@exodus/bitcoin-api 4.9.5 → 4.10.0

package/CHANGELOG.md

@@ -3,6 +3,32 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [4.10.0](https://github.com/ExodusMovement/assets/compare/@exodus/bitcoin-api@4.9.6...@exodus/bitcoin-api@4.10.0) (2026-03-11)
+
+
+### Features
+
+
+* feat: extract trace id in bitcoin (#7278)
+
+
+### Bug Fixes
+
+
+* fix(bitcoin-api): avoid restoring spent dropped inputs (#7559)
+
+
+
+## [4.9.6](https://github.com/ExodusMovement/assets/compare/@exodus/bitcoin-api@4.9.5...@exodus/bitcoin-api@4.9.6) (2026-03-02)
+
+
+### Bug Fixes
+
+
+* fix(bitcoin-api): normalize witnessUtxo values for PSBT input (#7497)
+
+
+
 ## [4.9.5](https://github.com/ExodusMovement/assets/compare/@exodus/bitcoin-api@4.9.4...@exodus/bitcoin-api@4.9.5) (2026-02-14)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exodus/bitcoin-api",
-  "version": "4.9.5",
+  "version": "4.10.0",
   "description": "Bitcoin transaction and fee monitors, RPC with the blockchain node, other networking code.",
   "type": "module",
   "main": "src/index.js",
@@ -36,6 +36,7 @@
     "@exodus/safe-string": "^1.4.0",
     "@exodus/send-validation-model": "^1.0.0",
     "@exodus/simple-retry": "^0.0.6",
+    "@exodus/traceparent": "^3.0.1",
     "bech32": "^1.1.3",
     "bip32-path": "^0.4.2",
     "bs58check": "^3.0.1",
@@ -61,5 +62,5 @@
     "type": "git",
     "url": "git+https://github.com/ExodusMovement/assets.git"
   },
-  "gitHead": "8c4fcde522beb978df6a5099e0fa9e34bb4a7e04"
+  "gitHead": "2d0154787aed614543dcfcc0f4c216d7057fcbb2"
 }

package/src/insight-api-client/index.js

@@ -1,5 +1,6 @@
 import { safeString } from '@exodus/safe-string'
 import { retry } from '@exodus/simple-retry'
+import { TraceId } from '@exodus/traceparent'
 import delay from 'delay'
 import lodash from 'lodash'
 import urlJoin from 'url-join'
@@ -23,6 +24,19 @@ const INSIGHT_HTTP_ERROR_BROADCAST_MESSAGE = safeString`insight-api-http-error:b
 const INSIGHT_HTTP_ERROR_CLAIMABLE_MESSAGE = safeString`insight-api-http-error:claimable`
 const INSIGHT_HTTP_ERROR_UNCLAIMED_MESSAGE = safeString`insight-api-http-error:unclaimed`
 
+const parseBroadcastErrorReason = (data) => {
+  if (!data) {
+    return null
+  }
+
+  try {
+    const parsed = JSON.parse(data)
+    return parsed?.error || data
+  } catch {
+    return data
+  }
+}
+
 const fetchJson = async (
   url,
   fetchOptions,
@@ -35,8 +49,11 @@ const fetchJson = async (
     return null
   }
 
+  const traceId = TraceId.fromResponse(response)
+
   if (!response.ok) {
     const error = new Error(httpErrorMessage)
+    error.traceId = traceId
     error.code = `${response.status}`
     throw error
   }
@@ -44,7 +61,9 @@ const fetchJson = async (
   try {
     return await response.json()
   } catch (err) {
-    throw new Error(INSIGHT_JSON_ERROR_MESSAGE, { cause: err })
+    const error = new Error(INSIGHT_JSON_ERROR_MESSAGE, { cause: err })
+    error.traceId = traceId
+    throw error
   }
 }
 
@@ -204,12 +223,16 @@ export default class InsightAPIClient {
     const response = await fetch(url, fetchOptions)
     let data = await response.text()
 
+    const traceId = TraceId.fromResponse(response)
+
     if (!response.ok) {
       console.warn('Insight Broadcast HTTP Error:')
       console.warn(response.statusText)
       console.warn(data)
       const error = new Error(INSIGHT_HTTP_ERROR_BROADCAST_MESSAGE)
+      error.traceId = traceId
       error.code = `${response.status}`
+      error.reason = parseBroadcastErrorReason(data)
       throw error
     }
 
@@ -221,7 +244,9 @@ export default class InsightAPIClient {
     }
 
     if (!data.txid) {
-      throw new Error(INSIGHT_MISSING_TXID_MESSAGE)
+      const error = new Error(INSIGHT_MISSING_TXID_MESSAGE)
+      error.traceId = traceId
+      throw error
     }
   }
 

package/src/psbt-builder.js

@@ -6,6 +6,7 @@ import { SubType, writePsbtGlobalField, writePsbtOutputField } from './psbt-prop
 import {
   getAddressType,
   getPurposeXPubs,
+  normalizeWitnessUtxoValue,
   setPsbtVersionIfNotBitcoin,
   validatePurpose,
 } from './psbt-utils.js'
@@ -112,7 +113,7 @@ function createPsbtInput({
 
   if (isWrappedSegwitAddress || isSegwitAddress || isTaprootAddress) {
     psbtInput.witnessUtxo = {
-      value: input.value,
+      value: normalizeWitnessUtxoValue(input.value),
       script: Buffer.from(input.script, 'hex'),
     }
   }
@@ -132,7 +133,7 @@ function createPsbtInput({
       // vendor forks, malformed historical data). When that happens we fall back to a
       // witness-only record and rely on the signer to opt-in to __UNSAFE_SIGN_NONSEGWIT.
       psbtInput.witnessUtxo = {
-        value: input.value,
+        value: normalizeWitnessUtxoValue(input.value),
         script: Buffer.from(input.script, 'hex'),
       }
     }

package/src/psbt-utils.js

@@ -132,6 +132,39 @@ export async function withUnsafeNonSegwit({ psbt, fn, unsafe = true }) {
   }
 }
 
+export function normalizeWitnessUtxoValue(value) {
+  if (typeof value === 'number') {
+    if (!Number.isSafeInteger(value)) {
+      throw new TypeError('witnessUtxo value does not fit in a safe integer')
+    }
+
+    return value
+  }
+
+  if (typeof value === 'bigint') {
+    if (!Number.isSafeInteger(Number(value))) {
+      throw new TypeError('witnessUtxo value does not fit in a safe integer')
+    }
+
+    return Number(value)
+  }
+
+  if (Buffer.isBuffer(value)) {
+    if (value.length !== 8) {
+      throw new Error(`Unexpected witnessUtxo value buffer size: ${value.length}`)
+    }
+
+    const parsed = value.readBigUInt64LE(0)
+    if (parsed > BigInt(Number.MAX_SAFE_INTEGER)) {
+      throw new Error('witnessUtxo value does not fit in a safe integer')
+    }
+
+    return Number(parsed)
+  }
+
+  throw new TypeError(`Unsupported witnessUtxo value type: ${typeof value}`)
+}
+
 export function setPsbtVersionIfNotBitcoin(psbt, assetName) {
   if (!['bitcoin', 'bitcoinregtest', 'bitcointestnet'].includes(assetName)) psbt.setVersion(1)
 }

package/src/tx-log/bitcoin-monitor-scanner.js

@@ -632,9 +632,16 @@ export class BitcoinMonitorScanner {
             continue
           }
 
-          const tx = await insightClient.fetchTx(utxo.txId)
-          if (tx) {
-            // previously spent tx still exists, readd utxo
+          let prevTx = null
+          try {
+            prevTx = await insightClient.fetchTxObject(utxo.txId)
+          } catch {
+            prevTx = null
+          }
+
+          const prevOutput = prevTx?.vout?.find((output) => output.n === utxo.vout)
+          if (prevOutput && !prevOutput.spentTxId) {
+            // Only readd inputs whose exact outpoint is still unspent.
             utxosToAdd.push(utxo)
           }
         }

package/src/tx-send/broadcast-tx.js

@@ -1,5 +1,7 @@
 import { retry } from '@exodus/simple-retry'
 
+const getErrorText = (error) => [error?.message, error?.reason].filter(Boolean).join(' ')
+
 /**
  * Broadcast a signed transaction to the Bitcoin network with retry logic
  * @param {Object} params
@@ -14,14 +16,15 @@ export async function broadcastTransaction({ asset, rawTx }) {
       try {
         return await asset.api.broadcastTx(rawTxHex)
       } catch (e) {
+        const errorText = getErrorText(e)
         // Mark certain errors as final (non-retryable)
         if (
-          /missing inputs/i.test(e.message) ||
-          /absurdly-high-fee/.test(e.message) ||
-          /too-long-mempool-chain/.test(e.message) ||
-          /txn-mempool-conflict/.test(e.message) ||
-          /tx-size/.test(e.message) ||
-          /txn-already-in-mempool/.test(e.message)
+          /(missing inputs|missingorspent)/i.test(errorText) ||
+          /absurdly-high-fee/.test(errorText) ||
+          /too-long-mempool-chain/.test(errorText) ||
+          /txn-mempool-conflict/.test(errorText) ||
+          /tx-size/.test(errorText) ||
+          /txn-already-in-mempool/.test(errorText)
         ) {
           e.finalError = true
         }
@@ -37,7 +40,7 @@ export async function broadcastTransaction({ asset, rawTx }) {
   try {
     await broadcastTxWithRetry(rawTxHex)
   } catch (err) {
-    if (err.message.includes('txn-already-in-mempool')) {
+    if (getErrorText(err).includes('txn-already-in-mempool')) {
       // Not an error, transaction is already broadcast
       console.log('Transaction is already in the mempool.')
       return

package/src/tx-send/index.js

@@ -6,6 +6,8 @@ import { extractTransactionContext } from '../psbt-parser.js'
 import { broadcastTransaction } from './broadcast-tx.js'
 import { updateAccountState, updateTransactionLog } from './update-state.js'
 
+const getErrorText = (error) => [error?.message, error?.reason].filter(Boolean).join(' ')
+
 const checkTxExists = async ({ asset, txId }) => {
   try {
     const tx = await asset.insightClient.fetchTx(txId)
@@ -212,7 +214,7 @@ export const sendTxFactory = ({
       if (txExists) {
         console.warn(`tx-send: ${assetName} tx already broadcast`, txId)
       } else {
-        if (/insight broadcast http error.*missing inputs/i.test(err.message)) {
+        if (/(missing inputs|missingorspent)/i.test(getErrorText(err))) {
           err.txInfo = JSON.stringify({
             amount: sendAmount.toDefaultString({ unit: true }),
             fee: ((fee && fee.toDefaultString({ unit: true })) || 0).toString(),

package/src/tx-sign/default-prepare-for-signing.js

@@ -2,7 +2,7 @@ import { Psbt as DefaultPsbt, Transaction as DefaultTransaction } from '@exodus/
 import assert from 'minimalistic-assert'
 
 import { writePsbtBlockHeight } from '../psbt-proprietary-types.js'
-import { setPsbtVersionIfNotBitcoin } from '../psbt-utils.js'
+import { normalizeWitnessUtxoValue, setPsbtVersionIfNotBitcoin } from '../psbt-utils.js'
 import { getMaximumFeeRate } from './maximum-fee-rates.js'
 
 /**
@@ -115,7 +115,10 @@ function createPsbtFromTxData({
 
     if (isSegwitAddress || isTaprootAddress) {
       // taproot outputs only require the value and the script, not the full transaction
-      txIn.witnessUtxo = { value, script: Buffer.from(script, 'hex') }
+      txIn.witnessUtxo = {
+        value: normalizeWitnessUtxoValue(value),
+        script: Buffer.from(script, 'hex'),
+      }
     }
 
     const rawTx = (rawTxs || []).find((t) => t.txId === txId)
@@ -130,7 +133,10 @@ function createPsbtFromTxData({
         // temp fix for https://exodusio.slack.com/archives/CP202D90Q/p1671014704829939 until bitcoinjs could parse a mweb tx without failing
         console.warn(`Setting psbt.__CACHE.__UNSAFE_SIGN_NONSEGWIT = true for asset ${assetName}`)
         psbt.__CACHE.__UNSAFE_SIGN_NONSEGWIT = true
-        txIn.witnessUtxo = { value, script: Buffer.from(script, 'hex') }
+        txIn.witnessUtxo = {
+          value: normalizeWitnessUtxoValue(value),
+          script: Buffer.from(script, 'hex'),
+        }
       }
     }