Skip to content

Feature: Implement KMS Wallet #510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
blueogin wants to merge 17 commits into
base: master
Choose a base branch
from
Open

Feature: Implement KMS Wallet #510

blueogin wants to merge 17 commits into from

Conversation

@blueogin
Copy link
Collaborator

@blueogin blueogin commented Dec 9, 2025

Description

Added the KMS wallet, which signs transactions using keys stored in AWS KMS.
The kms-ethereum-signing dependency is the modularized PoC project I previously built.

About # (link your issue here)

How Has This Been Tested?

The KMS wallet is tested in adminWalletKMS.test.ts.

Checklist:

  • PR title matches follow: (Feature|Bug|Chore) Task Name
  • My code follows the style guidelines of this project
  • I have followed all the instructions described in the initial task (check Definitions of Done)
  • I have performed a self-review of my own code
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have added reference to a related issue in the repository
  • I have added a detailed description of the changes proposed in the pull request. I am as descriptive as possible, assisting reviewers as much as possible.
  • I have added screenshots related to my pull request (for frontend tasks)
  • I have pasted a gif showing the feature.
  • @mentions of the person or team responsible for reviewing proposed changes

blueogin added 17 commits December 5, 2025 10:28
@blueogin
feat: integrate AWS KMS for enhanced wallet security
2f26fda 
- Added KMS wallet support to handle Ethereum transactions securely using AWS Key Management Service.
- Updated configuration to allow KMS key IDs and region settings.
- Refactored AdminWallet and Web3Wallet to support KMS-based transaction signing.
- Introduced KMSWallet class to encapsulate KMS operations.
- Added tests for KMS transaction submission and wallet functionality.
@blueogin
feat: native eth transfer tx
60f5c68
@blueogin
feat: native eth transfer tested
94bd40c
@blueogin
feat: implement WETH deposit functionality in KMS transaction tests
8bd7419
@blueogin
chore: update .gitignore and add yalc.lock for package management
970cb67
@blueogin
fix: normalize wallet addresses in KMS and Web3 wallet implementations
a05196e 
- Updated KMSWallet and Web3Wallet to store and retrieve wallet addresses in a case-insensitive manner.
- Removed unnecessary console log from KMSWallet during transaction signing.
- Adjusted tests to ensure KMS wallet address normalization is correctly handled.
@blueogin
chore: remove unused EthereumJS packages from package.json
c4fee86
@blueogin
chore: clean up package-lock.json by removing unused EthereumJS depen…
fdfe82c 
…dencies
@blueogin
fix: removed kms client
b8f6dd2
@blueogin
chore: remove unnecessary console log statements from Web3Wallet
d3bf440
@blueogin
chore: update kms-ethereum-signing dependency to version 1.0.0 and ad…
546d4c2 
…just Jest configuration
@blueogin
chore: simplify kms-ethereum-signing resolution in Jest configuration
29dc67a
@blueogin
chore: remove kms-ethereum-signing path mapping from Jest configuration
187dcd4
@blueogin
chore: upgrade lockfile version
1b86d1c
@blueogin
chore: add @gooddollar/kms-ethereum-signing dependency and update rel…
6568bd1 
…ated package versions in package.json and package-lock.json
@blueogin
chore: update KMSWallet import to use @gooddollar/kms-ethereum-signing
6816ae6
@blueogin
fix: add error handling for KMS wallet initialization in Web3Wallet
5b2bdb3
sirpy
sirpy requested changes Dec 23, 2025
View reviewed changes
src/server/blockchain/AdminWallet.js

const sendTx = this.mainnetWeb3.eth.sendSignedTransaction(signedTx)

return new Promise((res, rej) => {
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reduce duplicate code

src/server/blockchain/KMSWallet.js
const region = this.getRegion(address)

try {
if (transaction.rpcUrl != undefined && transaction.rpcUrl.includes('localhost')) {
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

write a comment why you do this

src/server/blockchain/Web3Wallet.js
this.networkId = networkId
this.numberOfAdminWalletAccounts = conf.privateKey ? 1 : conf.numberOfAdminWalletAccounts
// Determine number of accounts based on configuration
let kmsKeyIds = null
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we just read existing kmskeys from aws? maybe read keys by tags?

src/server/blockchain/Web3Wallet.js
Comment on lines +118 to +125
if (conf.kmsKeyIds) {
kmsKeyIds = conf.kmsKeyIds
.split(',')
.map(k => k.trim())
.filter(k => k)
}
if (kmsKeyIds && kmsKeyIds.length > 0) {
this.numberOfAdminWalletAccounts = kmsKeyIds.length
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be moved to initialize and keys should be fetched by group/tag

src/server/blockchain/Web3Wallet.js
this.wallets[normalizedAddress] = { address, kmsKeyId, isKMS: true }
}

getKMSKeyIds() {
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be fetched from aws by group/tag

src/server/blockchain/Web3Wallet.js

getKMSKeyIds() {
// Support comma-separated list of keys
if (this.conf.kmsKeyIds) {
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of kmskeyids use kmsKeysTag

src/server/blockchain/Web3Wallet.js
addresses.forEach(address => {
const keyId = this.kmsWallet.getKeyId(address)
this.addKMSWallet(address, keyId)
// Add KMS addresses to filledAddresses (they don't need admin verification)
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not true, need same checks as in mnemonic.
dont duplicate code

Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make sure balance check are run for these addresses also

src/server/blockchain/Web3Wallet.js
* Send transaction using KMS signing
* @private
*/
async sendTransactionWithKMS(
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deduplicate code like in AdminWallet you have just one sendTransaction method

src/server/server.config.js
env: 'PRIVATE_KEY',
default: undefined
},
kmsKeyIds: {
Copy link
Contributor

@sirpy sirpy Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use kmsKeysTag

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sirpy sirpy sirpy requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@blueogin @sirpy