@solana/web3.js 1.95.1 → 1.95.3

package/lib/index.iife.js

@@ -2853,6 +2853,10 @@ var solanaWeb3 = (function (exports) {
 	    if (!isBytes(item))
 	        throw new Error('Uint8Array expected');
 	}
+	function abool(title, value) {
+	    if (typeof value !== 'boolean')
+	        throw new Error(`${title} must be valid boolean, got "${value}".`);
+	}
 	// Array where index 0xf0 (240) is mapped to string 'f0'
 	const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
 	/**
@@ -2995,6 +2999,25 @@ var solanaWeb3 = (function (exports) {
 	        throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
 	    return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
 	}
+	// Is positive bigint
+	const isPosBig = (n) => typeof n === 'bigint' && _0n$5 <= n;
+	function inRange$1(n, min, max) {
+	    return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
+	}
+	/**
+	 * Asserts min <= n < max. NOTE: It's < max and not <= max.
+	 * @example
+	 * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)
+	 */
+	function aInRange(title, n, min, max) {
+	    // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?
+	    // consider P=256n, min=0n, max=P
+	    // - a for min=0 would require -1:          `inRange('x', x, -1n, P)`
+	    // - b would commonly require subtraction:  `inRange('x', x, 0n, P - 1n)`
+	    // - our way is the cleanest:               `inRange('x', x, 0n, P)
+	    if (!inRange$1(n, min, max))
+	        throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);
+	}
 	// Bit operations
 	/**
 	 * Calculates amount of bits in a bigint.
@@ -3125,9 +3148,32 @@ var solanaWeb3 = (function (exports) {
 	// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });
 	// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });
 	// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });
+	/**
+	 * throws not implemented error
+	 */
+	const notImplemented = () => {
+	    throw new Error('not implemented');
+	};
+	/**
+	 * Memoizes (caches) computation result.
+	 * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.
+	 */
+	function memoized(fn) {
+	    const map = new WeakMap();
+	    return (arg, ...args) => {
+	        const val = map.get(arg);
+	        if (val !== undefined)
+	            return val;
+	        const computed = fn(arg, ...args);
+	        map.set(arg, computed);
+	        return computed;
+	    };
+	}
 
 	var ut = /*#__PURE__*/Object.freeze({
 		__proto__: null,
+		aInRange: aInRange,
+		abool: abool,
 		abytes: abytes,
 		bitGet: bitGet,
 		bitLen: bitLen,
@@ -3142,7 +3188,10 @@ var solanaWeb3 = (function (exports) {
 		equalBytes: equalBytes,
 		hexToBytes: hexToBytes,
 		hexToNumber: hexToNumber,
+		inRange: inRange$1,
 		isBytes: isBytes,
+		memoized: memoized,
+		notImplemented: notImplemented,
 		numberToBytesBE: numberToBytesBE,
 		numberToBytesLE: numberToBytesLE,
 		numberToHexUnpadded: numberToHexUnpadded,
@@ -3401,6 +3450,9 @@ var solanaWeb3 = (function (exports) {
 	 * * a) denormalized operations like mulN instead of mul
 	 * * b) same object shape: never add or remove keys
 	 * * c) Object.freeze
+	 * NOTE: operations don't check 'isValid' for all elements for performance reasons,
+	 * it is caller responsibility to check this.
+	 * This is low-level code, please make sure you know what you doing.
 	 * @param ORDER prime positive bigint
 	 * @param bitLen how many bits the field consumes
 	 * @param isLE (def: false) if encoding / decoding should be in little-endian
@@ -3509,6 +3561,10 @@ var solanaWeb3 = (function (exports) {
 	// Abelian group utilities
 	const _0n$3 = BigInt(0);
 	const _1n$5 = BigInt(1);
+	// Since points in different groups cannot be equal (different object constructor),
+	// we can have single place to store precomputes
+	const pointPrecomputes = new WeakMap();
+	const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)
 	// Elliptic curve multiplication of Point by scalar. Fragile.
 	// Scalars should always be less than curve order: this should be checked inside of a curve itself.
 	// Creates precomputation tables for fast multiplication:
@@ -3525,7 +3581,12 @@ var solanaWeb3 = (function (exports) {
 	        const neg = item.negate();
 	        return condition ? neg : item;
 	    };
+	    const validateW = (W) => {
+	        if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
+	            throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);
+	    };
 	    const opts = (W) => {
+	        validateW(W);
 	        const windows = Math.ceil(bits / W) + 1; // +1, because
 	        const windowSize = 2 ** (W - 1); // -1 because we skip zero
 	        return { windows, windowSize };
@@ -3625,19 +3686,25 @@ var solanaWeb3 = (function (exports) {
 	            // which makes it less const-time: around 1 bigint multiply.
 	            return { p, f };
 	        },
-	        wNAFCached(P, precomputesMap, n, transform) {
-	            // @ts-ignore
-	            const W = P._WINDOW_SIZE || 1;
+	        wNAFCached(P, n, transform) {
+	            const W = pointWindowSizes.get(P) || 1;
 	            // Calculate precomputes on a first run, reuse them after
-	            let comp = precomputesMap.get(P);
+	            let comp = pointPrecomputes.get(P);
 	            if (!comp) {
 	                comp = this.precomputeWindow(P, W);
-	                if (W !== 1) {
-	                    precomputesMap.set(P, transform(comp));
-	                }
+	                if (W !== 1)
+	                    pointPrecomputes.set(P, transform(comp));
 	            }
 	            return this.wNAF(W, comp, n);
 	        },
+	        // We calculate precomputes for elliptic curve point multiplication
+	        // using windowed method. This specifies window size and
+	        // stores precomputed values. Usually only base point would be precomputed.
+	        setWindowSize(P, W) {
+	            validateW(W);
+	            pointWindowSizes.set(P, W);
+	            pointPrecomputes.delete(P);
+	        },
 	    };
 	}
 	function validateBasic(curve) {
@@ -3682,7 +3749,13 @@ var solanaWeb3 = (function (exports) {
 	    // Set defaults
 	    return Object.freeze({ ...opts });
 	}
-	// It is not generic twisted curve for now, but ed25519/ed448 generic implementation
+	/**
+	 * Creates Twisted Edwards curve with EdDSA signatures.
+	 * @example
+	 * import { Field } from '@noble/curves/abstract/modular';
+	 * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h
+	 * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h })
+	 */
 	function twistedEdwards(curveDef) {
 	    const CURVE = validateOpts$1(curveDef);
 	    const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;
@@ -3701,28 +3774,59 @@ var solanaWeb3 = (function (exports) {
 	    const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP
 	    const domain = CURVE.domain ||
 	        ((data, ctx, phflag) => {
+	            abool('phflag', phflag);
 	            if (ctx.length || phflag)
 	                throw new Error('Contexts/pre-hash are not supported');
 	            return data;
 	        }); // NOOP
-	    const inBig = (n) => typeof n === 'bigint' && _0n$2 < n; // n in [1..]
-	    const inRange = (n, max) => inBig(n) && inBig(max) && n < max; // n in [1..max-1]
-	    const in0MaskRange = (n) => n === _0n$2 || inRange(n, MASK); // n in [0..MASK-1]
-	    function assertInRange(n, max) {
-	        // n in [1..max-1]
-	        if (inRange(n, max))
-	            return n;
-	        throw new Error(`Expected valid scalar < ${max}, got ${typeof n} ${n}`);
-	    }
-	    function assertGE0(n) {
-	        // n in [0..CURVE_ORDER-1]
-	        return n === _0n$2 ? n : assertInRange(n, CURVE_ORDER); // GE = prime subgroup, not full group
-	    }
-	    const pointPrecomputes = new Map();
-	    function isPoint(other) {
+	    // 0 <= n < MASK
+	    // Coordinates larger than Fp.ORDER are allowed for zip215
+	    function aCoordinate(title, n) {
+	        aInRange('coordinate ' + title, n, _0n$2, MASK);
+	    }
+	    function assertPoint(other) {
 	        if (!(other instanceof Point))
 	            throw new Error('ExtendedPoint expected');
 	    }
+	    // Converts Extended point to default (x, y) coordinates.
+	    // Can accept precomputed Z^-1 - for example, from invertBatch.
+	    const toAffineMemo = memoized((p, iz) => {
+	        const { ex: x, ey: y, ez: z } = p;
+	        const is0 = p.is0();
+	        if (iz == null)
+	            iz = is0 ? _8n$1 : Fp.inv(z); // 8 was chosen arbitrarily
+	        const ax = modP(x * iz);
+	        const ay = modP(y * iz);
+	        const zz = modP(z * iz);
+	        if (is0)
+	            return { x: _0n$2, y: _1n$4 };
+	        if (zz !== _1n$4)
+	            throw new Error('invZ was invalid');
+	        return { x: ax, y: ay };
+	    });
+	    const assertValidMemo = memoized((p) => {
+	        const { a, d } = CURVE;
+	        if (p.is0())
+	            throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?
+	        // Equation in affine coordinates: ax² + y² = 1 + dx²y²
+	        // Equation in projective coordinates (X/Z, Y/Z, Z):  (aX² + Y²)Z² = Z⁴ + dX²Y²
+	        const { ex: X, ey: Y, ez: Z, et: T } = p;
+	        const X2 = modP(X * X); // X²
+	        const Y2 = modP(Y * Y); // Y²
+	        const Z2 = modP(Z * Z); // Z²
+	        const Z4 = modP(Z2 * Z2); // Z⁴
+	        const aX2 = modP(X2 * a); // aX²
+	        const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²
+	        const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²
+	        if (left !== right)
+	            throw new Error('bad point: equation left != right (1)');
+	        // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T
+	        const XY = modP(X * Y);
+	        const ZT = modP(Z * T);
+	        if (XY !== ZT)
+	            throw new Error('bad point: equation left != right (2)');
+	        return true;
+	    });
 	    // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy).
 	    // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates
 	    class Point {
@@ -3731,14 +3835,11 @@ var solanaWeb3 = (function (exports) {
 	            this.ey = ey;
 	            this.ez = ez;
 	            this.et = et;
-	            if (!in0MaskRange(ex))
-	                throw new Error('x required');
-	            if (!in0MaskRange(ey))
-	                throw new Error('y required');
-	            if (!in0MaskRange(ez))
-	                throw new Error('z required');
-	            if (!in0MaskRange(et))
-	                throw new Error('t required');
+	            aCoordinate('x', ex);
+	            aCoordinate('y', ey);
+	            aCoordinate('z', ez);
+	            aCoordinate('t', et);
+	            Object.freeze(this);
 	        }
 	        get x() {
 	            return this.toAffine().x;
@@ -3750,8 +3851,8 @@ var solanaWeb3 = (function (exports) {
 	            if (p instanceof Point)
 	                throw new Error('extended point not allowed');
 	            const { x, y } = p || {};
-	            if (!in0MaskRange(x) || !in0MaskRange(y))
-	                throw new Error('invalid affine point');
+	            aCoordinate('x', x);
+	            aCoordinate('y', y);
 	            return new Point(x, y, _1n$4, modP(x * y));
 	        }
 	        static normalizeZ(points) {
@@ -3760,36 +3861,16 @@ var solanaWeb3 = (function (exports) {
 	        }
 	        // "Private method", don't use it directly
 	        _setWindowSize(windowSize) {
-	            this._WINDOW_SIZE = windowSize;
-	            pointPrecomputes.delete(this);
+	            wnaf.setWindowSize(this, windowSize);
 	        }
 	        // Not required for fromHex(), which always creates valid points.
 	        // Could be useful for fromAffine().
 	        assertValidity() {
-	            const { a, d } = CURVE;
-	            if (this.is0())
-	                throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?
-	            // Equation in affine coordinates: ax² + y² = 1 + dx²y²
-	            // Equation in projective coordinates (X/Z, Y/Z, Z):  (aX² + Y²)Z² = Z⁴ + dX²Y²
-	            const { ex: X, ey: Y, ez: Z, et: T } = this;
-	            const X2 = modP(X * X); // X²
-	            const Y2 = modP(Y * Y); // Y²
-	            const Z2 = modP(Z * Z); // Z²
-	            const Z4 = modP(Z2 * Z2); // Z⁴
-	            const aX2 = modP(X2 * a); // aX²
-	            const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²
-	            const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²
-	            if (left !== right)
-	                throw new Error('bad point: equation left != right (1)');
-	            // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T
-	            const XY = modP(X * Y);
-	            const ZT = modP(Z * T);
-	            if (XY !== ZT)
-	                throw new Error('bad point: equation left != right (2)');
+	            assertValidMemo(this);
 	        }
 	        // Compare one point to another.
 	        equals(other) {
-	            isPoint(other);
+	            assertPoint(other);
 	            const { ex: X1, ey: Y1, ez: Z1 } = this;
 	            const { ex: X2, ey: Y2, ez: Z2 } = other;
 	            const X1Z2 = modP(X1 * Z2);
@@ -3830,7 +3911,7 @@ var solanaWeb3 = (function (exports) {
 	        // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd
 	        // Cost: 9M + 1*a + 1*d + 7add.
 	        add(other) {
-	            isPoint(other);
+	            assertPoint(other);
 	            const { a, d } = CURVE;
 	            const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;
 	            const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;
@@ -3873,11 +3954,13 @@ var solanaWeb3 = (function (exports) {
 	            return this.add(other.negate());
 	        }
 	        wNAF(n) {
-	            return wnaf.wNAFCached(this, pointPrecomputes, n, Point.normalizeZ);
+	            return wnaf.wNAFCached(this, n, Point.normalizeZ);
 	        }
 	        // Constant-time multiplication.
 	        multiply(scalar) {
-	            const { p, f } = this.wNAF(assertInRange(scalar, CURVE_ORDER));
+	            const n = scalar;
+	            aInRange('scalar', n, _1n$4, CURVE_ORDER); // 1 <= scalar < L
+	            const { p, f } = this.wNAF(n);
 	            return Point.normalizeZ([p, f])[0];
 	        }
 	        // Non-constant-time multiplication. Uses double-and-add algorithm.
@@ -3885,7 +3968,8 @@ var solanaWeb3 = (function (exports) {
 	        // an exposed private key e.g. sig verification.
 	        // Does NOT allow scalars higher than CURVE.n.
 	        multiplyUnsafe(scalar) {
-	            let n = assertGE0(scalar); // 0 <= scalar < CURVE.n
+	            const n = scalar;
+	            aInRange('scalar', n, _0n$2, CURVE_ORDER); // 0 <= scalar < L
 	            if (n === _0n$2)
 	                return I;
 	            if (this.equals(I) || n === _1n$4)
@@ -3909,18 +3993,7 @@ var solanaWeb3 = (function (exports) {
 	        // Converts Extended point to default (x, y) coordinates.
 	        // Can accept precomputed Z^-1 - for example, from invertBatch.
 	        toAffine(iz) {
-	            const { ex: x, ey: y, ez: z } = this;
-	            const is0 = this.is0();
-	            if (iz == null)
-	                iz = is0 ? _8n$1 : Fp.inv(z); // 8 was chosen arbitrarily
-	            const ax = modP(x * iz);
-	            const ay = modP(y * iz);
-	            const zz = modP(z * iz);
-	            if (is0)
-	                return { x: _0n$2, y: _1n$4 };
-	            if (zz !== _1n$4)
-	                throw new Error('invZ was invalid');
-	            return { x: ax, y: ay };
+	            return toAffineMemo(this, iz);
 	        }
 	        clearCofactor() {
 	            const { h: cofactor } = CURVE;
@@ -3934,18 +4007,16 @@ var solanaWeb3 = (function (exports) {
 	            const { d, a } = CURVE;
 	            const len = Fp.BYTES;
 	            hex = ensureBytes('pointHex', hex, len); // copy hex to a new array
+	            abool('zip215', zip215);
 	            const normed = hex.slice(); // copy again, we'll manipulate it
 	            const lastByte = hex[len - 1]; // select last byte
 	            normed[len - 1] = lastByte & ~0x80; // clear last bit
 	            const y = bytesToNumberLE(normed);
-	            if (y === _0n$2) ;
-	            else {
-	                // RFC8032 prohibits >= p, but ZIP215 doesn't
-	                if (zip215)
-	                    assertInRange(y, MASK); // zip215=true [1..P-1] (2^255-19-1 for ed25519)
-	                else
-	                    assertInRange(y, Fp.ORDER); // zip215=false [1..MASK-1] (2^256-1 for ed25519)
-	            }
+	            // RFC8032 prohibits >= p, but ZIP215 doesn't
+	            // zip215=true:  0 <= y < MASK (2^256 for ed25519)
+	            // zip215=false: 0 <= y < P (2^255-19 for ed25519)
+	            const max = zip215 ? MASK : Fp.ORDER;
+	            aInRange('pointHex.y', y, _0n$2, max);
 	            // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:
 	            // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)
 	            const y2 = modP(y * y); // denominator is always non-0 mod p.
@@ -4020,7 +4091,7 @@ var solanaWeb3 = (function (exports) {
 	        const R = G.multiply(r).toRawBytes(); // R = rG
 	        const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R || A || PH(M)
 	        const s = modN(r + k * scalar); // S = (r + k * s) mod L
-	        assertGE0(s); // 0 <= s < l
+	        aInRange('signature.s', s, _0n$2, CURVE_ORDER); // 0 <= s < l
 	        const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES));
 	        return ensureBytes('result', res, nByteLength * 2); // 64-byte signature
 	    }
@@ -4030,6 +4101,8 @@ var solanaWeb3 = (function (exports) {
 	        const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.
 	        sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.
 	        msg = ensureBytes('message', msg);
+	        if (zip215 !== undefined)
+	            abool('zip215', zip215);
 	        if (prehash)
 	            msg = prehash(msg); // for ed25519ph, etc
 	        const s = bytesToNumberLE(sig.slice(len, 2 * len));
@@ -4168,6 +4241,9 @@ var solanaWeb3 = (function (exports) {
 	    // Constant-time, u/√v
 	    uvRatio,
 	}))();
+	/**
+	 * ed25519 curve with EdDSA signatures.
+	 */
 	const ed25519 = /* @__PURE__ */ (() => twistedEdwards(ed25519Defaults))();
 
 	/**
@@ -14191,7 +14267,7 @@ var solanaWeb3 = (function (exports) {
 	      isSigner: false,
 	      isWritable: true
 	    }];
-	    if (params.basePubkey != params.fromPubkey) {
+	    if (!params.basePubkey.equals(params.fromPubkey)) {
 	      keys.push({
 	        pubkey: params.basePubkey,
 	        isSigner: true,
@@ -18538,7 +18614,7 @@ var solanaWeb3 = (function (exports) {
 
 	/** @internal */
 	const COMMON_HTTP_HEADERS = {
-	  'solana-client': `js/${"0.0.0-development" }`
+	  'solana-client': `js/${"1.0.0-maintenance"}`
 	};
 
 	/**
@@ -22399,6 +22475,12 @@ var solanaWeb3 = (function (exports) {
 
 	/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 	// Short Weierstrass curve. The formula is: y² = x³ + ax + b
+	function validateSigVerOpts(opts) {
+	    if (opts.lowS !== undefined)
+	        abool('lowS', opts.lowS);
+	    if (opts.prehash !== undefined)
+	        abool('prehash', opts.prehash);
+	}
 	function validatePointOpts(curve) {
 	    const opts = validateBasic(curve);
 	    validateObject(opts, {
@@ -22523,16 +22605,12 @@ var solanaWeb3 = (function (exports) {
 	        throw new Error('bad generator point: equation left != right');
 	    // Valid group elements reside in range 1..n-1
 	    function isWithinCurveOrder(num) {
-	        return typeof num === 'bigint' && _0n < num && num < CURVE.n;
-	    }
-	    function assertGE(num) {
-	        if (!isWithinCurveOrder(num))
-	            throw new Error('Expected valid bigint: 0 < bigint < curve.n');
+	        return inRange$1(num, _1n$1, CURVE.n);
 	    }
 	    // Validates if priv key is valid and converts it to bigint.
 	    // Supports options allowedPrivateKeyLengths and wrapPrivateKey.
 	    function normPrivateKeyToScalar(key) {
-	        const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
+	        const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;
 	        if (lengths && typeof key !== 'bigint') {
 	            if (isBytes(key))
 	                key = bytesToHex(key);
@@ -22552,15 +22630,61 @@ var solanaWeb3 = (function (exports) {
 	            throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
 	        }
 	        if (wrapPrivateKey)
-	            num = mod(num, n); // disabled by default, enabled for BLS
-	        assertGE(num); // num in range [1..N-1]
+	            num = mod(num, N); // disabled by default, enabled for BLS
+	        aInRange('private key', num, _1n$1, N); // num in range [1..N-1]
 	        return num;
 	    }
-	    const pointPrecomputes = new Map();
 	    function assertPrjPoint(other) {
 	        if (!(other instanceof Point))
 	            throw new Error('ProjectivePoint expected');
 	    }
+	    // Memoized toAffine / validity check. They are heavy. Points are immutable.
+	    // Converts Projective point to affine (x, y) coordinates.
+	    // Can accept precomputed Z^-1 - for example, from invertBatch.
+	    // (x, y, z) ∋ (x=x/z, y=y/z)
+	    const toAffineMemo = memoized((p, iz) => {
+	        const { px: x, py: y, pz: z } = p;
+	        // Fast-path for normalized points
+	        if (Fp.eql(z, Fp.ONE))
+	            return { x, y };
+	        const is0 = p.is0();
+	        // If invZ was 0, we return zero point. However we still want to execute
+	        // all operations, so we replace invZ with a random number, 1.
+	        if (iz == null)
+	            iz = is0 ? Fp.ONE : Fp.inv(z);
+	        const ax = Fp.mul(x, iz);
+	        const ay = Fp.mul(y, iz);
+	        const zz = Fp.mul(z, iz);
+	        if (is0)
+	            return { x: Fp.ZERO, y: Fp.ZERO };
+	        if (!Fp.eql(zz, Fp.ONE))
+	            throw new Error('invZ was invalid');
+	        return { x: ax, y: ay };
+	    });
+	    // NOTE: on exception this will crash 'cached' and no value will be set.
+	    // Otherwise true will be return
+	    const assertValidMemo = memoized((p) => {
+	        if (p.is0()) {
+	            // (0, 1, 0) aka ZERO is invalid in most contexts.
+	            // In BLS, ZERO can be serialized, so we allow it.
+	            // (0, 0, 0) is wrong representation of ZERO and is always invalid.
+	            if (CURVE.allowInfinityPoint && !Fp.is0(p.py))
+	                return;
+	            throw new Error('bad point: ZERO');
+	        }
+	        // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`
+	        const { x, y } = p.toAffine();
+	        // Check if x, y are valid field elements
+	        if (!Fp.isValid(x) || !Fp.isValid(y))
+	            throw new Error('bad point: x or y not FE');
+	        const left = Fp.sqr(y); // y²
+	        const right = weierstrassEquation(x); // x³ + ax + b
+	        if (!Fp.eql(left, right))
+	            throw new Error('bad point: equation left != right');
+	        if (!p.isTorsionFree())
+	            throw new Error('bad point: not in prime-order subgroup');
+	        return true;
+	    });
 	    /**
 	     * Projective Point works in 3d / projective (homogeneous) coordinates: (x, y, z) ∋ (x=x/z, y=y/z)
 	     * Default Point works in 2d / affine coordinates: (x, y)
@@ -22577,6 +22701,7 @@ var solanaWeb3 = (function (exports) {
 	                throw new Error('y required');
 	            if (pz == null || !Fp.isValid(pz))
 	                throw new Error('z required');
+	            Object.freeze(this);
 	        }
 	        // Does not validate if the point is on-curve.
 	        // Use fromHex instead, or call assertValidity() later.
@@ -22623,30 +22748,11 @@ var solanaWeb3 = (function (exports) {
 	        }
 	        // "Private method", don't use it directly
 	        _setWindowSize(windowSize) {
-	            this._WINDOW_SIZE = windowSize;
-	            pointPrecomputes.delete(this);
+	            wnaf.setWindowSize(this, windowSize);
 	        }
 	        // A point on curve is valid if it conforms to equation.
 	        assertValidity() {
-	            if (this.is0()) {
-	                // (0, 1, 0) aka ZERO is invalid in most contexts.
-	                // In BLS, ZERO can be serialized, so we allow it.
-	                // (0, 0, 0) is wrong representation of ZERO and is always invalid.
-	                if (CURVE.allowInfinityPoint && !Fp.is0(this.py))
-	                    return;
-	                throw new Error('bad point: ZERO');
-	            }
-	            // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`
-	            const { x, y } = this.toAffine();
-	            // Check if x, y are valid field elements
-	            if (!Fp.isValid(x) || !Fp.isValid(y))
-	                throw new Error('bad point: x or y not FE');
-	            const left = Fp.sqr(y); // y²
-	            const right = weierstrassEquation(x); // x³ + ax + b
-	            if (!Fp.eql(left, right))
-	                throw new Error('bad point: equation left != right');
-	            if (!this.isTorsionFree())
-	                throw new Error('bad point: not in prime-order subgroup');
+	            assertValidMemo(this);
 	        }
 	        hasEvenY() {
 	            const { y } = this.toAffine();
@@ -22773,28 +22879,25 @@ var solanaWeb3 = (function (exports) {
 	            return this.equals(Point.ZERO);
 	        }
 	        wNAF(n) {
-	            return wnaf.wNAFCached(this, pointPrecomputes, n, (comp) => {
-	                const toInv = Fp.invertBatch(comp.map((p) => p.pz));
-	                return comp.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);
-	            });
+	            return wnaf.wNAFCached(this, n, Point.normalizeZ);
 	        }
 	        /**
 	         * Non-constant-time multiplication. Uses double-and-add algorithm.
 	         * It's faster, but should only be used when you don't care about
 	         * an exposed private key e.g. sig verification, which works over *public* keys.
 	         */
-	        multiplyUnsafe(n) {
+	        multiplyUnsafe(sc) {
+	            aInRange('scalar', sc, _0n, CURVE.n);
 	            const I = Point.ZERO;
-	            if (n === _0n)
+	            if (sc === _0n)
 	                return I;
-	            assertGE(n); // Will throw on 0
-	            if (n === _1n$1)
+	            if (sc === _1n$1)
 	                return this;
 	            const { endo } = CURVE;
 	            if (!endo)
-	                return wnaf.unsafeLadder(this, n);
+	                return wnaf.unsafeLadder(this, sc);
 	            // Apply endomorphism
-	            let { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
+	            let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
 	            let k1p = I;
 	            let k2p = I;
 	            let d = this;
@@ -22824,12 +22927,11 @@ var solanaWeb3 = (function (exports) {
 	         * @returns New point
 	         */
 	        multiply(scalar) {
-	            assertGE(scalar);
-	            let n = scalar;
+	            const { endo, n: N } = CURVE;
+	            aInRange('scalar', scalar, _1n$1, N);
 	            let point, fake; // Fake point is used to const-time mult
-	            const { endo } = CURVE;
 	            if (endo) {
-	                const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
+	                const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);
 	                let { p: k1p, f: f1p } = this.wNAF(k1);
 	                let { p: k2p, f: f2p } = this.wNAF(k2);
 	                k1p = wnaf.constTimeNegate(k1neg, k1p);
@@ -22839,7 +22941,7 @@ var solanaWeb3 = (function (exports) {
 	                fake = f1p.add(f2p);
 	            }
 	            else {
-	                const { p, f } = this.wNAF(n);
+	                const { p, f } = this.wNAF(scalar);
 	                point = p;
 	                fake = f;
 	            }
@@ -22863,20 +22965,7 @@ var solanaWeb3 = (function (exports) {
 	        // Can accept precomputed Z^-1 - for example, from invertBatch.
 	        // (x, y, z) ∋ (x=x/z, y=y/z)
 	        toAffine(iz) {
-	            const { px: x, py: y, pz: z } = this;
-	            const is0 = this.is0();
-	            // If invZ was 0, we return zero point. However we still want to execute
-	            // all operations, so we replace invZ with a random number, 1.
-	            if (iz == null)
-	                iz = is0 ? Fp.ONE : Fp.inv(z);
-	            const ax = Fp.mul(x, iz);
-	            const ay = Fp.mul(y, iz);
-	            const zz = Fp.mul(z, iz);
-	            if (is0)
-	                return { x: Fp.ZERO, y: Fp.ZERO };
-	            if (!Fp.eql(zz, Fp.ONE))
-	                throw new Error('invZ was invalid');
-	            return { x: ax, y: ay };
+	            return toAffineMemo(this, iz);
 	        }
 	        isTorsionFree() {
 	            const { h: cofactor, isTorsionFree } = CURVE;
@@ -22895,10 +22984,12 @@ var solanaWeb3 = (function (exports) {
 	            return this.multiplyUnsafe(CURVE.h);
 	        }
 	        toRawBytes(isCompressed = true) {
+	            abool('isCompressed', isCompressed);
 	            this.assertValidity();
 	            return toBytes(Point, this, isCompressed);
 	        }
 	        toHex(isCompressed = true) {
+	            abool('isCompressed', isCompressed);
 	            return bytesToHex(this.toRawBytes(isCompressed));
 	        }
 	    }
@@ -22928,14 +23019,18 @@ var solanaWeb3 = (function (exports) {
 	    });
 	    return Object.freeze({ lowS: true, ...opts });
 	}
+	/**
+	 * Creates short weierstrass curve and ECDSA signature methods for it.
+	 * @example
+	 * import { Field } from '@noble/curves/abstract/modular';
+	 * // Before that, define BigInt-s: a, b, p, n, Gx, Gy
+	 * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n })
+	 */
 	function weierstrass(curveDef) {
 	    const CURVE = validateOpts(curveDef);
 	    const { Fp, n: CURVE_ORDER } = CURVE;
 	    const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32
 	    const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32
-	    function isValidFieldElement(num) {
-	        return _0n < num && num < Fp.ORDER; // 0 is banned since it's not invertible FE
-	    }
 	    function modN(a) {
 	        return mod(a, CURVE_ORDER);
 	    }
@@ -22948,6 +23043,7 @@ var solanaWeb3 = (function (exports) {
 	            const a = point.toAffine();
 	            const x = Fp.toBytes(a.x);
 	            const cat = concatBytes;
+	            abool('isCompressed', isCompressed);
 	            if (isCompressed) {
 	                return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);
 	            }
@@ -22962,7 +23058,7 @@ var solanaWeb3 = (function (exports) {
 	            // this.assertValidity() is done inside of fromHex
 	            if (len === compressedLen && (head === 0x02 || head === 0x03)) {
 	                const x = bytesToNumberBE(tail);
-	                if (!isValidFieldElement(x))
+	                if (!inRange$1(x, _1n$1, Fp.ORDER))
 	                    throw new Error('Point is not on curve');
 	                const y2 = weierstrassEquation(x); // y² = x³ + ax + b
 	                let y;
@@ -23023,11 +23119,8 @@ var solanaWeb3 = (function (exports) {
 	            return new Signature(r, s);
 	        }
 	        assertValidity() {
-	            // can use assertGE here
-	            if (!isWithinCurveOrder(this.r))
-	                throw new Error('r must be 0 < r < CURVE.n');
-	            if (!isWithinCurveOrder(this.s))
-	                throw new Error('s must be 0 < s < CURVE.n');
+	            aInRange('r', this.r, _1n$1, CURVE_ORDER); // r in [1..N]
+	            aInRange('s', this.s, _1n$1, CURVE_ORDER); // s in [1..N]
 	        }
 	        addRecoveryBit(recovery) {
 	            return new Signature(this.r, this.s, recovery);
@@ -23170,10 +23263,7 @@ var solanaWeb3 = (function (exports) {
 	     * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.
 	     */
 	    function int2octets(num) {
-	        if (typeof num !== 'bigint')
-	            throw new Error('bigint expected');
-	        if (!(_0n <= num && num < ORDER_MASK))
-	            throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
+	        aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);
 	        // works with order, can have different size than numToField!
 	        return numberToBytesBE(num, CURVE.nByteLength);
 	    }
@@ -23190,6 +23280,7 @@ var solanaWeb3 = (function (exports) {
 	        if (lowS == null)
 	            lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash
 	        msgHash = ensureBytes('msgHash', msgHash);
+	        validateSigVerOpts(opts);
 	        if (prehash)
 	            msgHash = ensureBytes('prehashed msgHash', hash(msgHash));
 	        // We can't later call bits2octets, since nested bits2int is broken for curves
@@ -23276,6 +23367,7 @@ var solanaWeb3 = (function (exports) {
 	        publicKey = ensureBytes('publicKey', publicKey);
 	        if ('strict' in opts)
 	            throw new Error('options.strict was renamed to lowS');
+	        validateSigVerOpts(opts);
 	        const { lowS, prehash } = opts;
 	        let _sig = undefined;
 	        let P;
@@ -23382,6 +23474,9 @@ var solanaWeb3 = (function (exports) {
 	    return root;
 	}
 	const Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
+	/**
+	 * secp256k1 short weierstrass curve and ECDSA signatures over it.
+	 */
 	const secp256k1 = createCurve({
 	    a: BigInt(0), // equation params: a, b
 	    b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975