing/verification.
+     *
+     * Throws a descriptive mismatch error when no candidate reproduces the
+     * lockup address (e.g. the swap predates an already-pruned deprecated
+     * signer) — replacing the previous current-signer-only equality check.
+     */
+    private resolveVHTLCForLockup;
     /**
      * Retrieves fees for swaps.
      * - No arguments: returns lightning (submarine/reverse) fees

package/dist/{chunk-CFB2NNGT.js → chunk-GYWMQOCP.js}

@@ -976,10 +976,10 @@ import bolt11 from "light-bolt11-decoder";
 import { ArkAddress } from "@arkade-os/sdk";
 var decodeInvoice = (invoice) => {
   const decoded = bolt11.decode(invoice);
-  const millisats = Number(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
+  const millisats = BigInt(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
   return {
     expiry: decoded.expiry ?? 3600,
-    amountSats: Math.floor(millisats / 1e3),
+    amountSats: Number(millisats / 1000n),
     description: decoded.sections.find((s) => s.name === "description")?.value ?? "",
     paymentHash: decoded.sections.find((s) => s.name === "payment_hash")?.value ?? ""
   };
@@ -2966,6 +2966,19 @@ var createVHTLCScript = (args) => {
   const vhtlcAddress = vhtlcScript.address(hrp, serverXOnlyPublicKey).encode();
   return { vhtlcScript, vhtlcAddress };
 };
+var candidateServerPubkeys = (arkInfo) => {
+  const current = hex7.encode(normalizeToXOnlyKey(hex7.decode(arkInfo.signerPubkey), "server"));
+  const seen = /* @__PURE__ */ new Set([current]);
+  const candidates = [current];
+  for (const deprecated of arkInfo.deprecatedSigners ?? []) {
+    if (!deprecated.pubkey) continue;
+    const key = hex7.encode(normalizeToXOnlyKey(hex7.decode(deprecated.pubkey), "server"));
+    if (seen.has(key)) continue;
+    seen.add(key);
+    candidates.push(key);
+  }
+  return candidates;
+};
 var joinBatch = async (arkProvider, identity, input, output, {
   forfeitPubkey,
   forfeitAddress,
@@ -3380,6 +3393,10 @@ var ArkadeSwaps = class _ArkadeSwaps {
       ...args.description?.trim() ? { description: args.description.trim() } : {}
     };
     const swapResponse = await this.swapProvider.createReverseSwap(swapRequest);
+    const decodedInvoice = decodeInvoice(swapResponse.invoice);
+    if (decodedInvoice.paymentHash !== preimageHash) {
+      throw new SwapError({ message: "Preimage hash does not match invoice payment hash" });
+    }
     const pendingSwap = {
       id: swapResponse.id,
       type: "reverse",
@@ -3423,27 +3440,15 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       pendingSwap.id
     );
-    const serverXOnly = normalizeToXOnlyKey(
-      hex8.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: arkInfo.network,
+    const { vhtlcScript, serverXOnlyPublicKey: serverXOnly } = this.resolveVHTLCForLockup({
+      arkInfo,
       preimageHash: sha2563(preimage),
       receiverPubkey: hex8.encode(receiverXOnly),
       senderPubkey: hex8.encode(senderXOnly),
-      serverPubkey: hex8.encode(serverXOnly),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: pendingSwap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(
-        `Swap ${pendingSwap.id}: failed to create VHTLC script for reverse swap`
-      );
-    if (vhtlcAddress !== lockupAddress)
-      throw new Error(
-        `Swap ${pendingSwap.id}: VHTLC address mismatch. Expected ${lockupAddress}, got ${vhtlcAddress}`
-      );
     let unspentVtxos = [];
     let rawVtxos = [];
     for (let attempt = 1; attempt <= CLAIM_VTXO_RETRY_ATTEMPTS; attempt++) {
@@ -3685,11 +3690,6 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "our",
       swap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      hex8.decode(resolvedArkInfo.signerPubkey),
-      "server",
-      swap.id
-    );
     const { claimPublicKey, timeoutBlockHeights: vhtlcTimeouts } = swap.response;
     if (!claimPublicKey || !vhtlcTimeouts)
       throw new Error(`Swap ${swap.id}: incomplete submarine swap response`);
@@ -3698,20 +3698,19 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       swap.id
     );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: resolvedArkInfo.network,
+    const lockupAddress = swap.response.address;
+    if (!lockupAddress)
+      throw new Error(`Swap ${swap.id}: missing lockup address in submarine swap response`);
+    const { vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+      arkInfo: resolvedArkInfo,
       preimageHash: hex8.decode(preimageHash),
       receiverPubkey: hex8.encode(boltzXOnlyPublicKey),
       senderPubkey: hex8.encode(ourXOnlyPublicKey),
-      serverPubkey: hex8.encode(serverXOnlyPublicKey),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: swap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${swap.id}: failed to create VHTLC script for submarine swap`);
-    if (vhtlcAddress !== swap.response.address)
-      throw new Error(
-        `VHTLC address mismatch for swap ${swap.id}: expected ${swap.response.address}, got ${vhtlcAddress}`
-      );
+    const vhtlcAddress = lockupAddress;
     const vhtlcPkScriptHex = hex8.encode(vhtlcScript.pkScript);
     return {
       arkInfo: resolvedArkInfo,
@@ -4424,29 +4423,26 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "user",
       pendingSwap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      hex8.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
     const boltzXOnlyPublicKey = normalizeToXOnlyKey(
       hex8.decode(pendingSwap.response.lockupDetails.serverPublicKey),
       "boltz",
       pendingSwap.id
     );
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: hex8.decode(pendingSwap.request.preimageHash),
-      serverPubkey: hex8.encode(serverXOnlyPublicKey),
-      senderPubkey: hex8.encode(ourXOnlyPublicKey),
-      receiverPubkey: hex8.encode(boltzXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts
-    });
-    if (!vhtlcScript.refundScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.lockupDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: hex8.decode(pendingSwap.request.preimageHash),
+        senderPubkey: hex8.encode(ourXOnlyPublicKey),
+        receiverPubkey: hex8.encode(boltzXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts,
+        lockupAddress: pendingSwap.response.lockupDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to refund: invalid VHTLC address"
       });
     }
     const { vtxos } = await this.indexerProvider.getVtxos({
@@ -4705,20 +4701,21 @@ var ArkadeSwaps = class _ArkadeSwaps {
       pendingSwap.response.claimDetails.serverPublicKey,
       "sender"
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(arkInfo.signerPubkey, "server");
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: hex8.decode(pendingSwap.request.preimageHash),
-      serverPubkey: hex8.encode(serverXOnlyPublicKey),
-      senderPubkey: hex8.encode(senderXOnlyPublicKey),
-      receiverPubkey: hex8.encode(receiverXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts
-    });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.claimDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: hex8.decode(pendingSwap.request.preimageHash),
+        senderPubkey: hex8.encode(senderXOnlyPublicKey),
+        receiverPubkey: hex8.encode(receiverXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts,
+        lockupAddress: pendingSwap.response.claimDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to claim: invalid VHTLC address"
       });
     }
     let vtxo;
@@ -5080,6 +5077,55 @@ var ArkadeSwaps = class _ArkadeSwaps {
   createVHTLCScript(args) {
     return createVHTLCScript(args);
   }
+  /**
+   * Reconstruct a swap's VHTLC by matching the persisted `lockupAddress`
+   * against the current and deprecated server signers, returning the matched
+   * script together with the server key it was minted under.
+   *
+   * Recovery paths (claim/refund/lookup) must use this instead of building the
+   * VHTLC from the current signer alone: a swap created before a planned arkd
+   * signer rotation is locked to a now-deprecated signer, so the current key
+   * would yield the wrong address and strand the funds. The returned
+   * `serverXOnlyPublicKey` is the original (possibly deprecated) key and MUST
+   * be threaded into downstream signing/verification.
+   *
+   * Throws a descriptive mismatch error when no candidate reproduces the
+   * lockup address (e.g. the swap predates an already-pruned deprecated
+   * signer) — replacing the previous current-signer-only equality check.
+   */
+  resolveVHTLCForLockup(args) {
+    const candidates = candidateServerPubkeys(args.arkInfo);
+    for (const serverPubkey of candidates) {
+      const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
+        network: args.arkInfo.network,
+        preimageHash: args.preimageHash,
+        receiverPubkey: args.receiverPubkey,
+        senderPubkey: args.senderPubkey,
+        serverPubkey,
+        timeoutBlockHeights: args.timeoutBlockHeights
+      });
+      if (vhtlcAddress !== args.lockupAddress) continue;
+      if (!vhtlcScript.claimScript && !vhtlcScript.refundScript) {
+        throw new Error(
+          `Swap ${args.swapId}: VHTLC address matched but claim/refund script leaves are empty`
+        );
+      }
+      return {
+        vhtlcScript,
+        // The matched (possibly deprecated) key must flow into downstream
+        // signing/verification: arkd signs a deprecated-signer input with
+        // the deprecated key, so the claim/refund leaf checks use it.
+        serverXOnlyPublicKey: normalizeToXOnlyKey(
+          hex8.decode(serverPubkey),
+          "server",
+          args.swapId
+        )
+      };
+    }
+    throw new Error(
+      `Swap ${args.swapId}: VHTLC address mismatch. Expected ${args.lockupAddress}; no current or deprecated server signer (${candidates.length} candidate(s) tried) reproduced it`
+    );
+  }
   async getFees(from, to) {
     if (from && to) {
       return this.swapProvider.getChainFees(from, to);

package/dist/{chunk-DNCIVDU5.js → chunk-WGLBFONB.js}

@@ -7,7 +7,7 @@ import {
   isSubmarineFinalStatus,
   isSubmarineSwapRefundable,
   logger
-} from "./chunk-CFB2NNGT.js";
+} from "./chunk-GYWMQOCP.js";
 
 // src/expo/swapsPollProcessor.ts
 var SWAP_POLL_TASK_TYPE = "swap-poll";

package/dist/expo/background.cjs

@@ -1291,10 +1291,10 @@ var import_light_bolt11_decoder = __toESM(require("light-bolt11-decoder"), 1);
 var import_sdk2 = require("@arkade-os/sdk");
 var decodeInvoice = (invoice) => {
   const decoded = import_light_bolt11_decoder.default.decode(invoice);
-  const millisats = Number(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
+  const millisats = BigInt(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
   return {
     expiry: decoded.expiry ?? 3600,
-    amountSats: Math.floor(millisats / 1e3),
+    amountSats: Number(millisats / 1000n),
     description: decoded.sections.find((s) => s.name === "description")?.value ?? "",
     paymentHash: decoded.sections.find((s) => s.name === "payment_hash")?.value ?? ""
   };
@@ -2909,6 +2909,19 @@ var createVHTLCScript = (args) => {
   const vhtlcAddress = vhtlcScript.address(hrp, serverXOnlyPublicKey).encode();
   return { vhtlcScript, vhtlcAddress };
 };
+var candidateServerPubkeys = (arkInfo) => {
+  const current = import_base8.hex.encode(normalizeToXOnlyKey(import_base8.hex.decode(arkInfo.signerPubkey), "server"));
+  const seen = /* @__PURE__ */ new Set([current]);
+  const candidates = [current];
+  for (const deprecated of arkInfo.deprecatedSigners ?? []) {
+    if (!deprecated.pubkey) continue;
+    const key = import_base8.hex.encode(normalizeToXOnlyKey(import_base8.hex.decode(deprecated.pubkey), "server"));
+    if (seen.has(key)) continue;
+    seen.add(key);
+    candidates.push(key);
+  }
+  return candidates;
+};
 var joinBatch = async (arkProvider, identity, input, output, {
   forfeitPubkey,
   forfeitAddress,
@@ -3323,6 +3336,10 @@ var ArkadeSwaps = class _ArkadeSwaps {
       ...args.description?.trim() ? { description: args.description.trim() } : {}
     };
     const swapResponse = await this.swapProvider.createReverseSwap(swapRequest);
+    const decodedInvoice = decodeInvoice(swapResponse.invoice);
+    if (decodedInvoice.paymentHash !== preimageHash) {
+      throw new SwapError({ message: "Preimage hash does not match invoice payment hash" });
+    }
     const pendingSwap = {
       id: swapResponse.id,
       type: "reverse",
@@ -3366,27 +3383,15 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       pendingSwap.id
     );
-    const serverXOnly = normalizeToXOnlyKey(
-      import_base9.hex.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: arkInfo.network,
+    const { vhtlcScript, serverXOnlyPublicKey: serverXOnly } = this.resolveVHTLCForLockup({
+      arkInfo,
       preimageHash: (0, import_sha23.sha256)(preimage),
       receiverPubkey: import_base9.hex.encode(receiverXOnly),
       senderPubkey: import_base9.hex.encode(senderXOnly),
-      serverPubkey: import_base9.hex.encode(serverXOnly),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: pendingSwap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(
-        `Swap ${pendingSwap.id}: failed to create VHTLC script for reverse swap`
-      );
-    if (vhtlcAddress !== lockupAddress)
-      throw new Error(
-        `Swap ${pendingSwap.id}: VHTLC address mismatch. Expected ${lockupAddress}, got ${vhtlcAddress}`
-      );
     let unspentVtxos = [];
     let rawVtxos = [];
     for (let attempt = 1; attempt <= CLAIM_VTXO_RETRY_ATTEMPTS; attempt++) {
@@ -3628,11 +3633,6 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "our",
       swap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      import_base9.hex.decode(resolvedArkInfo.signerPubkey),
-      "server",
-      swap.id
-    );
     const { claimPublicKey, timeoutBlockHeights: vhtlcTimeouts } = swap.response;
     if (!claimPublicKey || !vhtlcTimeouts)
       throw new Error(`Swap ${swap.id}: incomplete submarine swap response`);
@@ -3641,20 +3641,19 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       swap.id
     );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: resolvedArkInfo.network,
+    const lockupAddress = swap.response.address;
+    if (!lockupAddress)
+      throw new Error(`Swap ${swap.id}: missing lockup address in submarine swap response`);
+    const { vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+      arkInfo: resolvedArkInfo,
       preimageHash: import_base9.hex.decode(preimageHash),
       receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
       senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: swap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${swap.id}: failed to create VHTLC script for submarine swap`);
-    if (vhtlcAddress !== swap.response.address)
-      throw new Error(
-        `VHTLC address mismatch for swap ${swap.id}: expected ${swap.response.address}, got ${vhtlcAddress}`
-      );
+    const vhtlcAddress = lockupAddress;
     const vhtlcPkScriptHex = import_base9.hex.encode(vhtlcScript.pkScript);
     return {
       arkInfo: resolvedArkInfo,
@@ -4367,29 +4366,26 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "user",
       pendingSwap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      import_base9.hex.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
     const boltzXOnlyPublicKey = normalizeToXOnlyKey(
       import_base9.hex.decode(pendingSwap.response.lockupDetails.serverPublicKey),
       "boltz",
       pendingSwap.id
     );
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
-      receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts
-    });
-    if (!vhtlcScript.refundScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.lockupDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
+        senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
+        receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts,
+        lockupAddress: pendingSwap.response.lockupDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to refund: invalid VHTLC address"
       });
     }
     const { vtxos } = await this.indexerProvider.getVtxos({
@@ -4648,20 +4644,21 @@ var ArkadeSwaps = class _ArkadeSwaps {
       pendingSwap.response.claimDetails.serverPublicKey,
       "sender"
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(arkInfo.signerPubkey, "server");
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      senderPubkey: import_base9.hex.encode(senderXOnlyPublicKey),
-      receiverPubkey: import_base9.hex.encode(receiverXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts
-    });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.claimDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
+        senderPubkey: import_base9.hex.encode(senderXOnlyPublicKey),
+        receiverPubkey: import_base9.hex.encode(receiverXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts,
+        lockupAddress: pendingSwap.response.claimDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to claim: invalid VHTLC address"
       });
     }
     let vtxo;
@@ -5023,6 +5020,55 @@ var ArkadeSwaps = class _ArkadeSwaps {
   createVHTLCScript(args) {
     return createVHTLCScript(args);
   }
+  /**
+   * Reconstruct a swap's VHTLC by matching the persisted `lockupAddress`
+   * against the current and deprecated server signers, returning the matched
+   * script together with the server key it was minted under.
+   *
+   * Recovery paths (claim/refund/lookup) must use this instead of building the
+   * VHTLC from the current signer alone: a swap created before a planned arkd
+   * signer rotation is locked to a now-deprecated signer, so the current key
+   * would yield the wrong address and strand the funds. The returned
+   * `serverXOnlyPublicKey` is the original (possibly deprecated) key and MUST
+   * be threaded into downstream signing/verification.
+   *
+   * Throws a descriptive mismatch error when no candidate reproduces the
+   * lockup address (e.g. the swap predates an already-pruned deprecated
+   * signer) — replacing the previous current-signer-only equality check.
+   */
+  resolveVHTLCForLockup(args) {
+    const candidates = candidateServerPubkeys(args.arkInfo);
+    for (const serverPubkey of candidates) {
+      const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
+        network: args.arkInfo.network,
+        preimageHash: args.preimageHash,
+        receiverPubkey: args.receiverPubkey,
+        senderPubkey: args.senderPubkey,
+        serverPubkey,
+        timeoutBlockHeights: args.timeoutBlockHeights
+      });
+      if (vhtlcAddress !== args.lockupAddress) continue;
+      if (!vhtlcScript.claimScript && !vhtlcScript.refundScript) {
+        throw new Error(
+          `Swap ${args.swapId}: VHTLC address matched but claim/refund script leaves are empty`
+        );
+      }
+      return {
+        vhtlcScript,
+        // The matched (possibly deprecated) key must flow into downstream
+        // signing/verification: arkd signs a deprecated-signer input with
+        // the deprecated key, so the claim/refund leaf checks use it.
+        serverXOnlyPublicKey: normalizeToXOnlyKey(
+          import_base9.hex.decode(serverPubkey),
+          "server",
+          args.swapId
+        )
+      };
+    }
+    throw new Error(
+      `Swap ${args.swapId}: VHTLC address mismatch. Expected ${args.lockupAddress}; no current or deprecated server signer (${candidates.length} candidate(s) tried) reproduced it`
+    );
+  }
   async getFees(from, to) {
     if (from && to) {
       return this.swapProvider.getChainFees(from, to);

package/dist/expo/background.js

@@ -1,10 +1,10 @@
 import {
   SWAP_POLL_TASK_TYPE,
   swapsPollProcessor
-} from "../chunk-DNCIVDU5.js";
+} from "../chunk-WGLBFONB.js";
 import {
   BoltzSwapProvider
-} from "../chunk-CFB2NNGT.js";
+} from "../chunk-GYWMQOCP.js";
 import "../chunk-SJQJQO7P.js";
 
 // src/expo/background.ts

package/dist/expo/index.cjs

@@ -1281,10 +1281,10 @@ var import_light_bolt11_decoder = __toESM(require("light-bolt11-decoder"), 1);
 var import_sdk2 = require("@arkade-os/sdk");
 var decodeInvoice = (invoice) => {
   const decoded = import_light_bolt11_decoder.default.decode(invoice);
-  const millisats = Number(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
+  const millisats = BigInt(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
   return {
     expiry: decoded.expiry ?? 3600,
-    amountSats: Math.floor(millisats / 1e3),
+    amountSats: Number(millisats / 1000n),
     description: decoded.sections.find((s) => s.name === "description")?.value ?? "",
     paymentHash: decoded.sections.find((s) => s.name === "payment_hash")?.value ?? ""
   };
@@ -2899,6 +2899,19 @@ var createVHTLCScript = (args) => {
   const vhtlcAddress = vhtlcScript.address(hrp, serverXOnlyPublicKey).encode();
   return { vhtlcScript, vhtlcAddress };
 };
+var candidateServerPubkeys = (arkInfo) => {
+  const current = import_base8.hex.encode(normalizeToXOnlyKey(import_base8.hex.decode(arkInfo.signerPubkey), "server"));
+  const seen = /* @__PURE__ */ new Set([current]);
+  const candidates = [current];
+  for (const deprecated of arkInfo.deprecatedSigners ?? []) {
+    if (!deprecated.pubkey) continue;
+    const key = import_base8.hex.encode(normalizeToXOnlyKey(import_base8.hex.decode(deprecated.pubkey), "server"));
+    if (seen.has(key)) continue;
+    seen.add(key);
+    candidates.push(key);
+  }
+  return candidates;
+};
 var joinBatch = async (arkProvider, identity, input, output, {
   forfeitPubkey,
   forfeitAddress,
@@ -3313,6 +3326,10 @@ var ArkadeSwaps = class _ArkadeSwaps {
       ...args.description?.trim() ? { description: args.description.trim() } : {}
     };
     const swapResponse = await this.swapProvider.createReverseSwap(swapRequest);
+    const decodedInvoice = decodeInvoice(swapResponse.invoice);
+    if (decodedInvoice.paymentHash !== preimageHash) {
+      throw new SwapError({ message: "Preimage hash does not match invoice payment hash" });
+    }
     const pendingSwap = {
       id: swapResponse.id,
       type: "reverse",
@@ -3356,27 +3373,15 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       pendingSwap.id
     );
-    const serverXOnly = normalizeToXOnlyKey(
-      import_base9.hex.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: arkInfo.network,
+    const { vhtlcScript, serverXOnlyPublicKey: serverXOnly } = this.resolveVHTLCForLockup({
+      arkInfo,
       preimageHash: (0, import_sha23.sha256)(preimage),
       receiverPubkey: import_base9.hex.encode(receiverXOnly),
       senderPubkey: import_base9.hex.encode(senderXOnly),
-      serverPubkey: import_base9.hex.encode(serverXOnly),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: pendingSwap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(
-        `Swap ${pendingSwap.id}: failed to create VHTLC script for reverse swap`
-      );
-    if (vhtlcAddress !== lockupAddress)
-      throw new Error(
-        `Swap ${pendingSwap.id}: VHTLC address mismatch. Expected ${lockupAddress}, got ${vhtlcAddress}`
-      );
     let unspentVtxos = [];
     let rawVtxos = [];
     for (let attempt = 1; attempt <= CLAIM_VTXO_RETRY_ATTEMPTS; attempt++) {
@@ -3618,11 +3623,6 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "our",
       swap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      import_base9.hex.decode(resolvedArkInfo.signerPubkey),
-      "server",
-      swap.id
-    );
     const { claimPublicKey, timeoutBlockHeights: vhtlcTimeouts } = swap.response;
     if (!claimPublicKey || !vhtlcTimeouts)
       throw new Error(`Swap ${swap.id}: incomplete submarine swap response`);
@@ -3631,20 +3631,19 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       swap.id
     );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: resolvedArkInfo.network,
+    const lockupAddress = swap.response.address;
+    if (!lockupAddress)
+      throw new Error(`Swap ${swap.id}: missing lockup address in submarine swap response`);
+    const { vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+      arkInfo: resolvedArkInfo,
       preimageHash: import_base9.hex.decode(preimageHash),
       receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
       senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: swap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${swap.id}: failed to create VHTLC script for submarine swap`);
-    if (vhtlcAddress !== swap.response.address)
-      throw new Error(
-        `VHTLC address mismatch for swap ${swap.id}: expected ${swap.response.address}, got ${vhtlcAddress}`
-      );
+    const vhtlcAddress = lockupAddress;
     const vhtlcPkScriptHex = import_base9.hex.encode(vhtlcScript.pkScript);
     return {
       arkInfo: resolvedArkInfo,
@@ -4357,29 +4356,26 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "user",
       pendingSwap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      import_base9.hex.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
     const boltzXOnlyPublicKey = normalizeToXOnlyKey(
       import_base9.hex.decode(pendingSwap.response.lockupDetails.serverPublicKey),
       "boltz",
       pendingSwap.id
     );
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
-      receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts
-    });
-    if (!vhtlcScript.refundScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.lockupDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
+        senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
+        receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts,
+        lockupAddress: pendingSwap.response.lockupDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to refund: invalid VHTLC address"
       });
     }
     const { vtxos } = await this.indexerProvider.getVtxos({
@@ -4638,20 +4634,21 @@ var ArkadeSwaps = class _ArkadeSwaps {
       pendingSwap.response.claimDetails.serverPublicKey,
       "sender"
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(arkInfo.signerPubkey, "server");
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      senderPubkey: import_base9.hex.encode(senderXOnlyPublicKey),
-      receiverPubkey: import_base9.hex.encode(receiverXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts
-    });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.claimDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
+        senderPubkey: import_base9.hex.encode(senderXOnlyPublicKey),
+        receiverPubkey: import_base9.hex.encode(receiverXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts,
+        lockupAddress: pendingSwap.response.claimDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to claim: invalid VHTLC address"
       });
     }
     let vtxo;
@@ -5013,6 +5010,55 @@ var ArkadeSwaps = class _ArkadeSwaps {
   createVHTLCScript(args) {
     return createVHTLCScript(args);
   }
+  /**
+   * Reconstruct a swap's VHTLC by matching the persisted `lockupAddress`
+   * against the current and deprecated server signers, returning the matched
+   * script together with the server key it was minted under.
+   *
+   * Recovery paths (claim/refund/lookup) must use this instead of building the
+   * VHTLC from the current signer alone: a swap created before a planned arkd
+   * signer rotation is locked to a now-deprecated signer, so the current key
+   * would yield the wrong address and strand the funds. The returned
+   * `serverXOnlyPublicKey` is the original (possibly deprecated) key and MUST
+   * be threaded into downstream signing/verification.
+   *
+   * Throws a descriptive mismatch error when no candidate reproduces the
+   * lockup address (e.g. the swap predates an already-pruned deprecated
+   * signer) — replacing the previous current-signer-only equality check.
+   */
+  resolveVHTLCForLockup(args) {
+    const candidates = candidateServerPubkeys(args.arkInfo);
+    for (const serverPubkey of candidates) {
+      const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
+        network: args.arkInfo.network,
+        preimageHash: args.preimageHash,
+        receiverPubkey: args.receiverPubkey,
+        senderPubkey: args.senderPubkey,
+        serverPubkey,
+        timeoutBlockHeights: args.timeoutBlockHeights
+      });
+      if (vhtlcAddress !== args.lockupAddress) continue;
+      if (!vhtlcScript.claimScript && !vhtlcScript.refundScript) {
+        throw new Error(
+          `Swap ${args.swapId}: VHTLC address matched but claim/refund script leaves are empty`
+        );
+      }
+      return {
+        vhtlcScript,
+        // The matched (possibly deprecated) key must flow into downstream
+        // signing/verification: arkd signs a deprecated-signer input with
+        // the deprecated key, so the claim/refund leaf checks use it.
+        serverXOnlyPublicKey: normalizeToXOnlyKey(
+          import_base9.hex.decode(serverPubkey),
+          "server",
+          args.swapId
+        )
+      };
+    }
+    throw new Error(
+      `Swap ${args.swapId}: VHTLC address mismatch. Expected ${args.lockupAddress}; no current or deprecated server signer (${candidates.length} candidate(s) tried) reproduced it`
+    );
+  }
   async getFees(from, to) {
     if (from && to) {
       return this.swapProvider.getChainFees(from, to);

package/dist/expo/index.d.cts

@@ -1,4 +1,4 @@
-import { I as IArkadeSwaps, A as ArkadeSwaps, Q as QuoteSwapOptions, V as VhtlcTimeouts } from '../arkade-swaps-DG9UepoS.cjs';
+import { I as IArkadeSwaps, A as ArkadeSwaps, Q as QuoteSwapOptions, V as VhtlcTimeouts } from '../arkade-swaps-CObmwpZQ.cjs';
 import { o as SwapManagerClient, C as CreateLightningInvoiceRequest, e as CreateLightningInvoiceResponse, S as SendLightningPaymentRequest, f as SendLightningPaymentResponse, c as BoltzSubmarineSwap, b as BoltzReverseSwap, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, F as FeesResponse, a as BoltzChainSwap, k as ArkToBtcResponse, m as ChainArkRefundOutcome, l as BtcToArkResponse, d as Chain, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, B as BoltzSwap } from '../types-D97i1LFu.cjs';
 import { E as ExpoArkadeSwapsConfig } from '../swapsPollProcessor-BlyUrhtO.cjs';
 export { D as DefineSwapBackgroundTaskOptions, b as ExpoArkadeLightningConfig, c as ExpoSwapBackgroundConfig, P as PersistedSwapBackgroundConfig, S as SWAP_POLL_TASK_TYPE, a as SwapTaskDependencies } from '../swapsPollProcessor-BlyUrhtO.cjs';

package/dist/expo/index.d.ts

@@ -1,4 +1,4 @@
-import { I as IArkadeSwaps, A as ArkadeSwaps, Q as QuoteSwapOptions, V as VhtlcTimeouts } from '../arkade-swaps-Uet3tgN6.js';
+import { I as IArkadeSwaps, A as ArkadeSwaps, Q as QuoteSwapOptions, V as VhtlcTimeouts } from '../arkade-swaps-DnRiRcdW.js';
 import { o as SwapManagerClient, C as CreateLightningInvoiceRequest, e as CreateLightningInvoiceResponse, S as SendLightningPaymentRequest, f as SendLightningPaymentResponse, c as BoltzSubmarineSwap, b as BoltzReverseSwap, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, F as FeesResponse, a as BoltzChainSwap, k as ArkToBtcResponse, m as ChainArkRefundOutcome, l as BtcToArkResponse, d as Chain, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, B as BoltzSwap } from '../types-D97i1LFu.js';
 import { E as ExpoArkadeSwapsConfig } from '../swapsPollProcessor-Bv4Z2R7g.js';
 export { D as DefineSwapBackgroundTaskOptions, b as ExpoArkadeLightningConfig, c as ExpoSwapBackgroundConfig, P as PersistedSwapBackgroundConfig, S as SWAP_POLL_TASK_TYPE, a as SwapTaskDependencies } from '../swapsPollProcessor-Bv4Z2R7g.js';

package/dist/expo/index.js

@@ -1,9 +1,9 @@
 import {
   SWAP_POLL_TASK_TYPE
-} from "../chunk-DNCIVDU5.js";
+} from "../chunk-WGLBFONB.js";
 import {
   ArkadeSwaps
-} from "../chunk-CFB2NNGT.js";
+} from "../chunk-GYWMQOCP.js";
 import "../chunk-SJQJQO7P.js";
 
 // src/expo/arkade-lightning.ts

package/dist/index.cjs

@@ -1408,10 +1408,10 @@ var import_light_bolt11_decoder = __toESM(require("light-bolt11-decoder"), 1);
 var import_sdk2 = require("@arkade-os/sdk");
 var decodeInvoice = (invoice) => {
   const decoded = import_light_bolt11_decoder.default.decode(invoice);
-  const millisats = Number(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
+  const millisats = BigInt(decoded.sections.find((s) => s.name === "amount")?.value ?? "0");
   return {
     expiry: decoded.expiry ?? 3600,
-    amountSats: Math.floor(millisats / 1e3),
+    amountSats: Number(millisats / 1000n),
     description: decoded.sections.find((s) => s.name === "description")?.value ?? "",
     paymentHash: decoded.sections.find((s) => s.name === "payment_hash")?.value ?? ""
   };
@@ -3047,6 +3047,19 @@ var createVHTLCScript = (args) => {
   const vhtlcAddress = vhtlcScript.address(hrp, serverXOnlyPublicKey).encode();
   return { vhtlcScript, vhtlcAddress };
 };
+var candidateServerPubkeys = (arkInfo) => {
+  const current = import_base8.hex.encode(normalizeToXOnlyKey(import_base8.hex.decode(arkInfo.signerPubkey), "server"));
+  const seen = /* @__PURE__ */ new Set([current]);
+  const candidates = [current];
+  for (const deprecated of arkInfo.deprecatedSigners ?? []) {
+    if (!deprecated.pubkey) continue;
+    const key = import_base8.hex.encode(normalizeToXOnlyKey(import_base8.hex.decode(deprecated.pubkey), "server"));
+    if (seen.has(key)) continue;
+    seen.add(key);
+    candidates.push(key);
+  }
+  return candidates;
+};
 var joinBatch = async (arkProvider, identity, input, output, {
   forfeitPubkey,
   forfeitAddress,
@@ -3461,6 +3474,10 @@ var ArkadeSwaps = class _ArkadeSwaps {
       ...args.description?.trim() ? { description: args.description.trim() } : {}
     };
     const swapResponse = await this.swapProvider.createReverseSwap(swapRequest);
+    const decodedInvoice = decodeInvoice(swapResponse.invoice);
+    if (decodedInvoice.paymentHash !== preimageHash) {
+      throw new SwapError({ message: "Preimage hash does not match invoice payment hash" });
+    }
     const pendingSwap = {
       id: swapResponse.id,
       type: "reverse",
@@ -3504,27 +3521,15 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       pendingSwap.id
     );
-    const serverXOnly = normalizeToXOnlyKey(
-      import_base9.hex.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: arkInfo.network,
+    const { vhtlcScript, serverXOnlyPublicKey: serverXOnly } = this.resolveVHTLCForLockup({
+      arkInfo,
       preimageHash: (0, import_sha23.sha256)(preimage),
       receiverPubkey: import_base9.hex.encode(receiverXOnly),
       senderPubkey: import_base9.hex.encode(senderXOnly),
-      serverPubkey: import_base9.hex.encode(serverXOnly),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: pendingSwap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(
-        `Swap ${pendingSwap.id}: failed to create VHTLC script for reverse swap`
-      );
-    if (vhtlcAddress !== lockupAddress)
-      throw new Error(
-        `Swap ${pendingSwap.id}: VHTLC address mismatch. Expected ${lockupAddress}, got ${vhtlcAddress}`
-      );
     let unspentVtxos = [];
     let rawVtxos = [];
     for (let attempt = 1; attempt <= CLAIM_VTXO_RETRY_ATTEMPTS; attempt++) {
@@ -3766,11 +3771,6 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "our",
       swap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      import_base9.hex.decode(resolvedArkInfo.signerPubkey),
-      "server",
-      swap.id
-    );
     const { claimPublicKey, timeoutBlockHeights: vhtlcTimeouts } = swap.response;
     if (!claimPublicKey || !vhtlcTimeouts)
       throw new Error(`Swap ${swap.id}: incomplete submarine swap response`);
@@ -3779,20 +3779,19 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "boltz",
       swap.id
     );
-    const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
-      network: resolvedArkInfo.network,
+    const lockupAddress = swap.response.address;
+    if (!lockupAddress)
+      throw new Error(`Swap ${swap.id}: missing lockup address in submarine swap response`);
+    const { vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+      arkInfo: resolvedArkInfo,
       preimageHash: import_base9.hex.decode(preimageHash),
       receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
       senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      timeoutBlockHeights: vhtlcTimeouts
+      timeoutBlockHeights: vhtlcTimeouts,
+      lockupAddress,
+      swapId: swap.id
     });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${swap.id}: failed to create VHTLC script for submarine swap`);
-    if (vhtlcAddress !== swap.response.address)
-      throw new Error(
-        `VHTLC address mismatch for swap ${swap.id}: expected ${swap.response.address}, got ${vhtlcAddress}`
-      );
+    const vhtlcAddress = lockupAddress;
     const vhtlcPkScriptHex = import_base9.hex.encode(vhtlcScript.pkScript);
     return {
       arkInfo: resolvedArkInfo,
@@ -4505,29 +4504,26 @@ var ArkadeSwaps = class _ArkadeSwaps {
       "user",
       pendingSwap.id
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(
-      import_base9.hex.decode(arkInfo.signerPubkey),
-      "server",
-      pendingSwap.id
-    );
     const boltzXOnlyPublicKey = normalizeToXOnlyKey(
       import_base9.hex.decode(pendingSwap.response.lockupDetails.serverPublicKey),
       "boltz",
       pendingSwap.id
     );
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
-      receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts
-    });
-    if (!vhtlcScript.refundScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.lockupDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
+        senderPubkey: import_base9.hex.encode(ourXOnlyPublicKey),
+        receiverPubkey: import_base9.hex.encode(boltzXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.lockupDetails.timeouts,
+        lockupAddress: pendingSwap.response.lockupDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to refund: invalid VHTLC address"
       });
     }
     const { vtxos } = await this.indexerProvider.getVtxos({
@@ -4786,20 +4782,21 @@ var ArkadeSwaps = class _ArkadeSwaps {
       pendingSwap.response.claimDetails.serverPublicKey,
       "sender"
     );
-    const serverXOnlyPublicKey = normalizeToXOnlyKey(arkInfo.signerPubkey, "server");
-    const { vhtlcAddress, vhtlcScript } = this.createVHTLCScript({
-      network: arkInfo.network,
-      preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
-      serverPubkey: import_base9.hex.encode(serverXOnlyPublicKey),
-      senderPubkey: import_base9.hex.encode(senderXOnlyPublicKey),
-      receiverPubkey: import_base9.hex.encode(receiverXOnlyPublicKey),
-      timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts
-    });
-    if (!vhtlcScript.claimScript)
-      throw new Error(`Swap ${pendingSwap.id}: failed to create VHTLC script for chain swap`);
-    if (pendingSwap.response.claimDetails.lockupAddress !== vhtlcAddress) {
+    let vhtlcScript;
+    let serverXOnlyPublicKey;
+    try {
+      ({ vhtlcScript, serverXOnlyPublicKey } = this.resolveVHTLCForLockup({
+        arkInfo,
+        preimageHash: import_base9.hex.decode(pendingSwap.request.preimageHash),
+        senderPubkey: import_base9.hex.encode(senderXOnlyPublicKey),
+        receiverPubkey: import_base9.hex.encode(receiverXOnlyPublicKey),
+        timeoutBlockHeights: pendingSwap.response.claimDetails.timeouts,
+        lockupAddress: pendingSwap.response.claimDetails.lockupAddress,
+        swapId: pendingSwap.id
+      }));
+    } catch (error) {
       throw new SwapError({
-        message: "Unable to claim: invalid VHTLC address"
+        message: error instanceof Error ? error.message : "Unable to claim: invalid VHTLC address"
       });
     }
     let vtxo;
@@ -5161,6 +5158,55 @@ var ArkadeSwaps = class _ArkadeSwaps {
   createVHTLCScript(args) {
     return createVHTLCScript(args);
   }
+  /**
+   * Reconstruct a swap's VHTLC by matching the persisted `lockupAddress`
+   * against the current and deprecated server signers, returning the matched
+   * script together with the server key it was minted under.
+   *
+   * Recovery paths (claim/refund/lookup) must use this instead of building the
+   * VHTLC from the current signer alone: a swap created before a planned arkd
+   * signer rotation is locked to a now-deprecated signer, so the current key
+   * would yield the wrong address and strand the funds. The returned
+   * `serverXOnlyPublicKey` is the original (possibly deprecated) key and MUST
+   * be threaded into downstream signing/verification.
+   *
+   * Throws a descriptive mismatch error when no candidate reproduces the
+   * lockup address (e.g. the swap predates an already-pruned deprecated
+   * signer) — replacing the previous current-signer-only equality check.
+   */
+  resolveVHTLCForLockup(args) {
+    const candidates = candidateServerPubkeys(args.arkInfo);
+    for (const serverPubkey of candidates) {
+      const { vhtlcScript, vhtlcAddress } = this.createVHTLCScript({
+        network: args.arkInfo.network,
+        preimageHash: args.preimageHash,
+        receiverPubkey: args.receiverPubkey,
+        senderPubkey: args.senderPubkey,
+        serverPubkey,
+        timeoutBlockHeights: args.timeoutBlockHeights
+      });
+      if (vhtlcAddress !== args.lockupAddress) continue;
+      if (!vhtlcScript.claimScript && !vhtlcScript.refundScript) {
+        throw new Error(
+          `Swap ${args.swapId}: VHTLC address matched but claim/refund script leaves are empty`
+        );
+      }
+      return {
+        vhtlcScript,
+        // The matched (possibly deprecated) key must flow into downstream
+        // signing/verification: arkd signs a deprecated-signer input with
+        // the deprecated key, so the claim/refund leaf checks use it.
+        serverXOnlyPublicKey: normalizeToXOnlyKey(
+          import_base9.hex.decode(serverPubkey),
+          "server",
+          args.swapId
+        )
+      };
+    }
+    throw new Error(
+      `Swap ${args.swapId}: VHTLC address mismatch. Expected ${args.lockupAddress}; no current or deprecated server signer (${candidates.length} candidate(s) tried) reproduced it`
+    );
+  }
   async getFees(from, to) {
     if (from && to) {
       return this.swapProvider.getChainFees(from, to);

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-import { Q as QuoteSwapOptions, I as IArkadeSwaps, V as VhtlcTimeouts } from './arkade-swaps-DG9UepoS.cjs';
-export { A as ArkadeSwaps } from './arkade-swaps-DG9UepoS.cjs';
+import { Q as QuoteSwapOptions, I as IArkadeSwaps, V as VhtlcTimeouts } from './arkade-swaps-CObmwpZQ.cjs';
+export { A as ArkadeSwaps } from './arkade-swaps-CObmwpZQ.cjs';
 import { B as BoltzSwap, D as DecodedInvoice, a as BoltzChainSwap, b as BoltzReverseSwap, c as BoltzSubmarineSwap, A as ArkadeSwapsConfig, N as Network, C as CreateLightningInvoiceRequest, S as SendLightningPaymentRequest, F as FeesResponse, d as Chain, e as CreateLightningInvoiceResponse, f as SendLightningPaymentResponse, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, k as ArkToBtcResponse, l as BtcToArkResponse, m as ChainArkRefundOutcome, n as SwapRepository, o as SwapManagerClient, p as GetSwapsFilter } from './types-D97i1LFu.cjs';
 export { q as ArkadeSwapsCreateConfig, r as BoltzSwapProvider, s as BoltzSwapStatus, I as IncomingPaymentSubscription, P as PendingChainSwap, t as PendingReverseSwap, u as PendingSubmarineSwap, v as PendingSwap, w as SubmarineRecoveryStatus, x as SwapManager, y as SwapManagerCallbacks, z as SwapManagerConfig, E as SwapManagerEvents, V as Vtxo, H as isChainClaimableStatus, J as isChainFailedStatus, K as isChainFinalStatus, M as isChainPendingStatus, O as isChainRefundableStatus, Q as isChainSignableStatus, R as isChainSuccessStatus, T as isChainSwapClaimable, U as isChainSwapRefundable, W as isPendingChainSwap, X as isPendingReverseSwap, Y as isPendingSubmarineSwap, Z as isReverseClaimableStatus, _ as isReverseFailedStatus, $ as isReverseFinalStatus, a0 as isReversePendingStatus, a1 as isReverseSuccessStatus, a2 as isReverseSwapClaimable, a3 as isSubmarineFailedStatus, a4 as isSubmarineFinalStatus, a5 as isSubmarinePendingStatus, a6 as isSubmarineRefundableStatus, a7 as isSubmarineSuccessStatus, a8 as isSubmarineSwapRefundable } from './types-D97i1LFu.cjs';
 import { Transaction } from '@scure/btc-signer';

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { Q as QuoteSwapOptions, I as IArkadeSwaps, V as VhtlcTimeouts } from './arkade-swaps-Uet3tgN6.js';
-export { A as ArkadeSwaps } from './arkade-swaps-Uet3tgN6.js';
+import { Q as QuoteSwapOptions, I as IArkadeSwaps, V as VhtlcTimeouts } from './arkade-swaps-DnRiRcdW.js';
+export { A as ArkadeSwaps } from './arkade-swaps-DnRiRcdW.js';
 import { B as BoltzSwap, D as DecodedInvoice, a as BoltzChainSwap, b as BoltzReverseSwap, c as BoltzSubmarineSwap, A as ArkadeSwapsConfig, N as Network, C as CreateLightningInvoiceRequest, S as SendLightningPaymentRequest, F as FeesResponse, d as Chain, e as CreateLightningInvoiceResponse, f as SendLightningPaymentResponse, g as SubmarineRefundOutcome, h as SubmarineRecoveryInfo, i as SubmarineRecoveryResult, j as ChainFeesResponse, L as LimitsResponse, G as GetSwapStatusResponse, k as ArkToBtcResponse, l as BtcToArkResponse, m as ChainArkRefundOutcome, n as SwapRepository, o as SwapManagerClient, p as GetSwapsFilter } from './types-D97i1LFu.js';
 export { q as ArkadeSwapsCreateConfig, r as BoltzSwapProvider, s as BoltzSwapStatus, I as IncomingPaymentSubscription, P as PendingChainSwap, t as PendingReverseSwap, u as PendingSubmarineSwap, v as PendingSwap, w as SubmarineRecoveryStatus, x as SwapManager, y as SwapManagerCallbacks, z as SwapManagerConfig, E as SwapManagerEvents, V as Vtxo, H as isChainClaimableStatus, J as isChainFailedStatus, K as isChainFinalStatus, M as isChainPendingStatus, O as isChainRefundableStatus, Q as isChainSignableStatus, R as isChainSuccessStatus, T as isChainSwapClaimable, U as isChainSwapRefundable, W as isPendingChainSwap, X as isPendingReverseSwap, Y as isPendingSubmarineSwap, Z as isReverseClaimableStatus, _ as isReverseFailedStatus, $ as isReverseFinalStatus, a0 as isReversePendingStatus, a1 as isReverseSuccessStatus, a2 as isReverseSwapClaimable, a3 as isSubmarineFailedStatus, a4 as isSubmarineFinalStatus, a5 as isSubmarinePendingStatus, a6 as isSubmarineRefundableStatus, a7 as isSubmarineSuccessStatus, a8 as isSubmarineSwapRefundable } from './types-D97i1LFu.js';
 import { Transaction } from '@scure/btc-signer';

package/dist/index.js

@@ -52,7 +52,7 @@ import {
   updateReverseSwapStatus,
   updateSubmarineSwapStatus,
   verifySignatures
-} from "./chunk-CFB2NNGT.js";
+} from "./chunk-GYWMQOCP.js";
 import {
   applyCreatedAtOrder,
   applySwapsFilter

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arkade-os/boltz-swap",
-  "version": "0.3.39",
+  "version": "0.3.40",
   "type": "module",
   "description": "A production-ready TypeScript package that brings Boltz submarine-swaps to Arkade.",
   "main": "./dist/index.js",
@@ -76,7 +76,7 @@
     "@scure/btc-signer": "2.0.1",
     "bip68": "1.0.4",
     "light-bolt11-decoder": "3.2.0",
-    "@arkade-os/sdk": "0.4.34"
+    "@arkade-os/sdk": "0.4.35"
   },
   "peerDependencies": {
     "expo-task-manager": ">=3.0.0",