Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@entropyxyz/entropy-js
Advanced tools
entropy-js
is a collection of TS packages that allow you to interact with the Entropy network. This is currently in alpha release.
yarn:
yarn add @entropyxyz/entropy-js
npm:
npm i @entropyxyz/entropy-js --save
NOTICE
endpoint
defaults to 'ws://127.0.0.1:9944' if no value is provided.
import Entropy from '@entropyxyz/entropy-js'
// Initialize entropy
const signer = await getWallet(charlieStashSeed)
const entropyAccount = {
sigRequestKey: signer,
programModKey: signer
}
const entropy = new Entropy({ account: entropyAccount})
await entropy.ready
▸ init(address): Promise
<RegisteredInfo
>
Name | Type |
---|---|
address | Address |
Promise
<RegisteredInfo
>
▸ register(params
): Promise
<RegisteredInfo
>
Registers an address to Entropy using the provided parameters.
Name | Type |
---|---|
params | RegistrationParams |
Promise
<RegisteredInfo
>
A promise indicating the completion of the registration process.
Throws
Throws if the provided address format is not compatible.
Throws
Throws if the address being registered is already in use.
const address = entropy.account?.wallet.address
console.log({ address })
// Can do a pre-check to see if the address is registered
const isRegistered = await entropy.registrationManager.checkRegistrationStatus(address)
console.log(isRegistered)
// Register the address
await entropy.register({
address,
keyVisibility: 'Permissioned',
freeTx: false,
})
// Check post-registration
const postRegistrationStatus = await entropy.isRegistered(address)
console.log(postRegistrationStatus)
▸ checkAuthorization(programModAccount
, sigReqAccount
): Promise
<boolean
>
Checks if a given program modification account is authorized to modify the program associated with a specific signature request account.
Name | Type | Description |
---|---|---|
programModAccount | string | The account whose authorization is to be verified. |
sigReqAccount | string | The account for which the program modification is intended. |
Promise
<boolean
>
programModAccount
is authorized to modify the program for sigReqAccount
Remarks
This method queries Substrate to determine if the programModAccount
is allowed to modify the program associated with the sigReqAccount
.
The method utilizes the allowedToModifyProgram
quert, which returns an optional value. If the value is present (isSome
), it indicates authorization.
(I'm not sure about this as the blob that's returned is extremely long )
The method unwraps the optional value
Example
const isAuthorized = await checkAuthorization('5FHneW46...HgYb3fW', '5DAAnrj7...P5JT7zP')
console.log(isAuthorized) // Outputs: true or false
▸ get(sigReqAccount?
): Promise
<ArrayBuffer
>
Retrieves the program associated with a given sigReqAccount (account)
Name | Type | Description |
---|---|---|
sigReqAccount | string | The account key, defaulting to the signer's wallet address if not provided. |
Promise
<ArrayBuffer
>
Throws
If no program is defined for the given account.
Remarks
This method communicates with Substrate to fetch bytecode associated with an account. The response is then procesed and converted to an ArrayBuffer before being returned
▸ handleFreeTx(call
): Promise
<SubmittableExtrinsic
<"promise"
, ISubmittableResult
>>
Prepares a free transaction, performs a dry run, and ensures its viability.
In this system:
This method leverages the callUsingElectricity
from the freeTx
module to create a transaction that utilizes zaps.
A dry run is then performed to ensure its success when broadcasted.
Name | Type | Description |
---|---|---|
call | SubmittableExtrinsic <"promise" , ISubmittableResult > | The extrinsic intended for execution. |
Promise
<SubmittableExtrinsic
<"promise"
, ISubmittableResult
>>
A promise resolving to a transaction prepared to use electricity.
Throws
If the dry run fails or there's insufficient electricity (zaps).
▸ sendAndWaitFor(call
, freeTx?
, filter
): Promise
<EventRecord
>
Sends an extrinsic and waits for a specific event or rejects with an error.
Name | Type | Default value | Description |
---|---|---|---|
call | SubmittableExtrinsic <"promise" , ISubmittableResult > | undefined | The extrinsic call to send. |
freeTx | boolean | true | Optional. Flag indicating if the transaction should be free (default: true). |
filter | EventFilter | undefined | An event filter to wait for. |
Promise
<EventRecord
>
A promise that resolves with the filtered event record.
Throws
Will reject the promise if a dispatch error occurs or the filtered event is not found.
▸ set(program
, sigReqAccount?
, programModAccount?
): Promise
<void
>
Sets or updates the program of a specified account on Substrate This method allows the current signer or an authorized account to update the program associated with the signer's account or another specified account.
Name | Type | Description |
---|---|---|
program | ArrayBuffer | The program to be set or updated, as an ArrayBuffer. |
sigReqAccount? | string | The account for which the program will be set or updated. Defaults to the signer's account. |
programModAccount? | string | Optional. An authorized account to modify the program, if different from the signer's account. |
Promise
<void
>
A promise that resolves when the transaction has been included in the block.
Throws
Throws an error if the account is unauthorized or if there's a problem setting the program.
Remarks
This method handles the conversion of a program from an ArrayBuffer to a hex string It checks for authorization if the programModAccount is provided, ensuring that only authorized accounts can update the bytecode. The transaction is created and sent to Substrate. This method then awaits the confirmation event 'ProgramUpdated' to ensure that the update was successful.
▸ sign(params
): Promise
<Uint8Array
>
The sign
method is tasked with signing a sigRequestHash
, which is essentially a hash of the
request that needs signing. It does so by obtaining validator information based on the hash,
formatting transaction requests for these validators, and then submitting these requests for the
validators to sign.
The process in detail:
Name | Type | Description |
---|---|---|
params | SigOps | An object sigRequestHash , representing the hash of the request awaiting signature. |
Promise
<Uint8Array
>
A promise which, when resolved, produces a Uint8Array with the signature of the first validator.
Throws
Throws an error if there's an error at any stage in the signing routine.
▸ signTransaction(params
): Promise
<unknown
>
Signs a given transaction based on the provided parameters.
The signTransaction
method invokes the appropriate adapter (chain based configuration)
based on the type specified in the params
. This modular approach ensures that various
transaction types can be supported. The method performs a series of operations, starting
with the preSign
function of the selected adapter, followed by the actual signing of the
transaction request hash, and if necessary, the postSign
function of the adapter.
Name | Type | Description |
---|---|---|
params | SigTxOps | An object that encapsulates all the required parameters for signing. |
Promise
<unknown
>
A promise that returns the transaction signature. Note that the structure and format of this signature may differ based on the adapter.
Throws
Will throw an error if the transaction type does not have a corresponding adapter.
const signature: Uint8Array = await entropy.sign({
sigRequestHash: serializedTx,
})
[0.1.2] Amun - 2023-12-12 (entropy-core compatibility: 0.0.9)
FAQs
JS SDK for entropy blockchain
We found that @entropyxyz/entropy-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.