@sip-protocol/sdk 0.8.0 → 0.9.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sip-protocol/sdk",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Core SDK for Shielded Intents Protocol - Privacy layer for cross-chain transactions",
   "author": "SIP Protocol <hello@sip-protocol.org>",
   "homepage": "https://sip-protocol.org",
@@ -78,7 +78,7 @@
     "@scure/base": "^2.0.0",
     "@scure/bip32": "^2.0.1",
     "@scure/bip39": "^2.0.1",
-    "@sip-protocol/types": "workspace:*",
+    "@sip-protocol/types": "^0.2.2",
     "@solana-program/compute-budget": "^0.11.0",
     "@solana-program/system": "^0.10.0",
     "@solana/compat": "^5.4.0",

package/src/chains/ethereum/constants.ts

@@ -129,7 +129,7 @@ export const ETHEREUM_TOKEN_CONTRACTS = {
   /** Tether USD */
   USDT: '0xdAC17F958D2ee523a2206206994597C13D831ec7',
   /** Dai Stablecoin */
-  DAI: '0x6B175474E89094C44Da98b954EescdeCB5bE3d830',
+  DAI: '0x6B175474E89094C44Da98b954EeDeAC495271d0F',
   /** Chainlink */
   LINK: '0x514910771AF9Ca656af840dff83E8264EcF986CA',
   /** Uniswap */
@@ -237,6 +237,38 @@ export const EIP5564_ANNOUNCER_ADDRESS = '0x55649E01B5Df198D18D95b5cc5051630cfD4
  */
 export const EIP5564_REGISTRY_ADDRESS = '0x6538E6bf4B0eBd30A8Ea10e318b7AEb51A8E4b5c'
 
+// ─── SIP Deployed Contract Addresses ──────────────────────────────────────────
+
+/**
+ * SIP Privacy contract addresses per network
+ * Deployed via Foundry Deploy.s.sol
+ */
+export const SIP_CONTRACT_ADDRESSES: Partial<Record<EthereumNetwork, {
+  sipPrivacy: string
+  pedersenVerifier: string
+  zkVerifier: string
+  stealthAddressRegistry: string
+}>> = {
+  sepolia: {
+    sipPrivacy: '0x0B0d06D6B5136d63Bd0817414E2D318999e50339',
+    pedersenVerifier: '0xEB14E9022A4c3DEED072DeC6b3858c19a00C87Db',
+    zkVerifier: '0x26988D988684627084e6ae113e0354f6bc56b126',
+    stealthAddressRegistry: '0x1f7f3edD264Cf255dD99Fd433eD9FADE427dEF99',
+  },
+  'optimism-sepolia': {
+    sipPrivacy: '0x0B0d06D6B5136d63Bd0817414E2D318999e50339',
+    pedersenVerifier: '0xEB14E9022A4c3DEED072DeC6b3858c19a00C87Db',
+    zkVerifier: '0x26988D988684627084e6ae113e0354f6bc56b126',
+    stealthAddressRegistry: '0x1f7f3edD264Cf255dD99Fd433eD9FADE427dEF99',
+  },
+  'base-sepolia': {
+    sipPrivacy: '0x0B0d06D6B5136d63Bd0817414E2D318999e50339',
+    pedersenVerifier: '0xEB14E9022A4c3DEED072DeC6b3858c19a00C87Db',
+    zkVerifier: '0x26988D988684627084e6ae113e0354f6bc56b126',
+    stealthAddressRegistry: '0x1f7f3edD264Cf255dD99Fd433eD9FADE427dEF99',
+  },
+}
+
 /**
  * SIP announcement event signature (for log filtering)
  * Announcement(uint256 indexed schemeId, address indexed stealthAddress, address indexed caller, bytes ephemeralPubKey, bytes metadata)

package/src/chains/ethereum/index.ts

@@ -39,6 +39,7 @@ export {
   isL2Network,
   isValidEthAddress,
   sanitizeUrl,
+  SIP_CONTRACT_ADDRESSES,
 } from './constants'
 
 // ─── Types ────────────────────────────────────────────────────────────────────
@@ -83,7 +84,7 @@ export {
   generateEthereumStealthAddress,
   deriveEthereumStealthPrivateKey,
   checkEthereumStealthAddress,
-  checkViewTag,
+  checkEthereumStealthByEthAddress,
   stealthPublicKeyToEthAddress,
   extractPublicKeys,
   createMetaAddressFromPublicKeys,

package/src/chains/ethereum/privacy-adapter.ts

@@ -8,6 +8,8 @@
  */
 
 import type { StealthMetaAddress, HexString, StealthAddress } from '@sip-protocol/types'
+import { secp256k1 } from '@noble/curves/secp256k1'
+import { hexToBytes, bytesToHex } from '@noble/hashes/utils'
 import {
   generateEthereumStealthMetaAddress,
   generateEthereumStealthAddress,
@@ -15,6 +17,8 @@ import {
   encodeEthereumStealthMetaAddress,
   deriveEthereumStealthPrivateKey,
   checkEthereumStealthAddress,
+  checkEthereumStealthByEthAddress,
+  stealthPublicKeyToEthAddress,
   type EthereumStealthMetaAddress,
   type EthereumStealthAddress,
 } from './stealth'
@@ -582,20 +586,17 @@ export class EthereumPrivacyAdapter {
 
       // Check each recipient
       for (const recipient of this.scanRecipients.values()) {
-        const isOwner = checkEthereumStealthAddress(
-          stealthAddress,
-          recipient.spendingPublicKey, // Note: need spending PRIVATE key for full check
-          recipient.viewingPrivateKey
+        // Use ETH address comparison since announcements store 20-byte addresses
+        // Returns the stealth private key if match found, null otherwise
+        const stealthPrivateKey = checkEthereumStealthByEthAddress(
+          announcement.stealthAddress,
+          announcement.ephemeralPublicKey,
+          announcement.viewTag,
+          recipient.spendingPrivateKey,
+          recipient.viewingPrivateKey,
         )
 
-        if (isOwner) {
-          // Derive stealth private key for claiming
-          const recovery = deriveEthereumStealthPrivateKey(
-            stealthAddress,
-            recipient.spendingPublicKey, // This should be spending PRIVATE key
-            recipient.viewingPrivateKey
-          )
-
+        if (stealthPrivateKey) {
           results.push({
             payment: {
               stealthAddress,
@@ -606,7 +607,7 @@ export class EthereumPrivacyAdapter {
               timestamp: announcement.timestamp,
             },
             recipient,
-            stealthPrivateKey: recovery.privateKey,
+            stealthPrivateKey,
           })
           break // Found owner, no need to check other recipients
         }
@@ -641,12 +642,26 @@ export class EthereumPrivacyAdapter {
    * @returns Built claim transaction
    */
   buildClaimTransaction(params: EthereumClaimParams): EthereumClaimBuild {
-    // Derive stealth private key
-    const recovery = deriveEthereumStealthPrivateKey(
-      params.stealthAddress,
-      params.spendingPrivateKey,
-      params.viewingPrivateKey
-    )
+    // Use pre-derived key if available (e.g. from scanning flow), otherwise derive
+    let stealthPrivateKey: HexString
+    let stealthEthAddress: HexString
+
+    if (params.stealthPrivateKey) {
+      stealthPrivateKey = params.stealthPrivateKey
+      stealthEthAddress = stealthPublicKeyToEthAddress(
+        ('0x' + bytesToHex(
+          secp256k1.getPublicKey(hexToBytes(params.stealthPrivateKey.slice(2)), true)
+        )) as HexString
+      )
+    } else {
+      const recovery = deriveEthereumStealthPrivateKey(
+        params.stealthAddress,
+        params.spendingPrivateKey,
+        params.viewingPrivateKey
+      )
+      stealthPrivateKey = recovery.privateKey
+      stealthEthAddress = recovery.ethAddress
+    }
 
     // Build transaction
     const amount = params.amount ?? 0n // Full balance if not specified
@@ -673,8 +688,8 @@ export class EthereumPrivacyAdapter {
     }
 
     return {
-      stealthEthAddress: recovery.ethAddress,
-      stealthPrivateKey: recovery.privateKey,
+      stealthEthAddress,
+      stealthPrivateKey,
       destinationAddress: params.destinationAddress,
       amount,
       tx,

package/src/chains/ethereum/stealth.ts

@@ -21,6 +21,7 @@ import type {
   StealthAddressRecovery,
   HexString,
 } from '@sip-protocol/types'
+import { secp256k1 } from '@noble/curves/secp256k1'
 import {
   generateSecp256k1StealthMetaAddress,
   generateSecp256k1StealthAddress,
@@ -28,6 +29,8 @@ import {
   checkSecp256k1StealthAddress,
   publicKeyToEthAddress,
 } from '../../stealth/secp256k1'
+import { sha256, hexToBytes, bytesToHex } from '../../stealth/utils'
+import { isValidPrivateKey } from '../../validation'
 import { ValidationError } from '../../errors'
 import { SECP256K1_SCHEME_ID } from './constants'
 
@@ -378,32 +381,80 @@ export function checkEthereumStealthAddress(
 }
 
 /**
- * Quick view tag check for efficient scanning
+ * Check if an Ethereum stealth address matches by ETH address comparison
  *
- * Before doing the full elliptic curve check, verify the view tag matches.
- * This is ~256x faster for non-matching addresses.
+ * Used when the announcement only contains the 20-byte ETH address (not the
+ * full 33-byte compressed public key). Derives the expected stealth public key,
+ * converts it to an ETH address, and compares.
  *
- * @param _announcement - The announcement to check (unused, for API compatibility)
- * @param _viewingPrivateKey - Recipient's viewing private key (unused)
- * @param _spendingPublicKey - Sender's spending public key (unused)
- * @returns True if view tag matches (address *might* be ours)
- *
- * @deprecated Use checkEthereumStealthAddress instead which handles everything
+ * @param ethAddress - The ETH address from the announcement (20 bytes)
+ * @param ephemeralPublicKey - Ephemeral public key from the announcement
+ * @param viewTag - View tag from the announcement
+ * @param spendingPublicKey - Recipient's spending public key
+ * @param viewingPrivateKey - Recipient's viewing private key
+ * @returns True if the address belongs to this recipient
  */
-export function checkViewTag(
-  _announcement: { ephemeralPublicKey: HexString; viewTag: number },
-  _viewingPrivateKey: HexString,
-  _spendingPublicKey: HexString
-): boolean {
-  // This is a simplified check - the full implementation would compute
-  // the shared secret and compare the first byte with the view tag.
-  // For efficiency, the secp256k1.checkSecp256k1StealthAddress already
-  // does the view tag check first, so we delegate to it with a minimal
-  // StealthAddress object.
-
-  // Note: This function is provided for API completeness but in practice,
-  // users should call checkEthereumStealthAddress which handles everything.
-  return true // Placeholder - actual implementation in checkEthereumStealthAddress
+export function checkEthereumStealthByEthAddress(
+  ethAddress: HexString,
+  ephemeralPublicKey: HexString,
+  viewTag: number,
+  spendingPrivateKey: HexString,
+  viewingPrivateKey: HexString,
+): HexString | null {
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      'must be a valid 32-byte hex string',
+      'spendingPrivateKey'
+    )
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      'must be a valid 32-byte hex string',
+      'viewingPrivateKey'
+    )
+  }
+
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2))
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2))
+  const ephemeralPubBytes = hexToBytes(ephemeralPublicKey.slice(2))
+
+  try {
+    // Compute shared secret: S = spendingPrivateKey * ephemeralPublicKey
+    // Mirrors generation: S = ephemeralPrivate * spendingPublic
+    const sharedSecretPoint = secp256k1.getSharedSecret(
+      spendingPrivBytes,
+      ephemeralPubBytes,
+    )
+    const sharedSecretHash = sha256(sharedSecretPoint)
+
+    // Quick view tag check
+    if (sharedSecretHash[0] !== viewTag) {
+      return null
+    }
+
+    // Derive stealth private key: viewingPriv + hash(S) mod n
+    // Mirrors generation: stealth = viewingPub + hash(S)*G
+    const viewingScalar = BigInt('0x' + bytesToHex(viewingPrivBytes))
+    const hashScalar = BigInt('0x' + bytesToHex(sharedSecretHash))
+    const stealthPrivScalar = (viewingScalar + hashScalar) % secp256k1.CURVE.n
+
+    // Compute expected public key from derived private key
+    const stealthPrivHex = stealthPrivScalar.toString(16).padStart(64, '0')
+    const stealthPrivKeyBytes = hexToBytes(stealthPrivHex)
+    const expectedPubKey = secp256k1.getPublicKey(stealthPrivKeyBytes, true)
+
+    // Convert to ETH address
+    const expectedPubKeyHex = ('0x' + bytesToHex(expectedPubKey)) as HexString
+    const expectedEthAddress = publicKeyToEthAddress(expectedPubKeyHex)
+
+    // Compare addresses (case-insensitive)
+    if (expectedEthAddress.toLowerCase() === ethAddress.toLowerCase()) {
+      return ('0x' + stealthPrivHex) as HexString
+    }
+    return null
+  } catch {
+    return null
+  }
 }
 
 // ─── Address Conversion ─────────────────────────────────────────────────────

package/src/chains/ethereum/types.ts

@@ -224,6 +224,8 @@ export interface EthereumClaimParams {
   spendingPrivateKey: HexString
   /** Destination address to receive funds */
   destinationAddress: HexString
+  /** Pre-derived stealth private key (skips derivation if provided, e.g. from scanning) */
+  stealthPrivateKey?: HexString
   /** Network */
   network?: EthereumNetwork
   /** RPC URL (overrides default) */
@@ -439,6 +441,8 @@ export interface EthereumScanRecipient {
   viewingPrivateKey: HexString
   /** Spending public key */
   spendingPublicKey: HexString
+  /** Spending private key (required for scanning and key derivation) */
+  spendingPrivateKey: HexString
   /** Optional label */
   label?: string
 }