@ocap/tx-protocols 1.28.9 → 1.29.0

package/lib/protocols/token-factory/pipes/verify-ownership.cjs

@@ -0,0 +1,66 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.cjs');
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let lodash_get = require("lodash/get");
+lodash_get = require_rolldown_runtime.__toESM(lodash_get);
+let _arcblock_vc = require("@arcblock/vc");
+let _ocap_util_lib_url = require("@ocap/util/lib/url");
+
+//#region src/protocols/token-factory/pipes/verify-ownership.ts
+const isTest = ["development", "test"].includes(process.env.NODE_ENV) || !!process.env.CI;
+const verifyOwnership = ({ tokenKey = "itx.token" } = {}) => async (context, next) => {
+	const { symbol, address, website } = (0, lodash_get.default)(context, tokenKey) || {};
+	if (!website) return next();
+	try {
+		await (0, _ocap_util_lib_url.verifyUrl)(website, isTest ? {
+			protocols: ["http:", "https:"],
+			blockedHosts: [],
+			allowIp: true
+		} : { checkDns: true });
+	} catch (error) {
+		return next(new _ocap_util_lib_error.CustomError("INVALID_WEBSITE", `Website ${website} must be a valid URL: ${error.message}`));
+	}
+	const { from, delegator } = context.tx;
+	const chainId = context.config.chainId;
+	const sender = delegator || from;
+	const { origin } = new URL(website);
+	const verificationUrl = `${origin}/.well-known/ocap/tokens.json`;
+	try {
+		const response = await fetch(verificationUrl, { redirect: "manual" });
+		if (!response || !response.ok) {
+			context.logger?.info("Website verification failed", {
+				symbol,
+				website,
+				status: response?.status,
+				statusText: response?.statusText
+			});
+			return next(new _ocap_util_lib_error.CustomError("INVALID_WEBSITE", `Website ${website} verification failed`));
+		}
+		const data = await response.json();
+		if ((await Promise.all(data.filter(Boolean).filter((item) => {
+			if (item.type !== "TokenIssueCredential") return false;
+			if (item.issuer?.id !== sender) return false;
+			const { id, issued } = item.credentialSubject || {};
+			return id === sender && issued?.address === address && issued?.symbol === symbol && issued?.chainId === chainId && issued?.website === website;
+		}).map((item) => {
+			return (0, _arcblock_vc.verify)({
+				vc: item,
+				ownerDid: sender,
+				trustedIssuers: sender
+			});
+		}))).some((valid) => valid)) return next();
+		context.logger?.warn("Website verification failed", {
+			address,
+			symbol,
+			website,
+			data
+		});
+		return next(new _ocap_util_lib_error.CustomError("INVALID_WEBSITE", `Website ${website} verification failed`));
+	} catch (error) {
+		return next(new _ocap_util_lib_error.CustomError("INVALID_WEBSITE", `Website ${website} verification failed: ${error.message}`));
+	}
+};
+var verify_ownership_default = verifyOwnership;
+
+//#endregion
+exports.default = verify_ownership_default;

package/lib/protocols/token-factory/pipes/verify-ownership.d.cts

@@ -0,0 +1,12 @@
+import { IDecodedContext } from "@ocap/types";
+import { PipeFunction } from "@ocap/tx-pipeline";
+
+//#region src/protocols/token-factory/pipes/verify-ownership.d.ts
+interface IVerifyOwnershipOptions {
+  tokenKey?: string;
+}
+declare const verifyOwnership: ({
+  tokenKey
+}?: IVerifyOwnershipOptions) => PipeFunction<IDecodedContext>;
+//#endregion
+export { verifyOwnership as default };

package/lib/protocols/token-factory/pipes/verify-url.cjs

@@ -0,0 +1,29 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.cjs');
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let lodash_get = require("lodash/get");
+lodash_get = require_rolldown_runtime.__toESM(lodash_get);
+let _ocap_util_lib_url = require("@ocap/util/lib/url");
+
+//#region src/protocols/token-factory/pipes/verify-url.ts
+const isTest = ["development", "test"].includes(process.env.NODE_ENV) || !!process.env.CI;
+const verifyUrlPipe = ({ urlKeys = ["itx.token.website", "itx.token.metadata.value.communityUrl"] } = {}) => async (context, next) => {
+	for (const key of urlKeys) {
+		const url = (0, lodash_get.default)(context, key);
+		if (!url) continue;
+		try {
+			await (0, _ocap_util_lib_url.verifyUrl)(url, isTest ? {
+				protocols: ["http:", "https:"],
+				blockedHosts: [],
+				allowIp: true
+			} : {});
+		} catch (error) {
+			return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `${key.split(".").pop()} is not valid: ${error.message}`));
+		}
+	}
+	return next();
+};
+var verify_url_default = verifyUrlPipe;
+
+//#endregion
+exports.default = verify_url_default;

package/lib/protocols/token-factory/pipes/verify-url.d.cts

@@ -0,0 +1,12 @@
+import { IDecodedContext } from "@ocap/types";
+import { PipeFunction } from "@ocap/tx-pipeline";
+
+//#region src/protocols/token-factory/pipes/verify-url.d.ts
+interface IVerifyUrlOptions {
+  urlKeys?: string[];
+}
+declare const verifyUrlPipe: ({
+  urlKeys
+}?: IVerifyUrlOptions) => PipeFunction<IDecodedContext>;
+//#endregion
+export { verifyUrlPipe as default };

package/lib/protocols/token-factory/update.cjs

@@ -0,0 +1,155 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_util = require('../../util.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_token_factory_pipes_verify_icon = require('./pipes/verify-icon.cjs');
+const require_protocols_token_factory_pipes_verify_ownership = require('./pipes/verify-ownership.cjs');
+const require_protocols_token_factory_pipes_verify_url = require('./pipes/verify-url.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _ocap_state = require("@ocap/state");
+let debug = require("debug");
+debug = require_rolldown_runtime.__toESM(debug);
+let _arcblock_validator = require("@arcblock/validator");
+
+//#region src/protocols/token-factory/update.ts
+const debug$1 = (0, debug.default)("@ocap/tx-protocols:update-token-factory");
+const runner = new _ocap_tx_pipeline.Runner("update_token_factory");
+const isTest = process.env.NODE_ENV === "development" || process.env.NODE_ENV === "test" || process.env.CI;
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSig(0));
+const schema = _arcblock_validator.Joi.object({
+	address: _arcblock_validator.Joi.DID().prefix().role("ROLE_TOKEN_FACTORY").required(),
+	feeRate: _arcblock_validator.Joi.number().min(0).max(2e3).optional().allow(null),
+	token: _arcblock_validator.Joi.object({
+		icon: _arcblock_validator.Joi.string().optional().allow(null, ""),
+		website: _arcblock_validator.Joi.string().uri({
+			scheme: isTest ? ["http", "https"] : ["https"],
+			allowRelative: false
+		}).max(256).optional().allow(null, ""),
+		metadata: _arcblock_validator.Joi.any().optional().allow(null)
+	}).optional().allow(null),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use((context, next) => {
+	const { error } = schema.validate(context.itx);
+	if (error) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`));
+	if (context.itx.token?.metadata) {
+		const metadata = require_util.decodeAnySafe(context.itx.token.metadata ?? null);
+		if (metadata) {
+			const { error: metadataError, value: metadataValue } = _ocap_state.token.metadataSchema.validate(metadata.value);
+			if (metadataError) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid metadata: ${metadataError.message}`));
+			context.itx.token.metadata = {
+				...metadata,
+				value: metadataValue
+			};
+		}
+	}
+	return next();
+});
+runner.use(require_protocols_token_factory_pipes_verify_icon.default({ iconKey: "itx.token.icon" }));
+runner.use(require_protocols_token_factory_pipes_verify_url.default({ urlKeys: ["itx.token.website", "itx.token.metadata.value.communityUrl"] }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.address",
+	to: "tokenFactoryState",
+	table: "tokenFactory",
+	status: "INVALID_TOKEN_FACTORY"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tokenFactoryState.tokenAddress",
+	to: "tokenState",
+	table: "token",
+	status: "INVALID_TOKEN"
+}));
+runner.use((context, next) => {
+	const { tokenState, itx } = context;
+	context.tokenInfoForVerification = {
+		symbol: tokenState.symbol,
+		address: tokenState.address,
+		website: itx.token?.website ?? null
+	};
+	return next();
+});
+runner.use(require_protocols_token_factory_pipes_verify_ownership.default({ tokenKey: "tokenInfoForVerification" }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyBlocked({ stateKeys: ["senderState"] }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.delegator",
+	to: "delegatorState",
+	status: "OK",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	stateKey: "delegatorState",
+	addressKey: "tx.delegator"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyDelegation({
+	type: "signature",
+	signerKey: "senderState",
+	delegatorKey: "delegatorState",
+	getRequirements: require_util.getDelegationRequirements
+}));
+runner.use((context, next) => {
+	const { tokenFactoryState, delegatorState, senderState } = context;
+	if ((delegatorState ? delegatorState.address : senderState.address) !== tokenFactoryState.owner) return next(new _ocap_util_lib_error.CustomError("FORBIDDEN", "Token factory can only be updated by owner"));
+	return next();
+});
+runner.use(require_pipes_ensure_gas.default((context) => {
+	const result = {
+		create: 0,
+		update: 2,
+		payment: 0
+	};
+	if (context.isDelegationChanged) result.update += 1;
+	return result;
+}));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, statedb, senderState, tokenFactoryState, tokenState, senderChange, updateVaults, delegationState } = context;
+	const senderStateValue = senderState;
+	const tokenFactoryStateValue = tokenFactoryState;
+	const tokenStateValue = tokenState;
+	const { tokens: senderTokens = {} } = senderStateValue;
+	const senderUpdates = senderChange ? require_util.applyTokenChange({ tokens: senderTokens }, senderChange) : { tokens: senderTokens };
+	const factoryUpdates = itx.feeRate ? { feeRate: itx.feeRate } : {};
+	const tokenUpdates = itx.token ? {
+		icon: itx.token?.icon || tokenStateValue.icon,
+		website: itx.token?.website || tokenStateValue.website,
+		metadata: itx.token?.metadata || tokenStateValue.metadata
+	} : null;
+	const [newSenderState, newTokenFactoryState, newTokenState, newDelegationState] = await Promise.all([
+		statedb.account.update(senderStateValue.address, _ocap_state.account.update(senderStateValue, {
+			nonce: tx.nonce,
+			pk: tx.pk,
+			...senderUpdates
+		}, context), context),
+		statedb.tokenFactory.update(tokenFactoryStateValue.address, _ocap_state.tokenFactory.update(tokenFactoryStateValue, factoryUpdates, context), context),
+		tokenUpdates ? statedb.token.update(tokenStateValue.address, _ocap_state.token.update(tokenStateValue, tokenUpdates), context) : tokenStateValue,
+		context.isDelegationChanged && delegationState ? statedb.delegation.update(delegationState.address, _ocap_state.delegation.update(delegationState, {}, context), context) : delegationState
+	]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.tokenFactoryState = newTokenFactoryState;
+	context.tokenState = newTokenState;
+	context.delegationState = newDelegationState;
+	debug$1("update token factory", newTokenFactoryState, newTokenState);
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var update_default = runner;
+
+//#endregion
+exports.default = update_default;

package/lib/protocols/token-factory/update.d.cts

@@ -0,0 +1,10 @@
+//#region src/protocols/token-factory/update.d.ts
+/** Token info for website verification */
+interface TokenInfoForVerification {
+  symbol: string;
+  address: string;
+  website?: string | null;
+}
+declare const runner: any;
+//#endregion
+export { TokenInfoForVerification, runner as default };

package/lib/protocols/trade/exchange-v2.cjs

@@ -0,0 +1,243 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_util = require('../../util.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _ocap_state = require("@ocap/state");
+let _ocap_util = require("@ocap/util");
+let debug = require("debug");
+debug = require_rolldown_runtime.__toESM(debug);
+let _ocap_message = require("@ocap/message");
+let _ocap_util_lib_get_list_field = require("@ocap/util/lib/get-list-field");
+let _arcblock_validator = require("@arcblock/validator");
+let _ocap_util_lib_create_sorted_list = require("@ocap/util/lib/create-sorted-list");
+let lodash_isEmpty = require("lodash/isEmpty");
+lodash_isEmpty = require_rolldown_runtime.__toESM(lodash_isEmpty);
+
+//#region src/protocols/trade/exchange-v2.ts
+const debug$1 = (0, debug.default)("@ocap/tx-protocols:exchange-v2");
+const runner = new _ocap_tx_pipeline.Runner("exchange_v2");
+const exchangeInfoSchema = _arcblock_validator.Joi.object({
+	value: _arcblock_validator.Joi.any().optional().allow(null),
+	tokensList: _arcblock_validator.Joi.array().items(_arcblock_validator.schemas.tokenInput).default([]),
+	assetsList: _arcblock_validator.Joi.array().items(_arcblock_validator.Joi.DID().prefix().role("ROLE_ASSET")).default([])
+});
+const schema = _arcblock_validator.Joi.object({
+	to: _arcblock_validator.schemas.tokenHolder.required(),
+	sender: exchangeInfoSchema.required(),
+	receiver: exchangeInfoSchema.required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error } = schema.validate(itx);
+	return next(error ? new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`) : void 0);
+});
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSig(1));
+runner.use(_ocap_tx_pipeline.pipes.ExtractReceiver({ from: [
+	"tx.signaturesList",
+	"tx.signatures",
+	"itx.to"
+] }));
+runner.use(_ocap_tx_pipeline.pipes.VerifyInfo([{
+	error: "INVALID_TX",
+	message: "Can not exchange without any token or assets",
+	fn: (ctx) => {
+		const context = ctx;
+		const zero = new _ocap_util.BN(0);
+		const { itx, config } = context;
+		context.senderAssets = (0, _ocap_util_lib_get_list_field.getListField)(itx, "sender.assets");
+		context.receiverAssets = (0, _ocap_util_lib_get_list_field.getListField)(itx, "receiver.assets");
+		const senderTokensLocal = (0, _ocap_util_lib_get_list_field.getListField)(itx, "sender.tokens");
+		const receiverTokensLocal = (0, _ocap_util_lib_get_list_field.getListField)(itx, "receiver.tokens");
+		const senderValue = itx.sender?.value;
+		const senderAmount = senderValue ? (0, _ocap_message.decodeBigInt)(senderValue) : 0;
+		if (new _ocap_util.BN(senderAmount).gt(zero)) {
+			senderTokensLocal.push({
+				address: config.token.address,
+				value: senderAmount
+			});
+			itx.sender.value = "0";
+		}
+		const receiverValue = itx.receiver?.value;
+		const receiverAmount = receiverValue ? (0, _ocap_message.decodeBigInt)(receiverValue) : 0;
+		if (new _ocap_util.BN(receiverAmount).gt(zero)) {
+			receiverTokensLocal.push({
+				address: config.token.address,
+				value: receiverAmount
+			});
+			itx.receiver.value = "0";
+		}
+		context.senderTokens = senderTokensLocal;
+		context.receiverTokens = receiverTokensLocal;
+		context.tokenAddress = (0, _ocap_util_lib_create_sorted_list.createSortedList)((context.senderTokens || []).concat(context.receiverTokens || []).map((x) => x.address));
+		if ((0, lodash_isEmpty.default)(context.senderAssets) && (0, lodash_isEmpty.default)(context.senderTokens)) return false;
+		if ((0, lodash_isEmpty.default)(context.receiverAssets) && (0, lodash_isEmpty.default)(context.receiverTokens)) return false;
+		return true;
+	}
+}]));
+runner.use(_ocap_tx_pipeline.pipes.VerifySigner({ signer: "itx.to" }));
+runner.use(_ocap_tx_pipeline.pipes.VerifyListSize({ listKey: ["senderAssets", "receiverAssets"] }));
+runner.use(_ocap_tx_pipeline.pipes.VerifyListSize({ listKey: ["senderTokens", "receiverTokens"] }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.delegator",
+	to: "delegatorState",
+	status: "OK",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyDelegation({
+	type: "signature",
+	signerKey: "senderState",
+	delegatorKey: "delegatorState"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractSigner({
+	signerKey: "signerStates",
+	delegatorKey: "delegatorStates"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyDelegation({
+	type: "multisig",
+	signerKey: "signerStates",
+	delegatorKey: "delegatorStates",
+	delegationKey: "delegationStates",
+	getRequirements: () => []
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tokenAddress",
+	to: "tokenStates",
+	status: "INVALID_TOKEN",
+	table: "token"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "receiver",
+	to: "receiverState",
+	status: "INVALID_RECEIVER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use((context, next) => {
+	context.senderTokenConditions = {
+		owner: context.senderState.address,
+		tokens: context.senderTokens || []
+	};
+	context.receiverTokenConditions = {
+		owner: context.receiverState.address,
+		tokens: context.receiverTokens || []
+	};
+	next();
+});
+runner.use(_ocap_tx_pipeline.pipes.VerifyTokenBalance({
+	ownerKey: "senderState",
+	conditionKey: "senderTokenConditions"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyTokenBalance({
+	ownerKey: "receiverState",
+	conditionKey: "receiverTokenConditions"
+}));
+runner.use(_ocap_tx_pipeline.pipes.AntiLandAttack({
+	senderState: "senderState",
+	receiverState: "receiverState"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyBlocked({ stateKeys: ["senderState", "receiverState"] }));
+runner.use(_ocap_tx_pipeline.pipes.verifyTokenAccess({
+	statesKey: "tokenStates",
+	listFieldKey: "spenders",
+	accountKeys: ["senderState"],
+	errorMessage: "Account {address} is not allowed to exchange token {tokenAddress}"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "senderAssets",
+	to: "priv.senderAssets",
+	status: "INVALID_ASSET",
+	table: "asset"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyTransferrable({ assets: "priv.senderAssets" }));
+runner.use(_ocap_tx_pipeline.pipes.VerifyUpdater({
+	assetKey: "priv.senderAssets",
+	ownerKey: "senderState"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "receiverAssets",
+	to: "priv.receiverAssets",
+	status: "INVALID_ASSET",
+	table: "asset"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyTransferrable({ assets: "priv.receiverAssets" }));
+runner.use(_ocap_tx_pipeline.pipes.VerifyUpdater({
+	assetKey: "priv.receiverAssets",
+	ownerKey: "receiverState"
+}));
+runner.use(require_pipes_ensure_gas.default((context) => {
+	const ops = {
+		create: 0,
+		update: 3,
+		payment: 0
+	};
+	ops.update += (context.senderAssets || []).length;
+	ops.update += (context.receiverAssets || []).length;
+	return ops;
+}));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.UpdateOwner({
+	assets: "priv.senderAssets",
+	owner: "receiverState"
+}));
+runner.use(_ocap_tx_pipeline.pipes.UpdateOwner({
+	assets: "priv.receiverAssets",
+	owner: "senderState"
+}));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, senderAssets = [], receiverAssets = [], senderTokens = [], receiverTokens = [], senderState, receiverState, senderChange, updateVaults, statedb } = context;
+	const senderStateTokens = senderState?.tokens || {};
+	const receiverStateTokens = receiverState?.tokens || {};
+	for (const { address, value } of senderTokens) {
+		const delta = new _ocap_util.BN(value);
+		senderStateTokens[address] = new _ocap_util.BN(senderStateTokens[address]).sub(delta).toString();
+		receiverStateTokens[address] = new _ocap_util.BN(receiverStateTokens[address] || "0").add(delta).toString();
+	}
+	for (const { address, value } of receiverTokens) {
+		const delta = new _ocap_util.BN(value);
+		senderStateTokens[address] = new _ocap_util.BN(senderStateTokens[address]).add(delta).toString();
+		receiverStateTokens[address] = new _ocap_util.BN(receiverStateTokens[address] || "0").sub(delta).toString();
+	}
+	const senderUpdates = senderChange ? require_util.applyTokenChange({ tokens: senderStateTokens }, senderChange) : { tokens: senderStateTokens };
+	const [newSenderState, newReceiverState] = await Promise.all([statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+		nonce: tx.nonce,
+		...senderUpdates
+	}, context), context), statedb.account.update(receiverState.address, _ocap_state.account.update(receiverState, { tokens: receiverStateTokens }, context), context)]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.receiverState = newReceiverState;
+	debug$1("exchange", {
+		from: tx.from,
+		to: itx.to,
+		sender: {
+			assets: senderAssets.length,
+			token: senderTokens.length
+		},
+		receiver: {
+			assets: receiverAssets.length,
+			token: receiverTokens.length
+		}
+	});
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var exchange_v2_default = runner;
+
+//#endregion
+exports.default = exchange_v2_default;

package/lib/protocols/trade/exchange-v2.d.cts

@@ -0,0 +1,9 @@
+//#region src/protocols/trade/exchange-v2.d.ts
+/** Token input - value can be string or number from decodeBigInt */
+interface TokenInput {
+  address: string;
+  value: string | number;
+}
+declare const runner: any;
+//#endregion
+export { TokenInput, runner as default };