Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@secux/app-eth
Advanced tools
@secux/app-eth
SecuX Hardware Wallet ETH API
import { SecuxETH } from "@secux/app-eth";
First, create instance of ITransport.
const address = await device.getAddress("m/44'/60'/0'/0/0");
/*
// transfer data to hardware wallet by custom transport layer.
const buffer = SecuxETH.prepareAddress("m/44'/60'/0'/0/0");
const response = await device.Exchange(buffer);
const address = SecuxETH.resolveAddress(response);
*/
const { raw_tx, signature } = await device.sign(
"m/44'/60'/0'/0/0",
{
nonce: 0,
to: "0xD080156885651fADbD6df14145051b934660a748",
value: 1e10,
chainId: 1,
gasPrice: 1e6,
gasLimit: 25000
}
)
/*
// transfer data to hardware wallet by custom transport layer.
const { commandData, rawTx } = SecuxETH.prepareSignEIP155(
"m/44'/60'/0'/0/0",
{
nonce: 0,
to: "0xD080156885651fADbD6df14145051b934660a748",
value: 1e10,
chainId: 1,
gasPrice: 1e6,
gasLimit: 25000
}
);
const response = await device.Exchange(commandData);
const rawTx = SecuxETH.resolveTransaction(response, rawTx);
*/
const { raw_tx, signature } = await device.sign(
"m/44'/60'/0'/0/0",
{
nonce: 0,
to: "0xD080156885651fADbD6df14145051b934660a748",
value: 1e10,
chainId: 1,
maxPriorityFeePerGas: 1e4,
maxFeePerGas: 1e6,
gasLimit: 25000
}
);
const { raw_tx, signature } = await device.sign(
"m/44'/60'/0'/0/0",
{
nonce: 0,
to: "0x1f9840a85d5af5bf1d1762f925bdaddc4201f984",
value: 0,
data: "0xa9059cbb000000000000000000000000d080156885651fadbd6df14145051b934660a7410000000000000000000000000000000000000000000000000000000000989680",
chainId: 1,
gasPrice: 1e6,
gasLimit: 25000
}
);
/*
// alternative usage
const { commandData, rawTx } = SecuxETH.ERC20.prepareTransfer(
"m/44'/60'/0'/0/0",
{
nonce: 0,
to: "0x1f9840a85d5af5bf1d1762f925bdaddc4201f984",
value: 0,
chainId: 1,
gasPrice: 1e6,
gasLimit: 25000
},
{
toAddress: "0xD080156885651fADbD6df14145051b934660a748",
amount: `0x${1e18.toString(16)}`
}
);
const response = await device.Exchange(commandData);
const rawTx = SecuxETH.resolve(response, rawTx);
*/
const { signature } = await device.sign("m/44'/60'/0'/0/0", msg);
// given chainId, return EIP-155 applied signature
// const { signature } = await device.sign("m/44'/60'/0'/0/0", msg, 1);
/*
// transfer data to hardware wallet by custom transport layer.
const buffer = SecuxETH.prepareSignMessage("m/44'/60'/0'/0/0", msg);
const response = await device.Exchange(buffer);
const signature = SecuxETH.resolveSignatureEIP155(response);
*/
const { signature } = await device.sign("m/44'/60'/0'/0/0", JSON.stringify(typedData));
// given chainId, return EIP-155 applied signature
// const { signature } = await device.sign("m/44'/60'/0'/0/0", JSON.stringify(typedData), 1);
/*
// transfer data to hardware wallet by custom transport layer.
const buffer = SecuxETH.prepareSignTypedData("m/44'/60'/0'/0/0", msg);
const response = await device.Exchange(buffer);
// given chainId, return EIP-155 applied signature
const signature = SecuxETH.resolveSignatureEIP155(response, 1);
*/
const { raw_tx, signature } = await device.sign(
"m/44'/60'/0'/0/0",
{
nonce: 0,
to: "0xD080156885651fADbD6df14145051b934660a748",
value: 0,
data: "0x7ff36ab5000000000000000000000000000000000000000000000000302bf3f82d406d120000000000000000000000000000000000000000000000000000000000000080000000000000000000000000d080156885651fadbd6df14145051b934660a7480000000000000000000000000000000000000000000000000000000060b613630000000000000000000000000000000000000000000000000000000000000003000000000000000000000000bb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c0000000000000000000000007130d2a12b9bcbfae4f2634d864a1ee1ce3ead9c000000000000000000000000e9e7cea3dedca5984780bafc599bd69add087d56",
chainId: 56,
gasPrice: 1e6,
gasLimit: 25000
},
true
);
/*
// transfer data to hardware wallet by custom transport layer.
const { commandData, rawTx } = SecuxETH.prepareSignWalletConnectTransaction(
"m/44'/60'/0'/0/0",
{
nonce: 0,
to: "0xD080156885651fADbD6df14145051b934660a748",
value: 0,
data: "0x7ff36ab5000000000000000000000000000000000000000000000000302bf3f82d406d120000000000000000000000000000000000000000000000000000000000000080000000000000000000000000d080156885651fadbd6df14145051b934660a7480000000000000000000000000000000000000000000000000000000060b613630000000000000000000000000000000000000000000000000000000000000003000000000000000000000000bb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c0000000000000000000000007130d2a12b9bcbfae4f2634d864a1ee1ce3ead9c000000000000000000000000e9e7cea3dedca5984780bafc599bd69add087d56",
chainId: 56,
gasPrice: 1e6,
gasLimit: 25000
}
);
const response = await device.Exchange(commandData);
const rawTx = SecuxETH.resolveTransaction(response, rawTx);
*/
ETH package for SecuX device
Kind: global class
communicationData
string
string
communicationData
string
communicationData
string
communicationData
string
string
prepared
string
prepared
communicationData
communicationData
prepared
communicationData
Prepare data for address generation.
Returns: communicationData
- data for sending to device
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
string
Convert publickey to ETH address.
Returns: string
- EIP55 address
Param | Type | Description |
---|---|---|
publickey | string | Buffer | secp256k1 publickey |
string
Resolve address from response data.
Returns: string
- EIP55 address
Param | Type | Description |
---|---|---|
response | communicationData | data from device |
communicationData
Prepare data for secp256k1 publickey.
Returns: communicationData
- data for sending to device
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
string
Resolve secp256k1 publickey from response data.
Returns: string
- secp256k1 publickey (hex string)
Param | Type | Description |
---|---|---|
response | communicationData | data from device |
communicationData
Prepare data for xpub generation.
Returns: communicationData
- data for sending to device
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
string
Generate xpub with response data.
Returns: string
- xpub
Param | Type | Description |
---|---|---|
response | communicationData | data from device |
path | string | m/44'/60'/... |
communicationData
Convert unsigned transaction to command data.
Returns: communicationData
- data for sending to device
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
serialized | communicationData | unsigned transaction |
string
Reslove signature from response data.
Returns: string
- signature (hex string)
Param | Type | Description |
---|---|---|
response | communicationData | data from device |
string
Serialize transaction wtih signature for broadcasting.
Returns: string
- signed raw transaction
Param | Type | Description |
---|---|---|
response | communicationData | data from device |
serialized | communicationData | unsigned transaction |
prepared
Prepare data for signing.
Returns: prepared
- prepared object
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
content | tx155 | EIP-155 transaction object |
string
Reslove signature and follow ethereum signature standard.
Returns: string
- signature (hex string)
Param | Type | Description |
---|---|---|
response | communicationData | data from device |
[chainId] | number | if give a chainId, the signature will be EIP-155 applied |
prepared
Prepare data for signing (London Hard Fork).
Returns: prepared
- prepared object
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
content | tx1559 | EIP-1559 transaction object |
communicationData
Prepare data for signing.
Returns: communicationData
- data for sending to device
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
message | string |
communicationData
Prepare data for signing.
Returns: communicationData
- data for sending to device
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
data | JsonString | EIP712 |
prepared
Prepare data for signing using WalletConnect protocol.
Returns: prepared
- prepared object
Param | Type | Description |
---|---|---|
path | string | m/44'/60'/... |
content | tx155 | tx1559 | transaction object |
Properties
Name | Type | Description |
---|---|---|
chainId | number | network for ethereum ecosystem |
to | string | receiving address |
value | number | string | sending amount |
nonce | number | string | |
gasPrice | number | string | |
gasLimit | number | string | |
[data] | string |
Properties
Name | Type | Description |
---|---|---|
commandData | communicationData | data for sending to device |
serialized | communicationData | unsigned transaction |
Properties
Name | Type | Description |
---|---|---|
chainId | number | network for ethereum ecosystem |
to | string | receiving address |
value | number | string | sending amount |
nonce | number | string | |
maxPriorityFeePerGas | number | string | |
maxFeePerGas | number | string | |
gasLimit | number | string | |
[content.accessList] | Array.<any> | |
[data] | string |
© 2018-21 SecuX Technology Inc.
authors:
andersonwu@secuxtech.com
FAQs
SecuX Hardware Wallet ETH API
The npm package @secux/app-eth receives a total of 3 weekly downloads. As such, @secux/app-eth popularity was classified as not popular.
We found that @secux/app-eth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.