@veil-cash/sdk 0.5.0 → 0.6.1

package/dist/index.js

@@ -1,7 +1,7 @@
 import { ethers } from 'ethers';
-import { privateKeyToAccount } from 'viem/accounts';
+import { privateKeyToAccount, privateKeyToAddress } from 'viem/accounts';
 import * as crypto from 'crypto';
-import { encodeFunctionData, parseEther, parseUnits, createPublicClient, http, formatUnits } from 'viem';
+import { encodeFunctionData, parseEther, parseUnits, createPublicClient, http, formatUnits, keccak256, encodePacked, isAddress, formatEther } from 'viem';
 import { base } from 'viem/chains';
 import MerkleTree from 'fixed-merkle-tree-legacy';
 import { groth16 } from 'snarkjs';
@@ -347,9 +347,11 @@ var ADDRESSES = {
   usdcPool: "0x5c50d58E49C59d112680c187De2Bf989d2a91242",
   usdcQueue: "0x5530241b24504bF05C9a22e95A1F5458888e6a9B",
   usdcToken: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+  forwarderFactory: "0x2848Fd62293A1ff3b4a897E9FcD0e5962dcc8101",
   chainId: 8453,
   relayUrl: "https://veil-relay.up.railway.app"
 };
+var FORWARDER_CONTRACT_VERSION = "1";
 var POOL_CONFIG = {
   eth: {
     decimals: 18,
@@ -389,6 +391,9 @@ function getQueueAddress(pool) {
       throw new Error(`Unknown pool: ${pool}`);
   }
 }
+function getForwarderFactoryAddress() {
+  return getAddresses().forwarderFactory;
+}
 function getRelayUrl() {
   return ADDRESSES.relayUrl;
 }
@@ -1009,6 +1014,170 @@ var ERC20_ABI = [
     type: "function"
   }
 ];
+var FORWARDER_FACTORY_ABI = [
+  {
+    inputs: [],
+    name: "CONTRACT_VERSION",
+    outputs: [{ internalType: "string", name: "", type: "string" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { internalType: "bytes32", name: "_salt", type: "bytes32" },
+      { internalType: "bytes", name: "_childDepositKey", type: "bytes" },
+      { internalType: "address", name: "_owner", type: "address" }
+    ],
+    name: "computeAddress",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { internalType: "bytes32", name: "_salt", type: "bytes32" },
+      { internalType: "bytes", name: "_childDepositKey", type: "bytes" },
+      { internalType: "address", name: "_owner", type: "address" }
+    ],
+    name: "deploy",
+    outputs: [{ internalType: "address", name: "forwarder", type: "address" }],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "relayer",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "veilEntry",
+    outputs: [{ internalType: "address payable", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "usdc",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "owner",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  }
+];
+var FORWARDER_ABI = [
+  {
+    inputs: [],
+    name: "CONTRACT_VERSION",
+    outputs: [{ internalType: "string", name: "", type: "string" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { internalType: "address", name: "_token", type: "address" },
+      { internalType: "address", name: "_to", type: "address" },
+      { internalType: "uint256", name: "_amount", type: "uint256" },
+      { internalType: "uint256", name: "_nonce", type: "uint256" },
+      { internalType: "uint256", name: "_deadline", type: "uint256" },
+      { internalType: "bytes", name: "_signature", type: "bytes" }
+    ],
+    name: "withdraw",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [{ internalType: "uint256", name: "", type: "uint256" }],
+    name: "usedNonces",
+    outputs: [{ internalType: "bool", name: "", type: "bool" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "owner",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "factory",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "childDepositKey",
+    outputs: [{ internalType: "bytes", name: "", type: "bytes" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "entry",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "usdc",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "sweepETH",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "sweepUSDC",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "eip712Domain",
+    outputs: [
+      { internalType: "bytes1", name: "fields", type: "bytes1" },
+      { internalType: "string", name: "name", type: "string" },
+      { internalType: "string", name: "version", type: "string" },
+      { internalType: "uint256", name: "chainId", type: "uint256" },
+      { internalType: "address", name: "verifyingContract", type: "address" },
+      { internalType: "bytes32", name: "salt", type: "bytes32" },
+      { internalType: "uint256[]", name: "extensions", type: "uint256[]" }
+    ],
+    stateMutability: "view",
+    type: "function"
+  },
+  { type: "error", name: "ZeroAddress", inputs: [] },
+  { type: "error", name: "ZeroAmount", inputs: [] },
+  { type: "error", name: "InvalidDepositKey", inputs: [] },
+  { type: "error", name: "NotRelayer", inputs: [] },
+  { type: "error", name: "NoETHBalance", inputs: [] },
+  { type: "error", name: "NoTokenBalance", inputs: [] },
+  { type: "error", name: "TokenApproveFailed", inputs: [] },
+  { type: "error", name: "ETHTransferFailed", inputs: [] },
+  { type: "error", name: "NonceUsed", inputs: [] },
+  { type: "error", name: "Unauthorized", inputs: [] },
+  { type: "error", name: "DeadlineExpired", inputs: [] }
+];
 
 // src/deposit.ts
 function buildRegisterTx(depositKey, ownerAddress) {
@@ -1463,6 +1632,27 @@ var RelayError = class extends Error {
     this.network = network;
   }
 };
+async function postRelayJson(endpoint, body, relayUrl) {
+  const url = relayUrl || getRelayUrl();
+  const response = await fetch(`${url}${endpoint}`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(body)
+  });
+  const data = await response.json();
+  if (!response.ok) {
+    const errorData = data;
+    throw new RelayError(
+      errorData.error || errorData.message || "Relay request failed",
+      response.status,
+      errorData.retryAfter,
+      errorData.network
+    );
+  }
+  return data;
+}
 async function submitRelay(options) {
   const {
     type,
@@ -1482,30 +1672,17 @@ async function submitRelay(options) {
     throw new RelayError("Missing proofArgs or extData", 400);
   }
   const relayUrl = customRelayUrl || getRelayUrl();
-  const endpoint = `${relayUrl}/relay/${pool}`;
-  const response = await fetch(endpoint, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify({
+  const endpoint = `/relay/${pool}`;
+  return postRelayJson(
+    endpoint,
+    {
       type,
       proofArgs,
       extData,
       metadata
-    })
-  });
-  const data = await response.json();
-  if (!response.ok) {
-    const errorData = data;
-    throw new RelayError(
-      errorData.error || errorData.message || "Relay request failed",
-      response.status,
-      errorData.retryAfter,
-      errorData.network
-    );
-  }
-  return data;
+    },
+    relayUrl
+  );
 }
 async function checkRelayHealth(relayUrl) {
   const url = relayUrl || getRelayUrl();
@@ -1960,7 +2137,344 @@ async function mergeUtxos(options) {
     recipient: "self"
   };
 }
+var SUBACCOUNT_CHILD_DOMAIN = "veil-sua-child";
+var SUBACCOUNT_SALT_DOMAIN = "veil-sua-salt";
+var ETH_ADDRESS = "0x0000000000000000000000000000000000000000";
+var DEFAULT_WITHDRAW_DEADLINE_SECONDS = 3600n;
+var DEFAULT_MAX_NONCE_SCAN = 100n;
+var MAX_SUBACCOUNT_SLOTS = 3;
+function createBaseClient(rpcUrl) {
+  return createPublicClient({
+    chain: base,
+    transport: http(rpcUrl)
+  });
+}
+function assertPrivateKey(value, label) {
+  if (!/^0x[a-fA-F0-9]{64}$/.test(value)) {
+    throw new Error(`${label} must be a 0x-prefixed 32-byte hex string`);
+  }
+}
+function normalizeSlot(slot) {
+  if (!Number.isInteger(slot) || slot < 0) {
+    throw new Error("slot must be a non-negative integer");
+  }
+  if (slot >= MAX_SUBACCOUNT_SLOTS) {
+    throw new Error(`slot must be less than ${MAX_SUBACCOUNT_SLOTS} (supported slots: 0-${MAX_SUBACCOUNT_SLOTS - 1})`);
+  }
+  return slot;
+}
+function normalizeAsset(asset) {
+  if (asset !== "eth" && asset !== "usdc") {
+    throw new Error('asset must be "eth" or "usdc"');
+  }
+  return asset;
+}
+function normalizeNonce(value) {
+  const nonce = typeof value === "bigint" ? value : BigInt(value);
+  if (nonce < 0n) {
+    throw new Error("nonce must be non-negative");
+  }
+  return nonce;
+}
+function normalizeDeadline(deadline) {
+  const nextDeadline = deadline === void 0 ? BigInt(Math.floor(Date.now() / 1e3)) + DEFAULT_WITHDRAW_DEADLINE_SECONDS : typeof deadline === "bigint" ? deadline : BigInt(deadline);
+  if (nextDeadline <= 0n) {
+    throw new Error("deadline must be greater than 0");
+  }
+  return nextDeadline;
+}
+function deriveSubaccountChildPrivateKey(rootPrivateKey, slot) {
+  assertPrivateKey(rootPrivateKey, "rootPrivateKey");
+  const normalizedSlot = normalizeSlot(slot);
+  return keccak256(
+    encodePacked(
+      ["bytes32", "string", "uint256"],
+      [rootPrivateKey, SUBACCOUNT_CHILD_DOMAIN, BigInt(normalizedSlot)]
+    )
+  );
+}
+function deriveSubaccountSalt(rootPrivateKey, slot) {
+  assertPrivateKey(rootPrivateKey, "rootPrivateKey");
+  const normalizedSlot = normalizeSlot(slot);
+  return keccak256(
+    encodePacked(
+      ["bytes32", "string", "uint256"],
+      [rootPrivateKey, SUBACCOUNT_SALT_DOMAIN, BigInt(normalizedSlot)]
+    )
+  );
+}
+function deriveSubaccountChildOwner(childPrivateKey) {
+  assertPrivateKey(childPrivateKey, "childPrivateKey");
+  return privateKeyToAddress(childPrivateKey);
+}
+function deriveSubaccountChildDepositKey(childPrivateKey) {
+  assertPrivateKey(childPrivateKey, "childPrivateKey");
+  return new Keypair(childPrivateKey).depositKey();
+}
+async function predictSubaccountForwarder(options) {
+  const publicClient = createBaseClient(options.rpcUrl);
+  return publicClient.readContract({
+    abi: FORWARDER_FACTORY_ABI,
+    address: getForwarderFactoryAddress(),
+    functionName: "computeAddress",
+    args: [options.salt, options.childDepositKey, options.childOwner]
+  });
+}
+async function deriveSubaccountSlot(options) {
+  const normalizedSlot = normalizeSlot(options.slot);
+  const childPrivateKey = deriveSubaccountChildPrivateKey(options.rootPrivateKey, normalizedSlot);
+  const salt = deriveSubaccountSalt(options.rootPrivateKey, normalizedSlot);
+  const childOwner = deriveSubaccountChildOwner(childPrivateKey);
+  const childDepositKey = deriveSubaccountChildDepositKey(childPrivateKey);
+  const forwarderAddress = await predictSubaccountForwarder({
+    salt,
+    childDepositKey,
+    childOwner,
+    rpcUrl: options.rpcUrl
+  });
+  return {
+    slot: normalizedSlot,
+    childOwner,
+    childDepositKey,
+    salt,
+    forwarderAddress
+  };
+}
+async function isSubaccountForwarderDeployed(options) {
+  if (!isAddress(options.forwarderAddress)) {
+    throw new Error("forwarderAddress must be a valid Ethereum address");
+  }
+  const publicClient = createBaseClient(options.rpcUrl);
+  const code = await publicClient.getCode({ address: options.forwarderAddress });
+  return !!code && code !== "0x";
+}
+async function deploySubaccountForwarder(options) {
+  const slot = await deriveSubaccountSlot({
+    rootPrivateKey: options.rootPrivateKey,
+    slot: options.slot,
+    rpcUrl: options.rpcUrl
+  });
+  return postRelayJson(
+    "/stealth/deploy",
+    {
+      salt: slot.salt,
+      childDepositKey: slot.childDepositKey,
+      childOwner: slot.childOwner,
+      expectedForwarder: slot.forwarderAddress
+    },
+    options.relayUrl
+  );
+}
+async function sweepSubaccountForwarder(options) {
+  const asset = normalizeAsset(options.asset);
+  if (!isAddress(options.forwarderAddress)) {
+    throw new Error("forwarderAddress must be a valid Ethereum address");
+  }
+  return postRelayJson(
+    "/stealth/sweep",
+    {
+      forwarder: options.forwarderAddress,
+      asset
+    },
+    options.relayUrl
+  );
+}
+function toQueueStatus(asset, result) {
+  return {
+    asset,
+    queueBalance: result.queueBalance,
+    queueBalanceWei: result.queueBalanceWei,
+    pendingCount: result.pendingCount,
+    pendingDeposits: result.pendingDeposits
+  };
+}
+async function getSubaccountStatus(options) {
+  const slot = await deriveSubaccountSlot(options);
+  const publicClient = createBaseClient(options.rpcUrl);
+  const addresses = getAddresses();
+  const [deployed, ethWei, usdcWei, ethQueue, usdcQueue] = await Promise.all([
+    isSubaccountForwarderDeployed({
+      forwarderAddress: slot.forwarderAddress,
+      rpcUrl: options.rpcUrl
+    }),
+    publicClient.getBalance({ address: slot.forwarderAddress }),
+    publicClient.readContract({
+      address: addresses.usdcToken,
+      abi: ERC20_ABI,
+      functionName: "balanceOf",
+      args: [slot.forwarderAddress]
+    }),
+    getQueueBalance({
+      address: slot.forwarderAddress,
+      pool: "eth",
+      rpcUrl: options.rpcUrl
+    }),
+    getQueueBalance({
+      address: slot.forwarderAddress,
+      pool: "usdc",
+      rpcUrl: options.rpcUrl
+    })
+  ]);
+  return {
+    slot,
+    deployed,
+    balances: {
+      eth: {
+        balance: formatEther(ethWei),
+        balanceWei: ethWei.toString()
+      },
+      usdc: {
+        balance: formatUnits(usdcWei, 6),
+        balanceWei: usdcWei.toString()
+      }
+    },
+    queues: {
+      eth: toQueueStatus("eth", ethQueue),
+      usdc: toQueueStatus("usdc", usdcQueue)
+    }
+  };
+}
+var WITHDRAW_TYPES = {
+  Withdraw: [
+    { name: "token", type: "address" },
+    { name: "to", type: "address" },
+    { name: "amount", type: "uint256" },
+    { name: "nonce", type: "uint256" },
+    { name: "deadline", type: "uint256" }
+  ]
+};
+function buildSubaccountWithdrawTypedData(options) {
+  if (!isAddress(options.forwarderAddress)) {
+    throw new Error("forwarderAddress must be a valid Ethereum address");
+  }
+  if (!isAddress(options.token)) {
+    throw new Error("token must be a valid Ethereum address");
+  }
+  if (!isAddress(options.to)) {
+    throw new Error("to must be a valid Ethereum address");
+  }
+  return {
+    domain: {
+      name: "VeilForwarder",
+      version: FORWARDER_CONTRACT_VERSION,
+      chainId: getAddresses().chainId,
+      verifyingContract: options.forwarderAddress
+    },
+    types: WITHDRAW_TYPES,
+    primaryType: "Withdraw",
+    message: {
+      token: options.token,
+      to: options.to,
+      amount: options.amount,
+      nonce: options.nonce,
+      deadline: options.deadline
+    }
+  };
+}
+async function signSubaccountWithdraw(options) {
+  assertPrivateKey(options.childPrivateKey, "childPrivateKey");
+  const account = privateKeyToAccount(options.childPrivateKey);
+  return account.signTypedData({
+    domain: options.typedData.domain,
+    types: options.typedData.types,
+    primaryType: options.typedData.primaryType,
+    message: options.typedData.message
+  });
+}
+async function isSubaccountWithdrawNonceUsed(options) {
+  if (!isAddress(options.forwarderAddress)) {
+    throw new Error("forwarderAddress must be a valid Ethereum address");
+  }
+  const publicClient = createBaseClient(options.rpcUrl);
+  try {
+    return await publicClient.readContract({
+      abi: FORWARDER_ABI,
+      address: options.forwarderAddress,
+      functionName: "usedNonces",
+      args: [normalizeNonce(options.nonce)]
+    });
+  } catch (error) {
+    if (String(error).includes("returned no data")) {
+      throw new Error("Subaccount forwarder is not deployed");
+    }
+    throw error;
+  }
+}
+async function findNextSubaccountWithdrawNonce(options) {
+  const startNonce = normalizeNonce(options.startNonce ?? 0n);
+  const maxScan = normalizeNonce(options.maxScan ?? DEFAULT_MAX_NONCE_SCAN);
+  const limit = startNonce + maxScan;
+  let nonce = startNonce;
+  while (await isSubaccountWithdrawNonceUsed({
+    forwarderAddress: options.forwarderAddress,
+    nonce,
+    rpcUrl: options.rpcUrl
+  })) {
+    nonce += 1n;
+    if (nonce > limit) {
+      throw new Error("Unable to find an unused withdraw nonce within the scan limit");
+    }
+  }
+  return nonce;
+}
+async function buildSubaccountRecoveryTx(options) {
+  if (!isAddress(options.to)) {
+    throw new Error("to must be a valid Ethereum address");
+  }
+  const asset = normalizeAsset(options.asset);
+  const slot = await deriveSubaccountSlot({
+    rootPrivateKey: options.rootPrivateKey,
+    slot: options.slot,
+    rpcUrl: options.rpcUrl
+  });
+  const deployed = await isSubaccountForwarderDeployed({
+    forwarderAddress: slot.forwarderAddress,
+    rpcUrl: options.rpcUrl
+  });
+  if (!deployed) {
+    throw new Error("Subaccount forwarder is not deployed");
+  }
+  const childPrivateKey = deriveSubaccountChildPrivateKey(options.rootPrivateKey, options.slot);
+  const tokenAddress = asset === "eth" ? ETH_ADDRESS : getAddresses().usdcToken;
+  const amountWei = asset === "eth" ? parseEther(options.amount) : parseUnits(options.amount, 6);
+  const nonce = options.nonce === void 0 ? await findNextSubaccountWithdrawNonce({
+    forwarderAddress: slot.forwarderAddress,
+    rpcUrl: options.rpcUrl
+  }) : normalizeNonce(options.nonce);
+  const deadline = normalizeDeadline(options.deadline);
+  const typedData = buildSubaccountWithdrawTypedData({
+    forwarderAddress: slot.forwarderAddress,
+    token: tokenAddress,
+    to: options.to,
+    amount: amountWei,
+    nonce,
+    deadline
+  });
+  const signature = await signSubaccountWithdraw({
+    childPrivateKey,
+    typedData
+  });
+  return {
+    transaction: {
+      to: slot.forwarderAddress,
+      data: encodeFunctionData({
+        abi: FORWARDER_ABI,
+        functionName: "withdraw",
+        args: [tokenAddress, options.to, amountWei, nonce, deadline, signature]
+      })
+    },
+    forwarderAddress: slot.forwarderAddress,
+    asset,
+    amount: options.amount,
+    amountWei: amountWei.toString(),
+    nonce: nonce.toString(),
+    deadline: deadline.toString(),
+    recipient: options.to,
+    tokenAddress,
+    signature
+  };
+}
 
-export { ADDRESSES, CIRCUIT_CONFIG, ENTRY_ABI, ERC20_ABI, FIELD_SIZE, Keypair, MERKLE_TREE_HEIGHT, POOL_ABI, POOL_CONFIG, QUEUE_ABI, RelayError, Utxo, VEIL_SIGNED_MESSAGE, buildApproveUSDCTx, buildChangeDepositKeyTx, buildDepositETHTx, buildDepositTx, buildDepositUSDCTx, buildMerkleTree, buildRegisterTx, buildTransferProof, buildWithdrawProof, checkRecipientRegistration, checkRelayHealth, getAddresses, getExtDataHash, getMerklePath, getPoolAddress, getPrivateBalance, getQueueAddress, getQueueBalance, getRelayInfo, getRelayUrl, mergeUtxos, packEncryptedMessage, poseidonHash, poseidonHash2, prepareTransaction, prove, randomBN, selectCircuit, selectUtxosForWithdraw, shuffle, submitRelay, toBuffer, toFixedHex, transfer, unpackEncryptedMessage, withdraw };
+export { ADDRESSES, CIRCUIT_CONFIG, ENTRY_ABI, ERC20_ABI, FIELD_SIZE, FORWARDER_ABI, FORWARDER_CONTRACT_VERSION, FORWARDER_FACTORY_ABI, Keypair, MAX_SUBACCOUNT_SLOTS, MERKLE_TREE_HEIGHT, POOL_ABI, POOL_CONFIG, QUEUE_ABI, RelayError, Utxo, VEIL_SIGNED_MESSAGE, buildApproveUSDCTx, buildChangeDepositKeyTx, buildDepositETHTx, buildDepositTx, buildDepositUSDCTx, buildMerkleTree, buildRegisterTx, buildSubaccountRecoveryTx, buildSubaccountWithdrawTypedData, buildTransferProof, buildWithdrawProof, checkRecipientRegistration, checkRelayHealth, deploySubaccountForwarder, deriveSubaccountChildDepositKey, deriveSubaccountChildOwner, deriveSubaccountChildPrivateKey, deriveSubaccountSalt, deriveSubaccountSlot, findNextSubaccountWithdrawNonce, getAddresses, getExtDataHash, getForwarderFactoryAddress, getMerklePath, getPoolAddress, getPrivateBalance, getQueueAddress, getQueueBalance, getRelayInfo, getRelayUrl, getSubaccountStatus, isSubaccountForwarderDeployed, isSubaccountWithdrawNonceUsed, mergeUtxos, packEncryptedMessage, poseidonHash, poseidonHash2, predictSubaccountForwarder, prepareTransaction, prove, randomBN, selectCircuit, selectUtxosForWithdraw, shuffle, signSubaccountWithdraw, submitRelay, sweepSubaccountForwarder, toBuffer, toFixedHex, transfer, unpackEncryptedMessage, withdraw };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map