@solana/web3.js 1.54.0 → 1.54.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@solana/web3.js",
-  "version": "1.54.0",
+  "version": "1.54.2",
   "description": "Solana Javascript API",
   "keywords": [
     "api",
@@ -36,29 +36,11 @@
     "/lib",
     "/src"
   ],
-  "scripts": {
-    "build": "npm run clean; cross-env NODE_ENV=production rollup -c; npm run type:gen",
-    "build:fixtures": "set -ex; ./test/fixtures/noop-program/build.sh",
-    "clean": "rimraf ./coverage ./lib",
-    "codecov": "set -ex; npm run test:cover; cat ./coverage/lcov.info | codecov",
-    "dev": "cross-env NODE_ENV=development rollup -c",
-    "doc": "set -ex; typedoc --treatWarningsAsErrors",
-    "type:gen": "./scripts/typegen.sh",
-    "lint": "set -ex; npm run pretty; eslint . --ext .js,.ts",
-    "lint:fix": "npm run pretty:fix && eslint . --fix --ext .js,.ts",
-    "type:check": "tsc -p tsconfig.json --noEmit",
-    "ok": "run-s lint test doc type:check",
-    "pretty": "prettier --check '{,{src,test}/**/}*.{j,t}s'",
-    "pretty:fix": "prettier --write '{,{src,test}/**/}*.{j,t}s'",
-    "re": "semantic-release --repository-url git@github.com:solana-labs/solana-web3.js.git",
-    "test": "cross-env TS_NODE_COMPILER_OPTIONS='{ \"module\": \"commonjs\", \"target\": \"es2019\" }' ts-mocha --require esm './test/**/*.test.ts'",
-    "test:cover": "nyc --reporter=lcov npm run test",
-    "test:live": "TEST_LIVE=1 npm run test",
-    "test:live-with-test-validator": "start-server-and-test 'solana-test-validator --reset --quiet' http://localhost:8899/health test:live"
-  },
   "dependencies": {
     "@babel/runtime": "^7.12.5",
-    "@ethersproject/sha2": "^5.5.0",
+    "@noble/ed25519": "^1.7.0",
+    "@noble/hashes": "^1.1.2",
+    "@noble/secp256k1": "^1.6.3",
     "@solana/buffer-layout": "^4.0.0",
     "bigint-buffer": "^1.1.5",
     "bn.js": "^5.0.0",
@@ -70,9 +52,7 @@
     "js-sha3": "^0.8.0",
     "node-fetch": "2",
     "rpc-websockets": "^7.5.0",
-    "secp256k1": "^4.0.2",
-    "superstruct": "^0.14.2",
-    "tweetnacl": "^1.0.3"
+    "superstruct": "^0.14.2"
   },
   "devDependencies": {
     "@babel/core": "^7.12.13",
@@ -100,7 +80,6 @@
     "@types/mz": "^2.7.3",
     "@types/node": "^17.0.24",
     "@types/node-fetch": "2",
-    "@types/secp256k1": "^4.0.1",
     "@types/sinon": "^10.0.0",
     "@types/sinon-chai": "^3.2.8",
     "@typescript-eslint/eslint-plugin": "^4.14.2",
@@ -139,5 +118,25 @@
   },
   "engines": {
     "node": ">=12.20.0"
+  },
+  "scripts": {
+    "build": "npm run clean; cross-env NODE_ENV=production rollup -c; npm run type:gen",
+    "build:fixtures": "set -ex; ./test/fixtures/noop-program/build.sh",
+    "clean": "rimraf ./coverage ./lib",
+    "codecov": "set -ex; npm run test:cover; cat ./coverage/lcov.info | codecov",
+    "dev": "cross-env NODE_ENV=development rollup -c",
+    "doc": "set -ex; typedoc --treatWarningsAsErrors",
+    "type:gen": "./scripts/typegen.sh",
+    "lint": "set -ex; npm run pretty; eslint . --ext .js,.ts",
+    "lint:fix": "npm run pretty:fix && eslint . --fix --ext .js,.ts",
+    "type:check": "tsc -p tsconfig.json --noEmit",
+    "ok": "run-s lint test doc type:check",
+    "pretty": "prettier --check '{,{src,test}/**/}*.{j,t}s'",
+    "pretty:fix": "prettier --write '{,{src,test}/**/}*.{j,t}s'",
+    "re": "semantic-release --repository-url git@github.com:solana-labs/solana-web3.js.git",
+    "test": "cross-env TS_NODE_COMPILER_OPTIONS='{ \"module\": \"commonjs\", \"target\": \"es2019\" }' ts-mocha --require esm './test/**/*.test.ts'",
+    "test:cover": "nyc --reporter=lcov npm run test",
+    "test:live": "TEST_LIVE=1 npm run test",
+    "test:live-with-test-validator": "start-server-and-test 'solana-test-validator --reset --quiet' http://localhost:8899/health test:live"
   }
-}
+}

package/src/account.ts

@@ -1,7 +1,6 @@
-import nacl from 'tweetnacl';
-import type {SignKeyPair as KeyPair} from 'tweetnacl';
-import type {Buffer} from 'buffer';
+import {Buffer} from 'buffer';
 
+import {generatePrivateKey, getPublicKey} from './utils/ed25519';
 import {toBuffer} from './utils/to-buffer';
 import {PublicKey} from './publickey';
 
@@ -12,7 +11,9 @@ import {PublicKey} from './publickey';
  */
 export class Account {
   /** @internal */
-  _keypair: KeyPair;
+  private _publicKey: Buffer;
+  /** @internal */
+  private _secretKey: Buffer;
 
   /**
    * Create a new Account object
@@ -24,9 +25,15 @@ export class Account {
    */
   constructor(secretKey?: Buffer | Uint8Array | Array<number>) {
     if (secretKey) {
-      this._keypair = nacl.sign.keyPair.fromSecretKey(toBuffer(secretKey));
+      const secretKeyBuffer = toBuffer(secretKey);
+      if (secretKey.length !== 64) {
+        throw new Error('bad secret key size');
+      }
+      this._publicKey = secretKeyBuffer.slice(32, 64);
+      this._secretKey = secretKeyBuffer.slice(0, 32);
     } else {
-      this._keypair = nacl.sign.keyPair();
+      this._secretKey = toBuffer(generatePrivateKey());
+      this._publicKey = toBuffer(getPublicKey(this._secretKey));
     }
   }
 
@@ -34,13 +41,15 @@ export class Account {
    * The public key for this account
    */
   get publicKey(): PublicKey {
-    return new PublicKey(this._keypair.publicKey);
+    return new PublicKey(this._publicKey);
   }
 
   /**
-   * The **unencrypted** secret key for this account
+   * The **unencrypted** secret key for this account. The first 32 bytes
+   * is the private scalar and the last 32 bytes is the public key.
+   * Read more: https://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
    */
   get secretKey(): Buffer {
-    return toBuffer(this._keypair.secretKey);
+    return Buffer.concat([this._secretKey, this._publicKey], 64);
   }
 }

package/src/keypair.ts

@@ -1,5 +1,4 @@
-import nacl from 'tweetnacl';
-
+import {generateKeypair, getPublicKey, Ed25519Keypair} from './utils/ed25519';
 import {PublicKey} from './publickey';
 
 /**
@@ -10,14 +9,6 @@ export interface Signer {
   secretKey: Uint8Array;
 }
 
-/**
- * Ed25519 Keypair
- */
-export interface Ed25519Keypair {
-  publicKey: Uint8Array;
-  secretKey: Uint8Array;
-}
-
 /**
  * An account keypair used for signing transactions.
  */
@@ -31,18 +22,14 @@ export class Keypair {
    * @param keypair ed25519 keypair
    */
   constructor(keypair?: Ed25519Keypair) {
-    if (keypair) {
-      this._keypair = keypair;
-    } else {
-      this._keypair = nacl.sign.keyPair();
-    }
+    this._keypair = keypair ?? generateKeypair();
   }
 
   /**
    * Generate a new random keypair
    */
   static generate(): Keypair {
-    return new Keypair(nacl.sign.keyPair());
+    return new Keypair(generateKeypair());
   }
 
   /**
@@ -61,16 +48,20 @@ export class Keypair {
     secretKey: Uint8Array,
     options?: {skipValidation?: boolean},
   ): Keypair {
-    const keypair = nacl.sign.keyPair.fromSecretKey(secretKey);
+    if (secretKey.byteLength !== 64) {
+      throw new Error('bad secret key size');
+    }
+    const publicKey = secretKey.slice(32, 64);
     if (!options || !options.skipValidation) {
-      const encoder = new TextEncoder();
-      const signData = encoder.encode('@solana/web3.js-validation-v1');
-      const signature = nacl.sign.detached(signData, keypair.secretKey);
-      if (!nacl.sign.detached.verify(signData, signature, keypair.publicKey)) {
-        throw new Error('provided secretKey is invalid');
+      const privateScalar = secretKey.slice(0, 32);
+      const computedPublicKey = getPublicKey(privateScalar);
+      for (let ii = 0; ii < 32; ii++) {
+        if (publicKey[ii] !== computedPublicKey[ii]) {
+          throw new Error('provided secretKey is invalid');
+        }
       }
     }
-    return new Keypair(keypair);
+    return new Keypair({publicKey, secretKey});
   }
 
   /**
@@ -79,7 +70,11 @@ export class Keypair {
    * @param seed seed byte array
    */
   static fromSeed(seed: Uint8Array): Keypair {
-    return new Keypair(nacl.sign.keyPair.fromSeed(seed));
+    const publicKey = getPublicKey(seed);
+    const secretKey = new Uint8Array(64);
+    secretKey.set(seed);
+    secretKey.set(publicKey, 32);
+    return new Keypair({publicKey, secretKey});
   }
 
   /**

package/src/message/legacy.ts

@@ -13,6 +13,7 @@ import {
   MessageAddressTableLookup,
   MessageCompiledInstruction,
 } from './index';
+import {guardedShift, guardedSplice} from '../utils/guarded-array-utils';
 
 /**
  * An instruction to execute by a program
@@ -232,7 +233,7 @@ export class Message {
     // Slice up wire data
     let byteArray = [...buffer];
 
-    const numRequiredSignatures = byteArray.shift() as number;
+    const numRequiredSignatures = guardedShift(byteArray);
     if (
       numRequiredSignatures !==
       (numRequiredSignatures & VERSION_PREFIX_MASK)
@@ -242,31 +243,27 @@ export class Message {
       );
     }
 
-    const numReadonlySignedAccounts = byteArray.shift() as number;
-    const numReadonlyUnsignedAccounts = byteArray.shift() as number;
+    const numReadonlySignedAccounts = guardedShift(byteArray);
+    const numReadonlyUnsignedAccounts = guardedShift(byteArray);
 
     const accountCount = shortvec.decodeLength(byteArray);
     let accountKeys = [];
     for (let i = 0; i < accountCount; i++) {
-      const account = byteArray.slice(0, PUBLIC_KEY_LENGTH);
-      byteArray = byteArray.slice(PUBLIC_KEY_LENGTH);
+      const account = guardedSplice(byteArray, 0, PUBLIC_KEY_LENGTH);
       accountKeys.push(bs58.encode(Buffer.from(account)));
     }
 
-    const recentBlockhash = byteArray.slice(0, PUBLIC_KEY_LENGTH);
-    byteArray = byteArray.slice(PUBLIC_KEY_LENGTH);
+    const recentBlockhash = guardedSplice(byteArray, 0, PUBLIC_KEY_LENGTH);
 
     const instructionCount = shortvec.decodeLength(byteArray);
     let instructions: CompiledInstruction[] = [];
     for (let i = 0; i < instructionCount; i++) {
-      const programIdIndex = byteArray.shift() as number;
+      const programIdIndex = guardedShift(byteArray);
       const accountCount = shortvec.decodeLength(byteArray);
-      const accounts = byteArray.slice(0, accountCount);
-      byteArray = byteArray.slice(accountCount);
+      const accounts = guardedSplice(byteArray, 0, accountCount);
       const dataLength = shortvec.decodeLength(byteArray);
-      const dataSlice = byteArray.slice(0, dataLength);
+      const dataSlice = guardedSplice(byteArray, 0, dataLength);
       const data = bs58.encode(Buffer.from(dataSlice));
-      byteArray = byteArray.slice(dataLength);
       instructions.push({
         programIdIndex,
         accounts,

package/src/message/v0.ts

@@ -12,6 +12,7 @@ import {PublicKey, PUBLIC_KEY_LENGTH} from '../publickey';
 import * as shortvec from '../utils/shortvec-encoding';
 import assert from '../utils/assert';
 import {PACKET_DATA_SIZE, VERSION_PREFIX_MASK} from '../transaction/constants';
+import {guardedShift, guardedSplice} from '../utils/guarded-array-utils';
 
 /**
  * Message constructor arguments
@@ -254,7 +255,7 @@ export class MessageV0 {
   static deserialize(serializedMessage: Uint8Array): MessageV0 {
     let byteArray = [...serializedMessage];
 
-    const prefix = byteArray.shift() as number;
+    const prefix = guardedShift(byteArray);
     const maskedPrefix = prefix & VERSION_PREFIX_MASK;
     assert(
       prefix !== maskedPrefix,
@@ -268,29 +269,35 @@ export class MessageV0 {
     );
 
     const header: MessageHeader = {
-      numRequiredSignatures: byteArray.shift() as number,
-      numReadonlySignedAccounts: byteArray.shift() as number,
-      numReadonlyUnsignedAccounts: byteArray.shift() as number,
+      numRequiredSignatures: guardedShift(byteArray),
+      numReadonlySignedAccounts: guardedShift(byteArray),
+      numReadonlyUnsignedAccounts: guardedShift(byteArray),
     };
 
     const staticAccountKeys = [];
     const staticAccountKeysLength = shortvec.decodeLength(byteArray);
     for (let i = 0; i < staticAccountKeysLength; i++) {
       staticAccountKeys.push(
-        new PublicKey(byteArray.splice(0, PUBLIC_KEY_LENGTH)),
+        new PublicKey(guardedSplice(byteArray, 0, PUBLIC_KEY_LENGTH)),
       );
     }
 
-    const recentBlockhash = bs58.encode(byteArray.splice(0, PUBLIC_KEY_LENGTH));
+    const recentBlockhash = bs58.encode(
+      guardedSplice(byteArray, 0, PUBLIC_KEY_LENGTH),
+    );
 
     const instructionCount = shortvec.decodeLength(byteArray);
     const compiledInstructions: MessageCompiledInstruction[] = [];
     for (let i = 0; i < instructionCount; i++) {
-      const programIdIndex = byteArray.shift() as number;
+      const programIdIndex = guardedShift(byteArray);
       const accountKeyIndexesLength = shortvec.decodeLength(byteArray);
-      const accountKeyIndexes = byteArray.splice(0, accountKeyIndexesLength);
+      const accountKeyIndexes = guardedSplice(
+        byteArray,
+        0,
+        accountKeyIndexesLength,
+      );
       const dataLength = shortvec.decodeLength(byteArray);
-      const data = new Uint8Array(byteArray.splice(0, dataLength));
+      const data = new Uint8Array(guardedSplice(byteArray, 0, dataLength));
       compiledInstructions.push({
         programIdIndex,
         accountKeyIndexes,
@@ -301,11 +308,21 @@ export class MessageV0 {
     const addressTableLookupsCount = shortvec.decodeLength(byteArray);
     const addressTableLookups: MessageAddressTableLookup[] = [];
     for (let i = 0; i < addressTableLookupsCount; i++) {
-      const accountKey = new PublicKey(byteArray.splice(0, PUBLIC_KEY_LENGTH));
+      const accountKey = new PublicKey(
+        guardedSplice(byteArray, 0, PUBLIC_KEY_LENGTH),
+      );
       const writableIndexesLength = shortvec.decodeLength(byteArray);
-      const writableIndexes = byteArray.splice(0, writableIndexesLength);
+      const writableIndexes = guardedSplice(
+        byteArray,
+        0,
+        writableIndexesLength,
+      );
       const readonlyIndexesLength = shortvec.decodeLength(byteArray);
-      const readonlyIndexes = byteArray.splice(0, readonlyIndexesLength);
+      const readonlyIndexes = guardedSplice(
+        byteArray,
+        0,
+        readonlyIndexesLength,
+      );
       addressTableLookups.push({
         accountKey,
         writableIndexes,

package/src/programs/ed25519.ts

@@ -1,11 +1,11 @@
 import {Buffer} from 'buffer';
 import * as BufferLayout from '@solana/buffer-layout';
-import nacl from 'tweetnacl';
 
 import {Keypair} from '../keypair';
 import {PublicKey} from '../publickey';
 import {TransactionInstruction} from '../transaction';
 import assert from '../utils/assert';
+import {sign} from '../utils/ed25519';
 
 const PRIVATE_KEY_BYTES = 64;
 const PUBLIC_KEY_BYTES = 32;
@@ -142,7 +142,7 @@ export class Ed25519Program {
     try {
       const keypair = Keypair.fromSecretKey(privateKey);
       const publicKey = keypair.publicKey.toBytes();
-      const signature = nacl.sign.detached(message, keypair.secretKey);
+      const signature = sign(message, keypair.secretKey);
 
       return this.createInstructionWithPublicKey({
         publicKey,

package/src/programs/secp256k1.ts

@@ -1,15 +1,13 @@
 import {Buffer} from 'buffer';
 import * as BufferLayout from '@solana/buffer-layout';
-import secp256k1 from 'secp256k1';
 import sha3 from 'js-sha3';
 
 import {PublicKey} from '../publickey';
 import {TransactionInstruction} from '../transaction';
 import assert from '../utils/assert';
+import {publicKeyCreate, ecdsaSign} from '../utils/secp256k1';
 import {toBuffer} from '../utils/to-buffer';
 
-const {publicKeyCreate, ecdsaSign} = secp256k1;
-
 const PRIVATE_KEY_BYTES = 32;
 const ETHEREUM_ADDRESS_BYTES = 20;
 const PUBLIC_KEY_BYTES = 64;
@@ -209,11 +207,14 @@ export class Secp256k1Program {
 
     try {
       const privateKey = toBuffer(pkey);
-      const publicKey = publicKeyCreate(privateKey, false).slice(1); // throw away leading byte
+      const publicKey = publicKeyCreate(
+        privateKey,
+        false /* isCompressed */,
+      ).slice(1); // throw away leading byte
       const messageHash = Buffer.from(
         sha3.keccak_256.update(toBuffer(message)).digest(),
       );
-      const {signature, recid: recoveryId} = ecdsaSign(messageHash, privateKey);
+      const [signature, recoveryId] = ecdsaSign(messageHash, privateKey);
 
       return this.createInstructionWithPublicKey({
         publicKey,

package/src/publickey.ts

@@ -1,9 +1,9 @@
 import BN from 'bn.js';
 import bs58 from 'bs58';
 import {Buffer} from 'buffer';
-import nacl from 'tweetnacl';
-import {sha256} from '@ethersproject/sha2';
+import {sha256} from '@noble/hashes/sha256';
 
+import {isOnCurve} from './utils/ed25519';
 import {Struct, SOLANA_SCHEMA} from './utils/borsh-schema';
 import {toBuffer} from './utils/to-buffer';
 
@@ -140,8 +140,8 @@ export class PublicKey extends Struct {
       Buffer.from(seed),
       programId.toBuffer(),
     ]);
-    const hash = sha256(new Uint8Array(buffer)).slice(2);
-    return new PublicKey(Buffer.from(hash, 'hex'));
+    const publicKeyBytes = sha256(buffer);
+    return new PublicKey(publicKeyBytes);
   }
 
   /**
@@ -164,9 +164,8 @@ export class PublicKey extends Struct {
       programId.toBuffer(),
       Buffer.from('ProgramDerivedAddress'),
     ]);
-    let hash = sha256(new Uint8Array(buffer)).slice(2);
-    let publicKeyBytes = new BN(hash, 16).toArray(undefined, 32);
-    if (is_on_curve(publicKeyBytes)) {
+    const publicKeyBytes = sha256(buffer);
+    if (isOnCurve(publicKeyBytes)) {
       throw new Error(`Invalid seeds, address must fall off the curve`);
     }
     return new PublicKey(publicKeyBytes);
@@ -229,7 +228,7 @@ export class PublicKey extends Struct {
    */
   static isOnCurve(pubkeyData: PublicKeyInitData): boolean {
     const pubkey = new PublicKey(pubkeyData);
-    return is_on_curve(pubkey.toBytes()) == 1;
+    return isOnCurve(pubkey.toBytes());
   }
 }
 
@@ -237,66 +236,3 @@ SOLANA_SCHEMA.set(PublicKey, {
   kind: 'struct',
   fields: [['_bn', 'u256']],
 });
-
-// @ts-ignore
-let naclLowLevel = nacl.lowlevel;
-
-// Check that a pubkey is on the curve.
-// This function and its dependents were sourced from:
-// https://github.com/dchest/tweetnacl-js/blob/f1ec050ceae0861f34280e62498b1d3ed9c350c6/nacl.js#L792
-function is_on_curve(p: any) {
-  var r = [
-    naclLowLevel.gf(),
-    naclLowLevel.gf(),
-    naclLowLevel.gf(),
-    naclLowLevel.gf(),
-  ];
-
-  var t = naclLowLevel.gf(),
-    chk = naclLowLevel.gf(),
-    num = naclLowLevel.gf(),
-    den = naclLowLevel.gf(),
-    den2 = naclLowLevel.gf(),
-    den4 = naclLowLevel.gf(),
-    den6 = naclLowLevel.gf();
-
-  naclLowLevel.set25519(r[2], gf1);
-  naclLowLevel.unpack25519(r[1], p);
-  naclLowLevel.S(num, r[1]);
-  naclLowLevel.M(den, num, naclLowLevel.D);
-  naclLowLevel.Z(num, num, r[2]);
-  naclLowLevel.A(den, r[2], den);
-
-  naclLowLevel.S(den2, den);
-  naclLowLevel.S(den4, den2);
-  naclLowLevel.M(den6, den4, den2);
-  naclLowLevel.M(t, den6, num);
-  naclLowLevel.M(t, t, den);
-
-  naclLowLevel.pow2523(t, t);
-  naclLowLevel.M(t, t, num);
-  naclLowLevel.M(t, t, den);
-  naclLowLevel.M(t, t, den);
-  naclLowLevel.M(r[0], t, den);
-
-  naclLowLevel.S(chk, r[0]);
-  naclLowLevel.M(chk, chk, den);
-  if (neq25519(chk, num)) naclLowLevel.M(r[0], r[0], I);
-
-  naclLowLevel.S(chk, r[0]);
-  naclLowLevel.M(chk, chk, den);
-  if (neq25519(chk, num)) return 0;
-  return 1;
-}
-let gf1 = naclLowLevel.gf([1]);
-let I = naclLowLevel.gf([
-  0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7,
-  0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83,
-]);
-function neq25519(a: any, b: any) {
-  var c = new Uint8Array(32),
-    d = new Uint8Array(32);
-  naclLowLevel.pack25519(c, a);
-  naclLowLevel.pack25519(d, b);
-  return naclLowLevel.crypto_verify_32(c, 0, d, 0);
-}

package/src/transaction/legacy.ts

@@ -1,4 +1,3 @@
-import nacl from 'tweetnacl';
 import bs58 from 'bs58';
 import {Buffer} from 'buffer';
 
@@ -12,6 +11,8 @@ import invariant from '../utils/assert';
 import type {Signer} from '../keypair';
 import type {Blockhash} from '../blockhash';
 import type {CompiledInstruction} from '../message';
+import {sign, verify} from '../utils/ed25519';
+import {guardedSplice} from '../utils/guarded-array-utils';
 
 /**
  * Transaction signature as base-58 encoded string
@@ -658,7 +659,7 @@ export class Transaction {
   _partialSign(message: Message, ...signers: Array<Signer>) {
     const signData = message.serialize();
     signers.forEach(signer => {
-      const signature = nacl.sign.detached(signData, signer.secretKey);
+      const signature = sign(signData, signer.secretKey);
       this._addSignature(signer.publicKey, toBuffer(signature));
     });
   }
@@ -706,9 +707,7 @@ export class Transaction {
           return false;
         }
       } else {
-        if (
-          !nacl.sign.detached.verify(signData, signature, publicKey.toBuffer())
-        ) {
+        if (!verify(signature, signData, publicKey.toBuffer())) {
           return false;
         }
       }
@@ -805,8 +804,7 @@ export class Transaction {
     const signatureCount = shortvec.decodeLength(byteArray);
     let signatures = [];
     for (let i = 0; i < signatureCount; i++) {
-      const signature = byteArray.slice(0, SIGNATURE_LENGTH_IN_BYTES);
-      byteArray = byteArray.slice(SIGNATURE_LENGTH_IN_BYTES);
+      const signature = guardedSplice(byteArray, 0, SIGNATURE_LENGTH_IN_BYTES);
       signatures.push(bs58.encode(Buffer.from(signature)));
     }
 

package/src/transaction/versioned.ts

@@ -1,4 +1,3 @@
-import nacl from 'tweetnacl';
 import * as BufferLayout from '@solana/buffer-layout';
 
 import {Signer} from '../keypair';
@@ -7,6 +6,8 @@ import {VersionedMessage} from '../message/versioned';
 import {SIGNATURE_LENGTH_IN_BYTES} from './constants';
 import * as shortvec from '../utils/shortvec-encoding';
 import * as Layout from '../layout';
+import {sign} from '../utils/ed25519';
+import {guardedSplice} from '../utils/guarded-array-utils';
 
 export type TransactionVersion = 'legacy' | 0;
 
@@ -77,7 +78,7 @@ export class VersionedTransaction {
     const signaturesLength = shortvec.decodeLength(byteArray);
     for (let i = 0; i < signaturesLength; i++) {
       signatures.push(
-        new Uint8Array(byteArray.splice(0, SIGNATURE_LENGTH_IN_BYTES)),
+        new Uint8Array(guardedSplice(byteArray, 0, SIGNATURE_LENGTH_IN_BYTES)),
       );
     }
 
@@ -99,10 +100,7 @@ export class VersionedTransaction {
         signerIndex >= 0,
         `Cannot sign with non signer key ${signer.publicKey.toBase58()}`,
       );
-      this.signatures[signerIndex] = nacl.sign.detached(
-        messageData,
-        signer.secretKey,
-      );
+      this.signatures[signerIndex] = sign(messageData, signer.secretKey);
     }
   }
 }

package/src/utils/ed25519.ts

@@ -0,0 +1,46 @@
+import {sha512} from '@noble/hashes/sha512';
+import * as ed25519 from '@noble/ed25519';
+
+/**
+ * A 64 byte secret key, the first 32 bytes of which is the
+ * private scalar and the last 32 bytes is the public key.
+ * Read more: https://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
+ */
+type Ed25519SecretKey = Uint8Array;
+
+/**
+ * Ed25519 Keypair
+ */
+export interface Ed25519Keypair {
+  publicKey: Uint8Array;
+  secretKey: Ed25519SecretKey;
+}
+
+ed25519.utils.sha512Sync = (...m) => sha512(ed25519.utils.concatBytes(...m));
+
+export const generatePrivateKey = ed25519.utils.randomPrivateKey;
+export const generateKeypair = (): Ed25519Keypair => {
+  const privateScalar = ed25519.utils.randomPrivateKey();
+  const publicKey = getPublicKey(privateScalar);
+  const secretKey = new Uint8Array(64);
+  secretKey.set(privateScalar);
+  secretKey.set(publicKey, 32);
+  return {
+    publicKey,
+    secretKey,
+  };
+};
+export const getPublicKey = ed25519.sync.getPublicKey;
+export function isOnCurve(publicKey: Uint8Array): boolean {
+  try {
+    ed25519.Point.fromHex(publicKey, true /* strict */);
+    return true;
+  } catch {
+    return false;
+  }
+}
+export const sign = (
+  message: Parameters<typeof ed25519.sync.sign>[0],
+  secretKey: Ed25519SecretKey,
+) => ed25519.sync.sign(message, secretKey.slice(0, 32));
+export const verify = ed25519.sync.verify;