feat(sdk-core): add MPCv2 wallet creation #4438
Conversation
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
2 times, most recently
from
cbcd2ff
to
fb2416d
Compare
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
4 times, most recently
from
87c629a
to
ac9bb4a
Compare
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
2 times, most recently
from
be9ebca
to
2d852fe
Compare
| // Get the BitGo public key based on user/enterprise feature flags | ||
| // If it doesn't work, use the default public key from the constants | ||
| const bitgoPublicGpgKey = ( | ||
| (await this.getBitgoGpgPubkeyBasedOnFeatureFlags(params.enterprise)) ?? this.bitgoPublicGpgKey |
There was a problem hiding this comment.
Can we switch to having DKLs using a baked in BitGo pub key instead of fetching from a server? It is much more secure that way
There was a problem hiding this comment.
Out of scope for now. We can do this before GA.
| // Get the BitGo public key based on user/enterprise feature flags | ||
| // If it doesn't work, use the default public key from the constants | ||
| const bitgoPublicGpgKey = ( | ||
| (await this.getBitgoGpgPubkeyBasedOnFeatureFlags(params.enterprise)) ?? this.bitgoPublicGpgKey |
There was a problem hiding this comment.
Out of scope for now. We can do this before GA.
| MpcUtils = | ||
| this.baseCoin.getMPCAlgorithm() === 'eddsa' | ||
| ? EDDSAUtils.default | ||
| : params.walletVersion === 5 |
There was a problem hiding this comment.
walletVersion is specific to eth, it will not work for cosmos chains. What about using mpcTypeVersion instead?
There was a problem hiding this comment.
We cant introduce any new param, right now we are just using walletVersion to test but its gonna default to dkls later on, for every ecdsa coin that uses tss
| } | ||
|
|
||
| if (isTss) { | ||
| if (!this.baseCoin.supportsTss()) { | ||
| throw new Error(`coin ${this.baseCoin.getFamily()} does not support TSS at this time`); | ||
| } | ||
| if (params.walletVersion === 5 && !this.baseCoin.supportsMPCv2()) { |
There was a problem hiding this comment.
we are adding checks on walletVersion at multiple places, this will require changes when we onboard cosmos chains. I think we should introduce some other parameter like mpcVersionType and infer wallet version as 5 if it is evm chain
There was a problem hiding this comment.
oh, cosmos chains uses a default wallet version or no wallet version?
There was a problem hiding this comment.
cosmos chains don't use wallet version at all
| * Flag indicating if this coin supports MPCv2 wallets. | ||
| * @returns {boolean} True if MPCv2 Wallets can be created for this coin | ||
| */ | ||
| supportsMPCv2(): boolean { |
There was a problem hiding this comment.
better move it to coinFeatures
alebusse
dismissed stale reviews from margueriteblair and zahin-mohammad
via
7d1cf4e
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
2 times, most recently
from
7d1cf4e
to
4eaf7ff
Compare
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
from
4eaf7ff
to
eaf5f62
Compare
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. What is protestware?This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function. Consider that consuming this package my come along with functionality unrelated to its primary purpose. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
2 times, most recently
from
7086f57
to
ce51732
Compare
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
from
ce51732
to
b73d992
Compare
alebusse
force-pushed
the
WP-1686-implement-mpcv2-wallet-creation
branch
from
b73d992
to
3b15e71
Compare
added MPCv2 wallet creation
WP-1686
TICKET: WP-1686