quantumcoin 7.0.10 → 7.0.11

package/examples/package.json

@@ -26,7 +26,7 @@
     "tsx": "^4.19.0"
   },
   "dependencies": {
-    "quantum-coin-js-sdk": "1.0.33",
+    "quantum-coin-js-sdk": "1.0.35",
     "quantumcoin": "file:.."
   }
 }

package/examples/wallet-offline.js

@@ -4,7 +4,7 @@
  */
 
 const { Initialize } = require("../config");
-const { Wallet, verifyMessage } = require("..");
+const { Wallet } = require("..");
 const { logExample, logAddress } = require("../test/verbose-logger");
 
 async function walletOffline() {
@@ -15,14 +15,6 @@ async function walletOffline() {
   console.log("Wallet address:", wallet.address);
   logAddress("wallet", wallet.address);
 
-  const msg = "Hello, QuantumCoin!";
-  const sig = wallet.signMessageSync(msg);
-  console.log("Signature:", sig.slice(0, 18) + "...");
-
-  const recovered = verifyMessage(msg, sig);
-  console.log("Recovered address:", recovered);
-  logAddress("recovered", recovered);
-
   const json = wallet.encryptSync("mySecurePassword123");
   console.log("Encrypted wallet JSON length:", json.length);
   logExample("wallet-offline.js", "encryptSync", { jsonLength: json.length });

package/examples/wallet-offline.ts

@@ -4,7 +4,7 @@
  */
 
 import { Initialize } from "../config";
-import { Wallet, verifyMessage } from "..";
+import { Wallet } from "..";
 import { logExample, logAddress } from "../test/verbose-logger";
 
 async function walletOffline(): Promise<void> {
@@ -15,14 +15,6 @@ async function walletOffline(): Promise<void> {
   console.log("Wallet address:", wallet.address);
   logAddress("wallet", wallet.address);
 
-  const msg = "Hello, QuantumCoin!";
-  const sig = wallet.signMessageSync(msg);
-  console.log("Signature:", sig.slice(0, 18) + "...");
-
-  const recovered = verifyMessage(msg, sig);
-  console.log("Recovered address:", recovered);
-  logAddress("recovered", recovered);
-
   const json = wallet.encryptSync("mySecurePassword123");
   console.log("Encrypted wallet JSON length:", json.length);
   logExample("wallet-offline.ts", "encryptSync", { jsonLength: json.length });

package/generate-sdk.js

@@ -1269,7 +1269,6 @@ async function main() {
     nonce: nonce0,
     chainId,
     gasLimit,
-    gasPrice: 1n,
   });
 
   const sentDeploy = await provider.sendRawTransaction(rawDeploy);
@@ -1283,7 +1282,7 @@ async function main() {
   if (contract.populateTransaction && typeof contract.populateTransaction.approve === "function") {
     const txReq = await contract.populateTransaction.approve(from, 123, { gasLimit: 200000 });
     const nonce1 = await provider.getTransactionCount(from, "pending");
-    const raw = await wallet.signTransaction({ ...txReq, nonce: nonce1, chainId, gasPrice: 1n });
+    const raw = await wallet.signTransaction({ ...txReq, nonce: nonce1, chainId });
     const sent = await provider.sendRawTransaction(raw);
     console.log("approve tx hash:", sent.hash);
     await sent.wait(1, 600_000);
@@ -1358,7 +1357,6 @@ async function main(): Promise<void> {
     nonce: nonce0,
     chainId,
     gasLimit,
-    gasPrice: 1n,
   });
 
   const sentDeploy = await provider.sendRawTransaction(rawDeploy);
@@ -1371,7 +1369,7 @@ async function main(): Promise<void> {
   if (contract.populateTransaction && typeof contract.populateTransaction.approve === "function") {
     const txReq = await contract.populateTransaction.approve(from, 123, { gasLimit: 200000 });
     const nonce1 = await provider.getTransactionCount(from, "pending");
-    const raw = await wallet.signTransaction({ ...txReq, nonce: nonce1, chainId, gasPrice: 1n });
+    const raw = await wallet.signTransaction({ ...txReq, nonce: nonce1, chainId });
     const sent = await provider.sendRawTransaction(raw);
     console.log("approve tx hash:", sent.hash);
     await sent.wait(1, 600_000);
@@ -1492,7 +1490,7 @@ main().catch((e) => {
 
         _writeText(
           path.join(outDir, "examples", `offline-signing-${a.contractName}.js`),
-          `const { Initialize } = require("quantumcoin/config");\nconst { getProvider, Wallet, getCreateAddress } = require("quantumcoin");\nconst { TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE } = require("./_test-wallet");\nconst { ${a.contractName}__factory, ${a.contractName} } = require("..");\n\nasync function main() {\n  const rpcUrl = process.env.QC_RPC_URL;\n  if (!rpcUrl) throw new Error("QC_RPC_URL is required");\n  const chainId = process.env.QC_CHAIN_ID ? Number(process.env.QC_CHAIN_ID) : 123123;\n  await Initialize(null);\n\n  const provider = getProvider(rpcUrl, chainId);\n  const wallet = Wallet.fromEncryptedJsonSync(TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE);\n  const from = wallet.address;\n\n  const factory = new ${a.contractName}__factory(wallet);\n  const deployTxReq = factory.getDeployTransaction();\n  const nonce0 = await provider.getTransactionCount(from, \"pending\");\n  const predicted = getCreateAddress({ from, nonce: nonce0 });\n\n  const rawDeploy = await wallet.signTransaction({ ...deployTxReq, nonce: nonce0, chainId, gasLimit: 6_000_000, gasPrice: 1n });\n  const sentDeploy = await provider.sendRawTransaction(rawDeploy);\n  await sentDeploy.wait(1, 600_000);\n\n  const contract = ${a.contractName}.connect(predicted, provider);\n  console.log(\"deployed at:\", contract.target);\n}\n\nmain().catch((e) => { console.error(e); process.exitCode = 1; });\n`,
+          `const { Initialize } = require("quantumcoin/config");\nconst { getProvider, Wallet, getCreateAddress } = require("quantumcoin");\nconst { TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE } = require("./_test-wallet");\nconst { ${a.contractName}__factory, ${a.contractName} } = require("..");\n\nasync function main() {\n  const rpcUrl = process.env.QC_RPC_URL;\n  if (!rpcUrl) throw new Error("QC_RPC_URL is required");\n  const chainId = process.env.QC_CHAIN_ID ? Number(process.env.QC_CHAIN_ID) : 123123;\n  await Initialize(null);\n\n  const provider = getProvider(rpcUrl, chainId);\n  const wallet = Wallet.fromEncryptedJsonSync(TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE);\n  const from = wallet.address;\n\n  const factory = new ${a.contractName}__factory(wallet);\n  const deployTxReq = factory.getDeployTransaction();\n  const nonce0 = await provider.getTransactionCount(from, \"pending\");\n  const predicted = getCreateAddress({ from, nonce: nonce0 });\n\n  const rawDeploy = await wallet.signTransaction({ ...deployTxReq, nonce: nonce0, chainId, gasLimit: 6_000_000 });\n  const sentDeploy = await provider.sendRawTransaction(rawDeploy);\n  await sentDeploy.wait(1, 600_000);\n\n  const contract = ${a.contractName}.connect(predicted, provider);\n  console.log(\"deployed at:\", contract.target);\n}\n\nmain().catch((e) => { console.error(e); process.exitCode = 1; });\n`,
         );
 
         _writeText(
@@ -1514,7 +1512,7 @@ main().catch((e) => {
         );
         _writeText(
           path.join(outDir, "examples", `offline-signing-${a.contractName}.ts`),
-          `import { Initialize } from "quantumcoin/config";\nimport { getProvider, Wallet, getCreateAddress } from "quantumcoin";\nimport { TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE } from "./_test-wallet";\nimport { ${a.contractName}__factory, ${a.contractName} } from "..";\n\nasync function main(): Promise<void> {\n  const rpcUrl = process.env.QC_RPC_URL;\n  if (!rpcUrl) throw new Error("QC_RPC_URL is required");\n  const chainId = process.env.QC_CHAIN_ID ? Number(process.env.QC_CHAIN_ID) : 123123;\n  await Initialize(null);\n\n  const provider = getProvider(rpcUrl, chainId);\n  const wallet = Wallet.fromEncryptedJsonSync(TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE);\n  const from = wallet.address;\n\n  const factory = new ${a.contractName}__factory(wallet);\n  const deployTxReq = factory.getDeployTransaction();\n  const nonce0 = await provider.getTransactionCount(from, "pending");\n  const predicted = getCreateAddress({ from, nonce: nonce0 });\n\n  const rawDeploy = await wallet.signTransaction({ ...deployTxReq, nonce: nonce0, chainId, gasLimit: 6_000_000, gasPrice: 1n });\n  const sentDeploy = await provider.sendRawTransaction(rawDeploy);\n  await sentDeploy.wait(1, 600_000);\n\n  const contract = ${a.contractName}.connect(predicted, provider);\n  console.log("deployed at:", contract.target);\n}\n\nmain().catch((e) => { console.error(e); process.exitCode = 1; });\n`,
+          `import { Initialize } from "quantumcoin/config";\nimport { getProvider, Wallet, getCreateAddress } from "quantumcoin";\nimport { TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE } from "./_test-wallet";\nimport { ${a.contractName}__factory, ${a.contractName} } from "..";\n\nasync function main(): Promise<void> {\n  const rpcUrl = process.env.QC_RPC_URL;\n  if (!rpcUrl) throw new Error("QC_RPC_URL is required");\n  const chainId = process.env.QC_CHAIN_ID ? Number(process.env.QC_CHAIN_ID) : 123123;\n  await Initialize(null);\n\n  const provider = getProvider(rpcUrl, chainId);\n  const wallet = Wallet.fromEncryptedJsonSync(TEST_WALLET_ENCRYPTED_JSON, TEST_WALLET_PASSPHRASE);\n  const from = wallet.address;\n\n  const factory = new ${a.contractName}__factory(wallet);\n  const deployTxReq = factory.getDeployTransaction();\n  const nonce0 = await provider.getTransactionCount(from, "pending");\n  const predicted = getCreateAddress({ from, nonce: nonce0 });\n\n  const rawDeploy = await wallet.signTransaction({ ...deployTxReq, nonce: nonce0, chainId, gasLimit: 6_000_000 });\n  const sentDeploy = await provider.sendRawTransaction(rawDeploy);\n  await sentDeploy.wait(1, 600_000);\n\n  const contract = ${a.contractName}.connect(predicted, provider);\n  console.log("deployed at:", contract.target);\n}\n\nmain().catch((e) => { console.error(e); process.exitCode = 1; });\n`,
         );
         _writeText(
           path.join(outDir, "examples", `events-${a.contractName}.ts`),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "quantumcoin",
-  "version": "7.0.10",
+  "version": "7.0.11",
   "description": "QuantumCoin.js - a post quantum cryptography SDK for QuantumCoin",
   "main": "index.js",
   "types": "src/index.d.ts",
@@ -90,6 +90,6 @@
   },
   "dependencies": {
     "seed-words": "^1.0.2",
-    "quantum-coin-js-sdk": "1.0.33"
+    "quantum-coin-js-sdk": "1.0.35"
   }
 }

package/src/abi/interface.js

@@ -16,12 +16,18 @@ const jsAbi = require("./js-abi-coder");
 
 function _requireInitialized() {
   // eslint-disable-next-line global-require
-  const { isInitialized } = require("../../config");
-  if (!isInitialized()) {
-    throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", {
-      operation: "abi",
-    });
-  }
+  const { isInitialized, getInitializationPromise } = require("../../config");
+  if (isInitialized()) return;
+  if (getInitializationPromise() != null) {
+    throw makeError(
+      "QuantumCoin SDK is still initializing. Await the Initialize() promise before using SDK methods.",
+      "UNKNOWN_ERROR",
+      { operation: "requireInitialized" },
+    );
+  }
+  throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", {
+    operation: "abi",
+  });
 }
 
 function _sanitizeArg(value) {
@@ -134,8 +140,8 @@ function _uint256ToFixedBytesHex(type, value) {
   if (value == null) return value;
 
   const bi = typeof value === "bigint" ? value : BigInt(value);
+  if (bi >= (1n << 256n)) throw makeError("value exceeds uint256", "INVALID_ARGUMENT", { value: bi.toString() });
   let hex = bi.toString(16);
-  if (hex.length > 64) hex = hex.slice(-64);
   hex = hex.padStart(64, "0");
   // bytesN is the first N bytes (right-padded in the 32-byte word).
   return normalizeHex("0x" + hex.slice(0, n * 2));

package/src/abi/js-abi-coder.js

@@ -13,6 +13,8 @@ const { makeError } = require("../errors");
 const { normalizeHex, strip0x, arrayify, bytesToHex, utf8ToBytes, bytesToUtf8 } = require("../internal/hex");
 const { id } = require("../utils/hashing");
 
+const MAX_ABI_DEPTH = 16;
+
 function _isArrayType(type) {
   return typeof type === "string" && type.endsWith("]");
 }
@@ -115,8 +117,8 @@ function _concat(parts) {
 function _u256ToWord(bi) {
   let x = bi;
   if (x < 0n) throw new Error("uint must be non-negative");
+  if (x >= (1n << 256n)) throw makeError("value exceeds uint256", "INVALID_ARGUMENT", { value: x.toString() });
   let hex = x.toString(16);
-  if (hex.length > 64) hex = hex.slice(-64);
   hex = hex.padStart(64, "0");
   return arrayify("0x" + hex);
 }
@@ -204,7 +206,8 @@ function _tupleValues(components, value) {
   return [];
 }
 
-function encodeTupleLike(params, values) {
+function encodeTupleLike(params, values, depth) {
+  if (depth == null) depth = 0;
   const ps = Array.isArray(params) ? params : [];
   const vs = Array.isArray(values) ? values : [];
 
@@ -221,19 +224,21 @@ function encodeTupleLike(params, values) {
     const p = ps[i];
     const v = vs[i];
     if (_isDynamicType(p)) {
-      const encTail = encodeParam(p, v);
+      const encTail = encodeParam(p, v, depth);
       headParts.push(_u256ToWord(BigInt(headSize + tailOffset)));
       tailParts.push(encTail);
       tailOffset += encTail.length;
     } else {
-      headParts.push(encodeParam(p, v));
+      headParts.push(encodeParam(p, v, depth));
     }
   }
 
   return _concat([...headParts, ...tailParts]);
 }
 
-function encodeParam(param, value) {
+function encodeParam(param, value, depth) {
+  if (depth == null) depth = 0;
+  if (depth > MAX_ABI_DEPTH) throw makeError("ABI encoding: maximum nesting depth exceeded", "INVALID_ARGUMENT", {});
   const type = String(param && param.type ? param.type : "");
 
   if (_isArrayType(type)) {
@@ -243,20 +248,19 @@ function encodeParam(param, value) {
 
     if (_isDynamicArray(type)) {
       const lenWord = _u256ToWord(BigInt(arr.length));
-      const elems = encodeTupleLike(Array.from({ length: arr.length }).map(() => innerParam), arr);
+      const elems = encodeTupleLike(Array.from({ length: arr.length }).map(() => innerParam), arr, depth + 1);
       return _concat([lenWord, elems]);
     }
 
-    // fixed array
     const n = _fixedArrayLength(type);
-    const elems = encodeTupleLike(Array.from({ length: n }).map(() => innerParam), arr.slice(0, n));
+    const elems = encodeTupleLike(Array.from({ length: n }).map(() => innerParam), arr.slice(0, n), depth + 1);
     return elems;
   }
 
   if (type === "tuple") {
     const comps = Array.isArray(param.components) ? param.components : [];
     const vals = _tupleValues(comps, value);
-    return encodeTupleLike(comps, vals);
+    return encodeTupleLike(comps, vals, depth + 1);
   }
 
   if (_isUint(type)) {
@@ -358,10 +362,10 @@ function _decodeString(data, baseOffset) {
   return bytesToUtf8(out);
 }
 
-function decodeTupleLike(params, data, baseOffset) {
+function decodeTupleLike(params, data, baseOffset, depth) {
+  if (depth == null) depth = 0;
   const ps = Array.isArray(params) ? params : [];
 
-  // Compute head size for this tuple-like block.
   const headWords = ps.reduce((a, p) => a + (_isDynamicType(p) ? 1 : _staticWords(p)), 0);
   const headSize = headWords * 32;
 
@@ -373,20 +377,21 @@ function decodeTupleLike(params, data, baseOffset) {
     const p = ps[i];
     if (_isDynamicType(p)) {
       const rel = _readWordAsNumber(data, baseOffset + headOff);
-      values.push(decodeParam(p, data, baseOffset + rel));
+      values.push(decodeParam(p, data, baseOffset + rel, depth));
       headOff += 32;
     } else {
-      values.push(decodeParam(p, data, baseOffset + headOff));
+      values.push(decodeParam(p, data, baseOffset + headOff, depth));
       headOff += _staticWords(p) * 32;
     }
   }
 
-  // Ignore headSize; decodeParam consumes offsets itself.
   void headSize;
   return values;
 }
 
-function decodeParam(param, data, offset) {
+function decodeParam(param, data, offset, depth) {
+  if (depth == null) depth = 0;
+  if (depth > MAX_ABI_DEPTH) throw makeError("ABI decoding: maximum nesting depth exceeded", "INVALID_ARGUMENT", {});
   const type = String(param && param.type ? param.type : "");
 
   if (_isArrayType(type)) {
@@ -395,17 +400,17 @@ function decodeParam(param, data, offset) {
 
     if (_isDynamicArray(type)) {
       const len = _readWordAsNumber(data, offset);
-      const elems = decodeTupleLike(Array.from({ length: len }).map(() => innerParam), data, offset + 32);
+      const elems = decodeTupleLike(Array.from({ length: len }).map(() => innerParam), data, offset + 32, depth + 1);
       return elems;
     }
 
     const n = _fixedArrayLength(type);
-    return decodeTupleLike(Array.from({ length: n }).map(() => innerParam), data, offset);
+    return decodeTupleLike(Array.from({ length: n }).map(() => innerParam), data, offset, depth + 1);
   }
 
   if (type === "tuple") {
     const comps = Array.isArray(param.components) ? param.components : [];
-    const vals = decodeTupleLike(comps, data, offset);
+    const vals = decodeTupleLike(comps, data, offset, depth + 1);
     const out = {};
     for (let i = 0; i < comps.length; i++) {
       const c = comps[i];

package/src/constants.d.ts

@@ -59,8 +59,3 @@ export const EtherSymbol: string;
  * @type {bigint}
  */
 export const N: bigint;
-/**
- * EIP-191 personal sign message prefix (ethers.js compatible).
- * @type {string}
- */
-export const MessagePrefix: string;

package/src/constants.js

@@ -77,12 +77,6 @@ const EtherSymbol = "Ξ";
  */
 const N = 0n;
 
-/**
- * EIP-191 personal sign message prefix (ethers.js compatible).
- * @type {string}
- */
-const MessagePrefix = "\x19Ethereum Signed Message:\n";
-
 module.exports = {
   version,
   ZeroAddress,
@@ -96,6 +90,5 @@ module.exports = {
   WeiPerEther,
   EtherSymbol,
   N,
-  MessagePrefix,
 };
 

package/src/contract/contract-factory.js

@@ -12,10 +12,16 @@ const { getCreateAddress } = require("../utils/address");
 
 function _requireInitialized() {
   // eslint-disable-next-line global-require
-  const { isInitialized } = require("../../config");
-  if (!isInitialized()) {
-    throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", { operation: "contract-factory" });
+  const { isInitialized, getInitializationPromise } = require("../../config");
+  if (isInitialized()) return;
+  if (getInitializationPromise() != null) {
+    throw makeError(
+      "QuantumCoin SDK is still initializing. Await the Initialize() promise before using SDK methods.",
+      "UNKNOWN_ERROR",
+      { operation: "requireInitialized" },
+    );
   }
+  throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", { operation: "contract-factory" });
 }
 
 class ContractFactory {

package/src/contract/contract.js

@@ -10,10 +10,16 @@ const { normalizeHex } = require("../internal/hex");
 
 function _requireInitialized() {
   // eslint-disable-next-line global-require
-  const { isInitialized } = require("../../config");
-  if (!isInitialized()) {
-    throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", { operation: "contract" });
+  const { isInitialized, getInitializationPromise } = require("../../config");
+  if (isInitialized()) return;
+  if (getInitializationPromise() != null) {
+    throw makeError(
+      "QuantumCoin SDK is still initializing. Await the Initialize() promise before using SDK methods.",
+      "UNKNOWN_ERROR",
+      { operation: "requireInitialized" },
+    );
   }
+  throw makeError("QuantumCoin SDK not initialized. Call Initialize() first.", "UNKNOWN_ERROR", { operation: "contract" });
 }
 
 function _isProvider(obj) {

package/src/errors/index.js

@@ -124,6 +124,17 @@ function assertArgument(check, message, name, value) {
   assert(check, message, "INVALID_ARGUMENT", { argument: name, value });
 }
 
+/**
+ * Assert an argument constraint for sensitive material (keys, seeds, passwords).
+ * Uses "[REDACTED]" instead of the actual value to prevent leaking secrets in logs.
+ * @param {any} check
+ * @param {string} message
+ * @param {string} name
+ */
+function assertSecretArgument(check, message, name) {
+  assert(check, message, "INVALID_ARGUMENT", { argument: name, value: "[REDACTED]" });
+}
+
 /**
  * Provider error.
  */
@@ -181,6 +192,7 @@ module.exports = {
   makeError,
   assert,
   assertArgument,
+  assertSecretArgument,
   ProviderError,
   TransactionError,
   ContractError,

package/src/index.d.ts

@@ -23,7 +23,6 @@ declare const _exports: {
     encodeRlp(value: any): string;
     decodeRlp(data: string): any;
     keccak256(data: string | Uint8Array): string;
-    hashMessage(message: string | Uint8Array): string;
     sha256(data: string | Uint8Array): string;
     sha512(data: string | Uint8Array): string;
     ripemd160(data: string | Uint8Array): string;
@@ -70,8 +69,6 @@ declare const _exports: {
     }): string;
     getCreate2Address(from: string, salt: string, initCodeHash: string): string;
     computeAddress(key: string | Uint8Array): string;
-    verifyMessage(message: string | Uint8Array, signature: string): string;
-    recoverAddress(message: string | Uint8Array, signature: string): string;
     Interface: typeof import("./abi/interface").Interface;
     AbiCoder: typeof import("./abi/interface").AbiCoder;
     Fragment: typeof import("./abi/fragments").Fragment;

package/src/providers/extra-providers.js

@@ -12,8 +12,12 @@ const net = require("node:net");
 const { JsonRpcSigner } = require("../wallet/wallet");
 const { normalizeHex, isHexString } = require("../internal/hex");
 
-let _wsRpcId = 1;
-let _ipcRpcId = 1;
+const MAX_RESPONSE_SIZE = 16 * 1024 * 1024;
+const MAX_IPC_BUFFER = 16 * 1024 * 1024;
+
+function _bigIntReplacer(_key, value) {
+  return typeof value === "bigint" ? "0x" + value.toString(16) : value;
+}
 
 /**
  * Extract the first complete JSON object from a stream buffer.
@@ -85,6 +89,7 @@ class WebSocketProvider extends AbstractProvider {
     }
     this.url = url.trim();
     this.chainId = chainId == null ? 123123 : chainId;
+    this._wsRpcId = 1;
 
     /** @type {any|null} */
     this._ws = null;
@@ -168,6 +173,7 @@ class WebSocketProvider extends AbstractProvider {
       const onMessage = (event) => {
         const data = event && event.data != null ? event.data : "";
         const text = typeof data === "string" ? data : data.toString();
+        if (text.length > MAX_RESPONSE_SIZE) return;
         let msg;
         try {
           msg = JSON.parse(text);
@@ -224,8 +230,8 @@ class WebSocketProvider extends AbstractProvider {
       throw makeError("WebSocket not connected", "UNKNOWN_ERROR", { url: this.url, method });
     }
 
-    const id = _wsRpcId++;
-    const body = JSON.stringify({ jsonrpc: "2.0", id, method, params: params || [] });
+    const id = this._wsRpcId++;
+    const body = JSON.stringify({ jsonrpc: "2.0", id, method, params: params || [] }, _bigIntReplacer);
 
     return new Promise((resolve, reject) => {
       const timer = setTimeout(() => {
@@ -267,6 +273,7 @@ class IpcSocketProvider extends AbstractProvider {
       throw makeError("missing IPC path", "INVALID_ARGUMENT", { path });
     }
     this.path = path;
+    this._ipcRpcId = 1;
   }
 
   /**
@@ -275,14 +282,14 @@ class IpcSocketProvider extends AbstractProvider {
    * @returns {Promise<any>}
    */
   async _perform(method, params) {
-    const id = _ipcRpcId++;
+    const id = this._ipcRpcId++;
     const body =
       JSON.stringify({
         jsonrpc: "2.0",
         id,
         method,
         params: params || [],
-      }) + "\n";
+      }, _bigIntReplacer) + "\n";
 
     return new Promise((resolve, reject) => {
       /** @type {boolean} */
@@ -337,6 +344,13 @@ class IpcSocketProvider extends AbstractProvider {
       socket.on("data", (chunk) => {
         buffer += String(chunk);
 
+        if (buffer.length > MAX_IPC_BUFFER) {
+          finish(makeError("IPC response too large", "UNKNOWN_ERROR", {
+            method, path: this.path, size: buffer.length, limit: MAX_IPC_BUFFER,
+          }));
+          return;
+        }
+
         // Fast path: newline-delimited JSON responses.
         while (buffer.includes("\n")) {
           const idx = buffer.indexOf("\n");

package/src/providers/json-rpc-provider.js

@@ -6,7 +6,11 @@ const { AbstractProvider } = require("./provider");
 const { makeError } = require("../errors");
 const { Config, getConfig, isInitialized } = require("../../config");
 
-let _rpcId = 1;
+const MAX_RESPONSE_SIZE = 16 * 1024 * 1024;
+
+function _bigIntReplacer(_key, value) {
+  return typeof value === "bigint" ? "0x" + value.toString(16) : value;
+}
 
 class JsonRpcProvider extends AbstractProvider {
   /**
@@ -15,11 +19,11 @@ class JsonRpcProvider extends AbstractProvider {
    */
   constructor(url, chainId) {
     super();
-    // If not provided, attempt to use initialized config.js defaults.
     const active = isInitialized() ? getConfig() : null;
     const cfg = active || new Config();
     this.url = url || cfg.rpcEndpoint;
     this.chainId = chainId == null ? cfg.chainId : chainId;
+    this._rpcId = 1;
   }
 
   /**
@@ -29,13 +33,13 @@ class JsonRpcProvider extends AbstractProvider {
    * @returns {Promise<any>}
    */
   async _perform(method, params) {
-    const id = _rpcId++;
+    const id = this._rpcId++;
     const body = JSON.stringify({
       jsonrpc: "2.0",
       id,
       method,
       params: params || [],
-    });
+    }, _bigIntReplacer);
 
     const controller = new AbortController();
     const timeout = setTimeout(() => controller.abort(), 30_000);
@@ -46,7 +50,13 @@ class JsonRpcProvider extends AbstractProvider {
         body,
         signal: controller.signal,
       });
-      const json = await resp.json().catch(() => null);
+      const text = await resp.text().catch(() => null);
+      if (text && text.length > MAX_RESPONSE_SIZE) {
+        throw makeError("JSON-RPC response too large", "UNKNOWN_ERROR", {
+          method, url: this.url, size: text.length, limit: MAX_RESPONSE_SIZE,
+        });
+      }
+      const json = text ? (() => { try { return JSON.parse(text); } catch { return null; } })() : null;
       if (!resp.ok) {
         throw makeError("JSON-RPC HTTP error", "UNKNOWN_ERROR", {
           status: resp.status,

package/src/providers/provider.d.ts

@@ -5,7 +5,6 @@ export type TransactionRequest = {
     value?: (bigint | string | number) | undefined;
     data?: string | undefined;
     gasLimit?: (bigint | string | number) | undefined;
-    gasPrice?: (bigint | string | number) | undefined;
     nonce?: number | undefined;
     chainId?: number | undefined;
     /**
@@ -149,7 +148,6 @@ export class TransactionResponse {
     data: any;
     value: any;
     gasLimit: any;
-    gasPrice: any;
     chainId: number;
     blockNumber: number;
     txType: number | null;

package/src/providers/provider.js

@@ -20,7 +20,6 @@ const { normalizeHex, isHexString } = require("../internal/hex");
  * @property {bigint|string|number=} value
  * @property {string=} data
  * @property {bigint|string|number=} gasLimit
- * @property {bigint|string|number=} gasPrice
  * @property {number=} nonce
  * @property {number=} chainId
  * @property {string=} remarks Optional remark field (hex, max 32 bytes)
@@ -39,7 +38,7 @@ const { normalizeHex, isHexString } = require("../internal/hex");
 function _hexToBigInt(hex) {
   if (typeof hex === "bigint") return hex;
   if (typeof hex === "number") return BigInt(hex);
-  // JSON-RPC "quantity" values may be odd-length (e.g. "0x0", "0x1").
+  if (hex === "0x" || hex === "0X") return 0n;
   assertArgument(typeof hex === "string" && /^0x[0-9a-fA-F]+$/.test(hex), "invalid hex quantity", "hex", hex);
   return BigInt(hex);
 }
@@ -139,7 +138,6 @@ class TransactionResponse {
     this.data = tx.input || tx.data || "0x";
     this.value = tx.value != null ? _hexToBigInt(tx.value) : 0n;
     this.gasLimit = tx.gas != null ? _hexToBigInt(tx.gas) : null;
-    this.gasPrice = tx.gasPrice != null ? _hexToBigInt(tx.gasPrice) : null;
     this.chainId = tx.chainId != null ? _hexToNumber(tx.chainId) : null;
     this.blockNumber = tx.blockNumber != null ? _hexToNumber(tx.blockNumber) : null;
     this.txType = tx.type != null ? _hexToNumber(tx.type) : null;

package/src/utils/address.d.ts

@@ -56,17 +56,3 @@ export function getCreate2Address(from: string, salt: string, initCodeHash: stri
  * @returns {string}
  */
 export function computeAddress(key: string | Uint8Array): string;
-/**
- * Verifies a message signature and recovers the address.
- * @param {string|Uint8Array} message
- * @param {string} signature Hex string signature
- * @returns {string}
- */
-export function verifyMessage(message: string | Uint8Array, signature: string): string;
-/**
- * Recovers the address from a message signature.
- * @param {string|Uint8Array} message
- * @param {string} signature Hex string signature
- * @returns {string}
- */
-export function recoverAddress(message: string | Uint8Array, signature: string): string;