Merge branch 'master' into WP-5447-express-migrate-api-v2-coin-wallet-id-state-to-typed-routes

TICKET: WP-5447

Author: danielzhao122

.github/renovate.json

@@ -1,6 +1,18 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>BitGo/gha-renovate-bot//presets/onboarding#v1.15.1"],
+  "extends": ["github>BitGo/gha-renovate-bot//presets/default"],
   "baseBranches": ["master"],
-  "enabledManagers": ["github-actions", "regex"],
+  "enabledManagers": ["github-actions", "regex", "npm"],
+  "packageRules": [
+    {
+      "description": "Disable all npm dependencies by default",
+      "matchManagers": ["npm"],
+      "enabled": false
+    },
+    {
+      "description": "Enable updates only for @bitgo/public-types",
+      "matchPackageNames": ["@bitgo/public-types"],
+      "enabled": true
+    }
+  ]
 }

.iyarc

@@ -1,6 +1 @@
-GHSA-3h5v-q93c-6h6q
-GHSA-8hc4-vh64-cxmj
-GHSA-9wv6-86v2-598j
 GHSA-3gc7-fjrx-p6mg
-GHSA-cpj6-fhp6-mr6j
-GHSA-f46r-rw29-r322

CODEOWNERS

@@ -68,6 +68,7 @@
 /modules/sdk-coin-eos/ @BitGo/ethalt-team
 /modules/sdk-coin-evm/ @BitGo/ethalt-team
 /modules/sdk-coin-flr/ @BitGo/ethalt-team
+/modules/sdk-coin-flrp/ @BitGo/ethalt-team
 /modules/sdk-coin-ethlike/ @BitGo/ethalt-team
 /modules/sdk-coin-hbar/ @BitGo/ethalt-team
 /modules/sdk-coin-icp/ @BitGo/ethalt-team
@@ -148,11 +149,11 @@
 /commitlint.config.js @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform
 /Dockerfile @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform
 /lerna.json @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform @BitGo/developer-experience @BitGo/devops
-/package.json @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform @BitGo/developer-experience @BitGo/devops
-**/package.json @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform @BitGo/developer-experience @BitGo/devops
+/package.json @BitGo/sdk-reviewers
+**/package.json @BitGo/sdk-reviewers
 /tsconfig.json @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform @BitGo/developer-experience @BitGo/devops
 /tsconfig.packages.json @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform
-/yarn.lock @BitGo/coins @BitGo/web-experience @BitGo/wallet-platform @BitGo/developer-experience @BitGo/devops
+/yarn.lock @BitGo/sdk-reviewers
 /.iyarc @BitGo/wallet-platform @BitGo/hsm @BitGo/velocity
 flake.nix @BitGo/wallet-platform @BitGo/hsm @BitGo/developer-experience
 flake.lock @BitGo/wallet-platform @BitGo/hsm @BitGo/developer-experience

examples/ts/sol/stake-jito.ts

@@ -16,7 +16,7 @@ require('dotenv').config({ path: '../../.env' });
 
 const AMOUNT_LAMPORTS = 1000;
 const JITO_STAKE_POOL_ADDRESS = 'Jito4APyf642JPZPx3hGc6WWJ8zPKtRbRs4P815Awbb';
-const NETWORK = 'devnet';
+const NETWORK = 'testnet';
 
 const bitgo = new BitGoAPI({
   accessToken: process.env.TESTNET_ACCESS_TOKEN,

examples/ts/sol/unstake-jito.ts

@@ -0,0 +1,109 @@
+/**
+ * Unstakes JitoSOL tokens on Solana devnet.
+ *
+ * Copyright 2025, BitGo, Inc.  All Rights Reserved.
+ */
+import { SolStakingTypeEnum } from '@bitgo/public-types';
+import { BitGoAPI } from '@bitgo/sdk-api';
+import { TransactionBuilderFactory, Tsol } from '@bitgo/sdk-coin-sol';
+import { coins } from '@bitgo/statics';
+import { Connection, PublicKey, clusterApiUrl, Keypair } from '@solana/web3.js';
+import { getStakePoolAccount } from '@solana/spl-stake-pool';
+import * as bs58 from 'bs58';
+
+require('dotenv').config({ path: '../../.env' });
+
+const AMOUNT_TOKENS = 100;
+const JITO_STAKE_POOL_ADDRESS = 'Jito4APyf642JPZPx3hGc6WWJ8zPKtRbRs4P815Awbb';
+const NETWORK = 'testnet';
+// You must find a validator. Try prepareWithdrawAccounts.
+
+const bitgo = new BitGoAPI({
+  accessToken: process.env.TESTNET_ACCESS_TOKEN,
+  env: 'test',
+});
+const coin = coins.get('tsol');
+bitgo.register(coin.name, Tsol.createInstance);
+
+async function main() {
+  const account = getAccount();
+  const { validatorAddress } = getValidator();
+  const connection = new Connection(clusterApiUrl(NETWORK), 'confirmed');
+  const recentBlockhash = await connection.getLatestBlockhash();
+  const stakePoolAddress = new PublicKey(JITO_STAKE_POOL_ADDRESS);
+  const stakePoolAccount = await getStakePoolAccount(connection, stakePoolAddress);
+  console.info('Validator list account', stakePoolAccount.account.data.validatorList.toBase58());
+
+  const transferAuthority = Keypair.generate();
+  const stakeAccount = Keypair.generate();
+  console.info('Transfer authority public key:', transferAuthority.publicKey.toBase58());
+  console.info('Stake account public key:', stakeAccount.publicKey.toBase58());
+
+  // Use BitGoAPI to build withdrawStake instruction
+  const txBuilder = new TransactionBuilderFactory(coin).getStakingDeactivateBuilder();
+  txBuilder
+    .amount(`${AMOUNT_TOKENS}`)
+    .sender(account.publicKey.toBase58())
+    .stakingAddress(JITO_STAKE_POOL_ADDRESS)
+    .unstakingAddress(stakeAccount.publicKey.toBase58())
+    .stakingType(SolStakingTypeEnum.JITO)
+    .extraParams({
+      stakePoolData: {
+        managerFeeAccount: stakePoolAccount.account.data.managerFeeAccount.toBase58(),
+        poolMint: stakePoolAccount.account.data.poolMint.toBase58(),
+        validatorListAccount: stakePoolAccount.account.data.validatorList.toBase58(),
+      },
+      validatorAddress,
+      transferAuthorityAddress: transferAuthority.publicKey.toBase58(),
+    })
+    .nonce(recentBlockhash.blockhash);
+
+  txBuilder.sign({ key: account.secretKey });
+  txBuilder.sign({ key: bs58.encode(stakeAccount.secretKey) });
+  txBuilder.sign({ key: bs58.encode(transferAuthority.secretKey) });
+
+  const tx = await txBuilder.build();
+  const serializedTx = tx.toBroadcastFormat();
+  console.info(serializedTx);
+  console.info(`Transaction JSON:\n${JSON.stringify(tx.toJson(), undefined, 2)}`);
+
+  // Send transaction
+  try {
+    const sig = await connection.sendRawTransaction(Buffer.from(serializedTx, 'base64'));
+    await connection.confirmTransaction(sig);
+    console.log(`${AMOUNT_TOKENS} tokens withdrawn`, sig);
+  } catch (e) {
+    console.log('Error sending transaction');
+    console.error(e);
+  }
+}
+
+const getAccount = () => {
+  const publicKey = process.env.ACCOUNT_PUBLIC_KEY;
+  const secretKey = process.env.ACCOUNT_SECRET_KEY;
+  if (publicKey === undefined || secretKey === undefined) {
+    const { publicKey, secretKey } = Keypair.generate();
+    console.log('# Here is a new account to save into your .env file.');
+    console.log(`ACCOUNT_PUBLIC_KEY=${publicKey.toBase58()}`);
+    console.log(`ACCOUNT_SECRET_KEY=${bs58.encode(secretKey)}`);
+    throw new Error('Missing account information');
+  }
+
+  return {
+    publicKey: new PublicKey(publicKey),
+    secretKey,
+    secretKeyArray: new Uint8Array(bs58.decode(secretKey)),
+  };
+};
+
+const getValidator = () => {
+  const validatorAddress = process.env.VALIDATOR_PUBLIC_KEY;
+  if (validatorAddress === undefined) {
+    console.log('# You must select a validator, then define the entry below');
+    console.log('VALIDATOR_PUBLIC_KEY=');
+    throw new Error('Missing validator address');
+  }
+  return { validatorAddress };
+};
+
+main().catch((e) => console.error(e));

modules/bitgo/src/v2/coinFactory.ts

@@ -929,6 +929,10 @@ export function getTokenConstructor(tokenConfig: TokenConfig): CoinConstructor |
     case 'bera':
     case 'tbera':
       return BeraToken.createTokenConstructor(tokenConfig as EthLikeTokenConfig);
+    case 'baseeth':
+    case 'tbaseeth':
+      const coinNames = { Mainnet: 'baseeth', Testnet: 'tbaseeth' };
+      return EthLikeErc20Token.createTokenConstructor(tokenConfig as EthLikeTokenConfig, coinNames);
     case 'coredao':
     case 'tcoredao':
       return CoredaoToken.createTokenConstructor(tokenConfig as EthLikeTokenConfig);

modules/bitgo/test/v2/fixtures/staking/stakingWallet.ts

@@ -77,4 +77,42 @@ export default {
     },
     senderWalletId: 'btcDescriptorWalletId',
   },
+
+  matchingDataBuildParams: {
+    memo: 'matching-memo',
+    gasLimit: 200000,
+    type: 'pay',
+    solInstructions: [{ programId: 'Stake111', keys: [], data: 'delegate' }],
+    aptosCustomTransactionParams: { moduleName: '0x1::staking', functionName: 'stake' },
+  },
+
+  mismatchMemoBuildParams: {
+    memo: 'user-memo',
+  },
+
+  mismatchGasLimitBuildParams: {
+    gasLimit: 100000,
+  },
+
+  mismatchTypeBuildParams: {
+    type: 'stake',
+  },
+
+  mismatchSolInstructionsBuildParams: {
+    solInstructions: [
+      {
+        programId: 'UserStakeProgram1111111111111111111111111111',
+        keys: [{ pubkey: 'user-key', isSigner: true, isWritable: true }],
+        data: 'user-delegate-data',
+      },
+    ],
+  },
+
+  mismatchAptosParamsBuildParams: {
+    aptosCustomTransactionParams: {
+      moduleName: '0x1::staking',
+      functionName: 'stake',
+      functionArguments: ['10000'],
+    },
+  },
 };

modules/express/src/clientRoutes.ts

@@ -1558,6 +1558,7 @@ export function setupAPIRoutes(app: express.Application, config: Config): void {
   router.post('express.decrypt', [prepareBitGo(config), typedPromiseWrapper(handleDecrypt)]);
   router.post('express.encrypt', [prepareBitGo(config), typedPromiseWrapper(handleEncrypt)]);
   router.post('express.verifyaddress', [prepareBitGo(config), typedPromiseWrapper(handleVerifyAddress)]);
+  router.post('express.lightning.initWallet', [prepareBitGo(config), typedPromiseWrapper(handleInitLightningWallet)]);
   app.post(
     '/api/v[12]/calculateminerfeeinfo',
     parseBody,
@@ -1783,12 +1784,6 @@ export function setupEnclavedExpressRoutes(app: express.Application, config: Con
 }
 
 export function setupLightningSignerNodeRoutes(app: express.Application, config: Config): void {
-  app.post(
-    '/api/v2/:coin/wallet/:id/initwallet',
-    parseBody,
-    prepareBitGo(config),
-    promiseWrapper(handleInitLightningWallet)
-  );
   app.post(
     '/api/v2/:coin/wallet/:id/signermacaroon',
     parseBody,

modules/express/src/lightning/lightningSignerRoutes.ts

@@ -14,12 +14,7 @@ import {
 import * as utxolib from '@bitgo/utxo-lib';
 import { Buffer } from 'buffer';
 
-import {
-  CreateSignerMacaroonRequest,
-  GetWalletStateResponse,
-  InitLightningWalletRequest,
-  UnlockLightningWalletRequest,
-} from './codecs';
+import { CreateSignerMacaroonRequest, GetWalletStateResponse, UnlockLightningWalletRequest } from './codecs';
 import { LndSignerClient } from './lndSignerClient';
 import { ApiResponseError } from '../errors';
 import { ExpressApiRouteRequest } from '../typedRoutes/api';
@@ -62,29 +57,16 @@ function getMacaroonRootKey(passphrase: string, nodeAuthEncryptedPrv: string, de
 /**
  * Handle the request to initialise remote signer LND for a wallet.
  */
-export async function handleInitLightningWallet(req: express.Request): Promise<unknown> {
+export async function handleInitLightningWallet(
+  req: ExpressApiRouteRequest<'express.lightning.initWallet', 'post'>
+): Promise<unknown> {
   const bitgo = req.bitgo;
-  const coinName = req.params.coin;
+  const { coin: coinName, walletId, passphrase, expressHost } = req.decoded;
   if (!isLightningCoinName(coinName)) {
     throw new ApiResponseError(`Invalid coin ${coinName}. This is not a lightning coin.`, 400);
   }
   const coin = bitgo.coin(coinName);
 
-  const walletId = req.params.id;
-  if (typeof walletId !== 'string') {
-    throw new ApiResponseError(`Invalid wallet id: ${walletId}`, 400);
-  }
-
-  const { passphrase, expressHost } = decodeOrElse(
-    InitLightningWalletRequest.name,
-    InitLightningWalletRequest,
-    req.body,
-    (_) => {
-      // DON'T throw errors from decodeOrElse. It could leak sensitive information.
-      throw new ApiResponseError('Invalid request body to initialize lightning wallet', 400);
-    }
-  );
-
   const wallet = await coin.wallets().get({ id: walletId, includeBalance: false });
   if (wallet.subType() !== 'lightningSelfCustody') {
     throw new ApiResponseError(`not a self custodial lighting wallet ${walletId}`, 400);

modules/express/src/typedRoutes/api/index.ts

@@ -13,6 +13,7 @@ import { PostSimpleCreate } from './v1/simpleCreate';
 import { PutPendingApproval } from './v1/pendingApproval';
 import { PostSignTransaction } from './v1/signTransaction';
 import { GetLightningState } from './v2/lightningState';
+import { PostLightningInitWallet } from './v2/lightningInitWallet';
 import { PostVerifyCoinAddress } from './v2/verifyAddress';
 
 export const ExpressApi = apiSpec({
@@ -49,6 +50,9 @@ export const ExpressApi = apiSpec({
   'express.lightning.getState': {
     get: GetLightningState,
   },
+  'express.lightning.initWallet': {
+    post: PostLightningInitWallet,
+  },
   'express.verifycoinaddress': {
     post: PostVerifyCoinAddress,
   },