iwa 0.0.1a2__py3-none-any.whl → 0.0.1a3__py3-none-any.whl

iwa/core/keys.py

@@ -4,55 +4,113 @@ import base64
 import json
 import os
 import shutil
+import sys
 from datetime import datetime
 from pathlib import Path
-from typing import Dict, Optional, Union
-
+from typing import Any, Dict, Optional, Tuple, Union
+
+from bip_utils import (
+    Bip39MnemonicGenerator,
+    Bip39SeedGenerator,
+    Bip39WordsNum,
+    Bip44,
+    Bip44Changes,
+    Bip44Coins,
+)
 from cryptography.hazmat.primitives.ciphers.aead import AESGCM
 from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
 from eth_account import Account
 from eth_account.signers.local import LocalAccount
-from pydantic import BaseModel, PrivateAttr
+from pydantic import BaseModel, PrivateAttr, model_validator
 
 from iwa.core.constants import WALLET_PATH
-from iwa.core.models import EthereumAddress, StoredAccount, StoredSafeAccount
-from iwa.core.settings import settings
+from iwa.core.models import EncryptedData, EthereumAddress, StoredAccount, StoredSafeAccount
+from iwa.core.secrets import secrets
 from iwa.core.utils import (
     configure_logger,
 )
 
 logger = configure_logger()
 
+# Mnemonic constants
+MNEMONIC_WORD_NUMBER = Bip39WordsNum.WORDS_NUM_24
+SCRYPT_N = 2**14
+SCRYPT_R = 8
+SCRYPT_P = 1
+SCRYPT_LEN = 32
+AES_NONCE_LEN = 12
+SALT_LEN = 16
+
 
-class EncryptedAccount(StoredAccount):
+class EncryptedAccount(StoredAccount, EncryptedData):
     """EncryptedAccount"""
 
-    salt: str
-    nonce: str
-    ciphertext: str
+    # We do NOT define 'salt' here to avoid serialization duplication.
+    # Legacy 'salt' is handled in the validator.
+
+    @model_validator(mode="before")
+    @classmethod
+    def upgrade_legacy_format(cls, data: Dict[str, Any]) -> Dict[str, Any]:
+        """Upgrade legacy account format to new EncryptedData structure."""
+        if isinstance(data, dict):
+            # Check if this is a legacy format (has 'salt')
+            if "salt" in data:
+                # Map to kdf_salt if missing
+                if "kdf_salt" not in data:
+                    data["kdf_salt"] = data["salt"]
+
+                # Remove 'salt' to avoid "extra fields" error and duplication
+                data.pop("salt")
+
+                # Default KDF params for legacy accounts were:
+                # n=2**14 (16384), r=8, p=1, len=32
+                data.setdefault("kdf_n", SCRYPT_N)
+                data.setdefault("kdf_r", SCRYPT_R)
+                data.setdefault("kdf_p", SCRYPT_P)
+                data.setdefault("kdf_len", SCRYPT_LEN)
+                data.setdefault("kdf", "scrypt")
+                data.setdefault("cipher", "aesgcm")
+        return data
 
     @staticmethod
-    def derive_key(password: str, salt: bytes) -> bytes:
+    def derive_key(
+        password: str,
+        salt: bytes,
+        n: int = SCRYPT_N,
+        r: int = SCRYPT_R,
+        p: int = SCRYPT_P,
+        length: int = SCRYPT_LEN,
+    ) -> bytes:
         """Derive key"""
         kdf = Scrypt(
             salt=salt,
-            length=32,
-            n=2**14,
-            r=8,
-            p=1,
+            length=length,
+            n=n,
+            r=r,
+            p=p,
         )
         return kdf.derive(password.encode())
 
     def decrypt_private_key(self, password: Optional[str] = None) -> str:
         """decrypt_private_key"""
-        if not password and not settings.wallet_password:
+        if not password and not secrets.wallet_password:
             raise ValueError("Password must be provided or set in secrets.env (WALLET_PASSWORD)")
         if not password:
-            password = settings.wallet_password.get_secret_value()
-        salt_bytes = base64.b64decode(self.salt)
+            password = secrets.wallet_password.get_secret_value()
+
+        # Use kdf_salt (populated by upgrade_legacy_format if needed)
+        salt_bytes = base64.b64decode(self.kdf_salt)
         nonce_bytes = base64.b64decode(self.nonce)
         ciphertext_bytes = base64.b64decode(self.ciphertext)
-        key = EncryptedAccount.derive_key(password, salt_bytes)
+
+        key = EncryptedAccount.derive_key(
+            password,
+            salt_bytes,
+            n=self.kdf_n,
+            r=self.kdf_r,
+            p=self.kdf_p,
+            length=self.kdf_len,
+        )
         aesgcm = AESGCM(key)
         return aesgcm.decrypt(nonce_bytes, ciphertext_bytes, None).decode()
 
@@ -61,19 +119,36 @@ class EncryptedAccount(StoredAccount):
         private_key: str, password: str, tag: Optional[str] = None
     ) -> "EncryptedAccount":
         """Encrypt private key"""
-        salt = os.urandom(16)
-        key = EncryptedAccount.derive_key(password, salt)
+        # Generate new random salt
+        salt = os.urandom(SALT_LEN)
+
+        # Use standard constants for new encryptions
+        kdf_n = SCRYPT_N
+        kdf_r = SCRYPT_R
+        kdf_p = SCRYPT_P
+        kdf_len = SCRYPT_LEN
+
+        key = EncryptedAccount.derive_key(password, salt, n=kdf_n, r=kdf_r, p=kdf_p, length=kdf_len)
         aesgcm = AESGCM(key)
-        nonce = os.urandom(12)
+        nonce = os.urandom(AES_NONCE_LEN)
         ciphertext = aesgcm.encrypt(nonce, private_key.encode(), None)
 
         acct = Account.from_key(private_key)
+
         return EncryptedAccount(
             address=acct.address,
-            salt=base64.b64encode(salt).decode(),
-            nonce=base64.b64encode(nonce).decode(),
-            ciphertext=base64.b64encode(ciphertext).decode(),
-            tag=tag,
+            tag=tag or "",
+            # EncryptedData fields
+            kdf="scrypt",
+            kdf_salt=base64.b64encode(salt).decode("utf-8"),
+            kdf_n=kdf_n,
+            kdf_r=kdf_r,
+            kdf_p=kdf_p,
+            kdf_len=kdf_len,
+            cipher="aesgcm",
+            nonce=base64.b64encode(nonce).decode("utf-8"),
+            ciphertext=base64.b64encode(ciphertext).decode("utf-8"),
+            # NO redundant 'salt' field
         )
 
 
@@ -81,8 +156,10 @@ class KeyStorage(BaseModel):
     """KeyStorage"""
 
     accounts: Dict[EthereumAddress, Union[EncryptedAccount, StoredSafeAccount]] = {}
+    encrypted_mnemonic: Optional[dict] = None  # Encrypted BIP-39 mnemonic for master
     _path: Path = PrivateAttr()  # not stored nor validated
     _password: str = PrivateAttr()
+    _pending_mnemonic: Optional[str] = PrivateAttr(default=None)  # Temp storage for display
 
     def __init__(self, path: Path = Path(WALLET_PATH), password: Optional[str] = None):
         """Initialize key storage."""
@@ -109,7 +186,7 @@ class KeyStorage(BaseModel):
 
         self._path = path
         if password is None:
-            password = settings.wallet_password.get_secret_value()
+            password = secrets.wallet_password.get_secret_value()
         self._password = password
 
         if os.path.exists(path):
@@ -117,9 +194,12 @@ class KeyStorage(BaseModel):
                 with open(path, "r") as f:
                     data = json.load(f)
                     self.accounts = {
-                        k: EncryptedAccount(**v) if "signers" not in v else StoredSafeAccount(**v)
+                        EthereumAddress(k): EncryptedAccount(**v)
+                        if "signers" not in v
+                        else StoredSafeAccount(**v)
                         for k, v in data.get("accounts", {}).items()
                     }
+                    self.encrypted_mnemonic = data.get("encrypted_mnemonic")
             except json.JSONDecodeError:
                 logger.error(f"Failed to load wallet from {path}: File is corrupted.")
                 self.accounts = {}
@@ -165,21 +245,171 @@ class KeyStorage(BaseModel):
         # Enforce read/write only for the owner
         os.chmod(self._path, 0o600)
 
+    @staticmethod
+    def _encrypt_mnemonic(mnemonic: str, password: str) -> dict:
+        """Encrypt a mnemonic with AES-GCM using a scrypt-derived key."""
+        password_b = password.encode("utf-8")
+        salt = os.urandom(SALT_LEN)
+        kdf = Scrypt(salt=salt, length=SCRYPT_LEN, n=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P)
+        key = kdf.derive(password_b)
+        aesgcm = AESGCM(key)
+        nonce = os.urandom(AES_NONCE_LEN)
+        ct = aesgcm.encrypt(nonce, mnemonic.encode("utf-8"), None)
+        return {
+            "kdf": "scrypt",
+            "kdf_salt": base64.b64encode(salt).decode(),
+            "kdf_n": SCRYPT_N,
+            "kdf_r": SCRYPT_R,
+            "kdf_p": SCRYPT_P,
+            "kdf_len": SCRYPT_LEN,
+            "cipher": "aesgcm",
+            "nonce": base64.b64encode(nonce).decode(),
+            "ciphertext": base64.b64encode(ct).decode(),
+        }
+
+    @staticmethod
+    def _decrypt_mnemonic(encobj: dict, password: str) -> str:
+        """Decrypt a mnemonic previously created by `_encrypt_mnemonic`."""
+        if encobj.get("kdf") != "scrypt":
+            raise ValueError(f"Unsupported kdf: {encobj.get('kdf')}")
+        if encobj.get("cipher") != "aesgcm":
+            raise ValueError(f"Unsupported cipher: {encobj.get('cipher')}")
+
+        salt = base64.b64decode(encobj["kdf_salt"])
+        nonce = base64.b64decode(encobj["nonce"])
+        ct = base64.b64decode(encobj["ciphertext"])
+
+        n = encobj.get("kdf_n", SCRYPT_N)
+        r = encobj.get("kdf_r", SCRYPT_R)
+        p = encobj.get("kdf_p", SCRYPT_P)
+        length = encobj.get("kdf_len", SCRYPT_LEN)
+
+        kdf = Scrypt(salt=salt, length=length, n=n, r=r, p=p)
+        key = kdf.derive(password.encode("utf-8"))
+        aesgcm = AESGCM(key)
+        pt = aesgcm.decrypt(nonce, ct, None)
+        return pt.decode("utf-8")
+
+    def decrypt_mnemonic(self) -> str:
+        """Decrypt the stored mnemonic using the wallet password."""
+        if not self.encrypted_mnemonic:
+            raise ValueError("No encrypted mnemonic found in wallet.")
+        return self._decrypt_mnemonic(self.encrypted_mnemonic, self._password)
+
+    @staticmethod
+    def _derive_private_key_from_mnemonic(mnemonic: str, index: int = 0) -> str:
+        """Derive ETH private key from mnemonic using BIP-44 path."""
+        seed_bytes = Bip39SeedGenerator(mnemonic).Generate()
+        bip44_ctx = Bip44.FromSeed(seed_bytes, Bip44Coins.ETHEREUM)
+        addr_ctx = (
+            bip44_ctx.Purpose().Coin().Account(0).Change(Bip44Changes.CHAIN_EXT).AddressIndex(index)
+        )
+        return addr_ctx.PrivateKey().Raw().ToHex()
+
+    def _create_master_from_mnemonic(self) -> Tuple[EncryptedAccount, str]:
+        """Create master account from a new BIP-39 mnemonic.
+
+        Returns:
+            Tuple of (EncryptedAccount, plaintext_mnemonic).
+            The mnemonic should be shown to user ONCE and never stored in plaintext.
+
+        """
+        # Generate 24-word mnemonic
+        mnemonic = Bip39MnemonicGenerator().FromWordsNumber(MNEMONIC_WORD_NUMBER)
+        mnemonic_str = mnemonic.ToStr()
+
+        # Derive first account (index 0)
+        private_key_hex = self._derive_private_key_from_mnemonic(mnemonic_str, 0)
+
+        # Encrypt mnemonic for storage
+        self.encrypted_mnemonic = self._encrypt_mnemonic(mnemonic_str, self._password)
+
+        # Encrypt private key and create account
+        encrypted_acct = EncryptedAccount.encrypt_private_key(
+            private_key_hex, self._password, "master"
+        )
+        self.accounts[encrypted_acct.address] = encrypted_acct
+        self.save()
+
+        return encrypted_acct, mnemonic_str
+
     def create_account(self, tag: str) -> EncryptedAccount:
-        """Create account"""
+        """Create account. Master is derived from mnemonic, others are random."""
         tags = [acct.tag for acct in self.accounts.values()]
         if not tags:
             tag = "master"  # First account is always master
         if tag in tags:
             raise ValueError(f"Tag '{tag}' already exists in wallet.")
 
-        acct = Account.create()
+        # Master account: derive from mnemonic
+        if tag == "master":
+            encrypted_acct, mnemonic = self._create_master_from_mnemonic()
+            self._pending_mnemonic = mnemonic  # Store temporarily for display
+            return encrypted_acct
 
+        # Non-master: random key as before
+        acct = Account.create()
         encrypted = EncryptedAccount.encrypt_private_key(acct.key.hex(), self._password, tag)
         self.accounts[acct.address] = encrypted
         self.save()
         return encrypted
 
+    def get_pending_mnemonic(self) -> Optional[str]:
+        """Get and clear the pending mnemonic (for one-time display).
+
+        Returns:
+            The mnemonic string if available, None otherwise.
+            Clears the pending mnemonic after returning.
+
+        """
+        mnemonic = self._pending_mnemonic
+        self._pending_mnemonic = None
+        return mnemonic
+
+    def display_pending_mnemonic(self) -> bool:
+        """Display the pending mnemonic to the user and wait for confirmation.
+
+        Returns:
+            True if a mnemonic was displayed, False otherwise.
+
+        """
+        # SECURITY: Do NOT print mnemonic if not in an interactive terminal (avoids Docker logs)
+        if not sys.stdout.isatty():
+            if self._pending_mnemonic:
+                print("\n" + "!" * 60)
+                print("⚠️  SECURITY WARNING: MASTER ACCOUNT CREATED FROM MNEMONIC")
+                print("!" * 60)
+                print("\nSince this is a non-interactive terminal (e.g. Docker background),")
+                print("the mnemonic is NOT displayed here to prevent it from being")
+                print("stored in log files.")
+                print("\nTo view and backup your mnemonic, run:")
+                print("  just mnemonic")
+                print("!" * 60 + "\n")
+            return False
+
+        mnemonic = self.get_pending_mnemonic()
+        if not mnemonic:
+            return False
+
+        print("\n" + "=" * 60)
+        print("⚠️  NEW MASTER ACCOUNT CREATED - BACKUP YOUR MNEMONIC!")
+        print("=" * 60)
+        print("\nWrite down these 24 words and store them in a safe place.")
+        print("This is the ONLY time they will be shown.\n")
+        print("-" * 60)
+        words = mnemonic.split()
+        for i in range(0, 24, 4):
+            print(
+                f"  {i + 1:2}. {words[i]:12}  {i + 2:2}. {words[i + 1]:12}  "
+                f"{i + 3:2}. {words[i + 2]:12}  {i + 4:2}. {words[i + 3]:12}"
+            )
+        print("-" * 60)
+        print("\n⚠️  If you lose this mnemonic, you CANNOT recover your funds!")
+        print("=" * 60)
+        input("\nPress ENTER after you have saved your mnemonic...")
+        print()
+        return True
+
     def remove_account(self, address_or_tag: str):
         """Remove account"""
         account = self.find_stored_account(address_or_tag)

iwa/core/mnemonic.py

@@ -21,7 +21,7 @@ from eth_account import Account
 from pydantic import BaseModel
 
 from iwa.core.constants import WALLET_PATH
-from iwa.core.models import EthereumAddress, StoredAccount
+from iwa.core.models import EncryptedData, EthereumAddress, StoredAccount
 
 MNEMONIC_WORD_NUMBER = Bip39WordsNum.WORDS_NUM_24
 SCRYPT_N = 2**14
@@ -32,19 +32,9 @@ AES_NONCE_LEN = 12
 SALT_LEN = 16
 
 
-class EncryptedMnemonic(BaseModel):
+class EncryptedMnemonic(EncryptedData):
     """EncryptedMnemonic"""
 
-    kdf: str = "scrypt"
-    kdf_salt: str
-    kdf_n: int = SCRYPT_N
-    kdf_r: int = SCRYPT_R
-    kdf_p: int = SCRYPT_P
-    kdf_len: int = SCRYPT_LEN
-    cypher: str = "aesgcm"
-    nonce: str
-    ciphertext: str
-
     def derive_key(self, password: bytes) -> bytes:
         """Derive a key from a password and salt using scrypt."""
         kdf = Scrypt(
@@ -61,7 +51,7 @@ class EncryptedMnemonic(BaseModel):
         # validate expected algorithms
         if self.kdf != "scrypt":
             raise ValueError(f"Unsupported kdf: {self.kdf}")
-        if self.cypher != "aesgcm":
+        if self.cipher != "aesgcm":
             raise ValueError("Unsupported cipher, expected 'aesgcm'")
 
         nonce = base64.b64decode(self.nonce)

iwa/core/models.py

@@ -14,6 +14,20 @@ from iwa.core.types import EthereumAddress  # noqa: F401 - re-exported for backw
 from iwa.core.utils import singleton
 
 
+class EncryptedData(BaseModel):
+    """Encrypted data structure with explicit KDF parameters."""
+
+    kdf: str = "scrypt"
+    kdf_salt: str
+    kdf_n: int = 16384  # 2**14
+    kdf_r: int = 8
+    kdf_p: int = 1
+    kdf_len: int = 32
+    cipher: str = "aesgcm"
+    nonce: str
+    ciphertext: str
+
+
 class StoredAccount(BaseModel):
     """StoredAccount representing an EOA or contract account."""
 
@@ -32,12 +46,6 @@ class StoredSafeAccount(StoredAccount):
 class CoreConfig(BaseModel):
     """Core configuration settings."""
 
-    manual_claim_enabled: bool = Field(
-        default=False, description="Enable manual claiming of rewards"
-    )
-    request_activity_alert_enabled: bool = Field(
-        default=True, description="Enable alerts for suspicious activity"
-    )
     whitelist: Dict[str, EthereumAddress] = Field(
         default_factory=dict, description="Address whitelist for security"
     )
@@ -45,6 +53,20 @@ class CoreConfig(BaseModel):
         default_factory=dict, description="Custom token definitions per chain"
     )
 
+    # Web UI Configuration
+    web_enabled: bool = Field(default=False, description="Enable Web UI")
+    web_port: int = Field(default=8080, description="Web UI port")
+
+    # IPFS Configuration
+    ipfs_api_url: str = Field(default="http://localhost:5001", description="IPFS API URL")
+
+    # Tenderly Configuration
+    tenderly_profile: int = Field(default=1, description="Tenderly profile ID (1, 2, 3)")
+    tenderly_native_funds: float = Field(
+        default=1000.0, description="Native ETH amount for vNet funding"
+    )
+    tenderly_olas_funds: float = Field(default=100000.0, description="OLAS amount for vNet funding")
+
 
 T = TypeVar("T", bound="StorableModel")
 

iwa/core/pricing.py

@@ -7,7 +7,7 @@ from typing import Dict, Optional
 import requests
 from loguru import logger
 
-from iwa.core.settings import settings
+from iwa.core.secrets import secrets
 
 
 class PriceService:
@@ -17,12 +17,12 @@ class PriceService:
 
     def __init__(self, cache_ttl_minutes: int = 5):
         """Initialize PriceService."""
-        self.settings = settings
+        self.secrets = secrets
         self.cache: Dict[str, Dict] = {}  # {id_currency: {"price": float, "timestamp": datetime}}
         self.cache_ttl = timedelta(minutes=cache_ttl_minutes)
         self.api_key = (
-            self.settings.coingecko_api_key.get_secret_value()
-            if self.settings.coingecko_api_key
+            self.secrets.coingecko_api_key.get_secret_value()
+            if self.secrets.coingecko_api_key
             else None
         )
 

iwa/core/secrets.py

@@ -0,0 +1,77 @@
+"""Secrets module - loads sensitive values from environment variables.
+
+Secrets are loaded from:
+1. Environment variables (injected by docker-compose env_file in production)
+2. secrets.env file at project root (for local development)
+"""
+
+from pathlib import Path
+from typing import Optional
+
+from pydantic import SecretStr, model_validator
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+# secrets.env is at project root (not in data/)
+SECRETS_FILE = Path("secrets.env")
+
+
+class Secrets(BaseSettings):
+    """Application Secrets loaded from environment variables.
+
+    In production, these are injected via docker-compose:
+        env_file:
+          - ./secrets.env
+
+    For local development, secrets are loaded from secrets.env at project root.
+    """
+
+    # Testing mode - when True, uses Tenderly test RPCs; when False, uses production RPCs
+    testing: bool = False
+
+    # RPC endpoints
+    # When testing=True, these get overwritten with *_test_rpc values
+    gnosis_rpc: Optional[SecretStr] = None
+    base_rpc: Optional[SecretStr] = None
+    ethereum_rpc: Optional[SecretStr] = None
+
+    # Test RPCs (Tenderly)
+    gnosis_test_rpc: Optional[SecretStr] = None
+    ethereum_test_rpc: Optional[SecretStr] = None
+    base_test_rpc: Optional[SecretStr] = None
+
+    coingecko_api_key: Optional[SecretStr] = None
+    wallet_password: Optional[SecretStr] = None
+
+    webui_password: Optional[SecretStr] = None
+
+    # Load from environment AND secrets.env file (for local dev)
+    model_config = SettingsConfigDict(
+        env_file=str(SECRETS_FILE) if SECRETS_FILE.exists() else None,
+        env_file_encoding="utf-8",
+        extra="ignore",
+    )
+
+    @model_validator(mode="after")
+    def load_tenderly_profile_credentials(self) -> "Secrets":
+        """Load Tenderly credentials based on the selected profile."""
+        # Note: Logic moved to dynamic loading in tools/reset_tenderly.py
+        # using Config().core.tenderly_profile
+
+        # When in testing mode, override RPCs with test RPCs (Tenderly)
+        if self.testing:
+            if self.gnosis_test_rpc:
+                self.gnosis_rpc = self.gnosis_test_rpc
+            if self.ethereum_test_rpc:
+                self.ethereum_rpc = self.ethereum_test_rpc
+            if self.base_test_rpc:
+                self.base_rpc = self.base_test_rpc
+
+        # Convert empty webui_password to None (no auth required)
+        if self.webui_password and not self.webui_password.get_secret_value():
+            self.webui_password = None
+
+        return self
+
+
+# Global secrets instance
+secrets = Secrets()

iwa/core/services/safe.py

@@ -11,7 +11,7 @@ from safe_eth.safe.safe_tx import SafeTx
 from iwa.core.constants import ZERO_ADDRESS
 from iwa.core.db import log_transaction
 from iwa.core.models import StoredSafeAccount
-from iwa.core.settings import settings
+from iwa.core.secrets import secrets
 from iwa.core.utils import (
     get_safe_master_copy_address,
     get_safe_proxy_factory_address,
@@ -99,7 +99,7 @@ class SafeService:
         return owner_addresses
 
     def _get_ethereum_client(self, chain_name: str) -> EthereumClient:
-        rpc_secret = getattr(settings, f"{chain_name}_rpc")
+        rpc_secret = getattr(secrets, f"{chain_name}_rpc")
         return EthereumClient(rpc_secret.get_secret_value())
 
     def _deploy_safe_contract(
@@ -248,7 +248,7 @@ class SafeService:
                 continue
 
             for chain in account.chains:
-                rpc_secret = getattr(settings, f"{chain}_rpc")
+                rpc_secret = getattr(secrets, f"{chain}_rpc")
                 ethereum_client = EthereumClient(rpc_secret.get_secret_value())
 
                 code = ethereum_client.w3.eth.get_code(account.address)

iwa/core/utils.py

@@ -43,10 +43,15 @@ def configure_logger():
     if hasattr(configure_logger, "configured"):
         return logger
 
+    from iwa.core.constants import DATA_DIR
+
     logger.remove()
 
+    # Ensure data directory exists
+    DATA_DIR.mkdir(parents=True, exist_ok=True)
+
     logger.add(
-        "iwa.log",
+        DATA_DIR / "iwa.log",
         rotation="10 MB",
         level="INFO",
         format="{time:YYYY-MM-DD HH:mm:ss.SSS} | {level: <8} | {name}:{function}:{line} - {message}",

iwa/core/wallet.py

@@ -29,6 +29,10 @@ class Wallet:
     def __init__(self):
         """Initialize wallet."""
         self.key_storage = KeyStorage()
+
+        # Display mnemonic if a new master account was just created
+        self.key_storage.display_pending_mnemonic()
+
         self.account_service = AccountService(self.key_storage)
         self.balance_service = BalanceService(self.key_storage, self.account_service)
         self.safe_service = SafeService(self.key_storage, self.account_service)

iwa/plugins/gnosis/safe.py

@@ -8,7 +8,7 @@ from safe_eth.safe import Safe, SafeOperationEnum
 from safe_eth.safe.safe_tx import SafeTx
 
 from iwa.core.models import StoredSafeAccount
-from iwa.core.settings import settings
+from iwa.core.secrets import secrets
 from iwa.core.utils import configure_logger
 
 logger = configure_logger()
@@ -28,7 +28,7 @@ class SafeMultisig:
         if chain_name.lower() not in normalized_chains:
             raise ValueError(f"Safe account is not deployed on chain: {chain_name}")
 
-        rpc_secret = getattr(settings, f"{chain_name.lower()}_rpc")
+        rpc_secret = getattr(secrets, f"{chain_name.lower()}_rpc")
         ethereum_client = EthereumClient(rpc_secret.get_secret_value())
         self.multisig = Safe(safe_account.address, ethereum_client)
         self.ethereum_client = ethereum_client

iwa/plugins/gnosis/tests/test_safe.py

@@ -11,7 +11,7 @@ from iwa.plugins.gnosis.safe import SafeMultisig
 @pytest.fixture
 def mock_settings():
     """Mock settings."""
-    with patch("iwa.plugins.gnosis.safe.settings") as mock:
+    with patch("iwa.plugins.gnosis.safe.secrets") as mock:
         mock.gnosis_rpc.get_secret_value.return_value = "http://rpc"
         yield mock
 

iwa/plugins/olas/constants.py

@@ -100,6 +100,14 @@ OLAS_TRADER_STAKING_CONTRACTS: Dict[str, Dict[str, EthereumAddress]] = {
         "Expert 16 (10k OLAS)": EthereumAddress("0x6c65430515c70a3f5E62107CC301685B7D46f991"),
         "Expert 17 (10k OLAS)": EthereumAddress("0x1430107A785C3A36a0C1FC0ee09B9631e2E72aFf"),
         "Expert 18 (10k OLAS)": EthereumAddress("0x041e679d04Fc0D4f75Eb937Dea729Df09a58e454"),
+        "Expert 3 MM (1k OLAS)": EthereumAddress("0x75eeca6207be98cac3fde8a20ecd7b01e50b3472"),
+        "Expert 4 MM (2k OLAS)": EthereumAddress("0x9c7f6103e3a72e4d1805b9c683ea5b370ec1a99f"),
+        "Expert 5 MM (10k OLAS)": EthereumAddress("0xcdC603e0Ee55Aae92519f9770f214b2Be4967f7d"),
+        "Expert 6 MM (10k OLAS)": EthereumAddress("0x22d6cd3d587d8391c3aae83a783f26c67ab54a85"),
+        "Expert 7 MM (10k OLAS)": EthereumAddress("0xaaecdf4d0cbd6ca0622892ac6044472f3912a5f3"),
+        "Expert 8 MM (10k OLAS)": EthereumAddress("0x168aed532a0cd8868c22fc77937af78b363652b1"),
+        "Expert 9 MM (10k OLAS)": EthereumAddress("0xdda9cd214f12e7c2d58e871404a0a3b1177065c8"),
+        "Expert 10 MM (10k OLAS)": EthereumAddress("0x53a38655b4e659ef4c7f88a26fbf5c67932c7156"),
     },
     "ethereum": {},
     "base": {},