@aztec/foundation 2.1.0-rc.29 → 2.1.0-rc.30

package/dest/collection/array.d.ts

@@ -97,6 +97,8 @@ export declare function maxBy<T>(arr: T[], fn: (x: T) => number | bigint): T | u
 export declare function sum(arr: number[]): number;
 /** Computes the median of a numeric array. Returns undefined if array is empty. */
 export declare function median(arr: number[]): number | undefined;
+/** Computes the median of a bigint array. Returns undefined if array is empty. */
+export declare function median(arr: bigint[]): bigint | undefined;
 /** Computes the mean of a numeric array. Returns undefined if the array is empty. */
 export declare function mean(values: number[]): number | undefined;
 /** Computes the variance of a numeric array. Returns undefined if there are less than 2 points. */

package/dest/collection/array.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"array.d.ts","sourceRoot":"","sources":["../../src/collection/array.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAEnD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,EAC7C,GAAG,EAAE,CAAC,EAAE,EACR,IAAI,EAAE,CAAC,EACP,MAAM,EAAE,CAAC,EACT,QAAQ,SAAqC,GAC5C,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAMb;AAED,8EAA8E;AAC9E,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,CAAC,EAAE,CAGrF;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAM5F;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,OAAO,CAOhF;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,MAAM,CAEtF;AAED;;;;;GAKG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,GAAG,CAAC,EAAE,CAE7D;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAM1F;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAG9F;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAO7F;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAC3C,GAAG,EAAE,CAAC,CAAC;IAAE,MAAM,EAAE,MAAM,OAAO,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,MAAM,OAAO,CAAA;CAAE,CAAC,GAAG;IAAE,QAAQ,EAAE,MAAM,MAAM,CAAA;CAAE,CAAC,EAAE,UAM/F;AAED;;;;GAIG;AACH,wBAAgB,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,CAEvC;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,SAAS,CAAC,EAAE,GAAG,CAAC,EAAE,CAE3D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,OAAiC,GAAG,OAAO,CAUhH;AAED;;;;;GAKG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,SAAS,CAE/E;AAED,2CAA2C;AAC3C,wBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,CAEzC;AAED,mFAAmF;AACnF,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,sBAOnC;AAED,qFAAqF;AACrF,wBAAgB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,sBAKpC;AAED,mGAAmG;AACnG,wBAAgB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,sBAOxC;AAED,6GAA6G;AAC7G,wBAAgB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,sBAKtC;AAED,uFAAuF;AACvF,wBAAgB,UAAU,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,OAAO,GAAG,MAAM,CAUnF;AAED,qHAAqH;AACrH,wBAAgB,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,CAAC,EAAE,EAAE,CAS7D;AAED,4EAA4E;AAC5E,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAWpF"}
+{"version":3,"file":"array.d.ts","sourceRoot":"","sources":["../../src/collection/array.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAEnD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,EAC7C,GAAG,EAAE,CAAC,EAAE,EACR,IAAI,EAAE,CAAC,EACP,MAAM,EAAE,CAAC,EACT,QAAQ,SAAqC,GAC5C,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAMb;AAED,8EAA8E;AAC9E,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,CAAC,EAAE,CAGrF;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAM5F;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,OAAO,CAOhF;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,MAAM,CAEtF;AAED;;;;;GAKG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,GAAG,CAAC,EAAE,CAE7D;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAM1F;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAG9F;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAO7F;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAC3C,GAAG,EAAE,CAAC,CAAC;IAAE,MAAM,EAAE,MAAM,OAAO,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,MAAM,OAAO,CAAA;CAAE,CAAC,GAAG;IAAE,QAAQ,EAAE,MAAM,MAAM,CAAA;CAAE,CAAC,EAAE,UAM/F;AAED;;;;GAIG;AACH,wBAAgB,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,CAEvC;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,SAAS,CAAC,EAAE,GAAG,CAAC,EAAE,CAE3D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,OAAiC,GAAG,OAAO,CAUhH;AAED;;;;;GAKG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,MAAM,GAAG,MAAM,GAAG,CAAC,GAAG,SAAS,CAE/E;AAED,2CAA2C;AAC3C,wBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,CAEzC;AAED,mFAAmF;AACnF,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,SAAS,CAAC;AAC1D,kFAAkF;AAClF,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,SAAS,CAAC;AAmB1D,qFAAqF;AACrF,wBAAgB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,sBAKpC;AAED,mGAAmG;AACnG,wBAAgB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,sBAOxC;AAED,6GAA6G;AAC7G,wBAAgB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,sBAKtC;AAED,uFAAuF;AACvF,wBAAgB,UAAU,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,OAAO,GAAG,MAAM,CAUnF;AAED,qHAAqH;AACrH,wBAAgB,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,CAAC,EAAE,EAAE,CAS7D;AAED,4EAA4E;AAC5E,wBAAgB,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAWpF"}

package/dest/collection/array.js

@@ -141,15 +141,24 @@
 /** Computes the sum of a numeric array. */ export function sum(arr) {
     return arr.reduce((a, b)=>a + b, 0);
 }
-/** Computes the median of a numeric array. Returns undefined if array is empty. */ export function median(arr) {
+export function median(arr) {
     if (arr.length === 0) {
         return undefined;
     }
+    // Handle number array
+    if (typeof arr[0] === 'number') {
+        const sorted = [
+            ...arr
+        ].sort((a, b)=>a - b);
+        const mid = Math.floor(sorted.length / 2);
+        return sorted.length % 2 !== 0 ? sorted[mid] : (sorted[mid - 1] + sorted[mid]) / 2;
+    }
+    // Handle bigint array
     const sorted = [
         ...arr
-    ].sort((a, b)=>a - b);
+    ].sort((a, b)=>a < b ? -1 : a > b ? 1 : 0);
     const mid = Math.floor(sorted.length / 2);
-    return sorted.length % 2 !== 0 ? sorted[mid] : (sorted[mid - 1] + sorted[mid]) / 2;
+    return sorted.length % 2 !== 0 ? sorted[mid] : (sorted[mid - 1] + sorted[mid]) / 2n;
 }
 /** Computes the mean of a numeric array. Returns undefined if the array is empty. */ export function mean(values) {
     if (values.length === 0) {

package/dest/crypto/secp256k1-signer/utils.d.ts

@@ -1,6 +1,24 @@
 import { Buffer32 } from '../../buffer/buffer32.js';
 import { EthAddress } from '../../eth-address/index.js';
 import { Signature } from '../../eth-signature/eth_signature.js';
+/** Signature recovery options */
+type RecoveryOpts = {
+    /**
+     * Whether to allow s-values in the high half of the curve (s >= CURVE.n/2).
+     * These are discouraged by EIP2 to prevent signature malleability, and outright
+     * rejected in OpenZeppelin's ECDSA recover, which we use in our Rollup contract.
+     */
+    allowMalleable?: boolean;
+    /**
+     * Whether to allow an y-parity 0-1 bit instead of the standard v value 27-28.
+     */
+    allowYParityAsV?: boolean;
+};
+export declare class Secp256k1Error extends Error {
+    constructor(message: string, opts?: {
+        cause: unknown;
+    });
+}
 export declare function makeEthSignDigest(message: Buffer32): Buffer32;
 /**
  * Converts a private key to a public key.
@@ -18,17 +36,19 @@ export declare function addressFromPrivateKey(privateKey: Buffer): EthAddress;
  * Recovers an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address.
- * @throws Error if signature recovery fails.
+ * @throws Error if signature recovery fails or if signature is malleable and allowMalleable is false.
  */
-export declare function recoverAddress(hash: Buffer32, signature: Signature): EthAddress;
+export declare function recoverAddress(hash: Buffer32, signature: Signature, opts?: RecoveryOpts): EthAddress;
 /**
  * Safely attempts to recover an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address if recovery succeeds, undefined otherwise.
  */
-export declare function tryRecoverAddress(hash: Buffer32, signature: Signature): EthAddress | undefined;
+export declare function tryRecoverAddress(hash: Buffer32, signature: Signature, opts?: RecoveryOpts): EthAddress | undefined;
 /**
  * @attribution - viem
  * Converts a yParityOrV value to a recovery bit.
@@ -43,11 +63,29 @@ export declare function toRecoveryBit(yParityOrV: number): 0 | 1;
  * @returns The signature.
  */
 export declare function signMessage(message: Buffer32, privateKey: Buffer): Signature;
+/**
+ * Flips an ECDSA signature.
+ * If the signature has a low s-value (s < CURVE.n/2), it flips it to high s-value (CURVE.n - s) and vice versa.
+ * Also flips the v value accordingly (27 <-> 28, or 0 <-> 1).
+ * This is useful for testing signature malleability handling.
+ * @param signature - The signature to flip.
+ * @returns A new signature with flipped s-value and v-value.
+ */
+export declare function flipSignature(signature: Signature): Signature;
+/**
+ * Normalizes an ECDSA signature.
+ * If the signature has a high s-value (s >= CURVE.n/2), it flips it to low s-value (CURVE.n - s), and flips v accordingly.
+ * If the signature uses a recovery bit of 0/1, it is converted to a v-value 27/28 for ecrecover.
+ * @remarks This does not handle post EIP155 tx signatures which embed the chain id in v. Use it only for feeding into ECRECOVER precompiles.
+ * @param signature - The signature to normalize.
+ */
+export declare function normalizeSignature(signature: Signature): Signature;
 /**
  * Recovers a public key from a hash and a signature.
  * @param hash - The hash to recover the public key from.
  * @param signature - The signature to recover the public key from.
  * @returns The public key.
  */
-export declare function recoverPublicKey(hash: Buffer32, signature: Signature): Buffer;
+export declare function recoverPublicKey(hash: Buffer32, signature: Signature, opts?: RecoveryOpts): Buffer;
+export {};
 //# sourceMappingURL=utils.d.ts.map

package/dest/crypto/secp256k1-signer/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/crypto/secp256k1-signer/utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AAMjE,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,QAAQ,GAAG,QAAQ,CAG7D;AAYD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAElE;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAGpE;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,GAAG,UAAU,CAS/E;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,GAAG,UAAU,GAAG,SAAS,CAO9F;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,UAAU,EAAE,MAAM,SAW/C;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,aAGhE;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,GAAG,MAAM,CAM7E"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/crypto/secp256k1-signer/utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AAKjE,iCAAiC;AACjC,KAAK,YAAY,GAAG;IAClB;;;;OAIG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF,qBAAa,cAAe,SAAQ,KAAK;gBAC3B,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;QAAE,KAAK,EAAE,OAAO,CAAA;KAAE;CAIvD;AAGD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,QAAQ,GAAG,QAAQ,CAG7D;AAYD;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAElE;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAGpE;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,YAAY,GAAG,UAAU,CAUpG;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,YAAY,GAAG,UAAU,GAAG,SAAS,CAOnH;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,UAAU,EAAE,MAAM,SAW/C;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,aAGhE;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,CAM7D;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,CAUlE;AA6BD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,GAAE,YAAiB,GAAG,MAAM,CAYtG"}

package/dest/crypto/secp256k1-signer/utils.js

@@ -4,6 +4,12 @@ import { EthAddress } from '../../eth-address/index.js';
 import { Signature } from '../../eth-signature/eth_signature.js';
 import { keccak256 } from '../keccak/index.js';
 const ETH_SIGN_PREFIX = '\x19Ethereum Signed Message:\n32';
+export class Secp256k1Error extends Error {
+    constructor(message, opts){
+        super(message, opts);
+        this.name = 'Secp256k1Error';
+    }
+}
 // We just hash the message to make it easier to work with in the smart contract.
 export function makeEthSignDigest(message) {
     const prefix = Buffer.from(ETH_SIGN_PREFIX);
@@ -39,24 +45,28 @@ export function makeEthSignDigest(message) {
  * Recovers an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address.
- * @throws Error if signature recovery fails.
- */ export function recoverAddress(hash, signature) {
+ * @throws Error if signature recovery fails or if signature is malleable and allowMalleable is false.
+ */ export function recoverAddress(hash, signature, opts) {
     try {
-        const publicKey = recoverPublicKey(hash, signature);
+        const publicKey = recoverPublicKey(hash, signature, opts);
         return publicKeyToAddress(publicKey);
     } catch (err) {
-        throw new Error(`Error recovering Ethereum address from hash ${hash.toString()} and signature ${signature.toString()}: ${err}`);
+        throw new Secp256k1Error(`Error recovering Ethereum address from hash ${hash.toString()} and signature ${signature.toString()}`, {
+            cause: err
+        });
     }
 }
 /**
  * Safely attempts to recover an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address if recovery succeeds, undefined otherwise.
- */ export function tryRecoverAddress(hash, signature) {
+ */ export function tryRecoverAddress(hash, signature, opts) {
     try {
-        const publicKey = recoverPublicKey(hash, signature);
+        const publicKey = recoverPublicKey(hash, signature, opts);
         return publicKeyToAddress(publicKey);
     } catch  {
         return undefined;
@@ -77,7 +87,7 @@ export function makeEthSignDigest(message) {
     if (yParityOrV === 28) {
         return 1;
     }
-    throw new Error('Invalid yParityOrV value');
+    throw new Secp256k1Error(`Invalid yParityOrV value ${yParityOrV}`);
 }
 /**
  * Signs a message using ecdsa over the secp256k1 curve.
@@ -88,15 +98,73 @@ export function makeEthSignDigest(message) {
     const { r, s, recovery } = secp256k1.sign(message.buffer, privateKey);
     return new Signature(Buffer32.fromBigInt(r), Buffer32.fromBigInt(s), recovery ? 28 : 27);
 }
+/**
+ * Flips an ECDSA signature.
+ * If the signature has a low s-value (s < CURVE.n/2), it flips it to high s-value (CURVE.n - s) and vice versa.
+ * Also flips the v value accordingly (27 <-> 28, or 0 <-> 1).
+ * This is useful for testing signature malleability handling.
+ * @param signature - The signature to flip.
+ * @returns A new signature with flipped s-value and v-value.
+ */ export function flipSignature(signature) {
+    const { r, s, v } = signature;
+    const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt());
+    const flippedS = secp256k1.CURVE.n - sig.s;
+    return new Signature(r, Buffer32.fromBigInt(flippedS), flipV(v));
+}
+/**
+ * Normalizes an ECDSA signature.
+ * If the signature has a high s-value (s >= CURVE.n/2), it flips it to low s-value (CURVE.n - s), and flips v accordingly.
+ * If the signature uses a recovery bit of 0/1, it is converted to a v-value 27/28 for ecrecover.
+ * @remarks This does not handle post EIP155 tx signatures which embed the chain id in v. Use it only for feeding into ECRECOVER precompiles.
+ * @param signature - The signature to normalize.
+ */ export function normalizeSignature(signature) {
+    const { r, s, v } = signature;
+    const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt());
+    if (sig.hasHighS()) {
+        const newV = flipV(v);
+        const newS = sig.normalizeS().s;
+        return new Signature(r, Buffer32.fromBigInt(newS), toVFromYParityOrV(newV));
+    }
+    return new Signature(r, s, toVFromYParityOrV(v));
+}
+/** Converts a yParityOrV value to a pre-EIP155 v-value 27-28. */ function toVFromYParityOrV(yParityOrV) {
+    if (yParityOrV === 0 || yParityOrV === 1) {
+        return yParityOrV + 27;
+    } else if (yParityOrV === 27 || yParityOrV === 28) {
+        return yParityOrV;
+    } else {
+        throw new Secp256k1Error(`Invalid yParityOrV value ${yParityOrV}`);
+    }
+}
+/** Flips the recovery bit or v-value */ function flipV(v) {
+    switch(v){
+        case 27:
+            return 28;
+        case 28:
+            return 27;
+        case 0:
+            return 1;
+        case 1:
+            return 0;
+        default:
+            throw new Secp256k1Error(`Invalid v value ${v}`);
+    }
+}
 /**
  * Recovers a public key from a hash and a signature.
  * @param hash - The hash to recover the public key from.
  * @param signature - The signature to recover the public key from.
  * @returns The public key.
- */ export function recoverPublicKey(hash, signature) {
+ */ export function recoverPublicKey(hash, signature, opts = {}) {
     const { r, s, v } = signature;
+    if (!opts.allowYParityAsV && v !== 27 && v !== 28) {
+        throw new Secp256k1Error(`Invalid v value ${v} (expected 27 or 28)`);
+    }
     const recoveryBit = toRecoveryBit(v);
     const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt()).addRecoveryBit(recoveryBit);
+    if (!opts.allowMalleable && sig.hasHighS()) {
+        throw new Secp256k1Error('Signature has high s-value (malleable signature)');
+    }
     const publicKey = sig.recoverPublicKey(hash.buffer).toHex(false);
     return Buffer.from(publicKey, 'hex');
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aztec/foundation",
-  "version": "2.1.0-rc.29",
+  "version": "2.1.0-rc.30",
   "type": "module",
   "main": "./dest/index.js",
   "types": "./dest/index.d.ts",
@@ -103,7 +103,7 @@
     "testEnvironment": "../../foundation/src/jest/env.mjs"
   },
   "dependencies": {
-    "@aztec/bb.js": "2.1.0-rc.29",
+    "@aztec/bb.js": "2.1.0-rc.30",
     "@koa/cors": "^5.0.0",
     "@noble/curves": "=1.7.0",
     "@noble/hashes": "^1.6.1",

package/src/collection/array.ts

@@ -178,13 +178,25 @@ export function sum(arr: number[]): number {
 }
 
 /** Computes the median of a numeric array. Returns undefined if array is empty. */
-export function median(arr: number[]) {
+export function median(arr: number[]): number | undefined;
+/** Computes the median of a bigint array. Returns undefined if array is empty. */
+export function median(arr: bigint[]): bigint | undefined;
+export function median(arr: number[] | bigint[]): number | bigint | undefined {
   if (arr.length === 0) {
     return undefined;
   }
-  const sorted = [...arr].sort((a, b) => a - b);
+
+  // Handle number array
+  if (typeof arr[0] === 'number') {
+    const sorted = [...(arr as number[])].sort((a, b) => a - b);
+    const mid = Math.floor(sorted.length / 2);
+    return sorted.length % 2 !== 0 ? sorted[mid] : (sorted[mid - 1] + sorted[mid]) / 2;
+  }
+
+  // Handle bigint array
+  const sorted = [...(arr as bigint[])].sort((a, b) => (a < b ? -1 : a > b ? 1 : 0));
   const mid = Math.floor(sorted.length / 2);
-  return sorted.length % 2 !== 0 ? sorted[mid] : (sorted[mid - 1] + sorted[mid]) / 2;
+  return sorted.length % 2 !== 0 ? sorted[mid] : (sorted[mid - 1] + sorted[mid]) / 2n;
 }
 
 /** Computes the mean of a numeric array. Returns undefined if the array is empty. */

package/src/crypto/secp256k1-signer/utils.ts

@@ -7,6 +7,27 @@ import { keccak256 } from '../keccak/index.js';
 
 const ETH_SIGN_PREFIX = '\x19Ethereum Signed Message:\n32';
 
+/** Signature recovery options */
+type RecoveryOpts = {
+  /**
+   * Whether to allow s-values in the high half of the curve (s >= CURVE.n/2).
+   * These are discouraged by EIP2 to prevent signature malleability, and outright
+   * rejected in OpenZeppelin's ECDSA recover, which we use in our Rollup contract.
+   */
+  allowMalleable?: boolean;
+  /**
+   * Whether to allow an y-parity 0-1 bit instead of the standard v value 27-28.
+   */
+  allowYParityAsV?: boolean;
+};
+
+export class Secp256k1Error extends Error {
+  constructor(message: string, opts?: { cause: unknown }) {
+    super(message, opts);
+    this.name = 'Secp256k1Error';
+  }
+}
+
 // We just hash the message to make it easier to work with in the smart contract.
 export function makeEthSignDigest(message: Buffer32): Buffer32 {
   const prefix = Buffer.from(ETH_SIGN_PREFIX);
@@ -46,16 +67,18 @@ export function addressFromPrivateKey(privateKey: Buffer): EthAddress {
  * Recovers an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address.
- * @throws Error if signature recovery fails.
+ * @throws Error if signature recovery fails or if signature is malleable and allowMalleable is false.
  */
-export function recoverAddress(hash: Buffer32, signature: Signature): EthAddress {
+export function recoverAddress(hash: Buffer32, signature: Signature, opts?: RecoveryOpts): EthAddress {
   try {
-    const publicKey = recoverPublicKey(hash, signature);
+    const publicKey = recoverPublicKey(hash, signature, opts);
     return publicKeyToAddress(publicKey);
-  } catch (err) {
-    throw new Error(
-      `Error recovering Ethereum address from hash ${hash.toString()} and signature ${signature.toString()}: ${err}`,
+  } catch (err: unknown) {
+    throw new Secp256k1Error(
+      `Error recovering Ethereum address from hash ${hash.toString()} and signature ${signature.toString()}`,
+      { cause: err },
     );
   }
 }
@@ -64,11 +87,12 @@ export function recoverAddress(hash: Buffer32, signature: Signature): EthAddress
  * Safely attempts to recover an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address if recovery succeeds, undefined otherwise.
  */
-export function tryRecoverAddress(hash: Buffer32, signature: Signature): EthAddress | undefined {
+export function tryRecoverAddress(hash: Buffer32, signature: Signature, opts?: RecoveryOpts): EthAddress | undefined {
   try {
-    const publicKey = recoverPublicKey(hash, signature);
+    const publicKey = recoverPublicKey(hash, signature, opts);
     return publicKeyToAddress(publicKey);
   } catch {
     return undefined;
@@ -91,7 +115,7 @@ export function toRecoveryBit(yParityOrV: number) {
   if (yParityOrV === 28) {
     return 1;
   }
-  throw new Error('Invalid yParityOrV value');
+  throw new Secp256k1Error(`Invalid yParityOrV value ${yParityOrV}`);
 }
 
 /**
@@ -105,16 +129,84 @@ export function signMessage(message: Buffer32, privateKey: Buffer) {
   return new Signature(Buffer32.fromBigInt(r), Buffer32.fromBigInt(s), recovery ? 28 : 27);
 }
 
+/**
+ * Flips an ECDSA signature.
+ * If the signature has a low s-value (s < CURVE.n/2), it flips it to high s-value (CURVE.n - s) and vice versa.
+ * Also flips the v value accordingly (27 <-> 28, or 0 <-> 1).
+ * This is useful for testing signature malleability handling.
+ * @param signature - The signature to flip.
+ * @returns A new signature with flipped s-value and v-value.
+ */
+export function flipSignature(signature: Signature): Signature {
+  const { r, s, v } = signature;
+  const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt());
+  const flippedS = secp256k1.CURVE.n - sig.s;
+
+  return new Signature(r, Buffer32.fromBigInt(flippedS), flipV(v));
+}
+
+/**
+ * Normalizes an ECDSA signature.
+ * If the signature has a high s-value (s >= CURVE.n/2), it flips it to low s-value (CURVE.n - s), and flips v accordingly.
+ * If the signature uses a recovery bit of 0/1, it is converted to a v-value 27/28 for ecrecover.
+ * @remarks This does not handle post EIP155 tx signatures which embed the chain id in v. Use it only for feeding into ECRECOVER precompiles.
+ * @param signature - The signature to normalize.
+ */
+export function normalizeSignature(signature: Signature): Signature {
+  const { r, s, v } = signature;
+  const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt());
+  if (sig.hasHighS()) {
+    const newV = flipV(v);
+    const newS = sig.normalizeS().s;
+    return new Signature(r, Buffer32.fromBigInt(newS), toVFromYParityOrV(newV));
+  }
+
+  return new Signature(r, s, toVFromYParityOrV(v));
+}
+
+/** Converts a yParityOrV value to a pre-EIP155 v-value 27-28. */
+function toVFromYParityOrV(yParityOrV: number): number {
+  if (yParityOrV === 0 || yParityOrV === 1) {
+    return yParityOrV + 27;
+  } else if (yParityOrV === 27 || yParityOrV === 28) {
+    return yParityOrV;
+  } else {
+    throw new Secp256k1Error(`Invalid yParityOrV value ${yParityOrV}`);
+  }
+}
+
+/** Flips the recovery bit or v-value */
+function flipV(v: number): number {
+  switch (v) {
+    case 27:
+      return 28;
+    case 28:
+      return 27;
+    case 0:
+      return 1;
+    case 1:
+      return 0;
+    default:
+      throw new Secp256k1Error(`Invalid v value ${v}`);
+  }
+}
+
 /**
  * Recovers a public key from a hash and a signature.
  * @param hash - The hash to recover the public key from.
  * @param signature - The signature to recover the public key from.
  * @returns The public key.
  */
-export function recoverPublicKey(hash: Buffer32, signature: Signature): Buffer {
+export function recoverPublicKey(hash: Buffer32, signature: Signature, opts: RecoveryOpts = {}): Buffer {
   const { r, s, v } = signature;
+  if (!opts.allowYParityAsV && v !== 27 && v !== 28) {
+    throw new Secp256k1Error(`Invalid v value ${v} (expected 27 or 28)`);
+  }
   const recoveryBit = toRecoveryBit(v);
   const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt()).addRecoveryBit(recoveryBit);
+  if (!opts.allowMalleable && sig.hasHighS()) {
+    throw new Secp256k1Error('Signature has high s-value (malleable signature)');
+  }
   const publicKey = sig.recoverPublicKey(hash.buffer).toHex(false);
   return Buffer.from(publicKey, 'hex');
 }