Merge pull request #207 from fleet-sdk/arobsn/bump-vitest

chore: audit packages

Author: arobsn

package.json

@@ -30,18 +30,18 @@
     "@fleet-sdk/common": "workspace:^",
     "@fleet-sdk/crypto": "workspace:^",
     "@types/diff": "^7.0.2",
-    "@vitest/coverage-v8": "^3.2.4",
+    "@vitest/coverage-v8": "^4.0.10",
     "ergo-lib-wasm-nodejs": "^0.28.0",
     "fast-check": "^4.2.0",
-    "happy-dom": "^18.0.1",
+    "happy-dom": "^20.0.10",
     "npm-run-all": "^4.1.5",
     "open-cli": "^8.0.0",
     "sigmastate-js": "0.4.6",
     "tsdown": "^0.16.5",
     "type-fest": "^4.41.0",
     "typescript": "^5.9.2",
     "vite-tsconfig-paths": "^5.1.4",
-    "vitest": "^3.2.4"
+    "vitest": "^4.0.10"
   },
   "engines": {
     "node": ">=18",

packages/wallet/src/prover/proveDLogProtocol.ts

@@ -20,14 +20,14 @@ const MAX_ITERATIONS = 100;
 export function sign(message: Uint8Array, secretKey: Uint8Array) {
   for (let i = 0; i < MAX_ITERATIONS; i++) {
     const signature = genSignature(message, secretKey);
+    /* v8 ignore else -- @preserve */
     if (signature) return signature;
-    /* v8 ignore start */
   }
 
   // This branch is ignored in the coverage report because it depends on randomness.
+  /* v8 ignore next -- @preserve */
   throw new FleetError("Failed to generate signature");
 }
-/* v8 ignore stop */
 
 /**
  * Generates a Schnorr signature for the given message using the provided secret key.
@@ -45,14 +45,14 @@ export function genSignature(message: Uint8Array, secretKey: Uint8Array): undefi
   const c = fiatShamirHash(genCommitment(pk, w, message));
 
   // The next line is ignored in the coverage report because it depends on randomness.
-  /* v8 ignore next */
+  /* v8 ignore next -- @preserve */
   if (c === 0n) throw new FleetError("Failed to generate challenge");
 
   const z = umod(sk * c + k, CURVE.n);
   const signature = concatBytes(bigintBE.decode(c), bigintBE.decode(z));
 
   // The next line is ignored in the coverage report because it depends on randomness.
-  /* v8 ignore next */
+  /* v8 ignore next -- @preserve */
   if (!verify(message, signature, pk)) return;
 
   return signature;
@@ -74,7 +74,7 @@ function genRandomSecret() {
   }
 
   // The next line is ignored in the coverage report because it depends on randomness.
-  /* v8 ignore next */
+  /* v8 ignore next -- @preserve */
   if (r === 0n) throw new FleetError("Failed to generate randomness");
 
   return r;

packages/wallet/src/prover/prover.spec.ts

@@ -54,6 +54,41 @@ describe("Transaction signing", () => {
     expect(verify_signature(addr, txBytes, proof)).to.be.true;
   });
 
+  it("Should sign a transaction with a single secret and a single input and data input", async () => {
+    // generate keys
+    const rootKey = await ErgoHDKey.fromMnemonic(generateMnemonic());
+
+    // mock inputs
+    const input = mockUTxO({
+      value: 1_000_000_000n,
+      ergoTree: rootKey.address.ergoTree
+    });
+
+    // build the unsigned transaction
+    const unsignedTx = new TransactionBuilder(height)
+      .from(input)
+      .to(new OutputBuilder(10_000_000n, externalAddress))
+      .withDataFrom(mockUTxO({ ergoTree: rootKey.address.ergoTree }))
+      .sendChangeTo(rootKey.address)
+      .payMinFee()
+      .build();
+
+    // sign
+    const prover = new Prover();
+    const signedTx = prover.signTransaction(unsignedTx, [rootKey]);
+
+    // verify
+    const proof = toBytes(signedTx.inputs[0].spendingProof?.proofBytes);
+
+    // verify using own verifier
+    expect(prover.verify(unsignedTx, proof, rootKey)).to.be.true;
+
+    // verify using sigma-rust for comparison
+    const txBytes = unsignedTx.toBytes();
+    const addr = Address.from_public_key(rootKey.publicKey);
+    expect(verify_signature(addr, txBytes, proof)).to.be.true;
+  });
+
   it("Should determine key from registers", async () => {
     // generate keys
     const rootKey = await ErgoHDKey.fromMnemonic(generateMnemonic());