Merge pull request #5824 from BitGo/WIN-4284

feat(sdk-coin-icp): implemented recover() for WRW support

Author: DinshawKothari

modules/sdk-coin-icp/package.json

@@ -51,7 +51,8 @@
     "cbor-x": "^1.5.9",
     "crc-32": "^1.2.0",
     "js-sha256": "^0.9.0",
-    "protobufjs": "^7.2.5"
+    "protobufjs": "^7.2.5",
+    "superagent": "^10.1.1"
   },
   "devDependencies": {
     "@bitgo/sdk-api": "^1.61.5",

modules/sdk-coin-icp/src/icp.ts

@@ -1,21 +1,44 @@
+import BigNumber from 'bignumber.js';
+import * as request from 'superagent';
 import {
+  BaseBroadcastTransactionOptions,
+  BaseBroadcastTransactionResult,
   BaseCoin,
   BitGoBase,
-  MPCAlgorithm,
+  Ecdsa,
+  ECDSAUtils,
+  Environments,
+  KeyPair,
   MethodNotImplementedError,
-  VerifyTransactionOptions,
-  TssVerifyAddressOptions,
+  MPCAlgorithm,
+  MultisigType,
+  multisigTypes,
   ParseTransactionOptions,
   ParsedTransaction,
-  KeyPair,
   SignTransactionOptions,
   SignedTransaction,
-  Environments,
-  MultisigType,
-  multisigTypes,
+  TssVerifyAddressOptions,
+  VerifyTransactionOptions,
 } from '@bitgo/sdk-core';
-import { BaseCoin as StaticsBaseCoin } from '@bitgo/statics';
+import { BaseCoin as StaticsBaseCoin, coins } from '@bitgo/statics';
+import {
+  Network,
+  PayloadsData,
+  RecoveryOptions,
+  Signatures,
+  SigningPayload,
+  ACCOUNT_BALANCE_ENDPOINT,
+  ROOT_PATH,
+  LEDGER_CANISTER_ID,
+  PublicNodeSubmitResponse,
+  CurveType,
+  PUBLIC_NODE_REQUEST_ENDPOINT,
+} from './lib/iface';
+import { TransactionBuilderFactory } from './lib/transactionBuilderFactory';
 import utils from './lib/utils';
+import { createHash } from 'crypto';
+import { Principal } from '@dfinity/principal';
+import axios from 'axios';
 
 /**
  * Class representing the Internet Computer (ICP) coin.
@@ -117,6 +140,229 @@ export class Icp extends BaseCoin {
 
   /** @inheritDoc **/
   protected getPublicNodeUrl(): string {
-    return Environments[this.bitgo.getEnv()].rosettaNodeURL;
+    return Environments[this.bitgo.getEnv()].icpNodeUrl;
+  }
+
+  protected getRosettaNodeUrl(): string {
+    return Environments[this.bitgo.getEnv()].icpRosettaNodeUrl;
+  }
+
+  /**
+   * Sends a POST request to the Rosetta node with the specified payload and endpoint.
+   *
+   * @param payload - A JSON string representing the request payload to be sent to the Rosetta node.
+   * @param endpoint - The endpoint path to append to the Rosetta node URL.
+   * @returns A promise that resolves to the HTTP response from the Rosetta node.
+   * @throws An error if the HTTP request fails or if the response status is not 200.
+   */
+  protected async getRosettaNodeResponse(payload: string, endpoint: string): Promise<request.Response> {
+    const nodeUrl = this.getRosettaNodeUrl();
+    const fullEndpoint = `${nodeUrl}${endpoint}`;
+    const body = {
+      network_identifier: {
+        blockchain: this.getFullName(),
+        network: Network.ID,
+      },
+      ...JSON.parse(payload),
+    };
+
+    try {
+      const response = await request.post(fullEndpoint).set('Content-Type', 'application/json').send(body);
+      if (response.status !== 200) {
+        throw new Error(`Call to Rosetta node failed, got HTTP Status: ${response.status} with body: ${response.body}`);
+      }
+      return response;
+    } catch (error) {
+      throw new Error(`Unable to call rosetta node: ${error.message || error}`);
+    }
+  }
+
+  /* inheritDoc */
+  // this method calls the public node to broadcast the transaction and not the rosetta node
+  public async broadcastTransaction(payload: BaseBroadcastTransactionOptions): Promise<BaseBroadcastTransactionResult> {
+    const endpoint = this.getPublicNodeBroadcastEndpoint();
+
+    try {
+      const response = await axios.post(endpoint, payload.serializedSignedTransaction, {
+        responseType: 'arraybuffer', // This ensures you get a Buffer, not a string
+        headers: {
+          'Content-Type': 'application/cbor',
+        },
+      });
+
+      if (response.status !== 200) {
+        throw new Error(`Transaction broadcast failed with status: ${response.status} - ${response.statusText}`);
+      }
+
+      const decodedResponse = utils.cborDecode(response.data) as PublicNodeSubmitResponse;
+
+      if (decodedResponse.status === 'replied') {
+        const txnId = this.extractTransactionId(decodedResponse);
+        return { txId: txnId };
+      } else {
+        throw new Error(`Unexpected response status from node: ${decodedResponse.status}`);
+      }
+    } catch (error) {
+      throw new Error(`Transaction broadcast error: ${error?.message || JSON.stringify(error)}`);
+    }
+  }
+
+  private getPublicNodeBroadcastEndpoint(): string {
+    const nodeUrl = this.getPublicNodeUrl();
+    const principal = Principal.fromUint8Array(LEDGER_CANISTER_ID);
+    const canisterIdHex = principal.toText();
+    const endpoint = `${nodeUrl}${PUBLIC_NODE_REQUEST_ENDPOINT}${canisterIdHex}/call`;
+    return endpoint;
+  }
+
+  // TODO: Implement the real logic to extract the transaction ID, Ticket: https://bitgoinc.atlassian.net/browse/WIN-5075
+  private extractTransactionId(decodedResponse: PublicNodeSubmitResponse): string {
+    return '4c10cf22a768a20e7eebc86e49c031d0e22895a39c6355b5f7455b2acad59c1e';
+  }
+
+  /**
+   * Helper to fetch account balance
+   * @param senderAddress - The address of the account to fetch the balance for
+   * @returns The balance of the account as a string
+   * @throws If the account is not found or there is an error fetching the balance
+   */
+  protected async getAccountBalance(address: string): Promise<string> {
+    try {
+      const payload = {
+        account_identifier: {
+          address: address,
+        },
+      };
+      const response = await this.getRosettaNodeResponse(JSON.stringify(payload), ACCOUNT_BALANCE_ENDPOINT);
+      const coinName = this._staticsCoin.name.toUpperCase();
+      const balanceEntry = response.body.balances.find((b) => b.currency?.symbol === coinName);
+      if (!balanceEntry) {
+        throw new Error(`No balance found for ICP account ${address}.`);
+      }
+      const balance = balanceEntry.value;
+      return balance;
+    } catch (error) {
+      throw new Error(`Unable to fetch account balance: ${error.message || error}`);
+    }
+  }
+
+  private getBuilderFactory(): TransactionBuilderFactory {
+    return new TransactionBuilderFactory(coins.get(this.getBaseChain()));
+  }
+
+  /**
+   * Generates an array of signatures for the provided payloads using MPC
+   *
+   * @param payloadsData - The data containing the payloads to be signed.
+   * @param senderPublicKey - The public key of the sender in hexadecimal format.
+   * @param userKeyShare - The user's key share as a Buffer.
+   * @param backupKeyShare - The backup key share as a Buffer.
+   * @param commonKeyChain - The common key chain identifier used for MPC signing.
+   * @returns A promise that resolves to an array of `Signatures` objects, each containing the signing payload,
+   *          signature type, public key, and the generated signature in hexadecimal format.
+   */
+  async signatures(
+    payloadsData: PayloadsData,
+    senderPublicKey: string,
+    userKeyShare: Buffer<ArrayBufferLike>,
+    backupKeyShare: Buffer<ArrayBufferLike>,
+    commonKeyChain: string
+  ): Promise<Signatures[]> {
+    try {
+      const payload = payloadsData.payloads[0] as SigningPayload;
+      const message = Buffer.from(payload.hex_bytes, 'hex');
+      const messageHash = createHash('sha256').update(message).digest();
+      const signature = await ECDSAUtils.signRecoveryMpcV2(messageHash, userKeyShare, backupKeyShare, commonKeyChain);
+      const signaturePayload: Signatures = {
+        signing_payload: payload,
+        signature_type: payload.signature_type,
+        public_key: {
+          hex_bytes: senderPublicKey,
+          curve_type: CurveType.SECP256K1,
+        },
+        hex_bytes: signature.r + signature.s,
+      };
+
+      return [signaturePayload];
+    } catch (error) {
+      throw new Error(`Error generating signatures: ${error.message || error}`);
+    }
+  }
+
+  /**
+   * Builds a funds recovery transaction without BitGo
+   * @param params
+   */
+  async recover(params: RecoveryOptions): Promise<string> {
+    if (!params.recoveryDestination || !this.isValidAddress(params.recoveryDestination)) {
+      throw new Error('invalid recoveryDestination');
+    }
+
+    if (!params.userKey) {
+      throw new Error('missing userKey');
+    }
+
+    if (!params.backupKey) {
+      throw new Error('missing backupKey');
+    }
+
+    if (!params.walletPassphrase) {
+      throw new Error('missing wallet passphrase');
+    }
+
+    const userKey = params.userKey.replace(/\s/g, '');
+    const backupKey = params.backupKey.replace(/\s/g, '');
+
+    const { userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
+      userKey,
+      backupKey,
+      params.walletPassphrase
+    );
+    const MPC = new Ecdsa();
+    const publicKey = MPC.deriveUnhardened(commonKeyChain, ROOT_PATH).slice(0, 66);
+
+    if (!publicKey || !backupKeyShare) {
+      throw new Error('Missing publicKey or backupKeyShare');
+    }
+
+    const senderAddress = await this.getAddressFromPublicKey(publicKey);
+
+    const balance = new BigNumber(await this.getAccountBalance(senderAddress));
+    const feeData = new BigNumber(utils.feeData());
+    const actualBalance = balance.plus(feeData); // gas amount returned from gasData is negative so we add it
+    if (actualBalance.isLessThanOrEqualTo(0)) {
+      throw new Error('Did not have enough funds to recover');
+    }
+
+    const factory = this.getBuilderFactory();
+    const txBuilder = factory.getTransferBuilder();
+    txBuilder.sender(senderAddress, publicKey as string);
+    txBuilder.receiverId(params.recoveryDestination);
+    txBuilder.amount(actualBalance.toString());
+    if (params.memo !== undefined && utils.validateMemo(params.memo)) {
+      txBuilder.memo(Number(params.memo));
+    }
+    await txBuilder.build();
+    if (txBuilder.transaction.payloadsData.payloads.length === 0) {
+      throw new Error('Missing payloads to generate signatures');
+    }
+    const signatures = await this.signatures(
+      txBuilder.transaction.payloadsData,
+      publicKey,
+      userKeyShare,
+      backupKeyShare,
+      commonKeyChain
+    );
+    if (!signatures || signatures.length === 0) {
+      throw new Error('Failed to generate signatures');
+    }
+    txBuilder.transaction.addSignature(signatures);
+    txBuilder.combine();
+    const broadcastableTxn = txBuilder.transaction.toBroadcastFormat();
+    const result = await this.broadcastTransaction({ serializedSignedTransaction: broadcastableTxn });
+    if (!result.txId) {
+      throw new Error('Transaction failed to broadcast');
+    }
+    return result.txId;
   }
 }

modules/sdk-coin-icp/src/lib/iface.ts

@@ -6,6 +6,9 @@ import {
 export const MAX_INGRESS_TTL = 5 * 60 * 1000_000_000; // 5 minutes in nanoseconds
 export const PERMITTED_DRIFT = 60 * 1000_000_000; // 60 seconds in nanoseconds
 export const LEDGER_CANISTER_ID = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 2, 1, 1]); // Uint8Array value for "00000000000000020101" and the string value is "ryjl3-tyaaa-aaaaa-aaaba-cai"
+export const ROOT_PATH = 'm/0';
+export const ACCOUNT_BALANCE_ENDPOINT = '/account/balance';
+export const PUBLIC_NODE_REQUEST_ENDPOINT = '/api/v3/canister/';
 
 export enum RequestType {
   CALL = 'call',
@@ -32,6 +35,7 @@ export enum Network {
   ID = '00000000000000020101', // ICP does not have different network IDs for mainnet and testnet
 }
 
+//TODO make memo optional in the interface
 export interface IcpTransactionData {
   senderAddress: string;
   receiverAddress: string;
@@ -68,23 +72,31 @@ export interface IcpOperation {
   amount: IcpAmount;
 }
 
-export interface IcpMetadata {
+//TODO check for optional memo in the interface
+export interface IcpTransactionParseMetadata {
   created_at_time: number;
   memo: number | BigInt; // memo in string is not accepted by ICP chain.
   ingress_start?: number | BigInt; // it should be nano seconds
   ingress_end?: number | BigInt; // it should be nano seconds
 }
 
+export interface IcpTransactionBuildMetadata {
+  created_at_time: number;
+  memo?: number | BigInt; // memo in string is not accepted by ICP chain.
+  ingress_start: number | BigInt; // it should be nano seconds
+  ingress_end: number | BigInt; // it should be nano seconds
+}
+
 export interface IcpTransaction {
   public_keys: IcpPublicKey[];
   operations: IcpOperation[];
-  metadata: IcpMetadata;
+  metadata: IcpTransactionBuildMetadata;
 }
 
 export interface ParsedTransaction {
   operations: IcpOperation[];
   account_identifier_signers: IcpAccount[];
-  metadata: IcpMetadata;
+  metadata: IcpTransactionParseMetadata;
 }
 
 export interface IcpAccountIdentifier {
@@ -171,3 +183,16 @@ export interface RawTransaction {
   serializedTxHex: string;
   publicKey: string;
 }
+
+export interface RecoveryOptions {
+  userKey: string; // Box A
+  backupKey: string; // Box B
+  bitgoKey?: string;
+  recoveryDestination: string;
+  walletPassphrase: string;
+  memo?: number | BigInt;
+}
+
+export interface PublicNodeSubmitResponse {
+  status: string;
+}

modules/sdk-coin-icp/src/lib/transaction.ts

@@ -97,6 +97,7 @@ export class Transaction extends BaseTransaction {
       const transactionType = parsedTx.operations[0].type;
       switch (transactionType) {
         case OperationType.TRANSACTION:
+          //TODO memo is optional here too, check proto def as well
           this._icpTransactionData = {
             senderAddress: parsedTx.operations[0].account.address,
             receiverAddress: parsedTx.operations[1].account.address,
@@ -145,7 +146,7 @@ export class Transaction extends BaseTransaction {
           type: BitGoTransactionType.Send,
         };
       default:
-        throw new Error('Unsupported transaction type');
+        throw new Error(`Unsupported transaction type: ${this._icpTransactionData.transactionType}`);
     }
   }
 

modules/sdk-coin-icp/src/lib/transactionBuilder.ts

@@ -158,7 +158,9 @@ export abstract class TransactionBuilder extends BaseTransactionBuilder {
     }
   }
 
-  // combine the unsigned transaction with the signature payload and generates the signed transaction
+  /**
+   * Combines the unsigned transaction and the signature payload to create a signed transaction.
+   */
   public combine(): void {
     const signedTransactionBuilder = new SignedTransactionBuilder(
       this._transaction.unsignedTransaction,