Description:
generateAuthSignature() in ContractProvider currently produces a fake 64-byte buffer filled with zeros or random bytes. The method includes a guard that throws if called outside development or test environments, which prevents accidental use in production - but this also means the sweep authorization flow is entirely non-functional in any real context.
This stub exists because verify_sweep_authorization() in bridgelet-core is also a stub that accepts any input. Both must be replaced together.
What needs to happen:
Once bridgelet-core Issue #69 establishes the canonical signing payload format (ephemeral account address + destination address + nonce, or whatever is agreed), this method must produce a real Ed25519 signature over that payload using the private key corresponding to the authorized_signer registered in SweepController.
The private key used for signing must be sourced securely from environment configuration - it should never appear in source code or logs. The signing operation itself should be isolated in a dedicated utility or service so it can be audited and replaced independently.
The environment guard (throwing outside dev/test) must be removed once real signing is in place.
Files affected:
src/modules/sweeps/providers/contract.provider.ts: generateAuthSignature() and its callers
src/common/crypto/: a new signing utility should live here
src/config/: the authorized signer private key must be an environment variable, validated at startup
.env.example: document the new required variable
Coordination required:
Must be implemented in sync with bridgelet-core Issue #69. The signing payload format must be agreed between both repos before either implementation begins.
Acceptance criteria:
Description:
generateAuthSignature() in ContractProvider currently produces a fake 64-byte buffer filled with zeros or random bytes. The method includes a guard that throws if called outside development or test environments, which prevents accidental use in production - but this also means the sweep authorization flow is entirely non-functional in any real context.
This stub exists because verify_sweep_authorization() in bridgelet-core is also a stub that accepts any input. Both must be replaced together.
What needs to happen:
Once bridgelet-core Issue #69 establishes the canonical signing payload format (ephemeral account address + destination address + nonce, or whatever is agreed), this method must produce a real Ed25519 signature over that payload using the private key corresponding to the authorized_signer registered in SweepController.
The private key used for signing must be sourced securely from environment configuration - it should never appear in source code or logs. The signing operation itself should be isolated in a dedicated utility or service so it can be audited and replaced independently.
The environment guard (throwing outside dev/test) must be removed once real signing is in place.
Files affected:
src/modules/sweeps/providers/contract.provider.ts: generateAuthSignature() and its callers
src/common/crypto/: a new signing utility should live here
src/config/: the authorized signer private key must be an environment variable, validated at startup
.env.example: document the new required variable
Coordination required:
Must be implemented in sync with bridgelet-core Issue #69. The signing payload format must be agreed between both repos before either implementation begins.
Acceptance criteria: