@dynamic-labs-sdk/solana 1.17.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/dist/{addSolanaWalletStandardExtension-jxPULYI0.esm.js → addSolanaWalletStandardExtension-BGeu9CyF.esm.js} +3 -3
  2. package/dist/{addSolanaWalletStandardExtension-jxPULYI0.esm.js.map → addSolanaWalletStandardExtension-BGeu9CyF.esm.js.map} +1 -1
  3. package/dist/{addSolanaWalletStandardExtension-Cx9fyyS3.cjs → addSolanaWalletStandardExtension-DjnLEEh4.cjs} +3 -3
  4. package/dist/{addSolanaWalletStandardExtension-Cx9fyyS3.cjs.map → addSolanaWalletStandardExtension-DjnLEEh4.cjs.map} +1 -1
  5. package/dist/{addWaasSolanaExtension-CA2poieU.esm.js → addWaasSolanaExtension-CzXKrlYb.esm.js} +2 -2
  6. package/dist/{addWaasSolanaExtension-CA2poieU.esm.js.map → addWaasSolanaExtension-CzXKrlYb.esm.js.map} +1 -1
  7. package/dist/{addWaasSolanaExtension-hOB10HA-.cjs → addWaasSolanaExtension-DIOlU-AN.cjs} +2 -2
  8. package/dist/{addWaasSolanaExtension-hOB10HA-.cjs.map → addWaasSolanaExtension-DIOlU-AN.cjs.map} +1 -1
  9. package/dist/{createWalletProviderFromSolanaStandardWallet-DmmM6Suh.esm.js → createWalletProviderFromSolanaStandardWallet-CKgaSEl8.esm.js} +2 -2
  10. package/dist/{createWalletProviderFromSolanaStandardWallet-DmmM6Suh.esm.js.map → createWalletProviderFromSolanaStandardWallet-CKgaSEl8.esm.js.map} +1 -1
  11. package/dist/{createWalletProviderFromSolanaStandardWallet-C9CKmWdX.cjs → createWalletProviderFromSolanaStandardWallet-Dd2TVV2b.cjs} +2 -2
  12. package/dist/{createWalletProviderFromSolanaStandardWallet-C9CKmWdX.cjs.map → createWalletProviderFromSolanaStandardWallet-Dd2TVV2b.cjs.map} +1 -1
  13. package/dist/index.cjs +355 -5
  14. package/dist/index.cjs.map +1 -1
  15. package/dist/index.esm.js +355 -5
  16. package/dist/index.esm.js.map +1 -1
  17. package/dist/metamask.cjs +2 -2
  18. package/dist/metamask.esm.js +2 -2
  19. package/dist/phantomRedirect/errors/PhantomInvalidEncryptionPublicKeyError.d.ts +5 -0
  20. package/dist/phantomRedirect/errors/PhantomInvalidEncryptionPublicKeyError.d.ts.map +1 -0
  21. package/dist/phantomRedirect/utils/crypto/createNaClSharedSecret/createNaClSharedSecret.d.ts +6 -1
  22. package/dist/phantomRedirect/utils/crypto/createNaClSharedSecret/createNaClSharedSecret.d.ts.map +1 -1
  23. package/dist/{solanaTransferAmount-BUwYKL-l.esm.js → solanaTransferAmount-DX35Wg5S.esm.js} +2 -2
  24. package/dist/{solanaTransferAmount-BUwYKL-l.esm.js.map → solanaTransferAmount-DX35Wg5S.esm.js.map} +1 -1
  25. package/dist/{solanaTransferAmount-Fq-SN353.cjs → solanaTransferAmount-vxHlmm9z.cjs} +2 -2
  26. package/dist/{solanaTransferAmount-Fq-SN353.cjs.map → solanaTransferAmount-vxHlmm9z.cjs.map} +1 -1
  27. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  28. package/dist/waas.cjs +2 -2
  29. package/dist/waas.esm.js +2 -2
  30. package/dist/walletConnect.cjs +1 -1
  31. package/dist/walletConnect.esm.js +1 -1
  32. package/dist/walletStandard.cjs +3 -3
  33. package/dist/walletStandard.esm.js +3 -3
  34. package/package.json +6 -6
package/dist/index.esm.js CHANGED
@@ -1,8 +1,8 @@
1
- import { a as NotSolanaProviderError, c as isSolanaWalletAccount, d as registerSolanaNetworkProviderBuilder, f as name, i as isSolanaGasSponsorshipEnabled, l as isVersionedTransaction, n as solanaExecuteSwapTransaction, o as isSolanaWalletProvider, p as version, r as signAndSendTransaction, s as solanaConfirmTransaction, t as solanaTransferAmount, u as getSolanaConnection } from "./solanaTransferAmount-BUwYKL-l.esm.js";
1
+ import { a as NotSolanaProviderError, c as isSolanaWalletAccount, d as registerSolanaNetworkProviderBuilder, f as name, i as isSolanaGasSponsorshipEnabled, l as isVersionedTransaction, n as solanaExecuteSwapTransaction, o as isSolanaWalletProvider, p as version, r as signAndSendTransaction, s as solanaConfirmTransaction, t as solanaTransferAmount, u as getSolanaConnection } from "./solanaTransferAmount-DX35Wg5S.esm.js";
2
2
  import { t as assertBufferAvailable } from "./assertBufferAvailable-b4xOlERy.esm.js";
3
- import { n as SponsorTransactionError, t as addWaasSolanaExtension } from "./addWaasSolanaExtension-CA2poieU.esm.js";
4
- import "./createWalletProviderFromSolanaStandardWallet-DmmM6Suh.esm.js";
5
- import { t as addSolanaWalletStandardExtension } from "./addSolanaWalletStandardExtension-jxPULYI0.esm.js";
3
+ import { n as SponsorTransactionError, t as addWaasSolanaExtension } from "./addWaasSolanaExtension-CzXKrlYb.esm.js";
4
+ import "./createWalletProviderFromSolanaStandardWallet-CKgaSEl8.esm.js";
5
+ import { t as addSolanaWalletStandardExtension } from "./addSolanaWalletStandardExtension-BGeu9CyF.esm.js";
6
6
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
7
7
  import { MethodNotImplementedError, WalletProviderPriority, assertDefined, createApiClient, createDeferredPromise, createRuntimeServiceAccessKey, createStorageKeySchema, emitEvent, formatWalletProviderGroupKey, formatWalletProviderKey, getActiveNetworkIdFromLastKnownRegistry, getBuffer, getCore, getDefaultClient, getNetworkProviders, getWalletProviderFromWalletAccount, getWalletProviderRegistry, hasExtension, randomString, registerExtension } from "@dynamic-labs-sdk/client/core";
8
8
  import { BaseError, FeeEstimationFailedError, InvalidParamError, SimulationFailedError, getActiveNetworkData, getDefaultClient as getDefaultClient$1, onEvent, onceEvent } from "@dynamic-labs-sdk/client";
@@ -331,18 +331,368 @@ const broadcastPhantomEvent = ({ args, event }, client) => {
331
331
  });
332
332
  };
333
333
 
334
+ //#endregion
335
+ //#region src/phantomRedirect/errors/PhantomInvalidEncryptionPublicKeyError.ts
336
+ var PhantomInvalidEncryptionPublicKeyError = class extends BaseError {
337
+ constructor() {
338
+ super({
339
+ cause: null,
340
+ code: "phantom_invalid_encryption_public_key_error",
341
+ docsUrl: null,
342
+ name: "PhantomInvalidEncryptionPublicKeyError",
343
+ shortMessage: "Invalid Phantom encryption public key (low-order point rejected)."
344
+ });
345
+ }
346
+ };
347
+
334
348
  //#endregion
335
349
  //#region src/phantomRedirect/utils/crypto/createNaClSharedSecret/createNaClSharedSecret.ts
336
350
  /**
351
+ * The length, in bytes, of a Curve25519 public key.
352
+ */
353
+ const CURVE25519_PUBLIC_KEY_LENGTH = 32;
354
+ /**
355
+ * The complete set of known Curve25519 low-order point encodings.
356
+ *
357
+ * A malicious Phantom redirect can supply one of these as
358
+ * `phantom_encryption_public_key`. X25519 with a low-order base point produces
359
+ * a small, universally-known shared secret (independent of our secret key),
360
+ * letting an attacker decrypt/forge the connect response and overwrite the
361
+ * connected wallet address. We reject them before deriving the box secret.
362
+ *
363
+ * Source: RFC 7748 / the canonical list of the 8 Curve25519 low-order points.
364
+ */
365
+ const CURVE25519_LOW_ORDER_POINTS = [
366
+ new Uint8Array([
367
+ 0,
368
+ 0,
369
+ 0,
370
+ 0,
371
+ 0,
372
+ 0,
373
+ 0,
374
+ 0,
375
+ 0,
376
+ 0,
377
+ 0,
378
+ 0,
379
+ 0,
380
+ 0,
381
+ 0,
382
+ 0,
383
+ 0,
384
+ 0,
385
+ 0,
386
+ 0,
387
+ 0,
388
+ 0,
389
+ 0,
390
+ 0,
391
+ 0,
392
+ 0,
393
+ 0,
394
+ 0,
395
+ 0,
396
+ 0,
397
+ 0,
398
+ 0
399
+ ]),
400
+ new Uint8Array([
401
+ 1,
402
+ 0,
403
+ 0,
404
+ 0,
405
+ 0,
406
+ 0,
407
+ 0,
408
+ 0,
409
+ 0,
410
+ 0,
411
+ 0,
412
+ 0,
413
+ 0,
414
+ 0,
415
+ 0,
416
+ 0,
417
+ 0,
418
+ 0,
419
+ 0,
420
+ 0,
421
+ 0,
422
+ 0,
423
+ 0,
424
+ 0,
425
+ 0,
426
+ 0,
427
+ 0,
428
+ 0,
429
+ 0,
430
+ 0,
431
+ 0,
432
+ 0
433
+ ]),
434
+ new Uint8Array([
435
+ 224,
436
+ 235,
437
+ 122,
438
+ 124,
439
+ 59,
440
+ 65,
441
+ 184,
442
+ 174,
443
+ 22,
444
+ 86,
445
+ 227,
446
+ 250,
447
+ 241,
448
+ 159,
449
+ 196,
450
+ 106,
451
+ 218,
452
+ 9,
453
+ 141,
454
+ 235,
455
+ 156,
456
+ 50,
457
+ 177,
458
+ 253,
459
+ 134,
460
+ 98,
461
+ 5,
462
+ 22,
463
+ 95,
464
+ 73,
465
+ 184,
466
+ 0
467
+ ]),
468
+ new Uint8Array([
469
+ 95,
470
+ 156,
471
+ 149,
472
+ 188,
473
+ 163,
474
+ 80,
475
+ 140,
476
+ 36,
477
+ 177,
478
+ 208,
479
+ 177,
480
+ 85,
481
+ 156,
482
+ 131,
483
+ 239,
484
+ 91,
485
+ 4,
486
+ 68,
487
+ 92,
488
+ 196,
489
+ 88,
490
+ 28,
491
+ 142,
492
+ 134,
493
+ 216,
494
+ 34,
495
+ 78,
496
+ 221,
497
+ 208,
498
+ 159,
499
+ 17,
500
+ 87
501
+ ]),
502
+ new Uint8Array([
503
+ 236,
504
+ 255,
505
+ 255,
506
+ 255,
507
+ 255,
508
+ 255,
509
+ 255,
510
+ 255,
511
+ 255,
512
+ 255,
513
+ 255,
514
+ 255,
515
+ 255,
516
+ 255,
517
+ 255,
518
+ 255,
519
+ 255,
520
+ 255,
521
+ 255,
522
+ 255,
523
+ 255,
524
+ 255,
525
+ 255,
526
+ 255,
527
+ 255,
528
+ 255,
529
+ 255,
530
+ 255,
531
+ 255,
532
+ 255,
533
+ 255,
534
+ 127
535
+ ]),
536
+ new Uint8Array([
537
+ 237,
538
+ 255,
539
+ 255,
540
+ 255,
541
+ 255,
542
+ 255,
543
+ 255,
544
+ 255,
545
+ 255,
546
+ 255,
547
+ 255,
548
+ 255,
549
+ 255,
550
+ 255,
551
+ 255,
552
+ 255,
553
+ 255,
554
+ 255,
555
+ 255,
556
+ 255,
557
+ 255,
558
+ 255,
559
+ 255,
560
+ 255,
561
+ 255,
562
+ 255,
563
+ 255,
564
+ 255,
565
+ 255,
566
+ 255,
567
+ 255,
568
+ 127
569
+ ]),
570
+ new Uint8Array([
571
+ 238,
572
+ 255,
573
+ 255,
574
+ 255,
575
+ 255,
576
+ 255,
577
+ 255,
578
+ 255,
579
+ 255,
580
+ 255,
581
+ 255,
582
+ 255,
583
+ 255,
584
+ 255,
585
+ 255,
586
+ 255,
587
+ 255,
588
+ 255,
589
+ 255,
590
+ 255,
591
+ 255,
592
+ 255,
593
+ 255,
594
+ 255,
595
+ 255,
596
+ 255,
597
+ 255,
598
+ 255,
599
+ 255,
600
+ 255,
601
+ 255,
602
+ 127
603
+ ]),
604
+ new Uint8Array([
605
+ 205,
606
+ 235,
607
+ 122,
608
+ 124,
609
+ 59,
610
+ 65,
611
+ 184,
612
+ 174,
613
+ 22,
614
+ 86,
615
+ 227,
616
+ 250,
617
+ 241,
618
+ 159,
619
+ 196,
620
+ 106,
621
+ 218,
622
+ 9,
623
+ 141,
624
+ 235,
625
+ 156,
626
+ 50,
627
+ 177,
628
+ 253,
629
+ 134,
630
+ 98,
631
+ 5,
632
+ 22,
633
+ 95,
634
+ 73,
635
+ 184,
636
+ 128
637
+ ])
638
+ ];
639
+ /**
640
+ * Constant-time equality check for two byte arrays. No early-exit branches so
641
+ * comparison duration does not leak the content being compared.
642
+ */
643
+ const bytesEqual = ({ a, b }) => {
644
+ let diff = a.length ^ b.length;
645
+ const length = Math.min(a.length, b.length);
646
+ for (let i = 0; i < length; i += 1) diff |= a[i] ^ b[i];
647
+ return diff === 0;
648
+ };
649
+ /**
650
+ * Validates that a decoded Curve25519 public key is safe to use for X25519 key
651
+ * agreement, rejecting low-order / contributory points.
652
+ *
653
+ * Defense in depth:
654
+ * 1. Enforce the canonical 32-byte length.
655
+ * 2. Reject the known small set of low-order point encodings (blocklist).
656
+ * 3. Reject any input whose raw X25519 output (`nacl.scalarMult`) is all-zero,
657
+ * which catches low-order inputs regardless of encoding.
658
+ *
659
+ * @param params.theirPublicKey - The decoded (32-byte) peer public key
660
+ * @param params.ourSecretKey - The decoded (32-byte) local secret key
661
+ * @throws {PhantomInvalidEncryptionPublicKeyError} If the key is invalid or low-order
662
+ */
663
+ const assertValidCurve25519PublicKey = ({ theirPublicKey, ourSecretKey }) => {
664
+ if (theirPublicKey.length !== CURVE25519_PUBLIC_KEY_LENGTH) throw new PhantomInvalidEncryptionPublicKeyError();
665
+ for (const lowOrderPoint of CURVE25519_LOW_ORDER_POINTS) if (bytesEqual({
666
+ a: theirPublicKey,
667
+ b: lowOrderPoint
668
+ })) throw new PhantomInvalidEncryptionPublicKeyError();
669
+ const scalarMultOutput = nacl.scalarMult(ourSecretKey, theirPublicKey);
670
+ if (bytesEqual({
671
+ a: scalarMultOutput,
672
+ b: new Uint8Array(scalarMultOutput.length)
673
+ })) throw new PhantomInvalidEncryptionPublicKeyError();
674
+ };
675
+ /**
337
676
  * Creates a shared secret for NaCl box encryption using our secret key and their public key.
338
677
  *
678
+ * Rejects low-order / invalid Curve25519 public keys before deriving the shared
679
+ * secret, preventing an attacker from forcing the X25519 output to a known
680
+ * constant via a malicious `phantom_encryption_public_key`.
681
+ *
339
682
  * @param params.ourSecretKey - Our base58-encoded secret key
340
683
  * @param params.theirPublicKey - Their base58-encoded public key
341
684
  * @returns The base58-encoded shared secret
685
+ * @throws {PhantomInvalidEncryptionPublicKeyError} If their public key is invalid or a low-order point
342
686
  * @notInstrumented
343
687
  */
344
688
  const createNaClSharedSecret = ({ ourSecretKey, theirPublicKey }) => {
345
- const sharedSecret = nacl.box.before(bs58.decode(theirPublicKey), bs58.decode(ourSecretKey));
689
+ const theirPublicKeyBytes = bs58.decode(theirPublicKey);
690
+ const ourSecretKeyBytes = bs58.decode(ourSecretKey);
691
+ assertValidCurve25519PublicKey({
692
+ ourSecretKey: ourSecretKeyBytes,
693
+ theirPublicKey: theirPublicKeyBytes
694
+ });
695
+ const sharedSecret = nacl.box.before(theirPublicKeyBytes, ourSecretKeyBytes);
346
696
  return bs58.encode(sharedSecret);
347
697
  };
348
698