@exodus/solana-lib 3.22.5 → 3.23.0

package/CHANGELOG.md

@@ -3,6 +3,32 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [3.23.0](https://github.com/ExodusMovement/assets/compare/@exodus/solana-lib@3.22.5...@exodus/solana-lib@3.23.0) (2026-04-21)
+
+
+### Features
+
+
+* feat: add MPC signing from desktop (#7822)
+
+
+### Bug Fixes
+
+
+* fix(solana-lib): pass missing fee argument to createTransferCheckedWithFeeInstruction (#7784)
+
+
+
+## [3.22.6](https://github.com/ExodusMovement/assets/compare/@exodus/solana-lib@3.22.5...@exodus/solana-lib@3.22.6) (2026-04-14)
+
+
+### Bug Fixes
+
+
+* fix(solana-lib): rename account to tokenPublicKey in createCloseAccountTransaction (#7783)
+
+
+
 ## [3.22.5](https://github.com/ExodusMovement/assets/compare/@exodus/solana-lib@3.22.4...@exodus/solana-lib@3.22.5) (2026-04-04)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exodus/solana-lib",
-  "version": "3.22.5",
+  "version": "3.23.0",
   "description": "Solana utils, such as for cryptography, address encoding/decoding, transaction building, etc.",
   "type": "module",
   "main": "src/index.js",
@@ -28,6 +28,7 @@
     "@exodus/currency": "^6.0.1",
     "@exodus/key-utils": "^3.7.0",
     "@exodus/solana-web3.js": "^1.63.1-exodus.9-rc4",
+    "@noble/ed25519": "^1.7.5",
     "bn.js": "^5.2.1",
     "borsh": "^0.7.0",
     "bs58": "^4.0.1",
@@ -48,5 +49,5 @@
     "type": "git",
     "url": "git+https://github.com/ExodusMovement/assets.git"
   },
-  "gitHead": "a2cd3fbc02d07f1c3dc127be4d7896292d2dc967"
+  "gitHead": "a500e7aa96e24bfc673f1bb354eb0f662f7d5d82"
 }

package/src/helpers/spl-token-2022.js

@@ -190,6 +190,25 @@ export function decodeTransferCheckedWithFeeInstructionUnchecked({
 
 // utils
 
+const ONE_IN_BASIS_POINTS = new BN(10_000)
+
+/**
+ * Calculate the transfer fee for a Token-2022 transfer.
+ * Uses the same ceiling-division formula as the on-chain program.
+ *
+ * @param amount           BN — the pre-fee transfer amount
+ * @param feeBasisPoints   number — transfer fee in basis points (0 or absent means no fee)
+ * @param maximumFee       number|string — maximum fee cap
+ * @returns BN — the calculated fee
+ */
+export function calculateTransferFee(amount, feeBasisPoints, maximumFee) {
+  if (!feeBasisPoints) return new BN(0)
+  const numerator = amount.mul(new BN(feeBasisPoints))
+  const rawFee = numerator.add(ONE_IN_BASIS_POINTS).subn(1).div(ONE_IN_BASIS_POINTS)
+  if (maximumFee == null) return rawFee
+  return BN.min(rawFee, new BN(maximumFee))
+}
+
 export function addSigners(
   keys, // AccountMeta[],
   ownerOrAuthority, // PublicKey,

package/src/index.js

@@ -22,3 +22,4 @@ export {
   createApproveDelegationTx,
   createRevokeDelegationTx,
 } from './helpers/token-delegation.js'
+export { createAndSignTxWithMpcKey, getAddressFromMpcKey, isMpcKey } from './mpc.js'

package/src/mpc.js

@@ -0,0 +1,76 @@
+import { hash } from '@exodus/crypto/hash'
+import { CURVE, getPublicKey, Point, utils } from '@noble/ed25519'
+import bs58 from 'bs58'
+
+import { getAddressFromPublicKey } from './encode.js'
+import { createUnsignedTx, signUnsignedTxWithSigner } from './tx/index.js'
+
+const N = CURVE.n
+const G = Point.BASE
+
+const bytesToNumberLE = (buf) => BigInt('0x' + Buffer.from(buf).reverse().toString('hex'))
+const pad = (num, pad) => num.toString(16).padStart(pad, '0')
+const hexToBytesPaddedLE = (num) => utils.hexToBytes(pad(num, 32 * 2)).reverse()
+const modLE = (hash) => utils.mod(bytesToNumberLE(hash), N)
+const sha512 = (data) => hash('sha512', data)
+
+const getExtendedPublicKey = async (priv) => {
+  const hashed = await sha512(priv)
+  const prefix = hashed.slice(32, 64) // ignore the first 32 bytes generally used to generate scalar
+  const scalar = modLE(priv) // interpret private key bytes directly as scalar
+  const point = G.multiply(scalar) // public key point
+  const pointBytes = point.toRawBytes() // point serialized to Uint8Array
+  return { prefix, scalar, point, pointBytes }
+}
+
+const sign = async (data, privKey) => {
+  const { pointBytes: P, scalar: s, prefix } = await getExtendedPublicKey(privKey)
+  const rBytes = await sha512(utils.concatBytes(prefix, data)) // r = SHA512(dom2(F, C) || prefix || PH(M))
+  const r = modLE(rBytes)
+  const R = G.multiply(r).toRawBytes() // R = [r]B
+  const hashable = utils.concatBytes(R, P, data) // dom2(F, C) || R || A || PH(M)
+  const hashed = await sha512(hashable)
+  const signature = utils.mod(r + modLE(hashed) * s, N) // S = (r + k * s) mod L; 0 <= s < l
+  return utils.concatBytes(R, hexToBytesPaddedLE(signature))
+}
+
+const multiplyWithBase = (scalar) => {
+  const scalarNumber = bytesToNumberLE(scalar)
+  return G.multiply(scalarNumber)
+}
+
+export async function createAndSignTxWithMpcKey(input, key) {
+  const unsignedTx = createUnsignedTx(input)
+  const decoded = bs58.decode(key)
+  const publicKey = decoded.slice(32)
+  const privateScalar = decoded.slice(0, 32)
+
+  return signUnsignedTxWithSigner(unsignedTx, {
+    getPublicKey: async () => publicKey,
+    sign: async ({ data }) => sign(data, privateScalar),
+  })
+}
+
+export const getAddressFromMpcKey = (key) => {
+  const decoded = bs58.decode(key)
+  return getAddressFromPublicKey(decoded.slice(32))
+}
+
+export const isMpcKey = async (key) => {
+  try {
+    const decoded = bs58.decode(key)
+    if (decoded.length !== 64) return false
+    const seedOrScalar = decoded.slice(0, 32)
+    const publicKey = decoded.slice(32)
+    const derivedPublicKey = await getPublicKey(seedOrScalar)
+
+    if (Buffer.compare(derivedPublicKey, publicKey) === 0) {
+      return false // PK is a seed not a scalar
+    }
+
+    const directlyDerived = await multiplyWithBase(seedOrScalar)
+    return Buffer.compare(directlyDerived.toRawBytes(), publicKey) === 0
+  } catch {
+    return false
+  }
+}

package/src/transaction.js

@@ -4,7 +4,10 @@ import assert from 'minimalistic-assert'
 
 import { SEED, STAKE_PROGRAM_ID, TOKEN_2022_PROGRAM_ID } from './constants.js'
 import { createStakeAddress, findAssociatedTokenAddress } from './encode.js'
-import { createTransferCheckedWithFeeInstruction } from './helpers/spl-token-2022.js'
+import {
+  calculateTransferFee,
+  createTransferCheckedWithFeeInstruction,
+} from './helpers/spl-token-2022.js'
 import {
   createAssociatedTokenAccount,
   createCloseAccountInstruction,
@@ -175,6 +178,8 @@ class Tx {
       decimals,
       isDelegated,
       delegatedAmount,
+      feeBasisPoints,
+      maximumFee,
     } of fromTokenAddresses) {
       // need to add more of this instruction until we reach the desired balance (amount) to send
       assert(mintAddress === tokenMintAddress, `Got unexpected mintAddress ${mintAddress}`)
@@ -207,13 +212,15 @@ class Tx {
         : to
       let tokenTransferInstruction
       if (tokenProgram === TOKEN_2022_PROGRAM_ID.toBase58()) {
+        const transferFee = calculateTransferFee(amountToSend, feeBasisPoints, maximumFee)
         tokenTransferInstruction = createTransferCheckedWithFeeInstruction(
           tokenAccountAddress,
           tokenMintAddress,
           dest,
           from,
           amountToSend,
-          decimals // token decimals
+          decimals,
+          transferFee
         )
       } else {
         tokenTransferInstruction = createTokenTransferCheckedInstruction(

package/src/tx/prepare-for-signing.js

@@ -255,10 +255,15 @@ const createTokenTransaction = (
     options
   ).transaction
 
-const createCloseAccountTransaction = ({ account, programId, recentBlockhash, walletPublicKey }) =>
+const createCloseAccountTransaction = ({
+  account: tokenPublicKey,
+  programId,
+  recentBlockhash,
+  walletPublicKey,
+}) =>
   Transaction.createCloseAccount({
-    account,
     programId,
-    recentBlockhash,
+    tokenPublicKey,
     walletPublicKey,
+    recentBlockhash,
   })