openttt 0.1.0

package/dist/protocol_fee.js

@@ -0,0 +1,176 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProtocolFeeCollector = void 0;
+const ethers_1 = require("ethers");
+const logger_1 = require("./logger");
+/**
+ * ProtocolFeeCollector - Helm 프로토콜 수수료 수취 및 검증 담당
+ * x402 컴플라이언스를 위해 EIP-712 서명 검증을 포함
+ */
+class ProtocolFeeCollector {
+    totalCollected = 0n;
+    chainId;
+    verifyingContract;
+    // P1-2 FIX: Bounded LRU replay cache (max 10K entries, 1h TTL) instead of unbounded Set
+    usedSignatures = new Map();
+    MAX_REPLAY_CACHE = 10000;
+    REPLAY_TTL_MS = 3600000; // 1 hour
+    evmConnector;
+    protocolFeeRecipient;
+    feeContract = null;
+    constructor(chainId, verifyingContract, evmConnector, protocolFeeRecipient) {
+        // R3-P0-2: Validate chainId is a positive integer to prevent cross-chain replay
+        if (!Number.isInteger(chainId) || chainId <= 0) {
+            throw new Error(`[ProtocolFee] Invalid chainId: ${chainId}. Must be a positive integer.`);
+        }
+        this.chainId = chainId;
+        this.verifyingContract = ethers_1.ethers.getAddress(verifyingContract);
+        this.evmConnector = evmConnector;
+        this.protocolFeeRecipient = ethers_1.ethers.getAddress(protocolFeeRecipient);
+    }
+    /**
+     * R3-P0-2: Verify chainId matches the actual connected network.
+     * Must be called after EVMConnector.connect() to prevent cross-chain signature replay.
+     */
+    async validateChainId() {
+        const provider = this.evmConnector.getProvider();
+        const network = await provider.getNetwork();
+        if (Number(network.chainId) !== this.chainId) {
+            throw new Error(`[ProtocolFee] Chain ID mismatch: configured ${this.chainId}, network reports ${network.chainId}. Cross-chain replay risk!`);
+        }
+    }
+    getFeeContract() {
+        if (this.feeContract)
+            return this.feeContract;
+        const abi = [
+            "function collectFee(address token, uint256 amount, bytes calldata signature, uint256 nonce, uint256 deadline) external"
+        ];
+        // ProtocolFeeCollector uses verifyingContract as the ProtocolFee.sol address
+        this.feeContract = new ethers_1.ethers.Contract(this.verifyingContract, abi, this.evmConnector.getSigner());
+        return this.feeContract;
+    }
+    /**
+     * 민팅 수수료 수취 (Stablecoin)
+     * @param feeCalc - DynamicFeeEngine에서 계산된 수수료 정보
+     * @param signature - EIP-712 서명 (필수, x402 검증용)
+     * @param user - 서명자 주소
+     * @param nonce - 중복 방지 nonce
+     * @param deadline - 서명 유효 기한
+     */
+    async collectMintFee(feeCalc, signature, user, nonce, deadline) {
+        try {
+            await this.verifySignature(feeCalc, signature, user, nonce, deadline);
+            // Actual on-chain collection
+            const contract = this.getFeeContract();
+            const tx = await contract.collectFee(ethers_1.ethers.getAddress(feeCalc.feeTokenAddress), feeCalc.protocolFeeUsd, signature, nonce, deadline);
+            await tx.wait();
+            this.totalCollected += feeCalc.protocolFeeUsd;
+            logger_1.logger.info(`[ProtocolFee] Mint fee collected on-chain: ${feeCalc.protocolFeeUsd} ${feeCalc.feeToken}. TX: ${tx.hash}`);
+        }
+        catch (error) {
+            throw new Error(`[ProtocolFee] Mint fee collection failed: ${(error instanceof Error ? error.message : String(error))}`);
+        }
+    }
+    /**
+     * 소각 수수료 수취
+     * @param feeCalc - DynamicFeeEngine에서 계산된 수수료 정보
+     * @param signature - EIP-712 서명 (필수)
+     * @param user - 서명자 주소
+     * @param nonce - 중복 방지 nonce
+     * @param deadline - 서명 유효 기한
+     */
+    async collectBurnFee(feeCalc, signature, user, nonce, deadline) {
+        try {
+            await this.verifySignature(feeCalc, signature, user, nonce, deadline);
+            // Actual on-chain collection
+            const contract = this.getFeeContract();
+            const tx = await contract.collectFee(ethers_1.ethers.getAddress(feeCalc.feeTokenAddress), feeCalc.protocolFeeUsd, signature, nonce, deadline);
+            await tx.wait();
+            this.totalCollected += feeCalc.protocolFeeUsd;
+            logger_1.logger.info(`[ProtocolFee] Burn fee collected on-chain: ${feeCalc.protocolFeeUsd} ${feeCalc.feeToken}. TX: ${tx.hash}`);
+        }
+        catch (error) {
+            throw new Error(`[ProtocolFee] Burn fee collection failed: ${(error instanceof Error ? error.message : String(error))}`);
+        }
+    }
+    /**
+     * 현재까지 수취한 총 수수료 반환
+     */
+    async getCollectedFees() {
+        return this.totalCollected;
+    }
+    /**
+     * P1-2: Prune expired signatures from replay cache
+     */
+    lastPruneTime = 0;
+    static PRUNE_INTERVAL_MS = 60000; // R3-P1-5: Prune at most once per minute
+    pruneExpiredSignatures() {
+        const now = Date.now();
+        // R3-P1-5: Only prune periodically, not on every call — prevents O(n) DoS
+        if (now - this.lastPruneTime < ProtocolFeeCollector.PRUNE_INTERVAL_MS &&
+            this.usedSignatures.size <= this.MAX_REPLAY_CACHE) {
+            return;
+        }
+        this.lastPruneTime = now;
+        for (const [sig, ts] of this.usedSignatures) {
+            if (now - ts > this.REPLAY_TTL_MS) {
+                this.usedSignatures.delete(sig);
+            }
+        }
+        // If still over limit, remove oldest entries
+        if (this.usedSignatures.size > this.MAX_REPLAY_CACHE) {
+            const entries = [...this.usedSignatures.entries()].sort((a, b) => a[1] - b[1]);
+            const toRemove = entries.slice(0, entries.length - this.MAX_REPLAY_CACHE);
+            for (const [sig] of toRemove) {
+                this.usedSignatures.delete(sig);
+            }
+        }
+    }
+    /**
+     * EIP-712 서명 검증 (x402 compliance)
+     */
+    async verifySignature(feeCalc, signature, user, nonce, deadline) {
+        // B1-2 + P1-2: Bounded replay protection with TTL
+        this.pruneExpiredSignatures();
+        if (this.usedSignatures.has(signature)) {
+            throw new Error("Signature already used (replay protection)");
+        }
+        // B1-2: Deadline check
+        const now = Math.floor(Date.now() / 1000);
+        if (deadline < now) {
+            throw new Error("Signature deadline expired");
+        }
+        const normalizedUser = ethers_1.ethers.getAddress(user);
+        const domain = {
+            name: "Helm Protocol",
+            version: "1",
+            chainId: this.chainId,
+            verifyingContract: this.verifyingContract
+        };
+        const types = {
+            CollectFee: [
+                { name: "token", type: "address" },
+                { name: "amount", type: "uint256" },
+                { name: "nonce", type: "uint256" },
+                { name: "deadline", type: "uint256" }
+            ]
+        };
+        const value = {
+            token: ethers_1.ethers.getAddress(feeCalc.feeTokenAddress),
+            amount: feeCalc.protocolFeeUsd,
+            nonce: nonce,
+            deadline: deadline
+        };
+        try {
+            const recoveredAddress = ethers_1.ethers.verifyTypedData(domain, types, value, signature);
+            if (ethers_1.ethers.getAddress(recoveredAddress) !== normalizedUser) {
+                throw new Error("Invalid EIP-712 signature: signer mismatch");
+            }
+            this.usedSignatures.set(signature, Date.now()); // Mark as used with timestamp
+        }
+        catch (error) {
+            throw new Error(`[ProtocolFee] Signature verification failed: ${(error instanceof Error ? error.message : String(error))}`);
+        }
+    }
+}
+exports.ProtocolFeeCollector = ProtocolFeeCollector;

package/dist/reed_solomon.d.ts

@@ -0,0 +1,12 @@
+export declare class ReedSolomon {
+    private static expTable;
+    private static logTable;
+    private static initialized;
+    static init(): void;
+    static mul(a: number, b: number): number;
+    static div(a: number, b: number): number;
+    private static invertMatrix;
+    private static buildVandermonde;
+    static encode(data: Uint8Array, dataShards?: number, parityShards?: number): Uint8Array[];
+    static decode(shards: (Uint8Array | null)[], dataShards?: number, parityShards?: number): Uint8Array;
+}

package/dist/reed_solomon.js

@@ -0,0 +1,179 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReedSolomon = void 0;
+class ReedSolomon {
+    static expTable = new Uint8Array(256);
+    static logTable = new Uint8Array(256);
+    static initialized = false;
+    static init() {
+        if (this.initialized)
+            return;
+        let x = 1;
+        for (let i = 0; i < 255; i++) {
+            this.expTable[i] = x;
+            this.logTable[x] = i;
+            x <<= 1;
+            if (x & 0x100) {
+                x ^= 0x11D; // x^8 + x^4 + x^3 + x^2 + 1
+            }
+        }
+        this.expTable[255] = this.expTable[0];
+        this.logTable[0] = 0;
+        this.initialized = true;
+    }
+    static mul(a, b) {
+        if (a === 0 || b === 0)
+            return 0;
+        return this.expTable[(this.logTable[a] + this.logTable[b]) % 255];
+    }
+    static div(a, b) {
+        if (b === 0)
+            throw new Error("Division by zero");
+        if (a === 0)
+            return 0;
+        return this.expTable[(this.logTable[a] - this.logTable[b] + 255) % 255];
+    }
+    static invertMatrix(matrix) {
+        const n = matrix.length;
+        const aug = [];
+        for (let i = 0; i < n; i++) {
+            aug[i] = [];
+            for (let j = 0; j < n; j++) {
+                aug[i][j] = matrix[i][j];
+            }
+            for (let j = 0; j < n; j++) {
+                aug[i][j + n] = (i === j) ? 1 : 0;
+            }
+        }
+        for (let i = 0; i < n; i++) {
+            let pivot = i;
+            while (pivot < n && aug[pivot][i] === 0) {
+                pivot++;
+            }
+            if (pivot === n)
+                throw new Error("Singular matrix");
+            if (pivot !== i) {
+                const temp = aug[i];
+                aug[i] = aug[pivot];
+                aug[pivot] = temp;
+            }
+            const pivotVal = aug[i][i];
+            if (pivotVal !== 1) {
+                for (let j = i; j < 2 * n; j++) {
+                    aug[i][j] = this.div(aug[i][j], pivotVal);
+                }
+            }
+            for (let j = 0; j < n; j++) {
+                if (i !== j && aug[j][i] !== 0) {
+                    const factor = aug[j][i];
+                    for (let k = i; k < 2 * n; k++) {
+                        aug[j][k] ^= this.mul(factor, aug[i][k]);
+                    }
+                }
+            }
+        }
+        const inv = [];
+        for (let i = 0; i < n; i++) {
+            inv[i] = [];
+            for (let j = 0; j < n; j++) {
+                inv[i][j] = aug[i][j + n];
+            }
+        }
+        return inv;
+    }
+    static buildVandermonde(rows, cols) {
+        const V = [];
+        for (let r = 0; r < rows; r++) {
+            V[r] = [];
+            const x = r + 1;
+            for (let c = 0; c < cols; c++) {
+                if (c === 0) {
+                    V[r][c] = 1;
+                }
+                else {
+                    V[r][c] = this.mul(V[r][c - 1], x);
+                }
+            }
+        }
+        const V_top = [];
+        for (let i = 0; i < cols; i++) {
+            V_top.push([...V[i]]);
+        }
+        const V_top_inv = this.invertMatrix(V_top);
+        const G = [];
+        for (let r = 0; r < rows; r++) {
+            G[r] = [];
+            for (let c = 0; c < cols; c++) {
+                let val = 0;
+                for (let k = 0; k < cols; k++) {
+                    val ^= this.mul(V[r][k], V_top_inv[k][c]);
+                }
+                G[r][c] = val;
+            }
+        }
+        return G;
+    }
+    static encode(data, dataShards = 4, parityShards = 2) {
+        this.init();
+        const totalShards = dataShards + parityShards;
+        const rawShardSize = Math.ceil(data.length / dataShards);
+        const shardSize = Math.ceil(rawShardSize / 3) * 3;
+        const matrix = this.buildVandermonde(totalShards, dataShards);
+        const shards = [];
+        for (let i = 0; i < totalShards; i++) {
+            shards.push(new Uint8Array(shardSize));
+        }
+        for (let i = 0; i < dataShards; i++) {
+            shards[i].set(data.subarray(i * shardSize, Math.min((i + 1) * shardSize, data.length)));
+        }
+        for (let c = 0; c < shardSize; c++) {
+            for (let r = dataShards; r < totalShards; r++) {
+                let val = 0;
+                for (let j = 0; j < dataShards; j++) {
+                    val ^= this.mul(matrix[r][j], shards[j][c]);
+                }
+                shards[r][c] = val;
+            }
+        }
+        return shards;
+    }
+    static decode(shards, dataShards = 4, parityShards = 2) {
+        this.init();
+        const totalShards = dataShards + parityShards;
+        if (shards.length !== totalShards) {
+            throw new Error(`[RS] Expected ${totalShards} shards, got ${shards.length}`);
+        }
+        const presentIndices = [];
+        const presentShards = [];
+        for (let i = 0; i < totalShards; i++) {
+            if (shards[i] !== null && shards[i] !== undefined) {
+                presentIndices.push(i);
+                presentShards.push(shards[i]);
+                if (presentIndices.length === dataShards)
+                    break;
+            }
+        }
+        if (presentIndices.length < dataShards) {
+            throw new Error(`[RS] Not enough shards for recovery: need ${dataShards}, got ${presentIndices.length}`);
+        }
+        const shardSize = presentShards[0].length;
+        const origMatrix = this.buildVandermonde(totalShards, dataShards);
+        const subMatrix = [];
+        for (let i = 0; i < dataShards; i++) {
+            subMatrix.push([...origMatrix[presentIndices[i]]]);
+        }
+        const invMatrix = this.invertMatrix(subMatrix);
+        const result = new Uint8Array(shardSize * dataShards);
+        for (let c = 0; c < shardSize; c++) {
+            for (let r = 0; r < dataShards; r++) {
+                let val = 0;
+                for (let j = 0; j < dataShards; j++) {
+                    val ^= this.mul(invMatrix[r][j], presentShards[j][c]);
+                }
+                result[r * shardSize + c] = val;
+            }
+        }
+        return result;
+    }
+}
+exports.ReedSolomon = ReedSolomon;

package/dist/signer.d.ts

@@ -0,0 +1,76 @@
+import { Signer, Wallet } from "ethers";
+import { TurnkeySigner } from "@turnkey/ethers";
+/**
+ * Supported signer types in TTT SDK
+ */
+export declare enum SignerType {
+    PrivateKey = "privateKey",
+    Turnkey = "turnkey",
+    Privy = "privy",
+    KMS = "kms"
+}
+/**
+ * Discriminated union for signer configuration
+ */
+export type SignerConfig = {
+    type: 'privateKey';
+    key?: string;
+    envVar?: string;
+} | {
+    type: 'turnkey';
+    apiBaseUrl: string;
+    organizationId: string;
+    privateKeyId: string;
+    apiPublicKey: string;
+    apiPrivateKey: string;
+} | {
+    type: 'privy';
+    appId: string;
+    appSecret: string;
+    walletId?: string;
+} | {
+    type: 'kms';
+    provider: 'aws' | 'gcp';
+    keyId: string;
+    region?: string;
+    projectId?: string;
+    locationId?: string;
+    keyRingId?: string;
+    keyVersionId?: string;
+};
+/**
+ * Base wrapper for all signers to ensure unified interface within the SDK
+ */
+export declare abstract class TTTAbstractSigner {
+    readonly inner: Signer;
+    constructor(inner: Signer);
+    getAddress(): Promise<string>;
+}
+/**
+ * Standard Private Key Signer (Institutional/Dev use)
+ */
+export declare class PrivateKeySigner extends TTTAbstractSigner {
+    constructor(signer: Wallet);
+}
+/**
+ * TEE-based institution-grade signer (Turnkey)
+ */
+export declare class TurnkeySignerWrapper extends TTTAbstractSigner {
+    constructor(signer: TurnkeySigner);
+}
+/**
+ * Social/Embedded wallet signer (Privy)
+ */
+export declare class PrivySigner extends TTTAbstractSigner {
+    constructor(signer: Signer);
+}
+/**
+ * Cloud HSM (KMS) based signer
+ */
+export declare class KMSSigner extends TTTAbstractSigner {
+    constructor(signer: Signer);
+}
+/**
+ * Factory function to create appropriate signer based on config
+ */
+export declare function createSigner(config: SignerConfig): Promise<TTTAbstractSigner>;