@exodus/solana-api 3.27.0 → 3.27.2

package/CHANGELOG.md

@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [3.27.2](https://github.com/ExodusMovement/assets/compare/@exodus/solana-api@3.27.1...@exodus/solana-api@3.27.2) (2026-01-12)
+
+
+### Bug Fixes
+
+
+* fix: check SOL token txs signers (#7247)
+
+
+
+## [3.27.1](https://github.com/ExodusMovement/assets/compare/@exodus/solana-api@3.27.0...@exodus/solana-api@3.27.1) (2026-01-09)
+
+**Note:** Version bump only for package @exodus/solana-api
+
+
+
+
+
 ## [3.27.0](https://github.com/ExodusMovement/assets/compare/@exodus/solana-api@3.26.6...@exodus/solana-api@3.27.0) (2026-01-08)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exodus/solana-api",
-  "version": "3.27.0",
+  "version": "3.27.2",
   "description": "Transaction monitors, fee monitors, RPC with the blockchain node, and other networking code for Solana",
   "type": "module",
   "main": "src/index.js",
@@ -33,7 +33,7 @@
     "@exodus/fetch": "^1.7.3",
     "@exodus/models": "^12.0.1",
     "@exodus/simple-retry": "^0.0.6",
-    "@exodus/solana-lib": "^3.19.0",
+    "@exodus/solana-lib": "^3.19.2",
     "@exodus/solana-meta": "^2.0.2",
     "@exodus/timer": "^1.1.1",
     "debug": "^4.1.1",
@@ -49,7 +49,7 @@
     "@exodus/assets-testing": "^1.0.0",
     "@exodus/solana-web3.js": "^1.63.1-exodus.9-rc3"
   },
-  "gitHead": "273cd4583facb72bc145c5cdfe29063f78b13491",
+  "gitHead": "f12ac3b153051649bd7c8c3f23fb3653c1ec5a55",
   "bugs": {
     "url": "https://github.com/ExodusMovement/assets/issues?q=is%3Aissue+is%3Aopen+label%3Asolana-api"
   },

package/src/api.js

@@ -7,7 +7,6 @@ import {
   buildRawTransaction,
   computeBalance,
   deserializeMetaplexMetadata,
-  EXODUS_TRUSTED_SIGNERS,
   filterAccountsByOwner,
   getMetadataAccount,
   getTransactionSimulationParams,
@@ -23,6 +22,7 @@ import urljoin from 'url-join'
 
 import { getStakeActivation } from './get-stake-activation/index.js'
 import { parseTransaction } from './tx-parser.js'
+import { isSolAddressPoisoningTx } from './txs-utils.js'
 
 const createApi = createApiCJS.default || createApiCJS
 
@@ -233,11 +233,7 @@ export class Api {
         })
 
         if (!parsedTx.from && parsedTx.tokenTxs?.length === 0 && !includeUnparsed) return // cannot parse it
-        if (
-          !parsedTx.ownerIsFeePayer &&
-          parsedTx.error &&
-          !EXODUS_TRUSTED_SIGNERS.includes(parsedTx.feePayer)
-        ) {
+        if (isSolAddressPoisoningTx({ parsedTx, address })) {
           return
         } // skip address poisoning txs attempts.
 

package/src/tx-parser.js

@@ -25,6 +25,7 @@ export const parseTransaction = (
   let { instructions, accountKeys = [] } = txDetails.transaction.message
   const feePayerPubkey = accountKeys[0].pubkey
   const ownerIsFeePayer = feePayerPubkey === ownerAddress
+  const signers = accountKeys.filter((key) => key.signer).map((key) => key.pubkey)
   const txId = txDetails.transaction.signatures[0]
 
   const getUnparsedTx = () => {
@@ -88,7 +89,7 @@ export const parseTransaction = (
           slot: txDetails.slot,
           error: !(txDetails.meta.err === null),
           ownerIsFeePayer,
-          feePayer: feePayerPubkey,
+          signers,
           owner,
           from,
           to,
@@ -222,7 +223,7 @@ export const parseTransaction = (
         type: ix.parsed.type,
         slot: txDetails.slot,
         ownerIsFeePayer,
-        feePayer: feePayerPubkey,
+        signers,
         owner: isSending ? ownerAddress : null,
         from: isSending ? ownerAddress : source,
         to: isSending ? destination : ownerAddress,
@@ -366,7 +367,7 @@ export const parseTransaction = (
         slot: txDetails.slot,
         error: !(txDetails.meta.err === null),
         ownerIsFeePayer,
-        feePayer: feePayerPubkey,
+        signers,
         ...tx,
       }))
     } else if (preTokenBalances && postTokenBalances) {
@@ -435,7 +436,7 @@ export const parseTransaction = (
     slot: txDetails.slot,
     error: !(txDetails.meta.err === null),
     ownerIsFeePayer,
-    feePayer: feePayerPubkey,
+    signers,
     ...tx,
   }
 }

package/src/txs-utils.js

@@ -23,3 +23,12 @@ export const isSolTransferInstruction = ({ program, type }) =>
 
 export const isSplMintInstruction = ({ program, type }) =>
   program === 'spl-token' && MINT_INSTRUCTION_TYPES.has(type)
+
+export const isSolAddressPoisoningTx = ({ parsedTx, address }) => {
+  return (
+    !parsedTx.ownerIsFeePayer &&
+    parsedTx.error &&
+    (parsedTx.from === address || parsedTx?.tokenTxs?.some((tx) => tx.from === address)) && // send tx
+    !parsedTx.signers.includes(address)
+  )
+}

package/src/ws-api.js

@@ -1,15 +1,9 @@
-import {
-  EXODUS_TRUSTED_SIGNERS,
-  PublicKey,
-  Token,
-  TOKEN_2022_PROGRAM_ID,
-  TOKEN_PROGRAM_ID,
-  U64,
-} from '@exodus/solana-lib'
+import { PublicKey, Token, TOKEN_2022_PROGRAM_ID, TOKEN_PROGRAM_ID, U64 } from '@exodus/solana-lib'
 import lodash from 'lodash'
 
 import { Connection } from './connection.js'
 import { parseTransaction } from './tx-parser.js'
+import { isSolAddressPoisoningTx } from './txs-utils.js'
 
 // Helius Advanced WebSocket
 const WS_ENDPOINT = 'wss://solana-helius-wss.a.exodus.io/ws' // pointing to: wss://atlas-mainnet.helius-rpc.com/?api-key=<API_KEY>
@@ -157,11 +151,7 @@ export class WsApi {
     const timestamp = Date.now() // the notification event has no blockTime
 
     if (!parsedTx.from && parsedTx.tokenTxs?.length === 0) return { logItemsByAsset: {} } // cannot parse it
-    if (
-      !parsedTx.ownerIsFeePayer &&
-      parsedTx.error &&
-      !EXODUS_TRUSTED_SIGNERS.includes(parsedTx.feePayer)
-    ) {
+    if (isSolAddressPoisoningTx({ parsedTx, address })) {
       return { logItemsByAsset: {} } // skip address poisoning txs attempts.
     }