Merge pull request #46 from BitGo/WP-4738_testing

musig recovery tests for heth on-prem

Author: pranavjain97

src/__tests__/api/enclaved/recoveryMusigEth.test.ts

@@ -0,0 +1,161 @@
+import 'should';
+
+import express from 'express';
+import nock from 'nock';
+import * as request from 'supertest';
+import { app as enclavedApp } from '../../../enclavedApp';
+import { AppMode, EnclavedConfig, TlsMode } from '../../../shared/types';
+
+import * as sinon from 'sinon';
+import * as configModule from '../../../initConfig';
+
+import { ebeData } from '../../mocks/ethRecoveryMusigMockData';
+import unsignedSweepRecJSON from '../../mocks/unsigned-sweep-prebuild-hteth-musig-recovery.json';
+
+describe('recoveryMultisigTransaction', () => {
+  let cfg: EnclavedConfig;
+  let app: express.Application;
+  let agent: request.SuperAgentTest;
+
+  // test cofig
+  const kmsUrl = 'http://kms.invalid';
+  const coin = 'hteth';
+  const accessToken = 'test-token';
+
+  // sinon stubs
+  let configStub: sinon.SinonStub;
+
+  before(() => {
+    // nock config
+    nock.disableNetConnect();
+    nock.enableNetConnect('127.0.0.1');
+
+    // app config
+    cfg = {
+      appMode: AppMode.ENCLAVED,
+      port: 0, // Let OS assign a free port
+      bind: 'localhost',
+      timeout: 60000,
+      logFile: '',
+      kmsUrl: kmsUrl,
+      tlsMode: TlsMode.DISABLED,
+      mtlsRequestCert: false,
+      allowSelfSigned: true,
+    };
+
+    configStub = sinon.stub(configModule, 'initConfig').returns(cfg);
+
+    // app setup
+    app = enclavedApp(cfg);
+    agent = request.agent(app);
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+  });
+
+  after(() => {
+    configStub.restore();
+  });
+
+  it('should generate a successful txHex from unsigned sweep prebuild data', async () => {
+    const { userPub, backupPub, walletContractAddress, userPrv, backupPrv, txHexResult } = ebeData;
+    const unsignedSweepPrebuildTx = unsignedSweepRecJSON as unknown as any;
+
+    const mockKmsUserResponse = {
+      prv: userPrv,
+      pub: userPub,
+      source: 'user',
+      type: 'independent',
+    };
+
+    const mockKmsBackupResponse = {
+      prv: backupPrv,
+      pub: backupPub,
+      source: 'backup',
+      type: 'independent',
+    };
+
+    const kmsNockUser = nock(kmsUrl)
+      .get(`/key/${userPub}`)
+      .query({ source: 'user' })
+      .reply(200, mockKmsUserResponse);
+
+    const kmsNockBackup = nock(kmsUrl)
+      .get(`/key/${backupPub}`)
+      .query({ source: 'backup' })
+      .reply(200, mockKmsBackupResponse);
+
+    console.warn(nock.activeMocks());
+    console.warn(nock.isActive());
+
+    const response = await agent
+      .post(`/api/${coin}/multisig/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub,
+        backupPub,
+        apiKey: 'etherscan-api-token',
+        unsignedSweepPrebuildTx,
+        walletContractAddress,
+        coinSpecificParams: undefined,
+      });
+
+    response.status.should.equal(200);
+    response.body.should.have.property('txHex', txHexResult);
+
+    kmsNockUser.done();
+    kmsNockBackup.done();
+  });
+
+  it('should fail when prv keys non related to pub keys', async () => {
+    const { userPub, backupPub, walletContractAddress } = ebeData;
+    const unsignedSweepPrebuildTx = unsignedSweepRecJSON as unknown as any;
+
+    // Use invalid private keys
+    const invalidUserPrv = 'invalid-prv';
+    const invalidBackupPrv = 'invalid-prv';
+
+    const mockKmsUserResponse = {
+      prv: invalidUserPrv,
+      pub: userPub,
+      source: 'user',
+      type: 'independent',
+    };
+
+    const mockKmsBackupResponse = {
+      prv: invalidBackupPrv,
+      pub: backupPub,
+      source: 'backup',
+      type: 'independent',
+    };
+
+    const kmsNockUser = nock(kmsUrl)
+      .get(`/key/${userPub}`)
+      .query({ source: 'user' })
+      .reply(200, mockKmsUserResponse);
+
+    const kmsNockBackup = nock(kmsUrl)
+      .get(`/key/${backupPub}`)
+      .query({ source: 'backup' })
+      .reply(200, mockKmsBackupResponse);
+
+    const response = await agent
+      .post(`/api/${coin}/multisig/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub,
+        backupPub,
+        apiKey: 'etherscan-api-token',
+        unsignedSweepPrebuildTx,
+        walletContractAddress,
+        coinSpecificParams: undefined,
+      });
+
+    response.status.should.equal(500);
+    response.body.should.have.property('error');
+
+    kmsNockUser.done();
+    kmsNockBackup.done();
+  });
+});

src/__tests__/api/master/musigRecovery.test.ts

@@ -0,0 +1,149 @@
+import 'should';
+import sinon from 'sinon';
+
+import { AbstractEthLikeNewCoins } from '@bitgo/abstract-eth';
+import nock from 'nock';
+import * as request from 'supertest';
+import { app as expressApp } from '../../../masterExpressApp';
+import { AppMode, MasterExpressConfig, TlsMode } from '../../../shared/types';
+import { data as ethRecoveryData } from '../../mocks/ethRecoveryMusigMockData';
+
+describe('POST /api/:coin/wallet/recovery', () => {
+  let agent: request.SuperAgentTest;
+  const enclavedExpressUrl = 'http://enclaved.invalid';
+  const coin = 'hteth';
+  const accessToken = 'test-token';
+
+  before(() => {
+    nock.disableNetConnect();
+    nock.enableNetConnect('127.0.0.1');
+
+    const config: MasterExpressConfig = {
+      appMode: AppMode.MASTER_EXPRESS,
+      port: 0, // Let OS assign a free port
+      bind: 'localhost',
+      timeout: 60000,
+      logFile: '',
+      env: 'test',
+      disableEnvCheck: true,
+      authVersion: 2,
+      enclavedExpressUrl: enclavedExpressUrl,
+      enclavedExpressCert: 'dummy-cert',
+      tlsMode: TlsMode.DISABLED,
+      mtlsRequestCert: false,
+      allowSelfSigned: true,
+    };
+
+    const app = expressApp(config);
+    agent = request.agent(app);
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+    sinon.restore();
+  });
+
+  it('should get the tx hex for broadcasting from eve on musig recovery ', async () => {
+    // sdk call mock on mbe
+    const recoverStub = sinon
+      .stub(AbstractEthLikeNewCoins.prototype, 'recover')
+      .resolves(ethRecoveryData.unsignedSweepPrebuildTx);
+
+    // the call to eve.recoverWallet(...)
+    // that contains the calls to sdk.signTransaction
+    const eveRecoverWalletNock = nock(enclavedExpressUrl)
+      .post(`/api/${coin}/multisig/recovery`, {
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        unsignedSweepPrebuildTx: ethRecoveryData.unsignedSweepPrebuildTx,
+        coinSpecificParams: undefined,
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+      })
+      .reply(200, {
+        txHex: ethRecoveryData.txHexFullSigned,
+      });
+
+    // the call to our own master api express endpoint
+    const response = await agent
+      .post(`/api/${coin}/wallet/recovery`, (body) => {
+        console.log('Nock received body:', body);
+        return true;
+      })
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: ethRecoveryData.recoveryDestinationAddress,
+      });
+
+    response.status.should.equal(200);
+    response.body.should.have.property('txHex', ethRecoveryData.txHexFullSigned);
+    sinon.assert.calledOnce(recoverStub);
+    eveRecoverWalletNock.done();
+  });
+
+  it('should fail when walletContractAddress (origin) not provided', async () => {
+    const response = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: undefined,
+        recoveryDestinationAddress: ethRecoveryData.recoveryDestinationAddress,
+      });
+
+    response.status.should.equal(400);
+    response.body.should.have.property('error');
+    response.body.error.should.match(/walletContractAddress/i);
+  });
+  it('should fail when recoveryDestinationAddress (destiny) not provided', async () => {
+    const response = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: undefined,
+      });
+
+    response.status.should.equal(400);
+    response.body.should.have.property('error');
+    response.body.error.should.match(/recoveryDestinationAddress/i);
+  });
+  it('should fail when userPub or backupPub not provided', async () => {
+    const responseNoUserKey = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        backupPub: ethRecoveryData.backupKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: undefined,
+      });
+
+    const responseNoBackupKey = await agent
+      .post(`/api/${coin}/wallet/recovery`)
+      .set('Authorization', `Bearer ${accessToken}`)
+      .send({
+        userPub: ethRecoveryData.userKey,
+        apiKey: 'etherscan-api-token',
+        walletContractAddress: ethRecoveryData.walletContractAddress,
+        recoveryDestinationAddress: undefined,
+      });
+
+    responseNoUserKey.status.should.equal(400);
+    responseNoUserKey.body.should.have.property('error');
+    responseNoUserKey.body.error.should.match(/userPub/i);
+
+    responseNoBackupKey.status.should.equal(400);
+    responseNoBackupKey.body.should.have.property('error');
+    responseNoBackupKey.body.error.should.match(/backupPub/i);
+  });
+});

src/__tests__/mocks/ethRecoveryMusigMockData.ts

@@ -0,0 +1,52 @@
+const walletContractAddress = '0x223fe2adcc8f28d8a46f72f7f355117d2727554d';
+
+export const data = {
+  walletContractAddress,
+  userKey:
+    'xpub661MyMwAqRbcFigezGWEYSbCPVuaUmvnp1u7iEpH9YsKU6uYQtPANvudjgAo82QRHXsUieMqKeB1xEj89VUKU1ugtmyAZ3xzNEbHPexxgKK',
+  backupKey:
+    'xpub661MyMwAqRbcGbCirzmQsUJT2eidt9tFLw2m77w6FiKco6TKu49CP3GkHF88xGCpvqkP93SYMAarfyWAn8UWevQtNT6pDo8xH7xmf6GqK6e',
+  unsignedSweepPrebuildTx: {
+    tx: 'f9012b808504a817c8008307a12094223fe2adcc8f28d8a46f72f7f355117d2727554d80b9010439125215000000000000000000000000e7d07af8e3e7472ea8391a3372ab98d04ac4df200000000000000000000000000000000000000000000000000de0b6b3a764000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000006851a693000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000808080',
+    userKey:
+      'xpub661MyMwAqRbcFigezGWEYSbCPVuaUmvnp1u7iEpH9YsKU6uYQtPANvudjgAo82QRHXsUieMqKeB1xEj89VUKU1ugtmyAZ3xzNEbHPexxgKK',
+    backupKey:
+      'xpub661MyMwAqRbcGbCirzmQsUJT2eidt9tFLw2m77w6FiKco6TKu49CP3GkHF88xGCpvqkP93SYMAarfyWAn8UWevQtNT6pDo8xH7xmf6GqK6e',
+    coin: 'hteth',
+    gasPrice: 20000000000,
+    gasLimit: 500000,
+    recipients: [
+      {
+        address: '0xe7d07af8e3e7472ea8391a3372ab98d04ac4df20',
+        amount: '1000000000000000000',
+      },
+    ],
+    walletContractAddress,
+    amount: '1000000000000000000',
+    backupKeyNonce: 0,
+    recipient: {
+      address: '0xe7d07af8e3e7472ea8391a3372ab98d04ac4df20',
+      amount: '1000000000000000000',
+    },
+    expireTime: 1750181523,
+    contractSequenceId: '1',
+    nextContractSequenceId: '1',
+  },
+  txHexFullSigned:
+    'xpub661MyMwAqRbcGLBsaNVtc8bhB7dN8fzf3JTEKhviDUMDz11HkcHNXRSV6tk2jsqPhXnqLJPUHy8VMSjTr4hPFimRWdFk3eaLEM8VBUbZdQE',
+  recoveryDestinationAddress: '0x927324f364a6fd1bf4648310a445b58063f5bb64',
+};
+
+export const ebeData = {
+  userPub:
+    'xpub661MyMwAqRbcGvbtjkhDJ5uiFWb6eK9nFQmLLgW1jDwJzJ2vQPyp2uKLmUBgGZKiA9HDUFYfuDoyP1dF3tj3Ucod25tmiEG2k26UX97S3Wz',
+  backupPub:
+    'xpub661MyMwAqRbcF4KcM9ZR5gXg5M3z1gKerho5XqmQLBG1Yc72U9dvULLrcaX92RAjbkRqJvzYAmmj5Hcnts1Tdvhy9csZuiuMowuxvNHEgrn',
+  walletContractAddress: '0x74ede0b3a0d6a3688b0c85d96e7297dae5d4a951',
+  userPrv:
+    'xprv9s21ZrQH143K4SXRdjACvwxyhUkcErRvtBqjYJ6QAtQL7VhmrrfZV6zrvBkFHG698ns5qicM1FS9jUwz1UqxQsungfaoMowPDw9HooBNZgw',
+  backupPrv:
+    'xprv9s21ZrQH143K2aF9F82QiYawXKDVcDboVUsUjTMnmqj2fomsvcKfvY2NmHXgSdqPZrG8vwPDJSqBSt8Bv3sjzc9WbGdBrmWr8vfgYHDqSFH',
+  txHexResult:
+    '02f901d5824268808502540be4008504a817c80083030d409474ede0b3a0d6a3688b0c85d96e7297dae5d4a95180b9016439125215000000000000000000000000927324f364a6fd1bf4648310a445b58063f5bb64000000000000000000000000000000000000000000000000053444835ec5800000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000006867cba3000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004110b2f41b55a981d21efdfe04cff1426fd45d0061bda22f1ff01d589a54baf1b3034cfdf164410a28b0f768fe452cc1568dcc18601891fc08b3b854c7f0ddb4791b00000000000000000000000000000000000000000000000000000000000000c001a002f5ff1cc3b49dedf2cc0f8f3c811175eb2fb9d4aa4ea1422342c08604459d98a0368b6909b10c80da2b3b3ef04670c02d02f79fb63e287ba6e7e6cb4b32809f57',
+};

src/__tests__/mocks/unsigned-sweep-prebuild-hteth-musig-recovery.json

@@ -0,0 +1,32 @@
+{
+    "tx": "02f90135824268808502540be4008504a817c80083030d409474ede0b3a0d6a3688b0c85d96e7297dae5d4a95180b9010439125215000000000000000000000000927324f364a6fd1bf4648310a445b58063f5bb64000000000000000000000000000000000000000000000000053444835ec5800000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000006867cba3000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0808080",
+    "userKey": "xpub661MyMwAqRbcGvbtjkhDJ5uiFWb6eK9nFQmLLgW1jDwJzJ2vQPyp2uKLmUBgGZKiA9HDUFYfuDoyP1dF3tj3Ucod25tmiEG2k26UX97S3Wz",
+    "backupKey": "xpub661MyMwAqRbcF4KcM9ZR5gXg5M3z1gKerho5XqmQLBG1Yc72U9dvULLrcaX92RAjbkRqJvzYAmmj5Hcnts1Tdvhy9csZuiuMowuxvNHEgrn",
+    "coin": "hteth",
+    "gasPrice": "20000000000",
+    "gasLimit": "200000",
+    "recipients": [
+        {
+            "address": "0x927324f364a6fd1bf4648310a445b58063f5bb64",
+            "amount": "375000000000000000"
+        }
+    ],
+    "walletContractAddress": "0x74ede0b3a0d6a3688b0c85d96e7297dae5d4a951",
+    "amount": "375000000000000000",
+    "backupKeyNonce": 0,
+    "eip1559": {
+        "maxFeePerGas": 20000000000,
+        "maxPriorityFeePerGas": 10000000000
+    },
+    "replayProtectionOptions": {
+        "chain": 17000,
+        "hardfork": "london"
+    },
+    "recipient": {
+        "address": "0x927324f364a6fd1bf4648310a445b58063f5bb64",
+        "amount": "375000000000000000"
+    },
+    "expireTime": 1751632803,
+    "contractSequenceId": 1,
+    "nextContractSequenceId": 1
+}