Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@silencelaboratories/walletprovider-sdk
Advanced tools
The frontend library for Silent Network.
Under the demo directory we provide the sample webpage that shows example usage of the library. In order to run it execute the following:
bun install
bun run build
cd demo
npm install
npm run dev
The demo fetches configuration from the .env
file. We provided example .env
here.
The demo communicates with backend service. Run it before using the demo page.
The library is published on npmjs registry.
Install it in your project as usual:
npm i @silencelaboratories/walletprovider-sdk
The library communicates with backend service. The example implementation of such service is accessible here. Please refer to backend documentation in order to run the service.
Frontend uses WalletProviderServiceClient object in order to connect to the backend and send requests.
For description of classes, interfaces, types, please refer to documentation.
The full working example is in the demo. The core object to use is the NetworkSigner.
It allows to generate keys and do signatures. In order to create, you need two other components. The WalletProviderServiceClient that connects to the Backend part of the SDK, and the authentication module. Currently we provide EOA authentication via EOAAuth.
Let's create the NetworkSigner
const wpClient = await createWalletProviderService(clusterConfig);
// Authenticate using EOA
const eoaAuth = new EOAAuth(accountsFromBrowserWallet[0], new BrowserWallet());
// Create a new signer instance
const sdk = new NetworkSigner(wpClient, threshold, partiesNumber, eoaAuth);
Now you can generate a key, using the authenticateAndCreateKey method. The method accepts optional permissions. No permissions means allow all operations.
const permissions = {
permissions: [
{
type: 'erc20',
method: 'approve',
to: '0x1234567890123456789012345678901234567890',
args: {
spender: '0x1234567890123456789012345678901234567890',
value: 10000,
eq: '<',
},
},
],
};
// Generate a new key
let resp: KeygenResponse = await sdk.authenticateAndCreateKey(JSON.stringify(permissions));
Calling this method will cause to the Browser Wallet window to pop up, requesting the User to sign the request. After execution KeygenResponse is returned.
The KeygenResponse contains keyId
and publicKey
. The publicKey
is the public part of the key generated by Silent Network. Use the keyId
in subsequent calls to sign.
The full signing example is here.
Use the NetworkSigner.authenticateAndSign method in order to generate a signature.
let signMessage = JSON.stringify({
userOperation: {
sender: '0x8d4cb2540d993fe34c646299f1ab4af3012ff34c',
nonce: '0x7',
initCode: '',
callData: '0000189a...',
callGasLimit: '123130',
verificationGasLimit: '153427',
preVerificationGas: '66768',
maxFeePerGas: '',
maxPriorityFeePerGas: '',
paymasterAndData: '',
},
entryPointVersion: 'v0.6.0',
entryPointAddress: '0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789',
chainId: 80002,
});
let resp = await sdk.authenticateAndSign(selectedKeyId, signMessage);
The SignResponse contains the signature sign
and the recovery ID recid
.
Audience of this section are library developers.
Install bun from https://bun.sh
bun install
bun run build
The output will be in the dist
folder.
Create *.test.ts
files and run tests with:
bun run test
# or watch test
bun run test:watch
bun run format
bun run docs
FAQs
Frontend SDK for Wallet Providers
The npm package @silencelaboratories/walletprovider-sdk receives a total of 918 weekly downloads. As such, @silencelaboratories/walletprovider-sdk popularity was classified as not popular.
We found that @silencelaboratories/walletprovider-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.