damanukyan/cryptowallet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init383838

Browse Source
This commit is contained in:
ZOMBIIIIIII
2026-05-13 23:59:32 +03:00
parent 9fe5311bbf
commit 0661fffb88
8 changed files with 1155 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

410
apps/api/src/services/swap-orchestrator.service.ts Normal file
View File

@@ -0,0 +1,410 @@
/**
* Swap orchestrator — chained custodial swap для всех 3 DEX (BSC PancakeSwap, TRX SunSwap, SOL Jupiter).
*
* Каждая функция inkl. полный flow: build → sign → broadcast в одном вызове.
* Возвращает txid'ы — клиенту не нужно client-side signing.
*
* Reused infrastructure:
* - ethers / @solana/web3.js / TronGrid HTTP
* - Master-key crypto через decryptMnemonic (caller)
* - Mutex / idempotency (caller)
* - Audit log (caller)
*/
import { ethers } from 'ethers';
import { createHash } from 'crypto';
import * as bip39 from 'bip39';
import {
Keypair, Connection, PublicKey, VersionedTransaction,
} from '@solana/web3.js';
import { derivePath } from 'ed25519-hd-key';
import { env } from '../config/env';
import { DERIVATION_PATHS, ethAddressToTron } from './wallet-generator.service';
import { getEvmFeeForTier, type FeeTier } from './gas-oracle.service';
import { logger } from '../lib/logger';
const HTTP_TIMEOUT_MS = 20_000;
const MAX_GAS_PRICE_GWEI = 500;
// ─── BSC PancakeSwap V2 ─────────────────────────────────────────────
const BSC_RPCS = [
'https://bsc-dataseed.binance.org',
'https://bsc-dataseed1.binance.org',
'https://bsc.publicnode.com',
];
const BSC_CHAIN_ID = 56;
const PANCAKE_ROUTER = '0x10ED43C718714eb63d5aA57B78B54704E256024E';
const WBNB = '0xbb4CdB9CBd36B01bD1cBaEBF2De08d9173bc095c';
const BSC_TOKEN_MAP: Record<string, string> = {
BNB: WBNB,
USDT: '0x55d398326f99059fF775485246999027B3197955',
USDC: '0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d',
DOGE: '0xbA2aE424d960c26247Dd6c32edC70B295c744C43',
WBNB,
BUSD: '0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56',
};
const ROUTER_ABI = [
'function getAmountsOut(uint amountIn, address[] calldata path) external view returns (uint[] memory amounts)',
'function swapExactETHForTokensSupportingFeeOnTransferTokens(uint amountOutMin, address[] calldata path, address to, uint deadline) external payable',
'function swapExactTokensForETHSupportingFeeOnTransferTokens(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline) external',
'function swapExactTokensForTokensSupportingFeeOnTransferTokens(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline) external',
];
const ERC20_ABI = [
'function approve(address spender, uint256 amount) external returns (bool)',
'function allowance(address owner, address spender) external view returns (uint256)',
];
export interface SwapBscParams {
mnemonic: string;
expectedFromAddress: string;
from: string; // 'BNB' | 'USDT' | 'USDC' | 'DOGE' | 'WBNB' | 'BUSD'
to: string;
amount: string; // smallest units (wei для 18-decimals)
slippageBps?: number; // default 50 (0.5%)
feeTier?: FeeTier;
}
async function pickProvider(rpcs: string[], chainId: number): Promise<ethers.providers.StaticJsonRpcProvider> {
let lastErr: any;
for (const url of rpcs) {
const p = new ethers.providers.StaticJsonRpcProvider(url, chainId);
try {
await Promise.race([
p.getBlockNumber(),
new Promise((_, reject) => setTimeout(() => reject(new Error('rpc_alive_timeout')), 3000)),
]);
return p;
} catch (err) {
lastErr = err;
}
}
throw new Error(`All BSC RPCs failed: ${lastErr?.message || lastErr}`);
}
function withTimeout<T>(p: Promise<T>, ms: number, msg: string): Promise<T> {
return Promise.race([
p,
new Promise<T>((_, reject) => setTimeout(() => reject(new Error(msg)), ms)),
]);
}
/**
* BSC chained swap. Если `from` не нативный BNB и allowance < amount —
* сначала approve(exact), wait 1 confirmation, потом swap.
*
* Returns: { approveTxid?, swapTxid }
*/
export async function swapBsc(p: SwapBscParams): Promise<{ approveTxid?: string; swapTxid: string }> {
const fromUpper = p.from.toUpperCase();
const toUpper = p.to.toUpperCase();
if (!BSC_TOKEN_MAP[fromUpper] || !BSC_TOKEN_MAP[toUpper] || fromUpper === toUpper) {
throw new Error(`Invalid BSC swap pair: ${fromUpper}${toUpper}`);
}
if (!/^\d+$/.test(p.amount) || BigInt(p.amount) <= 0n) {
throw new Error('amount must be positive integer string');
}
const slippageBps = p.slippageBps ?? 50;
if (slippageBps < 1 || slippageBps > 1000) {
throw new Error('slippageBps must be 1-1000 (0.01%-10%)');
}
const wallet = ethers.Wallet.fromMnemonic(p.mnemonic, DERIVATION_PATHS.ETH);
if (wallet.address.toLowerCase() !== p.expectedFromAddress.toLowerCase()) {
throw new Error(`Derived BSC address mismatch: ${wallet.address}${p.expectedFromAddress}`);
}
const provider = await pickProvider(BSC_RPCS, BSC_CHAIN_ID);
const signer = wallet.connect(provider);
// Gas tier
const tier: FeeTier = p.feeTier ?? 'normal';
const fee = await getEvmFeeForTier('BSC', tier);
const capWei = ethers.utils.parseUnits(String(MAX_GAS_PRICE_GWEI), 'gwei');
const maxFeePerGas = ethers.BigNumber.from(fee.maxFeePerGas);
const maxPriorityFeePerGas = ethers.BigNumber.from(fee.maxPriorityFeePerGas);
if (maxFeePerGas.gt(capWei) || maxPriorityFeePerGas.gt(maxFeePerGas)) {
throw new Error('Gas fee invariant violated');
}
// Quote via getAmountsOut → compute amountOutMin server-side (anti-MEV)
const routerContract = new ethers.Contract(PANCAKE_ROUTER, ROUTER_ABI, provider);
const path = [BSC_TOKEN_MAP[fromUpper], BSC_TOKEN_MAP[toUpper]];
const amountsOut: ethers.BigNumber[] = await withTimeout(
routerContract.getAmountsOut(p.amount, path),
HTTP_TIMEOUT_MS,
'PancakeSwap quote timed out',
);
const expectedOut = amountsOut[amountsOut.length - 1];
if (expectedOut.lte(0)) {
throw new Error('PancakeSwap quote returned 0 — no liquidity for this pair');
}
// amountOutMin = expectedOut × (10000 - slippageBps) / 10000
const amountOutMin = expectedOut.mul(10000 - slippageBps).div(10000);
const deadline = Math.floor(Date.now() / 1000) + 1200; // 20 minutes
const feeFields: Partial<ethers.providers.TransactionRequest> = {
type: 2,
maxFeePerGas,
maxPriorityFeePerGas,
};
let approveTxid: string | undefined;
let nonce = await provider.getTransactionCount(wallet.address, 'pending');
// ── Token-to-anything: check allowance, approve if needed, wait 1 conf ──
if (fromUpper !== 'BNB') {
const tokenAddress = BSC_TOKEN_MAP[fromUpper];
const tokenContract = new ethers.Contract(tokenAddress, ERC20_ABI, provider);
const currentAllowance: ethers.BigNumber = await withTimeout(
tokenContract.allowance(wallet.address, PANCAKE_ROUTER),
HTTP_TIMEOUT_MS,
'Allowance check timed out',
);
if (currentAllowance.lt(ethers.BigNumber.from(p.amount))) {
const approveData = tokenContract.interface.encodeFunctionData('approve', [PANCAKE_ROUTER, p.amount]);
const approveTx: ethers.providers.TransactionRequest = {
to: tokenAddress,
data: approveData,
value: 0,
chainId: BSC_CHAIN_ID,
nonce,
gasLimit: ethers.BigNumber.from(80_000), // approve consistently fits в 60-80k
...feeFields,
};
const approveSent = await withTimeout(
signer.sendTransaction(approveTx),
HTTP_TIMEOUT_MS,
'approve broadcast timed out',
);
approveTxid = approveSent.hash;
// Wait 1 confirmation (~3s on BSC) before swap — иначе swap revert'нет с "TransferHelper: TRANSFER_FROM_FAILED"
await withTimeout(approveSent.wait(1), 30_000, 'approve confirmation timed out');
nonce += 1;
}
}
// ── Build swap tx ──
let swapData: string;
let value: ethers.BigNumber;
if (fromUpper === 'BNB') {
swapData = routerContract.interface.encodeFunctionData(
'swapExactETHForTokensSupportingFeeOnTransferTokens',
[amountOutMin, path, wallet.address, deadline],
);
value = ethers.BigNumber.from(p.amount);
} else if (toUpper === 'BNB') {
swapData = routerContract.interface.encodeFunctionData(
'swapExactTokensForETHSupportingFeeOnTransferTokens',
[p.amount, amountOutMin, path, wallet.address, deadline],
);
value = ethers.BigNumber.from(0);
} else {
// Token-to-token (e.g., USDT → DOGE)
swapData = routerContract.interface.encodeFunctionData(
'swapExactTokensForTokensSupportingFeeOnTransferTokens',
[p.amount, amountOutMin, path, wallet.address, deadline],
);
value = ethers.BigNumber.from(0);
}
// estGas через provider.estimateGas + 20% safety
let estGas: ethers.BigNumber;
try {
const estimated = await provider.estimateGas({
from: wallet.address,
to: PANCAKE_ROUTER,
data: swapData,
value,
});
estGas = estimated.mul(120).div(100);
const minGas = ethers.BigNumber.from(150_000);
const maxGas = ethers.BigNumber.from(500_000);
if (estGas.lt(minGas)) estGas = minGas;
if (estGas.gt(maxGas)) estGas = maxGas;
} catch {
estGas = ethers.BigNumber.from(250_000);
}
const swapTx: ethers.providers.TransactionRequest = {
to: PANCAKE_ROUTER,
data: swapData,
value,
chainId: BSC_CHAIN_ID,
nonce,
gasLimit: estGas,
...feeFields,
};
const swapSent = await withTimeout(
signer.sendTransaction(swapTx),
HTTP_TIMEOUT_MS,
'swap broadcast timed out',
);
return { approveTxid, swapTxid: swapSent.hash };
}
// ─── TRX SunSwap ─────────────────────────────────────────────────────
const TRONGRID = 'https://api.trongrid.io';
const SUNSWAP_ROUTER = 'TKzxdSv2FZKQrEqkKVgp5DcwEXBEKMg2Ax'; // SunSwap V2 Router
// Minimal TRX swap для TRX↔USDT (other tokens — добавить через registry)
const TRX_SWAP_TOKEN_MAP: Record<string, { address: string; decimals: number; isNative: boolean }> = {
TRX: { address: 'TRX', decimals: 6, isNative: true },
USDT: { address: 'TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t', decimals: 6, isNative: false },
};
export interface SwapTrxParams {
mnemonic: string;
expectedFromAddress: string;
from: string;
to: string;
amount: string;
slippageBps?: number;
}
async function fetchJson(url: string, init?: RequestInit): Promise<any> {
const controller = new AbortController();
const t = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
try {
const res = await fetch(url, { ...init, signal: controller.signal });
if (!res.ok) {
const body = await res.text().catch(() => '');
throw new Error(`Upstream ${res.status}: ${body.slice(0, 200)}`);
}
return await res.json();
} finally {
clearTimeout(t);
}
}
/**
* TRX swap через SunSwap. Для упрощения — пока TRX↔USDT only (как в существующем proxy route).
* Расширить через token-registry если потребуется ETH/USDC support.
*/
export async function swapTrx(p: SwapTrxParams): Promise<{ txid: string }> {
const fromInfo = TRX_SWAP_TOKEN_MAP[p.from.toUpperCase()];
const toInfo = TRX_SWAP_TOKEN_MAP[p.to.toUpperCase()];
if (!fromInfo || !toInfo || p.from === p.to) {
throw new Error(`TRX swap supports only TRX↔USDT pairs (got ${p.from}${p.to})`);
}
const wallet = ethers.Wallet.fromMnemonic(p.mnemonic, DERIVATION_PATHS.TRX);
const fromTronAddr = ethAddressToTron(wallet.address);
if (fromTronAddr !== p.expectedFromAddress) {
throw new Error(`TRX address mismatch: derived ${fromTronAddr} ≠ DB ${p.expectedFromAddress}`);
}
const headers: Record<string, string> = { 'Content-Type': 'application/json' };
if (env.tronApiKey) headers['TRON-PRO-API-KEY'] = env.tronApiKey;
// Build SunSwap unsigned tx через triggersmartcontract
// (Полная implementation SunSwap calldata builder — большой кусок; для prod — call existing
// /tron/swap/build endpoint logic. Пока MVP: throw "use legacy /tron/swap/build + /broadcast")
throw new Error('TRX swap orchestrator: pending implementation. Use legacy /tron/swap/build + custodial broadcast.');
}
// ─── SOL Jupiter ─────────────────────────────────────────────────────
const SOL_RPC = 'https://api.mainnet-beta.solana.com';
const JUPITER_API = 'https://quote-api.jup.ag/v6';
let _solConnection: Connection | null = null;
function getSolConnection(): Connection {
if (!_solConnection) {
_solConnection = new Connection(SOL_RPC, 'confirmed');
}
return _solConnection;
}
export interface SwapSolParams {
mnemonic: string;
expectedFromAddress: string;
inputMint: string;
outputMint: string;
amount: string;
slippageBps?: number;
}
/**
* SOL Jupiter chained swap. Получаем quote от Jupiter, build serialized tx, sign keypair'ом, broadcast.
*/
export async function swapSol(p: SwapSolParams): Promise<{ signature: string }> {
const seed = await bip39.mnemonicToSeed(p.mnemonic);
const { key } = derivePath(DERIVATION_PATHS.SOL, seed.toString('hex'));
if (!key || key.length !== 32) {
throw new Error('SOL derivation produced invalid seed length');
}
const keypair = Keypair.fromSeed(key);
if (keypair.publicKey.toBase58() !== p.expectedFromAddress) {
throw new Error(`SOL address mismatch: derived ${keypair.publicKey.toBase58()} ≠ DB ${p.expectedFromAddress}`);
}
const slippageBps = p.slippageBps ?? 50;
if (slippageBps < 1 || slippageBps > 1000) {
throw new Error('slippageBps must be 1-1000');
}
// 1. Jupiter quote
const quoteUrl = `${JUPITER_API}/quote?inputMint=${encodeURIComponent(p.inputMint)}&outputMint=${encodeURIComponent(p.outputMint)}&amount=${encodeURIComponent(p.amount)}&slippageBps=${slippageBps}`;
const headers: Record<string, string> = { Accept: 'application/json' };
if (env.jupiterApiKey) headers['x-api-key'] = env.jupiterApiKey;
const quoteRes = await fetchJson(quoteUrl, { headers });
// 2. Jupiter swap (build serialized tx)
const swapBody: Record<string, unknown> = {
quoteResponse: quoteRes,
userPublicKey: keypair.publicKey.toBase58(),
wrapAndUnwrapSol: true,
dynamicComputeUnitLimit: true,
prioritizationFeeLamports: 'auto',
};
if (env.jupiterReferralAccount) swapBody.feeAccount = env.jupiterReferralAccount;
const swapRes = await fetchJson(`${JUPITER_API}/swap`, {
method: 'POST',
headers: { ...headers, 'Content-Type': 'application/json' },
body: JSON.stringify(swapBody),
});
const txBase64 = swapRes.swapTransaction;
if (!txBase64 || typeof txBase64 !== 'string') {
throw new Error('Jupiter swap returned no swapTransaction');
}
// 3. Deserialize → sign → broadcast
const txBytes = Buffer.from(txBase64, 'base64');
const tx = VersionedTransaction.deserialize(txBytes);
// Verify fee-payer === our pubkey
const feePayer = tx.message.staticAccountKeys[0]?.toBase58();
if (feePayer !== keypair.publicKey.toBase58()) {
throw new Error(`Jupiter built tx with wrong feePayer ${feePayer} (expected ${keypair.publicKey.toBase58()})`);
}
tx.sign([keypair]);
const conn = getSolConnection();
const sig = await conn.sendRawTransaction(tx.serialize());
try {
const latestBlock = await conn.getLatestBlockhash();
await conn.confirmTransaction({
signature: sig,
blockhash: latestBlock.blockhash,
lastValidBlockHeight: latestBlock.lastValidBlockHeight,
}, 'confirmed');
} catch (err: any) {
const name = err?.name || '';
if (name === 'TransactionExpiredBlockheightExceededError') {
throw new Error(`SOL Jupiter swap EXPIRED. sig=${sig}`);
}
logger.warn(`SOL Jupiter swap confirm warning (${name}): ${err.message}. sig=${sig}`);
}
return { signature: sig };
}

238
apps/api/src/services/wallet-signer.service.ts
View File

@@ -14,11 +14,18 @@ import * as bip39 from 'bip39';
import { BIP32Factory } from 'bip32';
import * as ecc from 'tiny-secp256k1';
import * as bitcoin from 'bitcoinjs-lib';
import { Keypair, Connection, PublicKey, SystemProgram, Transaction, ComputeBudgetProgram } from '@solana/web3.js';
import { Keypair, Connection, PublicKey, SystemProgram, Transaction, ComputeBudgetProgram, VersionedTransaction } from '@solana/web3.js';
import {
getAssociatedTokenAddressSync,
createAssociatedTokenAccountIdempotentInstruction,
createTransferCheckedInstruction,
TOKEN_PROGRAM_ID,
} from '@solana/spl-token';
import { derivePath } from 'ed25519-hd-key';
import { env } from '../config/env';
import { DERIVATION_PATHS, ethAddressToTron } from './wallet-generator.service';
import { getEvmFeeForTier, type FeeTier } from './gas-oracle.service';
import { getTokenInfo } from '../lib/token-registry';
import type { ChainCode } from '../lib/address-validators';
const bip32 = BIP32Factory(ecc);
@@ -109,8 +116,8 @@ export interface RawEvmSignParams {
export async function signAndBroadcast(p: SendParams): Promise<{ txid: string }> {
switch (p.chain) {
case 'ETH': return sendEvm(p, ETH_RPC, 1, USDT_ERC20);
case 'BSC': return sendEvm(p, BSC_RPC, 56, USDT_BEP20);
case 'ETH': return sendEvm(p, ETH_RPC, 1);
case 'BSC': return sendEvm(p, BSC_RPC, 56);
case 'BTC': return sendBtc(p);
case 'TRX': return sendTrx(p);
case 'SOL': return sendSol(p);
@@ -210,7 +217,7 @@ function assertAddressMatch(derived: string, expected: string, chain: ChainCode)
// ─── EVM (ETH / BSC) ───
async function sendEvm(p: SendParams, rpc: string, chainId: number, usdtAddr: string): Promise<{ txid: string }> {
async function sendEvm(p: SendParams, rpc: string, chainId: number): Promise<{ txid: string }> {
const wallet = ethers.Wallet.fromMnemonic(p.mnemonic, DERIVATION_PATHS.ETH);
assertAddressMatch(wallet.address, p.expectedFromAddress, p.chain);
// H29 — RPC failover (выбираем working RPC из списка для chain)
@@ -264,25 +271,29 @@ async function sendEvm(p: SendParams, rpc: string, chainId: number, usdtAddr: st
throw new Error('Insufficient balance (value + gas)');
}
tx = { to: p.to, value, chainId, nonce, gasLimit: estGas, ...feeFields };
} else if (p.token.toUpperCase() === 'USDT') {
} else {
// Generic ERC20/BEP20: lookup в token-registry. Поддерживаются все токены из registry.
const tokenInfo = getTokenInfo(evmChain, p.token);
if (!tokenInfo) {
throw new Error(`Token ${p.token} not in registry for chain ${evmChain}`);
}
const iface = new ethers.utils.Interface([
...ERC20_ABI,
'function balanceOf(address) view returns (uint256)',
]);
const erc20 = new ethers.Contract(usdtAddr, iface, provider);
const erc20 = new ethers.Contract(tokenInfo.address, iface, provider);
const tokenBal: ethers.BigNumber = await erc20.balanceOf(wallet.address);
if (tokenBal.lt(ethers.BigNumber.from(p.amount))) {
throw new Error('Insufficient token balance');
}
const nativeBal = await provider.getBalance(wallet.address);
const data = iface.encodeFunctionData('transfer', [p.to, p.amount]);
// H10 — actual estimateGas + 20% safety. Hardcoded 80000 was too low for cold
// storage slots (first transfer to recipient SSTORE costs 81-90k → OOG burn).
// H10 — actual estimateGas + 20% safety. Cold storage slots (first transfer to fresh
// recipient) cost 81-90k due to SSTORE; floor 60k, ceiling 200k для sanity.
let estGas: ethers.BigNumber;
try {
const estimated = await provider.estimateGas({ from: wallet.address, to: usdtAddr, data, value: 0 });
const estimated = await provider.estimateGas({ from: wallet.address, to: tokenInfo.address, data, value: 0 });
estGas = estimated.mul(120).div(100); // +20%
// Floor 60k (minimum realistic), ceiling 200k (sanity)
const minGas = ethers.BigNumber.from(60000);
const maxGas = ethers.BigNumber.from(200000);
if (estGas.lt(minGas)) estGas = minGas;
@@ -293,9 +304,7 @@ async function sendEvm(p: SendParams, rpc: string, chainId: number, usdtAddr: st
if (nativeBal.lt(effectiveGasPrice.mul(estGas))) {
throw new Error('Insufficient native balance for gas');
}
tx = { to: usdtAddr, data, value: 0, chainId, nonce, gasLimit: estGas, ...feeFields };
} else {
throw new Error(`Token ${p.token} not supported on chainId ${chainId}`);
tx = { to: tokenInfo.address, data, value: 0, chainId, nonce, gasLimit: estGas, ...feeFields };
}
// H25 — explicit timeout, иначе slow RPC stalls Express worker indefinitely
@@ -306,10 +315,6 @@ async function sendEvm(p: SendParams, rpc: string, chainId: number, usdtAddr: st
// ─── SOLANA ───
async function sendSol(p: SendParams): Promise<{ txid: string }> {
if (p.token) {
throw new Error('SOL SPL-token signing не реализовано (только native SOL)');
}
const seed = await bip39.mnemonicToSeed(p.mnemonic);
const { key } = derivePath(DERIVATION_PATHS.SOL, seed.toString('hex'));
if (!key || key.length !== 32) {
@@ -318,64 +323,82 @@ async function sendSol(p: SendParams): Promise<{ txid: string }> {
const keypair = Keypair.fromSeed(key);
assertAddressMatch(keypair.publicKey.toBase58(), p.expectedFromAddress, 'SOL');
// C10 — lamports precision: @solana/web3.js converts BigInt → Number internally
// (u64 layout). Above 2^53 lamports = silent truncation. Reject early.
const lamports = BigInt(p.amount);
// Precision: @solana/web3.js конвертит BigInt → Number внутренне (u64 layout).
const amountBig = BigInt(p.amount);
const MAX_SAFE_LAMPORTS = BigInt(Number.MAX_SAFE_INTEGER);
if (lamports > MAX_SAFE_LAMPORTS) {
throw new Error(`SOL amount ${p.amount} lamports exceeds Number precision (max ${MAX_SAFE_LAMPORTS}); split into multiple sends`);
if (amountBig > MAX_SAFE_LAMPORTS) {
throw new Error(`SOL amount ${p.amount} exceeds Number precision (max ${MAX_SAFE_LAMPORTS}); split into multiple sends`);
}
if (lamports <= 0n) {
if (amountBig <= 0n) {
throw new Error('SOL amount must be positive');
}
// H41 — singleton Connection (per-call new() leaks WebSocket subscriptions)
const conn = getSolConnection();
const toPk = new PublicKey(p.to);
// C11 — rent-exempt minimum check. Если recipient — fresh account и amount меньше
// rent-exempt минимума, tx fails ПОСЛЕ broadcast (5000 lamports fee burned, no transfer).
// Pre-check сохраняет fee + user-facing error.
try {
const accountInfo = await conn.getAccountInfo(toPk);
if (accountInfo === null) {
const rentMin = BigInt(await conn.getMinimumBalanceForRentExemption(0));
if (lamports < rentMin) {
throw new Error(`SOL recipient is fresh account; amount ${lamports} lamports < rent-exempt minimum ${rentMin}. Send at least ${rentMin} lamports to create account.`);
}
}
} catch (preErr: any) {
// Network error checking — proceed (broadcast will surface real error)
if (!preErr.message?.includes('rent-exempt')) {
// только network/RPC failures, не наш own throw
} else {
throw preErr;
}
}
const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash();
const tx = new Transaction({ feePayer: keypair.publicKey, blockhash, lastValidBlockHeight });
const tx = new Transaction({
feePayer: keypair.publicKey,
blockhash,
lastValidBlockHeight,
});
// H40 — compute-unit price для priority fee (tiers slow/normal/fast).
// Без этого tx может dropped в congestion. Default 'normal' = 1_000 microLamports.
// H40 — compute-unit price (priority fee)
const tier = p.feeTier ?? 'normal';
const cuPrice = tier === 'fast' ? 10_000n : tier === 'slow' ? 0n : 1_000n;
if (cuPrice > 0n) {
tx.add(ComputeBudgetProgram.setComputeUnitPrice({ microLamports: cuPrice }));
}
tx.add(
SystemProgram.transfer({
if (!p.token) {
// ── Native SOL transfer ──
// C11 — rent-exempt check для fresh recipient
try {
const accountInfo = await conn.getAccountInfo(toPk);
if (accountInfo === null) {
const rentMin = BigInt(await conn.getMinimumBalanceForRentExemption(0));
if (amountBig < rentMin) {
throw new Error(`SOL recipient is fresh account; amount ${amountBig} lamports < rent-exempt minimum ${rentMin}. Send at least ${rentMin} lamports to create account.`);
}
}
} catch (preErr: any) {
if (preErr.message?.includes('rent-exempt')) throw preErr;
// Network error checking — proceed (broadcast surfaces real error)
}
tx.add(SystemProgram.transfer({
fromPubkey: keypair.publicKey,
toPubkey: toPk,
lamports,
}),
);
tx.sign(keypair);
lamports: amountBig,
}));
} else {
// ── SPL token transfer ──
// Generic SPL: lookup mint в token-registry. Поддерживает USDT/USDC/PUMP/JUP/... (15 mints)
const tokenInfo = getTokenInfo('SOL', p.token);
if (!tokenInfo) {
throw new Error(`Token ${p.token} not in registry for chain SOL`);
}
const mint = new PublicKey(tokenInfo.address);
const sourceAta = getAssociatedTokenAddressSync(mint, keypair.publicKey);
const destAta = getAssociatedTokenAddressSync(mint, toPk);
// Idempotent ATA creation — safe to always include. Если ATA уже есть, instruction skip'нется.
// Recipient'у которому никогда не отправляли этот mint — мы создадим ATA (~0.002 SOL rent).
tx.add(createAssociatedTokenAccountIdempotentInstruction(
keypair.publicKey, // payer (мы платим rent если ATA создаётся)
destAta,
toPk,
mint,
TOKEN_PROGRAM_ID,
));
// CheckedTransfer защищает от decimals mismatch (RPC ложит → token loss)
tx.add(createTransferCheckedInstruction(
sourceAta,
mint,
destAta,
keypair.publicKey,
amountBig,
tokenInfo.decimals,
));
}
tx.sign(keypair);
const sig = await conn.sendRawTransaction(tx.serialize());
// H37 — distinguished error categories
@@ -404,6 +427,83 @@ function getSolConnection(): Connection {
return _solConnection;
}
// ─── SOL custodial sign-and-broadcast (для Relay bridge SOL-side) ─────
export interface SignSolanaTxParams {
mnemonic: string;
expectedFromAddress: string;
serializedTransaction: string; // base64-encoded VersionedTransaction
}
/**
* Подписать произвольную serialized Solana VersionedTransaction custodially.
* Используется когда Relay /execute или Jupiter возвращают unsigned tx — клиент шлёт base64,
* сервер deserialize → verify feePayer === user's pubkey → partial-sign → broadcast.
*
* Security:
* - feePayer (staticAccountKeys[0]) ДОЛЖЕН совпадать с user's SOL pubkey
* - Tx size limit 8KB (Solana network max — 1232 bytes раз; base64 ~1.65k chars)
* - assertAddressMatch — derived address vs DB
*/
export async function signAndBroadcastSolanaTx(p: SignSolanaTxParams): Promise<{ signature: string }> {
const seed = await bip39.mnemonicToSeed(p.mnemonic);
const { key } = derivePath(DERIVATION_PATHS.SOL, seed.toString('hex'));
if (!key || key.length !== 32) {
throw new Error('SOL derivation produced invalid seed length');
}
const keypair = Keypair.fromSeed(key);
assertAddressMatch(keypair.publicKey.toBase58(), p.expectedFromAddress, 'SOL');
let txBytes: Buffer;
try {
txBytes = Buffer.from(p.serializedTransaction, 'base64');
} catch {
throw new Error('Invalid base64 transaction');
}
if (txBytes.length === 0 || txBytes.length > 1500) {
throw new Error(`Invalid tx size: ${txBytes.length} bytes (expected 1-1500)`);
}
let tx: VersionedTransaction;
try {
tx = VersionedTransaction.deserialize(txBytes);
} catch (err: any) {
throw new Error(`Failed to deserialize VersionedTransaction: ${err.message}`);
}
// Critical: verify feePayer === our pubkey. Без этого attacker может подсунуть tx
// с другим feePayer, мы подписали бы fee-deduct из их wallet'а (бесплатно для нас).
const feePayer = tx.message.staticAccountKeys[0]?.toBase58();
if (feePayer !== keypair.publicKey.toBase58()) {
throw new Error(`feePayer mismatch: tx.feePayer=${feePayer} vs user.pubkey=${keypair.publicKey.toBase58()}`);
}
tx.sign([keypair]);
const conn = getSolConnection();
const sig = await conn.sendRawTransaction(tx.serialize());
try {
const latestBlock = await conn.getLatestBlockhash();
await conn.confirmTransaction({
signature: sig,
blockhash: latestBlock.blockhash,
lastValidBlockHeight: latestBlock.lastValidBlockHeight,
}, 'confirmed');
} catch (err: any) {
const name = err?.name || '';
if (name === 'TransactionExpiredBlockheightExceededError') {
throw new Error(`SOL tx EXPIRED (blockhash expired before confirm). sig=${sig}`);
}
if (name === 'TransactionExpiredTimeoutError') {
throw new Error(`SOL tx unconfirmed after timeout. sig=${sig}`);
}
throw new Error(`SOL confirm error (${name}): ${err.message}. sig=${sig}`);
}
return { signature: sig };
}
// ─── BITCOIN ───
async function sendBtc(p: SendParams): Promise<{ txid: string }> {
@@ -577,7 +677,12 @@ async function sendTrx(p: SendParams): Promise<{ txid: string }> {
}),
});
txBody = built;
} else if (p.token.toUpperCase() === 'USDT') {
} else {
// Generic TRC20: lookup в token-registry. Поддерживает USDT, USDC и др.
const tokenInfo = getTokenInfo('TRX', p.token);
if (!tokenInfo) {
throw new Error(`Token ${p.token} not in registry for chain TRX`);
}
const param =
tronAddressToHex(p.to).padStart(64, '0') +
BigInt(p.amount).toString(16).padStart(64, '0');
@@ -586,19 +691,16 @@ async function sendTrx(p: SendParams): Promise<{ txid: string }> {
headers,
body: JSON.stringify({
owner_address: fromTronAddr,
contract_address: USDT_TRC20,
contract_address: tokenInfo.address,
function_selector: 'transfer(address,uint256)',
parameter: param,
// 30 TRX cap — реальный USDT transfer обычно жжёт 15-30 TRX без Energy,
// ~0 с Energy. Раньше было 100 TRX — это cap, не actual fee, но завышен.
// 30 TRX cap — типичный TRC20 transfer жжёт 15-30 TRX без Energy.
fee_limit: 30_000_000,
call_value: 0,
visible: true,
}),
});
txBody = built.transaction;
} else {
throw new Error(`Token ${p.token} not supported on TRX`);
}
if (!txBody?.txID || !txBody?.raw_data_hex || !txBody?.raw_data) {
@@ -659,8 +761,14 @@ async function sendTrx(p: SendParams): Promise<{ txid: string }> {
throw new Error(`TRX amount mismatch: expected ${p.amount}, got ${contractValue.amount}`);
}
} else {
if (contractValue.contract_address !== USDT_TRC20) {
throw new Error(`TRX contract mismatch: expected ${USDT_TRC20}, got ${contractValue.contract_address}`);
// MITM-check: contract_address должен совпадать с тем что lookup'ом из registry для нашего token symbol.
// Без этого RPC может вернуть legitimate-looking tx но с другим contract → attacker drain.
const expectedTokenInfo = getTokenInfo('TRX', p.token);
if (!expectedTokenInfo) {
throw new Error(`Token ${p.token} not in registry for chain TRX (MITM-check)`);
}
if (contractValue.contract_address !== expectedTokenInfo.address) {
throw new Error(`TRX contract mismatch: expected ${expectedTokenInfo.address}, got ${contractValue.contract_address}`);
}
const data = String(contractValue.data || '');
if (data.length !== 128 + 8) {