@dynamic-labs-sdk/solana 1.17.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/dist/{addSolanaWalletStandardExtension-jxPULYI0.esm.js → addSolanaWalletStandardExtension-BGeu9CyF.esm.js} +3 -3
  2. package/dist/{addSolanaWalletStandardExtension-jxPULYI0.esm.js.map → addSolanaWalletStandardExtension-BGeu9CyF.esm.js.map} +1 -1
  3. package/dist/{addSolanaWalletStandardExtension-Cx9fyyS3.cjs → addSolanaWalletStandardExtension-DjnLEEh4.cjs} +3 -3
  4. package/dist/{addSolanaWalletStandardExtension-Cx9fyyS3.cjs.map → addSolanaWalletStandardExtension-DjnLEEh4.cjs.map} +1 -1
  5. package/dist/{addWaasSolanaExtension-CA2poieU.esm.js → addWaasSolanaExtension-CzXKrlYb.esm.js} +2 -2
  6. package/dist/{addWaasSolanaExtension-CA2poieU.esm.js.map → addWaasSolanaExtension-CzXKrlYb.esm.js.map} +1 -1
  7. package/dist/{addWaasSolanaExtension-hOB10HA-.cjs → addWaasSolanaExtension-DIOlU-AN.cjs} +2 -2
  8. package/dist/{addWaasSolanaExtension-hOB10HA-.cjs.map → addWaasSolanaExtension-DIOlU-AN.cjs.map} +1 -1
  9. package/dist/{createWalletProviderFromSolanaStandardWallet-DmmM6Suh.esm.js → createWalletProviderFromSolanaStandardWallet-CKgaSEl8.esm.js} +2 -2
  10. package/dist/{createWalletProviderFromSolanaStandardWallet-DmmM6Suh.esm.js.map → createWalletProviderFromSolanaStandardWallet-CKgaSEl8.esm.js.map} +1 -1
  11. package/dist/{createWalletProviderFromSolanaStandardWallet-C9CKmWdX.cjs → createWalletProviderFromSolanaStandardWallet-Dd2TVV2b.cjs} +2 -2
  12. package/dist/{createWalletProviderFromSolanaStandardWallet-C9CKmWdX.cjs.map → createWalletProviderFromSolanaStandardWallet-Dd2TVV2b.cjs.map} +1 -1
  13. package/dist/index.cjs +355 -5
  14. package/dist/index.cjs.map +1 -1
  15. package/dist/index.esm.js +355 -5
  16. package/dist/index.esm.js.map +1 -1
  17. package/dist/metamask.cjs +2 -2
  18. package/dist/metamask.esm.js +2 -2
  19. package/dist/phantomRedirect/errors/PhantomInvalidEncryptionPublicKeyError.d.ts +5 -0
  20. package/dist/phantomRedirect/errors/PhantomInvalidEncryptionPublicKeyError.d.ts.map +1 -0
  21. package/dist/phantomRedirect/utils/crypto/createNaClSharedSecret/createNaClSharedSecret.d.ts +6 -1
  22. package/dist/phantomRedirect/utils/crypto/createNaClSharedSecret/createNaClSharedSecret.d.ts.map +1 -1
  23. package/dist/{solanaTransferAmount-BUwYKL-l.esm.js → solanaTransferAmount-DX35Wg5S.esm.js} +2 -2
  24. package/dist/{solanaTransferAmount-BUwYKL-l.esm.js.map → solanaTransferAmount-DX35Wg5S.esm.js.map} +1 -1
  25. package/dist/{solanaTransferAmount-Fq-SN353.cjs → solanaTransferAmount-vxHlmm9z.cjs} +2 -2
  26. package/dist/{solanaTransferAmount-Fq-SN353.cjs.map → solanaTransferAmount-vxHlmm9z.cjs.map} +1 -1
  27. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  28. package/dist/waas.cjs +2 -2
  29. package/dist/waas.esm.js +2 -2
  30. package/dist/walletConnect.cjs +1 -1
  31. package/dist/walletConnect.esm.js +1 -1
  32. package/dist/walletStandard.cjs +3 -3
  33. package/dist/walletStandard.esm.js +3 -3
  34. package/package.json +6 -6
package/dist/index.cjs CHANGED
@@ -1,9 +1,9 @@
1
1
  const require_chunk = require('./chunk-CbDLau6x.cjs');
2
- const require_solanaTransferAmount = require('./solanaTransferAmount-Fq-SN353.cjs');
2
+ const require_solanaTransferAmount = require('./solanaTransferAmount-vxHlmm9z.cjs');
3
3
  const require_assertBufferAvailable = require('./assertBufferAvailable-BPIt9Mmr.cjs');
4
- const require_addWaasSolanaExtension = require('./addWaasSolanaExtension-hOB10HA-.cjs');
5
- require('./createWalletProviderFromSolanaStandardWallet-C9CKmWdX.cjs');
6
- const require_addSolanaWalletStandardExtension = require('./addSolanaWalletStandardExtension-Cx9fyyS3.cjs');
4
+ const require_addWaasSolanaExtension = require('./addWaasSolanaExtension-DIOlU-AN.cjs');
5
+ require('./createWalletProviderFromSolanaStandardWallet-Dd2TVV2b.cjs');
6
+ const require_addSolanaWalletStandardExtension = require('./addSolanaWalletStandardExtension-DjnLEEh4.cjs');
7
7
  let _dynamic_labs_sdk_assert_package_version = require("@dynamic-labs-sdk/assert-package-version");
8
8
  let _dynamic_labs_sdk_client_core = require("@dynamic-labs-sdk/client/core");
9
9
  let _dynamic_labs_sdk_client = require("@dynamic-labs-sdk/client");
@@ -335,18 +335,368 @@ const broadcastPhantomEvent = ({ args, event }, client) => {
335
335
  });
336
336
  };
337
337
 
338
+ //#endregion
339
+ //#region src/phantomRedirect/errors/PhantomInvalidEncryptionPublicKeyError.ts
340
+ var PhantomInvalidEncryptionPublicKeyError = class extends _dynamic_labs_sdk_client.BaseError {
341
+ constructor() {
342
+ super({
343
+ cause: null,
344
+ code: "phantom_invalid_encryption_public_key_error",
345
+ docsUrl: null,
346
+ name: "PhantomInvalidEncryptionPublicKeyError",
347
+ shortMessage: "Invalid Phantom encryption public key (low-order point rejected)."
348
+ });
349
+ }
350
+ };
351
+
338
352
  //#endregion
339
353
  //#region src/phantomRedirect/utils/crypto/createNaClSharedSecret/createNaClSharedSecret.ts
340
354
  /**
355
+ * The length, in bytes, of a Curve25519 public key.
356
+ */
357
+ const CURVE25519_PUBLIC_KEY_LENGTH = 32;
358
+ /**
359
+ * The complete set of known Curve25519 low-order point encodings.
360
+ *
361
+ * A malicious Phantom redirect can supply one of these as
362
+ * `phantom_encryption_public_key`. X25519 with a low-order base point produces
363
+ * a small, universally-known shared secret (independent of our secret key),
364
+ * letting an attacker decrypt/forge the connect response and overwrite the
365
+ * connected wallet address. We reject them before deriving the box secret.
366
+ *
367
+ * Source: RFC 7748 / the canonical list of the 8 Curve25519 low-order points.
368
+ */
369
+ const CURVE25519_LOW_ORDER_POINTS = [
370
+ new Uint8Array([
371
+ 0,
372
+ 0,
373
+ 0,
374
+ 0,
375
+ 0,
376
+ 0,
377
+ 0,
378
+ 0,
379
+ 0,
380
+ 0,
381
+ 0,
382
+ 0,
383
+ 0,
384
+ 0,
385
+ 0,
386
+ 0,
387
+ 0,
388
+ 0,
389
+ 0,
390
+ 0,
391
+ 0,
392
+ 0,
393
+ 0,
394
+ 0,
395
+ 0,
396
+ 0,
397
+ 0,
398
+ 0,
399
+ 0,
400
+ 0,
401
+ 0,
402
+ 0
403
+ ]),
404
+ new Uint8Array([
405
+ 1,
406
+ 0,
407
+ 0,
408
+ 0,
409
+ 0,
410
+ 0,
411
+ 0,
412
+ 0,
413
+ 0,
414
+ 0,
415
+ 0,
416
+ 0,
417
+ 0,
418
+ 0,
419
+ 0,
420
+ 0,
421
+ 0,
422
+ 0,
423
+ 0,
424
+ 0,
425
+ 0,
426
+ 0,
427
+ 0,
428
+ 0,
429
+ 0,
430
+ 0,
431
+ 0,
432
+ 0,
433
+ 0,
434
+ 0,
435
+ 0,
436
+ 0
437
+ ]),
438
+ new Uint8Array([
439
+ 224,
440
+ 235,
441
+ 122,
442
+ 124,
443
+ 59,
444
+ 65,
445
+ 184,
446
+ 174,
447
+ 22,
448
+ 86,
449
+ 227,
450
+ 250,
451
+ 241,
452
+ 159,
453
+ 196,
454
+ 106,
455
+ 218,
456
+ 9,
457
+ 141,
458
+ 235,
459
+ 156,
460
+ 50,
461
+ 177,
462
+ 253,
463
+ 134,
464
+ 98,
465
+ 5,
466
+ 22,
467
+ 95,
468
+ 73,
469
+ 184,
470
+ 0
471
+ ]),
472
+ new Uint8Array([
473
+ 95,
474
+ 156,
475
+ 149,
476
+ 188,
477
+ 163,
478
+ 80,
479
+ 140,
480
+ 36,
481
+ 177,
482
+ 208,
483
+ 177,
484
+ 85,
485
+ 156,
486
+ 131,
487
+ 239,
488
+ 91,
489
+ 4,
490
+ 68,
491
+ 92,
492
+ 196,
493
+ 88,
494
+ 28,
495
+ 142,
496
+ 134,
497
+ 216,
498
+ 34,
499
+ 78,
500
+ 221,
501
+ 208,
502
+ 159,
503
+ 17,
504
+ 87
505
+ ]),
506
+ new Uint8Array([
507
+ 236,
508
+ 255,
509
+ 255,
510
+ 255,
511
+ 255,
512
+ 255,
513
+ 255,
514
+ 255,
515
+ 255,
516
+ 255,
517
+ 255,
518
+ 255,
519
+ 255,
520
+ 255,
521
+ 255,
522
+ 255,
523
+ 255,
524
+ 255,
525
+ 255,
526
+ 255,
527
+ 255,
528
+ 255,
529
+ 255,
530
+ 255,
531
+ 255,
532
+ 255,
533
+ 255,
534
+ 255,
535
+ 255,
536
+ 255,
537
+ 255,
538
+ 127
539
+ ]),
540
+ new Uint8Array([
541
+ 237,
542
+ 255,
543
+ 255,
544
+ 255,
545
+ 255,
546
+ 255,
547
+ 255,
548
+ 255,
549
+ 255,
550
+ 255,
551
+ 255,
552
+ 255,
553
+ 255,
554
+ 255,
555
+ 255,
556
+ 255,
557
+ 255,
558
+ 255,
559
+ 255,
560
+ 255,
561
+ 255,
562
+ 255,
563
+ 255,
564
+ 255,
565
+ 255,
566
+ 255,
567
+ 255,
568
+ 255,
569
+ 255,
570
+ 255,
571
+ 255,
572
+ 127
573
+ ]),
574
+ new Uint8Array([
575
+ 238,
576
+ 255,
577
+ 255,
578
+ 255,
579
+ 255,
580
+ 255,
581
+ 255,
582
+ 255,
583
+ 255,
584
+ 255,
585
+ 255,
586
+ 255,
587
+ 255,
588
+ 255,
589
+ 255,
590
+ 255,
591
+ 255,
592
+ 255,
593
+ 255,
594
+ 255,
595
+ 255,
596
+ 255,
597
+ 255,
598
+ 255,
599
+ 255,
600
+ 255,
601
+ 255,
602
+ 255,
603
+ 255,
604
+ 255,
605
+ 255,
606
+ 127
607
+ ]),
608
+ new Uint8Array([
609
+ 205,
610
+ 235,
611
+ 122,
612
+ 124,
613
+ 59,
614
+ 65,
615
+ 184,
616
+ 174,
617
+ 22,
618
+ 86,
619
+ 227,
620
+ 250,
621
+ 241,
622
+ 159,
623
+ 196,
624
+ 106,
625
+ 218,
626
+ 9,
627
+ 141,
628
+ 235,
629
+ 156,
630
+ 50,
631
+ 177,
632
+ 253,
633
+ 134,
634
+ 98,
635
+ 5,
636
+ 22,
637
+ 95,
638
+ 73,
639
+ 184,
640
+ 128
641
+ ])
642
+ ];
643
+ /**
644
+ * Constant-time equality check for two byte arrays. No early-exit branches so
645
+ * comparison duration does not leak the content being compared.
646
+ */
647
+ const bytesEqual = ({ a, b }) => {
648
+ let diff = a.length ^ b.length;
649
+ const length = Math.min(a.length, b.length);
650
+ for (let i = 0; i < length; i += 1) diff |= a[i] ^ b[i];
651
+ return diff === 0;
652
+ };
653
+ /**
654
+ * Validates that a decoded Curve25519 public key is safe to use for X25519 key
655
+ * agreement, rejecting low-order / contributory points.
656
+ *
657
+ * Defense in depth:
658
+ * 1. Enforce the canonical 32-byte length.
659
+ * 2. Reject the known small set of low-order point encodings (blocklist).
660
+ * 3. Reject any input whose raw X25519 output (`nacl.scalarMult`) is all-zero,
661
+ * which catches low-order inputs regardless of encoding.
662
+ *
663
+ * @param params.theirPublicKey - The decoded (32-byte) peer public key
664
+ * @param params.ourSecretKey - The decoded (32-byte) local secret key
665
+ * @throws {PhantomInvalidEncryptionPublicKeyError} If the key is invalid or low-order
666
+ */
667
+ const assertValidCurve25519PublicKey = ({ theirPublicKey, ourSecretKey }) => {
668
+ if (theirPublicKey.length !== CURVE25519_PUBLIC_KEY_LENGTH) throw new PhantomInvalidEncryptionPublicKeyError();
669
+ for (const lowOrderPoint of CURVE25519_LOW_ORDER_POINTS) if (bytesEqual({
670
+ a: theirPublicKey,
671
+ b: lowOrderPoint
672
+ })) throw new PhantomInvalidEncryptionPublicKeyError();
673
+ const scalarMultOutput = tweetnacl.default.scalarMult(ourSecretKey, theirPublicKey);
674
+ if (bytesEqual({
675
+ a: scalarMultOutput,
676
+ b: new Uint8Array(scalarMultOutput.length)
677
+ })) throw new PhantomInvalidEncryptionPublicKeyError();
678
+ };
679
+ /**
341
680
  * Creates a shared secret for NaCl box encryption using our secret key and their public key.
342
681
  *
682
+ * Rejects low-order / invalid Curve25519 public keys before deriving the shared
683
+ * secret, preventing an attacker from forcing the X25519 output to a known
684
+ * constant via a malicious `phantom_encryption_public_key`.
685
+ *
343
686
  * @param params.ourSecretKey - Our base58-encoded secret key
344
687
  * @param params.theirPublicKey - Their base58-encoded public key
345
688
  * @returns The base58-encoded shared secret
689
+ * @throws {PhantomInvalidEncryptionPublicKeyError} If their public key is invalid or a low-order point
346
690
  * @notInstrumented
347
691
  */
348
692
  const createNaClSharedSecret = ({ ourSecretKey, theirPublicKey }) => {
349
- const sharedSecret = tweetnacl.default.box.before(bs58.default.decode(theirPublicKey), bs58.default.decode(ourSecretKey));
693
+ const theirPublicKeyBytes = bs58.default.decode(theirPublicKey);
694
+ const ourSecretKeyBytes = bs58.default.decode(ourSecretKey);
695
+ assertValidCurve25519PublicKey({
696
+ ourSecretKey: ourSecretKeyBytes,
697
+ theirPublicKey: theirPublicKeyBytes
698
+ });
699
+ const sharedSecret = tweetnacl.default.box.before(theirPublicKeyBytes, ourSecretKeyBytes);
350
700
  return bs58.default.encode(sharedSecret);
351
701
  };
352
702