feat: add Ethereum preimage signing for Merkle claims#2185
Conversation
- Add eth-signing utility for signing messages with Ethereum private keys - Extend useMerkleClaim hook to support preimage signing mode - Add ethereumPreimage state to purchase context - Update claim component to handle 'preimage' wallet type - Export new signing utilities from utils/index.ts This enables users to claim tokens using an Ethereum preimage when external wallets are not available or preferred.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Bug: Accidental Config Removal Detected
The preset: "ponziland" configuration was removed from the controller connector setup. This change is unrelated to the PR's stated purpose of adding Ethereum preimage signing and appears to be accidentally committed.
examples/next/src/components/providers/StarknetProvider.tsx#L198-L208
controller/examples/next/src/components/providers/StarknetProvider.tsx
Lines 198 to 208 in a172114
a172114 to
c23982f
Compare
There was a problem hiding this comment.
Bug: Unintended Configuration Change
The removal of preset: "ponziland" from the ControllerConnector configuration appears unrelated to the PR's stated purpose of adding Ethereum preimage signing for Merkle claims. This change is not mentioned in the PR description and seems to be accidentally included in this commit.
examples/next/src/components/providers/StarknetProvider.tsx#L208-L209
controller/examples/next/src/components/providers/StarknetProvider.tsx
Lines 208 to 209 in c23982f
c23982f to
8138d55
Compare
8138d55 to
2c246eb
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2185 +/- ##
==========================================
+ Coverage 20.19% 21.51% +1.31%
==========================================
Files 259 273 +14
Lines 24230 27146 +2916
Branches 668 842 +174
==========================================
+ Hits 4894 5840 +946
- Misses 19328 21295 +1967
- Partials 8 11 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
ff777eb to
141828d
Compare
141828d to
e97833a
Compare
There was a problem hiding this comment.
Bug: Preset Configuration: Unintended Change Impact
The removal of preset: "ponziland" appears to be an unintended change unrelated to the Ethereum preimage signing feature. This configuration was likely used for testing and its removal could affect the controller's preset behavior in the example application.
examples/next/src/components/providers/StarknetProvider.tsx#L207-L208
controller/examples/next/src/components/providers/StarknetProvider.tsx
Lines 207 to 208 in 141828d
| Close | ||
| </Button> | ||
| )} | ||
| </> |
There was a problem hiding this comment.
Bug: Claim Button Allows Actions Despite Errors
The claim button is not disabled when there's an error state, allowing users to attempt claiming even when address derivation from the preimage failed. The button only checks isClaimed and isCheckingClaimed but ignores the error state, which can be set when getAddressFromPrivateKey throws an exception. This allows invalid claim attempts to proceed, causing downstream failures instead of preventing the action upfront.
| openStarterPack: | ||
| () => (starterpackId: string | number, preimage?: string) => { | ||
| navigate( | ||
| `/purchase/starterpack/${starterpackId}${preimage ? `?preimage=${preimage}` : ""}`, |
There was a problem hiding this comment.
Bug: Sensitive Keys Leaked Through URLs
The Ethereum private key (preimage) is passed as a URL query parameter, exposing it in browser history, server logs, and potentially referrer headers. Private keys should never be transmitted through URLs as this creates a significant security vulnerability where the key could be leaked through various channels.
f8536c0 to
9d57c28
Compare
|
Claude finished @broody's task —— View job Analyzing PR changes and updating documentationTask: Update documentation for Ethereum preimage signing feature
Analysis SummaryThe PR adds Ethereum preimage signing functionality for Merkle claims. Key changes: New Feature:
Documentation Updates Made:
Documentation Changes SummaryThe documentation now accurately reflects the new Ethereum preimage signing functionality, providing clear guidance on:
All user-facing API changes have been documented, maintaining consistency with the existing documentation style. |
Overview
This PR adds support for signing Merkle claim messages using an Ethereum preimage directly, as an alternative to using external wallet connectors. This enables users to claim tokens using a preimage when external wallets are not available or preferred.
Changes
New Files
privateKeyToAccountsignMessageWithPrivateKey: Signs messages with a private keygetAddressFromPrivateKey: Derives Ethereum address from private keyModified Components
claim.tsx
ethereumPreimagefrom purchase contextpurchase.tsx
ethereumPreimagestate management to the purchase contextsetEthereumPreimagesetter functionmerkle-claim.ts
useMerkleClaimhook to:ethereumPreimageparameterethereumPreimageindex.ts
Technical Details
Signing Flow
ethereumPreimageis provided, the hook uses direct private key signingethereumPreimageis not provided, it falls back to external wallet signature requestsSecurity Considerations
Testing
Note
Adds optional Ethereum preimage-based signing to the starterpack claim flow, wiring from examples UI through controller to keychain with new signing utilities.
controller.openStarterPacknow accepts optionalpreimageand forwards it to keychain navigation (packages/controller/src/controller.ts,packages/keychain/src/utils/connection/index.ts,packages/controller/src/types.ts).preimagequery param is present on starterpack page (packages/keychain/src/components/purchasenew/starterpack/starterpack.tsx).examples/next/src/components/Starterpack.tsx).useMerkleClaimsupportstype: "preimage"and signs EVM messages with the provided preimage, falling back to external wallets; blocks preimage for Starknet claims (packages/keychain/src/hooks/merkle-claim.ts)."preimage"pseudo-wallet togetWalletfor display logic (packages/keychain/src/components/purchasenew/wallet/config.ts).signMessageWithPrivateKey,getAddressFromPrivateKey(packages/keychain/src/utils/eth-signing.ts, exported viapackages/keychain/src/utils/index.ts).Claimpage derives address from preimage, handles errors, adjusts header/empty states, and hides wallet chip for preimage; updates footer actions (packages/keychain/src/components/purchasenew/claim/claim.tsx).Claimingin claim flow (packages/keychain/src/components/purchasenew/pending.tsx).Written by Cursor Bugbot for commit 9d57c28. This will update automatically on new commits. Configure here.