@dydxprotocol/v4-client-js 1.19.0 → 1.21.0

package/examples/permissioned_keys_example.ts

@@ -47,31 +47,57 @@ async function test(): Promise<void> {
   await placeOrder(client, subaccount2, subaccount1, authenticatorID);
 }
 
-async function removeAuthenticator(client: CompositeClient,subaccount: SubaccountInfo, id: Long): Promise<void> {
+async function removeAuthenticator(
+  client: CompositeClient,
+  subaccount: SubaccountInfo,
+  id: Long,
+): Promise<void> {
   await client.removeAuthenticator(subaccount, id);
 }
 
-async function addAuthenticator(client: CompositeClient, subaccount: SubaccountInfo, authedPubKey:string): Promise<void> {
-  const subAuthenticators = [{
+async function addAuthenticator(
+  client: CompositeClient,
+  subaccount: SubaccountInfo,
+  authedPubKey: string,
+): Promise<void> {
+  const subAuth = [ {
     type: AuthenticatorType.SIGNATURE_VERIFICATION,
     config: authedPubKey,
   },
   {
-    type: AuthenticatorType.MESSAGE_FILTER,
-    config: toBase64(new TextEncoder().encode("/dydxprotocol.clob.MsgPlaceOrder")),
-  },
+    type: AuthenticatorType.ANY_OF,
+    config: [
+    {
+      type: AuthenticatorType.MESSAGE_FILTER,
+      config: toBase64(new TextEncoder().encode('/dydxprotocol.clob.MsgPlaceOrder')),
+    },
+    {
+      type: AuthenticatorType.MESSAGE_FILTER,
+      config: toBase64(new TextEncoder().encode('/dydxprotocol.clob.MsgPlaceOrder')),
+    },
+    ]
+  }
 ];
 
-  const jsonString = JSON.stringify(subAuthenticators);
+  const jsonString = JSON.stringify(subAuth);
   const encodedData = new TextEncoder().encode(jsonString);
 
-  await client.addAuthenticator(subaccount, AuthenticatorType.ALL_OF, encodedData);
+  try {
+    await client.addAuthenticator(subaccount, AuthenticatorType.ALL_OF, encodedData);
+  } catch (error) {
+    console.log(error.message);
+  }
 }
 
-async function placeOrder(client: CompositeClient, fromAccount: SubaccountInfo, forAccount: SubaccountInfo, authenticatorId: Long): Promise<void> {
+async function placeOrder(
+  client: CompositeClient,
+  fromAccount: SubaccountInfo,
+  forAccount: SubaccountInfo,
+  authenticatorId: Long,
+): Promise<void> {
   try {
-    const side = OrderSide.BUY
-    const price = Number("1000");
+    const side = OrderSide.BUY;
+    const price = Number('1000');
     const currentBlock = await client.validatorClient.get.latestBlockHeight();
     const nextValidBlockHeight = currentBlock + 5;
     const goodTilBlock = nextValidBlockHeight + 10;
@@ -94,7 +120,7 @@ async function placeOrder(client: CompositeClient, fromAccount: SubaccountInfo,
       {
         authenticators: [authenticatorId],
         accountForOrder: forAccount,
-      }
+      },
     );
     console.log('**Order Tx**');
     console.log(Buffer.from(tx.hash).toString('hex'));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dydxprotocol/v4-client-js",
-  "version": "1.19.0",
+  "version": "1.21.0",
   "description": "General client library for the new dYdX system (v4 decentralized)",
   "main": "build/src/index.js",
   "scripts": {

package/src/clients/composite-client.ts

@@ -1,3 +1,5 @@
+import { TextDecoder } from 'util';
+
 import { EncodeObject } from '@cosmjs/proto-signing';
 import { Account, GasPrice, IndexedTx, StdFee } from '@cosmjs/stargate';
 import { Method } from '@cosmjs/tendermint-rpc';
@@ -18,6 +20,7 @@ import { bigIntToBytes } from '../lib/helpers';
 import { isStatefulOrder, verifyOrderFlags } from '../lib/validation';
 import { GovAddNewMarketParams, OrderFlags } from '../types';
 import {
+  Authenticator,
   AuthenticatorType,
   Network,
   OrderExecution,
@@ -169,7 +172,7 @@ export class CompositeClient {
       broadcastMode,
       account,
       undefined,
-     authenticators,
+      authenticators,
     );
   }
 
@@ -311,9 +314,10 @@ export class CompositeClient {
   ): Promise<BroadcastTxAsyncResponse | BroadcastTxSyncResponse | IndexedTx> {
     // For permissioned orders, use the permissioning account details instead of the subaccount
     // This allows placing orders on behalf of another account when using permissioned keys
-    const accountForOrder = permissionedKeysAccountAuth ? permissionedKeysAccountAuth.accountForOrder : subaccount;
+    const accountForOrder = permissionedKeysAccountAuth
+      ? permissionedKeysAccountAuth.accountForOrder
+      : subaccount;
     const msgs: Promise<EncodeObject[]> = new Promise((resolve, reject) => {
-
       const msg = this.placeShortTermOrderMessage(
         accountForOrder,
         marketId,
@@ -1233,7 +1237,13 @@ export class CompositeClient {
     gasAdjustment?: number,
     memo?: string,
   ): Promise<BroadcastTxAsyncResponse | BroadcastTxSyncResponse | IndexedTx> {
-    return this.validatorClient.post.createMarketPermissionless(ticker, subaccount, broadcastMode, gasAdjustment, memo);
+    return this.validatorClient.post.createMarketPermissionless(
+      ticker,
+      subaccount,
+      broadcastMode,
+      gasAdjustment,
+      memo,
+    );
   }
 
   async addAuthenticator(
@@ -1241,17 +1251,60 @@ export class CompositeClient {
     authenticatorType: AuthenticatorType,
     data: Uint8Array,
   ): Promise<BroadcastTxAsyncResponse | BroadcastTxSyncResponse | IndexedTx> {
-    return this.validatorClient.post.addAuthenticator(subaccount, authenticatorType, data)
+    // Validate the provided authenticators before sending to the validator
+    const authenticator: Authenticator = {
+      type: authenticatorType,
+      config: JSON.parse(new TextDecoder().decode(data)),
+    };
+    if (!this.validateAuthenticator(authenticator)) {
+      throw new Error(
+        'Invalid authenticator, please ensure the authenticator permissions are correct',
+      );
+    }
+
+    return this.validatorClient.post.addAuthenticator(subaccount, authenticatorType, data);
   }
 
   async removeAuthenticator(
     subaccount: SubaccountInfo,
     id: Long,
   ): Promise<BroadcastTxAsyncResponse | BroadcastTxSyncResponse | IndexedTx> {
-    return this.validatorClient.post.removeAuthenticator(subaccount, id)
+    return this.validatorClient.post.removeAuthenticator(subaccount, id);
   }
 
-  async getAuthenticators(address: string): Promise<GetAuthenticatorsResponse>{
+  async getAuthenticators(address: string): Promise<GetAuthenticatorsResponse> {
     return this.validatorClient.get.getAuthenticators(address);
   }
+
+  validateAuthenticator(authenticator: Authenticator): boolean {
+    function checkAuthenticator(auth: Authenticator): boolean {
+      if (auth.type === AuthenticatorType.SIGNATURE_VERIFICATION) {
+        return true; // A SignatureVerification authenticator is safe.
+      }
+
+      if (!Array.isArray(auth.config)) {
+        return false; // Unsafe case: a non-array config for a composite authenticator
+      }
+
+      if (auth.type === AuthenticatorType.ANY_OF) {
+        // ANY_OF is safe only if ALL sub-authenticators return true
+        return auth.config.every((nestedAuth) => checkAuthenticator(nestedAuth));
+      }
+
+      if (auth.type === AuthenticatorType.ALL_OF) {
+        // ALL_OF is safe if at least one sub-authenticator returns true
+        return auth.config.some((nestedAuth) => checkAuthenticator(nestedAuth));
+      }
+
+      // If it's a base-case authenticator but not SignatureVerification, it's unsafe
+      return false;
+    }
+
+    // The top-level authenticator must pass validation
+    if (!checkAuthenticator(authenticator)) {
+      return false
+    }
+
+    return true;
+  }
 }

package/src/clients/constants.ts

@@ -211,6 +211,11 @@ export enum AuthenticatorType {
   SUBACCOUNT_FILTER = 'SubaccountFilter',
 }
 
+export interface Authenticator {
+  type: AuthenticatorType;
+  config: string | Authenticator[];
+}
+
 export enum TradingRewardAggregationPeriod {
   DAILY = 'DAILY',
   WEEKLY = 'WEEKLY',