@notabene/verify-proof 1.8.1 → 1.11.0

package/dist/tests/cosmos.test.d.ts

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@notabene/verify-proof",
-  "version": "1.8.1",
+  "version": "1.11.0",
   "description": "Verify ownership proofs",
   "source": "src/index.ts",
   "type": "module",
@@ -44,8 +44,9 @@
   },
   "dependencies": {
     "@cardano-foundation/cardano-verify-datasignature": "^1.0.11",
+    "@cosmjs/amino": "^0.34.0",
     "@noble/curves": "^1.7.0",
-    "@notabene/javascript-sdk": "^2.11.0",
+    "@notabene/javascript-sdk": "2.11.0-next.2",
     "@scure/base": "^1.2.1",
     "@stellar/stellar-sdk": "^13.1.0",
     "bip322-js": "^2.0.0",

package/src/bitcoin.ts

@@ -48,23 +48,23 @@ const CHAIN_CONFIGS: Record<string, ChainConfig> = {
   },
   dogecoin: {
     messagePrefix: "\u0019Dogecoin Signed Message:\n",
-    pubKeyHashVersion: 0x1E, // D...
+    pubKeyHashVersion: 0x1e, // D...
     scriptHashVersion: 0x16, // A...
     isTestnet: false,
   },
   dash: {
     messagePrefix: "\u0019DarkCoin Signed Message:\n",
-    pubKeyHashVersion: 0x4C, // X...
+    pubKeyHashVersion: 0x4c, // X...
     scriptHashVersion: 0x10, // 7...
     isTestnet: false,
   },
   zcash: {
     messagePrefix: "\u0018Zcash Signed Message:\n",
-    pubKeyHashVersion: Uint8Array.from([0x1C, 0xB8]), // <-- FIXED
-    scriptHashVersion: Uint8Array.from([0x1C, 0xBD]),
+    pubKeyHashVersion: Uint8Array.from([0x1c, 0xb8]), // <-- FIXED
+    scriptHashVersion: Uint8Array.from([0x1c, 0xbd]),
     isTestnet: false,
   },
-  
+
   testnet: {
     messagePrefix: "\u0018Bitcoin Signed Message:\n",
     pubKeyHashVersion: 0x6f, // m or n
@@ -88,9 +88,9 @@ enum DerivationMode {
 export async function verifyBTCSignature(
   proof: SignatureProof
 ): Promise<SignatureProof> {
-  const [ns,, address] = proof.address.split(/:/);
+  const [ns, , address] = proof.address.split(/:/);
   if (ns !== "bip122") return { ...proof, status: ProofStatus.FAILED };
-  
+
   // Map chainId to our chain configuration
   const chainConfig = getChainConfig(address);
   if (!chainConfig) return { ...proof, status: ProofStatus.FAILED };
@@ -104,7 +104,16 @@ export async function verifyBTCSignature(
   if (chainConfig.isTestnet) {
     return verifyBIP322(address, proof);
   }
-  
+
+  // Check if this is a Taproot address (bc1p or tb1p)
+  const isTaproot = address.startsWith("bc1p") || address.startsWith("tb1p");
+
+  // For Taproot addresses with BIP-137 proof type, use BIP-322 verification
+  // since BIP-137 doesn't officially support Taproot
+  if (isTaproot && proof.type === ProofTypes.BIP137) {
+    return verifyBIP322(address, proof);
+  }
+
   try {
     switch (proof.type) {
       case ProofTypes.BIP137:
@@ -117,24 +126,30 @@ export async function verifyBTCSignature(
           status: ProofStatus.FAILED,
         };
     }
-  } catch (error) {
-    console.error("error verifying proof", error);
+  } catch {
     return {
       ...proof,
       status: ProofStatus.FAILED,
-      // error: error.message || error,
     };
   }
 }
 
 function getChainConfig(address: string): ChainConfig {
-  if (address.startsWith("1") || address.startsWith("3") || address.startsWith("bc1")) {
+  if (
+    address.startsWith("1") ||
+    address.startsWith("3") ||
+    address.startsWith("bc1")
+  ) {
     return CHAIN_CONFIGS["bitcoin"];
   }
   if (address.startsWith("t1") || address.startsWith("t3")) {
     return CHAIN_CONFIGS["zcash"];
   }
-  if (address.startsWith("L") || address.startsWith("M") || address.startsWith("ltc1")) {
+  if (
+    address.startsWith("L") ||
+    address.startsWith("M") ||
+    address.startsWith("ltc1")
+  ) {
     return CHAIN_CONFIGS["litecoin"];
   }
   if (address.startsWith("D") || address.startsWith("A")) {
@@ -153,7 +168,6 @@ function getChainConfig(address: string): ChainConfig {
   return CHAIN_CONFIGS["bitcoin"];
 }
 
-
 function verifyBIP322(address: string, proof: SignatureProof) {
   const { attestation, proof: signatureProof } = proof;
   const verified = Verifier.verifySignature(
@@ -167,17 +181,29 @@ function verifyBIP322(address: string, proof: SignatureProof) {
   };
 }
 
-function verifyBIP137(address: string, proof: SignatureProof, chainConfig: ChainConfig) {
+function verifyBIP137(
+  address: string,
+  proof: SignatureProof,
+  chainConfig: ChainConfig
+) {
   const derivationMode = getDerivationMode(address);
-  
+
   // For legacy addresses (starting with "1"), never use SegWit encoding
   // For P2SH addresses (starting with "3"), use SegWit encoding if they have bech32 support
   // For native SegWit addresses (bc1, tb1, ltc1), always use SegWit encoding
-  const useSegwitEncoding = Boolean(chainConfig.bech32Prefix && 
-    (derivationMode === DerivationMode.NATIVE || 
-     (derivationMode === DerivationMode.SEGWIT && !address.startsWith("1"))));
-  
-  const verified = verify(proof.attestation, address, proof.proof, useSegwitEncoding, chainConfig);
+  const useSegwitEncoding = Boolean(
+    chainConfig.bech32Prefix &&
+      (derivationMode === DerivationMode.NATIVE ||
+        (derivationMode === DerivationMode.SEGWIT && !address.startsWith("1")))
+  );
+
+  const verified = verify(
+    proof.attestation,
+    address,
+    proof.proof,
+    useSegwitEncoding,
+    chainConfig
+  );
 
   return {
     ...proof,
@@ -257,25 +283,34 @@ function verify(
   let actual: string = "";
 
   // Special handling for Bitcoin Cash addresses
-  if (address.startsWith('q')) {
+  if (address.startsWith("q")) {
     // For BCH, we'll compare the public key hash directly since we're getting a CashAddr
     // Convert the CashAddr to legacy format for comparison
-    actual = encodeBase58AddressFormat(chainConfig.pubKeyHashVersion, publicKeyHash);
+    actual = encodeBase58AddressFormat(
+      chainConfig.pubKeyHashVersion,
+      publicKeyHash
+    );
     // Legacy P2PKH addresses in BCH start with '1' just like BTC
     // Source: https://reference.cash/protocol/blockchain/encoding/cashaddr#legacy-address-format
-    return actual.startsWith('1');
+    return actual.startsWith("1");
   }
 
   if (segwitType) {
     if (segwitType === SEGWIT_TYPES.P2SH_P2WPKH) {
-      actual = encodeBase58AddressFormat(chainConfig.scriptHashVersion, publicKeyHash);
+      actual = encodeBase58AddressFormat(
+        chainConfig.scriptHashVersion,
+        publicKeyHash
+      );
     } else {
       // parsed.segwitType === SEGWIT_TYPES.P2WPKH
       if (chainConfig.bech32Prefix) {
         actual = encodeBech32Address(publicKeyHash, chainConfig.bech32Prefix);
       } else {
         // Fallback to legacy if bech32 not supported
-        actual = encodeBase58AddressFormat(chainConfig.scriptHashVersion, publicKeyHash);
+        actual = encodeBase58AddressFormat(
+          chainConfig.scriptHashVersion,
+          publicKeyHash
+        );
         // base58 can be p2pkh or p2sh-p2wpkh
       }
     }
@@ -288,24 +323,47 @@ function verify(
       redeemScript[1] = 0x14; // push 20 bytes
       redeemScript.set(publicKeyHash, 2);
       const redeemScriptHash = hash160(redeemScript);
-      const p2shP2wpkh = encodeBase58AddressFormat(chainConfig.scriptHashVersion, redeemScriptHash);
+      const p2shP2wpkh = encodeBase58AddressFormat(
+        chainConfig.scriptHashVersion,
+        redeemScriptHash
+      );
       // Legacy P2SH: script hash of the public key
-      const legacyP2sh = encodeBase58AddressFormat(chainConfig.scriptHashVersion, publicKeyHash);
+      const legacyP2sh = encodeBase58AddressFormat(
+        chainConfig.scriptHashVersion,
+        publicKeyHash
+      );
       if (address === p2shP2wpkh || address === legacyP2sh) {
         return true;
       }
       actual = legacyP2sh; // fallback for error reporting
+    } else if (address.startsWith("bc1q") || address.startsWith("tb1q") || address.startsWith("ltc1q")) {
+      // For native SegWit P2WPKH addresses (bc1q/tb1q/ltc1q), always encode as bech32
+      // This handles Ledger wallets that sign without segwit flags
+      if (chainConfig.bech32Prefix) {
+        actual = encodeBech32Address(publicKeyHash, chainConfig.bech32Prefix);
+      } else {
+        actual = encodeBase58AddressFormat(
+          chainConfig.pubKeyHashVersion,
+          publicKeyHash
+        );
+      }
     } else if (checkSegwitAlways && chainConfig.bech32Prefix) {
       try {
         actual = encodeBech32Address(publicKeyHash, chainConfig.bech32Prefix);
         // if address is bech32 it is not p2sh
         // eslint-disable-next-line @typescript-eslint/no-unused-vars
       } catch (e) {
-        actual = encodeBase58AddressFormat(chainConfig.scriptHashVersion, publicKeyHash);
+        actual = encodeBase58AddressFormat(
+          chainConfig.scriptHashVersion,
+          publicKeyHash
+        );
         // base58 can be p2pkh or p2sh-p2wpkh
       }
     } else {
-      actual = encodeBase58AddressFormat(chainConfig.pubKeyHashVersion, publicKeyHash);
+      actual = encodeBase58AddressFormat(
+        chainConfig.pubKeyHashVersion,
+        publicKeyHash
+      );
     }
   }
 
@@ -314,11 +372,12 @@ function verify(
 
 const base58check = createBase58check(Hash.sha256);
 
-function encodeBase58AddressFormat(version: number | Uint8Array, publicKeyHash: Uint8Array) {
+function encodeBase58AddressFormat(
+  version: number | Uint8Array,
+  publicKeyHash: Uint8Array
+) {
   const prefixBytes =
-    typeof version === "number"
-      ? Uint8Array.of(version)
-      : version; // Accept raw Uint8Array for Zcash
+    typeof version === "number" ? Uint8Array.of(version) : version; // Accept raw Uint8Array for Zcash
 
   const payload = new Uint8Array(prefixBytes.length + publicKeyHash.length);
   payload.set(prefixBytes);
@@ -326,7 +385,6 @@ function encodeBase58AddressFormat(version: number | Uint8Array, publicKeyHash:
   return base58check.encode(payload);
 }
 
-
 function magicHash(attestation: string, messagePrefix: string) {
   const prefix = new TextEncoder().encode(messagePrefix);
   const message = new TextEncoder().encode(attestation);
@@ -340,7 +398,10 @@ function magicHash(attestation: string, messagePrefix: string) {
   return hash256(buffer);
 }
 
-function encodeBech32Address(publicKeyHash: Uint8Array, prefix: string = "bc"): string {
+function encodeBech32Address(
+  publicKeyHash: Uint8Array,
+  prefix: string = "bc"
+): string {
   const bwords = bech32.toWords(publicKeyHash);
   bwords.unshift(0);
   return bech32.encode(prefix, bwords);
@@ -352,4 +413,4 @@ function hash256(buffer: Uint8Array): Uint8Array {
 
 function hash160(buffer: Uint8Array): Uint8Array {
   return Hash.ripemd160(Hash.sha256(buffer));
-}
+}

package/src/cosmos.ts

@@ -0,0 +1,88 @@
+import {
+  CosmosMetadata,
+  ProofStatus,
+  SignatureProof,
+} from "@notabene/javascript-sdk";
+import { bech32 } from "bech32";
+import { StdSignDoc, serializeSignDoc } from "@cosmjs/amino";
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { ripemd160 } from "@noble/hashes/legacy";
+import { sha256 } from "@noble/hashes/sha2";
+
+// Base64 decode
+function base64ToUint8Array(base64: string): Uint8Array {
+  return Uint8Array.from(atob(base64), (c) => c.charCodeAt(0));
+}
+
+// Base64 encode UTF-8 bytes
+function toBase64Bytes(str: string): string {
+  const utf8 = new TextEncoder().encode(str);
+  let binary = "";
+  for (let i = 0; i < utf8.length; i++) {
+    binary += String.fromCharCode(utf8[i]);
+  }
+  return btoa(binary);
+}
+
+// Cosmos address derivation (ADR-36)
+// https://github.com/cosmos/cosmos-sdk/blob/214b11dcbaa129f7b4c0013b2103db9d54b85e9e/docs/architecture/adr-036-arbitrary-signature.md
+function deriveCosmosAddress(pubkey: Uint8Array, prefix = "cosmos"): string {
+  const sha = sha256(pubkey);
+  const rip = ripemd160(sha);
+  return bech32.encode(prefix, bech32.toWords(rip));
+}
+
+export async function verifyCosmosSignature(
+  proof: SignatureProof
+): Promise<SignatureProof> {
+  try {
+    const [ns, , address] = proof.address.split(/:/);
+    if (ns !== "cosmos") {
+      return { ...proof, status: ProofStatus.FAILED };
+    }
+
+    // Parse the proof JSON
+    const pubKeyBytes = base64ToUint8Array(
+      (proof.chainSpecificData as CosmosMetadata).pub_key.value
+    );
+    const signatureBytes = base64ToUint8Array(proof.proof);
+
+    // Step 1: Derive address from pubkey
+    const derivedAddress = deriveCosmosAddress(pubKeyBytes);
+    if (derivedAddress !== address) {
+      return { ...proof, status: ProofStatus.FAILED };
+    }
+
+    // Step 2: Build MsgSignData + StdSignDoc
+    const signDoc: StdSignDoc = {
+      chain_id: "", // must match the signing process
+      account_number: "0",
+      sequence: "0",
+      fee: { amount: [], gas: "0" },
+      msgs: [
+        {
+          type: "sign/MsgSignData",
+          value: {
+            signer: address,
+            data: toBase64Bytes(proof.attestation),
+          },
+        },
+      ],
+      memo: "",
+    };
+
+    // Step 3: Serialize + hash
+    const signBytes = await serializeSignDoc(signDoc);
+    const digest = sha256(signBytes);
+
+    // Step 4: Verify using secp256k1
+    const verified = secp256k1.verify(signatureBytes, digest, pubKeyBytes);
+
+    return {
+      ...proof,
+      status: verified ? ProofStatus.VERIFIED : ProofStatus.FAILED,
+    };
+  } catch {
+    return { ...proof, status: ProofStatus.FAILED };
+  }
+}

package/src/index.ts

@@ -14,6 +14,7 @@ import { verifyCIP8Signature } from "./cardano";
 import { verifyPersonalSignXRPL } from "./xrpl";
 import { verifyStellarSignature } from "./xlm";
 import { verifyConcordiumSignature } from "./concordium";
+import { verifyCosmosSignature } from "./cosmos";
 
 export async function verifyProof(
   proof: OwnershipProof,
@@ -46,9 +47,10 @@ export async function verifyProof(
       return verifyPersonalSignXRPL(proof as SignatureProof, publicKey);
     case ProofTypes.XLM_ED25519:
       return verifyStellarSignature(proof as SignatureProof);
-    case ProofTypes.CONCORDIUM: {
+    case ProofTypes.CONCORDIUM: 
       return verifyConcordiumSignature(proof as SignatureProof);
-    }
+    case ProofTypes.COSMOS:
+      return verifyCosmosSignature(proof as SignatureProof);
     case ProofTypes.EIP712:
     case ProofTypes.BIP137:
     case ProofTypes.BIP322:

package/src/tests/bitcoin.test.ts

@@ -11,28 +11,37 @@ const bitcoinP2WPKHProof: SignatureProof = {
   type: ProofTypes.BIP137,
   wallet_provider: "Manual Wallet Signature",
   status: ProofStatus.PENDING,
-  address: "bip122:000000000019d6689c085ae165831e93:3Q9jfjfbMDuatto7wZ6Tz2aKaDCRHqWWys",
+  address:
+    "bip122:000000000019d6689c085ae165831e93:3Q9jfjfbMDuatto7wZ6Tz2aKaDCRHqWWys",
   did: "did:pkh:bip122:000000000019d6689c085ae165831e93:3Q9jfjfbMDuatto7wZ6Tz2aKaDCRHqWWys",
-  attestation: "I certify that the blockchain address 3Q9jfjfbMDuatto7wZ6Tz2aKaDCRHqWWys belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:3Q9jfjfbMDuatto7wZ6Tz2aKaDCRHqWWys on Wed, 09 Jul 2025 20:17:12 GMT",
-  proof: "HxPmbzvEnvgu0RYIPYl5bWySkFNXwOF/Jegq3NvzjFZ/Ik/koTdV9rh2A7osXefhzTlniUw8YbZNmCeXB9V9qC8=",
-}
+  attestation:
+    "I certify that the blockchain address 3Q9jfjfbMDuatto7wZ6Tz2aKaDCRHqWWys belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:3Q9jfjfbMDuatto7wZ6Tz2aKaDCRHqWWys on Wed, 09 Jul 2025 20:17:12 GMT",
+  proof:
+    "HxPmbzvEnvgu0RYIPYl5bWySkFNXwOF/Jegq3NvzjFZ/Ik/koTdV9rh2A7osXefhzTlniUw8YbZNmCeXB9V9qC8=",
+};
 
 const bitcoinP2shProof: SignatureProof = {
   type: ProofTypes.BIP137,
   wallet_provider: "Manual Wallet Signature",
   status: ProofStatus.PENDING,
-  address: "bip122:000000000019d6689c085ae165831e93:1ANiqVALaKwadxA9nvmCUHpBhaopVniuVS",
+  address:
+    "bip122:000000000019d6689c085ae165831e93:1ANiqVALaKwadxA9nvmCUHpBhaopVniuVS",
   did: "did:pkh:bip122:000000000019d6689c085ae165831e93:1ANiqVALaKwadxA9nvmCUHpBhaopVniuVS",
-  attestation: "I certify that the blockchain address 1ANiqVALaKwadxA9nvmCUHpBhaopVniuVS belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:1ANiqVALaKwadxA9nvmCUHpBhaopVniuVS on Wed, 02 Jul 2025 16:01:44 GMT",
-  proof: "IBo2Im6O5NyuXzBJ+coiTMqmUsqG9bv8NzM3+B5e+5XMB2Xp1n/sIsE/73Jy0EdSvcb334t49+3tdjE/X+sXjFw="
-}
+  attestation:
+    "I certify that the blockchain address 1ANiqVALaKwadxA9nvmCUHpBhaopVniuVS belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:1ANiqVALaKwadxA9nvmCUHpBhaopVniuVS on Wed, 02 Jul 2025 16:01:44 GMT",
+  proof:
+    "IBo2Im6O5NyuXzBJ+coiTMqmUsqG9bv8NzM3+B5e+5XMB2Xp1n/sIsE/73Jy0EdSvcb334t49+3tdjE/X+sXjFw=",
+};
 
 const bip322SegwitTestnetProof: SignatureProof = {
   type: ProofTypes.BIP137,
-  address: "bip122:000000000019d6689c085ae165831e93:tb1q0apvgsh48f3rmw224na3ye5rrg37fd796cm0xf",
+  address:
+    "bip122:000000000019d6689c085ae165831e93:tb1q0apvgsh48f3rmw224na3ye5rrg37fd796cm0xf",
   did: "did:pkh:bip122:000000000019d6689c085ae165831e93:tb1q0apvgsh48f3rmw224na3ye5rrg37fd796cm0xf",
-  attestation: "I certify that the blockchain address tb1q0apvgsh48f3rmw224na3ye5rrg37fd796cm0xf belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:tb1q0apvgsh48f3rmw224na3ye5rrg37fd796cm0xf on Tue, 29 Apr 2025 15:33:26 GMT",
-  proof: "AkcwRAIgXzKIOGjVp8qrqpUM+e/2BkbITsbGpjTFxgfHjk/Bt+sCIGueO3l6/cvfZYSggu2F4WKj1K97p32NivFwKdOHg9cgASEDtJ0tfDgrGYO4OSuYjyiehIoY1dEUkPo8XZQJ3Yqo//8=",
+  attestation:
+    "I certify that the blockchain address tb1q0apvgsh48f3rmw224na3ye5rrg37fd796cm0xf belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:tb1q0apvgsh48f3rmw224na3ye5rrg37fd796cm0xf on Tue, 29 Apr 2025 15:33:26 GMT",
+  proof:
+    "AkcwRAIgXzKIOGjVp8qrqpUM+e/2BkbITsbGpjTFxgfHjk/Bt+sCIGueO3l6/cvfZYSggu2F4WKj1K97p32NivFwKdOHg9cgASEDtJ0tfDgrGYO4OSuYjyiehIoY1dEUkPo8XZQJ3Yqo//8=",
   status: ProofStatus.PENDING,
   wallet_provider: "Manual Wallet Signature",
 };
@@ -100,10 +109,13 @@ const dogeProof: SignatureProof = {
 
 const zcashProof: SignatureProof = {
   type: ProofTypes.BIP137,
-  address: "bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL",
+  address:
+    "bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL",
   did: "did:pkh:bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL",
-  attestation: "I certify that the blockchain address t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL on Mon, 30 Jun 2025 08:41:29 GMT",
-  proof: "HzPW+q7EXixhtV/rBQ0sOtoXCDOml7C6P6rtIxLkBy3tenP978po7tuwj997DvJRiakL65Qw7xADK5hHs1Vu7es=",
+  attestation:
+    "I certify that the blockchain address t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL on Mon, 30 Jun 2025 08:41:29 GMT",
+  proof:
+    "HzPW+q7EXixhtV/rBQ0sOtoXCDOml7C6P6rtIxLkBy3tenP978po7tuwj997DvJRiakL65Qw7xADK5hHs1Vu7es=",
   status: ProofStatus.PENDING,
   wallet_provider: "Manual Wallet Signature",
 };
@@ -111,12 +123,18 @@ const zcashProof: SignatureProof = {
 describe("verifyBTCSignature", () => {
   it("handles bitcoin p2sh addresses", async () => {
     const result = await verifyBTCSignature(bitcoinP2shProof);
-    expect(result).toEqual({ ...bitcoinP2shProof, status: ProofStatus.VERIFIED });
+    expect(result).toEqual({
+      ...bitcoinP2shProof,
+      status: ProofStatus.VERIFIED,
+    });
   });
 
   it("handles bitcoin p2wpkh addresses", async () => {
     const result = await verifyBTCSignature(bitcoinP2WPKHProof);
-    expect(result).toEqual({ ...bitcoinP2WPKHProof, status: ProofStatus.VERIFIED });
+    expect(result).toEqual({
+      ...bitcoinP2WPKHProof,
+      status: ProofStatus.VERIFIED,
+    });
   });
 
   it("handles bip322 segwit testnet addresses", async () => {
@@ -416,4 +434,75 @@ describe("verifyBTCSignature", () => {
       status: ProofStatus.VERIFIED,
     });
   });
+
+  it("handles sparrow wallet p2tr taproot addresses", async () => {
+    const taprootProof: SignatureProof = {
+      type: ProofTypes.BIP322,
+      address:
+        "bip122:000000000019d6689c085ae165831e93:bc1ppxwwc2hvpcfftkt08qf5rqdduw7j9dxskpugk438a7uvmqx7u5nqfdtacv",
+      did: "did:pkh:bip122:000000000019d6689c085ae165831e93:bc1ppxwwc2hvpcfftkt08qf5rqdduw7j9dxskpugk438a7uvmqx7u5nqfdtacv",
+      attestation: "example",
+      proof:
+        "AUFBIMYTvgwZX5oQLE8TmIdOITYB20CarEVU9JJJo1RTIh7RWyoYpMG2REkkqEz7zBLVK9nBu5JXM17/Boxdh8cWAQ==",
+      status: ProofStatus.PENDING,
+      wallet_provider: "TaprootWallet",
+    };
+
+    const result = await verifyBTCSignature(taprootProof);
+    expect(result.status).toBe(ProofStatus.VERIFIED);
+  });
+
+  it("handles an unknown wallet p2tr taproot addresses", async () => {
+    const taprootProof: SignatureProof = {
+      type: ProofTypes.BIP322,
+      address:
+        "bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w",
+      did: "did:pkh:bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w",
+      attestation:
+        "I certify that the blockchain address bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w on Thu, 17 Jul 2025 16:08:33 GMT",
+      proof:
+        "AUFqBSD6l9VStmdpN3mcPRb6sb/LxuwonL4JNHQ3BH1DlOdhxbUVbyNFHpGoqFuhlZjjCWkjt6SpdGzIGgcW2mClAQ==",
+      status: ProofStatus.PENDING,
+      wallet_provider: "TaprootWallet",
+    };
+
+    const result = await verifyBTCSignature(taprootProof);
+    expect(result.status).toBe(ProofStatus.VERIFIED);
+  });
+
+  it("fails for invalid taproot signature", async () => {
+    const taprootProof: SignatureProof = {
+      type: ProofTypes.BIP322,
+      address:
+        "bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w",
+      did: "did:pkh:bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w",
+      attestation:
+        "I certify that the blockchain address bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w on Thu, 17 Jul 2025 16:08:33 GMT",
+      proof:
+        "AUFBIMYTvgwZX5oQLE8TmIdOITYB20CarEVU9JJJo1RTIh7RWyoYpMG2REkkqEz7zBLVK9nBu5JXM17/Boxdh8cWAQ==",
+      status: ProofStatus.PENDING,
+      wallet_provider: "Sparrow Wallet",
+    };
+
+    const result = await verifyBTCSignature(taprootProof);
+    expect(result.status).toBe(ProofStatus.FAILED);
+  });
+
+  it("it verifies sparrow wallet btc wallet proof", async () => {
+    const sparrowWalletProof: SignatureProof = {
+      type: ProofTypes.BIP137,
+      status: ProofStatus.PENDING,
+      did: "did:pkh:bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w",
+      address:
+        "bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w",
+      proof:
+        "AUHV/fUKDdHSdP90WwkLBRq0miuMOnfBtlLvG7HqC013vWfj+wWuDRD0bvg5LLHd/IQUqMtgyZZs96IX8E3EtauLAQ==",
+      attestation:
+        "I certify that the blockchain address bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:bc1p6rvvgjwj594jr4sr3e8gd0nhvkr63ujwdm6g2mv9fqx4lv60suwsa9ff6w on Thu, 11 Sep 2025 13:19:19 GMT",
+      wallet_provider: "Manual Wallet Signature",
+    };
+
+    const result = await verifyBTCSignature(sparrowWalletProof);
+    expect(result.status).toBe(ProofStatus.VERIFIED);
+  });
 });

package/src/tests/cosmos.test.ts

@@ -0,0 +1,51 @@
+import { describe, expect, it } from "vitest";
+import {
+  ProofStatus,
+  ProofTypes,
+  SignatureProof,
+} from "@notabene/javascript-sdk";
+import { verifyCosmosSignature } from "../cosmos";
+
+describe("verifyCosmosSignature", () => {
+  it("returns verified proof when valid message and address", async () => {
+    const proof: SignatureProof = {
+      type: ProofTypes.COSMOS,
+      did: "did:pkh:cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      status: ProofStatus.PENDING,
+      attestation:
+        "I certify that\n\ncosmos:cosmoshub-4 account cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Mon, 14 Jul 2025 15:09:56 GMT",
+      address:
+        "cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      proof:
+        "r0L+4864I3p2jPRBt8IAnhhvYmemMkKGg9fcKM0GOBIScgIpmyX/+ObPT/09VMSCzxlzZkH6LQGLNiD2sudAZw==",
+      wallet_provider: "Keplr (Wallet Connect)",
+      chainSpecificData: {
+        pub_key: {
+          type: "tendermint/PubKeySecp256k1",
+          value: "Ak8k3jYgH4srYi1ygG0GWLrdbF7VwQgjiLqjifuJSsmU",
+        },
+      },
+    };
+    const result = await verifyCosmosSignature(proof);
+
+    expect(result.status).toBe(ProofStatus.VERIFIED);
+  });
+
+  it("returns failed proof when invalid message and address", async () => {
+    const proof: SignatureProof = {
+      type: ProofTypes.COSMOS,
+      did: "did:pkh:cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      status: ProofStatus.PENDING,
+      attestation:
+        "I certify that\n\ncosmos:cosmoshub-4 account cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Mon, 14 Jul 2025 15:09:56 GMT",
+      address:
+        "cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      proof:
+        '{"pub_key":{"type":"tendermint/PubKeySecp256k1","value":"Ak8k3jYgH4srYi1ygG0GWLrdbF7VwQgjiLqjifuJSsmU"},"signature":"invalid_signature_that_will_fail_verification"}',
+      wallet_provider: "Keplr (Wallet Connect)",
+    };
+    const result = await verifyCosmosSignature(proof);
+
+    expect(result.status).toBe(ProofStatus.FAILED);
+  });
+});

package/src/tests/index.test.ts

@@ -342,4 +342,27 @@ describe("verifyProof", () => {
       expect(result.status).toBe(ProofStatus.VERIFIED);
     });
   })
+
+  describe("Cosmos", () => {  
+    const proof: SignatureProof = {
+      type: ProofTypes.COSMOS,
+      did: "did:pkh:cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      status: ProofStatus.PENDING,
+      attestation: "I certify that\n\ncosmos:cosmoshub-4 account cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Mon, 14 Jul 2025 15:09:56 GMT",
+      address: "cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      proof: "r0L+4864I3p2jPRBt8IAnhhvYmemMkKGg9fcKM0GOBIScgIpmyX/+ObPT/09VMSCzxlzZkH6LQGLNiD2sudAZw==",
+      wallet_provider: "Keplr (Wallet Connect)",
+      chainSpecificData: {
+        pub_key: {
+          type: "tendermint/PubKeySecp256k1",
+          value: "Ak8k3jYgH4srYi1ygG0GWLrdbF7VwQgjiLqjifuJSsmU",
+        },
+      }
+    };
+
+    it("should verify proof", async () => {
+      const result = await verifyProof(proof);
+      expect(result.status).toBe(ProofStatus.VERIFIED);
+    });
+  });
 });

package/src/xlm.ts

@@ -18,8 +18,7 @@ export function verifyStellarSignature(
       ...proof,
       status: verified ? ProofStatus.VERIFIED : ProofStatus.FAILED,
     };
-  } catch (error) {
-    console.error(error);
+  } catch {
     return { ...proof, status: ProofStatus.FAILED };
   }
 }