@babylonlabs-io/ts-sdk 0.48.0 → 0.48.2

package/dist/verifyScriptPathSchnorrSignature-DFJAEleY.js

@@ -0,0 +1,563 @@
+import { computeMinClaimValue as Q, buildPeginTxFromPrePegin as Z, createPrePeginTransaction as j, createPayoutConnector as J, tapInternalPubkey as ee } from "@babylonlabs-io/babylon-tbv-rust-wasm";
+import { c as L, d as te } from "./fundPeginTransaction-96FxwYYJ.js";
+import { Buffer as a } from "buffer";
+import { Transaction as S, Psbt as T, crypto as ne } from "bitcoinjs-lib";
+import { s as x, h as E, u as _, T as H, c as re, d as oe, S as B, X as R } from "./bitcoin-B5aNKtsk.js";
+import * as ie from "@bitcoin-js/tiny-secp256k1-asmjs";
+async function se(e, t) {
+  const n = t.pegInAmounts.length;
+  if (e.htlcValues.length !== n)
+    throw new Error(
+      `WASM Pre-PegIn returned ${e.htlcValues.length} HTLC value(s), expected ${n} (one per requested deposit).`
+    );
+  if (e.peginAmounts.length !== n || e.htlcScriptPubKeys.length !== n || e.htlcAddresses.length !== n)
+    throw new Error(
+      `WASM Pre-PegIn returned mismatched array lengths (htlcValues=${e.htlcValues.length}, peginAmounts=${e.peginAmounts.length}, htlcScriptPubKeys=${e.htlcScriptPubKeys.length}, htlcAddresses=${e.htlcAddresses.length}); expected ${n} each.`
+    );
+  if (e.depositorClaimValue <= 0n)
+    throw new Error(
+      `WASM Pre-PegIn returned non-positive depositorClaimValue ${e.depositorClaimValue}; expected > 0.`
+    );
+  const r = await Q(
+    t.numLocalChallengers,
+    t.universalChallengerPubkeys.length,
+    t.councilQuorum,
+    t.councilSize,
+    t.feeRate
+  );
+  if (e.depositorClaimValue !== r)
+    throw new Error(
+      `WASM Pre-PegIn depositorClaimValue ${e.depositorClaimValue} does not match the independently computed minimum claim value ${r} (numLocalChallengers=${t.numLocalChallengers}, numUniversalChallengers=${t.universalChallengerPubkeys.length}, councilQuorum=${t.councilQuorum}, councilSize=${t.councilSize}, feeRate=${t.feeRate}).`
+    );
+  const o = t.minPeginFeeRate * L;
+  for (let i = 0; i < n; i++) {
+    const u = t.pegInAmounts[i], s = e.peginAmounts[i], c = e.htlcValues[i];
+    if (s !== u)
+      throw new Error(
+        `WASM Pre-PegIn peginAmount[${i}] ${s} does not match the requested amount ${u}; refusing to build a tx whose recorded amount differs from the depositor's request.`
+      );
+    if (s <= 0n)
+      throw new Error(
+        `WASM Pre-PegIn peginAmount[${i}] is non-positive (${s}); expected > 0.`
+      );
+    if (c <= 0n)
+      throw new Error(
+        `WASM Pre-PegIn htlcValue[${i}] is non-positive (${c}); expected > 0.`
+      );
+    const l = c - s - e.depositorClaimValue;
+    if (l <= 0n)
+      throw new Error(
+        `WASM Pre-PegIn htlcValue[${i}] ${c} does not strictly cover peginAmount ${s} + depositorClaimValue ${e.depositorClaimValue} + a PegIn fee (implied fee ${l}).`
+      );
+    if (l > o)
+      throw new Error(
+        `WASM Pre-PegIn implied PegIn fee for HTLC[${i}] (${l} sat) exceeds the plausibility cap ${o} sat (minPeginFeeRate=${t.minPeginFeeRate} × ${L} vbytes); htlcValue ${c} appears grossly inflated.`
+      );
+  }
+}
+function ue(e, t, n) {
+  if (e.length < t.length)
+    throw new Error(
+      `Encoded Pre-PegIn tx has ${e.length} output(s), fewer than the ${t.length} HTLC output(s) the cross-check validated.`
+    );
+  for (let r = 0; r < t.length; r++) {
+    const o = BigInt(e[r].value);
+    if (o !== t[r])
+      throw new Error(
+        `Encoded Pre-PegIn HTLC output[${r}] value ${o} does not match the cross-checked htlcValue ${t[r]}; the funded/signed tx would not pay the validated amount.`
+      );
+    const i = e[r].script.toString("hex").toLowerCase(), u = n[r].toLowerCase();
+    if (i !== u)
+      throw new Error(
+        `Encoded Pre-PegIn HTLC output[${r}] scriptPubKey ${i} does not match the cross-checked htlcScriptPubKey ${u}.`
+      );
+  }
+}
+const q = 64, ce = /^[0-9a-fA-F]+$/;
+async function be(e) {
+  const t = G(e.authAnchorHash), n = await j({
+    depositorPubkey: e.depositorPubkey,
+    vaultProviderPubkey: e.vaultProviderPubkey,
+    vaultKeeperPubkeys: e.vaultKeeperPubkeys,
+    universalChallengerPubkeys: e.universalChallengerPubkeys,
+    hashlocks: [...e.hashlocks],
+    timelockRefund: e.timelockRefund,
+    pegInAmounts: [...e.pegInAmounts],
+    feeRate: e.feeRate,
+    minPeginFeeRate: e.minPeginFeeRate,
+    numLocalChallengers: e.numLocalChallengers,
+    councilQuorum: e.councilQuorum,
+    councilSize: e.councilSize,
+    network: e.network,
+    authAnchorHash: t
+  });
+  await se(n, e);
+  const r = te(n.txHex);
+  ue(
+    r.outputs,
+    n.htlcValues,
+    n.htlcScriptPubKeys
+  );
+  const o = r.outputs.reduce(
+    (u, s) => u + BigInt(s.value),
+    0n
+  ), i = t !== void 0 ? n.htlcValues.length : null;
+  return {
+    psbtHex: n.txHex,
+    totalOutputValue: o,
+    htlcValues: n.htlcValues,
+    htlcScriptPubKeys: n.htlcScriptPubKeys,
+    htlcAddresses: n.htlcAddresses,
+    peginAmounts: n.peginAmounts,
+    depositorClaimValue: n.depositorClaimValue,
+    authAnchorVout: i
+  };
+}
+function G(e) {
+  if (e === void 0) return;
+  const t = e.startsWith("0x") || e.startsWith("0X") ? e.slice(2) : e;
+  if (t.length !== q || !ce.test(t))
+    throw new Error(
+      `authAnchorHash must be 32-byte hex (${q} chars, no 0x prefix); got length ${t.length}`
+    );
+  return t.toLowerCase();
+}
+async function Ae(e) {
+  const t = await Z(
+    {
+      depositorPubkey: e.prePeginParams.depositorPubkey,
+      vaultProviderPubkey: e.prePeginParams.vaultProviderPubkey,
+      vaultKeeperPubkeys: e.prePeginParams.vaultKeeperPubkeys,
+      universalChallengerPubkeys: e.prePeginParams.universalChallengerPubkeys,
+      hashlocks: [...e.prePeginParams.hashlocks],
+      timelockRefund: e.prePeginParams.timelockRefund,
+      pegInAmounts: [...e.prePeginParams.pegInAmounts],
+      feeRate: e.prePeginParams.feeRate,
+      minPeginFeeRate: e.prePeginParams.minPeginFeeRate,
+      numLocalChallengers: e.prePeginParams.numLocalChallengers,
+      councilQuorum: e.prePeginParams.councilQuorum,
+      councilSize: e.prePeginParams.councilSize,
+      network: e.prePeginParams.network,
+      authAnchorHash: G(
+        e.prePeginParams.authAnchorHash
+      )
+    },
+    e.timelockPegin,
+    e.fundedPrePeginTxHex,
+    e.htlcVout
+  );
+  return {
+    txHex: t.txHex,
+    txid: t.txid,
+    vaultScriptPubKey: t.vaultScriptPubKey,
+    vaultValue: t.vaultValue
+  };
+}
+async function ae(e) {
+  const t = await J(
+    {
+      depositor: e.depositor,
+      vaultProvider: e.vaultProvider,
+      vaultKeepers: e.vaultKeepers,
+      universalChallengers: e.universalChallengers,
+      timelockPegin: e.timelockPegin
+    },
+    e.network
+  );
+  return {
+    payoutScript: t.payoutScript,
+    taprootScriptHash: t.taprootScriptHash,
+    scriptPubKey: t.scriptPubKey,
+    address: t.address,
+    payoutControlBlock: t.payoutControlBlock
+  };
+}
+const Te = 2, k = 0, C = 0, N = 546, le = 3, K = 2, I = 1e4, M = 3, F = 10, X = 100;
+async function ke(e) {
+  const t = x(e.payoutTxHex), n = x(e.peginTxHex), r = x(e.assertTxHex), o = await ae({
+    depositor: e.depositorBtcPubkey,
+    vaultProvider: e.vaultProviderBtcPubkey,
+    vaultKeepers: e.vaultKeeperBtcPubkeys,
+    universalChallengers: e.universalChallengerBtcPubkeys,
+    timelockPegin: e.timelockPegin,
+    network: e.network
+  }), i = E(o.payoutScript), u = E(o.payoutControlBlock), s = S.fromHex(t), c = S.fromHex(n), l = S.fromHex(r), p = new T();
+  if (p.setVersion(s.version), p.setLocktime(s.locktime), s.ins.length !== 2)
+    throw new Error(
+      `Payout transaction must have exactly 2 inputs, got ${s.ins.length}`
+    );
+  const f = s.ins[0], P = s.ins[1], h = _(
+    new Uint8Array(f.hash).slice().reverse()
+  ), w = c.getId();
+  if (h !== w || f.index !== k)
+    throw new Error(
+      `Input 0 must spend PegIn:${k}. Expected ${w}:${k}, got ${h}:${f.index}`
+    );
+  const $ = _(
+    new Uint8Array(P.hash).slice().reverse()
+  ), d = l.getId();
+  if ($ !== d || P.index !== C)
+    throw new Error(
+      `Input 1 must spend Assert:${C}. Expected ${d}:${C}, got ${$}:${P.index}`
+    );
+  const g = c.outs[f.index];
+  if (!g)
+    throw new Error(
+      `Previous output not found for input 0 (txid: ${h}, index: ${f.index})`
+    );
+  const y = l.outs[P.index];
+  if (!y)
+    throw new Error(
+      `Previous output not found for input 1 (txid: ${$}, index: ${P.index})`
+    );
+  he({
+    payoutTx: s,
+    peginValueSats: g.value,
+    claimerBtcPubkey: e.claimerBtcPubkey,
+    vaultProviderBtcPubkey: e.vaultProviderBtcPubkey,
+    depositorBtcPubkey: e.depositorBtcPubkey,
+    vaultKeeperBtcPubkeys: e.vaultKeeperBtcPubkeys,
+    registeredPayoutScriptPubKey: e.registeredPayoutScriptPubKey,
+    commissionBps: e.commissionBps
+  });
+  const v = g.value + y.value;
+  let b = 0;
+  for (const A of s.outs) b += A.value;
+  if (b > v)
+    throw new Error(
+      `Payout outputs (${b} sats) exceed inputs (${v} sats); invalid transaction.`
+    );
+  const V = v - b, U = Math.floor(
+    v * F / X
+  );
+  if (V > U)
+    throw new Error(
+      `Payout implicit fee ${V} sats exceeds the safety cap of ${U} sats (${F}/${X} of inputs=${v}); refusing to sign payout.`
+    );
+  p.addInput({
+    hash: f.hash,
+    index: f.index,
+    sequence: f.sequence,
+    witnessUtxo: {
+      script: g.script,
+      value: g.value
+    },
+    tapLeafScript: [
+      {
+        leafVersion: H,
+        script: a.from(i),
+        controlBlock: a.from(u)
+      }
+    ],
+    tapInternalKey: a.from(ee)
+    // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot
+  }), p.addInput({
+    hash: P.hash,
+    index: P.index,
+    sequence: P.sequence,
+    witnessUtxo: {
+      script: y.script,
+      value: y.value
+    }
+    // No tapLeafScript - depositor doesn't sign this input
+  });
+  for (const A of s.outs)
+    p.addOutput({
+      script: A.script,
+      value: A.value
+    });
+  return {
+    psbtHex: p.toHex()
+  };
+}
+function he(e) {
+  const {
+    payoutTx: t,
+    peginValueSats: n,
+    claimerBtcPubkey: r,
+    vaultProviderBtcPubkey: o,
+    depositorBtcPubkey: i,
+    vaultKeeperBtcPubkeys: u,
+    registeredPayoutScriptPubKey: s,
+    commissionBps: c
+  } = e;
+  if (!re(s))
+    throw new Error("Invalid registeredPayoutScriptPubKey: not valid hex");
+  const l = x(r).toLowerCase(), p = x(o).toLowerCase(), f = x(i).toLowerCase(), P = u.map(
+    (y) => x(y).toLowerCase()
+  );
+  let h, w, $;
+  if (l === p)
+    h = "vp-claimer", w = le, $ = x(s);
+  else if (l === f)
+    h = "depositor-as-claimer", w = K, $ = x(s);
+  else if (P.includes(l))
+    h = "vk-claimer", w = K, $ = x(oe(l));
+  else
+    throw new Error(
+      `Unknown claimer pubkey ${l}: not VP, depositor, or a registered vault keeper`
+    );
+  if (t.outs.length !== w)
+    throw new Error(
+      `Payout transaction has ${t.outs.length} output(s), expected exactly ${w} for role ${h}.`
+    );
+  const d = a.from($, "hex");
+  if (!t.outs[0].script.equals(d))
+    throw new Error(
+      `Payout transaction output 0 does not pay the expected scriptPubKey for role ${h}`
+    );
+  const g = w - 1;
+  if (t.outs[g].value !== N)
+    throw new Error(
+      `Payout CPFP anchor (out ${g}) value ${t.outs[g].value} sats must equal ${N} sats`
+    );
+  if (h === "vp-claimer") {
+    if (!Number.isInteger(c) || c < 0 || c >= I)
+      throw new Error(
+        `commissionBps must be an integer in [0, ${I}), got ${c}`
+      );
+    const y = Math.floor(
+      n * c / I
+    );
+    if (t.outs[1].value > y)
+      throw new Error(
+        `Payout VP commission (out 1) value ${t.outs[1].value} sats exceeds cap ${y} sats (${c} bps of peginValue=${n})`
+      );
+  }
+}
+function Ce(e, t, n = 0) {
+  const r = T.fromHex(e);
+  if (n >= r.data.inputs.length)
+    throw new Error(
+      `Input index ${n} out of range (${r.data.inputs.length} inputs)`
+    );
+  const o = r.data.inputs[n];
+  if (o.tapScriptSig && o.tapScriptSig.length > 0) {
+    const i = E(t);
+    for (const u of o.tapScriptSig)
+      if (u.pubkey.equals(a.from(i)))
+        return W(u.signature, n);
+    throw new Error(
+      `No signature found for depositor pubkey: ${t} at input ${n}`
+    );
+  }
+  if (o.finalScriptWitness && o.finalScriptWitness.length > 0) {
+    const i = de(o.finalScriptWitness);
+    if (i.length !== M)
+      throw new Error(
+        `Unexpected finalized witness stack size at input ${n}: expected ${M} items (signature, script, controlBlock), got ${i.length}`
+      );
+    return W(i[0], n);
+  }
+  throw new Error(
+    `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${n}`
+  );
+}
+function W(e, t) {
+  if (e.length === 64)
+    return _(new Uint8Array(e));
+  throw e.length === 65 ? new Error(
+    `Unexpected sighash byte 0x${e[64].toString(16).padStart(2, "0")} at input ${t}. Expected implicit SIGHASH_DEFAULT as a 64-byte signature.`
+  ) : new Error(
+    `Unexpected signature length at input ${t}: ${e.length}`
+  );
+}
+function de(e) {
+  const t = [];
+  let n = 0;
+  const r = (u) => {
+    if (n + u > e.length)
+      throw new Error(
+        `Malformed witness data: need ${u} byte(s) at offset ${n}, only ${e.length - n} remaining`
+      );
+  }, o = () => {
+    r(1);
+    const u = e[n++];
+    if (u < 253) return u;
+    if (u === 253) {
+      r(2);
+      const s = (e[n] | e[n + 1] << 8) >>> 0;
+      return n += 2, s;
+    }
+    if (u === 254) {
+      r(4);
+      const s = (e[n] | e[n + 1] << 8 | e[n + 2] << 16 | e[n + 3] << 24) >>> 0;
+      return n += 4, s;
+    }
+    throw new Error(
+      `Malformed witness data: 8-byte varint (0xff) not supported at offset ${n - 1}`
+    );
+  }, i = o();
+  for (let u = 0; u < i; u++) {
+    const s = o();
+    r(s), t.push(a.from(e.subarray(n, n + s))), n += s;
+  }
+  if (n !== e.length)
+    throw new Error(
+      `Malformed witness data: ${e.length - n} trailing byte(s) after parsing ${i} item(s)`
+    );
+  return t;
+}
+class m extends Error {
+  constructor(t) {
+    super(
+      `Wallet returned a PSBT for a different transaction: ${t}`
+    ), this.name = "PsbtSubstitutionError";
+  }
+}
+function z(e, t) {
+  try {
+    return T.fromHex(t);
+  } catch (n) {
+    const r = n instanceof Error ? n.message : String(n);
+    throw new Error(`Failed to parse ${e} PSBT: ${r}`);
+  }
+}
+const pe = 8;
+function O(e) {
+  return `${e.toString("hex").slice(0, pe)}…`;
+}
+function D(e) {
+  const t = a.from(e).reverse();
+  return O(t);
+}
+function Ie(e) {
+  const t = z("requested", e.requestedPsbtHex), n = z("returned", e.returnedPsbtHex);
+  if (t.version !== n.version)
+    throw new m(
+      `tx version differs (requested=${t.version}, returned=${n.version})`
+    );
+  if (t.locktime !== n.locktime)
+    throw new m(
+      `tx locktime differs (requested=${t.locktime}, returned=${n.locktime})`
+    );
+  if (t.txInputs.length !== n.txInputs.length)
+    throw new m(
+      `input count differs (requested=${t.txInputs.length}, returned=${n.txInputs.length})`
+    );
+  if (t.txOutputs.length !== n.txOutputs.length)
+    throw new m(
+      `output count differs (requested=${t.txOutputs.length}, returned=${n.txOutputs.length})`
+    );
+  for (let r = 0; r < t.txInputs.length; r++) {
+    const o = t.txInputs[r], i = n.txInputs[r];
+    if (!o.hash.equals(i.hash))
+      throw new m(
+        `input ${r} prevout txid differs (requested=${D(o.hash)}, returned=${D(i.hash)})`
+      );
+    if (o.index !== i.index)
+      throw new m(
+        `input ${r} prevout vout differs (requested=${o.index}, returned=${i.index})`
+      );
+    if (o.sequence !== i.sequence)
+      throw new m(
+        `input ${r} sequence differs (requested=${o.sequence}, returned=${i.sequence})`
+      );
+  }
+  for (let r = 0; r < t.txOutputs.length; r++) {
+    const o = t.txOutputs[r], i = n.txOutputs[r];
+    if (!o.script.equals(i.script))
+      throw new m(
+        `output ${r} scriptPubKey differs (requested=${O(o.script)}, returned=${O(i.script)})`
+      );
+    if (o.value !== i.value)
+      throw new m(
+        `output ${r} value differs (requested=${o.value}, returned=${i.value})`
+      );
+  }
+}
+const Y = 253, fe = 254, ge = 65535, Pe = 4294967295;
+function xe(e) {
+  if (e < Y)
+    return a.from([e]);
+  if (e <= ge) {
+    const t = a.alloc(2);
+    return t.writeUInt16LE(e), a.concat([a.from([Y]), t]);
+  }
+  if (e <= Pe) {
+    const t = a.alloc(4);
+    return t.writeUInt32LE(e), a.concat([a.from([fe]), t]);
+  }
+  throw new Error(`Script too large to encode as CompactSize: ${e} bytes`);
+}
+const we = "TapLeaf";
+function $e(e, t) {
+  const n = a.concat([
+    a.from([e]),
+    xe(t.length),
+    a.from(t)
+  ]);
+  return ne.taggedHash(we, n);
+}
+function _e(e) {
+  const { requestedPsbtHex: t, signatureHex: n, signerXOnlyPubkeyHex: r, inputIndex: o } = e, i = x(n);
+  if (i.length !== B)
+    throw new Error(
+      `Schnorr signature for input ${o} must be ${B} hex chars (64 bytes), got ${i.length}.`
+    );
+  const u = x(r);
+  if (u.length !== R)
+    throw new Error(
+      `Signer x-only pubkey for input ${o} must be ${R} hex chars (32 bytes), got ${u.length}.`
+    );
+  const s = T.fromHex(t);
+  if (o < 0 || o >= s.data.inputs.length)
+    throw new Error(
+      `Input index ${o} out of range (${s.data.inputs.length} inputs).`
+    );
+  const c = [], l = [];
+  for (let d = 0; d < s.data.inputs.length; d++) {
+    const g = s.data.inputs[d].witnessUtxo;
+    if (!g)
+      throw new Error(
+        `Cannot verify signature: input ${d} of the requested PSBT has no witnessUtxo (required to recompute the Taproot sighash).`
+      );
+    c.push(g.script), l.push(g.value);
+  }
+  const p = s.data.inputs[o].tapLeafScript;
+  if (!p || p.length !== 1)
+    throw new Error(
+      `Cannot verify signature: input ${o} of the requested PSBT must have exactly one tapLeafScript, got ${(p == null ? void 0 : p.length) ?? 0}.`
+    );
+  const f = p[0];
+  if (f.leafVersion !== H)
+    throw new Error(
+      `Cannot verify signature: input ${o} tapLeafScript has leaf version 0x${f.leafVersion.toString(16)}, expected 0x${H.toString(16)}.`
+    );
+  const P = $e(f.leafVersion, f.script), h = new S();
+  h.version = s.version, h.locktime = s.locktime;
+  for (const d of s.txInputs)
+    h.addInput(d.hash, d.index, d.sequence);
+  for (const d of s.txOutputs)
+    h.addOutput(d.script, d.value);
+  const w = h.hashForWitnessV1(
+    o,
+    c,
+    l,
+    S.SIGHASH_DEFAULT,
+    P
+  );
+  if (!ie.verifySchnorr(
+    w,
+    E(u),
+    E(i)
+  ))
+    throw new Error(
+      `Schnorr signature for input ${o} (signer ${u}) does not verify against the expected Taproot script-path sighash. The wallet may have signed with the tweaked key, signed a different transaction, or returned an invalid signature.`
+    );
+}
+export {
+  C as A,
+  Te as D,
+  m as P,
+  be as a,
+  Ae as b,
+  ke as c,
+  Ie as d,
+  Ce as e,
+  _e as f,
+  ae as g,
+  k as h,
+  G as n
+};
+//# sourceMappingURL=verifyScriptPathSchnorrSignature-DFJAEleY.js.map