Skip to content

feat: Implement real Ed25519 sweep authorization signing#148

Merged
phertyameen merged 2 commits into
bridgelet-org:mainfrom
khaadish:feat/real_Ed25519_sweepSigning
Jun 21, 2026
Merged

feat: Implement real Ed25519 sweep authorization signing#148
phertyameen merged 2 commits into
bridgelet-org:mainfrom
khaadish:feat/real_Ed25519_sweepSigning

Conversation

@khaadish

@khaadish khaadish commented Jun 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Closes #141

Summary

Replaces the placeholder sweep authorization signature implementation with real Ed25519 signing backed by an authorized signer private key loaded from environment configuration.

Note: This PR must remain synchronized with bridgelet-core Issue #69, which defines the canonical signing payload format consumed by verify_sweep_authorization().

Also: update

SWEEP_SIGNING_KEY_SEED=f76f684a3a8b64f32a7dc7eba0b0a5040ba66b5ea67dad348c3b69b79db3339c

in production env to avoid code breakage

Changes

  • Replaced stubbed generateAuthSignature() implementation
  • Added dedicated signing utility under src/common/crypto
  • Added environment configuration and startup validation for the authorized signer private key
  • Removed development/test-only environment guard
  • Updated sweep authorization flow to generate real signatures
  • Documented required environment variables in .env.example

Security

  • Signing key is sourced exclusively from environment configuration
  • No hardcoded signing keys or fallback values
  • Private key material is never logged or exposed
  • Signing logic is isolated for auditing and future replacement

Files

Modified

  • src/modules/sweeps/providers/contract.provider.ts
  • src/config/*
  • .env.example

Added

  • src/common/crypto/*

Acceptance Criteria

  • generateAuthSignature() produces a valid Ed25519 signature
  • Signature is verifiable by the on-chain contract
  • Environment guard has been removed
  • Authorized signer private key is validated at startup
  • No hardcoded signing key exists in the codebase
  • Sweeps initiated through the SDK are accepted by the contract and update state successfully

Dependencies

@khaadish khaadish changed the title feat(sweeps): implement real Ed25519 sweep authorization signing feat: implement real Ed25519 sweep authorization signing Jun 21, 2026
@khaadish khaadish changed the title feat: implement real Ed25519 sweep authorization signing feat: Implement real Ed25519 sweep authorization signing Jun 21, 2026
@khaadish

khaadish commented Jun 21, 2026

Copy link
Copy Markdown
Contributor Author

The contract.spec.ts is stale now that the authorisation has been upgraded. Should I go ahead and update the test too?

@phertyameen

phertyameen commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Yes please. Go ahead and edit it appropraitely. Carefull with the test intentst though.

@phertyameen phertyameen merged commit 62cbee2 into bridgelet-org:main Jun 21, 2026
@grantfox-oss grantfox-oss Bot mentioned this pull request Jun 21, 2026
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phertyameen phertyameen phertyameen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement real Ed25519 signing in generateAuthSignature()

2 participants

@khaadish @phertyameen