feat: Commit to uuid, add Buffer to app

DLC-link · Mar 25, 2024 · 4a533e5 · 4a533e5
1 parent 288f36e
commit 4a533e5
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 9 deletions.
diff --git a/index.html b/index.html
@@ -1,8 +1,13 @@
 <!doctype html>
 <html lang="en">
   <head>
+    <script type="module">
+      import { Buffer } from 'buffer';
+
+      window.Buffer = Buffer;
+    </script>
     <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg" href="/images/logos/dlc-link-logo.svg">
+    <link rel="icon" type="image/svg" href="/images/logos/dlc-link-logo.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>DLC.Link dlcBTC Website</title>
   </head>

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -24,14 +24,14 @@
     "@emotion/styled": "^11.11.0",
     "@fontsource/poppins": "^5.0.8",
     "@ls-lint/ls-lint": "^2.2.2",
-    "@noble/hashes": "^1.3.3",
     "@reduxjs/toolkit": "^1.9.7",
     "@scure/base": "^1.1.5",
     "@scure/bip32": "^1.3.3",
     "@scure/btc-signer": "^1.2.1",
     "@trivago/prettier-plugin-sort-imports": "^4.2.1",
     "@types/chrome": "^0.0.248",
     "bitcoinjs-lib": "^6.1.5",
+    "buffer": "^6.0.3",
     "concurrently": "^8.2.2",
     "decimal.js": "^10.4.3",
     "dotenv": "^16.3.1",

diff --git a/src/app/hooks/use-bitcoin.ts b/src/app/hooks/use-bitcoin.ts
@@ -72,7 +72,10 @@ interface RpcResponse {
 }
 
 interface UseBitcoinReturnType {
-  signAndBroadcastFundingPSBT: (btcAmount: number) => Promise<{
+  signAndBroadcastFundingPSBT: (
+    btcAmount: number,
+    uuid: string
+  ) => Promise<{
     fundingTransaction: btc.Transaction;
     multisigTransaction: btc.P2TROut;
     userNativeSegwitAddress: string;
@@ -179,10 +182,28 @@ export function useBitcoin(): UseBitcoinReturnType {
   function createMultisigTransaction(
     userPublicKey: Uint8Array,
     attestorGroupPublicKey: Uint8Array,
+    uuid: string,
     bitcoinNetwork: BitcoinNetwork
   ): btc.P2TROut {
     const multisig = btc.p2tr_ns(2, [userPublicKey, attestorGroupPublicKey]);
-    const multisigTransaction = btc.p2tr(undefined, multisig, bitcoinNetwork);
+
+    // The following is taken from the https://github.com/paulmillr/scure-btc-signer
+    // Another stupid decision, where lack of standard affects security.
+    // Multisig needs to be generated with some key.
+    // We are using approach from BIP 341/bitcoinjs-lib: SHA256(uncompressedDER(SECP256K1_GENERATOR_POINT))
+    // It is possible to switch SECP256K1_GENERATOR_POINT with some random point;
+    // but it's too complex to prove.
+    // Also used by bitcoin-core and bitcoinjs-lib
+    const TAPROOT_UNSPENDABLE_KEY_STR =
+      '50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0';
+    const TAPROOT_UNSPENDABLE_KEY = hexToBytes(TAPROOT_UNSPENDABLE_KEY_STR);
+
+    const tweakedUnspendableWithUUID = btc.taprootTweakPubkey(
+      TAPROOT_UNSPENDABLE_KEY,
+      Buffer.from(uuid)
+    )[0];
+    const multisigTransaction = btc.p2tr(tweakedUnspendableWithUUID, multisig, bitcoinNetwork);
+    multisigTransaction.tapInternalKey = tweakedUnspendableWithUUID;
 
     return multisigTransaction;
   }
@@ -256,7 +277,6 @@ export function useBitcoin(): UseBitcoinReturnType {
       BigInt(bitcoinAmount - 10000),
       bitcoinNetwork
     );
-
     const closingPSBT = closingTransaction.toPSBT();
 
     return closingPSBT;
@@ -307,7 +327,10 @@ export function useBitcoin(): UseBitcoinReturnType {
    * @param bitcoinAmount - The amount of bitcoin to be used in the transaction.
    * @returns A promise that resolves when the transaction has been successfully broadcasted.
    */
-  async function signAndBroadcastFundingPSBT(bitcoinAmount: number): Promise<{
+  async function signAndBroadcastFundingPSBT(
+    bitcoinAmount: number,
+    uuid: string
+  ): Promise<{
     fundingTransaction: btc.Transaction;
     multisigTransaction: btc.P2TROut;
     userNativeSegwitAddress: string;
@@ -324,6 +347,7 @@ export function useBitcoin(): UseBitcoinReturnType {
     const multisigTransaction = createMultisigTransaction(
       hex.decode(userPublicKey),
       hex.decode(attestorPublicKey),
+      uuid,
       bitcoinNetwork
     );
 

diff --git a/src/app/hooks/use-psbt.ts b/src/app/hooks/use-psbt.ts
@@ -37,7 +37,7 @@ export function usePSBT(): UsePSBTReturnType {
 
     try {
       const { fundingTransaction, multisigTransaction, userNativeSegwitAddress } =
-        await signAndBroadcastFundingPSBT(shiftedBTCDepositAmount);
+        await signAndBroadcastFundingPSBT(shiftedBTCDepositAmount, vaultUUID);
 
       setVaultUUID(vaultUUID);
       setBitcoinAmount(shiftedBTCDepositAmount);