Conversation
- Add TON core types (TonGetAddress, TonSignTx, TonWallet, TonWalletInfo) - Add TON derivation path support (m/44'/607'/<account>') - Add TON native wallet implementation with Ed25519 crypto adapter - Add WalletV4R2 address derivation from public key TON Chain specs: - SLIP44 Coin Type: 607 - Derivation Path: m/44'/607'/<account>' (3-level hardened, Ed25519) - Address Format: User-friendly base64 (48 chars, WalletV4R2 StateInit)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Caution Review failedThe pull request is closed. 📝 WalkthroughWalkthroughAdds TON (The Open Network) support across core and native packages: new core types/helpers, slip44 entry, native Ed25519 seed/adapter, native wallet mixins, Jest mock and dependency updates. Changes
Sequence Diagram(s)sequenceDiagram
participant Mnemonic
participant PBKDF2 as PBKDF2-SHA512
participant TonSeed
participant HMAC as HMAC-SHA512
participant TonMasterKey as Ed25519 Master Key
participant TonAdapter
participant WalletContractV4
participant SignedBoc as Signed Transfer BOC
Mnemonic->>PBKDF2: toTonSeed(password)
PBKDF2->>TonSeed: 64-byte seed
TonSeed->>HMAC: toTonMasterKey()
HMAC->>TonMasterKey: derive Ed25519 node (IL/IR)
TonMasterKey->>TonAdapter: tonInitializeWallet(ed25519 node)
TonAdapter->>TonAdapter: derive public key from path
TonAdapter->>WalletContractV4: create(publicKey)
TonAdapter->>SignedBoc: createSignedTransferBoc(params)
SignedBoc-->>TonAdapter: return signed BOC
TonAdapter-->>Caller: address / signed BOC
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsErrors were encountered while retrieving linked issues. Errors (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
… if toTonSeed unavailable
The V4R2 wallet code cell contains 20 cells in a tree structure with maximum depth of 7. Previously hardcoded to 1, which caused incorrect StateInit hash calculation and address mismatch with Trust Wallet. Tested: Generated address now matches Trust Wallet exactly.
… 1.62.40-ton-chain.6
…or private fields
…rward proxy handler
Changes TON seed derivation from custom TON-specific PBKDF2 to standard BIP-39: - PBKDF2(mnemonic, 'mnemonic' + password, 2048 iterations, 64 bytes) - Then SLIP-0010 Ed25519 derivation with path m/44'/607'/0' This matches Trust Wallet's TON derivation implementation.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/hdwallet-native/src/native.ts (1)
493-521: Clear/revoke#tonMasterKeyon wipe.
wipe()clears other master keys but leaves the TON master key in memory; this undermines wipe semantics and can retain sensitive material.🔧 Suggested fix
- const oldEd25519MasterKey = this.#ed25519MasterKey; + const oldEd25519MasterKey = this.#ed25519MasterKey; + const oldTonMasterKey = this.#tonMasterKey; this.#initialized = false; this.#secp256k1MasterKey = undefined; this.#ed25519MasterKey = undefined; + this.#tonMasterKey = undefined; @@ (await oldSecp256k1MasterKey)?.revoke?.(); (await oldEd25519MasterKey)?.revoke?.(); + (await oldTonMasterKey)?.revoke?.();
♻️ Duplicate comments (2)
packages/hdwallet-native/src/native.ts (2)
337-342: Guard optionaltoTonSeedbefore calling.
toTonSeedis optional; the non‑null assertion can throw at runtime when the mnemonic implementation doesn’t support TON derivation. Add an explicit guard and error message.🔧 Suggested fix
- this.#tonMasterKey = (async () => { + this.#tonMasterKey = (async () => { const isolatedMnemonic = typeof mnemonic === "string" ? await Isolation.Engines.Default.BIP39.Mnemonic.create(mnemonic) : mnemonic; - const tonSeed = await isolatedMnemonic.toTonSeed!(); + if (!isolatedMnemonic.toTonSeed) { + throw new Error("Mnemonic implementation does not support TON key derivation"); + } + const tonSeed = await isolatedMnemonic.toTonSeed(); return await tonSeed.toTonMasterKey(); })();
596-608: Guard optionaltoTonSeedbefore calling (loadDevice path).Same issue as the constructor path:
toTonSeedis optional and should be checked before use.🔧 Suggested fix
- const tonSeed = await isolatedMnemonic.toTonSeed!(); + if (!isolatedMnemonic.toTonSeed) { + throw new Error("Mnemonic implementation does not support TON key derivation"); + } + const tonSeed = await isolatedMnemonic.toTonSeed();
🧹 Nitpick comments (1)
packages/hdwallet-native/src/crypto/isolation/engines/default/bip39.ts (1)
45-61: Implementation correctly follows BIP-39 → SLIP-0010 Ed25519 for Trust Wallet compatibility.The derivation uses standard BIP-39 parameters (2048 iterations, "mnemonic{password}" salt, SHA512) with proper NFKD normalization. The resulting
TonSeedthen provides SLIP-0010 Ed25519 master key derivation viatoTonMasterKey().Minor naming inconsistency: The parameter is named
passwordhere butpassphraseintoSeed. Consider aligning for consistency.🔧 Optional: Align parameter naming with toSeed
- async toTonSeed(password?: string): Promise<TonSeed> { + async toTonSeed(passphrase?: string): Promise<TonSeed> { const mnemonic = this.#mnemonic; - const salt = new TextEncoder().encode(`mnemonic${password ?? ""}`.normalize("NFKD")); + const salt = new TextEncoder().encode(`mnemonic${passphrase ?? ""}`.normalize("NFKD"));
There was a problem hiding this comment.
Actionable comments posted: 20
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (4)
packages/hdwallet-walletconnectV2/package.json (1)
17-23: Fix invalid JSON (trailing comma breaks parsing).The trailing comma after the dependencies block makes this
package.jsoninvalid JSON and will break tooling. Remove the trailing comma.🧩 Proposed fix
"dependencies": { "@shapeshiftoss/hdwallet-core": "1.62.39", "@walletconnect/ethereum-provider": "^2.20.2", "@walletconnect/modal": "^2.6.2", "ethers": "^5.6.5" - }, + } }packages/hdwallet-trezor/package.json (1)
25-30: Remove trailing comma to fix invalid JSON.The comma after the
devDependenciesobject makes the top-level JSON invalid and is already triggering a parse error in Biome. Remove the trailing comma to keeppackage.jsonvalid.🛠️ Proposed fix
"devDependencies": { "@types/bchaddrjs": "^0.4.0", "@types/lodash": "^4.14.168", "typedoc": "^0.20.36" - }, + } }packages/hdwallet-keepkey-tcp/package.json (1)
16-21: Remove trailing comma to keep package.json valid JSON.The trailing comma after the last property makes this invalid JSON and breaks tooling.
🔧 Proposed fix
- }, + }packages/hdwallet-trezor-connect/package.json (1)
16-21: Remove trailing comma to keep package.json valid JSON.The trailing comma after the last property makes this invalid JSON and breaks tooling.
🔧 Proposed fix
- }, + }
🤖 Fix all issues with AI agents
In `@packages/hdwallet-coinbase/package.json`:
- Around line 24-25: The package.json contains a trailing comma before the final
closing brace which makes the JSON invalid; open
packages/hdwallet-coinbase/package.json and remove the trailing comma after the
last top-level property so the JSON object ends with "}" (i.e., ensure the last
key/value pair in the root object has no trailing comma), then run a JSON lint
or npm pack to confirm parsing succeeds.
In `@packages/hdwallet-core/package.json`:
- Around line 31-32: Remove the trailing comma in the package.json object before
the final closing brace to produce valid JSON; locate the dangling comma
immediately before the final "}" in the package.json and delete it so the file
ends with "}" without a preceding comma.
In `@packages/hdwallet-gridplus/package.json`:
- Around line 35-39: The package.json contains a trailing comma after the
"nohoist" array which makes the JSON invalid; remove the extra comma following
the array/object closure so the "nohoist" property (and its entries
"@ethereumjs/common" and "@ethereumjs/tx") end cleanly without a trailing comma,
ensuring valid JSON for tools to parse.
In `@packages/hdwallet-keepkey-chromeusb/package.json`:
- Around line 16-20: The package.json has a trailing comma after the
dependencies block which makes the JSON invalid; open package.json and remove
the comma after the closing dependencies object so the file ends with the
dependencies block that contains "@shapeshiftoss/hdwallet-core": "1.62.39" and
"@shapeshiftoss/hdwallet-keepkey": "1.62.39" without a trailing comma, ensuring
valid JSON for tooling like Biome.
In `@packages/hdwallet-keepkey-electron/package.json`:
- Around line 23-27: Remove the trailing comma after the root object in
package.json by deleting the comma following the closing brace of
"devDependencies" so the JSON is valid; specifically update the block containing
"devDependencies" (entries "@types/uuid" and "electron") to end with a closing
brace only, not "},", ensuring the file parses as valid JSON.
In `@packages/hdwallet-keepkey-nodehid/package.json`:
- Around line 24-25: Remove the trailing comma after the final object in
packages/hdwallet-keepkey-nodehid/package.json (the comma following the closing
brace “}”), making the JSON valid; update the file to end with a single closing
brace without a comma and validate the JSON (eg. with a JSON linter or npm/yarn)
before committing.
In `@packages/hdwallet-keepkey-nodewebusb/package.json`:
- Around line 25-26: The package.json contains an invalid trailing comma after
the devDependencies object which breaks JSON parsing; open the package.json and
remove the extraneous comma following the closing brace of the "devDependencies"
object so the JSON ends with a single closing brace and is valid for yarn/npm
operations.
In `@packages/hdwallet-keepkey-webusb/package.json`:
- Around line 20-22: package.json contains an invalid trailing comma after the
"devDependencies" block; open the package.json, locate the "devDependencies"
object (the entry containing "@types/w3c-web-usb"), and remove the trailing
comma following that block so the JSON is syntactically valid (or reformat the
file to ensure proper commas between top-level properties).
In `@packages/hdwallet-keepkey/package.json`:
- Around line 49-50: The package.json contains an invalid trailing comma right
before the closing brace which causes JSON parse errors; open package.json and
remove the extra comma after the last property so the final object ends with "}"
not ",}" (identify the trailing comma near the end of the file where the object
closes) and validate the JSON to ensure no other dangling commas remain.
In `@packages/hdwallet-keplr/package.json`:
- Around line 31-32: The package.json contains a trailing comma after the final
closing object (the comma after the "}" in the file) which makes the JSON
invalid; remove that trailing comma so the file ends with a single closing brace
(no comma) to restore valid JSON and allow yarn install/build to parse the
manifest.
In `@packages/hdwallet-ledger-webhid/package.json`:
- Around line 24-25: The package.json contains a trailing comma after the
dependencies block which makes the JSON invalid; open the package.json file,
locate the closing of the "dependencies" object (the comma after that block) and
remove the trailing comma so the top-level object ends with "}" only, ensuring
the JSON parses correctly for package managers.
In `@packages/hdwallet-ledger-webusb/package.json`:
- Around line 30-31: The package.json currently contains a trailing comma after
the final property which makes the JSON invalid; open
packages/hdwallet-ledger-webusb/package.json, remove the extraneous trailing
comma at the end of the object (the comma following the last closing property)
so the file is valid JSON, then run a quick JSON parse or npm pack/ci to verify
no parse errors.
In `@packages/hdwallet-ledger/package.json`:
- Around line 48-49: The package.json contains a trailing comma after the final
closing brace which makes the JSON invalid; open
packages/hdwallet-ledger/package.json and remove the comma following the final
"}" so the file ends with a single closing brace and valid JSON (ensure no
trailing commas remain anywhere in the top-level object).
In `@packages/hdwallet-metamask-multichain/package.json`:
- Around line 27-31: The JSON file contains an extra trailing comma after the
"devDependencies" object which makes the package.json invalid; remove the comma
immediately following the closing brace of the "devDependencies" block (the
comma after "@types/lodash": "^4.14.168" } ) so the file is valid JSON and
package tooling can parse it correctly.
In `@packages/hdwallet-native-vault/package.json`:
- Around line 29-30: The package.json contains a trailing comma after the
devDependencies object which makes the JSON invalid; open the package.json,
locate the closing brace for "devDependencies" and remove the comma that follows
it so the file is valid JSON (ensure the final top-level object ends with just
"}" not "},").
In `@packages/hdwallet-native/package.json`:
- Around line 63-65: The package.json contains a trailing comma after the final
property ("msw": "^0.27.1") which makes the JSON invalid; open
packages/hdwallet-native/package.json and remove the trailing comma after the
last property so the file ends with a single closing brace/brace-pair (ensure
the final line is ` }` then `}` with no comma), then run a quick JSON lint or
npm/yarn command to validate the file.
In `@packages/hdwallet-phantom/package.json`:
- Around line 27-28: Remove the invalid trailing comma after the closing brace
of the devDependencies object in package.json; locate the devDependencies block
in packages/hdwallet-phantom/package.json and delete the comma following the `}`
so the JSON is valid and parses correctly.
In `@packages/hdwallet-portis/package.json`:
- Around line 29-30: The package.json contains a trailing comma after the final
object entry which makes the JSON invalid; open the package.json in the
hdwallet-portis package and remove the trailing comma at the end of the root
object so the file ends with "}" (no comma) to restore valid JSON and allow
package managers like yarn to parse it.
In `@packages/hdwallet-vultisig/package.json`:
- Around line 27-30: The package.json contains an invalid trailing comma after
the devDependencies object; remove the extra comma following the closing brace
of the "devDependencies" object so the JSON is valid (ensure the
"devDependencies" key and its object remain unchanged except for removing the
trailing comma).
In `@packages/hdwallet-walletconnect/package.json`:
- Around line 22-23: The package.json contains an invalid trailing comma after
the closing brace of the "dependencies" object; remove the extraneous comma
after that closing brace so the JSON is valid (ensure the "dependencies" object
ends with "}" and the overall JSON remains properly comma-separated between
top-level properties if any); verify the file parses (e.g., with a JSON linter)
after removing the trailing comma.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds TON (The Open Network) blockchain support to HDWallet.
Changes
Core Types (
packages/hdwallet-core/src/ton.ts)TonGetAddress- Interface for address derivationTonSignTx- Interface for transaction signing (BOC message bytes)TonSignedTx- Signed transaction resultTonWalletInfo/TonWallet- Wallet interface with TON supporttonDescribePath- Path description for TON derivationtonGetAccountPaths- Account path generationUtils (
packages/hdwallet-core/src/utils.ts)Ton: 607toslip44ByCoinmappingNative Wallet (
packages/hdwallet-native/)ton.ts- Mixin classes for native TON wallet supportcrypto/isolation/adapters/ton.ts- Ed25519 crypto adapter for TONTON Chain Specifications
m/44'/607'/<account>'(3-level hardened)Derivation Path
TON uses a 3-level hardened path similar to Stellar (SEP-0005):
This is because TON uses Ed25519 which requires all path components to be hardened.
Testing
yarn buildyarn lintyarn testSummary by CodeRabbit
New Features
Chores
✏️ Tip: You can customize this high-level summary in your review settings.