npm - @exodus/solana-lib - Versions diffs - 3.22.6 → 3.23.0 - Mend

@exodus/solana-lib 3.22.6 → 3.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +16 -0
package/package.json +3 -2
package/src/helpers/spl-token-2022.js +19 -0
package/src/index.js +1 -0
package/src/mpc.js +76 -0
package/src/transaction.js +9 -2

package/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,22 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+## [3.23.0](https://github.com/ExodusMovement/assets/compare/@exodus/solana-lib@3.22.5...@exodus/solana-lib@3.23.0) (2026-04-21)
+### Features
+* feat: add MPC signing from desktop (#7822)
+### Bug Fixes
+* fix(solana-lib): pass missing fee argument to createTransferCheckedWithFeeInstruction (#7784)
 ## [3.22.6](https://github.com/ExodusMovement/assets/compare/@exodus/solana-lib@3.22.5...@exodus/solana-lib@3.22.6) (2026-04-14)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@exodus/solana-lib",
-  "version": "3.22.6",
+  "version": "3.23.0",
   "description": "Solana utils, such as for cryptography, address encoding/decoding, transaction building, etc.",
   "type": "module",
   "main": "src/index.js",
@@ -28,6 +28,7 @@
     "@exodus/currency": "^6.0.1",
     "@exodus/key-utils": "^3.7.0",
     "@exodus/solana-web3.js": "^1.63.1-exodus.9-rc4",
+    "@noble/ed25519": "^1.7.5",
     "bn.js": "^5.2.1",
     "borsh": "^0.7.0",
     "bs58": "^4.0.1",
@@ -48,5 +49,5 @@
     "type": "git",
     "url": "git+https://github.com/ExodusMovement/assets.git"
   },
-  "gitHead": "295b2329dc3925220d02e7c19c3eb21870276ba4"
+  "gitHead": "a500e7aa96e24bfc673f1bb354eb0f662f7d5d82"
 }

package/src/helpers/spl-token-2022.js CHANGED Viewed

@@ -190,6 +190,25 @@ export function decodeTransferCheckedWithFeeInstructionUnchecked({
 // utils
+const ONE_IN_BASIS_POINTS = new BN(10_000)
+/**
+ * Calculate the transfer fee for a Token-2022 transfer.
+ * Uses the same ceiling-division formula as the on-chain program.
+ *
+ * @param amount           BN — the pre-fee transfer amount
+ * @param feeBasisPoints   number — transfer fee in basis points (0 or absent means no fee)
+ * @param maximumFee       number|string — maximum fee cap
+ * @returns BN — the calculated fee
+ */
+export function calculateTransferFee(amount, feeBasisPoints, maximumFee) {
+  if (!feeBasisPoints) return new BN(0)
+  const numerator = amount.mul(new BN(feeBasisPoints))
+  const rawFee = numerator.add(ONE_IN_BASIS_POINTS).subn(1).div(ONE_IN_BASIS_POINTS)
+  if (maximumFee == null) return rawFee
+  return BN.min(rawFee, new BN(maximumFee))
+}
 export function addSigners(
   keys, // AccountMeta[],
   ownerOrAuthority, // PublicKey,

package/src/index.js CHANGED Viewed

@@ -22,3 +22,4 @@ export {
   createApproveDelegationTx,
   createRevokeDelegationTx,
 } from './helpers/token-delegation.js'
+export { createAndSignTxWithMpcKey, getAddressFromMpcKey, isMpcKey } from './mpc.js'

package/src/mpc.js ADDED Viewed

@@ -0,0 +1,76 @@
+import { hash } from '@exodus/crypto/hash'
+import { CURVE, getPublicKey, Point, utils } from '@noble/ed25519'
+import bs58 from 'bs58'
+import { getAddressFromPublicKey } from './encode.js'
+import { createUnsignedTx, signUnsignedTxWithSigner } from './tx/index.js'
+const N = CURVE.n
+const G = Point.BASE
+const bytesToNumberLE = (buf) => BigInt('0x' + Buffer.from(buf).reverse().toString('hex'))
+const pad = (num, pad) => num.toString(16).padStart(pad, '0')
+const hexToBytesPaddedLE = (num) => utils.hexToBytes(pad(num, 32 * 2)).reverse()
+const modLE = (hash) => utils.mod(bytesToNumberLE(hash), N)
+const sha512 = (data) => hash('sha512', data)
+const getExtendedPublicKey = async (priv) => {
+  const hashed = await sha512(priv)
+  const prefix = hashed.slice(32, 64) // ignore the first 32 bytes generally used to generate scalar
+  const scalar = modLE(priv) // interpret private key bytes directly as scalar
+  const point = G.multiply(scalar) // public key point
+  const pointBytes = point.toRawBytes() // point serialized to Uint8Array
+  return { prefix, scalar, point, pointBytes }
+}
+const sign = async (data, privKey) => {
+  const { pointBytes: P, scalar: s, prefix } = await getExtendedPublicKey(privKey)
+  const rBytes = await sha512(utils.concatBytes(prefix, data)) // r = SHA512(dom2(F, C) || prefix || PH(M))
+  const r = modLE(rBytes)
+  const R = G.multiply(r).toRawBytes() // R = [r]B
+  const hashable = utils.concatBytes(R, P, data) // dom2(F, C) || R || A || PH(M)
+  const hashed = await sha512(hashable)
+  const signature = utils.mod(r + modLE(hashed) * s, N) // S = (r + k * s) mod L; 0 <= s < l
+  return utils.concatBytes(R, hexToBytesPaddedLE(signature))
+}
+const multiplyWithBase = (scalar) => {
+  const scalarNumber = bytesToNumberLE(scalar)
+  return G.multiply(scalarNumber)
+}
+export async function createAndSignTxWithMpcKey(input, key) {
+  const unsignedTx = createUnsignedTx(input)
+  const decoded = bs58.decode(key)
+  const publicKey = decoded.slice(32)
+  const privateScalar = decoded.slice(0, 32)
+  return signUnsignedTxWithSigner(unsignedTx, {
+    getPublicKey: async () => publicKey,
+    sign: async ({ data }) => sign(data, privateScalar),
+  })
+}
+export const getAddressFromMpcKey = (key) => {
+  const decoded = bs58.decode(key)
+  return getAddressFromPublicKey(decoded.slice(32))
+}
+export const isMpcKey = async (key) => {
+  try {
+    const decoded = bs58.decode(key)
+    if (decoded.length !== 64) return false
+    const seedOrScalar = decoded.slice(0, 32)
+    const publicKey = decoded.slice(32)
+    const derivedPublicKey = await getPublicKey(seedOrScalar)
+    if (Buffer.compare(derivedPublicKey, publicKey) === 0) {
+      return false // PK is a seed not a scalar
+    }
+    const directlyDerived = await multiplyWithBase(seedOrScalar)
+    return Buffer.compare(directlyDerived.toRawBytes(), publicKey) === 0
+  } catch {
+    return false
+  }
+}

package/src/transaction.js CHANGED Viewed

@@ -4,7 +4,10 @@ import assert from 'minimalistic-assert'
 import { SEED, STAKE_PROGRAM_ID, TOKEN_2022_PROGRAM_ID } from './constants.js'
 import { createStakeAddress, findAssociatedTokenAddress } from './encode.js'
-import { createTransferCheckedWithFeeInstruction } from './helpers/spl-token-2022.js'
+import {
+  calculateTransferFee,
+  createTransferCheckedWithFeeInstruction,
+} from './helpers/spl-token-2022.js'
 import {
   createAssociatedTokenAccount,
   createCloseAccountInstruction,
@@ -175,6 +178,8 @@ class Tx {
       decimals,
       isDelegated,
       delegatedAmount,
+      feeBasisPoints,
+      maximumFee,
     } of fromTokenAddresses) {
       // need to add more of this instruction until we reach the desired balance (amount) to send
       assert(mintAddress === tokenMintAddress, `Got unexpected mintAddress ${mintAddress}`)
@@ -207,13 +212,15 @@ class Tx {
         : to
       let tokenTransferInstruction
       if (tokenProgram === TOKEN_2022_PROGRAM_ID.toBase58()) {
+        const transferFee = calculateTransferFee(amountToSend, feeBasisPoints, maximumFee)
         tokenTransferInstruction = createTransferCheckedWithFeeInstruction(
           tokenAccountAddress,
           tokenMintAddress,
           dest,
           from,
           amountToSend,
-          decimals // token decimals
+          decimals,
+          transferFee
         )
       } else {
         tokenTransferInstruction = createTokenTransferCheckedInstruction(