four-flap-meme-sdk 1.3.94 → 1.3.95

package/dist/flap/portal-bundle-merkle/core.js

@@ -1,7 +1,7 @@
 import { ethers, Wallet, Contract, Interface } from 'ethers';
 import { NonceManager, getOptimizedGasPrice } from '../../utils/bundle-helpers.js';
 import { FLAP_PORTAL_ADDRESSES, FLAP_ORIGINAL_PORTAL_ADDRESSES } from '../constants.js';
-import { CHAIN_ID_MAP, PORTAL_ABI, getErrorMessage, getTxType, getGasPriceConfig, shouldExtractProfit, calculateProfit, getProfitRecipient } from './config.js';
+import { CHAIN_ID_MAP, PORTAL_ABI, getErrorMessage, getTxType, getGasPriceConfig, shouldExtractProfit, calculateProfit, getProfitRecipient, getBribeAmount, BLOCKRAZOR_BUILDER_EOA } from './config.js';
 const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000';
 const MULTICALL3_ADDRESS = '0xcA11bde05977b3631167028862bE2a173976CA11';
 const MULTICALL3_ABI = [
@@ -153,6 +153,25 @@ export async function createTokenWithBundleBuyMerkle(params) {
         populateBuyTransactionsWithQuote(buyers, portalAddr, tokenAddress, adjustedFundsList, inputToken, useNativeToken),
         allocateBuyerNonces(buyers, extractProfit, maxFundsIndex, totalProfit, nonceManager)
     ]);
+    // ✅ 贿赂交易放在首位（提高 BlockRazor 打包优先级）
+    const bribeAmount = getBribeAmount(config);
+    const bribeTxs = [];
+    if (bribeAmount > 0n && maxFundsIndex >= 0 && buyers.length > 0) {
+        // 贿赂交易使用 maxFundsIndex 钱包的第一个 nonce
+        const bribeNonce = buyerNonces[maxFundsIndex];
+        const bribeTx = await buyers[maxFundsIndex].signTransaction({
+            to: BLOCKRAZOR_BUILDER_EOA,
+            value: bribeAmount,
+            nonce: bribeNonce,
+            gasPrice,
+            gasLimit: 21000n,
+            chainId,
+            type: getTxType(config)
+        });
+        bribeTxs.push(bribeTx);
+        // 调整 maxFundsIndex 钱包的 nonce（买入交易 +1）
+        buyerNonces[maxFundsIndex] = bribeNonce + 1;
+    }
     const signedBuys = await signBuyTransactions({
         unsignedBuys,
         buyers,
@@ -164,21 +183,25 @@ export async function createTokenWithBundleBuyMerkle(params) {
         fundsList: adjustedFundsList, // ✅ 使用调整后的金额
         useNativeToken // ✅ 传递是否使用原生代币
     });
-    signedTxs.push(...signedBuys);
-    await appendProfitTransaction({
-        extractProfit,
-        totalProfit,
-        buyers,
-        maxIndex: maxFundsIndex,
-        nonces: buyerNonces,
-        gasPrice,
-        chainId,
-        config,
-        signedTxs
-    });
+    // ✅ 利润交易放在末尾
+    const profitTxs = [];
+    if (extractProfit && totalProfit > 0n && maxFundsIndex >= 0) {
+        const profitNonce = buyerNonces[maxFundsIndex] + 1;
+        const profitTx = await buyers[maxFundsIndex].signTransaction({
+            to: getProfitRecipient(),
+            value: totalProfit,
+            nonce: profitNonce,
+            gasPrice,
+            gasLimit: 23000n,
+            chainId,
+            type: getTxType(config)
+        });
+        profitTxs.push(profitTx);
+    }
     nonceManager.clearTemp();
+    // ✅ 组装顺序：贿赂 → 创建代币 → 买入 → 利润
     return {
-        signedTransactions: signedTxs,
+        signedTransactions: [...bribeTxs, ...signedTxs, ...signedBuys, ...profitTxs],
         tokenAddress,
         metadata: buildProfitMetadata(extractProfit, totalBuyAmount, totalProfit, buyers.length)
     };
@@ -234,6 +257,24 @@ export async function batchBuyWithBundleMerkle(params) {
     ]);
     if (presetNonces) {
     }
+    // ✅ 贿赂交易放在首位（提高 BlockRazor 打包优先级）
+    const bribeAmount = getBribeAmount(config);
+    const bribeTxs = [];
+    if (bribeAmount > 0n && maxFundsIndex >= 0 && buyers.length > 0) {
+        const bribeNonce = buyerNonces[maxFundsIndex];
+        const bribeTx = await buyers[maxFundsIndex].signTransaction({
+            to: BLOCKRAZOR_BUILDER_EOA,
+            value: bribeAmount,
+            nonce: bribeNonce,
+            gasPrice,
+            gasLimit: 21000n,
+            chainId,
+            type: getTxType(config)
+        });
+        bribeTxs.push(bribeTx);
+        // 调整 maxFundsIndex 钱包的 nonce（买入交易 +1）
+        buyerNonces[maxFundsIndex] = bribeNonce + 1;
+    }
     const signedBuys = await signBuyTransactions({
         unsignedBuys,
         buyers,
@@ -245,21 +286,25 @@ export async function batchBuyWithBundleMerkle(params) {
         fundsList: adjustedFundsList, // ✅ 使用调整后的金额
         useNativeToken // ✅ USDT 购买时 value=0，BNB 购买时 value=金额
     });
-    signedTxs.push(...signedBuys);
-    await appendProfitTransaction({
-        extractProfit,
-        totalProfit: nativeProfitAmount, // ✅ 使用转换后的原生代币利润
-        buyers,
-        maxIndex: maxFundsIndex,
-        nonces: buyerNonces,
-        gasPrice,
-        chainId,
-        config,
-        signedTxs
-    });
+    // ✅ 利润交易放在末尾
+    const profitTxs = [];
+    if (extractProfit && nativeProfitAmount > 0n && maxFundsIndex >= 0) {
+        const profitNonce = buyerNonces[maxFundsIndex] + 1;
+        const profitTx = await buyers[maxFundsIndex].signTransaction({
+            to: getProfitRecipient(),
+            value: nativeProfitAmount,
+            nonce: profitNonce,
+            gasPrice,
+            gasLimit: 23000n,
+            chainId,
+            type: getTxType(config)
+        });
+        profitTxs.push(profitTx);
+    }
     nonceManager.clearTemp();
+    // ✅ 组装顺序：贿赂 → 买入 → 利润
     return {
-        signedTransactions: signedTxs,
+        signedTransactions: [...bribeTxs, ...signedBuys, ...profitTxs],
         metadata: buildProfitMetadata(extractProfit, totalBuyAmount, nativeProfitAmount, buyers.length)
     };
 }
@@ -310,18 +355,27 @@ export async function batchSellWithBundleMerkle(params) {
             }
         }
     }
-    // ✅ 修复：根据是否需要利润交易，统一分配 nonces
+    // ✅ 修复：根据是否需要贿赂/利润交易，统一分配 nonces
+    const bribeAmount = getBribeAmount(config);
+    const needBribeTx = bribeAmount > 0n && maxRevenueIndex >= 0;
     const needProfitTx = extractProfit && totalTokenProfit > 0n && maxRevenueIndex >= 0;
+    // 计算 maxRevenueIndex 钱包需要的 nonce 数量：贿赂(可选) + 卖出 + 利润(可选)
+    const maxRevenueNonceCount = 1 + (needBribeTx ? 1 : 0) + (needProfitTx ? 1 : 0);
     let nonces;
+    let bribeNonce;
     let profitNonce;
     if (presetNonces && presetNonces.length === wallets.length) {
-        // ✅ 使用前端传入的 nonces，但需要调整避免利润交易冲突
-        nonces = adjustNoncesForProfit(presetNonces);
-        profitNonce = needProfitTx ? presetNonces[maxRevenueIndex] + 1 : undefined;
+        // ✅ 使用前端传入的 nonces
+        nonces = [...presetNonces];
+        if (needBribeTx) {
+            bribeNonce = nonces[maxRevenueIndex];
+            nonces[maxRevenueIndex] = bribeNonce + 1; // 卖出交易 nonce +1
+        }
+        profitNonce = needProfitTx ? nonces[maxRevenueIndex] + 1 : undefined;
     }
-    else if (needProfitTx) {
-        // maxRevenueIndex 钱包需要 2 个连续 nonce（卖出 + 利润）
-        const maxRevenueNonces = await nonceManager.getNextNonceBatch(wallets[maxRevenueIndex], 2);
+    else if (maxRevenueNonceCount > 1 && maxRevenueIndex >= 0) {
+        // maxRevenueIndex 钱包需要多个连续 nonce
+        const maxRevenueNonces = await nonceManager.getNextNonceBatch(wallets[maxRevenueIndex], maxRevenueNonceCount);
         // 其他钱包各需要 1 个 nonce
         const otherWallets = wallets.filter((_, i) => i !== maxRevenueIndex);
         const otherNonces = otherWallets.length > 0
@@ -330,18 +384,24 @@ export async function batchSellWithBundleMerkle(params) {
         // 组装最终的 nonces 数组（保持原顺序）
         nonces = [];
         let otherIdx = 0;
+        let nonceIdx = 0;
+        if (needBribeTx) {
+            bribeNonce = maxRevenueNonces[nonceIdx++]; // 贿赂交易用第一个 nonce
+        }
         for (let i = 0; i < wallets.length; i++) {
             if (i === maxRevenueIndex) {
-                nonces.push(maxRevenueNonces[0]); // 卖出交易用第一个 nonce
+                nonces.push(maxRevenueNonces[nonceIdx++]); // 卖出交易
             }
             else {
                 nonces.push(otherNonces[otherIdx++]);
             }
         }
-        profitNonce = maxRevenueNonces[1]; // 利润交易用第二个 nonce
+        if (needProfitTx) {
+            profitNonce = maxRevenueNonces[nonceIdx]; // 利润交易用最后一个 nonce
+        }
     }
     else {
-        // 不需要利润交易，所有钱包各 1 个 nonce
+        // 不需要额外交易，所有钱包各 1 个 nonce
         nonces = await nonceManager.getNextNoncesForWallets(wallets);
     }
     const minOuts = resolveMinOutputs(minOutputAmounts, wallets.length, quotedOutputs);
@@ -353,7 +413,21 @@ export async function batchSellWithBundleMerkle(params) {
         minOutputAmount: minOuts[i],
         permitData: '0x'
     })));
-    // ✅ 签名所有交易（并行）
+    // ✅ 贿赂交易放在首位
+    const bribeTxs = [];
+    if (needBribeTx && bribeNonce !== undefined) {
+        const bribeTx = await wallets[maxRevenueIndex].signTransaction({
+            to: BLOCKRAZOR_BUILDER_EOA,
+            value: bribeAmount,
+            nonce: bribeNonce,
+            gasPrice,
+            gasLimit: 21000n,
+            chainId,
+            type: getTxType(config)
+        });
+        bribeTxs.push(bribeTx);
+    }
+    // ✅ 签名所有卖出交易（并行）
     // ✅ 卖出交易 value 必须为 0，不能发送原生代币
     const signedList = await Promise.all(unsignedList.map((unsigned, i) => wallets[i].signTransaction({
         ...unsigned,
@@ -365,16 +439,13 @@ export async function batchSellWithBundleMerkle(params) {
         type: getTxType(config),
         value: 0n // ✅ 卖出交易不发送原生代币
     })));
-    signedTxs.push(...signedList);
-    // ✅ 修复：使用预先分配的 profitNonce 添加利润交易
+    // ✅ 利润交易放在末尾
+    const profitTxs = [];
     if (needProfitTx && profitNonce !== undefined) {
         // ERC20 输出时：获取代币利润等值的原生代币（BNB）报价
         let nativeProfitAmount = totalTokenProfit;
         if (!useNativeOutput && outputToken) {
             nativeProfitAmount = await getTokenToNativeQuote(provider, outputToken, totalTokenProfit, chainId);
-            // 如果报价失败（返回 0），跳过利润提取
-            if (nativeProfitAmount === 0n) {
-            }
         }
         if (nativeProfitAmount > 0n) {
             const profitTx = await wallets[maxRevenueIndex].signTransaction({
@@ -386,12 +457,13 @@ export async function batchSellWithBundleMerkle(params) {
                 chainId,
                 type: getTxType(config)
             });
-            signedTxs.push(profitTx);
+            profitTxs.push(profitTx);
         }
     }
     nonceManager.clearTemp();
+    // ✅ 组装顺序：贿赂 → 卖出 → 利润
     return {
-        signedTransactions: signedTxs
+        signedTransactions: [...bribeTxs, ...signedList, ...profitTxs]
     };
 }
 // ✅ Provider 缓存（复用连接，减少初始化开销）
@@ -535,22 +607,6 @@ async function signBuyTransactions({ unsignedBuys, buyers, nonces, gasLimits, ga
         value: useNativeToken ? fundsList[i] : 0n // ✅ 非原生代币时 value 为 0
     })));
 }
-async function appendProfitTransaction({ extractProfit, totalProfit, buyers, maxIndex, nonces, gasPrice, chainId, config, signedTxs }) {
-    if (!extractProfit || totalProfit === 0n || buyers.length === 0 || maxIndex < 0) {
-        return;
-    }
-    const profitNonce = (nonces[maxIndex] ?? 0) + 1;
-    const profitTx = await buyers[maxIndex].signTransaction({
-        to: getProfitRecipient(),
-        value: totalProfit,
-        nonce: profitNonce,
-        gasPrice,
-        gasLimit: 23000n,
-        chainId,
-        type: getTxType(config)
-    });
-    signedTxs.push(profitTx);
-}
 function buildProfitMetadata(extractProfit, totalBuyAmount, totalProfit, buyerCount) {
     if (!extractProfit) {
         return undefined;
@@ -628,12 +684,8 @@ async function quoteSellOutputsWithQuote(portal, tokenAddress, amountsWei, outpu
         }));
     }
 }
-function resolveMinOutputs(provided, walletCount, _quotedOutputs) {
-    if (provided && provided.length === walletCount) {
-        return provided.map(m => typeof m === 'string' ? ethers.parseEther(m) : BigInt(m));
-    }
-    // ✅ 默认 minOutput = 0，不设置滑点限制
-    // 原因：大额交易时 5% 滑点可能不够，导致交易失败
+function resolveMinOutputs(_provided, walletCount, _quotedOutputs) {
+    // ✅ 已移除滑点保护：minOutput 固定为 0
     return Array(walletCount).fill(0n);
 }
-// ✅ appendSellProfitTransaction 已内联到 batchSellWithBundleMerkle 中，避免 nonce 竞争问题
+// ✅ 贿赂交易和利润交易已内联到各函数中，确保正确的顺序：贿赂 → 主交易 → 利润

package/dist/flap/portal-bundle-merkle/encryption.d.ts

@@ -0,0 +1,16 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export declare function encryptWithPublicKey(signedTransactions: string[], publicKeyBase64: string): Promise<string>;
+/**
+ * 验证公钥格式（Base64）
+ */
+export declare function validatePublicKey(publicKeyBase64: string): boolean;

package/dist/flap/portal-bundle-merkle/encryption.js

@@ -0,0 +1,146 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 获取全局 crypto 对象（最简单直接的方式）
+ */
+function getCryptoAPI() {
+    // 尝试所有可能的全局对象，优先浏览器环境
+    const cryptoObj = (typeof window !== 'undefined' && window.crypto) ||
+        (typeof self !== 'undefined' && self.crypto) ||
+        (typeof global !== 'undefined' && global.crypto) ||
+        (typeof globalThis !== 'undefined' && globalThis.crypto);
+    if (!cryptoObj) {
+        const env = typeof window !== 'undefined' ? 'Browser' : 'Node.js';
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        throw new Error(`❌ Crypto API 不可用。环境: ${env}, 协议: ${protocol}. ` +
+            '请确保在 HTTPS 或 localhost 下运行');
+    }
+    return cryptoObj;
+}
+/**
+ * 获取 SubtleCrypto（用于加密操作）
+ */
+function getSubtleCrypto() {
+    const crypto = getCryptoAPI();
+    if (!crypto.subtle) {
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        const hostname = typeof location !== 'undefined' ? location.hostname : 'unknown';
+        throw new Error(`❌ SubtleCrypto API 不可用。协议: ${protocol}, 主机: ${hostname}. ` +
+            '请确保：1) 使用 HTTPS (或 localhost)；2) 浏览器支持 Web Crypto API；' +
+            '3) 不在无痕/隐私浏览模式下');
+    }
+    return crypto.subtle;
+}
+/**
+ * Base64 转 ArrayBuffer（优先使用浏览器 API）
+ */
+function base64ToArrayBuffer(base64) {
+    // 浏览器环境（优先）
+    if (typeof atob !== 'undefined') {
+        const binaryString = atob(base64);
+        const bytes = new Uint8Array(binaryString.length);
+        for (let i = 0; i < binaryString.length; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+        }
+        return bytes.buffer;
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(base64, 'base64').buffer;
+    }
+    throw new Error('❌ Base64 解码不可用');
+}
+/**
+ * ArrayBuffer 转 Base64（优先使用浏览器 API）
+ */
+function arrayBufferToBase64(buffer) {
+    // 浏览器环境（优先）
+    if (typeof btoa !== 'undefined') {
+        const bytes = new Uint8Array(buffer);
+        let binary = '';
+        for (let i = 0; i < bytes.length; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        return btoa(binary);
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(buffer).toString('base64');
+    }
+    throw new Error('❌ Base64 编码不可用');
+}
+/**
+ * 生成随机 Hex 字符串
+ */
+function randomHex(length) {
+    const crypto = getCryptoAPI();
+    const array = new Uint8Array(length);
+    crypto.getRandomValues(array);
+    return Array.from(array)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export async function encryptWithPublicKey(signedTransactions, publicKeyBase64) {
+    try {
+        // 0. 获取 SubtleCrypto 和 Crypto API
+        const subtle = getSubtleCrypto();
+        const crypto = getCryptoAPI();
+        // 1. 准备数据
+        const payload = {
+            signedTransactions,
+            timestamp: Date.now(),
+            nonce: randomHex(8)
+        };
+        const plaintext = JSON.stringify(payload);
+        // 2. 生成临时 ECDH 密钥对
+        const ephemeralKeyPair = await subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, ['deriveKey']);
+        // 3. 导入服务器公钥
+        const publicKeyBuffer = base64ToArrayBuffer(publicKeyBase64);
+        const publicKey = await subtle.importKey('raw', publicKeyBuffer, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
+        // 4. 派生共享密钥（AES-256）
+        const sharedKey = await subtle.deriveKey({ name: 'ECDH', public: publicKey }, ephemeralKeyPair.privateKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt']);
+        // 5. AES-GCM 加密
+        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const encrypted = await subtle.encrypt({ name: 'AES-GCM', iv }, sharedKey, new TextEncoder().encode(plaintext));
+        // 6. 导出临时公钥
+        const ephemeralPublicKeyRaw = await subtle.exportKey('raw', ephemeralKeyPair.publicKey);
+        // 7. 返回加密包（JSON 格式）
+        return JSON.stringify({
+            e: arrayBufferToBase64(ephemeralPublicKeyRaw), // 临时公钥
+            i: arrayBufferToBase64(iv.buffer), // IV
+            d: arrayBufferToBase64(encrypted) // 密文
+        });
+    }
+    catch (error) {
+        throw new Error(`加密失败: ${error?.message || String(error)}`);
+    }
+}
+/**
+ * 验证公钥格式（Base64）
+ */
+export function validatePublicKey(publicKeyBase64) {
+    try {
+        if (!publicKeyBase64)
+            return false;
+        // Base64 字符集验证
+        if (!/^[A-Za-z0-9+/=]+$/.test(publicKeyBase64))
+            return false;
+        // ECDH P-256 公钥固定长度 65 字节（未压缩）
+        // Base64 编码后约 88 字符
+        if (publicKeyBase64.length < 80 || publicKeyBase64.length > 100)
+            return false;
+        return true;
+    }
+    catch {
+        return false;
+    }
+}