four-flap-meme-sdk 1.6.25 → 1.6.28

package/dist/flap/portal-bundle-merkle/encryption.d.ts

@@ -0,0 +1,16 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export declare function encryptWithPublicKey(signedTransactions: string[], publicKeyBase64: string): Promise<string>;
+/**
+ * 验证公钥格式（Base64）
+ */
+export declare function validatePublicKey(publicKeyBase64: string): boolean;

package/dist/flap/portal-bundle-merkle/encryption.js

@@ -0,0 +1,146 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 获取全局 crypto 对象（最简单直接的方式）
+ */
+function getCryptoAPI() {
+    // 尝试所有可能的全局对象，优先浏览器环境
+    const cryptoObj = (typeof window !== 'undefined' && window.crypto) ||
+        (typeof self !== 'undefined' && self.crypto) ||
+        (typeof global !== 'undefined' && global.crypto) ||
+        (typeof globalThis !== 'undefined' && globalThis.crypto);
+    if (!cryptoObj) {
+        const env = typeof window !== 'undefined' ? 'Browser' : 'Node.js';
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        throw new Error(`❌ Crypto API 不可用。环境: ${env}, 协议: ${protocol}. ` +
+            '请确保在 HTTPS 或 localhost 下运行');
+    }
+    return cryptoObj;
+}
+/**
+ * 获取 SubtleCrypto（用于加密操作）
+ */
+function getSubtleCrypto() {
+    const crypto = getCryptoAPI();
+    if (!crypto.subtle) {
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        const hostname = typeof location !== 'undefined' ? location.hostname : 'unknown';
+        throw new Error(`❌ SubtleCrypto API 不可用。协议: ${protocol}, 主机: ${hostname}. ` +
+            '请确保：1) 使用 HTTPS (或 localhost)；2) 浏览器支持 Web Crypto API；' +
+            '3) 不在无痕/隐私浏览模式下');
+    }
+    return crypto.subtle;
+}
+/**
+ * Base64 转 ArrayBuffer（优先使用浏览器 API）
+ */
+function base64ToArrayBuffer(base64) {
+    // 浏览器环境（优先）
+    if (typeof atob !== 'undefined') {
+        const binaryString = atob(base64);
+        const bytes = new Uint8Array(binaryString.length);
+        for (let i = 0; i < binaryString.length; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+        }
+        return bytes.buffer;
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(base64, 'base64').buffer;
+    }
+    throw new Error('❌ Base64 解码不可用');
+}
+/**
+ * ArrayBuffer 转 Base64（优先使用浏览器 API）
+ */
+function arrayBufferToBase64(buffer) {
+    // 浏览器环境（优先）
+    if (typeof btoa !== 'undefined') {
+        const bytes = new Uint8Array(buffer);
+        let binary = '';
+        for (let i = 0; i < bytes.length; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        return btoa(binary);
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(buffer).toString('base64');
+    }
+    throw new Error('❌ Base64 编码不可用');
+}
+/**
+ * 生成随机 Hex 字符串
+ */
+function randomHex(length) {
+    const crypto = getCryptoAPI();
+    const array = new Uint8Array(length);
+    crypto.getRandomValues(array);
+    return Array.from(array)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export async function encryptWithPublicKey(signedTransactions, publicKeyBase64) {
+    try {
+        // 0. 获取 SubtleCrypto 和 Crypto API
+        const subtle = getSubtleCrypto();
+        const crypto = getCryptoAPI();
+        // 1. 准备数据
+        const payload = {
+            signedTransactions,
+            timestamp: Date.now(),
+            nonce: randomHex(8)
+        };
+        const plaintext = JSON.stringify(payload);
+        // 2. 生成临时 ECDH 密钥对
+        const ephemeralKeyPair = await subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, ['deriveKey']);
+        // 3. 导入服务器公钥
+        const publicKeyBuffer = base64ToArrayBuffer(publicKeyBase64);
+        const publicKey = await subtle.importKey('raw', publicKeyBuffer, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
+        // 4. 派生共享密钥（AES-256）
+        const sharedKey = await subtle.deriveKey({ name: 'ECDH', public: publicKey }, ephemeralKeyPair.privateKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt']);
+        // 5. AES-GCM 加密
+        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const encrypted = await subtle.encrypt({ name: 'AES-GCM', iv }, sharedKey, new TextEncoder().encode(plaintext));
+        // 6. 导出临时公钥
+        const ephemeralPublicKeyRaw = await subtle.exportKey('raw', ephemeralKeyPair.publicKey);
+        // 7. 返回加密包（JSON 格式）
+        return JSON.stringify({
+            e: arrayBufferToBase64(ephemeralPublicKeyRaw), // 临时公钥
+            i: arrayBufferToBase64(iv.buffer), // IV
+            d: arrayBufferToBase64(encrypted) // 密文
+        });
+    }
+    catch (error) {
+        throw new Error(`加密失败: ${error?.message || String(error)}`);
+    }
+}
+/**
+ * 验证公钥格式（Base64）
+ */
+export function validatePublicKey(publicKeyBase64) {
+    try {
+        if (!publicKeyBase64)
+            return false;
+        // Base64 字符集验证
+        if (!/^[A-Za-z0-9+/=]+$/.test(publicKeyBase64))
+            return false;
+        // ECDH P-256 公钥固定长度 65 字节（未压缩）
+        // Base64 编码后约 88 字符
+        if (publicKeyBase64.length < 80 || publicKeyBase64.length > 100)
+            return false;
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/xlayer/aa-transfer-profit.js

@@ -147,6 +147,26 @@ export async function buildDisperseFromSingleOwnerOpsWithProfit(params) {
     const fnFixed = aaManager.buildUserOpWithFixedGas;
     if (typeof fnFixed !== 'function')
         throw new Error('AA disperse：SDK 不支持 buildUserOpWithFixedGas');
+    // ✅ 关键修复：如果有多个 UserOps，需要确保 sender 有足够余额支付所有 prefund
+    // 多个 UserOps 在同一个 handleOps 中提交时，prefund 在 validation 阶段同时扣除
+    if (chunks.length > 1 && params.kind === 'native') {
+        const feeData = await provider.getFeeData();
+        const gasPrice = feeData.gasPrice ?? 5000000000n;
+        const estimatePrefundPerOp = (listLength, deployed) => {
+            const base = 180000n;
+            const per = 45000n;
+            const callGas = base + per * BigInt(listLength);
+            const verifyGas = deployed ? 250000n : 800000n;
+            const preVerifyGas = 60000n;
+            return (callGas + verifyGas + preVerifyGas) * gasPrice * 120n / 100n;
+        };
+        let totalPrefundNeeded = 0n;
+        for (let i = 0; i < chunks.length; i++) {
+            const deployed = i === 0 ? deployed0 : true;
+            totalPrefundNeeded += estimatePrefundPerOp(chunks[i].length, deployed);
+        }
+        console.log(`[AA 分发] 多批次分发：${chunks.length} 批，总 prefund 预估: ${ethers.formatEther(totalPrefundNeeded)} OKB`);
+    }
     const ops = [];
     for (let i = 0; i < chunks.length; i++) {
         const list = chunks[i];
@@ -268,6 +288,19 @@ export async function buildTransfersWithProfit(params) {
         initCodeUsed.add(k);
         return aaManager.generateInitCode(ownerAddress);
     };
+    // ✅ 关键修复：计算每个 sender 执行 UserOp 需要的 prefund（gas 费用）
+    // 在 Native 模式下，需要确保留足够的金额支付 prefund
+    const feeData = await provider.getFeeData();
+    const gasPrice = feeData.gasPrice ?? feeData.maxFeePerGas ?? 5000000000n;
+    const estimateTransferPrefund = (deployed) => {
+        // 归集操作的 gas：callGasLimit + verificationGasLimit + preVerificationGas
+        const callGas = 120000n; // Native 转账
+        const verifyGas = deployed ? 250000n : 800000n;
+        const preVerifyGas = 60000n;
+        const totalGas = callGas + verifyGas + preVerifyGas;
+        // 加 30% buffer 以确保足够（归集操作需要更保守）
+        return (totalGas * gasPrice * 130n) / 100n;
+    };
     // ✅ 第一步：计算每个钱包的归集金额和总利润
     // 利润从每个钱包的归集金额中扣除，但只由第一个有效钱包统一转账给利润地址
     const transferInfos = [];
@@ -292,10 +325,18 @@ export async function buildTransfersWithProfit(params) {
         if (amountWei <= 0n)
             continue;
         const profitWei = calcProfitWei(amountWei, PROFIT_CONFIG.RATE_BPS);
-        const toWei = amountWei - profitWei;
+        const deployed = accountInfos[i]?.deployed ?? false;
+        const prefundWei = params.kind === 'native' ? estimateTransferPrefund(deployed) : 0n;
+        // ✅ 关键修复：toWei 需要扣除 max(profitWei, prefundWei)，确保留足够的 gas
+        // 在 Native 模式下，如果 profitWei < prefundWei，需要留更多余额
+        const reserveWei = params.kind === 'native'
+            ? (profitWei > prefundWei ? profitWei : prefundWei)
+            : profitWei;
+        const toWei = amountWei > reserveWei ? (amountWei - reserveWei) : 0n;
         totalProfitWei += profitWei;
-        transferInfos.push({ walletIndex: i, sender, to, amountWei, profitWei, toWei });
+        transferInfos.push({ walletIndex: i, sender, to, amountWei, profitWei, toWei, prefundWei });
     }
+    console.log(`[AA 归集] 钱包数量: ${transferInfos.length}, 总利润: ${ethers.formatEther(totalProfitWei)} OKB`);
     const unsigned = [];
     const opOwnerIndex = [];
     // ✅ 第二步：构建 UserOps

package/dist/xlayer/bundle.js

@@ -1555,7 +1555,7 @@ export class BundleExecutor {
             nonce: nonceMap.next(payerAccount.sender),
             initCode: payerAccount.deployed ? '0x' : (await aaManager.generateInitCode(payerWallet.address)),
             deployed: payerAccount.deployed,
-            fixedGas: { callGasLimit: 800000n } // 发币较重，给 80W
+            fixedGas: { callGasLimit: 960000n } // 发币较重，给 80W
         });
         const signedCreateOp = await aaManager.signUserOp(createOpRes.userOp, payerWallet);
         ops1.push(signedCreateOp.userOp);
@@ -1575,7 +1575,9 @@ export class BundleExecutor {
         // ✅ 并行构建和签名所有内盘买入 UserOps（降低并发数避免 RPC 限制）
         // ✅ 使用 encodeBuyCallV3（支持 extensionData），与 V4 代币创建保持一致
         const extensionData = params.extensionData ?? '0x';
-        const signedCurveBuyOps = await mapWithConcurrency(curveBuyData, 2, async (data) => {
+        // ✅ 预分配 nonce（并发前同步分配，避免 race condition）
+        const curveBuyNonces = curveBuyData.map((data) => nonceMap.next(data.info.sender));
+        const signedCurveBuyOps = await mapWithConcurrency(curveBuyData, 2, async (data, i) => {
             const { wallet, info, buyWei, gasLimit } = data;
             const buyData = encodeBuyCallV3(tokenAddress, buyWei, 0n, extensionData);
             const buyCallData = encodeExecute(FLAP_PORTAL, buyWei, buyData);
@@ -1583,7 +1585,7 @@ export class BundleExecutor {
                 ownerWallet: wallet,
                 sender: info.sender,
                 callData: buyCallData,
-                nonce: nonceMap.next(info.sender),
+                nonce: curveBuyNonces[i], // ✅ 使用预分配的 nonce
                 initCode: info.deployed ? '0x' : (await aaManager.generateInitCode(wallet.address)),
                 deployed: info.deployed,
                 fixedGas: { callGasLimit: gasLimit }
@@ -1610,8 +1612,10 @@ export class BundleExecutor {
                 return { wallet, info: dexBuyerInfos[i], buyWei };
             });
             totalDexBuyWei = dexBuyData.reduce((sum, d) => sum + d.buyWei, 0n);
+            // ✅ 预分配 nonce（并发前同步分配，避免 race condition）
+            const dexBuyNonces = dexBuyData.map((data) => nonceMap.next(data.info.sender));
             // ✅ 并行构建和签名所有外盘买入 UserOps（降低并发数避免 RPC 限制）
-            const signedDexBuyOps = await mapWithConcurrency(dexBuyData, 2, async (data) => {
+            const signedDexBuyOps = await mapWithConcurrency(dexBuyData, 2, async (data, i) => {
                 const { wallet, info, buyWei } = data;
                 // ✅ 外盘买入：使用 DEX Router 进行交换
                 let swapData;
@@ -1638,7 +1642,7 @@ export class BundleExecutor {
                     ownerWallet: wallet,
                     sender: info.sender,
                     callData: dexBuyCallData,
-                    nonce: nonceMap.next(info.sender),
+                    nonce: dexBuyNonces[i], // ✅ 使用预分配的 nonce
                     initCode: info.deployed ? '0x' : (await aaManager.generateInitCode(wallet.address)),
                     deployed: info.deployed,
                     fixedGas: { callGasLimit: 500000n } // 外盘买入：50W

package/dist/xlayer/dex-bundle-swap.js

@@ -581,8 +581,29 @@ export class AADexSwapExecutor {
         if (capitalMode && buyerSenders.length > 0 && totalBuyWei > 0n) {
             if (hopCount <= 0) {
                 console.log('[AA DEX 批量换手] 进入直接分发模式 (hopCount <= 0)');
-                // ✅ 直接分发模式：将利润接收者加入分发列表（AA 内部刮取）
-                const items = buyerSenders.map((to, i) => ({ to, value: buyAmountsWei[i] ?? 0n })).filter(x => x.value > 0n);
+                // ✅ 关键修复：计算每个买方执行买入 UserOp 需要的 prefund（gas 费用）
+                // EntryPoint 在 validation 阶段会扣除 prefund，此时分发还没执行
+                // 因此需要为每个买方额外预留 prefund
+                const feeData = await this.aaManager.getFeeData();
+                const gasPrice = feeData.gasPrice ?? feeData.maxFeePerGas ?? 5000000000n; // 5 gwei fallback
+                const estimateBuyerPrefund = (deployed) => {
+                    // 买入操作的 gas：V3 swap 约 650,000，部署需要额外 verificationGas
+                    const callGas = 650000n;
+                    const verifyGas = deployed ? 250000n : 800000n;
+                    const preVerifyGas = 60000n;
+                    const totalGas = callGas + verifyGas + preVerifyGas;
+                    // 加 20% buffer 以确保足够
+                    return (totalGas * gasPrice * 120n) / 100n;
+                };
+                // 计算每个买方需要的 prefund
+                const buyerPrefunds = buyerAis.map(ai => estimateBuyerPrefund(ai.deployed));
+                const totalBuyerPrefund = buyerPrefunds.reduce((a, b) => a + b, 0n);
+                console.log(`[AA DEX 直接分发] 买方数量: ${buyerSenders.length}, 总 prefund 预估: ${ethers.formatEther(totalBuyerPrefund)} OKB`);
+                // ✅ 直接分发模式：分发金额 = 买入金额 + 买方 prefund
+                const items = buyerSenders.map((to, i) => ({
+                    to,
+                    value: (buyAmountsWei[i] ?? 0n) + (buyerPrefunds[i] ?? 0n) // ✅ 包含 prefund
+                })).filter(x => x.value > 0n);
                 // 添加利润接收者到分发列表
                 if (extractProfit && profitWei > 0n) {
                     items.push({ to: profitRecipient, value: profitWei });

package/dist/xlayer/portal-bundle-swap.js

@@ -390,8 +390,29 @@ export class AAPortalSwapExecutor {
         if (capitalMode && buyerSenders.length > 0 && totalBuyWei > 0n) {
             if (hopCount <= 0) {
                 console.log('[AA Portal 批量换手] 进入直接分发模式 (hopCount <= 0)');
-                // ✅ 直接分发模式：将利润接收者加入分发列表（AA 内部刮取）
-                const items = buyerSenders.map((to, i) => ({ to, value: buyAmountsWei[i] ?? 0n })).filter(x => x.value > 0n);
+                // ✅ 关键修复：计算每个买方执行买入 UserOp 需要的 prefund（gas 费用）
+                // EntryPoint 在 validation 阶段会扣除 prefund，此时分发还没执行
+                // 因此需要为每个买方额外预留 prefund
+                const feeData = await this.aaManager.getFeeData();
+                const gasPrice = feeData.gasPrice ?? feeData.maxFeePerGas ?? 5000000000n; // 5 gwei fallback
+                const estimateBuyerPrefund = (deployed) => {
+                    // 买入操作的 gas：Portal 买入约 450,000，部署需要额外 verificationGas
+                    const callGas = 450000n;
+                    const verifyGas = deployed ? 250000n : 800000n;
+                    const preVerifyGas = 60000n;
+                    const totalGas = callGas + verifyGas + preVerifyGas;
+                    // 加 20% buffer 以确保足够
+                    return (totalGas * gasPrice * 120n) / 100n;
+                };
+                // 计算每个买方需要的 prefund
+                const buyerPrefunds = buyerAis.map(ai => estimateBuyerPrefund(ai.deployed));
+                const totalBuyerPrefund = buyerPrefunds.reduce((a, b) => a + b, 0n);
+                console.log(`[AA Portal 直接分发] 买方数量: ${buyerSenders.length}, 总 prefund 预估: ${ethers.formatEther(totalBuyerPrefund)} OKB`);
+                // ✅ 直接分发模式：分发金额 = 买入金额 + 买方 prefund
+                const items = buyerSenders.map((to, i) => ({
+                    to,
+                    value: (buyAmountsWei[i] ?? 0n) + (buyerPrefunds[i] ?? 0n) // ✅ 包含 prefund
+                })).filter(x => x.value > 0n);
                 if (extractProfit && profitWei > 0n) {
                     items.push({ to: profitRecipient, value: profitWei });
                 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "four-flap-meme-sdk",
-  "version": "1.6.25",
+  "version": "1.6.28",
   "description": "SDK for Flap bonding curve and four.meme TokenManager",
   "type": "module",
   "main": "dist/index.js",