
22305 lines
916 KiB
Raw Normal View History

2023-02-23 05:53:56 +03:00
(function (global, factory) {
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
typeof define === 'function' && define.amd ? define(['exports'], factory) :
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.ethers = {}));
})(this, (function (exports) { 'use strict';
/* Do NOT modify this file; see /src.ts/_admin/update-version.ts */
* The current version of Ethers.
const version = "6.0.6";
* Property helper functions.
* @_subsection api/utils:Properties [about-properties]
function checkType(value, type, name) {
const types = type.split("|").map(t => t.trim());
for (let i = 0; i < types.length; i++) {
switch (type) {
case "any":
case "bigint":
case "boolean":
case "number":
case "string":
if (typeof (value) === type) {
const error = new Error(`invalid value for type ${type}`);
error.code = "INVALID_ARGUMENT";
error.argument = `value.${name}`;
error.value = value;
throw error;
* Resolves to a new object that is a copy of %%value%%, but with all
* values resolved.
async function resolveProperties(value) {
const keys = Object.keys(value);
const results = await Promise.all( => Promise.resolve(value[k])));
return results.reduce((accum, v, index) => {
accum[keys[index]] = v;
return accum;
}, {});
* Assigns the %%values%% to %%target%% as read-only values.
* It %%types%% is specified, the values are checked.
function defineProperties(target, values, types) {
for (let key in values) {
let value = values[key];
const type = (types ? types[key] : null);
if (type) {
checkType(value, type, key);
Object.defineProperty(target, key, { enumerable: true, value, writable: false });
* About Errors.
* @_section: api/utils/errors:Errors [about-errors]
function stringify$1(value) {
if (value == null) {
return "null";
if (Array.isArray(value)) {
return "[ " + ($1)).join(", ") + " ]";
if (value instanceof Uint8Array) {
const HEX = "0123456789abcdef";
let result = "0x";
for (let i = 0; i < value.length; i++) {
result += HEX[value[i] >> 4];
result += HEX[value[i] & 0xf];
return result;
if (typeof (value) === "object" && typeof (value.toJSON) === "function") {
return stringify$1(value.toJSON());
switch (typeof (value)) {
case "boolean":
case "symbol":
return value.toString();
case "bigint":
return BigInt(value).toString();
case "number":
return (value).toString();
case "string":
return JSON.stringify(value);
case "object": {
const keys = Object.keys(value);
return "{ " + => `${stringify$1(k)}: ${stringify$1(value[k])}`).join(", ") + " }";
* Returns true if the %%error%% matches an error thrown by ethers
* that matches the error %%code%%.
* In TypeScript envornoments, this can be used to check that %%error%%
* matches an EthersError type, which means the expected properties will
* be set.
* @See [ErrorCodes](api:ErrorCode)
* @example
* try {
* // code....
* } catch (e) {
* if (isError(e, "CALL_EXCEPTION")) {
* // The Type Guard has validated this object
* console.log(;
* }
* }
function isError(error, code) {
return (error && error.code === code);
* Returns true if %%error%% is a [[CallExceptionError].
function isCallException(error) {
return isError(error, "CALL_EXCEPTION");
* Returns a new Error configured to the format ethers emits errors, with
* the %%message%%, [[api:ErrorCode]] %%code%% and additioanl properties
* for the corresponding EthersError.
* Each error in ethers includes the version of ethers, a
* machine-readable [[ErrorCode]], and depneding on %%code%%, additional
* required properties. The error message will also include the %%meeage%%,
* ethers version, %%code%% and all aditional properties, serialized.
function makeError(message, code, info) {
const details = [];
if (info) {
if ("message" in info || "code" in info || "name" in info) {
throw new Error(`value will overwrite populated values: ${stringify$1(info)}`);
for (const key in info) {
const value = (info[key]);
// try {
details.push(key + "=" + stringify$1(value));
// } catch (error: any) {
// console.log("MMM", error.message);
// details.push(key + "=[could not serialize object]");
// }
if (details.length) {
message += " (" + details.join(", ") + ")";
let error;
switch (code) {
error = new TypeError(message);
error = new RangeError(message);
error = new Error(message);
defineProperties(error, { code });
if (info) {
Object.assign(error, info);
return error;
* Throws an EthersError with %%message%%, %%code%% and additional error
* %%info%% when %%check%% is falsish..
* @see [[api:makeError]]
function assert$1(check, message, code, info) {
if (!check) {
throw makeError(message, code, info);
* A simple helper to simply ensuring provided arguments match expected
* constraints, throwing if not.
* In TypeScript environments, the %%check%% has been asserted true, so
* any further code does not need additional compile-time checks.
function assertArgument(check, message, name, value) {
assert$1(check, message, "INVALID_ARGUMENT", { argument: name, value: value });
function assertArgumentCount(count, expectedCount, message) {
if (message == null) {
message = "";
if (message) {
message = ": " + message;
assert$1(count >= expectedCount, "missing arguemnt" + message, "MISSING_ARGUMENT", {
count: count,
expectedCount: expectedCount
assert$1(count <= expectedCount, "too many arguemnts" + message, "UNEXPECTED_ARGUMENT", {
count: count,
expectedCount: expectedCount
const _normalizeForms = ["NFD", "NFC", "NFKD", "NFKC"].reduce((accum, form) => {
try {
// General test for normalize
/* c8 ignore start */
if ("test".normalize(form) !== "test") {
throw new Error("bad");
/* c8 ignore stop */
if (form === "NFD") {
const check = String.fromCharCode(0xe9).normalize("NFD");
const expected = String.fromCharCode(0x65, 0x0301);
/* c8 ignore start */
if (check !== expected) {
throw new Error("broken");
/* c8 ignore stop */
catch (error) { }
return accum;
}, []);
* Throws if the normalization %%form%% is not supported.
function assertNormalize(form) {
assert$1(_normalizeForms.indexOf(form) >= 0, "platform missing String.prototype.normalize", "UNSUPPORTED_OPERATION", {
operation: "String.prototype.normalize", info: { form }
* Many classes use file-scoped values to guard the constructor,
* making it effectively private. This facilitates that pattern
* by ensuring the %%givenGaurd%% matches the file-scoped %%guard%%,
* throwing if not, indicating the %%className%% if provided.
function assertPrivate(givenGuard, guard, className) {
if (className == null) {
className = "";
if (givenGuard !== guard) {
let method = className, operation = "new";
if (className) {
method += ".";
operation += " " + className;
assert$1(false, `private constructor; use ${method}from* methods`, "UNSUPPORTED_OPERATION", {
* Some data helpers.
* @_subsection api/utils:Data Helpers [about-data]
function _getBytes(value, name, copy) {
if (value instanceof Uint8Array) {
if (copy) {
return new Uint8Array(value);
return value;
if (typeof (value) === "string" && value.match(/^0x([0-9a-f][0-9a-f])*$/i)) {
const result = new Uint8Array((value.length - 2) / 2);
let offset = 2;
for (let i = 0; i < result.length; i++) {
result[i] = parseInt(value.substring(offset, offset + 2), 16);
offset += 2;
return result;
assertArgument(false, "invalid BytesLike value", name || "value", value);
* Get a typed Uint8Array for %%value%%. If already a Uint8Array
* the original %%value%% is returned; if a copy is required use
* [[getBytesCopy]].
* @see: getBytesCopy
function getBytes(value, name) {
return _getBytes(value, name, false);
* Get a typed Uint8Array for %%value%%, creating a copy if necessary
* to prevent any modifications of the returned value from being
* reflected elsewhere.
* @see: getBytes
function getBytesCopy(value, name) {
return _getBytes(value, name, true);
* Returns true if %%value%% is a valid [[HexString]].
* If %%length%% is ``true`` or a //number//, it also checks that
* %%value%% is a valid [[DataHexString]] of %%length%% (if a //number//)
* bytes of data (e.g. ``0x1234`` is 2 bytes).
function isHexString(value, length) {
if (typeof (value) !== "string" || !value.match(/^0x[0-9A-Fa-f]*$/)) {
return false;
if (typeof (length) === "number" && value.length !== 2 + 2 * length) {
return false;
if (length === true && (value.length % 2) !== 0) {
return false;
return true;
* Returns true if %%value%% is a valid representation of arbitrary
* data (i.e. a valid [[DataHexString]] or a Uint8Array).
function isBytesLike(value) {
return (isHexString(value, true) || (value instanceof Uint8Array));
const HexCharacters = "0123456789abcdef";
* Returns a [[DataHexString]] representation of %%data%%.
function hexlify(data) {
const bytes = getBytes(data);
let result = "0x";
for (let i = 0; i < bytes.length; i++) {
const v = bytes[i];
result += HexCharacters[(v & 0xf0) >> 4] + HexCharacters[v & 0x0f];
return result;
* Returns a [[DataHexString]] by concatenating all values
* within %%data%%.
function concat(datas) {
return "0x" + => hexlify(d).substring(2)).join("");
* Returns the length of %%data%%, in bytes.
function dataLength(data) {
if (isHexString(data, true)) {
return (data.length - 2) / 2;
return getBytes(data).length;
* Returns a [[DataHexString]] by slicing %%data%% from the %%start%%
* offset to the %%end%% offset.
* By default %%start%% is 0 and %%end%% is the length of %%data%%.
function dataSlice(data, start, end) {
const bytes = getBytes(data);
if (end != null && end > bytes.length) {
assert$1(false, "cannot slice beyond data bounds", "BUFFER_OVERRUN", {
buffer: bytes, length: bytes.length, offset: end
return hexlify(bytes.slice((start == null) ? 0 : start, (end == null) ? bytes.length : end));
* Return the [[DataHexString]] result by stripping all **leading**
** zero bytes from %%data%%.
function stripZerosLeft(data) {
let bytes = hexlify(data).substring(2);
while (bytes.startsWith("00")) {
bytes = bytes.substring(2);
return "0x" + bytes;
function zeroPad(data, length, left) {
const bytes = getBytes(data);
assert$1(length >= bytes.length, "padding exceeds data length", "BUFFER_OVERRUN", {
buffer: new Uint8Array(bytes),
length: length,
offset: length + 1
const result = new Uint8Array(length);
if (left) {
result.set(bytes, length - bytes.length);
else {
result.set(bytes, 0);
return hexlify(result);
* Return the [[DataHexString]] of %%data%% padded on the **left**
* to %%length%% bytes.
* If %%data%% already exceeds %%length%%, a [[BufferOverrunError]] is
* thrown.
* This pads data the same as **values** are in Solidity
* (e.g. ``uint128``).
function zeroPadValue(data, length) {
return zeroPad(data, length, true);
* Return the [[DataHexString]] of %%data%% padded on the **right**
* to %%length%% bytes.
* If %%data%% already exceeds %%length%%, a [[BufferOverrunError]] is
* thrown.
* This pads data the same as **bytes** are in Solidity
* (e.g. ``bytes16``).
function zeroPadBytes(data, length) {
return zeroPad(data, length, false);
* Some mathematic operations.
* @_subsection: api/utils:Math Helpers [about-maths]
const BN_0$a = BigInt(0);
const BN_1$5 = BigInt(1);
//const BN_Max256 = (BN_1 << BigInt(256)) - BN_1;
// IEEE 754 support 53-bits of mantissa
const maxValue = 0x1fffffffffffff;
* Convert %%value%% from a twos-compliment representation of %%width%%
* bits to its value.
* If the highest bit is ``1``, the result will be negative.
function fromTwos(_value, _width) {
const value = getUint(_value, "value");
const width = BigInt(getNumber(_width, "width"));
assert$1((value >> width) === BN_0$a, "overflow", "NUMERIC_FAULT", {
operation: "fromTwos", fault: "overflow", value: _value
// Top bit set; treat as a negative value
if (value >> (width - BN_1$5)) {
const mask = (BN_1$5 << width) - BN_1$5;
return -(((~value) & mask) + BN_1$5);
return value;
* Convert %%value%% to a twos-compliment representation of
* %%width%% bits.
* The result will always be positive.
function toTwos(_value, _width) {
let value = getBigInt(_value, "value");
const width = BigInt(getNumber(_width, "width"));
const limit = (BN_1$5 << (width - BN_1$5));
if (value < BN_0$a) {
value = -value;
assert$1(value <= limit, "too low", "NUMERIC_FAULT", {
operation: "toTwos", fault: "overflow", value: _value
const mask = (BN_1$5 << width) - BN_1$5;
return ((~value) & mask) + BN_1$5;
else {
assert$1(value < limit, "too high", "NUMERIC_FAULT", {
operation: "toTwos", fault: "overflow", value: _value
return value;
* Mask %%value%% with a bitmask of %%bits%% ones.
function mask(_value, _bits) {
const value = getUint(_value, "value");
const bits = BigInt(getNumber(_bits, "bits"));
return value & ((BN_1$5 << bits) - BN_1$5);
* Gets a BigInt from %%value%%. If it is an invalid value for
* a BigInt, then an ArgumentError will be thrown for %%name%%.
function getBigInt(value, name) {
switch (typeof (value)) {
case "bigint": return value;
case "number":
assertArgument(Number.isInteger(value), "underflow", name || "value", value);
assertArgument(value >= -maxValue && value <= maxValue, "overflow", name || "value", value);
return BigInt(value);
case "string":
try {
if (value === "") {
throw new Error("empty string");
if (value[0] === "-" && value[1] !== "-") {
return -BigInt(value.substring(1));
return BigInt(value);
catch (e) {
assertArgument(false, `invalid BigNumberish string: ${e.message}`, name || "value", value);
assertArgument(false, "invalid BigNumberish value", name || "value", value);
function getUint(value, name) {
const result = getBigInt(value, name);
assert$1(result >= BN_0$a, "unsigned value cannot be negative", "NUMERIC_FAULT", {
fault: "overflow", operation: "getUint", value
return result;
const Nibbles$1 = "0123456789abcdef";
* Converts %%value%% to a BigInt. If %%value%% is a Uint8Array, it
* is treated as Big Endian data.
function toBigInt(value) {
if (value instanceof Uint8Array) {
let result = "0x0";
for (const v of value) {
result += Nibbles$1[v >> 4];
result += Nibbles$1[v & 0x0f];
return BigInt(result);
return getBigInt(value);
* Gets a //number// from %%value%%. If it is an invalid value for
* a //number//, then an ArgumentError will be thrown for %%name%%.
function getNumber(value, name) {
switch (typeof (value)) {
case "bigint":
assertArgument(value >= -maxValue && value <= maxValue, "overflow", name || "value", value);
return Number(value);
case "number":
assertArgument(Number.isInteger(value), "underflow", name || "value", value);
assertArgument(value >= -maxValue && value <= maxValue, "overflow", name || "value", value);
return value;
case "string":
try {
if (value === "") {
throw new Error("empty string");
return getNumber(BigInt(value), name);
catch (e) {
assertArgument(false, `invalid numeric string: ${e.message}`, name || "value", value);
assertArgument(false, "invalid numeric value", name || "value", value);
* Converts %%value%% to a number. If %%value%% is a Uint8Array, it
* is treated as Big Endian data. Throws if the value is not safe.
function toNumber(value) {
return getNumber(toBigInt(value));
* Converts %%value%% to a Big Endian hexstring, optionally padded to
* %%width%% bytes.
function toBeHex(_value, _width) {
const value = getUint(_value, "value");
let result = value.toString(16);
if (_width == null) {
// Ensure the value is of even length
if (result.length % 2) {
result = "0" + result;
else {
const width = getNumber(_width, "width");
assert$1(width * 2 >= result.length, `value exceeds width (${width} bits)`, "NUMERIC_FAULT", {
operation: "toBeHex",
fault: "overflow",
value: _value
// Pad the value to the required width
while (result.length < (width * 2)) {
result = "0" + result;
return "0x" + result;
* Converts %%value%% to a Big Endian Uint8Array.
function toBeArray(_value) {
const value = getUint(_value, "value");
if (value === BN_0$a) {
return new Uint8Array([]);
let hex = value.toString(16);
if (hex.length % 2) {
hex = "0" + hex;
const result = new Uint8Array(hex.length / 2);
for (let i = 0; i < result.length; i++) {
const offset = i * 2;
result[i] = parseInt(hex.substring(offset, offset + 2), 16);
return result;
* Returns a [[HexString]] for %%value%% safe to use as a //Quantity//.
* A //Quantity// does not have and leading 0 values unless the value is
* the literal value `0x0`. This is most commonly used for JSSON-RPC
* numeric values.
function toQuantity(value) {
let result = hexlify(isBytesLike(value) ? value : toBeArray(value)).substring(2);
while (result.startsWith("0")) {
result = result.substring(1);
if (result === "") {
result = "0";
return "0x" + result;
* The [Base58 Encoding](link-base58) scheme allows a **numeric** value
* to be encoded as a compact string using a radix of 58 using only
* alpha-numeric characters. Confusingly similar characters are omitted
* (i.e. ``"l0O"``).
* Note that Base58 encodes a **numeric** value, not arbitrary bytes,
* since any zero-bytes on the left would get removed. To mitigate this
* issue most schemes that use Base58 choose specific high-order values
* to ensure non-zero prefixes.
* @_subsection: api/utils:Base58 Encoding [about-base58]
const Alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
let Lookup = null;
function getAlpha(letter) {
if (Lookup == null) {
Lookup = {};
for (let i = 0; i < Alphabet.length; i++) {
Lookup[Alphabet[i]] = BigInt(i);
const result = Lookup[letter];
assertArgument(result != null, `invalid base58 value`, "letter", letter);
return result;
const BN_0$9 = BigInt(0);
const BN_58 = BigInt(58);
* Encode %%value%% as a Base58-encoded string.
function encodeBase58(_value) {
let value = toBigInt(getBytes(_value));
let result = "";
while (value) {
result = Alphabet[Number(value % BN_58)] + result;
value /= BN_58;
return result;
* Decode the Base58-encoded %%value%%.
function decodeBase58(value) {
let result = BN_0$9;
for (let i = 0; i < value.length; i++) {
result *= BN_58;
result += getAlpha(value[i]);
return result;
// utils/base64-browser
function decodeBase64(textData) {
textData = atob(textData);
const data = new Uint8Array(textData.length);
for (let i = 0; i < textData.length; i++) {
data[i] = textData.charCodeAt(i);
return getBytes(data);
function encodeBase64(_data) {
const data = getBytes(_data);
let textData = "";
for (let i = 0; i < data.length; i++) {
textData += String.fromCharCode(data[i]);
return btoa(textData);
* Explain events...
* @_section api/utils/events:Events [about-events]
* When an [[EventEmitterable]] triggers a [[Listener]], the
* callback always ahas one additional argument passed, which is
* an **EventPayload**.
class EventPayload {
* The event filter.
* The **EventEmitterable**.
* Create a new **EventPayload** for %%emitter%% with
* the %%listener%% and for %%filter%%.
constructor(emitter, listener, filter) {
this.#listener = listener;
defineProperties(this, { emitter, filter });
* Unregister the triggered listener for future events.
async removeListener() {
if (this.#listener == null) {
await, this.#listener);
* Using strings in Ethereum (or any security-basd system) requires
* additional care. These utilities attempt to mitigate some of the
* safety issues as well as provide the ability to recover and analyse
* strings.
* @_subsection api/utils:Strings and UTF-8 [about-strings]
function errorFunc(reason, offset, bytes, output, badCodepoint) {
assertArgument(false, `invalid codepoint at offset ${offset}; ${reason}`, "bytes", bytes);
function ignoreFunc(reason, offset, bytes, output, badCodepoint) {
// If there is an invalid prefix (including stray continuation), skip any additional continuation bytes
if (reason === "BAD_PREFIX" || reason === "UNEXPECTED_CONTINUE") {
let i = 0;
for (let o = offset + 1; o < bytes.length; o++) {
if (bytes[o] >> 6 !== 0x02) {
return i;
// This byte runs us past the end of the string, so just jump to the end
// (but the first byte was read already read and therefore skipped)
if (reason === "OVERRUN") {
return bytes.length - offset - 1;
// Nothing to skip
return 0;
function replaceFunc(reason, offset, bytes, output, badCodepoint) {
// Overlong representations are otherwise "valid" code points; just non-deistingtished
if (reason === "OVERLONG") {
assertArgument(typeof (badCodepoint) === "number", "invalid bad code point for replacement", "badCodepoint", badCodepoint);
return 0;
// Put the replacement character into the output
// Otherwise, process as if ignoring errors
return ignoreFunc(reason, offset, bytes, output, badCodepoint);
* A handful of popular, built-in UTF-8 error handling strategies.
* **``"error"``** - throws on ANY illegal UTF-8 sequence or
* non-canonical (overlong) codepoints (this is the default)
* **``"ignore"``** - silently drops any illegal UTF-8 sequence
* and accepts non-canonical (overlong) codepoints
* **``"replace"``** - replace any illegal UTF-8 sequence with the
* UTF-8 replacement character (i.e. ``"\\ufffd"``) and accepts
* non-canonical (overlong) codepoints
* @returns: Record<"error" | "ignore" | "replace", Utf8ErrorFunc>
const Utf8ErrorFuncs = Object.freeze({
error: errorFunc,
ignore: ignoreFunc,
replace: replaceFunc
function getUtf8CodePoints(_bytes, onError) {
if (onError == null) {
onError = Utf8ErrorFuncs.error;
const bytes = getBytes(_bytes, "bytes");
const result = [];
let i = 0;
// Invalid bytes are ignored
while (i < bytes.length) {
const c = bytes[i++];
// 0xxx xxxx
if (c >> 7 === 0) {
// Multibyte; how many bytes left for this character?
let extraLength = null;
let overlongMask = null;
// 110x xxxx 10xx xxxx
if ((c & 0xe0) === 0xc0) {
extraLength = 1;
overlongMask = 0x7f;
// 1110 xxxx 10xx xxxx 10xx xxxx
else if ((c & 0xf0) === 0xe0) {
extraLength = 2;
overlongMask = 0x7ff;
// 1111 0xxx 10xx xxxx 10xx xxxx 10xx xxxx
else if ((c & 0xf8) === 0xf0) {
extraLength = 3;
overlongMask = 0xffff;
else {
if ((c & 0xc0) === 0x80) {
i += onError("UNEXPECTED_CONTINUE", i - 1, bytes, result);
else {
i += onError("BAD_PREFIX", i - 1, bytes, result);
// Do we have enough bytes in our data?
if (i - 1 + extraLength >= bytes.length) {
i += onError("OVERRUN", i - 1, bytes, result);
// Remove the length prefix from the char
let res = c & ((1 << (8 - extraLength - 1)) - 1);
for (let j = 0; j < extraLength; j++) {
let nextChar = bytes[i];
// Invalid continuation byte
if ((nextChar & 0xc0) != 0x80) {
i += onError("MISSING_CONTINUE", i, bytes, result);
res = null;
res = (res << 6) | (nextChar & 0x3f);
// See above loop for invalid continuation byte
if (res === null) {
// Maximum code point
if (res > 0x10ffff) {
i += onError("OUT_OF_RANGE", i - 1 - extraLength, bytes, result, res);
// Reserved for UTF-16 surrogate halves
if (res >= 0xd800 && res <= 0xdfff) {
i += onError("UTF16_SURROGATE", i - 1 - extraLength, bytes, result, res);
// Check for overlong sequences (more bytes than needed)
if (res <= overlongMask) {
i += onError("OVERLONG", i - 1 - extraLength, bytes, result, res);
return result;
* Returns the UTF-8 byte representation of %%str%%.
* If %%form%% is specified, the string is normalized.
function toUtf8Bytes(str, form) {
if (form != null) {
str = str.normalize(form);
let result = [];
for (let i = 0; i < str.length; i++) {
const c = str.charCodeAt(i);
if (c < 0x80) {
else if (c < 0x800) {
result.push((c >> 6) | 0xc0);
result.push((c & 0x3f) | 0x80);
else if ((c & 0xfc00) == 0xd800) {
const c2 = str.charCodeAt(i);
assertArgument(i < str.length && ((c2 & 0xfc00) === 0xdc00), "invalid surrogate pair", "str", str);
// Surrogate Pair
const pair = 0x10000 + ((c & 0x03ff) << 10) + (c2 & 0x03ff);
result.push((pair >> 18) | 0xf0);
result.push(((pair >> 12) & 0x3f) | 0x80);
result.push(((pair >> 6) & 0x3f) | 0x80);
result.push((pair & 0x3f) | 0x80);
else {
result.push((c >> 12) | 0xe0);
result.push(((c >> 6) & 0x3f) | 0x80);
result.push((c & 0x3f) | 0x80);
return new Uint8Array(result);
function _toUtf8String(codePoints) {
return => {
if (codePoint <= 0xffff) {
return String.fromCharCode(codePoint);
codePoint -= 0x10000;
return String.fromCharCode((((codePoint >> 10) & 0x3ff) + 0xd800), ((codePoint & 0x3ff) + 0xdc00));
* Returns the string represented by the UTF-8 data %%bytes%%.
* When %%onError%% function is specified, it is called on UTF-8
* errors allowing recovery using the [[Utf8ErrorFunc]] API.
* (default: [error](Utf8ErrorFuncs))
function toUtf8String(bytes, onError) {
return _toUtf8String(getUtf8CodePoints(bytes, onError));
* Returns the UTF-8 code-points for %%str%%.
* If %%form%% is specified, the string is normalized.
function toUtf8CodePoints(str, form) {
return getUtf8CodePoints(toUtf8Bytes(str, form));
// @TODO: timeout is completely ignored; start a Promise.any with a reject?
async function getUrl(req, _signal) {
const protocol = req.url.split(":")[0].toLowerCase();
assert$1(protocol === "http" || protocol === "https", `unsupported protocol ${protocol}`, "UNSUPPORTED_OPERATION", {
info: { protocol },
operation: "request"
assert$1(!req.credentials || req.allowInsecureAuthentication, "insecure authorized connections unsupported", "UNSUPPORTED_OPERATION", {
operation: "request"
let signal = undefined;
if (_signal) {
const controller = new AbortController();
signal = controller.signal;
_signal.addListener(() => { controller.abort(); });
const init = {
method: req.method,
headers: new Headers(Array.from(req)),
body: req.body || undefined,
const resp = await fetch(req.url, init);
const headers = {};
resp.headers.forEach((value, key) => {
headers[key.toLowerCase()] = value;
const respBody = await resp.arrayBuffer();
const body = (respBody == null) ? null : new Uint8Array(respBody);
return {
statusCode: resp.status,
statusMessage: resp.statusText,
headers, body
* Explain fetching here...
* @_section api/utils/fetching:Fetching Web Content [about-fetch]
const MAX_ATTEMPTS = 12;
const SLOT_INTERVAL = 250;
// The global FetchGetUrlFunc implementation.
let getUrlFunc = getUrl;
const reData = new RegExp("^data:([^;:]*)?(;base64)?,(.*)$", "i");
const reIpfs = new RegExp("^ipfs:/\/(ipfs/)?(.*)$", "i");
// If locked, new Gateways cannot be added
let locked$5 = false;
async function dataGatewayFunc(url, signal) {
try {
const match = url.match(reData);
if (!match) {
throw new Error("invalid data");
return new FetchResponse(200, "OK", {
"content-type": (match[1] || "text/plain"),
}, (match[2] ? decodeBase64(match[3]) : unpercent(match[3])));
catch (error) {
return new FetchResponse(599, "BAD REQUEST (invalid data: URI)", {}, null, new FetchRequest(url));
* Returns a [[FetchGatewayFunc]] for fetching content from a standard
* IPFS gateway hosted at %%baseUrl%%.
function getIpfsGatewayFunc(baseUrl) {
async function gatewayIpfs(url, signal) {
try {
const match = url.match(reIpfs);
if (!match) {
throw new Error("invalid link");
return new FetchRequest(`${baseUrl}${match[2]}`);
catch (error) {
return new FetchResponse(599, "BAD REQUEST (invalid IPFS URI)", {}, null, new FetchRequest(url));
return gatewayIpfs;
const Gateways = {
"data": dataGatewayFunc,
"ipfs": getIpfsGatewayFunc("https:/\/")
const fetchSignals = new WeakMap();
* @_ignore
class FetchCancelSignal {
constructor(request) {
this.#listeners = [];
this.#cancelled = false;
fetchSignals.set(request, () => {
if (this.#cancelled) {
this.#cancelled = true;
for (const listener of this.#listeners) {
setTimeout(() => { listener(); }, 0);
this.#listeners = [];
addListener(listener) {
assert$1(!this.#cancelled, "singal already cancelled", "UNSUPPORTED_OPERATION", {
operation: "fetchCancelSignal.addCancelListener"
get cancelled() { return this.#cancelled; }
checkSignal() {
assert$1(!this.cancelled, "cancelled", "CANCELLED", {});
// Check the signal, throwing if it is cancelled
function checkSignal(signal) {
if (signal == null) {
throw new Error("missing signal; should not happen");
return signal;
* Represents a request for a resource using a URI.
* By default, the supported schemes are ``HTTP``, ``HTTPS``, ``data:``,
* and ``IPFS:``.
* Additional schemes can be added globally using [[registerGateway]].
* @example:
* req = new FetchRequest("")
* resp = await req.send()
* resp.body.length
* //_result:
class FetchRequest {
// Hooks
* The fetch URI to requrest.
get url() { return this.#url; }
set url(url) {
this.#url = String(url);
* The fetch body, if any, to send as the request body. //(default: null)//
* When setting a body, the intrinsic ``Content-Type`` is automatically
* set and will be used if **not overridden** by setting a custom
* header.
* If %%body%% is null, the body is cleared (along with the
* intrinsic ``Content-Type``) and the .
* If %%body%% is a string, the intrincis ``Content-Type`` is set to
* ``text/plain``.
* If %%body%% is a Uint8Array, the intrincis ``Content-Type`` is set to
* ``application/octet-stream``.
* If %%body%% is any other object, the intrincis ``Content-Type`` is
* set to ``application/json``.
get body() {
if (this.#body == null) {
return null;
return new Uint8Array(this.#body);
set body(body) {
if (body == null) {
this.#body = undefined;
this.#bodyType = undefined;
else if (typeof (body) === "string") {
this.#body = toUtf8Bytes(body);
this.#bodyType = "text/plain";
else if (body instanceof Uint8Array) {
this.#body = body;
this.#bodyType = "application/octet-stream";
else if (typeof (body) === "object") {
this.#body = toUtf8Bytes(JSON.stringify(body));
this.#bodyType = "application/json";
else {
throw new Error("invalid body");
* Returns true if the request has a body.
hasBody() {
return (this.#body != null);
* The HTTP method to use when requesting the URI. If no method
* has been explicitly set, then ``GET`` is used if the body is
* null and ``POST`` otherwise.
get method() {
if (this.#method) {
return this.#method;
if (this.hasBody()) {
return "POST";
return "GET";
set method(method) {
if (method == null) {
method = "";
this.#method = String(method).toUpperCase();
* The headers that will be used when requesting the URI. All
* keys are lower-case.
* This object is a copy, so any chnages will **NOT** be reflected
* in the ``FetchRequest``.
* To set a header entry, use the ``setHeader`` method.
get headers() {
const headers = Object.assign({}, this.#headers);
if (this.#creds) {
headers["authorization"] = `Basic ${encodeBase64(toUtf8Bytes(this.#creds))}`;
if (this.allowGzip) {
headers["accept-encoding"] = "gzip";
if (headers["content-type"] == null && this.#bodyType) {
headers["content-type"] = this.#bodyType;
if (this.body) {
headers["content-length"] = String(this.body.length);
return headers;
* Get the header for %%key%%, ignoring case.
getHeader(key) {
return this.headers[key.toLowerCase()];
* Set the header for %%key%% to %%value%%. All values are coerced
* to a string.
setHeader(key, value) {
this.#headers[String(key).toLowerCase()] = String(value);
* Clear all headers, resetting all intrinsic headers.
clearHeaders() {
this.#headers = {};
[Symbol.iterator]() {
const headers = this.headers;
const keys = Object.keys(headers);
let index = 0;
return {
next: () => {
if (index < keys.length) {
const key = keys[index++];
return {
value: [key, headers[key]], done: false
return { value: undefined, done: true };
* The value that will be sent for the ``Authorization`` header.
* To set the credentials, use the ``setCredentials`` method.
get credentials() {
return this.#creds || null;
* Sets an ``Authorization`` for %%username%% with %%password%%.
setCredentials(username, password) {
assertArgument(!username.match(/:/), "invalid basic authentication username", "username", "[REDACTED]");
this.#creds = `${username}:${password}`;
* Enable and request gzip-encoded responses. The response will
* automatically be decompressed. //(default: true)//
get allowGzip() {
return this.#gzip;
set allowGzip(value) {
this.#gzip = !!value;
* Allow ``Authentication`` credentials to be sent over insecure
* channels. //(default: false)//
get allowInsecureAuthentication() {
return !!this.#allowInsecure;
set allowInsecureAuthentication(value) {
this.#allowInsecure = !!value;
* The timeout (in milliseconds) to wait for a complere response.
* //(default: 5 minutes)//
get timeout() { return this.#timeout; }
set timeout(timeout) {
assertArgument(timeout >= 0, "timeout must be non-zero", "timeout", timeout);
this.#timeout = timeout;
* This function is called prior to each request, for example
* during a redirection or retry in case of server throttling.
* This offers an opportunity to populate headers or update
* content before sending a request.
get preflightFunc() {
return this.#preflight || null;
set preflightFunc(preflight) {
this.#preflight = preflight;
* This function is called after each response, offering an
* opportunity to provide client-level throttling or updating
* response data.
* Any error thrown in this causes the ``send()`` to throw.
* To schedule a retry attempt (assuming the maximum retry limit
* has not been reached), use [[response.throwThrottleError]].
get processFunc() {
return this.#process || null;
set processFunc(process) {
this.#process = process;
* This function is called on each retry attempt.
get retryFunc() {
return this.#retry || null;
set retryFunc(retry) {
this.#retry = retry;
* Create a new FetchRequest instance with default values.
* Once created, each property may be set before issuing a
* ``.send()`` to make teh request.
constructor(url) {
this.#url = String(url);
this.#allowInsecure = false;
this.#gzip = true;
this.#headers = {};
this.#method = "";
this.#timeout = 300000;
this.#throttle = {
slotInterval: SLOT_INTERVAL,
maxAttempts: MAX_ATTEMPTS
toString() {
return `<FetchRequest method=${JSON.stringify(this.method)} url=${JSON.stringify(this.url)} headers=${JSON.stringify(this.headers)} body=${this.#body ? hexlify(this.#body) : "null"}>`;
* Update the throttle parameters used to determine maximum
* attempts and exponential-backoff properties.
setThrottleParams(params) {
if (params.slotInterval != null) {
this.#throttle.slotInterval = params.slotInterval;
if (params.maxAttempts != null) {
this.#throttle.maxAttempts = params.maxAttempts;
async #send(attempt, expires, delay, _request, _response) {
if (attempt >= this.#throttle.maxAttempts) {
return _response.makeServerError("exceeded maximum retry limit");
assert$1(getTime$2() <= expires, "timeout", "TIMEOUT", {
operation: "request.send", reason: "timeout", request: _request
if (delay > 0) {
await wait(delay);
let req = this.clone();
const scheme = (req.url.split(":")[0] || "").toLowerCase();
// Process any Gateways
if (scheme in Gateways) {
const result = await Gateways[scheme](req.url, checkSignal(_request.#signal));
if (result instanceof FetchResponse) {
let response = result;
if (this.processFunc) {
try {
response = await this.processFunc(req, response);
catch (error) {
// Something went wrong during processing; throw a 5xx server error
if (error.throttle == null || typeof (error.stall) !== "number") {
response.makeServerError("error in post-processing function", error).assertOk();
// Ignore throttling
return response;
req = result;
// We have a preflight function; update the request
if (this.preflightFunc) {
req = await this.preflightFunc(req);
const resp = await getUrlFunc(req, checkSignal(_request.#signal));
let response = new FetchResponse(resp.statusCode, resp.statusMessage, resp.headers, resp.body, _request);
if (response.statusCode === 301 || response.statusCode === 302) {
// Redirect
try {
const location = response.headers.location || "";
return req.redirect(location).#send(attempt + 1, expires, 0, _request, response);
catch (error) { }
// Things won't get any better on another attempt; abort
return response;
else if (response.statusCode === 429) {
// Throttle
if (this.retryFunc == null || (await this.retryFunc(req, response, attempt))) {
const retryAfter = response.headers["retry-after"];
let delay = this.#throttle.slotInterval * Math.trunc(Math.random() * Math.pow(2, attempt));
if (typeof (retryAfter) === "string" && retryAfter.match(/^[1-9][0-9]*$/)) {
delay = parseInt(retryAfter);
return req.clone().#send(attempt + 1, expires, delay, _request, response);
if (this.processFunc) {
try {
response = await this.processFunc(req, response);
catch (error) {
// Something went wrong during processing; throw a 5xx server error
if (error.throttle == null || typeof (error.stall) !== "number") {
response.makeServerError("error in post-processing function", error).assertOk();
// Throttle
let delay = this.#throttle.slotInterval * Math.trunc(Math.random() * Math.pow(2, attempt));
if (error.stall >= 0) {
delay = error.stall;
return req.clone().#send(attempt + 1, expires, delay, _request, response);
return response;
* Resolves to the response by sending the request.
send() {
assert$1(this.#signal == null, "request already sent", "UNSUPPORTED_OPERATION", { operation: "fetchRequest.send" });
this.#signal = new FetchCancelSignal(this);
return this.#send(0, getTime$2() + this.timeout, 0, this, new FetchResponse(0, "", {}, null, this));
* Cancels the inflight response, causing a ``CANCELLED``
* error to be rejected from the [[send]].
cancel() {
assert$1(this.#signal != null, "request has not been sent", "UNSUPPORTED_OPERATION", { operation: "fetchRequest.cancel" });
const signal = fetchSignals.get(this);
if (!signal) {
throw new Error("missing signal; should not happen");
* Returns a new [[FetchRequest]] that represents the redirection
* to %%location%%.
redirect(location) {
// Redirection; for now we only support absolute locataions
const current = this.url.split(":")[0].toLowerCase();
const target = location.split(":")[0].toLowerCase();
// Don't allow redirecting:
// - non-GET requests
// - downgrading the security (e.g. https => http)
// - to non-HTTP (or non-HTTPS) protocols [this could be relaxed?]
assert$1(this.method === "GET" && (current !== "https" || target !== "http") && location.match(/^https?:/), `unsupported redirect`, "UNSUPPORTED_OPERATION", {
operation: `redirect(${this.method} ${JSON.stringify(this.url)} => ${JSON.stringify(location)})`
// Create a copy of this request, with a new URL
const req = new FetchRequest(location);
req.method = "GET";
req.allowGzip = this.allowGzip;
req.timeout = this.timeout;
req.#headers = Object.assign({}, this.#headers);
if (this.#body) {
req.#body = new Uint8Array(this.#body);
req.#bodyType = this.#bodyType;
// Do not forward credentials unless on the same domain; only absolute
//req.allowInsecure = false;
// paths are currently supported; may want a way to specify to forward?
//setStore(req.#props, "creds", getStore(this.#pros, "creds"));
return req;
* Create a new copy of this request.
clone() {
const clone = new FetchRequest(this.url);
// Preserve "default method" (i.e. null)
clone.#method = this.#method;
// Preserve "default body" with type, copying the Uint8Array is present
if (this.#body) {
clone.#body = this.#body;
clone.#bodyType = this.#bodyType;
// Preserve "default headers"
clone.#headers = Object.assign({}, this.#headers);
// Credentials is readonly, so we copy internally
clone.#creds = this.#creds;
if (this.allowGzip) {
clone.allowGzip = true;
clone.timeout = this.timeout;
if (this.allowInsecureAuthentication) {
clone.allowInsecureAuthentication = true;
clone.#preflight = this.#preflight;
clone.#process = this.#process;
clone.#retry = this.#retry;
return clone;
* Locks all static configuration for gateways and FetchGetUrlFunc
* registration.
static lockConfig() {
locked$5 = true;
* Get the current Gateway function for %%scheme%%.
static getGateway(scheme) {
return Gateways[scheme.toLowerCase()] || null;
* Use the %%func%% when fetching URIs using %%scheme%%.
* This method affects all requests globally.
* If [[lockConfig]] has been called, no change is made and this
* throws.
static registerGateway(scheme, func) {
scheme = scheme.toLowerCase();
if (scheme === "http" || scheme === "https") {
throw new Error(`cannot intercept ${scheme}; use registerGetUrl`);
if (locked$5) {
throw new Error("gateways locked");
Gateways[scheme] = func;
* Use %%getUrl%% when fetching URIs over HTTP and HTTPS requests.
* This method affects all requests globally.
* If [[lockConfig]] has been called, no change is made and this
* throws.
static registerGetUrl(getUrl) {
if (locked$5) {
throw new Error("gateways locked");
getUrlFunc = getUrl;
* Creates a function that can "fetch" data URIs.
* Note that this is automatically done internally to support
* data URIs, so it is not necessary to register it.
* This is not generally something that is needed, but may
* be useful in a wrapper to perfom custom data URI functionality.
static createDataGateway() {
return dataGatewayFunc;
* Creates a function that will fetch IPFS (unvalidated) from
* a custom gateway baseUrl.
* The default IPFS gateway used internally is
* ``"https:/\/"``.
static createIpfsGatewayFunc(baseUrl) {
return getIpfsGatewayFunc(baseUrl);
* The response for a FetchREquest.
class FetchResponse {
toString() {
return `<FetchResponse status=${this.statusCode} body=${this.#body ? hexlify(this.#body) : "null"}>`;
* The response status code.
get statusCode() { return this.#statusCode; }
* The response status message.
get statusMessage() { return this.#statusMessage; }
* The response headers. All keys are lower-case.
get headers() { return Object.assign({}, this.#headers); }
* The response body, or ``null`` if there was no body.
get body() {
return (this.#body == null) ? null : new Uint8Array(this.#body);
* The response body as a UTF-8 encoded string, or the empty
* string (i.e. ``""``) if there was no body.
* An error is thrown if the body is invalid UTF-8 data.
get bodyText() {
try {
return (this.#body == null) ? "" : toUtf8String(this.#body);
catch (error) {
assert$1(false, "response body is not valid UTF-8 data", "UNSUPPORTED_OPERATION", {
operation: "bodyText", info: { response: this }
* The response body, decoded as JSON.
* An error is thrown if the body is invalid JSON-encoded data
* or if there was no body.
get bodyJson() {
try {
return JSON.parse(this.bodyText);
catch (error) {
assert$1(false, "response body is not valid JSON", "UNSUPPORTED_OPERATION", {
operation: "bodyJson", info: { response: this }
[Symbol.iterator]() {
const headers = this.headers;
const keys = Object.keys(headers);
let index = 0;
return {
next: () => {
if (index < keys.length) {
const key = keys[index++];
return {
value: [key, headers[key]], done: false
return { value: undefined, done: true };
constructor(statusCode, statusMessage, headers, body, request) {
this.#statusCode = statusCode;
this.#statusMessage = statusMessage;
this.#headers = Object.keys(headers).reduce((accum, k) => {
accum[k.toLowerCase()] = String(headers[k]);
return accum;
}, {});
this.#body = ((body == null) ? null : new Uint8Array(body));
this.#request = (request || null);
this.#error = { message: "" };
* Return a Response with matching headers and body, but with
* an error status code (i.e. 599) and %%message%% with an
* optional %%error%%.
makeServerError(message, error) {
let statusMessage;
if (!message) {
message = `${this.statusCode} ${this.statusMessage}`;
statusMessage = `CLIENT ESCALATED SERVER ERROR (${message})`;
else {
statusMessage = `CLIENT ESCALATED SERVER ERROR (${this.statusCode} ${this.statusMessage}; ${message})`;
const response = new FetchResponse(599, statusMessage, this.headers, this.body, this.#request || undefined);
response.#error = { message, error };
return response;
* If called within a [request.processFunc](FetchRequest-processFunc)
* call, causes the request to retry as if throttled for %%stall%%
* milliseconds.
throwThrottleError(message, stall) {
if (stall == null) {
stall = -1;
else {
assertArgument(Number.isInteger(stall) && stall >= 0, "invalid stall timeout", "stall", stall);
const error = new Error(message || "throttling requests");
defineProperties(error, { stall, throttle: true });
throw error;
* Get the header value for %%key%%, ignoring case.
getHeader(key) {
return this.headers[key.toLowerCase()];
* Returns true of the response has a body.
hasBody() {
return (this.#body != null);
* The request made for this response.
get request() { return this.#request; }
* Returns true if this response was a success statusCode.
ok() {
return (this.#error.message === "" && this.statusCode >= 200 && this.statusCode < 300);
* Throws a ``SERVER_ERROR`` if this response is not ok.
assertOk() {
if (this.ok()) {
let { message, error } = this.#error;
if (message === "") {
message = `server response ${this.statusCode} ${this.statusMessage}`;
assert$1(false, message, "SERVER_ERROR", {
request: (this.request || "unknown request"), response: this, error
function getTime$2() { return (new Date()).getTime(); }
function unpercent(value) {
return toUtf8Bytes(value.replace(/%([0-9a-f][0-9a-f])/gi, (all, code) => {
return String.fromCharCode(parseInt(code, 16));
function wait(delay) {
return new Promise((resolve) => setTimeout(resolve, delay));
* About fixed-point math...
* @_section: api/utils/fixed-point-math:Fixed-Point Maths [about-fixed-point-math]
const BN_N1 = BigInt(-1);
const BN_0$8 = BigInt(0);
const BN_1$4 = BigInt(1);
const BN_5 = BigInt(5);
const _guard$5 = {};
// Constant to pull zeros from for multipliers
let Zeros$1 = "0000";
while (Zeros$1.length < 80) {
Zeros$1 += Zeros$1;
// Returns a string "1" followed by decimal "0"s
function getTens(decimals) {
let result = Zeros$1;
while (result.length < decimals) {
result += result;
return BigInt("1" + result.substring(0, decimals));
function checkValue(val, format, safeOp) {
const width = BigInt(format.width);
if (format.signed) {
const limit = (BN_1$4 << (width - BN_1$4));
assert$1(safeOp == null || (val >= -limit && val < limit), "overflow", "NUMERIC_FAULT", {
operation: safeOp, fault: "overflow", value: val
if (val > BN_0$8) {
val = fromTwos(mask(val, width), width);
else {
val = -fromTwos(mask(-val, width), width);
else {
const limit = (BN_1$4 << width);
assert$1(safeOp == null || (val >= 0 && val < limit), "overflow", "NUMERIC_FAULT", {
operation: safeOp, fault: "overflow", value: val
val = (((val % limit) + limit) % limit) & (limit - BN_1$4);
return val;
function getFormat(value) {
if (typeof (value) === "number") {
value = `fixed128x${value}`;
let signed = true;
let width = 128;
let decimals = 18;
if (typeof (value) === "string") {
// Parse the format string
if (value === "fixed") {
// defaults...
else if (value === "ufixed") {
signed = false;
else {
const match = value.match(/^(u?)fixed([0-9]+)x([0-9]+)$/);
assertArgument(match, "invalid fixed format", "format", value);
signed = (match[1] !== "u");
width = parseInt(match[2]);
decimals = parseInt(match[3]);
else if (value) {
// Extract the values from the object
const v = value;
const check = (key, type, defaultValue) => {
if (v[key] == null) {
return defaultValue;
assertArgument(typeof (v[key]) === type, "invalid fixed format (" + key + " not " + type + ")", "format." + key, v[key]);
return v[key];
signed = check("signed", "boolean", signed);
width = check("width", "number", width);
decimals = check("decimals", "number", decimals);
assertArgument((width % 8) === 0, "invalid FixedNumber width (not byte aligned)", "format.width", width);
assertArgument(decimals <= 80, "invalid FixedNumber decimals (too large)", "format.decimals", decimals);
const name = (signed ? "" : "u") + "fixed" + String(width) + "x" + String(decimals);
return { signed, width, decimals, name };
function toString(val, decimals) {
let negative = "";
if (val < BN_0$8) {
negative = "-";
val *= BN_N1;
let str = val.toString();
// No decimal point for whole values
if (decimals === 0) {
return (negative + str);
// Pad out to the whole component (including a whole digit)
while (str.length <= decimals) {
str = Zeros$1 + str;
// Insert the decimal point
const index = str.length - decimals;
str = str.substring(0, index) + "." + str.substring(index);
// Trim the whole component (leaving at least one 0)
while (str[0] === "0" && str[1] !== ".") {
str = str.substring(1);
// Trim the decimal component (leaving at least one 0)
while (str[str.length - 1] === "0" && str[str.length - 2] !== ".") {
str = str.substring(0, str.length - 1);
return (negative + str);
* A FixedNumber represents a value over its [[FixedFormat]]
* arithmetic field.
* A FixedNumber can be used to perform math, losslessly, on
* values which have decmial places.
* A FixedNumber has a fixed bit-width to store values in, and stores all
* values internally by multiplying the value by 10 raised to the power of
* %%decimals%%.
* If operations are performed that cause a value to grow too high (close to
* positive infinity) or too low (close to negative infinity), the value
* is said to //overflow//.
* For example, an 8-bit signed value, with 0 decimals may only be within
* the range ``-128`` to ``127``; so ``-128 - 1`` will overflow and become
* ``127``. Likewise, ``127 + 1`` will overflow and become ``-127``.
* Many operation have a normal and //unsafe// variant. The normal variant
* will throw a [[NumericFaultError]] on any overflow, while the //unsafe//
* variant will silently allow overflow, corrupting its value value.
* If operations are performed that cause a value to become too small
* (close to zero), the value loses precison and is said to //underflow//.
* For example, an value with 1 decimal place may store a number as small
* as ``0.1``, but the value of ``0.1 / 2`` is ``0.05``, which cannot fit
* into 1 decimal place, so underflow occurs which means precision is lost
* and the value becomes ``0``.
* Some operations have a normal and //signalling// variant. The normal
* variant will silently ignore underflow, while the //signalling// variant
* will thow a [[NumericFaultError]] on underflow.
class FixedNumber {
* The specific fixed-point arithmetic field for this value.
// The actual value (accounting for decimals)
// A base-10 value to multiple values by to maintain the magnitude
* This is a property so console.log shows a human-meaningful value.
* @private
// Use this when changing this file to get some typing info,
// but then switch to any to mask the internal type
//constructor(guard: any, value: bigint, format: _FixedFormat) {
* @private
constructor(guard, value, format) {
assertPrivate(guard, _guard$5, "FixedNumber");
this.#val = value;
this.#format = format;
const _value = toString(value, format.decimals);
defineProperties(this, { format:, _value });
this.#tens = getTens(format.decimals);
* If true, negative values are permitted, otherwise only
* positive values and zero are allowed.
get signed() { return this.#format.signed; }
* The number of bits available to store the value.
get width() { return this.#format.width; }
* The number of decimal places in the fixed-point arithment field.
get decimals() { return this.#format.decimals; }
* The value as an integer, based on the smallest unit the
* [[decimals]] allow.
get value() { return this.#val; }
#checkFormat(other) {
assertArgument(this.format === other.format, "incompatible format; use fixedNumber.toFormat", "other", other);
#checkValue(val, safeOp) {
const width = BigInt(this.width);
if (this.signed) {
const limit = (BN_1 << (width - BN_1));
assert(safeOp == null || (val >= -limit && val < limit), "overflow", "NUMERIC_FAULT", {
operation: <string>safeOp, fault: "overflow", value: val
if (val > BN_0) {
val = fromTwos(mask(val, width), width);
} else {
val = -fromTwos(mask(-val, width), width);
} else {
const masked = mask(val, width);
assert(safeOp == null || (val >= 0 && val === masked), "overflow", "NUMERIC_FAULT", {
operation: <string>safeOp, fault: "overflow", value: val
val = masked;
val = checkValue(val, this.#format, safeOp);
return new FixedNumber(_guard$5, val, this.#format);
#add(o, safeOp) {
return this.#checkValue(this.#val + o.#val, safeOp);
* Returns a new [[FixedNumber]] with the result of %%this%% added
* to %%other%%, ignoring overflow.
addUnsafe(other) { return this.#add(other); }
* Returns a new [[FixedNumber]] with the result of %%this%% added
* to %%other%%. A [[NumericFaultError]] is thrown if overflow
* occurs.
add(other) { return this.#add(other, "add"); }
#sub(o, safeOp) {
return this.#checkValue(this.#val - o.#val, safeOp);
* Returns a new [[FixedNumber]] with the result of %%other%% subtracted
* from %%this%%, ignoring overflow.
subUnsafe(other) { return this.#sub(other); }
* Returns a new [[FixedNumber]] with the result of %%other%% subtracted
* from %%this%%. A [[NumericFaultError]] is thrown if overflow
* occurs.
sub(other) { return this.#sub(other, "sub"); }
#mul(o, safeOp) {
return this.#checkValue((this.#val * o.#val) / this.#tens, safeOp);
* Returns a new [[FixedNumber]] with the result of %%this%% multiplied
* by %%other%%, ignoring overflow and underflow (precision loss).
mulUnsafe(other) { return this.#mul(other); }
* Returns a new [[FixedNumber]] with the result of %%this%% multiplied
* by %%other%%. A [[NumericFaultError]] is thrown if overflow
* occurs.
mul(other) { return this.#mul(other, "mul"); }
* Returns a new [[FixedNumber]] with the result of %%this%% multiplied
* by %%other%%. A [[NumericFaultError]] is thrown if overflow
* occurs or if underflow (precision loss) occurs.
mulSignal(other) {
const value = this.#val * other.#val;
assert$1((value % this.#tens) === BN_0$8, "precision lost during signalling mul", "NUMERIC_FAULT", {
operation: "mulSignal", fault: "underflow", value: this
return this.#checkValue(value / this.#tens, "mulSignal");
#div(o, safeOp) {
assert$1(o.#val !== BN_0$8, "division by zero", "NUMERIC_FAULT", {
operation: "div", fault: "divide-by-zero", value: this
return this.#checkValue((this.#val * this.#tens) / o.#val, safeOp);
* Returns a new [[FixedNumber]] with the result of %%this%% divided
* by %%other%%, ignoring underflow (precision loss). A
* [[NumericFaultError]] is thrown if overflow occurs.
divUnsafe(other) { return this.#div(other); }
* Returns a new [[FixedNumber]] with the result of %%this%% divided
* by %%other%%, ignoring underflow (precision loss). A
* [[NumericFaultError]] is thrown if overflow occurs.
div(other) { return this.#div(other, "div"); }
* Returns a new [[FixedNumber]] with the result of %%this%% divided
* by %%other%%. A [[NumericFaultError]] is thrown if underflow
* (precision loss) occurs.
divSignal(other) {
assert$1(other.#val !== BN_0$8, "division by zero", "NUMERIC_FAULT", {
operation: "div", fault: "divide-by-zero", value: this
const value = (this.#val * this.#tens);
assert$1((value % other.#val) === BN_0$8, "precision lost during signalling div", "NUMERIC_FAULT", {
operation: "divSignal", fault: "underflow", value: this
return this.#checkValue(value / other.#val, "divSignal");
* Returns a comparison result between %%this%% and %%other%%.
* This is suitable for use in sorting, where ``-1`` implies %%this%%
* is smaller, ``1`` implies %%other%% is larger and ``0`` implies
* both are equal.
cmp(other) {
let a = this.value, b = other.value;
// Coerce a and b to the same magnitude
const delta = this.decimals - other.decimals;
if (delta > 0) {
b *= getTens(delta);
else if (delta < 0) {
a *= getTens(-delta);
// Comnpare
if (a < b) {
return -1;
if (a > b) {
return -1;
return 0;
* Returns true if %%other%% is equal to %%this%%.
eq(other) { return this.cmp(other) === 0; }
* Returns true if %%other%% is less than to %%this%%.
lt(other) { return this.cmp(other) < 0; }
* Returns true if %%other%% is less than or equal to %%this%%.
lte(other) { return this.cmp(other) <= 0; }
* Returns true if %%other%% is greater than to %%this%%.
gt(other) { return this.cmp(other) > 0; }
* Returns true if %%other%% is greater than or equal to %%this%%.
gte(other) { return this.cmp(other) >= 0; }
* Returns a new [[FixedNumber]] which is the largest **integer**
* that is less than or equal to %%this%%.
* The decimal component of the result will always be ``0``.
floor() {
let val = this.#val;
if (this.#val < BN_0$8) {
val -= this.#tens - BN_1$4;
val = (this.#val / this.#tens) * this.#tens;
return this.#checkValue(val, "floor");
* Returns a new [[FixedNumber]] which is the smallest **integer**
* that is greater than or equal to %%this%%.
* The decimal component of the result will always be ``0``.
ceiling() {
let val = this.#val;
if (this.#val > BN_0$8) {
val += this.#tens - BN_1$4;
val = (this.#val / this.#tens) * this.#tens;
return this.#checkValue(val, "ceiling");
* Returns a new [[FixedNumber]] with the decimal component
* rounded up on ties at %%decimals%% places.
round(decimals) {
if (decimals == null) {
decimals = 0;
// Not enough precision to not already be rounded
if (decimals >= this.decimals) {
return this;
const delta = this.decimals - decimals;
const bump = BN_5 * getTens(delta - 1);
let value = this.value + bump;
const tens = getTens(delta);
value = (value / tens) * tens;
checkValue(value, this.#format, "round");
return new FixedNumber(_guard$5, value, this.#format);
* Returns true if %%this%% is equal to ``0``.
isZero() { return (this.#val === BN_0$8); }
* Returns true if %%this%% is less than ``0``.
isNegative() { return (this.#val < BN_0$8); }
* Returns the string representation of %%this%%.
toString() { return this._value; }
* Returns a float approximation.
* Due to IEEE 754 precission (or lack thereof), this function
* can only return an approximation and most values will contain
* rounding errors.
toUnsafeFloat() { return parseFloat(this.toString()); }
* Return a new [[FixedNumber]] with the same value but has had
* its field set to %%format%%.
* This will throw if the value cannot fit into %%format%%.
toFormat(format) {
return FixedNumber.fromString(this.toString(), format);
* Creates a new [[FixedNumber]] for %%value%% divided by
* %%decimal%% places with %%format%%.
* This will throw a [[NumericFaultError]] if %%value%% (once adjusted
* for %%decimals%%) cannot fit in %%format%%, either due to overflow
* or underflow (precision loss).
static fromValue(_value, decimals, _format) {
if (decimals == null) {
decimals = 0;
const format = getFormat(_format);
let value = getBigInt(_value, "value");
const delta = decimals - format.decimals;
if (delta > 0) {
const tens = getTens(delta);
assert$1((value % tens) === BN_0$8, "value loses precision for format", "NUMERIC_FAULT", {
operation: "fromValue", fault: "underflow", value: _value
value /= tens;
else if (delta < 0) {
value *= getTens(-delta);
checkValue(value, format, "fromValue");
return new FixedNumber(_guard$5, value, format);
* Creates a new [[FixedNumber]] for %%value%% with %%format%%.
* This will throw a [[NumericFaultError]] if %%value%% cannot fit
* in %%format%%, either due to overflow or underflow (precision loss).
static fromString(_value, _format) {
const match = _value.match(/^(-?)([0-9]*)\.?([0-9]*)$/);
assertArgument(match && (match[2].length + match[3].length) > 0, "invalid FixedNumber string value", "value", _value);
const format = getFormat(_format);
let whole = (match[2] || "0"), decimal = (match[3] || "");
// Pad out the decimals
while (decimal.length < format.decimals) {
decimal += Zeros$1;
// Check precision is safe
assert$1(decimal.substring(format.decimals).match(/^0*$/), "too many decimals for format", "NUMERIC_FAULT", {
operation: "fromString", fault: "underflow", value: _value
// Remove extra padding
decimal = decimal.substring(0, format.decimals);
const value = BigInt(match[1] + whole + decimal);
checkValue(value, format, "fromString");
return new FixedNumber(_guard$5, value, format);
* Creates a new [[FixedNumber]] with the big-endian representation
* %%value%% with %%format%%.
* This will throw a [[NumericFaultError]] if %%value%% cannot fit
* in %%format%% due to overflow.
static fromBytes(_value, _format) {
let value = toBigInt(getBytes(_value, "value"));
const format = getFormat(_format);
if (format.signed) {
value = fromTwos(value, format.width);
checkValue(value, format, "fromBytes");
return new FixedNumber(_guard$5, value, format);
//const f1 = FixedNumber.fromString("12.56", "fixed16x2");
//const f2 = FixedNumber.fromString("0.3", "fixed16x2");
//const BUMP = FixedNumber.from("0.5");
function hexlifyByte(value) {
let result = value.toString(16);
while (result.length < 2) {
result = "0" + result;
return "0x" + result;
function unarrayifyInteger(data, offset, length) {
let result = 0;
for (let i = 0; i < length; i++) {
result = (result * 256) + data[offset + i];
return result;
function _decodeChildren(data, offset, childOffset, length) {
const result = [];
while (childOffset < offset + 1 + length) {
const decoded = _decode(data, childOffset);
childOffset += decoded.consumed;
assert$1(childOffset <= offset + 1 + length, "child data too short", "BUFFER_OVERRUN", {
buffer: data, length, offset
return { consumed: (1 + length), result: result };
// returns { consumed: number, result: Object }
function _decode(data, offset) {
assert$1(data.length !== 0, "data too short", "BUFFER_OVERRUN", {
buffer: data, length: 0, offset: 1
const checkOffset = (offset) => {
assert$1(offset <= data.length, "data short segment too short", "BUFFER_OVERRUN", {
buffer: data, length: data.length, offset
// Array with extra length prefix
if (data[offset] >= 0xf8) {
const lengthLength = data[offset] - 0xf7;
checkOffset(offset + 1 + lengthLength);
const length = unarrayifyInteger(data, offset + 1, lengthLength);
checkOffset(offset + 1 + lengthLength + length);
return _decodeChildren(data, offset, offset + 1 + lengthLength, lengthLength + length);
else if (data[offset] >= 0xc0) {
const length = data[offset] - 0xc0;
checkOffset(offset + 1 + length);
return _decodeChildren(data, offset, offset + 1, length);
else if (data[offset] >= 0xb8) {
const lengthLength = data[offset] - 0xb7;
checkOffset(offset + 1 + lengthLength);
const length = unarrayifyInteger(data, offset + 1, lengthLength);
checkOffset(offset + 1 + lengthLength + length);
const result = hexlify(data.slice(offset + 1 + lengthLength, offset + 1 + lengthLength + length));
return { consumed: (1 + lengthLength + length), result: result };
else if (data[offset] >= 0x80) {
const length = data[offset] - 0x80;
checkOffset(offset + 1 + length);
const result = hexlify(data.slice(offset + 1, offset + 1 + length));
return { consumed: (1 + length), result: result };
return { consumed: 1, result: hexlifyByte(data[offset]) };
* Decodes %%data%% into the structured data it represents.
function decodeRlp(_data) {
const data = getBytes(_data, "data");
const decoded = _decode(data, 0);
assertArgument(decoded.consumed === data.length, "unexpected junk after rlp payload", "data", _data);
return decoded.result;
function arrayifyInteger(value) {
const result = [];
while (value) {
result.unshift(value & 0xff);
value >>= 8;
return result;
function _encode(object) {
if (Array.isArray(object)) {
let payload = [];
object.forEach(function (child) {
payload = payload.concat(_encode(child));
if (payload.length <= 55) {
payload.unshift(0xc0 + payload.length);
return payload;
const length = arrayifyInteger(payload.length);
length.unshift(0xf7 + length.length);
return length.concat(payload);
const data =, "object"));
if (data.length === 1 && data[0] <= 0x7f) {
return data;
else if (data.length <= 55) {
data.unshift(0x80 + data.length);
return data;
const length = arrayifyInteger(data.length);
length.unshift(0xb7 + length.length);
return length.concat(data);
const nibbles = "0123456789abcdef";
* Encodes %%object%% as an RLP-encoded [[DataHexString]].
function encodeRlp(object) {
let result = "0x";
for (const v of _encode(object)) {
result += nibbles[v >> 4];
result += nibbles[v & 0xf];
return result;
* Most interactions with Ethereum requires integer values, which use
* the smallest magnitude unit.
* For example, imagine dealing with dollars and cents. Since dollars
* are divisible, non-integer values are possible, such as ``$10.77``.
* By using the smallest indivisible unit (i.e. cents), the value can
* be kept as the integer ``1077``.
* When receiving decimal input from the user (as a decimal string),
* the value should be converted to an integer and when showing a user
* a value, the integer value should be converted to a decimal string.
* This creates a clear distinction, between values to be used by code
* (integers) and values used for display logic to users (decimals).
* The native unit in Ethereum, //ether// is divisible to 18 decimal places,
* where each individual unit is called a //wei//.
* @_subsection api/utils:Unit Conversion [about-units]
const names = [
* Converts %%value%% into a //decimal string//, assuming %%unit%% decimal
* places. The %%unit%% may be the number of decimal places or the name of
* a unit (e.g. ``"gwei"`` for 9 decimal places).
function formatUnits(value, unit) {
let decimals = 18;
if (typeof (unit) === "string") {
const index = names.indexOf(unit);
assertArgument(index >= 0, "invalid unit", "unit", unit);
decimals = 3 * index;
else if (unit != null) {
decimals = getNumber(unit, "unit");
return FixedNumber.fromValue(value, decimals, { decimals }).toString();
* Converts the //decimal string// %%value%% to a BigInt, assuming
* %%unit%% decimal places. The %%unit%% may the number of decimal places
* or the name of a unit (e.g. ``"gwei"`` for 9 decimal places).
function parseUnits(value, unit) {
assertArgument(typeof (value) === "string", "value must be a string", "value", value);
let decimals = 18;
if (typeof (unit) === "string") {
const index = names.indexOf(unit);
assertArgument(index >= 0, "invalid unit", "unit", unit);
decimals = 3 * index;
else if (unit != null) {
decimals = getNumber(unit, "unit");
return FixedNumber.fromString(value, { decimals }).value;
* Converts %%value%% into a //decimal string// using 18 decimal places.
function formatEther(wei) {
return formatUnits(wei, 18);
* Converts the //decimal string// %%ether%% to a BigInt, using 18
* decimal places.
function parseEther(ether) {
return parseUnits(ether, 18);
* Explain UUID and link to RFC here.
* @_subsection: api/utils:UUID [about-uuid]
* Returns the version 4 [[link-uuid]] for the %%randomBytes%%.
* @see: (Section 4.4)
function uuidV4(randomBytes) {
const bytes = getBytes(randomBytes, "randomBytes");
// Section: 4.1.3:
// - time_hi_and_version[12:16] = 0b0100
bytes[6] = (bytes[6] & 0x0f) | 0x40;
// Section 4.4
// - clock_seq_hi_and_reserved[6] = 0b0
// - clock_seq_hi_and_reserved[7] = 0b1
bytes[8] = (bytes[8] & 0x3f) | 0x80;
const value = hexlify(bytes);
return [
value.substring(2, 10),
value.substring(10, 14),
value.substring(14, 18),
value.substring(18, 22),
value.substring(22, 34),
* There are many simple utilities required to interact with
* Ethereum and to simplify the library, without increasing
* the library dependencies for simple functions.
* @_section api/utils:Utilities [about-utils]
* @_ignore:
const WordSize = 32;
const Padding = new Uint8Array(WordSize);
// Properties used to immediate pass through to the underlying object
// - `then` is used to detect if an object is a Promise for await
const passProperties$1 = ["then"];
const _guard$4 = {};
function throwError(name, error) {
const wrapped = new Error(`deferred error during ABI decoding triggered accessing ${name}`);
wrapped.error = error;
throw wrapped;
* A [[Result]] is a sub-class of Array, which allows accessing any
* of its values either positionally by its index or, if keys are
* provided by its name.
* @_docloc: api/abi
class Result extends Array {
* @private
constructor(...args) {
// To properly sub-class Array so the other built-in
// functions work, the constructor has to behave fairly
// well. So, in the event we are created via fromItems()
// we build the read-only Result object we want, but on
// any other input, we use the default constructor
// constructor(guard: any, items: Array<any>, keys?: Array<null | string>);
const guard = args[0];
let items = args[1];
let names = (args[2] || []).slice();
let wrap = true;
if (guard !== _guard$4) {
items = args;
names = [];
wrap = false;
// Can't just pass in ...items since an array of length 1
// is a special case in the super.
items.forEach((item, index) => { this[index] = item; });
// Find all unique keys
const nameCounts = names.reduce((accum, name) => {
if (typeof (name) === "string") {
accum.set(name, (accum.get(name) || 0) + 1);
return accum;
}, (new Map()));
// Remove any key thats not unique
this.#names = Object.freeze(, index) => {
const name = names[index];
if (name != null && nameCounts.get(name) === 1) {
return name;
return null;
if (!wrap) {
// A wrapped Result is immutable
// Proxy indices and names so we can trap deferred errors
return new Proxy(this, {
get: (target, prop, receiver) => {
if (typeof (prop) === "string") {
// Index accessor
if (prop.match(/^[0-9]+$/)) {
const index = getNumber(prop, "%index");
if (index < 0 || index >= this.length) {
throw new RangeError("out of result range");
const item = target[index];
if (item instanceof Error) {
throwError(`index ${index}`, item);
return item;
// Pass important checks (like `then` for Promise) through
if (passProperties$1.indexOf(prop) >= 0) {
return Reflect.get(target, prop, receiver);
const value = target[prop];
if (value instanceof Function) {
// Make sure functions work with private variables
// See:
return function (...args) {
return value.apply((this === receiver) ? target : this, args);
else if (!(prop in target)) {
// Possible name accessor
return target.getValue.apply((this === receiver) ? target : this, [prop]);
return Reflect.get(target, prop, receiver);
* Returns the Result as a normal Array.
* This will throw if there are any outstanding deferred
* errors.
toArray() {
const result = [];
this.forEach((item, index) => {
if (item instanceof Error) {
throwError(`index ${index}`, item);
return result;
* Returns the Result as an Object with each name-value pair.
* This will throw if any value is unnamed, or if there are
* any outstanding deferred errors.
toObject() {
return this.#names.reduce((accum, name, index) => {
assert$1(name != null, "value at index ${ index } unnamed", "UNSUPPORTED_OPERATION", {
operation: "toObject()"
// Add values for names that don't conflict
if (!(name in accum)) {
accum[name] = this.getValue(name);
return accum;
}, {});
* @_ignore
slice(start, end) {
if (start == null) {
start = 0;
if (start < 0) {
start += this.length;
if (start < 0) {
start = 0;
if (end == null) {
end = this.length;
if (end < 0) {
end += this.length;
if (end < 0) {
end = 0;
if (end > this.length) {
end = this.length;
const result = [], names = [];
for (let i = start; i < end; i++) {
return new Result(_guard$4, result, names);
* @_ignore
filter(callback, thisArg) {
const result = [], names = [];
for (let i = 0; i < this.length; i++) {
const item = this[i];
if (item instanceof Error) {
throwError(`index ${i}`, item);
if (, item, i, this)) {
return new Result(_guard$4, result, names);
* Returns the value for %%name%%.
* Since it is possible to have a key whose name conflicts with
* a method on a [[Result]] or its superclass Array, or any
* JavaScript keyword, this ensures all named values are still
* accessible by name.
getValue(name) {
const index = this.#names.indexOf(name);
if (index === -1) {
return undefined;
const value = this[index];
if (value instanceof Error) {
throwError(`property ${JSON.stringify(name)}`, value.error);
return value;
* Creates a new [[Result]] for %%items%% with each entry
* also accessible by its corresponding name in %%keys%%.
static fromItems(items, keys) {
return new Result(_guard$4, items, keys);
* Returns all errors found in a [[Result]].
* Since certain errors encountered when creating a [[Result]] do
* not impact the ability to continue parsing data, they are
* deferred until they are actually accessed. Hence a faulty string
* in an Event that is never used does not impact the program flow.
* However, sometimes it may be useful to access, identify or
* validate correctness of a [[Result]].
* @_docloc api/abi
function checkResultErrors(result) {
// Find the first error (if any)
const errors = [];
const checkErrors = function (path, object) {
if (!Array.isArray(object)) {
for (let key in object) {
const childPath = path.slice();
try {
checkErrors(childPath, object[key]);
catch (error) {
errors.push({ path: childPath, error: error });
checkErrors([], result);
return errors;
function getValue$1(value) {
let bytes = toBeArray(value);
assert$1(bytes.length <= WordSize, "value out-of-bounds", "BUFFER_OVERRUN", { buffer: bytes, length: WordSize, offset: bytes.length });
if (bytes.length !== WordSize) {
bytes = getBytesCopy(concat([Padding.slice(bytes.length % WordSize), bytes]));
return bytes;
* @_ignore
class Coder {
// The coder name:
// - address, uint256, tuple, array, etc.
// The fully expanded type, including composite types:
// - address, uint256, tuple(address,bytes), uint256[3][4][], etc.
// The localName bound in the signature, in this example it is "baz":
// - tuple(address foo, uint bar) baz
// Whether this type is dynamic:
// - Dynamic: bytes, string, address[], tuple(boolean[]), etc.
// - Not Dynamic: address, uint256, boolean[3], tuple(address, uint8)
constructor(name, type, localName, dynamic) {
defineProperties(this, { name, type, localName, dynamic }, {
name: "string", type: "string", localName: "string", dynamic: "boolean"
_throwError(message, value) {
assertArgument(false, message, this.localName, value);
* @_ignore
class Writer {
// An array of WordSize lengthed objects to concatenation
constructor() {
this.#data = [];
this.#dataLength = 0;
get data() {
return concat(this.#data);
get length() { return this.#dataLength; }
#writeData(data) {
this.#dataLength += data.length;
return data.length;
appendWriter(writer) {
return this.#writeData(getBytesCopy(;
// Arrayish item; pad on the right to *nearest* WordSize
writeBytes(value) {
let bytes = getBytesCopy(value);
const paddingOffset = bytes.length % WordSize;
if (paddingOffset) {
bytes = getBytesCopy(concat([bytes, Padding.slice(paddingOffset)]));
return this.#writeData(bytes);
// Numeric item; pad on the left *to* WordSize
writeValue(value) {
return this.#writeData(getValue$1(value));
// Inserts a numeric place-holder, returning a callback that can
// be used to asjust the value later
writeUpdatableValue() {
const offset = this.#data.length;
this.#dataLength += WordSize;
return (value) => {
this.#data[offset] = getValue$1(value);
* @_ignore
class Reader {
// Allows incomplete unpadded data to be read; otherwise an error
// is raised if attempting to overrun the buffer. This is required
// to deal with an old Solidity bug, in which event data for
// external (not public thoguh) was tightly packed.
constructor(data, allowLoose) {
defineProperties(this, { allowLoose: !!allowLoose });
this.#data = getBytesCopy(data);
this.#offset = 0;
get data() { return hexlify(this.#data); }
get dataLength() { return this.#data.length; }
get consumed() { return this.#offset; }
get bytes() { return new Uint8Array(this.#data); }
#peekBytes(offset, length, loose) {
let alignedLength = Math.ceil(length / WordSize) * WordSize;
if (this.#offset + alignedLength > this.#data.length) {
if (this.allowLoose && loose && this.#offset + length <= this.#data.length) {
alignedLength = length;
else {
assert$1(false, "data out-of-bounds", "BUFFER_OVERRUN", {
buffer: getBytesCopy(this.#data),
length: this.#data.length,
offset: this.#offset + alignedLength
return this.#data.slice(this.#offset, this.#offset + alignedLength);
// Create a sub-reader with the same underlying data, but offset
subReader(offset) {
return new Reader(this.#data.slice(this.#offset + offset), this.allowLoose);
// Read bytes
readBytes(length, loose) {
let bytes = this.#peekBytes(0, length, !!loose);
this.#offset += bytes.length;
// @TODO: Make sure the length..end bytes are all 0?
return bytes.slice(0, length);
// Read a numeric values
readValue() {
return toBigInt(this.readBytes(WordSize));
readIndex() {
return toNumber(this.readBytes(WordSize));
function number(n) {
if (!Number.isSafeInteger(n) || n < 0)
throw new Error(`Wrong positive integer: ${n}`);
function bool(b) {
if (typeof b !== 'boolean')
throw new Error(`Expected boolean, not ${b}`);
function bytes(b, ...lengths) {
if (!(b instanceof Uint8Array))
throw new TypeError('Expected Uint8Array');
if (lengths.length > 0 && !lengths.includes(b.length))
throw new TypeError(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
function hash(hash) {
if (typeof hash !== 'function' || typeof hash.create !== 'function')
throw new Error('Hash should be wrapped by utils.wrapConstructor');
function exists(instance, checkFinished = true) {
if (instance.destroyed)
throw new Error('Hash instance has been destroyed');
if (checkFinished && instance.finished)
throw new Error('Hash#digest() has already been called');
function output(out, instance) {
const min = instance.outputLen;
if (out.length < min) {
throw new Error(`digestInto() expects output buffer of length at least ${min}`);
const assert = {
const crypto$2 = {
node: undefined,
web: typeof self === 'object' && 'crypto' in self ? self.crypto : undefined,
/*! noble-hashes - MIT License (c) 2022 Paul Miller ( */
// Cast array to different type
const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
// Cast array to view
const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
// The rotate right (circular right shift) operation for uint32
const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
// There is almost no big endian hardware, but js typed arrays uses platform specific endianness.
// So, just to be sure not to corrupt anything.
if (!isLE)
throw new Error('Non little-endian hardware is not supported');
const hexes$1 = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
* @example bytesToHex(Uint8Array.from([0xde, 0xad, 0xbe, 0xef]))
function bytesToHex$1(uint8a) {
// pre-caching improves the speed 6x
if (!(uint8a instanceof Uint8Array))
throw new Error('Uint8Array expected');
let hex = '';
for (let i = 0; i < uint8a.length; i++) {
hex += hexes$1[uint8a[i]];
return hex;
* @example hexToBytes('deadbeef')
function hexToBytes$1(hex) {
if (typeof hex !== 'string') {
throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
if (hex.length % 2)
throw new Error('hexToBytes: received invalid unpadded hex');
const array = new Uint8Array(hex.length / 2);
for (let i = 0; i < array.length; i++) {
const j = i * 2;
const hexByte = hex.slice(j, j + 2);
const byte = Number.parseInt(hexByte, 16);
if (Number.isNaN(byte) || byte < 0)
throw new Error('Invalid byte sequence');
array[i] = byte;
return array;
// There is no setImmediate in browser and setTimeout is slow. However, call to async function will return Promise
// which will be fullfiled only on next scheduler queue processing step and this is exactly what we need.
const nextTick = async () => { };
// Returns control to thread each 'tick' ms to avoid blocking
async function asyncLoop(iters, tick, cb) {
let ts =;
for (let i = 0; i < iters; i++) {
// is not monotonic, so in case if clock goes backwards we return return control too
const diff = - ts;
if (diff >= 0 && diff < tick)
await nextTick();
ts += diff;
function utf8ToBytes(str) {
if (typeof str !== 'string') {
throw new TypeError(`utf8ToBytes expected string, got ${typeof str}`);
return new TextEncoder().encode(str);
function toBytes(data) {
if (typeof data === 'string')
data = utf8ToBytes(data);
if (!(data instanceof Uint8Array))
throw new TypeError(`Expected input type is Uint8Array (got ${typeof data})`);
return data;
* Concats Uint8Array-s into one; like `Buffer.concat([buf1, buf2])`
* @example concatBytes(buf1, buf2)
function concatBytes$1(...arrays) {
if (!arrays.every((a) => a instanceof Uint8Array))
throw new Error('Uint8Array list expected');
if (arrays.length === 1)
return arrays[0];
const length = arrays.reduce((a, arr) => a + arr.length, 0);
const result = new Uint8Array(length);
for (let i = 0, pad = 0; i < arrays.length; i++) {
const arr = arrays[i];
result.set(arr, pad);
pad += arr.length;
return result;
// For runtime check if class implements interface
class Hash {
// Safe version that clones internal state
clone() {
return this._cloneInto();
// Check if object doens't have custom constructor (like Uint8Array/Array)
const isPlainObject = (obj) => === '[object Object]' && obj.constructor === Object;
function checkOpts(defaults, opts) {
if (opts !== undefined && (typeof opts !== 'object' || !isPlainObject(opts)))
throw new TypeError('Options should be object or undefined');
const merged = Object.assign(defaults, opts);
return merged;
function wrapConstructor(hashConstructor) {
const hashC = (message) => hashConstructor().update(toBytes(message)).digest();
const tmp = hashConstructor();
hashC.outputLen = tmp.outputLen;
hashC.blockLen = tmp.blockLen;
hashC.create = () => hashConstructor();
return hashC;
function wrapConstructorWithOpts(hashCons) {
const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();
const tmp = hashCons({});
hashC.outputLen = tmp.outputLen;
hashC.blockLen = tmp.blockLen;
hashC.create = (opts) => hashCons(opts);
return hashC;
* Secure PRNG
function randomBytes$2(bytesLength = 32) {
if (crypto$2.web) {
return crypto$2.web.getRandomValues(new Uint8Array(bytesLength));
else if (crypto$2.node) {
return new Uint8Array(crypto$2.node.randomBytes(bytesLength).buffer);
else {
throw new Error("The environment doesn't have randomBytes function");
// HMAC (RFC 2104)
class HMAC extends Hash {
constructor(hash, _key) {
this.finished = false;
this.destroyed = false;
const key = toBytes(_key);
this.iHash = hash.create();
if (!(this.iHash instanceof Hash))
throw new TypeError('Expected instance of class which extends utils.Hash');
const blockLen = (this.blockLen = this.iHash.blockLen);
this.outputLen = this.iHash.outputLen;
const pad = new Uint8Array(blockLen);
// blockLen can be bigger than outputLen
pad.set(key.length > this.iHash.blockLen ? hash.create().update(key).digest() : key);
for (let i = 0; i < pad.length; i++)
pad[i] ^= 0x36;
// By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone
this.oHash = hash.create();
// Undo internal XOR && apply outer XOR
for (let i = 0; i < pad.length; i++)
pad[i] ^= 0x36 ^ 0x5c;
update(buf) {
return this;
digestInto(out) {
assert.bytes(out, this.outputLen);
this.finished = true;
digest() {
const out = new Uint8Array(this.oHash.outputLen);
return out;
_cloneInto(to) {
// Create new instance without calling constructor since key already in state and we don't know it.
to || (to = Object.create(Object.getPrototypeOf(this), {}));
const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
to = to;
to.finished = finished;
to.destroyed = destroyed;
to.blockLen = blockLen;
to.outputLen = outputLen;
to.oHash = oHash._cloneInto(to.oHash);
to.iHash = iHash._cloneInto(to.iHash);
return to;
destroy() {
this.destroyed = true;
* HMAC: RFC2104 message authentication code.
* @param hash - function that would be used e.g. sha256
* @param key - message key
* @param message - message data
const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
hmac.create = (hash, key) => new HMAC(hash, key);
// Common prologue and epilogue for sync/async functions
function pbkdf2Init(hash, _password, _salt, _opts) {
const opts = checkOpts({ dkLen: 32, asyncTick: 10 }, _opts);
const { c, dkLen, asyncTick } = opts;
if (c < 1)
throw new Error('PBKDF2: iterations (c) should be >= 1');
const password = toBytes(_password);
const salt = toBytes(_salt);
// DK = PBKDF2(PRF, Password, Salt, c, dkLen);
const DK = new Uint8Array(dkLen);
// U1 = PRF(Password, Salt + INT_32_BE(i))
const PRF = hmac.create(hash, password);
const PRFSalt = PRF._cloneInto().update(salt);
return { c, dkLen, asyncTick, DK, PRF, PRFSalt };
function pbkdf2Output(PRF, PRFSalt, DK, prfW, u) {
if (prfW)
return DK;
* PBKDF2-HMAC: RFC 2898 key derivation function
* @param hash - hash function that would be used e.g. sha256
* @param password - password from which a derived key is generated
* @param salt - cryptographic salt
* @param opts - {c, dkLen} where c is work factor and dkLen is output message size
function pbkdf2$1(hash, password, salt, opts) {
const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
let prfW; // Working copy
const arr = new Uint8Array(4);
const view = createView(arr);
const u = new Uint8Array(PRF.outputLen);
// DK = T1 + T2 + ⋯ + Tdklen/hlen
for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
// Ti = F(Password, Salt, c, i)
const Ti = DK.subarray(pos, pos + PRF.outputLen);
view.setInt32(0, ti, false);
// F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc
// U1 = PRF(Password, Salt + INT_32_BE(i))
(prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u);
Ti.set(u.subarray(0, Ti.length));
for (let ui = 1; ui < c; ui++) {
// Uc = PRF(Password, Uc1)
for (let i = 0; i < Ti.length; i++)
Ti[i] ^= u[i];
return pbkdf2Output(PRF, PRFSalt, DK, prfW, u);
async function pbkdf2Async(hash, password, salt, opts) {
const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
let prfW; // Working copy
const arr = new Uint8Array(4);
const view = createView(arr);
const u = new Uint8Array(PRF.outputLen);
// DK = T1 + T2 + ⋯ + Tdklen/hlen
for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
// Ti = F(Password, Salt, c, i)
const Ti = DK.subarray(pos, pos + PRF.outputLen);
view.setInt32(0, ti, false);
// F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc
// U1 = PRF(Password, Salt + INT_32_BE(i))
(prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u);
Ti.set(u.subarray(0, Ti.length));
await asyncLoop(c - 1, asyncTick, (i) => {
// Uc = PRF(Password, Uc1)
for (let i = 0; i < Ti.length; i++)
Ti[i] ^= u[i];
return pbkdf2Output(PRF, PRFSalt, DK, prfW, u);
// Polyfill for Safari 14
function setBigUint64(view, byteOffset, value, isLE) {
if (typeof view.setBigUint64 === 'function')
return view.setBigUint64(byteOffset, value, isLE);
const _32n = BigInt(32);
const _u32_max = BigInt(0xffffffff);
const wh = Number((value >> _32n) & _u32_max);
const wl = Number(value & _u32_max);
const h = isLE ? 4 : 0;
const l = isLE ? 0 : 4;
view.setUint32(byteOffset + h, wh, isLE);
view.setUint32(byteOffset + l, wl, isLE);
// Base SHA2 class (RFC 6234)
class SHA2 extends Hash {
constructor(blockLen, outputLen, padOffset, isLE) {
this.blockLen = blockLen;
this.outputLen = outputLen;
this.padOffset = padOffset;
this.isLE = isLE;
this.finished = false;
this.length = 0;
this.pos = 0;
this.destroyed = false;
this.buffer = new Uint8Array(blockLen);
this.view = createView(this.buffer);
update(data) {
const { view, buffer, blockLen } = this;
data = toBytes(data);
const len = data.length;
for (let pos = 0; pos < len;) {
const take = Math.min(blockLen - this.pos, len - pos);
// Fast path: we have at least one block in input, cast it to view and process
if (take === blockLen) {
const dataView = createView(data);
for (; blockLen <= len - pos; pos += blockLen)
this.process(dataView, pos);
buffer.set(data.subarray(pos, pos + take), this.pos);
this.pos += take;
pos += take;
if (this.pos === blockLen) {
this.process(view, 0);
this.pos = 0;
this.length += data.length;
return this;
digestInto(out) {
assert.output(out, this);
this.finished = true;
// Padding
// We can avoid allocation of buffer for padding completely if it
// was previously not allocated here. But it won't change performance.
const { buffer, view, blockLen, isLE } = this;
let { pos } = this;
// append the bit '1' to the message
buffer[pos++] = 0b10000000;
// we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
if (this.padOffset > blockLen - pos) {
this.process(view, 0);
pos = 0;
// Pad until full block byte with zeros
for (let i = pos; i < blockLen; i++)
buffer[i] = 0;
// Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
// You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
// So we just write lowest 64 bits of that value.
setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
this.process(view, 0);
const oview = createView(out);
this.get().forEach((v, i) => oview.setUint32(4 * i, v, isLE));
digest() {
const { buffer, outputLen } = this;
const res = buffer.slice(0, outputLen);
return res;
_cloneInto(to) {
to || (to = new this.constructor());
const { blockLen, buffer, length, finished, destroyed, pos } = this;
to.length = length;
to.pos = pos;
to.finished = finished;
to.destroyed = destroyed;
if (length % blockLen)
return to;
// Choice: a ? b : c
const Chi = (a, b, c) => (a & b) ^ (~a & c);
// Majority function, true if any two inpust is true
const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
// Round constants:
// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
// prettier-ignore
const SHA256_K = new Uint32Array([
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
// Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
// prettier-ignore
const IV = new Uint32Array([
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
// Temporary buffer, not used to store anything between runs
// Named this way because it matches specification.
const SHA256_W = new Uint32Array(64);
class SHA256 extends SHA2 {
constructor() {
super(64, 32, 8, false);
// We cannot use array here since array allows indexing by variable
// which means optimizer/compiler cannot use registers.
this.A = IV[0] | 0;
this.B = IV[1] | 0;
this.C = IV[2] | 0;
this.D = IV[3] | 0;
this.E = IV[4] | 0;
this.F = IV[5] | 0;
this.G = IV[6] | 0;
this.H = IV[7] | 0;
get() {
const { A, B, C, D, E, F, G, H } = this;
return [A, B, C, D, E, F, G, H];
// prettier-ignore
set(A, B, C, D, E, F, G, H) {
this.A = A | 0;
this.B = B | 0;
this.C = C | 0;
this.D = D | 0;
this.E = E | 0;
this.F = F | 0;
this.G = G | 0;
this.H = H | 0;
process(view, offset) {
// Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array
for (let i = 0; i < 16; i++, offset += 4)
SHA256_W[i] = view.getUint32(offset, false);
for (let i = 16; i < 64; i++) {
const W15 = SHA256_W[i - 15];
const W2 = SHA256_W[i - 2];
const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);
const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);
SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;
// Compression function main loop, 64 rounds
let { A, B, C, D, E, F, G, H } = this;
for (let i = 0; i < 64; i++) {
const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
const T2 = (sigma0 + Maj(A, B, C)) | 0;
H = G;
G = F;
F = E;
E = (D + T1) | 0;
D = C;
C = B;
B = A;
A = (T1 + T2) | 0;
// Add the compressed chunk to the current hash value
A = (A + this.A) | 0;
B = (B + this.B) | 0;
C = (C + this.C) | 0;
D = (D + this.D) | 0;
E = (E + this.E) | 0;
F = (F + this.F) | 0;
G = (G + this.G) | 0;
H = (H + this.H) | 0;
this.set(A, B, C, D, E, F, G, H);
roundClean() {
destroy() {
this.set(0, 0, 0, 0, 0, 0, 0, 0);
* SHA2-256 hash function
* @param message - data that would be hashed
const sha256$1 = wrapConstructor(() => new SHA256());
const U32_MASK64 = BigInt(2 ** 32 - 1);
const _32n = BigInt(32);
// We are not using BigUint64Array, because they are extremely slow as per 2022
function fromBig(n, le = false) {
if (le)
return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };
return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
function split(lst, le = false) {
let Ah = new Uint32Array(lst.length);
let Al = new Uint32Array(lst.length);
for (let i = 0; i < lst.length; i++) {
const { h, l } = fromBig(lst[i], le);
[Ah[i], Al[i]] = [h, l];
return [Ah, Al];
const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);
// for Shift in [0, 32)
const shrSH = (h, l, s) => h >>> s;
const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
// Right rotate for Shift in [1, 32)
const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));
const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
// Right rotate for Shift in (32, 64), NOTE: 32 is special case.
const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));
const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));
// Right rotate for shift===32 (just swaps l&h)
const rotr32H = (h, l) => l;
const rotr32L = (h, l) => h;
// Left rotate for Shift in [1, 32)
const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));
const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));
// Left rotate for Shift in (32, 64), NOTE: 32 is special case.
const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));
const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));
// JS uses 32-bit signed integers for bitwise operations which means we cannot
// simple take carry out of low bit sum by shift, we need to use division.
// Removing "export" has 5% perf penalty -_-
function add(Ah, Al, Bh, Bl) {
const l = (Al >>> 0) + (Bl >>> 0);
return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };
// Addition with more than 2 elements
const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;
const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);
const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;
const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);
const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;
// prettier-ignore
const u64 = {
fromBig, split, toBig,
shrSH, shrSL,
rotrSH, rotrSL, rotrBH, rotrBL,
rotr32H, rotr32L,
rotlSH, rotlSL, rotlBH, rotlBL,
add, add3L, add3H, add4L, add4H, add5H, add5L,
// Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):
// prettier-ignore
const [SHA512_Kh, SHA512_Kl] = u64.split([
'0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',
'0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',
'0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',
'0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',
'0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',
'0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',
'0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',
'0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',
'0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',
'0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',
'0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',
'0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',
'0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',
'0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',
'0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',
'0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',
'0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',
'0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',
'0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',
'0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'
].map(n => BigInt(n)));
// Temporary buffer, not used to store anything between runs
const SHA512_W_H = new Uint32Array(80);
const SHA512_W_L = new Uint32Array(80);
class SHA512 extends SHA2 {
constructor() {
super(128, 64, 16, false);
// We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.
// Also looks cleaner and easier to verify with spec.
// Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
// h -- high 32 bits, l -- low 32 bits
this.Ah = 0x6a09e667 | 0;
this.Al = 0xf3bcc908 | 0;
this.Bh = 0xbb67ae85 | 0;
this.Bl = 0x84caa73b | 0;
this.Ch = 0x3c6ef372 | 0;
this.Cl = 0xfe94f82b | 0;
this.Dh = 0xa54ff53a | 0;
this.Dl = 0x5f1d36f1 | 0;
this.Eh = 0x510e527f | 0;
this.El = 0xade682d1 | 0;
this.Fh = 0x9b05688c | 0;
this.Fl = 0x2b3e6c1f | 0;
this.Gh = 0x1f83d9ab | 0;
this.Gl = 0xfb41bd6b | 0;
this.Hh = 0x5be0cd19 | 0;
this.Hl = 0x137e2179 | 0;
// prettier-ignore
get() {
const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];
// prettier-ignore
set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {
this.Ah = Ah | 0;
this.Al = Al | 0;
this.Bh = Bh | 0;
this.Bl = Bl | 0;
this.Ch = Ch | 0;
this.Cl = Cl | 0;
this.Dh = Dh | 0;
this.Dl = Dl | 0;
this.Eh = Eh | 0;
this.El = El | 0;
this.Fh = Fh | 0;
this.Fl = Fl | 0;
this.Gh = Gh | 0;
this.Gl = Gl | 0;
this.Hh = Hh | 0;
this.Hl = Hl | 0;
process(view, offset) {
// Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array
for (let i = 0; i < 16; i++, offset += 4) {
SHA512_W_H[i] = view.getUint32(offset);
SHA512_W_L[i] = view.getUint32((offset += 4));
for (let i = 16; i < 80; i++) {
// s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)
const W15h = SHA512_W_H[i - 15] | 0;
const W15l = SHA512_W_L[i - 15] | 0;
const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);
const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);
// s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)
const W2h = SHA512_W_H[i - 2] | 0;
const W2l = SHA512_W_L[i - 2] | 0;
const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);
const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);
// SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];
const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
SHA512_W_H[i] = SUMh | 0;
SHA512_W_L[i] = SUMl | 0;
let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
// Compression function main loop, 80 rounds
for (let i = 0; i < 80; i++) {
// S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)
const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);
const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);
//const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
const CHIh = (Eh & Fh) ^ (~Eh & Gh);
const CHIl = (El & Fl) ^ (~El & Gl);
// T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]
// prettier-ignore
const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
const T1l = T1ll | 0;
// S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)
const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);
const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);
const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);
const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);
Hh = Gh | 0;
Hl = Gl | 0;
Gh = Fh | 0;
Gl = Fl | 0;
Fh = Eh | 0;
Fl = El | 0;
({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
Dh = Ch | 0;
Dl = Cl | 0;
Ch = Bh | 0;
Cl = Bl | 0;
Bh = Ah | 0;
Bl = Al | 0;
const All = u64.add3L(T1l, sigma0l, MAJl);
Ah = u64.add3H(All, T1h, sigma0h, MAJh);
Al = All | 0;
// Add the compressed chunk to the current hash value
({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
roundClean() {
destroy() {
this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
class SHA512_256 extends SHA512 {
constructor() {
// h -- high 32 bits, l -- low 32 bits
this.Ah = 0x22312194 | 0;
this.Al = 0xfc2bf72c | 0;
this.Bh = 0x9f555fa3 | 0;
this.Bl = 0xc84c64c2 | 0;
this.Ch = 0x2393b86b | 0;
this.Cl = 0x6f53b151 | 0;
this.Dh = 0x96387719 | 0;
this.Dl = 0x5940eabd | 0;
this.Eh = 0x96283ee2 | 0;
this.El = 0xa88effe3 | 0;
this.Fh = 0xbe5e1e25 | 0;
this.Fl = 0x53863992 | 0;
this.Gh = 0x2b0199fc | 0;
this.Gl = 0x2c85b8aa | 0;
this.Hh = 0x0eb72ddc | 0;
this.Hl = 0x81c52ca2 | 0;
this.outputLen = 32;
class SHA384 extends SHA512 {
constructor() {
// h -- high 32 bits, l -- low 32 bits
this.Ah = 0xcbbb9d5d | 0;
this.Al = 0xc1059ed8 | 0;
this.Bh = 0x629a292a | 0;
this.Bl = 0x367cd507 | 0;
this.Ch = 0x9159015a | 0;
this.Cl = 0x3070dd17 | 0;
this.Dh = 0x152fecd8 | 0;
this.Dl = 0xf70e5939 | 0;
this.Eh = 0x67332667 | 0;
this.El = 0xffc00b31 | 0;
this.Fh = 0x8eb44a87 | 0;
this.Fl = 0x68581511 | 0;
this.Gh = 0xdb0c2e0d | 0;
this.Gl = 0x64f98fa7 | 0;
this.Hh = 0x47b5481d | 0;
this.Hl = 0xbefa4fa4 | 0;
this.outputLen = 48;
const sha512$1 = wrapConstructor(() => new SHA512());
const sha512_256 = wrapConstructor(() => new SHA512_256());
const sha384 = wrapConstructor(() => new SHA384());
/* Browser Crypto Shims */
function getGlobal$1() {
if (typeof self !== 'undefined') {
return self;
if (typeof window !== 'undefined') {
return window;
if (typeof global !== 'undefined') {
return global;
throw new Error('unable to locate global object');
const anyGlobal = getGlobal$1();
const crypto$1 = anyGlobal.crypto || anyGlobal.msCrypto;
function createHash(algo) {
switch (algo) {
case "sha256": return sha256$1.create();
case "sha512": return sha512$1.create();
assertArgument(false, "invalid hashing algorithm name", "algorithm", algo);
function createHmac(_algo, key) {
const algo = ({ sha256: sha256$1, sha512: sha512$1 }[_algo]);
assertArgument(algo != null, "invalid hmac algorithm", "algorithm", _algo);
return hmac.create(algo, key);
function pbkdf2Sync(password, salt, iterations, keylen, _algo) {
const algo = ({ sha256: sha256$1, sha512: sha512$1 }[_algo]);
assertArgument(algo != null, "invalid pbkdf2 algorithm", "algorithm", _algo);
return pbkdf2$1(algo, password, salt, { c: iterations, dkLen: keylen });
function randomBytes$1(length) {
assert$1(crypto$1 != null, "platform does not support secure random numbers", "UNSUPPORTED_OPERATION", {
operation: "randomBytes"
assertArgument(Number.isInteger(length) && length > 0 && length <= 1024, "invalid length", "length", length);
const result = new Uint8Array(length);
return result;
* An **HMAC** enables verification that a given key was used
* to authenticate a payload.
* See: [[link-wiki-hmac]]
* @_subsection: api/crypto:HMAC [about-hmac]
let locked$4 = false;
const _computeHmac = function (algorithm, key, data) {
return createHmac(algorithm, key).update(data).digest();
let __computeHmac = _computeHmac;
* Return the HMAC for %%data%% using the %%key%% key with the underlying
* %%algo%% used for compression.
* @example:
* key = id("some-secret")
* // Compute the HMAC
* computeHmac("sha256", key, "0x1337")
* //_result:
* // To compute the HMAC of UTF-8 data, the data must be
* // converted to UTF-8 bytes
* computeHmac("sha256", key, toUtf8Bytes("Hello World"))
* //_result:
function computeHmac(algorithm, _key, _data) {
const key = getBytes(_key, "key");
const data = getBytes(_data, "data");
return hexlify(__computeHmac(algorithm, key, data));
computeHmac._ = _computeHmac;
computeHmac.lock = function () { locked$4 = true; };
computeHmac.register = function (func) {
if (locked$4) {
throw new Error("computeHmac is locked");
__computeHmac = func;
// Various per round constants calculations
const [SHA3_PI, SHA3_ROTL, _SHA3_IOTA] = [[], [], []];
const _0n$1 = BigInt(0);
const _1n$1 = BigInt(1);
const _2n$1 = BigInt(2);
const _7n = BigInt(7);
const _256n = BigInt(256);
const _0x71n = BigInt(0x71);
for (let round = 0, R = _1n$1, x = 1, y = 0; round < 24; round++) {
// Pi
[x, y] = [y, (2 * x + 3 * y) % 5];
SHA3_PI.push(2 * (5 * y + x));
// Rotational
SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);
// Iota
let t = _0n$1;
for (let j = 0; j < 7; j++) {
R = ((R << _1n$1) ^ ((R >> _7n) * _0x71n)) % _256n;
if (R & _2n$1)
t ^= _1n$1 << ((_1n$1 << BigInt(j)) - _1n$1);
const [SHA3_IOTA_H, SHA3_IOTA_L] = u64.split(_SHA3_IOTA, true);
// Left rotation (without 0, 32, 64)
const rotlH = (h, l, s) => s > 32 ? u64.rotlBH(h, l, s) : u64.rotlSH(h, l, s);
const rotlL = (h, l, s) => s > 32 ? u64.rotlBL(h, l, s) : u64.rotlSL(h, l, s);
// Same as keccakf1600, but allows to skip some rounds
function keccakP(s, rounds = 24) {
const B = new Uint32Array(5 * 2);
// NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)
for (let round = 24 - rounds; round < 24; round++) {
// Theta θ
for (let x = 0; x < 10; x++)
B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
for (let x = 0; x < 10; x += 2) {
const idx1 = (x + 8) % 10;
const idx0 = (x + 2) % 10;
const B0 = B[idx0];
const B1 = B[idx0 + 1];
const Th = rotlH(B0, B1, 1) ^ B[idx1];
const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
for (let y = 0; y < 50; y += 10) {
s[x + y] ^= Th;
s[x + y + 1] ^= Tl;
// Rho (ρ) and Pi (π)
let curH = s[2];
let curL = s[3];
for (let t = 0; t < 24; t++) {
const shift = SHA3_ROTL[t];
const Th = rotlH(curH, curL, shift);
const Tl = rotlL(curH, curL, shift);
const PI = SHA3_PI[t];
curH = s[PI];
curL = s[PI + 1];
s[PI] = Th;
s[PI + 1] = Tl;
// Chi (χ)
for (let y = 0; y < 50; y += 10) {
for (let x = 0; x < 10; x++)
B[x] = s[y + x];
for (let x = 0; x < 10; x++)
s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
// Iota (ι)
s[0] ^= SHA3_IOTA_H[round];
s[1] ^= SHA3_IOTA_L[round];
class Keccak extends Hash {
// NOTE: we accept arguments in bytes instead of bits here.
constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
this.blockLen = blockLen;
this.suffix = suffix;
this.outputLen = outputLen;
this.enableXOF = enableXOF;
this.rounds = rounds;
this.pos = 0;
this.posOut = 0;
this.finished = false;
this.destroyed = false;
// Can be passed from user as dkLen
// 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes
if (0 >= this.blockLen || this.blockLen >= 200)
throw new Error('Sha3 supports only keccak-f1600 function');
this.state = new Uint8Array(200);
this.state32 = u32(this.state);
keccak() {
keccakP(this.state32, this.rounds);
this.posOut = 0;
this.pos = 0;
update(data) {
const { blockLen, state } = this;
data = toBytes(data);
const len = data.length;
for (let pos = 0; pos < len;) {
const take = Math.min(blockLen - this.pos, len - pos);
for (let i = 0; i < take; i++)
state[this.pos++] ^= data[pos++];
if (this.pos === blockLen)
return this;
finish() {
if (this.finished)
this.finished = true;
const { state, suffix, pos, blockLen } = this;
// Do the padding
state[pos] ^= suffix;
if ((suffix & 0x80) !== 0 && pos === blockLen - 1)
state[blockLen - 1] ^= 0x80;
writeInto(out) {
assert.exists(this, false);
const bufferOut = this.state;
const { blockLen } = this;
for (let pos = 0, len = out.length; pos < len;) {
if (this.posOut >= blockLen)
const take = Math.min(blockLen - this.posOut, len - pos);
out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
this.posOut += take;
pos += take;
return out;
xofInto(out) {
// Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF
if (!this.enableXOF)
throw new Error('XOF is not possible for this instance');
return this.writeInto(out);
xof(bytes) {
return this.xofInto(new Uint8Array(bytes));
digestInto(out) {
assert.output(out, this);
if (this.finished)
throw new Error('digest() was already called');
return out;
digest() {
return this.digestInto(new Uint8Array(this.outputLen));
destroy() {
this.destroyed = true;
_cloneInto(to) {
const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));
to.pos = this.pos;
to.posOut = this.posOut;
to.finished = this.finished;
to.rounds = rounds;
// Suffix can change in cSHAKE
to.suffix = suffix;
to.outputLen = outputLen;
to.enableXOF = enableXOF;
to.destroyed = this.destroyed;
return to;
const gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen));
const sha3_224 = gen(0x06, 144, 224 / 8);
* SHA3-256 hash function
* @param message - that would be hashed
const sha3_256 = gen(0x06, 136, 256 / 8);
const sha3_384 = gen(0x06, 104, 384 / 8);
const sha3_512 = gen(0x06, 72, 512 / 8);
const keccak_224 = gen(0x01, 144, 224 / 8);
* keccak-256 hash function. Different from SHA3-256.
* @param message - that would be hashed
const keccak_256 = gen(0x01, 136, 256 / 8);
const keccak_384 = gen(0x01, 104, 384 / 8);
const keccak_512 = gen(0x01, 72, 512 / 8);
const genShake = (suffix, blockLen, outputLen) => wrapConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));
const shake128 = genShake(0x1f, 168, 128 / 8);
const shake256 = genShake(0x1f, 136, 256 / 8);
* Cryptographic hashing functions
* @_subsection: api/crypto:Hash Functions [about-crypto-hashing]
let locked$3 = false;
const _keccak256 = function (data) {
return keccak_256(data);
let __keccak256 = _keccak256;
* Compute the cryptographic KECCAK256 hash of %%data%%.
* The %%data%% **must** be a data representation, to compute the
* hash of UTF-8 data use the [[id]] function.
* @returns DataHexstring
* @example:
* keccak256("0x")
* //_result:
* keccak256("0x1337")
* //_result:
* keccak256(new Uint8Array([ 0x13, 0x37 ]))
* //_result:
* // Strings are assumed to be DataHexString, otherwise it will
* // throw. To hash UTF-8 data, see the note above.
* keccak256("Hello World")
* //_error:
function keccak256(_data) {
const data = getBytes(_data, "data");
return hexlify(__keccak256(data));
keccak256._ = _keccak256;
keccak256.lock = function () { locked$3 = true; };
keccak256.register = function (func) {
if (locked$3) {
throw new TypeError("keccak256 is locked");
__keccak256 = func;
const Rho = new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);
const Id = Uint8Array.from({ length: 16 }, (_, i) => i);
const Pi = => (9 * i + 5) % 16);
let idxL = [Id];
let idxR = [Pi];
for (let i = 0; i < 4; i++)
for (let j of [idxL, idxR])
j.push(j[i].map((k) => Rho[k]));
const shifts = [
[11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],
[12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],
[13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],
[14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],
[15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5],
].map((i) => new Uint8Array(i));
const shiftsL =, i) => => shifts[i][j]));
const shiftsR =, i) => => shifts[i][j]));
const Kl = new Uint32Array([0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e]);
const Kr = new Uint32Array([0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000]);
// The rotate left (circular left shift) operation for uint32
const rotl$1 = (word, shift) => (word << shift) | (word >>> (32 - shift));
// It's called f() in spec.
function f(group, x, y, z) {
if (group === 0)
return x ^ y ^ z;
else if (group === 1)
return (x & y) | (~x & z);
else if (group === 2)
return (x | ~y) ^ z;
else if (group === 3)
return (x & z) | (y & ~z);
return x ^ (y | ~z);
// Temporary buffer, not used to store anything between runs
const BUF = new Uint32Array(16);
class RIPEMD160 extends SHA2 {
constructor() {
super(64, 20, 8, true);
this.h0 = 0x67452301 | 0;
this.h1 = 0xefcdab89 | 0;
this.h2 = 0x98badcfe | 0;
this.h3 = 0x10325476 | 0;
this.h4 = 0xc3d2e1f0 | 0;
get() {
const { h0, h1, h2, h3, h4 } = this;
return [h0, h1, h2, h3, h4];
set(h0, h1, h2, h3, h4) {
this.h0 = h0 | 0;
this.h1 = h1 | 0;
this.h2 = h2 | 0;
this.h3 = h3 | 0;
this.h4 = h4 | 0;
process(view, offset) {
for (let i = 0; i < 16; i++, offset += 4)
BUF[i] = view.getUint32(offset, true);
// prettier-ignore
let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el;
// Instead of iterating 0 to 80, we split it into 5 groups
// And use the groups in constants, functions, etc. Much simpler
for (let group = 0; group < 5; group++) {
const rGroup = 4 - group;
const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore
const rl = idxL[group], rr = idxR[group]; // prettier-ignore
const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore
for (let i = 0; i < 16; i++) {
const tl = (rotl$1(al + f(group, bl, cl, dl) + BUF[rl[i]] + hbl, sl[i]) + el) | 0;
al = el, el = dl, dl = rotl$1(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore
// 2 loops are 10% faster
for (let i = 0; i < 16; i++) {
const tr = (rotl$1(ar + f(rGroup, br, cr, dr) + BUF[rr[i]] + hbr, sr[i]) + er) | 0;
ar = er, er = dr, dr = rotl$1(cr, 10) | 0, cr = br, br = tr; // prettier-ignore
// Add the compressed chunk to the current hash value
this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0);
roundClean() {
destroy() {
this.destroyed = true;
this.set(0, 0, 0, 0, 0);
* RIPEMD-160 - a hash function from 1990s.
* @param message - msg that would be hashed
const ripemd160$1 = wrapConstructor(() => new RIPEMD160());
let locked$2 = false;
const _ripemd160 = function (data) {
return ripemd160$1(data);
let __ripemd160 = _ripemd160;
* Compute the cryptographic RIPEMD-160 hash of %%data%%.
* @_docloc: api/crypto:Hash Functions
* @returns DataHexstring
* @example:
* ripemd160("0x")
* //_result:
* ripemd160("0x1337")
* //_result:
* ripemd160(new Uint8Array([ 0x13, 0x37 ]))
* //_result:
function ripemd160(_data) {
const data = getBytes(_data, "data");
return hexlify(__ripemd160(data));
ripemd160._ = _ripemd160;
ripemd160.lock = function () { locked$2 = true; };
ripemd160.register = function (func) {
if (locked$2) {
throw new TypeError("ripemd160 is locked");
__ripemd160 = func;
* A **Password-Based Key-Derivation Function** is designed to create
* a sequence of bytes suitible as a **key** from a human-rememberable
* password.
* @_subsection: api/crypto:Passwords [about-pbkdf]
let locked$1 = false;
const _pbkdf2 = function (password, salt, iterations, keylen, algo) {
return pbkdf2Sync(password, salt, iterations, keylen, algo);
let __pbkdf2 = _pbkdf2;
* Return the [[link-pbkdf2]] for %%keylen%% bytes for %%password%% using
* the %%salt%% and using %%iterations%% of %%algo%%.
* This PBKDF is outdated and should not be used in new projects, but is
* required to decrypt older files.
* @example:
* // The password must be converted to bytes, and it is generally
* // best practices to ensure the string has been normalized. Many
* // formats explicitly indicate the normalization form to use.
* password = "hello"
* passwordBytes = toUtf8Bytes(password, "NFKC")
* salt = id("some-salt")
* // Compute the PBKDF2
* pbkdf2(passwordBytes, salt, 1024, 16, "sha256")
* //_result:
function pbkdf2(_password, _salt, iterations, keylen, algo) {
const password = getBytes(_password, "password");
const salt = getBytes(_salt, "salt");
return hexlify(__pbkdf2(password, salt, iterations, keylen, algo));
pbkdf2._ = _pbkdf2;
pbkdf2.lock = function () { locked$1 = true; };
pbkdf2.register = function (func) {
if (locked$1) {
throw new Error("pbkdf2 is locked");
__pbkdf2 = func;
* A **Cryptographically Secure Random Value** is one that has been
* generated with additional care take to prevent side-channels
* from allowing others to detect it and prevent others from through
* coincidence generate the same values.
* @_subsection: api/crypto:Random Values [about-crypto-random]
let locked = false;
const _randomBytes = function (length) {
return new Uint8Array(randomBytes$1(length));
let __randomBytes = _randomBytes;
* Return %%length%% bytes of cryptographically secure random data.
* @example:
* randomBytes(8)
* //_result:
function randomBytes(length) {
return __randomBytes(length);
randomBytes._ = _randomBytes;
randomBytes.lock = function () { locked = true; };
randomBytes.register = function (func) {
if (locked) {
throw new Error("randomBytes is locked");
__randomBytes = func;
// RFC 7914 Scrypt KDF
// Left rotate for uint32
const rotl = (a, b) => (a << b) | (a >>> (32 - b));
// The main Scrypt loop: uses Salsa extensively.
// Six versions of the function were tried, this is the fastest one.
// prettier-ignore
function XorAndSalsa(prev, pi, input, ii, out, oi) {
// Based on
// Xor blocks
let y00 = prev[pi++] ^ input[ii++], y01 = prev[pi++] ^ input[ii++];
let y02 = prev[pi++] ^ input[ii++], y03 = prev[pi++] ^ input[ii++];
let y04 = prev[pi++] ^ input[ii++], y05 = prev[pi++] ^ input[ii++];
let y06 = prev[pi++] ^ input[ii++], y07 = prev[pi++] ^ input[ii++];
let y08 = prev[pi++] ^ input[ii++], y09 = prev[pi++] ^ input[ii++];
let y10 = prev[pi++] ^ input[ii++], y11 = prev[pi++] ^ input[ii++];
let y12 = prev[pi++] ^ input[ii++], y13 = prev[pi++] ^ input[ii++];
let y14 = prev[pi++] ^ input[ii++], y15 = prev[pi++] ^ input[ii++];
// Save state to temporary variables (salsa)
let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
// Main loop (salsa)
for (let i = 0; i < 8; i += 2) {
x04 ^= rotl(x00 + x12 | 0, 7);
x08 ^= rotl(x04 + x00 | 0, 9);
x12 ^= rotl(x08 + x04 | 0, 13);
x00 ^= rotl(x12 + x08 | 0, 18);
x09 ^= rotl(x05 + x01 | 0, 7);
x13 ^= rotl(x09 + x05 | 0, 9);
x01 ^= rotl(x13 + x09 | 0, 13);
x05 ^= rotl(x01 + x13 | 0, 18);
x14 ^= rotl(x10 + x06 | 0, 7);
x02 ^= rotl(x14 + x10 | 0, 9);
x06 ^= rotl(x02 + x14 | 0, 13);
x10 ^= rotl(x06 + x02 | 0, 18);
x03 ^= rotl(x15 + x11 | 0, 7);
x07 ^= rotl(x03 + x15 | 0, 9);
x11 ^= rotl(x07 + x03 | 0, 13);
x15 ^= rotl(x11 + x07 | 0, 18);
x01 ^= rotl(x00 + x03 | 0, 7);
x02 ^= rotl(x01 + x00 | 0, 9);
x03 ^= rotl(x02 + x01 | 0, 13);
x00 ^= rotl(x03 + x02 | 0, 18);
x06 ^= rotl(x05 + x04 | 0, 7);
x07 ^= rotl(x06 + x05 | 0, 9);
x04 ^= rotl(x07 + x06 | 0, 13);
x05 ^= rotl(x04 + x07 | 0, 18);
x11 ^= rotl(x10 + x09 | 0, 7);
x08 ^= rotl(x11 + x10 | 0, 9);
x09 ^= rotl(x08 + x11 | 0, 13);
x10 ^= rotl(x09 + x08 | 0, 18);
x12 ^= rotl(x15 + x14 | 0, 7);
x13 ^= rotl(x12 + x15 | 0, 9);
x14 ^= rotl(x13 + x12 | 0, 13);
x15 ^= rotl(x14 + x13 | 0, 18);
// Write output (salsa)
out[oi++] = (y00 + x00) | 0;
out[oi++] = (y01 + x01) | 0;
out[oi++] = (y02 + x02) | 0;
out[oi++] = (y03 + x03) | 0;
out[oi++] = (y04 + x04) | 0;
out[oi++] = (y05 + x05) | 0;
out[oi++] = (y06 + x06) | 0;
out[oi++] = (y07 + x07) | 0;
out[oi++] = (y08 + x08) | 0;
out[oi++] = (y09 + x09) | 0;
out[oi++] = (y10 + x10) | 0;
out[oi++] = (y11 + x11) | 0;
out[oi++] = (y12 + x12) | 0;
out[oi++] = (y13 + x13) | 0;
out[oi++] = (y14 + x14) | 0;
out[oi++] = (y15 + x15) | 0;
function BlockMix(input, ii, out, oi, r) {
// The block B is r 128-byte chunks (which is equivalent of 2r 64-byte chunks)
let head = oi + 0;
let tail = oi + 16 * r;
for (let i = 0; i < 16; i++)
out[tail + i] = input[ii + (2 * r - 1) * 16 + i]; // X ← B[2r1]
for (let i = 0; i < r; i++, head += 16, ii += 16) {
// We write odd & even Yi at same time. Even: 0bXXXXX0 Odd: 0bXXXXX1
XorAndSalsa(out, tail, input, ii, out, head); // head[i] = Salsa(blockIn[2*i] ^ tail[i-1])
if (i > 0)
tail += 16; // First iteration overwrites tmp value in tail
XorAndSalsa(out, head, input, (ii += 16), out, tail); // tail[i] = Salsa(blockIn[2*i+1] ^ head[i])
// Common prologue and epilogue for sync/async functions
function scryptInit(password, salt, _opts) {
// Maxmem - 1GB+1KB by default
const opts = checkOpts({
dkLen: 32,
asyncTick: 10,
maxmem: 1024 ** 3 + 1024,
}, _opts);
const { N, r, p, dkLen, asyncTick, maxmem, onProgress } = opts;
if (onProgress !== undefined && typeof onProgress !== 'function')
throw new Error('progressCb should be function');
const blockSize = 128 * r;
const blockSize32 = blockSize / 4;
if (N <= 1 || (N & (N - 1)) !== 0 || N >= 2 ** (blockSize / 8) || N > 2 ** 32) {
// NOTE: we limit N to be less than 2**32 because of 32 bit variant of Integrify function
// There is no JS engines that allows alocate more than 4GB per single Uint8Array for now, but can change in future.
throw new Error('Scrypt: N must be larger than 1, a power of 2, less than 2^(128 * r / 8) and less than 2^32');
if (p < 0 || p > ((2 ** 32 - 1) * 32) / blockSize) {
throw new Error('Scrypt: p must be a positive integer less than or equal to ((2^32 - 1) * 32) / (128 * r)');
if (dkLen < 0 || dkLen > (2 ** 32 - 1) * 32) {
throw new Error('Scrypt: dkLen should be positive integer less than or equal to (2^32 - 1) * 32');
const memUsed = blockSize * (N + p);
if (memUsed > maxmem) {
throw new Error(`Scrypt: parameters too large, ${memUsed} (128 * r * (N + p)) > ${maxmem} (maxmem)`);
// [B0...Bp1] ← PBKDF2HMAC-SHA256(Passphrase, Salt, 1, blockSize*ParallelizationFactor)
// Since it has only one iteration there is no reason to use async variant
const B = pbkdf2$1(sha256$1, password, salt, { c: 1, dkLen: blockSize * p });
const B32 = u32(B);
// Re-used between parallel iterations. Array(iterations) of B
const V = u32(new Uint8Array(blockSize * N));
const tmp = u32(new Uint8Array(blockSize));
let blockMixCb = () => { };
if (onProgress) {
const totalBlockMix = 2 * N * p;
// Invoke callback if progress changes from 10.01 to 10.02
// Allows to draw smooth progress bar on up to 8K screen
const callbackPer = Math.max(Math.floor(totalBlockMix / 10000), 1);
let blockMixCnt = 0;
blockMixCb = () => {
if (onProgress && (!(blockMixCnt % callbackPer) || blockMixCnt === totalBlockMix))
onProgress(blockMixCnt / totalBlockMix);
return { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick };
function scryptOutput(password, dkLen, B, V, tmp) {
const res = pbkdf2$1(sha256$1, password, B, { c: 1, dkLen });
return res;
* Scrypt KDF from RFC 7914.
* @param password - pass
* @param salt - salt
* @param opts - parameters
* - `N` is cpu/mem work factor (power of 2 e.g. 2**18)
* - `r` is block size (8 is common), fine-tunes sequential memory read size and performance
* - `p` is parallelization factor (1 is common)
* - `dkLen` is output key length in bytes e.g. 32.
* - `asyncTick` - (default: 10) max time in ms for which async function can block execution
* - `maxmem` - (default: `1024 ** 3 + 1024` aka 1GB+1KB). A limit that the app could use for scrypt
* - `onProgress` - callback function that would be executed for progress report
* @returns Derived key
function scrypt$1(password, salt, opts) {
const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, opts);
for (let pi = 0; pi < p; pi++) {
const Pi = blockSize32 * pi;
for (let i = 0; i < blockSize32; i++)
V[i] = B32[Pi + i]; // V[0] = B[i]
for (let i = 0, pos = 0; i < N - 1; i++) {
BlockMix(V, pos, V, (pos += blockSize32), r); // V[i] = BlockMix(V[i-1]);
BlockMix(V, (N - 1) * blockSize32, B32, Pi, r); // Process last element
for (let i = 0; i < N; i++) {
// First u32 of the last 64-byte block (u32 is LE)
const j = B32[Pi + blockSize32 - 16] % N; // j = Integrify(X) % iterations
for (let k = 0; k < blockSize32; k++)
tmp[k] = B32[Pi + k] ^ V[j * blockSize32 + k]; // tmp = B ^ V[j]
BlockMix(tmp, 0, B32, Pi, r); // B = BlockMix(B ^ V[j])
return scryptOutput(password, dkLen, B, V, tmp);
* Scrypt KDF from RFC 7914.
async function scryptAsync(password, salt, opts) {
const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, opts);
for (let pi = 0; pi < p; pi++) {
const Pi = blockSize32 * pi;
for (let i = 0; i < blockSize32; i++)
V[i] = B32[Pi + i]; // V[0] = B[i]
let pos = 0;
await asyncLoop(N - 1, asyncTick, (i) => {
BlockMix(V, pos, V, (pos += blockSize32), r); // V[i] = BlockMix(V[i-1]);
BlockMix(V, (N - 1) * blockSize32, B32, Pi, r); // Process last element
await asyncLoop(N, asyncTick, (i) => {
// First u32 of the last 64-byte block (u32 is LE)
const j = B32[Pi + blockSize32 - 16] % N; // j = Integrify(X) % iterations
for (let k = 0; k < blockSize32; k++)
tmp[k] = B32[Pi + k] ^ V[j * blockSize32 + k]; // tmp = B ^ V[j]
BlockMix(tmp, 0, B32, Pi, r); // B = BlockMix(B ^ V[j])
return scryptOutput(password, dkLen, B, V, tmp);
let lockedSync = false, lockedAsync = false;
const _scryptAsync = async function (passwd, salt, N, r, p, dkLen, onProgress) {
return await scryptAsync(passwd, salt, { N, r, p, dkLen, onProgress });
const _scryptSync = function (passwd, salt, N, r, p, dkLen) {
return scrypt$1(passwd, salt, { N, r, p, dkLen });
let __scryptAsync = _scryptAsync;
let __scryptSync = _scryptSync;
* The [[link-wiki-scrypt]] uses a memory and cpu hard method of
* derivation to increase the resource cost to brute-force a password
* for a given key.
* This means this algorithm is intentionally slow, and can be tuned to
* become slower. As computation and memory speed improve over time,
* increasing the difficulty maintains the cost of an attacker.
* For example, if a target time of 5 seconds is used, a legitimate user
* which knows their password requires only 5 seconds to unlock their
* account. A 6 character password has 68 billion possibilities, which
* would require an attacker to invest over 10,000 years of CPU time. This
* is of course a crude example (as password generally aren't random),
* but demonstrates to value of imposing large costs to decryption.
* For this reason, if building a UI which involved decrypting or
* encrypting datsa using scrypt, it is recommended to use a
* [[ProgressCallback]] (as event short periods can seem lik an eternity
* if the UI freezes). Including the phrase //"decrypting"// in the UI
* can also help, assuring the user their waiting is for a good reason.
* @_docloc: api/crypto:Passwords
* @example:
* // The password must be converted to bytes, and it is generally
* // best practices to ensure the string has been normalized. Many
* // formats explicitly indicate the normalization form to use.
* password = "hello"
* passwordBytes = toUtf8Bytes(password, "NFKC")
* salt = id("some-salt")
* // Compute the scrypt
* scrypt(passwordBytes, salt, 1024, 8, 1, 16)
* //_result:
async function scrypt(_passwd, _salt, N, r, p, dkLen, progress) {
const passwd = getBytes(_passwd, "passwd");
const salt = getBytes(_salt, "salt");
return hexlify(await __scryptAsync(passwd, salt, N, r, p, dkLen, progress));
scrypt._ = _scryptAsync;
scrypt.lock = function () { lockedAsync = true; };
scrypt.register = function (func) {
if (lockedAsync) {
throw new Error("scrypt is locked");
__scryptAsync = func;
* Provides a synchronous variant of [[scrypt]].
* This will completely lock up and freeze the UI in a browser and will
* prevent any event loop from progressing. For this reason, it is
* preferred to use the [async variant](scrypt).
* @_docloc: api/crypto:Passwords
* @example:
* // The password must be converted to bytes, and it is generally
* // best practices to ensure the string has been normalized. Many
* // formats explicitly indicate the normalization form to use.
* password = "hello"
* passwordBytes = toUtf8Bytes(password, "NFKC")
* salt = id("some-salt")
* // Compute the scrypt
* scryptSync(passwordBytes, salt, 1024, 8, 1, 16)
* //_result:
function scryptSync(_passwd, _salt, N, r, p, dkLen) {
const passwd = getBytes(_passwd, "passwd");
const salt = getBytes(_salt, "salt");
return hexlify(__scryptSync(passwd, salt, N, r, p, dkLen));
scryptSync._ = _scryptSync;
scryptSync.lock = function () { lockedSync = true; };
scryptSync.register = function (func) {
if (lockedSync) {
throw new Error("scryptSync is locked");
__scryptSync = func;
const _sha256 = function (data) {
return createHash("sha256").update(data).digest();
const _sha512 = function (data) {
return createHash("sha512").update(data).digest();
let __sha256 = _sha256;
let __sha512 = _sha512;
let locked256 = false, locked512 = false;
* Compute the cryptographic SHA2-256 hash of %%data%%.
* @_docloc: api/crypto:Hash Functions
* @returns DataHexstring
* @example:
* sha256("0x")
* //_result:
* sha256("0x1337")
* //_result:
* sha256(new Uint8Array([ 0x13, 0x37 ]))
* //_result:
function sha256(_data) {
const data = getBytes(_data, "data");
return hexlify(__sha256(data));
sha256._ = _sha256;
sha256.lock = function () { locked256 = true; };
sha256.register = function (func) {
if (locked256) {
throw new Error("sha256 is locked");
__sha256 = func;
* Compute the cryptographic SHA2-512 hash of %%data%%.
* @_docloc: api/crypto:Hash Functions
* @returns DataHexstring
* @example:
* sha512("0x")
* //_result:
* sha512("0x1337")
* //_result:
* sha512(new Uint8Array([ 0x13, 0x37 ]))
* //_result:
function sha512(_data) {
const data = getBytes(_data, "data");
return hexlify(__sha512(data));
sha512._ = _sha512;
sha512.lock = function () { locked512 = true; };
sha512.register = function (func) {
if (locked512) {
throw new Error("sha512 is locked");
__sha512 = func;
var _nodeResolve_empty = {};
var nodeCrypto = /*#__PURE__*/Object.freeze({
__proto__: null,
'default': _nodeResolve_empty
/*! noble-secp256k1 - MIT License (c) 2019 Paul Miller ( */
const _0n = BigInt(0);
const _1n = BigInt(1);
const _2n = BigInt(2);
const _3n = BigInt(3);
const _8n = BigInt(8);
const CURVE = Object.freeze({
a: _0n,
b: BigInt(7),
P: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'),
n: BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'),
h: _1n,
Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
const divNearest = (a, b) => (a + b / _2n) / b;
const endo = {
beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
splitScalar(k) {
const { n } = CURVE;
const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');
const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');
const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');
const b2 = a1;
const POW_2_128 = BigInt('0x100000000000000000000000000000000');
const c1 = divNearest(b2 * k, n);
const c2 = divNearest(-b1 * k, n);
let k1 = mod(k - c1 * a1 - c2 * a2, n);
let k2 = mod(-c1 * b1 - c2 * b2, n);
const k1neg = k1 > POW_2_128;
const k2neg = k2 > POW_2_128;
if (k1neg)
k1 = n - k1;
if (k2neg)
k2 = n - k2;
if (k1 > POW_2_128 || k2 > POW_2_128) {
throw new Error('splitScalarEndo: Endomorphism failed, k=' + k);
return { k1neg, k1, k2neg, k2 };
const fieldLen = 32;
const groupLen = 32;
const hashLen = 32;
const compressedLen = fieldLen + 1;
const uncompressedLen = 2 * fieldLen + 1;
function weierstrass(x) {
const { a, b } = CURVE;
const x2 = mod(x * x);
const x3 = mod(x2 * x);
return mod(x3 + a * x + b);
const USE_ENDOMORPHISM = CURVE.a === _0n;
class ShaError extends Error {
constructor(message) {
function assertJacPoint(other) {
if (!(other instanceof JacobianPoint))
throw new TypeError('JacobianPoint expected');
class JacobianPoint {
constructor(x, y, z) {
this.x = x;
this.y = y;
this.z = z;
static fromAffine(p) {
if (!(p instanceof Point)) {
throw new TypeError('JacobianPoint#fromAffine: expected Point');
if (p.equals(Point.ZERO))
return JacobianPoint.ZERO;
return new JacobianPoint(p.x, p.y, _1n);
static toAffineBatch(points) {
const toInv = invertBatch( => p.z));
return, i) => p.toAffine(toInv[i]));
static normalizeZ(points) {
return JacobianPoint.toAffineBatch(points).map(JacobianPoint.fromAffine);
equals(other) {
const { x: X1, y: Y1, z: Z1 } = this;
const { x: X2, y: Y2, z: Z2 } = other;
const Z1Z1 = mod(Z1 * Z1);
const Z2Z2 = mod(Z2 * Z2);
const U1 = mod(X1 * Z2Z2);
const U2 = mod(X2 * Z1Z1);
const S1 = mod(mod(Y1 * Z2) * Z2Z2);
const S2 = mod(mod(Y2 * Z1) * Z1Z1);
return U1 === U2 && S1 === S2;
negate() {
return new JacobianPoint(this.x, mod(-this.y), this.z);
double() {
const { x: X1, y: Y1, z: Z1 } = this;
const A = mod(X1 * X1);
const B = mod(Y1 * Y1);
const C = mod(B * B);
const x1b = X1 + B;
const D = mod(_2n * (mod(x1b * x1b) - A - C));
const E = mod(_3n * A);
const F = mod(E * E);
const X3 = mod(F - _2n * D);
const Y3 = mod(E * (D - X3) - _8n * C);
const Z3 = mod(_2n * Y1 * Z1);
return new JacobianPoint(X3, Y3, Z3);
add(other) {
const { x: X1, y: Y1, z: Z1 } = this;
const { x: X2, y: Y2, z: Z2 } = other;
if (X2 === _0n || Y2 === _0n)
return this;
if (X1 === _0n || Y1 === _0n)
return other;
const Z1Z1 = mod(Z1 * Z1);
const Z2Z2 = mod(Z2 * Z2);
const U1 = mod(X1 * Z2Z2);
const U2 = mod(X2 * Z1Z1);
const S1 = mod(mod(Y1 * Z2) * Z2Z2);
const S2 = mod(mod(Y2 * Z1) * Z1Z1);
const H = mod(U2 - U1);
const r = mod(S2 - S1);
if (H === _0n) {
if (r === _0n) {
return this.double();
else {
return JacobianPoint.ZERO;
const HH = mod(H * H);
const HHH = mod(H * HH);
const V = mod(U1 * HH);
const X3 = mod(r * r - HHH - _2n * V);
const Y3 = mod(r * (V - X3) - S1 * HHH);
const Z3 = mod(Z1 * Z2 * H);
return new JacobianPoint(X3, Y3, Z3);
subtract(other) {
return this.add(other.negate());
multiplyUnsafe(scalar) {
const P0 = JacobianPoint.ZERO;
if (typeof scalar === 'bigint' && scalar === _0n)
return P0;
let n = normalizeScalar(scalar);
if (n === _1n)
return this;
let p = P0;
let d = this;
while (n > _0n) {
if (n & _1n)
p = p.add(d);
d = d.double();
n >>= _1n;
return p;
let { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
let k1p = P0;
let k2p = P0;
let d = this;
while (k1 > _0n || k2 > _0n) {
if (k1 & _1n)
k1p = k1p.add(d);
if (k2 & _1n)
k2p = k2p.add(d);
d = d.double();
k1 >>= _1n;
k2 >>= _1n;
if (k1neg)
k1p = k1p.negate();
if (k2neg)
k2p = k2p.negate();
k2p = new JacobianPoint(mod(k2p.x * endo.beta), k2p.y, k2p.z);
return k1p.add(k2p);
precomputeWindow(W) {
const windows = USE_ENDOMORPHISM ? 128 / W + 1 : 256 / W + 1;
const points = [];
let p = this;
let base = p;
for (let window = 0; window < windows; window++) {
base = p;
for (let i = 1; i < 2 ** (W - 1); i++) {
base = base.add(p);
p = base.double();
return points;
wNAF(n, affinePoint) {
if (!affinePoint && this.equals(JacobianPoint.BASE))
affinePoint = Point.BASE;
const W = (affinePoint && affinePoint._WINDOW_SIZE) || 1;
if (256 % W) {
throw new Error('Point#wNAF: Invalid precomputation window, must be power of 2');
let precomputes = affinePoint && pointPrecomputes.get(affinePoint);
if (!precomputes) {
precomputes = this.precomputeWindow(W);
if (affinePoint && W !== 1) {
precomputes = JacobianPoint.normalizeZ(precomputes);
pointPrecomputes.set(affinePoint, precomputes);
let p = JacobianPoint.ZERO;
let f = JacobianPoint.BASE;
const windows = 1 + (USE_ENDOMORPHISM ? 128 / W : 256 / W);
const windowSize = 2 ** (W - 1);
const mask = BigInt(2 ** W - 1);
const maxNumber = 2 ** W;
const shiftBy = BigInt(W);
for (let window = 0; window < windows; window++) {
const offset = window * windowSize;
let wbits = Number(n & mask);
n >>= shiftBy;
if (wbits > windowSize) {
wbits -= maxNumber;
n += _1n;
const offset1 = offset;
const offset2 = offset + Math.abs(wbits) - 1;
const cond1 = window % 2 !== 0;
const cond2 = wbits < 0;
if (wbits === 0) {
f = f.add(constTimeNegate(cond1, precomputes[offset1]));
else {
p = p.add(constTimeNegate(cond2, precomputes[offset2]));
return { p, f };
multiply(scalar, affinePoint) {
let n = normalizeScalar(scalar);
let point;
let fake;
const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
k1p = constTimeNegate(k1neg, k1p);
k2p = constTimeNegate(k2neg, k2p);
k2p = new JacobianPoint(mod(k2p.x * endo.beta), k2p.y, k2p.z);
point = k1p.add(k2p);
fake = f1p.add(f2p);
else {
const { p, f } = this.wNAF(n, affinePoint);
point = p;
fake = f;
return JacobianPoint.normalizeZ([point, fake])[0];
toAffine(invZ) {
const { x, y, z } = this;
const is0 = this.equals(JacobianPoint.ZERO);
if (invZ == null)
invZ = is0 ? _8n : invert(z);
const iz1 = invZ;
const iz2 = mod(iz1 * iz1);
const iz3 = mod(iz2 * iz1);
const ax = mod(x * iz2);
const ay = mod(y * iz3);
const zz = mod(z * iz1);
if (is0)
return Point.ZERO;
if (zz !== _1n)
throw new Error('invZ was invalid');
return new Point(ax, ay);
JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n);
JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
function constTimeNegate(condition, item) {
const neg = item.negate();
return condition ? neg : item;
const pointPrecomputes = new WeakMap();
class Point {
constructor(x, y) {
this.x = x;
this.y = y;
_setWindowSize(windowSize) {
this._WINDOW_SIZE = windowSize;
hasEvenY() {
return this.y % _2n === _0n;
static fromCompressedHex(bytes) {
const isShort = bytes.length === 32;
const x = bytesToNumber(isShort ? bytes : bytes.subarray(1));
if (!isValidFieldElement(x))
throw new Error('Point is not on curve');
const y2 = weierstrass(x);
let y = sqrtMod(y2);
const isYOdd = (y & _1n) === _1n;
if (isShort) {
if (isYOdd)
y = mod(-y);
else {
const isFirstByteOdd = (bytes[0] & 1) === 1;
if (isFirstByteOdd !== isYOdd)
y = mod(-y);
const point = new Point(x, y);
return point;
static fromUncompressedHex(bytes) {
const x = bytesToNumber(bytes.subarray(1, fieldLen + 1));
const y = bytesToNumber(bytes.subarray(fieldLen + 1, fieldLen * 2 + 1));
const point = new Point(x, y);
return point;
static fromHex(hex) {
const bytes = ensureBytes(hex);
const len = bytes.length;
const header = bytes[0];
if (len === fieldLen)
return this.fromCompressedHex(bytes);
if (len === compressedLen && (header === 0x02 || header === 0x03)) {
return this.fromCompressedHex(bytes);
if (len === uncompressedLen && header === 0x04)
return this.fromUncompressedHex(bytes);
throw new Error(`Point.fromHex: received invalid point. Expected 32-${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes, not ${len}`);
static fromPrivateKey(privateKey) {
return Point.BASE.multiply(normalizePrivateKey(privateKey));
static fromSignature(msgHash, signature, recovery) {
const { r, s } = normalizeSignature(signature);
if (![0, 1, 2, 3].includes(recovery))
throw new Error('Cannot recover: invalid recovery bit');
const h = truncateHash(ensureBytes(msgHash));
const { n } = CURVE;
const radj = recovery === 2 || recovery === 3 ? r + n : r;
const rinv = invert(radj, n);
const u1 = mod(-h * rinv, n);
const u2 = mod(s * rinv, n);
const prefix = recovery & 1 ? '03' : '02';
const R = Point.fromHex(prefix + numTo32bStr(radj));
const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2);
if (!Q)
throw new Error('Cannot recover signature: point at infinify');
return Q;
toRawBytes(isCompressed = false) {
return hexToBytes(this.toHex(isCompressed));
toHex(isCompressed = false) {
const x = numTo32bStr(this.x);
if (isCompressed) {
const prefix = this.hasEvenY() ? '02' : '03';
return `${prefix}${x}`;
else {
return `04${x}${numTo32bStr(this.y)}`;
toHexX() {
return this.toHex(true).slice(2);
toRawX() {
return this.toRawBytes(true).slice(1);
assertValidity() {
const msg = 'Point is not on elliptic curve';
const { x, y } = this;
if (!isValidFieldElement(x) || !isValidFieldElement(y))
throw new Error(msg);
const left = mod(y * y);
const right = weierstrass(x);
if (mod(left - right) !== _0n)
throw new Error(msg);
equals(other) {
return this.x === other.x && this.y === other.y;
negate() {
return new Point(this.x, mod(-this.y));
double() {
return JacobianPoint.fromAffine(this).double().toAffine();
add(other) {
return JacobianPoint.fromAffine(this).add(JacobianPoint.fromAffine(other)).toAffine();
subtract(other) {
return this.add(other.negate());
multiply(scalar) {
return JacobianPoint.fromAffine(this).multiply(scalar, this).toAffine();
multiplyAndAddUnsafe(Q, a, b) {
const P = JacobianPoint.fromAffine(this);
const aP = a === _0n || a === _1n || this !== Point.BASE ? P.multiplyUnsafe(a) : P.multiply(a);
const bQ = JacobianPoint.fromAffine(Q).multiplyUnsafe(b);
const sum = aP.add(bQ);
return sum.equals(JacobianPoint.ZERO) ? undefined : sum.toAffine();
Point.BASE = new Point(CURVE.Gx, CURVE.Gy);
Point.ZERO = new Point(_0n, _0n);
function sliceDER(s) {
return Number.parseInt(s[0], 16) >= 8 ? '00' + s : s;
function parseDERInt(data) {
if (data.length < 2 || data[0] !== 0x02) {
throw new Error(`Invalid signature integer tag: ${bytesToHex(data)}`);
const len = data[1];
const res = data.subarray(2, len + 2);
if (!len || res.length !== len) {
throw new Error(`Invalid signature integer: wrong length`);
if (res[0] === 0x00 && res[1] <= 0x7f) {
throw new Error('Invalid signature integer: trailing length');
return { data: bytesToNumber(res), left: data.subarray(len + 2) };
function parseDERSignature(data) {
if (data.length < 2 || data[0] != 0x30) {
throw new Error(`Invalid signature tag: ${bytesToHex(data)}`);
if (data[1] !== data.length - 2) {
throw new Error('Invalid signature: incorrect length');
const { data: r, left: sBytes } = parseDERInt(data.subarray(2));
const { data: s, left: rBytesLeft } = parseDERInt(sBytes);
if (rBytesLeft.length) {
throw new Error(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`);
return { r, s };
class Signature$1 {
constructor(r, s) {
this.r = r;
this.s = s;
static fromCompact(hex) {
const arr = hex instanceof Uint8Array;
const name = 'Signature.fromCompact';
if (typeof hex !== 'string' && !arr)
throw new TypeError(`${name}: Expected string or Uint8Array`);
const str = arr ? bytesToHex(hex) : hex;
if (str.length !== 128)
throw new Error(`${name}: Expected 64-byte hex`);
return new Signature$1(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
static fromDER(hex) {
const arr = hex instanceof Uint8Array;
if (typeof hex !== 'string' && !arr)
throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
return new Signature$1(r, s);
static fromHex(hex) {
return this.fromDER(hex);
assertValidity() {
const { r, s } = this;
if (!isWithinCurveOrder(r))
throw new Error('Invalid Signature: r must be 0 < r < n');
if (!isWithinCurveOrder(s))
throw new Error('Invalid Signature: s must be 0 < s < n');
hasHighS() {
const HALF = CURVE.n >> _1n;
return this.s > HALF;
normalizeS() {
return this.hasHighS() ? new Signature$1(this.r, mod(-this.s, CURVE.n)) : this;
toDERRawBytes() {
return hexToBytes(this.toDERHex());
toDERHex() {
const sHex = sliceDER(numberToHexUnpadded(this.s));
const rHex = sliceDER(numberToHexUnpadded(this.r));
const sHexL = sHex.length / 2;
const rHexL = rHex.length / 2;
const sLen = numberToHexUnpadded(sHexL);
const rLen = numberToHexUnpadded(rHexL);
const length = numberToHexUnpadded(rHexL + sHexL + 4);
return `30${length}02${rLen}${rHex}02${sLen}${sHex}`;
toRawBytes() {
return this.toDERRawBytes();
toHex() {
return this.toDERHex();
toCompactRawBytes() {
return hexToBytes(this.toCompactHex());
toCompactHex() {
return numTo32bStr(this.r) + numTo32bStr(this.s);
function concatBytes(...arrays) {
if (!arrays.every((b) => b instanceof Uint8Array))
throw new Error('Uint8Array list expected');
if (arrays.length === 1)
return arrays[0];
const length = arrays.reduce((a, arr) => a + arr.length, 0);
const result = new Uint8Array(length);
for (let i = 0, pad = 0; i < arrays.length; i++) {
const arr = arrays[i];
result.set(arr, pad);
pad += arr.length;
return result;
const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
function bytesToHex(uint8a) {
if (!(uint8a instanceof Uint8Array))
throw new Error('Expected Uint8Array');
let hex = '';
for (let i = 0; i < uint8a.length; i++) {
hex += hexes[uint8a[i]];
return hex;
const POW_2_256 = BigInt('0x10000000000000000000000000000000000000000000000000000000000000000');
function numTo32bStr(num) {
if (typeof num !== 'bigint')
throw new Error('Expected bigint');
if (!(_0n <= num && num < POW_2_256))
throw new Error('Expected number 0 <= n < 2^256');
return num.toString(16).padStart(64, '0');
function numTo32b(num) {
const b = hexToBytes(numTo32bStr(num));
if (b.length !== 32)
throw new Error('Error: expected 32 bytes');
return b;
function numberToHexUnpadded(num) {
const hex = num.toString(16);
return hex.length & 1 ? `0${hex}` : hex;
function hexToNumber(hex) {
if (typeof hex !== 'string') {
throw new TypeError('hexToNumber: expected string, got ' + typeof hex);
return BigInt(`0x${hex}`);
function hexToBytes(hex) {
if (typeof hex !== 'string') {
throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
if (hex.length % 2)
throw new Error('hexToBytes: received invalid unpadded hex' + hex.length);
const array = new Uint8Array(hex.length / 2);
for (let i = 0; i < array.length; i++) {
const j = i * 2;
const hexByte = hex.slice(j, j + 2);
const byte = Number.parseInt(hexByte, 16);
if (Number.isNaN(byte) || byte < 0)
throw new Error('Invalid byte sequence');
array[i] = byte;
return array;
function bytesToNumber(bytes) {
return hexToNumber(bytesToHex(bytes));
function ensureBytes(hex) {
return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
function normalizeScalar(num) {
if (typeof num === 'number' && Number.isSafeInteger(num) && num > 0)
return BigInt(num);
if (typeof num === 'bigint' && isWithinCurveOrder(num))
return num;
throw new TypeError('Expected valid private scalar: 0 < scalar < curve.n');
function mod(a, b = CURVE.P) {
const result = a % b;
return result >= _0n ? result : b + result;
function pow2(x, power) {
const { P } = CURVE;
let res = x;
while (power-- > _0n) {
res *= res;
res %= P;
return res;
function sqrtMod(x) {
const { P } = CURVE;
const _6n = BigInt(6);
const _11n = BigInt(11);
const _22n = BigInt(22);
const _23n = BigInt(23);
const _44n = BigInt(44);
const _88n = BigInt(88);
const b2 = (x * x * x) % P;
const b3 = (b2 * b2 * x) % P;
const b6 = (pow2(b3, _3n) * b3) % P;
const b9 = (pow2(b6, _3n) * b3) % P;
const b11 = (pow2(b9, _2n) * b2) % P;
const b22 = (pow2(b11, _11n) * b11) % P;
const b44 = (pow2(b22, _22n) * b22) % P;
const b88 = (pow2(b44, _44n) * b44) % P;
const b176 = (pow2(b88, _88n) * b88) % P;
const b220 = (pow2(b176, _44n) * b44) % P;
const b223 = (pow2(b220, _3n) * b3) % P;
const t1 = (pow2(b223, _23n) * b22) % P;
const t2 = (pow2(t1, _6n) * b2) % P;
const rt = pow2(t2, _2n);
const xc = (rt * rt) % P;
if (xc !== x)
throw new Error('Cannot find square root');
return rt;
function invert(number, modulo = CURVE.P) {
if (number === _0n || modulo <= _0n) {
throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
let a = mod(number, modulo);
let b = modulo;
let x = _0n, y = _1n, u = _1n, v = _0n;
while (a !== _0n) {
const q = b / a;
const r = b % a;
const m = x - u * q;
const n = y - v * q;
b = a, a = r, x = u, y = v, u = m, v = n;
const gcd = b;
if (gcd !== _1n)
throw new Error('invert: does not exist');
return mod(x, modulo);
function invertBatch(nums, p = CURVE.P) {
const scratch = new Array(nums.length);
const lastMultiplied = nums.reduce((acc, num, i) => {
if (num === _0n)
return acc;
scratch[i] = acc;
return mod(acc * num, p);
}, _1n);
const inverted = invert(lastMultiplied, p);
nums.reduceRight((acc, num, i) => {
if (num === _0n)
return acc;
scratch[i] = mod(acc * scratch[i], p);
return mod(acc * num, p);
}, inverted);
return scratch;
function bits2int_2(bytes) {
const delta = bytes.length * 8 - groupLen * 8;
const num = bytesToNumber(bytes);
return delta > 0 ? num >> BigInt(delta) : num;
function truncateHash(hash, truncateOnly = false) {
const h = bits2int_2(hash);
if (truncateOnly)
return h;
const { n } = CURVE;
return h >= n ? h - n : h;
let _sha256Sync;
let _hmacSha256Sync;
class HmacDrbg {
constructor(hashLen, qByteLen) {
this.hashLen = hashLen;
this.qByteLen = qByteLen;
if (typeof hashLen !== 'number' || hashLen < 2)
throw new Error('hashLen must be a number');
if (typeof qByteLen !== 'number' || qByteLen < 2)
throw new Error('qByteLen must be a number');
this.v = new Uint8Array(hashLen).fill(1);
this.k = new Uint8Array(hashLen).fill(0);
this.counter = 0;
hmac(...values) {
return utils.hmacSha256(this.k, ...values);
hmacSync(...values) {
return _hmacSha256Sync(this.k, ...values);
checkSync() {
if (typeof _hmacSha256Sync !== 'function')
throw new ShaError('hmacSha256Sync needs to be set');
incr() {
if (this.counter >= 1000)
throw new Error('Tried 1,000 k values for sign(), all were invalid');
this.counter += 1;
async reseed(seed = new Uint8Array()) {
this.k = await this.hmac(this.v, Uint8Array.from([0x00]), seed);
this.v = await this.hmac(this.v);
if (seed.length === 0)
this.k = await this.hmac(this.v, Uint8Array.from([0x01]), seed);
this.v = await this.hmac(this.v);
reseedSync(seed = new Uint8Array()) {
this.k = this.hmacSync(this.v, Uint8Array.from([0x00]), seed);
this.v = this.hmacSync(this.v);
if (seed.length === 0)
this.k = this.hmacSync(this.v, Uint8Array.from([0x01]), seed);
this.v = this.hmacSync(this.v);
async generate() {
let len = 0;
const out = [];
while (len < this.qByteLen) {
this.v = await this.hmac(this.v);
const sl = this.v.slice();
len += this.v.length;
return concatBytes(...out);
generateSync() {
let len = 0;
const out = [];
while (len < this.qByteLen) {
this.v = this.hmacSync(this.v);
const sl = this.v.slice();
len += this.v.length;
return concatBytes(...out);
function isWithinCurveOrder(num) {
return _0n < num && num < CURVE.n;
function isValidFieldElement(num) {
return _0n < num && num < CURVE.P;
function kmdToSig(kBytes, m, d, lowS = true) {
const { n } = CURVE;
const k = truncateHash(kBytes, true);
if (!isWithinCurveOrder(k))
const kinv = invert(k, n);
const q = Point.BASE.multiply(k);
const r = mod(q.x, n);
if (r === _0n)
const s = mod(kinv * mod(m + d * r, n), n);
if (s === _0n)
let sig = new Signature$1(r, s);
let recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & _1n);
if (lowS && sig.hasHighS()) {
sig = sig.normalizeS();
recovery ^= 1;
return { sig, recovery };
function normalizePrivateKey(key) {
let num;
if (typeof key === 'bigint') {
num = key;
else if (typeof key === 'number' && Number.isSafeInteger(key) && key > 0) {
num = BigInt(key);
else if (typeof key === 'string') {
if (key.length !== 2 * groupLen)
throw new Error('Expected 32 bytes of private key');
num = hexToNumber(key);
else if (key instanceof Uint8Array) {
if (key.length !== groupLen)
throw new Error('Expected 32 bytes of private key');
num = bytesToNumber(key);
else {
throw new TypeError('Expected valid private key');
if (!isWithinCurveOrder(num))
throw new Error('Expected private key: 0 < key < n');
return num;
function normalizePublicKey(publicKey) {
if (publicKey instanceof Point) {
return publicKey;
else {
return Point.fromHex(publicKey);
function normalizeSignature(signature) {
if (signature instanceof Signature$1) {
return signature;
try {
return Signature$1.fromDER(signature);
catch (error) {
return Signature$1.fromCompact(signature);
function getPublicKey(privateKey, isCompressed = false) {
return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);
function recoverPublicKey(msgHash, signature, recovery, isCompressed = false) {
return Point.fromSignature(msgHash, signature, recovery).toRawBytes(isCompressed);
function isProbPub(item) {
const arr = item instanceof Uint8Array;
const str = typeof item === 'string';
const len = (arr || str) && item.length;
if (arr)
return len === compressedLen || len === uncompressedLen;
if (str)
return len === compressedLen * 2 || len === uncompressedLen * 2;
if (item instanceof Point)
return true;
return false;
function getSharedSecret(privateA, publicB, isCompressed = false) {
if (isProbPub(privateA))
throw new TypeError('getSharedSecret: first arg must be private key');
if (!isProbPub(publicB))
throw new TypeError('getSharedSecret: second arg must be public key');
const b = normalizePublicKey(publicB);
return b.multiply(normalizePrivateKey(privateA)).toRawBytes(isCompressed);
function bits2int(bytes) {
const slice = bytes.length > fieldLen ? bytes.slice(0, fieldLen) : bytes;
return bytesToNumber(slice);
function bits2octets(bytes) {
const z1 = bits2int(bytes);
const z2 = mod(z1, CURVE.n);
return int2octets(z2 < _0n ? z1 : z2);
function int2octets(num) {
return numTo32b(num);
function initSigArgs(msgHash, privateKey, extraEntropy) {
if (msgHash == null)
throw new Error(`sign: expected valid message hash, not "${msgHash}"`);
const h1 = ensureBytes(msgHash);
const d = normalizePrivateKey(privateKey);
const seedArgs = [int2octets(d), bits2octets(h1)];
if (extraEntropy != null) {
if (extraEntropy === true)
extraEntropy = utils.randomBytes(fieldLen);
const e = ensureBytes(extraEntropy);
if (e.length !== fieldLen)
throw new Error(`sign: Expected ${fieldLen} bytes of extra data`);
const seed = concatBytes(...seedArgs);
const m = bits2int(h1);
return { seed, m, d };
function finalizeSig(recSig, opts) {
const { sig, recovery } = recSig;
const { der, recovered } = Object.assign({ canonical: true, der: true }, opts);
const hashed = der ? sig.toDERRawBytes() : sig.toCompactRawBytes();
return recovered ? [hashed, recovery] : hashed;
async function sign(msgHash, privKey, opts = {}) {
const { seed, m, d } = initSigArgs(msgHash, privKey, opts.extraEntropy);
const drbg = new HmacDrbg(hashLen, groupLen);
await drbg.reseed(seed);
let sig;
while (!(sig = kmdToSig(await drbg.generate(), m, d, opts.canonical)))
await drbg.reseed();
return finalizeSig(sig, opts);
function signSync(msgHash, privKey, opts = {}) {
const { seed, m, d } = initSigArgs(msgHash, privKey, opts.extraEntropy);
const drbg = new HmacDrbg(hashLen, groupLen);
let sig;
while (!(sig = kmdToSig(drbg.generateSync(), m, d, opts.canonical)))
return finalizeSig(sig, opts);
const vopts = { strict: true };
function verify(signature, msgHash, publicKey, opts = vopts) {
let sig;
try {
sig = normalizeSignature(signature);
msgHash = ensureBytes(msgHash);
catch (error) {
return false;
const { r, s } = sig;
if (opts.strict && sig.hasHighS())
return false;
const h = truncateHash(msgHash);
let P;
try {
P = normalizePublicKey(publicKey);
catch (error) {
return false;
const { n } = CURVE;
const sinv = invert(s, n);
const u1 = mod(h * sinv, n);
const u2 = mod(r * sinv, n);
const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2);
if (!R)
return false;
const v = mod(R.x, n);
return v === r;
function schnorrChallengeFinalize(ch) {
return mod(bytesToNumber(ch), CURVE.n);
class SchnorrSignature {
constructor(r, s) {
this.r = r;
this.s = s;
static fromHex(hex) {
const bytes = ensureBytes(hex);
if (bytes.length !== 64)
throw new TypeError(`SchnorrSignature.fromHex: expected 64 bytes, not ${bytes.length}`);
const r = bytesToNumber(bytes.subarray(0, 32));
const s = bytesToNumber(bytes.subarray(32, 64));
return new SchnorrSignature(r, s);
assertValidity() {
const { r, s } = this;
if (!isValidFieldElement(r) || !isWithinCurveOrder(s))
throw new Error('Invalid signature');
toHex() {
return numTo32bStr(this.r) + numTo32bStr(this.s);
toRawBytes() {
return hexToBytes(this.toHex());
function schnorrGetPublicKey(privateKey) {
return Point.fromPrivateKey(privateKey).toRawX();
class InternalSchnorrSignature {
constructor(message, privateKey, auxRand = utils.randomBytes()) {
if (message == null)
throw new TypeError(`sign: Expected valid message, not "${message}"`);
this.m = ensureBytes(message);
const { x, scalar } = this.getScalar(normalizePrivateKey(privateKey));
this.px = x;
this.d = scalar;
this.rand = ensureBytes(auxRand);
if (this.rand.length !== 32)
throw new TypeError('sign: Expected 32 bytes of aux randomness');
getScalar(priv) {
const point = Point.fromPrivateKey(priv);
const scalar = point.hasEvenY() ? priv : CURVE.n - priv;
return { point, scalar, x: point.toRawX() };
initNonce(d, t0h) {
return numTo32b(d ^ bytesToNumber(t0h));
finalizeNonce(k0h) {
const k0 = mod(bytesToNumber(k0h), CURVE.n);
if (k0 === _0n)
throw new Error('sign: Creation of signature failed. k is zero');
const { point: R, x: rx, scalar: k } = this.getScalar(k0);
return { R, rx, k };
finalizeSig(R, k, e, d) {
return new SchnorrSignature(R.x, mod(k + e * d, CURVE.n)).toRawBytes();
error() {
throw new Error('sign: Invalid signature produced');
async calc() {
const { m, d, px, rand } = this;
const tag = utils.taggedHash;
const t = this.initNonce(d, await tag(TAGS.aux, rand));
const { R, rx, k } = this.finalizeNonce(await tag(TAGS.nonce, t, px, m));
const e = schnorrChallengeFinalize(await tag(TAGS.challenge, rx, px, m));
const sig = this.finalizeSig(R, k, e, d);
if (!(await schnorrVerify(sig, m, px)))
return sig;
calcSync() {
const { m, d, px, rand } = this;
const tag = utils.taggedHashSync;
const t = this.initNonce(d, tag(TAGS.aux, rand));
const { R, rx, k } = this.finalizeNonce(tag(TAGS.nonce, t, px, m));
const e = schnorrChallengeFinalize(tag(TAGS.challenge, rx, px, m));
const sig = this.finalizeSig(R, k, e, d);
if (!schnorrVerifySync(sig, m, px))
return sig;
async function schnorrSign(msg, privKey, auxRand) {
return new InternalSchnorrSignature(msg, privKey, auxRand).calc();
function schnorrSignSync(msg, privKey, auxRand) {
return new InternalSchnorrSignature(msg, privKey, auxRand).calcSync();
function initSchnorrVerify(signature, message, publicKey) {
const raw = signature instanceof SchnorrSignature;
const sig = raw ? signature : SchnorrSignature.fromHex(signature);
if (raw)
return {
m: ensureBytes(message),
P: normalizePublicKey(publicKey),
function finalizeSchnorrVerify(r, P, s, e) {
const R = Point.BASE.multiplyAndAddUnsafe(P, normalizePrivateKey(s), mod(-e, CURVE.n));
if (!R || !R.hasEvenY() || R.x !== r)
return false;
return true;
async function schnorrVerify(signature, message, publicKey) {
try {
const { r, s, m, P } = initSchnorrVerify(signature, message, publicKey);
const e = schnorrChallengeFinalize(await utils.taggedHash(TAGS.challenge, numTo32b(r), P.toRawX(), m));
return finalizeSchnorrVerify(r, P, s, e);
catch (error) {
return false;
function schnorrVerifySync(signature, message, publicKey) {
try {
const { r, s, m, P } = initSchnorrVerify(signature, message, publicKey);
const e = schnorrChallengeFinalize(utils.taggedHashSync(TAGS.challenge, numTo32b(r), P.toRawX(), m));
return finalizeSchnorrVerify(r, P, s, e);
catch (error) {
if (error instanceof ShaError)
throw error;
return false;
const schnorr = {
Signature: SchnorrSignature,
getPublicKey: schnorrGetPublicKey,
sign: schnorrSign,
verify: schnorrVerify,
signSync: schnorrSignSync,
verifySync: schnorrVerifySync,
const crypto = {
node: nodeCrypto,
web: typeof self === 'object' && 'crypto' in self ? self.crypto : undefined,
const TAGS = {
challenge: 'BIP0340/challenge',
aux: 'BIP0340/aux',
nonce: 'BIP0340/nonce',
const utils = {
isValidPrivateKey(privateKey) {
try {
return true;
catch (error) {
return false;
_bigintTo32Bytes: numTo32b,
_normalizePrivateKey: normalizePrivateKey,
hashToPrivateKey: (hash) => {
hash = ensureBytes(hash);
const minLen = groupLen + 8;
if (hash.length < minLen || hash.length > 1024) {
throw new Error(`Expected valid bytes of private key as per FIPS 186`);
const num = mod(bytesToNumber(hash), CURVE.n - _1n) + _1n;
return numTo32b(num);
randomBytes: (bytesLength = 32) => {
if (crypto.web) {
return crypto.web.getRandomValues(new Uint8Array(bytesLength));
else if (crypto.node) {
const { randomBytes } = crypto.node;
return Uint8Array.from(randomBytes(bytesLength));
else {
throw new Error("The environment doesn't have randomBytes function");
randomPrivateKey: () => utils.hashToPrivateKey(utils.randomBytes(groupLen + 8)),
precompute(windowSize = 8, point = Point.BASE) {
const cached = point === Point.BASE ? point : new Point(point.x, point.y);
return cached;
sha256: async (...messages) => {
if (crypto.web) {
const buffer = await crypto.web.subtle.digest('SHA-256', concatBytes(...messages));
return new Uint8Array(buffer);
else if (crypto.node) {
const { createHash } = crypto.node;
const hash = createHash('sha256');
messages.forEach((m) => hash.update(m));
return Uint8Array.from(hash.digest());
else {
throw new Error("The environment doesn't have sha256 function");
hmacSha256: async (key, ...messages) => {
if (crypto.web) {
const ckey = await crypto.web.subtle.importKey('raw', key, { name: 'HMAC', hash: { name: 'SHA-256' } }, false, ['sign']);
const message = concatBytes(...messages);
const buffer = await crypto.web.subtle.sign('HMAC', ckey, message);
return new Uint8Array(buffer);
else if (crypto.node) {
const { createHmac } = crypto.node;
const hash = createHmac('sha256', key);
messages.forEach((m) => hash.update(m));
return Uint8Array.from(hash.digest());
else {
throw new Error("The environment doesn't have hmac-sha256 function");
sha256Sync: undefined,
hmacSha256Sync: undefined,
taggedHash: async (tag, ...messages) => {
if (tagP === undefined) {
const tagH = await utils.sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
tagP = concatBytes(tagH, tagH);
return utils.sha256(tagP, ...messages);
taggedHashSync: (tag, ...messages) => {
if (typeof _sha256Sync !== 'function')
throw new ShaError('sha256Sync is undefined, you need to set it');
if (tagP === undefined) {
const tagH = _sha256Sync(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
tagP = concatBytes(tagH, tagH);
return _sha256Sync(tagP, ...messages);
_JacobianPoint: JacobianPoint,
Object.defineProperties(utils, {
sha256Sync: {
configurable: false,
get() {
return _sha256Sync;
set(val) {
if (!_sha256Sync)
_sha256Sync = val;
hmacSha256Sync: {
configurable: false,
get() {
return _hmacSha256Sync;
set(val) {
if (!_hmacSha256Sync)
_hmacSha256Sync = val;
* A constant for the zero address.
* (**i.e.** ``"0x0000000000000000000000000000000000000000"``)
const ZeroAddress = "0x0000000000000000000000000000000000000000";
* A constant for the zero hash.
* (**i.e.** ``"0x0000000000000000000000000000000000000000000000000000000000000000"``)
const ZeroHash = "0x0000000000000000000000000000000000000000000000000000000000000000";
* A constant for the order N for the secp256k1 curve.
* (**i.e.** ``0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n``)
const N$1 = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
* A constant for the number of wei in a single ether.
* (**i.e.** ``1000000000000000000n``)
const WeiPerEther = BigInt("1000000000000000000");
* A constant for the maximum value for a ``uint256``.
* (**i.e.** ``0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffn``)
const MaxUint256 = BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
* A constant for the minimum value for an ``int256``.
* (**i.e.** ``-8000000000000000000000000000000000000000000000000000000000000000n``)
const MinInt256 = BigInt("0x8000000000000000000000000000000000000000000000000000000000000000") * BigInt(-1);
* A constant for the maximum value for an ``int256``.
* (**i.e.** ``0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffn``)
const MaxInt256 = BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
// NFKC (composed) // (decomposed)
* A constant for the ether symbol (normalized using NFKC).
* (**i.e.** ``"\\u039e"``)
const EtherSymbol = "\u039e"; // "\uD835\uDF63";
* A constant for the [[link-eip-191]] personal message prefix.
* (**i.e.** ``"\\x19Ethereum Signed Message:\\n"``)
const MessagePrefix = "\x19Ethereum Signed Message:\n";
* Some common constants useful for Ethereum.
* @_section: api/constants: Constants [about-constants]
// Constants
const BN_0$7 = BigInt(0);
const BN_1$3 = BigInt(1);
const BN_2$3 = BigInt(2);
const BN_27$1 = BigInt(27);
const BN_28$1 = BigInt(28);
const BN_35$1 = BigInt(35);
const _guard$3 = {};
function toUint256(value) {
return zeroPadValue(toBeArray(value), 32);
* A Signature @TODO
* @_docloc: api/crypto:Signing
class Signature {
* The ``r`` value for a signautre.
* This represents the ``x`` coordinate of a "reference" or
* challenge point, from which the ``y`` can be computed.
get r() { return this.#r; }
set r(value) {
assertArgument(dataLength(value) === 32, "invalid r", "value", value);
this.#r = hexlify(value);
* The ``s`` value for a signature.
get s() { return this.#s; }
set s(_value) {
assertArgument(dataLength(_value) === 32, "invalid r", "value", _value);
const value = hexlify(_value);
assertArgument(parseInt(value.substring(0, 3)) < 8, "non-canonical s", "value", value);
this.#s = value;
* The ``v`` value for a signature.
* Since a given ``x`` value for ``r`` has two possible values for
* its correspondin ``y``, the ``v`` indicates which of the two ``y``
* values to use.
* It is normalized to the values ``27`` or ``28`` for legacy
* purposes.
get v() { return this.#v; }
set v(value) {
const v = getNumber(value, "value");
assertArgument(v === 27 || v === 28, "invalid v", "v", value);
this.#v = v;
* The EIP-155 ``v`` for legacy transactions. For non-legacy
* transactions, this value is ``null``.
get networkV() { return this.#networkV; }
* The chain ID for EIP-155 legacy transactions. For non-legacy
* transactions, this value is ``null``.
get legacyChainId() {
const v = this.networkV;
if (v == null) {
return null;
return Signature.getChainId(v);
* The ``yParity`` for the signature.
* See ``v`` for more details on how this value is used.
get yParity() {
return (this.v === 27) ? 0 : 1;
* The [[link-eip-2098]] compact representation of the ``yParity``
* and ``s`` compacted into a single ``bytes32``.
get yParityAndS() {
// The EIP-2098 compact representation
const yParityAndS = getBytes(this.s);
if (this.yParity) {
yParityAndS[0] |= 0x80;
return hexlify(yParityAndS);
* The [[link-eip-2098]] compact representation.
get compactSerialized() {
return concat([this.r, this.yParityAndS]);
* The serialized representation.
get serialized() {
return concat([this.r, this.s, (this.yParity ? "0x1c" : "0x1b")]);
* @private
constructor(guard, r, s, v) {
assertPrivate(guard, _guard$3, "Signature");
this.#r = r;
this.#s = s;
this.#v = v;
this.#networkV = null;
[Symbol.for('nodejs.util.inspect.custom')]() {
return `Signature { r: "${this.r}", s: "${this.s}", yParity: ${this.yParity}, networkV: ${this.networkV} }`;
* Returns a new identical [[Signature]].
clone() {
const clone = new Signature(_guard$3, this.r, this.s, this.v);
if (this.networkV) {
clone.#networkV = this.networkV;
return clone;
* Returns a representation that is compatible with ``JSON.stringify``.
toJSON() {
const networkV = this.networkV;
return {
_type: "signature",
networkV: ((networkV != null) ? networkV.toString() : null),
r: this.r, s: this.s, v: this.v,
* Compute the chain ID from the ``v`` in a legacy EIP-155 transactions.
* @example:
* Signature.getChainId(45)
* //_result:
* Signature.getChainId(46)
* //_result:
static getChainId(v) {
const bv = getBigInt(v, "v");
// The v is not an EIP-155 v, so it is the unspecified chain ID
if ((bv == BN_27$1) || (bv == BN_28$1)) {
return BN_0$7;
// Bad value for an EIP-155 v
assertArgument(bv >= BN_35$1, "invalid EIP-155 v", "v", v);
return (bv - BN_35$1) / BN_2$3;
* Compute the ``v`` for a chain ID for a legacy EIP-155 transactions.
* Legacy transactions which use [[link-eip-155]] hijack the ``v``
* property to include the chain ID.
* @example:
* Signature.getChainIdV(5, 27)
* //_result:
* Signature.getChainIdV(5, 28)
* //_result:
static getChainIdV(chainId, v) {
return (getBigInt(chainId) * BN_2$3) + BigInt(35 + v - 27);
* Compute the normalized legacy transaction ``v`` from a ``yParirty``,
* a legacy transaction ``v`` or a legacy [[link-eip-155]] transaction.
* @example:
* // The values 0 and 1 imply v is actually yParity
* Signature.getNormalizedV(0)
* //_result:
* // Legacy non-EIP-1559 transaction (i.e. 27 or 28)
* Signature.getNormalizedV(27)
* //_result:
* // Legacy EIP-155 transaction (i.e. >= 35)
* Signature.getNormalizedV(46)
* //_result:
* // Invalid values throw
* Signature.getNormalizedV(5)
* //_error:
static getNormalizedV(v) {
const bv = getBigInt(v);
if (bv === BN_0$7 || bv === BN_27$1) {
return 27;
if (bv === BN_1$3 || bv === BN_28$1) {
return 28;
assertArgument(bv >= BN_35$1, "invalid v", "v", v);
// Otherwise, EIP-155 v means odd is 27 and even is 28
return (bv & BN_1$3) ? 27 : 28;
* Creates a new [[Signature]].
* If no %%sig%% is provided, a new [[Signature]] is created
* with default values.
* If %%sig%% is a string, it is parsed.
static from(sig) {
function assertError(check, message) {
assertArgument(check, message, "signature", sig);
if (sig == null) {
return new Signature(_guard$3, ZeroHash, ZeroHash, 27);
if (typeof (sig) === "string") {
const bytes = getBytes(sig, "signature");
if (bytes.length === 64) {
const r = hexlify(bytes.slice(0, 32));
const s = bytes.slice(32, 64);
const v = (s[0] & 0x80) ? 28 : 27;
s[0] &= 0x7f;
return new Signature(_guard$3, r, hexlify(s), v);
if (bytes.length === 65) {
const r = hexlify(bytes.slice(0, 32));
const s = bytes.slice(32, 64);
assertError((s[0] & 0x80) === 0, "non-canonical s");
const v = Signature.getNormalizedV(bytes[64]);
return new Signature(_guard$3, r, hexlify(s), v);
assertError(false, "invlaid raw signature length");
if (sig instanceof Signature) {
return sig.clone();
// Get r
const _r = sig.r;
assertError(_r != null, "missing r");
const r = toUint256(_r);
// Get s; by any means necessary (we check consistency below)
const s = (function (s, yParityAndS) {
if (s != null) {
return toUint256(s);
if (yParityAndS != null) {
assertError(isHexString(yParityAndS, 32), "invalid yParityAndS");
const bytes = getBytes(yParityAndS);
bytes[0] &= 0x7f;
return hexlify(bytes);
assertError(false, "missing s");
})(sig.s, sig.yParityAndS);
assertError((getBytes(s)[0] & 0x80) == 0, "non-canonical s");
// Get v; by any means necessary (we check consistency below)
const { networkV, v } = (function (_v, yParityAndS, yParity) {
if (_v != null) {
const v = getBigInt(_v);
return {
networkV: ((v >= BN_35$1) ? v : undefined),
v: Signature.getNormalizedV(v)
if (yParityAndS != null) {
assertError(isHexString(yParityAndS, 32), "invalid yParityAndS");
return { v: ((getBytes(yParityAndS)[0] & 0x80) ? 28 : 27) };
if (yParity != null) {
switch (yParity) {
case 0: return { v: 27 };
case 1: return { v: 28 };
assertError(false, "invalid yParity");
assertError(false, "missing v");
})(sig.v, sig.yParityAndS, sig.yParity);
const result = new Signature(_guard$3, r, s, v);
if (networkV) {
result.#networkV = networkV;
// If multiple of v, yParity, yParityAndS we given, check they match
assertError(!("yParity" in sig && sig.yParity !== result.yParity), "yParity mismatch");
assertError(!("yParityAndS" in sig && sig.yParityAndS !== result.yParityAndS), "yParityAndS mismatch");
return result;
* Add details about signing here.
* @_subsection: api/crypto:Signing [about-signing]
//const N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
// Make noble-secp256k1 sync
utils.hmacSha256Sync = function (key, ...messages) {
return getBytes(computeHmac("sha256", key, concat(messages)));
* A **SigningKey** provides high-level access to the elliptic curve
* cryptography (ECC) operations and key management.
class SigningKey {
* Creates a new **SigningKey** for %%privateKey%%.
constructor(privateKey) {
assertArgument(dataLength(privateKey) === 32, "invalid private key", "privateKey", "[REDACTED]");
this.#privateKey = hexlify(privateKey);
* The private key.
get privateKey() { return this.#privateKey; }
* The uncompressed public key.
* This will always begin with the prefix ``0x04`` and be 132
* characters long (the ``0x`` prefix and 130 hexadecimal nibbles).
get publicKey() { return SigningKey.computePublicKey(this.#privateKey); }
* The compressed public key.
* This will always begin with either the prefix ``0x02`` or ``0x03``
* and be 68 characters long (the ``0x`` prefix and 33 hexadecimal
* nibbles)
get compressedPublicKey() { return SigningKey.computePublicKey(this.#privateKey, true); }
* Return the signature of the signed %%digest%%.
sign(digest) {
assertArgument(dataLength(digest) === 32, "invalid digest length", "digest", digest);
const [sigDer, recid] = signSync(getBytesCopy(digest), getBytesCopy(this.#privateKey), {
recovered: true,
canonical: true
const sig = Signature$1.fromHex(sigDer);
return Signature.from({
r: toBeHex("0x" + sig.r.toString(16), 32),
s: toBeHex("0x" + sig.s.toString(16), 32),
v: (recid ? 0x1c : 0x1b)
* Returns the [[link-wiki-ecdh]] shared secret between this
* private key and the %%other%% key.
* The %%other%% key may be any type of key, a raw public key,
* a compressed/uncompressed pubic key or aprivate key.
* Best practice is usually to use a cryptographic hash on the
* returned value before using it as a symetric secret.
* @example:
* sign1 = new SigningKey(id("some-secret-1"))
* sign2 = new SigningKey(id("some-secret-2"))
* // Notice that privA.computeSharedSecret(pubB)...
* sign1.computeSharedSecret(sign2.publicKey)
* //_result:
* // equal to privB.computeSharedSecret(pubA).
* sign2.computeSharedSecret(sign1.publicKey)
* //_result:
computeSharedSecret(other) {
const pubKey = SigningKey.computePublicKey(other);
return hexlify(getSharedSecret(getBytesCopy(this.#privateKey), getBytes(pubKey)));
* Compute the public key for %%key%%, optionally %%compressed%%.
* The %%key%% may be any type of key, a raw public key, a
* compressed/uncompressed public key or private key.
* @example:
* sign = new SigningKey(id("some-secret"));
* // Compute the uncompressed public key for a private key
* SigningKey.computePublicKey(sign.privateKey)
* //_result:
* // Compute the compressed public key for a private key
* SigningKey.computePublicKey(sign.privateKey, true)
* //_result:
* // Compute the uncompressed public key
* SigningKey.computePublicKey(sign.publicKey, false);
* //_result:
* // Compute the Compressed a public key
* SigningKey.computePublicKey(sign.publicKey, true);
* //_result:
static computePublicKey(key, compressed) {
let bytes = getBytes(key, "key");
// private key
if (bytes.length === 32) {
const pubKey = getPublicKey(bytes, !!compressed);
return hexlify(pubKey);
// raw public key; use uncompressed key with 0x04 prefix
if (bytes.length === 64) {
const pub = new Uint8Array(65);
pub[0] = 0x04;
pub.set(bytes, 1);
bytes = pub;
const point = Point.fromHex(bytes);
return hexlify(point.toRawBytes(compressed));
* Returns the public key for the private key which produced the
* %%signature%% for the given %%digest%%.
* @example:
* key = new SigningKey(id("some-secret"))
* digest = id("hello world")
* sig = key.sign(digest)
* // Notice the signer public key...
* key.publicKey
* //_result:
* // equal to the recovered public key
* SigningKey.recoverPublicKey(digest, sig)
* //_result:
static recoverPublicKey(digest, signature) {
assertArgument(dataLength(digest) === 32, "invalid digest length", "digest", digest);
const sig = Signature.from(signature);
const der = Signature$1.fromCompact(getBytesCopy(concat([sig.r, sig.s]))).toDERRawBytes();
const pubKey = recoverPublicKey(getBytesCopy(digest), der, sig.yParity);
if (pubKey != null) {
return hexlify(pubKey);
assertArgument(false, "invalid signautre for digest", "signature", signature);
* Returns the point resulting from adding the ellipic curve points
* %%p0%% and %%p1%%.
* This is not a common function most developers should require, but
* can be useful for certain privacy-specific techniques.
* For example, it is used by [[HDNodeWallet]] to compute child
* addresses from parent public keys and chain codes.
static addPoints(p0, p1, compressed) {
const pub0 = Point.fromHex(SigningKey.computePublicKey(p0).substring(2));
const pub1 = Point.fromHex(SigningKey.computePublicKey(p1).substring(2));
return "0x" + pub0.add(pub1).toHex(!!compressed);
* A fundamental building block of Ethereum is the underlying
* cryptographic primitives.
* @_section: api/crypto:Cryptographic Functions [about-crypto]
function lock() {
const BN_0$6 = BigInt(0);
const BN_36 = BigInt(36);
function getChecksumAddress(address) {
// if (!isHexString(address, 20)) {
// logger.throwArgumentError("invalid address", "address", address);
// }
address = address.toLowerCase();
const chars = address.substring(2).split("");
const expanded = new Uint8Array(40);
for (let i = 0; i < 40; i++) {
expanded[i] = chars[i].charCodeAt(0);
const hashed = getBytes(keccak256(expanded));
for (let i = 0; i < 40; i += 2) {
if ((hashed[i >> 1] >> 4) >= 8) {
chars[i] = chars[i].toUpperCase();
if ((hashed[i >> 1] & 0x0f) >= 8) {
chars[i + 1] = chars[i + 1].toUpperCase();
return "0x" + chars.join("");
// See:
// Create lookup table
const ibanLookup = {};
for (let i = 0; i < 10; i++) {
ibanLookup[String(i)] = String(i);
for (let i = 0; i < 26; i++) {
ibanLookup[String.fromCharCode(65 + i)] = String(10 + i);
// How many decimal digits can we process? (for 64-bit float, this is 15)
// i.e. Math.floor(Math.log10(Number.MAX_SAFE_INTEGER));
const safeDigits = 15;
function ibanChecksum(address) {
address = address.toUpperCase();
address = address.substring(4) + address.substring(0, 2) + "00";
let expanded = address.split("").map((c) => { return ibanLookup[c]; }).join("");
// Javascript can handle integers safely up to 15 (decimal) digits
while (expanded.length >= safeDigits) {
let block = expanded.substring(0, safeDigits);
expanded = parseInt(block, 10) % 97 + expanded.substring(block.length);
let checksum = String(98 - (parseInt(expanded, 10) % 97));
while (checksum.length < 2) {
checksum = "0" + checksum;
return checksum;
const Base36 = (function () {
const result = {};
for (let i = 0; i < 36; i++) {
const key = "0123456789abcdefghijklmnopqrstuvwxyz"[i];
result[key] = BigInt(i);
return result;
function fromBase36(value) {
value = value.toLowerCase();
let result = BN_0$6;
for (let i = 0; i < value.length; i++) {
result = result * BN_36 + Base36[value[i]];
return result;
* Returns a normalized and checksumed address for %%address%%.
* This accepts non-checksum addresses, checksum addresses and
* [[getIcapAddress]] formats.
* The checksum in Ethereum uses the capitalization (upper-case
* vs lower-case) of the characters within an address to encode
* its checksum, which offers, on average, a checksum of 15-bits.
* If %%address%% contains both upper-case and lower-case, it is
* assumed to already be a checksum address and its checksum is
* validated, and if the address fails its expected checksum an
* error is thrown.
* If you wish the checksum of %%address%% to be ignore, it should
* be converted to lower-case (i.e. ``.toLowercase()``) before
* being passed in. This should be a very rare situation though,
* that you wish to bypass the safegaurds in place to protect
* against an address that has been incorrectly copied from another
* source.
* @example:
* // Adds the checksum (via upper-casing specific letters)
* getAddress("0x8ba1f109551bd432803012645ac136ddd64dba72")
* //_result:
* // Converts ICAP address and adds checksum
* //_result:
* // Throws an error if an address contains mixed case,
* // but the checksum fails
* getAddress("0x8Ba1f109551bD432803012645Ac136ddd64DBA72")
* //_error:
function getAddress(address) {
assertArgument(typeof (address) === "string", "invalid address", "address", address);
if (address.match(/^(0x)?[0-9a-fA-F]{40}$/)) {
// Missing the 0x prefix
if (!address.startsWith("0x")) {
address = "0x" + address;
const result = getChecksumAddress(address);
// It is a checksummed address with a bad checksum
assertArgument(!address.match(/([A-F].*[a-f])|([a-f].*[A-F])/) || result === address, "bad address checksum", "address", address);
return result;
// Maybe ICAP? (we only support direct mode)
if (address.match(/^XE[0-9]{2}[0-9A-Za-z]{30,31}$/)) {
// It is an ICAP address with a bad checksum
assertArgument(address.substring(2, 4) === ibanChecksum(address), "bad icap checksum", "address", address);
let result = fromBase36(address.substring(4)).toString(16);
while (result.length < 40) {
result = "0" + result;
return getChecksumAddress("0x" + result);
assertArgument(false, "invalid address", "address", address);
* The [ICAP Address format](link-icap) format is an early checksum
* format which attempts to be compatible with the banking
* industry [IBAN format](link-wiki-iban] for bank accounts.
* It is no longer common or a recommended format.
* @example:
* getIcapAddress("0x8ba1f109551bd432803012645ac136ddd64dba72");
* //_result:
* //_result:
* // Throws an error if the ICAP checksum is wrong
* //_error:
function getIcapAddress(address) {
//let base36 = _base16To36(getAddress(address).substring(2)).toUpperCase();
let base36 = BigInt(getAddress(address)).toString(36).toUpperCase();
while (base36.length < 30) {
base36 = "0" + base36;
return "XE" + ibanChecksum("XE00" + base36) + base36;
* Returns the address that would result from a ``CREATE`` for %%tx%%.
* This can be used to compute the address a contract will be
* deployed to by an EOA when sending a deployment transaction (i.e.
* when the ``to`` address is ``null``).
* This can also be used to compute the address a contract will be
* deployed to by a contract, by using the contract's address as the
* ``to`` and the contract's nonce.
* @example
* from = "0x8ba1f109551bD432803012645Ac136ddd64DBA72";
* nonce = 5;
* getCreateAddress({ from, nonce });
* //_result:
function getCreateAddress(tx) {
const from = getAddress(tx.from);
const nonce = getBigInt(tx.nonce, "tx.nonce");
let nonceHex = nonce.toString(16);
if (nonceHex === "0") {
nonceHex = "0x";
else if (nonceHex.length % 2) {
nonceHex = "0x0" + nonceHex;
else {
nonceHex = "0x" + nonceHex;
return getAddress(dataSlice(keccak256(encodeRlp([from, nonceHex])), 12));
* Returns the address that would result from a ``CREATE2`` operation
* with the given %%from%%, %%salt%% and %%initCodeHash%%.
* To compute the %%initCodeHash%% from a contract's init code, use
* the [[keccak256]] function.
* For a quick overview and example of ``CREATE2``, see [[link-ricmoo-wisps]].
* @example
* // The address of the contract
* from = "0x8ba1f109551bD432803012645Ac136ddd64DBA72"
* // The salt
* salt = id("HelloWorld")
* // The hash of the initCode
* initCode = "0x6394198df16000526103ff60206004601c335afa6040516060f3";
* initCodeHash = keccak256(initCode)
* getCreate2Address(from, salt, initCodeHash)
* //_result:
function getCreate2Address(_from, _salt, _initCodeHash) {
const from = getAddress(_from);
const salt = getBytes(_salt, "salt");
const initCodeHash = getBytes(_initCodeHash, "initCodeHash");
assertArgument(salt.length === 32, "salt must be 32 bytes", "salt", _salt);
assertArgument(initCodeHash.length === 32, "initCodeHash must be 32 bytes", "initCodeHash", _initCodeHash);
return getAddress(dataSlice(keccak256(concat(["0xff", from, salt, initCodeHash])), 12));
* Returns true if %%value%% is an object which implements the
* [[Addressable]] interface.
* @example:
* // Wallets and AbstractSigner sub-classes
* isAddressable(Wallet.createRandom())
* //_result:
* // Contracts
* contract = new Contract("dai.tokens.ethers.eth", [ ], provider)
* isAddressable(contract)
* //_result:
function isAddressable(value) {
return (value && typeof (value.getAddress) === "function");
* Returns true if %%value%% is a valid address.
* @example:
* // Valid address
* isAddress("0x8ba1f109551bD432803012645Ac136ddd64DBA72")
* //_result:
* // Valid ICAP address
* //_result:
* // Invalid checksum
* isAddress("0x8Ba1f109551bD432803012645Ac136ddd64DBa72")
* //_result:
* // Invalid ICAP checksum
* isAddress("0x8Ba1f109551bD432803012645Ac136ddd64DBA72")
* //_result:
* // Not an address (an ENS name requires a provided and an
* // asynchronous API to access)
* isAddress("ricmoo.eth")
* //_result:
function isAddress(value) {
try {
return true;
catch (error) { }
return false;
async function checkAddress(target, promise) {
const result = await promise;
if (result == null || result === "0x0000000000000000000000000000000000000000") {
assert$1(typeof (target) !== "string", "unconfigured name", "UNCONFIGURED_NAME", { value: target });
assertArgument(false, "invalid AddressLike value; did not resolve to a value address", "target", target);
return getAddress(result);
* Resolves to an address for the %%target%%, which may be any
* supported address type, an [[Addressable]] or a Promise which
* resolves to an address.
* If an ENS name is provided, but that name has not been correctly
* configured a [[UnconfiguredNameError]] is thrown.
* @example:
* addr = "0x6B175474E89094C44Da98b954EedeAC495271d0F"
* // Addresses are return synchronously
* resolveAddress(addr, provider)
* //_result:
* // Address promises are resolved asynchronously
* resolveAddress(Promise.resolve(addr))
* //_result:
* // ENS names are resolved asynchronously
* resolveAddress("dai.tokens.ethers.eth", provider)
* //_result:
* // Addressable objects are resolved asynchronously
* contract = new Contract(addr, [ ])
* resolveAddress(contract, provider)
* //_result:
* // Unconfigured ENS names reject
* resolveAddress("nothing-here.ricmoo.eth", provider)
* //_error:
* // ENS names require a NameResolver object passed in
* // (notice the provider was omitted)
* resolveAddress("nothing-here.ricmoo.eth")
* //_error:
function resolveAddress(target, resolver) {
if (typeof (target) === "string") {
if (target.match(/^0x[0-9a-f]{40}$/i)) {
return getAddress(target);
assert$1(resolver != null, "ENS resolution requires a provider", "UNSUPPORTED_OPERATION", { operation: "resolveName" });
return checkAddress(target, resolver.resolveName(target));
else if (isAddressable(target)) {
return checkAddress(target, target.getAddress());
else if (target && typeof (target.then) === "function") {
return checkAddress(target, target);
assertArgument(false, "unsupported addressable value", "target", target);
* Addresses are a fundamental part of interacting with Ethereum. They
* represent the gloabal identity of Externally Owned Accounts (accounts
* backed by a private key) and contracts.
* The Ethereum Naming Service (ENS) provides an interconnected ecosystem
* of contracts, standards and libraries which enable looking up an
* address for an ENS name.
* These functions help convert between various formats, validate
* addresses and safely resolve ENS names.
* @_section: api/address:Addresses [about-addresses]
* About typed...
* @_subsection: api/abi:Typed Values
const _gaurd = {};
function n(value, width) {
let signed = false;
if (width < 0) {
signed = true;
width *= -1;
// @TODO: Check range is valid for value
return new Typed(_gaurd, `${signed ? "" : "u"}int${width}`, value, { signed, width });
function b(value, size) {
// @TODO: Check range is valid for value
return new Typed(_gaurd, `bytes${(size) ? size : ""}`, value, { size });
const _typedSymbol = Symbol.for("_ethers_typed");
class Typed {
constructor(gaurd, type, value, options) {
if (options == null) {
options = null;
assertPrivate(_gaurd, gaurd, "Typed");
defineProperties(this, { _typedSymbol, type, value });
this.#options = options;
// Check the value is valid
format() {
if (this.type === "array") {
throw new Error("");
else if (this.type === "dynamicArray") {
throw new Error("");
else if (this.type === "tuple") {
return `tuple(${ => v.format()).join(",")})`;
return this.type;
defaultValue() {
return 0;
minValue() {
return 0;
maxValue() {
return 0;
isBigInt() {
return !!(this.type.match(/^u?int[0-9]+$/));
isData() {
return this.type.startsWith("bytes");
isString() {
return (this.type === "string");
get tupleName() {
if (this.type !== "tuple") {
throw TypeError("not a tuple");
return this.#options;
// Returns the length of this type as an array
// - `null` indicates the length is unforced, it could be dynamic
// - `-1` indicates the length is dynamic
// - any other value indicates it is a static array and is its length
get arrayLength() {
if (this.type !== "array") {
throw TypeError("not an array");
if (this.#options === true) {
return -1;
if (this.#options === false) {
return (this.value).length;
return null;
static from(type, value) {
return new Typed(_gaurd, type, value);
static uint8(v) { return n(v, 8); }
static uint16(v) { return n(v, 16); }
static uint24(v) { return n(v, 24); }
static uint32(v) { return n(v, 32); }
static uint40(v) { return n(v, 40); }
static uint48(v) { return n(v, 48); }
static uint56(v) { return n(v, 56); }
static uint64(v) { return n(v, 64); }
static uint72(v) { return n(v, 72); }
static uint80(v) { return n(v, 80); }
static uint88(v) { return n(v, 88); }
static uint96(v) { return n(v, 96); }
static uint104(v) { return n(v, 104); }
static uint112(v) { return n(v, 112); }
static uint120(v) { return n(v, 120); }
static uint128(v) { return n(v, 128); }
static uint136(v) { return n(v, 136); }
static uint144(v) { return n(v, 144); }
static uint152(v) { return n(v, 152); }
static uint160(v) { return n(v, 160); }
static uint168(v) { return n(v, 168); }
static uint176(v) { return n(v, 176); }
static uint184(v) { return n(v, 184); }
static uint192(v) { return n(v, 192); }
static uint200(v) { return n(v, 200); }
static uint208(v) { return n(v, 208); }
static uint216(v) { return n(v, 216); }
static uint224(v) { return n(v, 224); }
static uint232(v) { return n(v, 232); }
static uint240(v) { return n(v, 240); }
static uint248(v) { return n(v, 248); }
static uint256(v) { return n(v, 256); }
static uint(v) { return n(v, 256); }
static int8(v) { return n(v, -8); }
static int16(v) { return n(v, -16); }
static int24(v) { return n(v, -24); }
static int32(v) { return n(v, -32); }
static int40(v) { return n(v, -40); }
static int48(v) { return n(v, -48); }
static int56(v) { return n(v, -56); }
static int64(v) { return n(v, -64); }
static int72(v) { return n(v, -72); }
static int80(v) { return n(v, -80); }
static int88(v) { return n(v, -88); }
static int96(v) { return n(v, -96); }
static int104(v) { return n(v, -104); }
static int112(v) { return n(v, -112); }
static int120(v) { return n(v, -120); }
static int128(v) { return n(v, -128); }
static int136(v) { return n(v, -136); }
static int144(v) { return n(v, -144); }
static int152(v) { return n(v, -152); }
static int160(v) { return n(v, -160); }
static int168(v) { return n(v, -168); }
static int176(v) { return n(v, -176); }
static int184(v) { return n(v, -184); }
static int192(v) { return n(v, -192); }
static int200(v) { return n(v, -200); }
static int208(v) { return n(v, -208); }
static int216(v) { return n(v, -216); }
static int224(v) { return n(v, -224); }
static int232(v) { return n(v, -232); }
static int240(v) { return n(v, -240); }
static int248(v) { return n(v, -248); }
static int256(v) { return n(v, -256); }
static int(v) { return n(v, -256); }
static bytes1(v) { return b(v, 1); }
static bytes2(v) { return b(v, 2); }
static bytes3(v) { return b(v, 3); }
static bytes4(v) { return b(v, 4); }
static bytes5(v) { return b(v, 5); }
static bytes6(v) { return b(v, 6); }
static bytes7(v) { return b(v, 7); }
static bytes8(v) { return b(v, 8); }
static bytes9(v) { return b(v, 9); }
static bytes10(v) { return b(v, 10); }
static bytes11(v) { return b(v, 11); }
static bytes12(v) { return b(v, 12); }
static bytes13(v) { return b(v, 13); }
static bytes14(v) { return b(v, 14); }
static bytes15(v) { return b(v, 15); }
static bytes16(v) { return b(v, 16); }
static bytes17(v) { return b(v, 17); }
static bytes18(v) { return b(v, 18); }
static bytes19(v) { return b(v, 19); }
static bytes20(v) { return b(v, 20); }
static bytes21(v) { return b(v, 21); }
static bytes22(v) { return b(v, 22); }
static bytes23(v) { return b(v, 23); }
static bytes24(v) { return b(v, 24); }
static bytes25(v) { return b(v, 25); }
static bytes26(v) { return b(v, 26); }
static bytes27(v) { return b(v, 27); }
static bytes28(v) { return b(v, 28); }
static bytes29(v) { return b(v, 29); }
static bytes30(v) { return b(v, 30); }
static bytes31(v) { return b(v, 31); }
static bytes32(v) { return b(v, 32); }
static address(v) { return new Typed(_gaurd, "address", v); }
static bool(v) { return new Typed(_gaurd, "bool", !!v); }
static bytes(v) { return new Typed(_gaurd, "bytes", v); }
static string(v) { return new Typed(_gaurd, "string", v); }
static array(v, dynamic) {
throw new Error("not implemented yet");
return new Typed(_gaurd, "array", v, dynamic);
static tuple(v, name) {
throw new Error("not implemented yet");
return new Typed(_gaurd, "tuple", v, name);
static overrides(v) {
return new Typed(_gaurd, "overrides", Object.assign({}, v));
* Returns true only if %%value%% is a [[Typed]] instance.
static isTyped(value) {
return (value && value._typedSymbol === _typedSymbol);
* If the value is a [[Typed]] instance, validates the underlying value
* and returns it, otherwise returns value directly.
* This is useful for functions that with to accept either a [[Typed]]
* object or values.
static dereference(value, type) {
if (Typed.isTyped(value)) {
if (value.type !== type) {
throw new Error(`invalid type: expecetd ${type}, got ${value.type}`);
return value.value;
return value;
* @_ignore
class AddressCoder extends Coder {
constructor(localName) {
super("address", "address", localName, false);
defaultValue() {
return "0x0000000000000000000000000000000000000000";
encode(writer, _value) {
let value = Typed.dereference(_value, "string");
try {
value = getAddress(value);
catch (error) {
return this._throwError(error.message, _value);
return writer.writeValue(value);
decode(reader) {
return getAddress(toBeHex(reader.readValue(), 20));
* Clones the functionality of an existing Coder, but without a localName
* @_ignore
class AnonymousCoder extends Coder {
constructor(coder) {
super(, coder.type, "_", coder.dynamic);
this.coder = coder;
defaultValue() {
return this.coder.defaultValue();
encode(writer, value) {
return this.coder.encode(writer, value);
decode(reader) {
return this.coder.decode(reader);
* @_ignore
function pack(writer, coders, values) {
let arrayValues = [];
if (Array.isArray(values)) {
arrayValues = values;
else if (values && typeof (values) === "object") {
let unique = {};
arrayValues = => {
const name = coder.localName;
assert$1(name, "cannot encode object for signature with missing names", "INVALID_ARGUMENT", { argument: "values", info: { coder }, value: values });
assert$1(!unique[name], "cannot encode object for signature with duplicate names", "INVALID_ARGUMENT", { argument: "values", info: { coder }, value: values });
unique[name] = true;
return values[name];
else {
assertArgument(false, "invalid tuple value", "tuple", values);
assertArgument(coders.length === arrayValues.length, "types/value length mismatch", "tuple", values);
let staticWriter = new Writer();
let dynamicWriter = new Writer();
let updateFuncs = [];
coders.forEach((coder, index) => {
let value = arrayValues[index];
if (coder.dynamic) {
// Get current dynamic offset (for the future pointer)
let dynamicOffset = dynamicWriter.length;
// Encode the dynamic value into the dynamicWriter
coder.encode(dynamicWriter, value);
// Prepare to populate the correct offset once we are done
let updateFunc = staticWriter.writeUpdatableValue();
updateFuncs.push((baseOffset) => {
updateFunc(baseOffset + dynamicOffset);
else {
coder.encode(staticWriter, value);
// Backfill all the dynamic offsets, now that we know the static length
updateFuncs.forEach((func) => { func(staticWriter.length); });
let length = writer.appendWriter(staticWriter);
length += writer.appendWriter(dynamicWriter);
return length;
* @_ignore
function unpack(reader, coders) {
let values = [];
let keys = [];
// A reader anchored to this base
let baseReader = reader.subReader(0);
coders.forEach((coder) => {
let value = null;
if (coder.dynamic) {
let offset = reader.readIndex();
let offsetReader = baseReader.subReader(offset);
try {
value = coder.decode(offsetReader);
catch (error) {
// Cannot recover from this
if (isError(error, "BUFFER_OVERRUN")) {
throw error;
value = error;
value.baseType =; = coder.localName;
value.type = coder.type;
else {
try {
value = coder.decode(reader);
catch (error) {
// Cannot recover from this
if (isError(error, "BUFFER_OVERRUN")) {
throw error;
value = error;
value.baseType =; = coder.localName;
value.type = coder.type;
if (value == undefined) {
throw new Error("investigate");
keys.push(coder.localName || null);
return Result.fromItems(values, keys);
* @_ignore
class ArrayCoder extends Coder {
constructor(coder, length, localName) {
const type = (coder.type + "[" + (length >= 0 ? length : "") + "]");
const dynamic = (length === -1 || coder.dynamic);
super("array", type, localName, dynamic);
defineProperties(this, { coder, length });
defaultValue() {
// Verifies the child coder is valid (even if the array is dynamic or 0-length)
const defaultChild = this.coder.defaultValue();
const result = [];
for (let i = 0; i < this.length; i++) {
return result;
encode(writer, _value) {
const value = Typed.dereference(_value, "array");
if (!Array.isArray(value)) {
this._throwError("expected array value", value);
let count = this.length;
if (count === -1) {
count = value.length;
assertArgumentCount(value.length, count, "coder array" + (this.localName ? (" " + this.localName) : ""));
let coders = [];
for (let i = 0; i < value.length; i++) {
return pack(writer, coders, value);
decode(reader) {
let count = this.length;
if (count === -1) {
count = reader.readIndex();
// Check that there is *roughly* enough data to ensure
// stray random data is not being read as a length. Each
// slot requires at least 32 bytes for their value (or 32
// bytes as a link to the data). This could use a much
// tighter bound, but we are erroring on the side of safety.
assert$1(count * WordSize <= reader.dataLength, "insufficient data length", "BUFFER_OVERRUN", { buffer: reader.bytes, offset: count * WordSize, length: reader.dataLength });
let coders = [];
for (let i = 0; i < count; i++) {
coders.push(new AnonymousCoder(this.coder));
return unpack(reader, coders);
* @_ignore
class BooleanCoder extends Coder {
constructor(localName) {
super("bool", "bool", localName, false);
defaultValue() {
return false;
encode(writer, _value) {
const value = Typed.dereference(_value, "bool");
return writer.writeValue(value ? 1 : 0);
decode(reader) {
return !!reader.readValue();
* @_ignore
class DynamicBytesCoder extends Coder {
constructor(type, localName) {
super(type, type, localName, true);
defaultValue() {
return "0x";
encode(writer, value) {
value = getBytesCopy(value);
let length = writer.writeValue(value.length);
length += writer.writeBytes(value);
return length;
decode(reader) {
return reader.readBytes(reader.readIndex(), true);
* @_ignore
class BytesCoder extends DynamicBytesCoder {
constructor(localName) {
super("bytes", localName);
decode(reader) {
return hexlify(super.decode(reader));
* @_ignore
class FixedBytesCoder extends Coder {
constructor(size, localName) {
let name = "bytes" + String(size);
super(name, name, localName, false);
defineProperties(this, { size }, { size: "number" });
defaultValue() {
return ("0x0000000000000000000000000000000000000000000000000000000000000000").substring(0, 2 + this.size * 2);
encode(writer, _value) {
let data = getBytesCopy(Typed.dereference(_value, this.type));
if (data.length !== this.size) {
this._throwError("incorrect data length", _value);
return writer.writeBytes(data);
decode(reader) {
return hexlify(reader.readBytes(this.size));
const Empty = new Uint8Array([]);
* @_ignore
class NullCoder extends Coder {
constructor(localName) {
super("null", "", localName, false);
defaultValue() {
return null;
encode(writer, value) {
if (value != null) {
this._throwError("not null", value);
return writer.writeBytes(Empty);
decode(reader) {
return null;
const BN_0$5 = BigInt(0);
const BN_1$2 = BigInt(1);
const BN_MAX_UINT256$1 = BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
* @_ignore
class NumberCoder extends Coder {
constructor(size, signed, localName) {
const name = ((signed ? "int" : "uint") + (size * 8));
super(name, name, localName, false);
defineProperties(this, { size, signed }, { size: "number", signed: "boolean" });
defaultValue() {
return 0;
encode(writer, _value) {
let value = getBigInt(Typed.dereference(_value, this.type));
// Check bounds are safe for encoding
let maxUintValue = mask(BN_MAX_UINT256$1, WordSize * 8);
if (this.signed) {
let bounds = mask(maxUintValue, (this.size * 8) - 1);
if (value > bounds || value < -(bounds + BN_1$2)) {
this._throwError("value out-of-bounds", _value);
value = toTwos(value, 8 * WordSize);
else if (value < BN_0$5 || value > mask(maxUintValue, this.size * 8)) {
this._throwError("value out-of-bounds", _value);
return writer.writeValue(value);
decode(reader) {
let value = mask(reader.readValue(), this.size * 8);
if (this.signed) {
value = fromTwos(value, this.size * 8);
return value;
* @_ignore
class StringCoder extends DynamicBytesCoder {
constructor(localName) {
super("string", localName);
defaultValue() {
return "";
encode(writer, _value) {
return super.encode(writer, toUtf8Bytes(Typed.dereference(_value, "string")));
decode(reader) {
return toUtf8String(super.decode(reader));
* @_ignore
class TupleCoder extends Coder {
constructor(coders, localName) {
let dynamic = false;
const types = [];
coders.forEach((coder) => {
if (coder.dynamic) {
dynamic = true;
const type = ("tuple(" + types.join(",") + ")");
super("tuple", type, localName, dynamic);
defineProperties(this, { coders: Object.freeze(coders.slice()) });
defaultValue() {
const values = [];
this.coders.forEach((coder) => {
// We only output named properties for uniquely named coders
const uniqueNames = this.coders.reduce((accum, coder) => {
const name = coder.localName;
if (name) {
if (!accum[name]) {
accum[name] = 0;
return accum;
}, {});
// Add named values
this.coders.forEach((coder, index) => {
let name = coder.localName;
if (!name || uniqueNames[name] !== 1) {
if (name === "length") {
name = "_length";
if (values[name] != null) {
values[name] = values[index];
return Object.freeze(values);
encode(writer, _value) {
const value = Typed.dereference(_value, "tuple");
return pack(writer, this.coders, value);
decode(reader) {
return unpack(reader, this.coders);
* A simple hashing function which operates on UTF-8 strings to
* compute an 32-byte irentifier.
* This simply computes the [UTF-8 bytes](toUtf8Bytes) and computes
* the [[keccak256]].
* @example:
* id("hello world")
* //_result:
function id(value) {
return keccak256(toUtf8Bytes(value));
function decode_arithmetic(bytes) {
let pos = 0;
function u16() { return (bytes[pos++] << 8) | bytes[pos++]; }
// decode the frequency table
let symbol_count = u16();
let total = 1;
let acc = [0, 1]; // first symbol has frequency 1
for (let i = 1; i < symbol_count; i++) {
acc.push(total += u16());
// skip the sized-payload that the last 3 symbols index into
let skip = u16();
let pos_payload = pos;
pos += skip;
let read_width = 0;
let read_buffer = 0;
function read_bit() {
if (read_width == 0) {
// this will read beyond end of buffer
// but (undefined|0) => zero pad
read_buffer = (read_buffer << 8) | bytes[pos++];
read_width = 8;
return (read_buffer >> --read_width) & 1;
const N = 31;
const FULL = 2**N;
const HALF = FULL >>> 1;
const QRTR = HALF >> 1;
const MASK = FULL - 1;
// fill register
let register = 0;
for (let i = 0; i < N; i++) register = (register << 1) | read_bit();
let symbols = [];
let low = 0;
let range = FULL; // treat like a float
while (true) {
let value = Math.floor((((register - low + 1) * total) - 1) / range);
let start = 0;
let end = symbol_count;
while (end - start > 1) { // binary search
let mid = (start + end) >>> 1;
if (value < acc[mid]) {
end = mid;
} else {
start = mid;
if (start == 0) break; // first symbol is end mark
let a = low + Math.floor(range * acc[start] / total);
let b = low + Math.floor(range * acc[start+1] / total) - 1;
while (((a ^ b) & HALF) == 0) {
register = (register << 1) & MASK | read_bit();
a = (a << 1) & MASK;
b = (b << 1) & MASK | 1;
while (a & ~b & QRTR) {
register = (register & HALF) | ((register << 1) & (MASK >>> 1)) | read_bit();
a = (a << 1) ^ HALF;
b = ((b ^ HALF) << 1) | HALF | 1;
low = a;
range = 1 + b - a;
let offset = symbol_count - 4;
return => { // index into payload
switch (x - offset) {
case 3: return offset + 0x10100 + ((bytes[pos_payload++] << 16) | (bytes[pos_payload++] << 8) | bytes[pos_payload++]);
case 2: return offset + 0x100 + ((bytes[pos_payload++] << 8) | bytes[pos_payload++]);
case 1: return offset + bytes[pos_payload++];
default: return x - 1;
// returns an iterator which returns the next symbol
function read_payload(v) {
let pos = 0;
return () => v[pos++];
function read_compressed_payload(s) {
return read_payload(decode_arithmetic(unsafe_atob(s)));
// unsafe in the sense:
// expected well-formed Base64 w/o padding
function unsafe_atob(s) {
let lookup = [];
[...'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'].forEach((c, i) => lookup[c.charCodeAt(0)] = i);
let n = s.length;
let ret = new Uint8Array((6 * n) >> 3);
for (let i = 0, pos = 0, width = 0, carry = 0; i < n; i++) {
carry = (carry << 6) | lookup[s.charCodeAt(i)];
width += 6;
if (width >= 8) {
ret[pos++] = (carry >> (width -= 8));
return ret;
// eg. [0,1,2,3...] => [0,-1,1,-2,...]
function signed(i) {
return (i & 1) ? (~i >> 1) : (i >> 1);
function read_deltas(n, next) {
let v = Array(n);
for (let i = 0, x = 0; i < n; i++) v[i] = x += signed(next());
return v;
// [123][5] => [0 3] [1 1] [0 0]
function read_sorted(next, prev = 0) {
let ret = [];
while (true) {
let x = next();
let n = next();
if (!n) break;
prev += x;
for (let i = 0; i < n; i++) {
ret.push(prev + i);
prev += n + 1;
return ret;
function read_sorted_arrays(next) {
return read_array_while(() => {
let v = read_sorted(next);
if (v.length) return v;
// returns map of x => ys
function read_mapped(next) {
let ret = [];
while (true) {
let w = next();
if (w == 0) break;
ret.push(read_linear_table(w, next));
while (true) {
let w = next() - 1;
if (w < 0) break;
ret.push(read_replacement_table(w, next));
return ret.flat();
// read until next is falsy
// return array of read values
function read_array_while(next) {
let v = [];
while (true) {
let x = next(v.length);
if (!x) break;
return v;
// read w columns of length n
// return as n rows of length w
function read_transposed(n, w, next) {
let m = Array(n).fill().map(() => []);
for (let i = 0; i < w; i++) {
read_deltas(n, next).forEach((x, j) => m[j].push(x));
return m;
// returns [[x, ys], [x+dx, ys+dy], [x+2*dx, ys+2*dy], ...]
// where dx/dy = steps, n = run size, w = length of y
function read_linear_table(w, next) {
let dx = 1 + next();
let dy = next();
let vN = read_array_while(next);
let m = read_transposed(vN.length, 1+w, next);
return m.flatMap((v, i) => {
let [x, ...ys] = v;
return Array(vN[i]).fill().map((_, j) => {
let j_dy = j * dy;
return [x + j * dx, => y + j_dy)];
// return [[x, ys...], ...]
// where w = length of y
function read_replacement_table(w, next) {
let n = 1 + next();
let m = read_transposed(n, 1+w, next);
return => [v[0], v.slice(1)]);
// created 2023-01-26T08:54:35.886Z
const FENCED = new Map([[8217,"apostrophe"],[8260,"fraction slash"],[12539,"middle dot"]]);
function hex_cp(cp) {
return cp.toString(16).toUpperCase().padStart(2, '0');
function quote_cp(cp) {
return `{${hex_cp(cp)}}`; // raffy convention: like "\u{X}" w/o the "\u"
export function explode_cp(s) {
return [...s].map(c => c.codePointAt(0));
function explode_cp(s) { // this is about 2x faster
let cps = [];
for (let pos = 0, len = s.length; pos < len; ) {
let cp = s.codePointAt(pos);
pos += cp < 0x10000 ? 1 : 2;
return cps;
function str_from_cps(cps) {
const chunk = 4096;
let len = cps.length;
if (len < chunk) return String.fromCodePoint(...cps);
let buf = [];
for (let i = 0; i < len; ) {
buf.push(String.fromCodePoint(...cps.slice(i, i += chunk)));
return buf.join('');
function compare_arrays(a, b) {
let n = a.length;
let c = n - b.length;
for (let i = 0; c == 0 && i < n; i++) c = a[i] - b[i];
return c;
// reverse polyfill
function nf(cps, form) {
return explode_cp(str_from_cps(cps).normalize(form));
function nfc(cps) {
return nf(cps, 'NFC');
function nfd(cps) {
return nf(cps, 'NFD');
//const t0 =;
const STOP = 0x2E;
const FE0F = 0xFE0F;
const STOP_CH = '.';
const UNIQUE_PH = 1;
const HYPHEN = 0x2D;
function read_set() {
return new Set(read_sorted(r));
const MAPPED = new Map(read_mapped(r));
const IGNORED = read_set(); // ignored characters are not valid, so just read raw codepoints
// direct include from payload is smaller that the decompression code
const FENCED = new Map(read_array_while(() => {
let cp = r();
if (cp) return [cp, read_str(r())];
const CM = read_set();
const ESCAPE = read_set(); // characters that should not be printed
const NFC_CHECK = read_set();
const CHUNKS = read_sorted_arrays(r);
function read_chunked() {
// deduplicated sets + uniques
return new Set([read_sorted(r).map(i => CHUNKS[i]), read_sorted(r)].flat(2));
const UNRESTRICTED = r();
const GROUPS = read_array_while(i => {
// minifier property mangling seems unsafe
// so these are manually renamed to single chars
let N = read_array_while(r).map(x => x+0x60);
if (N.length) {
let R = i >= UNRESTRICTED; // first arent restricted
N[0] -= 32; // capitalize
N = str_from_cps(N);
if (R) N=`Restricted[${N}]`;
let P = read_chunked(); // primary
let Q = read_chunked(); // secondary
let V = [...P, ...Q].sort((a, b) => a-b); // derive: sorted valid
let M = r()-1; // combining mark
// code currently isn't needed
/*if (M < 0) { // whitelisted
M = new Map(read_array_while(() => {
let i = r();
if (i) return [V[i-1], read_array_while(() => {
let v = read_array_while(r);
if (v.length) return => x-1);
return {N, P, M, R, V: new Set(V)};
const WHOLE_VALID = read_set();
const WHOLE_MAP = new Map();
// decode compressed wholes
[...WHOLE_VALID, ...read_set()].sort((a, b) => a-b).map((cp, i, v) => {
let d = r();
let w = v[i] = d ? v[i-d] : {V: [], M: new Map()};
w.V.push(cp); // add to member set
if (!WHOLE_VALID.has(cp)) {
WHOLE_MAP.set(cp, w); // register with whole map
// compute confusable-extent complements
for (let {V, M} of new Set(WHOLE_MAP.values())) {
// connect all groups that have each whole character
let recs = [];
for (let cp of V) {
let gs = GROUPS.filter(g => g.V.has(cp));
let rec = recs.find(({G}) => gs.some(g => G.has(g)));
if (!rec) {
rec = {G: new Set(), V: []};
gs.forEach(g => rec.G.add(g));
// per character cache groups which are not a member of the extent
let union = recs.flatMap(({G}) => [...G]);
for (let {G, V} of recs) {
let complement = new Set(union.filter(g => !G.has(g)));
for (let cp of V) {
M.set(cp, complement);
let union = new Set(); // exists in 1+ groups
let multi = new Set(); // exists in 2+ groups
for (let g of GROUPS) {
for (let cp of g.V) {
(union.has(cp) ? multi : union).add(cp);
// dual purpose WHOLE_MAP: return placeholder if unique non-confusable
for (let cp of union) {
if (!WHOLE_MAP.has(cp) && !multi.has(cp)) {
const VALID = new Set([...union, ...nfd(union)]); // possibly valid
// decode emoji
const EMOJI_SORTED = read_sorted(r);
//const EMOJI_SOLO = new Set(read_sorted(r).map(i => EMOJI_SORTED[i])); // not needed
const EMOJI_ROOT = read_emoji_trie([]);
function read_emoji_trie(cps) {
let B = read_array_while(() => {
let keys = read_sorted(r).map(i => EMOJI_SORTED[i]);
if (keys.length) return read_emoji_trie(keys);
}).sort((a, b) => b.Q.size - a.Q.size); // sort by likelihood
let temp = r();
let V = temp % 3; // valid (0 = false, 1 = true, 2 = weird)
temp = (temp / 3)|0;
let F = temp & 1; // allow FE0F
temp >>= 1;
let S = temp & 1; // save
let C = temp & 2; // check
return {B, V, F, S, C, Q: new Set(cps)};
//console.log( - t0);
// free tagging system
class Emoji extends Array {
get is_emoji() { return true; }
// create a safe to print string
// invisibles are escaped
// leading cm uses placeholder
function safe_str_from_cps(cps, quoter = quote_cp) {
//if (Number.isInteger(cps)) cps = [cps];
//if (!Array.isArray(cps)) throw new TypeError(`expected codepoints`);
let buf = [];
if (is_combining_mark(cps[0])) buf.push('◌');
let prev = 0;
let n = cps.length;
for (let i = 0; i < n; i++) {
let cp = cps[i];
if (should_escape(cp)) {
buf.push(str_from_cps(cps.slice(prev, i)));
prev = i + 1;
buf.push(str_from_cps(cps.slice(prev, n)));
return buf.join('');
// if escaped: {HEX}
// else: "x" {HEX}
function quoted_cp(cp) {
return (should_escape(cp) ? '' : `"${safe_str_from_cps([cp])}" `) + quote_cp(cp);
function check_label_extension(cps) {
if (cps.length >= 4 && cps[2] == HYPHEN && cps[3] == HYPHEN) {
throw new Error('invalid label extension');
function check_leading_underscore(cps) {
const UNDERSCORE = 0x5F;
for (let i = cps.lastIndexOf(UNDERSCORE); i > 0; ) {
if (cps[--i] !== UNDERSCORE) {
throw new Error('underscore allowed only at start');
// check that a fenced cp is not leading, trailing, or touching another fenced cp
function check_fenced(cps) {
let cp = cps[0];
let prev = FENCED.get(cp);
if (prev) throw error_placement(`leading ${prev}`);
let n = cps.length;
let last = -1;
for (let i = 1; i < n; i++) {
cp = cps[i];
let match = FENCED.get(cp);
if (match) {
if (last == i) throw error_placement(`${prev} + ${match}`);
last = i + 1;
prev = match;
if (last == n) throw error_placement(`trailing ${prev}`);
// note: set(s) cannot be exposed because they can be modified
function is_combining_mark(cp) {
return CM.has(cp);
function should_escape(cp) {
return ESCAPE.has(cp);
function ens_normalize_fragment(frag, decompose) {
let nf = decompose ? nfd : nfc;
return frag.split(STOP_CH).map(label => str_from_cps(process(explode_cp(label), nf).flatMap(x => x.is_emoji ? filter_fe0f(x) : x))).join(STOP_CH);
function ens_normalize(name) {
return flatten(ens_split(name));
function ens_beautify(name) {
let split = ens_split(name, true);
// this is experimental
for (let {type, output, error} of split) {
if (error) continue;
// replace leading/trailing hyphen
// 20230121: consider beautifing all or leading/trailing hyphen to unicode variant
// not exactly the same in every font, but very similar: "-" vs ""
const UNICODE_HYPHEN = 0x2010;
// maybe this should replace all for visual consistancy?
// `node tools/reg-count.js regex ^-\{2,\}` => 592
//for (let i = 0; i < output.length; i++) if (output[i] == 0x2D) output[i] = 0x2010;
if (output[0] == HYPHEN) output[0] = UNICODE_HYPHEN;
let end = output.length-1;
if (output[end] == HYPHEN) output[end] = UNICODE_HYPHEN;
// 20230123: WHATWG URL uses "CheckHyphens" false
// ξ => Ξ if not greek
if (type !== 'Greek') {
let prev = 0;
while (true) {
let next = output.indexOf(0x3BE, prev);
if (next < 0) break;
output[next] = 0x39E;
prev = next + 1;
// 20221213: fixes bidi subdomain issue, but breaks invariant (200E is disallowed)
// could be fixed with special case for: 2D (.) + 200E (LTR)
//output.splice(0, 0, 0x200E);
return flatten(split);
function ens_split(name, preserve_emoji) {
let offset = 0;
// 4.1 Rule 4
// "The label must not contain a U+002E ( . ) FULL STOP."
return name.split(STOP_CH).map(label => {
let input = explode_cp(label);
let info = {
offset, // codepoint, not substring!
offset += input.length + 1; // + stop
let norm;
try {
let tokens = info.tokens = process(input, nfc); // if we parse, we get [norm and mapped]
let token_count = tokens.length;
let type;
if (!token_count) { // the label was effectively empty (could of had ignored characters)
// 20230120: change to strict
//norm = [];
//type = 'None'; // use this instead of next match, "ASCII"
throw new Error(`empty label`);
} else {
let chars = tokens[0];
let emoji = token_count > 1 || chars.is_emoji;
if (!emoji && chars.every(cp => cp < 0x80)) { // special case for ascii
norm = chars;
// only needed for ascii
// 20230123: matches matches WHATWG, see note 3.3
// cant have fenced
// cant have cm
// cant have wholes
// see derive: assert ascii fast path
type = 'ASCII';
} else {
if (emoji) { // there is at least one emoji
info.emoji = true;
chars = tokens.flatMap(x => x.is_emoji ? [] : x); // all of the nfc tokens concat together
norm = tokens.flatMap(x => !preserve_emoji && x.is_emoji ? filter_fe0f(x) : x);
if (!chars.length) { // theres no text, just emoji
type = 'Emoji';
} else {
if (CM.has(norm[0])) throw error_placement('leading combining mark');
for (let i = 1; i < token_count; i++) { // we've already checked the first token
let cps = tokens[i];
if (!cps.is_emoji && CM.has(cps[0])) { // every text token has emoji neighbors, eg. EtEEEtEt...
throw error_placement(`emoji + combining mark: "${str_from_cps(tokens[i-1])} + ${safe_str_from_cps([cps[0]])}"`);
let unique = [ Set(chars)];
let [g] = determine_group(unique); // take the first match
// see derive: "Matching Groups have Same CM Style"
// alternative: could form a hybrid type: Latin/Japanese/...
check_group(g, chars); // need text in order
check_whole(g, unique); // only need unique text (order would be required for multiple-char confusables)
type = g.N;
// 20230121: consider exposing restricted flag
// it's simpler to just check for 'Restricted'
// or even better: type.endsWith(']')
//if (g.R) info.restricted = true;
info.type = type;
} catch (err) {
info.error = err; // use full error object
info.output = norm;
return info;
function check_whole(group, unique) {
let maker;
let shared = []; // TODO: can this be avoided?
for (let cp of unique) {
let whole = WHOLE_MAP.get(cp);
if (whole === UNIQUE_PH) return; // unique, non-confusable
if (whole) {
let set = whole.M.get(cp); // groups which have a character that look-like this character
maker = maker ? maker.filter(g => set.has(g)) : [...set];
if (!maker.length) return; // confusable intersection is empty
} else {
if (maker) {
// we have 1+ confusable
// check if any of the remaning groups
// contain the shared characters too
for (let g of maker) {
if (shared.every(cp => g.V.has(cp))) {
throw new Error(`whole-script confusable: ${group.N}/${g.N}`);
// assumption: unique.size > 0
// returns list of matching groups
function determine_group(unique) {
let groups = GROUPS;
for (let cp of unique) {
// note: we need to dodge CM that are whitelisted
// but that code isn't currently necessary
let gs = groups.filter(g => g.V.has(cp));
if (!gs.length) {
if (groups === GROUPS) {
// the character was composed of valid parts
// but it's NFC form is invalid
throw error_disallowed(cp); // this should be rare
} else {
// there is no group that contains all these characters
// throw using the highest priority group that matched
throw error_group_member(groups[0], cp);
groups = gs;
if (gs.length == 1) break; // there is only one group left
// there are at least 1 group(s) with all of these characters
return groups;
// throw on first error
function flatten(split) {
return{input, error, output}) => {
if (error) {
// don't print label again if just a single label
let msg = error.message;
throw new Error(split.length == 1 ? msg : `Invalid label "${safe_str_from_cps(input)}": ${msg}`);
return str_from_cps(output);
function error_disallowed(cp) {
// TODO: add cp to error?
return new Error(`disallowed character: ${quoted_cp(cp)}`);
function error_group_member(g, cp) {
let quoted = quoted_cp(cp);
let gg = GROUPS.find(g => g.P.has(cp));
if (gg) {
quoted = `${gg.N} ${quoted}`;
return new Error(`illegal mixture: ${g.N} + ${quoted}`);
function error_placement(where) {
return new Error(`illegal placement: ${where}`);
// assumption: cps.length > 0
// assumption: cps[0] isn't a CM
function check_group(g, cps) {
let {V, M} = g;
for (let cp of cps) {
if (!V.has(cp)) {
throw error_group_member(g, cp);
if (M >= 0) {
// we know it can't be cm leading
// we know the previous character isn't an emoji
let decomposed = nfd(cps);
for (let i = 1, e = decomposed.length; i < e; i++) {
if (CM.has(cps[i])) {
let j = i + 1;
while (j < e && CM.has(cps[j])) j++;
if (j - i > M) {
throw new Error(`too many combining marks: ${g.N} "${str_from_cps(cps.slice(i-1, j))}" (${j-i}/${M})`);
i = j;
// *** this code currently isn't needed ***
let cm_whitelist = M instanceof Map;
for (let i = 0, e = cps.length; i < e; ) {
let cp = cps[i++];
let seqs = cm_whitelist && M.get(cp);
if (seqs) {
// list of codepoints that can follow
// if this exists, this will always be 1+
let j = i;
while (j < e && CM.has(cps[j])) j++;
let cms = cps.slice(i, j);
let match = seqs.find(seq => !compare_arrays(seq, cms));
if (!match) throw new Error(`disallowed combining mark sequence: "${safe_str_from_cps([cp, ...cms])}"`);
i = j;
} else if (!V.has(cp)) {
let quoted = quoted_cp(cp);
for (let cp of cps) {
let u = UNIQUE.get(cp);
if (u && u !== g) {
// if both scripts are restricted this error is confusing
// because we don't differentiate RestrictedA from RestrictedB
if (!u.R) quoted = `${quoted} is ${u.N}`;
throw new Error(`disallowed ${g.N} character: ${quoted}`);
//throw new Error(`disallowed character: ${quoted} (expected ${g.N})`);
//throw new Error(`${g.N} does not allow: ${quoted}`);
if (!cm_whitelist) {
let decomposed = nfd(cps);
for (let i = 1, e = decomposed.length; i < e; i++) { // we know it can't be cm leading
if (CM.has(cps[i])) {
let j = i + 1;
while (j < e && CM.has(cps[j])) j++;
if (j - i > M) {
throw new Error(`too many combining marks: "${str_from_cps(cps.slice(i-1, j))}" (${j-i}/${M})`);
i = j;
// given a list of codepoints
// returns a list of lists, where emoji are a fully-qualified (as Array subclass)
// eg. explode_cp("abc💩d") => [[61, 62, 63], Emoji[1F4A9, FE0F], [64]]
function process(input, nf) {
let ret = [];
let chars = [];
input = input.slice().reverse(); // flip so we can pop
while (input.length) {
let emoji = consume_emoji_reversed(input);
if (emoji) {
if (chars.length) {
chars = [];
} else {
let cp = input.pop();
if (VALID.has(cp)) {
} else {
let cps = MAPPED.get(cp);
if (cps) {
} else if (!IGNORED.has(cp)) {
throw error_disallowed(cp);
if (chars.length) {
return ret;
function filter_fe0f(cps) {
return cps.filter(cp => cp != FE0F);
// given array of codepoints
// returns the longest valid emoji sequence (or undefined if no match)
// *MUTATES* the supplied array
// allows optional FE0F
// disallows interleaved ignored characters
// fills (optional) eaten array with matched codepoints
function consume_emoji_reversed(cps, eaten) {
let node = EMOJI_ROOT;
let emoji;
let saved;
let stack = [];
let pos = cps.length;
if (eaten) eaten.length = 0; // clear input buffer (if needed)
while (pos) {
let cp = cps[--pos];
node = node.B.find(x => x.Q.has(cp));
if (!node) break;
if (node.S) { // remember
saved = cp;
} else if (node.C) { // check exclusion
if (cp === saved) break;
if (node.F) {
if (pos > 0 && cps[pos - 1] == FE0F) pos--; // consume optional FE0F
if (node.V) { // this is a valid emoji (so far)
emoji = conform_emoji_copy(stack, node);
if (eaten) eaten.push(...cps.slice(pos).reverse()); // copy input (if needed)
cps.length = pos; // truncate
// *** this code currently isn't needed ***
if (!emoji) {
let cp = cps[cps.length-1];
if (EMOJI_SOLO.has(cp)) {
if (eaten) eaten.push(cp);
emoji = Emoji.of(cp);
return emoji;
// create a copy and fix any unicode quirks
function conform_emoji_copy(cps, node) {
let copy = Emoji.from(cps); // copy stack
if (node.V == 2) copy.splice(1, 1); // delete FE0F at position 1 (see: make.js)
return copy;
// return all supported emoji as fully-qualified emoji
// ordered by length then lexicographic
function ens_emoji() {
// *** this code currently isn't needed ***
//let ret = [...EMOJI_SOLO].map(x => [x]);
let ret = [];
build(EMOJI_ROOT, []);
return ret.sort(compare_arrays);
function build(node, cps, saved) {
if (node.S) {
saved = cps[cps.length-1];
} else if (node.C) {
if (saved === cps[cps.length-1]) return;
if (node.F) cps.push(FE0F);
if (node.V) ret.push(conform_emoji_copy(cps, node));
for (let br of node.B) {
for (let cp of br.Q) {
build(br, [...cps, cp], saved);
// ************************************************************
// tokenizer
const TY_VALID = 'valid';
const TY_MAPPED = 'mapped';
const TY_IGNORED = 'ignored';
const TY_DISALLOWED = 'disallowed';
const TY_EMOJI = 'emoji';
const TY_NFC = 'nfc';
const TY_STOP = 'stop';
function ens_tokenize(name, {
nf = true, // collapse unnormalized runs into a single token
} = {}) {
let input = explode_cp(name).reverse();
let eaten = [];
let tokens = [];
while (input.length) {
let emoji = consume_emoji_reversed(input, eaten);
if (emoji) {
tokens.push({type: TY_EMOJI, emoji, input: eaten.slice(), cps: filter_fe0f(emoji)});
} else {
let cp = input.pop();
if (cp == STOP) {
tokens.push({type: TY_STOP, cp});
} else if (VALID.has(cp)) {
tokens.push({type: TY_VALID, cps: [cp]});
} else if (IGNORED.has(cp)) {
tokens.push({type: TY_IGNORED, cp});
} else {
let cps = MAPPED.get(cp);
if (cps) {
tokens.push({type: TY_MAPPED, cp, cps: cps.slice()});
} else {
tokens.push({type: TY_DISALLOWED, cp});
if (nf) {
for (let i = 0, start = -1; i < tokens.length; i++) {
let token = tokens[i];
if (is_valid_or_mapped(token.type)) {
if (requires_check(token.cps)) { // normalization might be needed
let end = i + 1;
for (let pos = end; pos < tokens.length; pos++) { // find adjacent text
let {type, cps} = tokens[pos];
if (is_valid_or_mapped(type)) {
if (!requires_check(cps)) break;
end = pos + 1;
} else if (type !== TY_IGNORED) { // || type !== TY_DISALLOWED) {
if (start < 0) start = i;
let slice = tokens.slice(start, end);
let cps0 = slice.flatMap(x => is_valid_or_mapped(x.type) ? x.cps : []); // strip junk tokens
let cps = nfc(cps0);
if (compare_arrays(cps, cps0)) { // bundle into an nfc token
tokens.splice(start, end - start, {
type: TY_NFC,
input: cps0, // there are 3 states: tokens0 ==(process)=> input ==(nfc)=> tokens/cps
tokens0: collapse_valid_tokens(slice),
tokens: ens_tokenize(str_from_cps(cps), {nf: false})
i = start;
} else {
i = end - 1; // skip to end of slice
start = -1; // reset
} else {
start = i; // remember last
} else if (token.type !== TY_IGNORED) { // 20221024: is this correct?
start = -1; // reset
return collapse_valid_tokens(tokens);
function is_valid_or_mapped(type) {
return type == TY_VALID || type == TY_MAPPED;
function requires_check(cps) {
return cps.some(cp => NFC_CHECK.has(cp));
function collapse_valid_tokens(tokens) {
for (let i = 0; i < tokens.length; i++) {
if (tokens[i].type == TY_VALID) {
let j = i + 1;
while (j < tokens.length && tokens[j].type == TY_VALID) j++;
tokens.splice(i, j - i, {type: TY_VALID, cps: tokens.slice(i, j).flatMap(x => x.cps)});
return tokens;
const Zeros = new Uint8Array(32);
function checkComponent(comp) {
assertArgument(comp.length !== 0, "invalid ENS name; empty component", "comp", comp);
return comp;
function ensNameSplit(name) {
const bytes = toUtf8Bytes(ensNormalize(name));
const comps = [];
if (name.length === 0) {
return comps;
let last = 0;
for (let i = 0; i < bytes.length; i++) {
const d = bytes[i];
// A separator (i.e. "."); copy this component
if (d === 0x2e) {
comps.push(checkComponent(bytes.slice(last, i)));
last = i + 1;
// There was a stray separator at the end of the name
assertArgument(last < bytes.length, "invalid ENS name; empty component", "name", name);
return comps;
* Returns the ENS %%name%% normalized.
function ensNormalize(name) {
try {
return ens_normalize(name);
catch (error) {
assertArgument(false, `invalid ENS name (${error.message})`, "name", name);
* Returns ``true`` if %%name%% is a valid ENS name.
function isValidName(name) {
try {
return (ensNameSplit(name).length !== 0);
catch (error) { }
return false;
* Returns the [[link-namehash]] for %%name%%.
function namehash(name) {
assertArgument(typeof (name) === "string", "invalid ENS name; not a string", "name", name);
let result = Zeros;
const comps = ensNameSplit(name);
while (comps.length) {
result = keccak256(concat([result, keccak256((comps.pop()))]));
return hexlify(result);
* Returns the DNS encoded %%name%%.
* This is used for various parts of ENS name resolution, such
* as the wildcard resolution.
function dnsEncode(name) {
return hexlify(concat(ensNameSplit(name).map((comp) => {
// DNS does not allow components over 63 bytes in length
if (comp.length > 63) {
throw new Error("invalid DNS encoded entry; length exceeds 63 bytes");
const bytes = new Uint8Array(comp.length + 1);
bytes.set(comp, 1);
bytes[0] = bytes.length - 1;
return bytes;
}))) + "00";
function accessSetify(addr, storageKeys) {
return {
address: getAddress(addr),
storageKeys:, index) => {
assertArgument(isHexString(storageKey, 32), "invalid slot", `storageKeys[${index}]`, storageKey);
return storageKey.toLowerCase();
* Returns a [[AccessList]] from any ethers-supported access-list structure.
function accessListify(value) {
if (Array.isArray(value)) {
return, index) => {
if (Array.isArray(set)) {
assertArgument(set.length === 2, "invalid slot set", `value[${index}]`, set);
return accessSetify(set[0], set[1]);
assertArgument(set != null && typeof (set) === "object", "invalid address-slot set", "value", value);
return accessSetify(set.address, set.storageKeys);
assertArgument(value != null && typeof (value) === "object", "invalid access list", "value", value);
const result = Object.keys(value).map((addr) => {
const storageKeys = value[addr].reduce((accum, storageKey) => {
accum[storageKey] = true;
return accum;
}, {});
return accessSetify(addr, Object.keys(storageKeys).sort());
result.sort((a, b) => (a.address.localeCompare(b.address)));
return result;
* Returns the address for the %%key%%.
* The key may be any standard form of public key or a private key.
function computeAddress(key) {
let pubkey;
if (typeof (key) === "string") {
pubkey = SigningKey.computePublicKey(key, false);
else {
pubkey = key.publicKey;
return getAddress(keccak256("0x" + pubkey.substring(4)).substring(26));
* Returns the recovered address for the private key that was
* used to sign %%digest%% that resulted in %%signature%%.
function recoverAddress(digest, signature) {
return computeAddress(SigningKey.recoverPublicKey(digest, signature));
const BN_0$4 = BigInt(0);
const BN_2$2 = BigInt(2);
const BN_27 = BigInt(27);
const BN_28 = BigInt(28);
const BN_35 = BigInt(35);
const BN_MAX_UINT = BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
function handleAddress(value) {
if (value === "0x") {
return null;
return getAddress(value);
function handleAccessList(value, param) {
try {
return accessListify(value);
catch (error) {
assertArgument(false, error.message, param, value);
function handleNumber(_value, param) {
if (_value === "0x") {
return 0;
return getNumber(_value, param);
function handleUint(_value, param) {
if (_value === "0x") {
return BN_0$4;
const value = getBigInt(_value, param);
assertArgument(value <= BN_MAX_UINT, "value exceeds uint size", param, value);
return value;
function formatNumber(_value, name) {
const value = getBigInt(_value, "value");
const result = toBeArray(value);
assertArgument(result.length <= 32, `value too large`, `tx.${name}`, value);
return result;
function formatAccessList(value) {
return accessListify(value).map((set) => [set.address, set.storageKeys]);
function _parseLegacy(data) {
const fields = decodeRlp(data);
assertArgument(Array.isArray(fields) && (fields.length === 9 || fields.length === 6), "invalid field count for legacy transaction", "data", data);
const tx = {
type: 0,
nonce: handleNumber(fields[0], "nonce"),
gasPrice: handleUint(fields[1], "gasPrice"),
gasLimit: handleUint(fields[2], "gasLimit"),
to: handleAddress(fields[3]),
value: handleUint(fields[4], "value"),
data: hexlify(fields[5]),
chainId: BN_0$4
// Legacy unsigned transaction
if (fields.length === 6) {
return tx;
const v = handleUint(fields[6], "v");
const r = handleUint(fields[7], "r");
const s = handleUint(fields[8], "s");
if (r === BN_0$4 && s === BN_0$4) {
// EIP-155 unsigned transaction
tx.chainId = v;
else {
// Compute the EIP-155 chain ID (or 0 for legacy)
let chainId = (v - BN_35) / BN_2$2;
if (chainId < BN_0$4) {
chainId = BN_0$4;
tx.chainId = chainId;
// Signed Legacy Transaction
assertArgument(chainId !== BN_0$4 || (v === BN_27 || v === BN_28), "non-canonical legacy v", "v", fields[6]);
tx.signature = Signature.from({
r: zeroPadValue(fields[7], 32),
s: zeroPadValue(fields[8], 32),
tx.hash = keccak256(data);
return tx;
function _serializeLegacy(tx, sig) {
const fields = [
formatNumber(tx.nonce || 0, "nonce"),
formatNumber(tx.gasPrice || 0, "gasPrice"),
formatNumber(tx.gasLimit || 0, "gasLimit"),
(( != null) ? getAddress( : "0x"),
formatNumber(tx.value || 0, "value"),
( || "0x"),
let chainId = BN_0$4;
if (tx.chainId != null) {
// A chainId was provided; if non-zero we'll use EIP-155
chainId = getBigInt(tx.chainId, "tx.chainId");
// We have a chainId in the tx and an EIP-155 v in the signature,
// make sure they agree with each other
assertArgument(!sig || sig.networkV == null || sig.legacyChainId === chainId, "tx.chainId/sig.v mismatch", "sig", sig);
else if (sig) {
// No chainId provided, but the signature is signing with EIP-155; derive chainId
const legacy = sig.legacyChainId;
if (legacy != null) {
chainId = legacy;
// Requesting an unsigned transaction
if (!sig) {
// We have an EIP-155 transaction (chainId was specified and non-zero)
if (chainId !== BN_0$4) {
return encodeRlp(fields);
// We pushed a chainId and null r, s on for hashing only; remove those
let v = BigInt(27 + sig.yParity);
if (chainId !== BN_0$4) {
v = Signature.getChainIdV(chainId, sig.v);
else if (BigInt(sig.v) !== v) {
assertArgument(false, "tx.chainId/sig.v mismatch", "sig", sig);
return encodeRlp(fields);
function _parseEipSignature(tx, fields, serialize) {
let yParity;
try {
yParity = handleNumber(fields[0], "yParity");
if (yParity !== 0 && yParity !== 1) {
throw new Error("bad yParity");
catch (error) {
assertArgument(false, "invalid yParity", "yParity", fields[0]);
const r = zeroPadValue(fields[1], 32);
const s = zeroPadValue(fields[2], 32);
const signature = Signature.from({ r, s, yParity });
tx.signature = signature;
function _parseEip1559(data) {
const fields = decodeRlp(getBytes(data).slice(1));
assertArgument(Array.isArray(fields) && (fields.length === 9 || fields.length === 12), "invalid field count for transaction type: 2", "data", hexlify(data));
const maxPriorityFeePerGas = handleUint(fields[2], "maxPriorityFeePerGas");
const maxFeePerGas = handleUint(fields[3], "maxFeePerGas");
const tx = {
type: 2,
chainId: handleUint(fields[0], "chainId"),
nonce: handleNumber(fields[1], "nonce"),
maxPriorityFeePerGas: maxPriorityFeePerGas,
maxFeePerGas: maxFeePerGas,
gasPrice: null,
gasLimit: handleUint(fields[4], "gasLimit"),
to: handleAddress(fields[5]),
value: handleUint(fields[6], "value"),
data: hexlify(fields[7]),
accessList: handleAccessList(fields[8], "accessList"),
// Unsigned EIP-1559 Transaction
if (fields.length === 9) {
return tx;
tx.hash = keccak256(data);
_parseEipSignature(tx, fields.slice(9), _serializeEip1559);
return tx;
function _serializeEip1559(tx, sig) {
const fields = [
formatNumber(tx.chainId || 0, "chainId"),
formatNumber(tx.nonce || 0, "nonce"),
formatNumber(tx.maxPriorityFeePerGas || 0, "maxPriorityFeePerGas"),
formatNumber(tx.maxFeePerGas || 0, "maxFeePerGas"),
formatNumber(tx.gasLimit || 0, "gasLimit"),
(( != null) ? getAddress( : "0x"),
formatNumber(tx.value || 0, "value"),
( || "0x"),
(formatAccessList(tx.accessList || []))
if (sig) {
fields.push(formatNumber(sig.yParity, "yParity"));
return concat(["0x02", encodeRlp(fields)]);
function _parseEip2930(data) {
const fields = decodeRlp(getBytes(data).slice(1));
assertArgument(Array.isArray(fields) && (fields.length === 8 || fields.length === 11), "invalid field count for transaction type: 1", "data", hexlify(data));
const tx = {
type: 1,
chainId: handleUint(fields[0], "chainId"),
nonce: handleNumber(fields[1], "nonce"),
gasPrice: handleUint(fields[2], "gasPrice"),
gasLimit: handleUint(fields[3], "gasLimit"),
to: handleAddress(fields[4]),
value: handleUint(fields[5], "value"),
data: hexlify(fields[6]),
accessList: handleAccessList(fields[7], "accessList")
// Unsigned EIP-2930 Transaction
if (fields.length === 8) {
return tx;
tx.hash = keccak256(data);
_parseEipSignature(tx, fields.slice(8), _serializeEip2930);
return tx;
function _serializeEip2930(tx, sig) {
const fields = [
formatNumber(tx.chainId || 0, "chainId"),
formatNumber(tx.nonce || 0, "nonce"),
formatNumber(tx.gasPrice || 0, "gasPrice"),
formatNumber(tx.gasLimit || 0, "gasLimit"),
(( != null) ? getAddress( : "0x"),
formatNumber(tx.value || 0, "value"),
( || "0x"),
(formatAccessList(tx.accessList || []))
if (sig) {
fields.push(formatNumber(sig.yParity, "recoveryParam"));
return concat(["0x01", encodeRlp(fields)]);
* A **Transaction** describes an operation to be executed on
* Ethereum by an Externally Owned Account (EOA). It includes
* who (the [[to]] address), what (the [[data]]) and how much (the
* [[value]] in ether) the operation should entail.
* @example:
* tx = new Transaction()
* //_result:
* = "0x1234";
* //_result:
class Transaction {
* The transaction type.
* If null, the type will be automatically inferred based on
* explicit properties.
get type() { return this.#type; }
set type(value) {
switch (value) {
case null:
this.#type = null;
case 0:
case "legacy":
this.#type = 0;
case 1:
case "berlin":
case "eip-2930":
this.#type = 1;
case 2:
case "london":
case "eip-1559":
this.#type = 2;
assertArgument(false, "unsupported transaction type", "type", value);
* The name of the transaction type.
get typeName() {
switch (this.type) {
case 0: return "legacy";
case 1: return "eip-2930";
case 2: return "eip-1559";
return null;
* The ``to`` address for the transaction or ``null`` if the
* transaction is an ``init`` transaction.
get to() { return this.#to; }
set to(value) {
this.#to = (value == null) ? null : getAddress(value);
* The transaction nonce.
get nonce() { return this.#nonce; }
set nonce(value) { this.#nonce = getNumber(value, "value"); }
* The gas limit.
get gasLimit() { return this.#gasLimit; }
set gasLimit(value) { this.#gasLimit = getBigInt(value); }
* The gas price.
* On legacy networks this defines the fee that will be paid. On
* EIP-1559 networks, this should be ``null``.
get gasPrice() {
const value = this.#gasPrice;
if (value == null && (this.type === 0 || this.type === 1)) {
return BN_0$4;
return value;
set gasPrice(value) {
this.#gasPrice = (value == null) ? null : getBigInt(value, "gasPrice");
* The maximum priority fee per unit of gas to pay. On legacy
* networks this should be ``null``.
get maxPriorityFeePerGas() {
const value = this.#maxPriorityFeePerGas;
if (value == null) {
if (this.type === 2) {
return BN_0$4;
return null;
return value;
set maxPriorityFeePerGas(value) {
this.#maxPriorityFeePerGas = (value == null) ? null : getBigInt(value, "maxPriorityFeePerGas");
* The maximum total fee per unit of gas to pay. On legacy
* networks this should be ``null``.
get maxFeePerGas() {
const value = this.#maxFeePerGas;
if (value == null) {
if (this.type === 2) {
return BN_0$4;
return null;
return value;
set maxFeePerGas(value) {
this.#maxFeePerGas = (value == null) ? null : getBigInt(value, "maxFeePerGas");
* The transaction data. For ``init`` transactions this is the
* deployment code.
get data() { return this.#data; }
set data(value) { this.#data = hexlify(value); }
* The amount of ether to send in this transactions.
get value() { return this.#value; }
set value(value) {
this.#value = getBigInt(value, "value");
* The chain ID this transaction is valid on.
get chainId() { return this.#chainId; }
set chainId(value) { this.#chainId = getBigInt(value); }
* If signed, the signature for this transaction.
get signature() { return this.#sig || null; }
set signature(value) {
this.#sig = (value == null) ? null : Signature.from(value);
* The access list.
* An access list permits discounted (but pre-paid) access to
* bytecode and state variable access within contract execution.
get accessList() {
const value = this.#accessList || null;
if (value == null) {
if (this.type === 1 || this.type === 2) {
return [];
return null;
return value;
set accessList(value) {
this.#accessList = (value == null) ? null : accessListify(value);
* Creates a new Transaction with default values.
constructor() {
this.#type = null;
this.#to = null;
this.#nonce = 0;
this.#gasLimit = BigInt(0);
this.#gasPrice = null;
this.#maxPriorityFeePerGas = null;
this.#maxFeePerGas = null;
this.#data = "0x";
this.#value = BigInt(0);
this.#chainId = BigInt(0);
this.#sig = null;
this.#accessList = null;
* The transaction hash, if signed. Otherwise, ``null``.
get hash() {
if (this.signature == null) {
return null;
return keccak256(this.serialized);
* The pre-image hash of this transaction.
* This is the digest that a [[Signer]] must sign to authorize
* this transaction.
get unsignedHash() {
return keccak256(this.unsignedSerialized);
* The sending address, if signed. Otherwise, ``null``.
get from() {
if (this.signature == null) {
return null;
return recoverAddress(this.unsignedHash, this.signature);
* The public key of the sender, if signed. Otherwise, ``null``.
get fromPublicKey() {
if (this.signature == null) {
return null;
return SigningKey.recoverPublicKey(this.unsignedHash, this.signature);
* Returns true if signed.
* This provides a Type Guard that properties requiring a signed
* transaction are non-null.
isSigned() {
//isSigned(): this is SignedTransaction {
return this.signature != null;
* The serialized transaction.
* This throws if the transaction is unsigned. For the pre-image,
* use [[unsignedSerialized]].
get serialized() {
assert$1(this.signature != null, "cannot serialize unsigned transaction; maybe you meant .unsignedSerialized", "UNSUPPORTED_OPERATION", { operation: ".serialized" });
switch (this.inferType()) {
case 0:
return _serializeLegacy(this, this.signature);
case 1:
return _serializeEip2930(this, this.signature);
case 2:
return _serializeEip1559(this, this.signature);
assert$1(false, "unsupported transaction type", "UNSUPPORTED_OPERATION", { operation: ".serialized" });
* The transaction pre-image.
* The hash of this is the digest which needs to be signed to
* authorize this transaction.
get unsignedSerialized() {
switch (this.inferType()) {
case 0:
return _serializeLegacy(this);
case 1:
return _serializeEip2930(this);
case 2:
return _serializeEip1559(this);
assert$1(false, "unsupported transaction type", "UNSUPPORTED_OPERATION", { operation: ".unsignedSerialized" });
* Return the most "likely" type; currently the highest
* supported transaction type.
inferType() {
return (this.inferTypes().pop());
* Validates the explicit properties and returns a list of compatible
* transaction types.
inferTypes() {
// Checks that there are no conflicting properties set
const hasGasPrice = this.gasPrice != null;
const hasFee = (this.maxFeePerGas != null || this.maxPriorityFeePerGas != null);
const hasAccessList = (this.accessList != null);
//if (hasGasPrice && hasFee) {
// throw new Error("transaction cannot have gasPrice and maxFeePerGas");
if (this.maxFeePerGas != null && this.maxPriorityFeePerGas != null) {
assert$1(this.maxFeePerGas >= this.maxPriorityFeePerGas, "priorityFee cannot be more than maxFee", "BAD_DATA", { value: this });
//if (this.type === 2 && hasGasPrice) {
// throw new Error("eip-1559 transaction cannot have gasPrice");
assert$1(!hasFee || (this.type !== 0 && this.type !== 1), "transaction type cannot have maxFeePerGas or maxPriorityFeePerGas", "BAD_DATA", { value: this });
assert$1(this.type !== 0 || !hasAccessList, "legacy transaction cannot have accessList", "BAD_DATA", { value: this });
const types = [];
// Explicit type
if (this.type != null) {
else {
if (hasFee) {
else if (hasGasPrice) {
if (!hasAccessList) {
else if (hasAccessList) {
else {
return types;
* Returns true if this transaction is a legacy transaction (i.e.
* ``type === 0``).
* This provides a Type Guard that the related properties are
* non-null.
isLegacy() {
return (this.type === 0);
* Returns true if this transaction is berlin hardform transaction (i.e.
* ``type === 1``).
* This provides a Type Guard that the related properties are
* non-null.
isBerlin() {
return (this.type === 1);
* Returns true if this transaction is london hardform transaction (i.e.
* ``type === 2``).
* This provides a Type Guard that the related properties are
* non-null.
isLondon() {
return (this.type === 2);
* Create a copy of this transaciton.
clone() {
return Transaction.from(this);
* Return a JSON-friendly object.
toJSON() {
const s = (v) => {
if (v == null) {
return null;
return v.toString();
return {
type: this.type,
// from: this.from,
nonce: this.nonce,
gasLimit: s(this.gasLimit),
gasPrice: s(this.gasPrice),
maxPriorityFeePerGas: s(this.maxPriorityFeePerGas),
maxFeePerGas: s(this.maxFeePerGas),
value: s(this.value),
chainId: s(this.chainId),
sig: this.signature ? this.signature.toJSON() : null,
accessList: this.accessList
* Create a **Transaction** from a serialized transaction or a
* Transaction-like object.
static from(tx) {
if (tx == null) {
return new Transaction();
if (typeof (tx) === "string") {
const payload = getBytes(tx);
if (payload[0] >= 0x7f) { // @TODO: > vs >= ??
return Transaction.from(_parseLegacy(payload));
switch (payload[0]) {
case 1: return Transaction.from(_parseEip2930(payload));
case 2: return Transaction.from(_parseEip1559(payload));
assert$1(false, "unsupported transaction type", "UNSUPPORTED_OPERATION", { operation: "from" });
const result = new Transaction();
if (tx.type != null) {
result.type = tx.type;
if ( != null) { =;
if (tx.nonce != null) {
result.nonce = tx.nonce;
if (tx.gasLimit != null) {
result.gasLimit = tx.gasLimit;
if (tx.gasPrice != null) {
result.gasPrice = tx.gasPrice;
if (tx.maxPriorityFeePerGas != null) {
result.maxPriorityFeePerGas = tx.maxPriorityFeePerGas;
if (tx.maxFeePerGas != null) {
result.maxFeePerGas = tx.maxFeePerGas;
if ( != null) { =;
if (tx.value != null) {
result.value = tx.value;
if (tx.chainId != null) {
result.chainId = tx.chainId;
if (tx.signature != null) {
result.signature = Signature.from(tx.signature);
if (tx.accessList != null) {
result.accessList = tx.accessList;
if (tx.hash != null) {
assertArgument(result.isSigned(), "unsigned transaction cannot define hash", "tx", tx);
assertArgument(result.hash === tx.hash, "hash mismatch", "tx", tx);
if (tx.from != null) {
assertArgument(result.isSigned(), "unsigned transaction cannot define from", "tx", tx);
assertArgument(result.from.toLowerCase() === (tx.from || "").toLowerCase(), "from mismatch", "tx", tx);
return result;
* Transactions..
* @_section api/transaction:Transactions [about-transactions]
* Computes the [[link-eip-191]] personal-sign message digest to sign.
* This prefixes the message with [[MessagePrefix]] and the decimal length
* of %%message%% and computes the [[keccak256]] digest.
* If %%message%% is a string, it is converted to its UTF-8 bytes
* first. To compute the digest of a [[DataHexString]], it must be converted
* to [bytes](getBytes).
* @example:
* hashMessage("Hello World")
* //_result:
* // Hashes the SIX (6) string characters, i.e.
* // [ "0", "x", "4", "2", "4", "3" ]
* hashMessage("0x4243")
* //_result:
* // Hashes the TWO (2) bytes [ 0x42, 0x43 ]...
* hashMessage(getBytes("0x4243"))
* //_result:
* // ...which is equal to using data
* hashMessage(new Uint8Array([ 0x42, 0x43 ]))
* //_result:
function hashMessage(message) {
if (typeof (message) === "string") {
message = toUtf8Bytes(message);
return keccak256(concat([
function verifyMessage(message, sig) {
const digest = hashMessage(message);
return recoverAddress(digest, sig);
const regexBytes = new RegExp("^bytes([0-9]+)$");
const regexNumber = new RegExp("^(u?int)([0-9]*)$");
const regexArray = new RegExp("^(.*)\\[([0-9]*)\\]$");
function _pack(type, value, isArray) {
switch (type) {
case "address":
if (isArray) {
return getBytes(zeroPadValue(value, 32));
return getBytes(getAddress(value));
case "string":
return toUtf8Bytes(value);
case "bytes":
return getBytes(value);
case "bool":
value = (!!value ? "0x01" : "0x00");
if (isArray) {
return getBytes(zeroPadValue(value, 32));
return getBytes(value);
let match = type.match(regexNumber);
if (match) {
let signed = (match[1] === "int");
let size = parseInt(match[2] || "256");
assertArgument((!match[2] || match[2] === String(size)) && (size % 8 === 0) && size !== 0 && size <= 256, "invalid number type", "type", type);
if (isArray) {
size = 256;
if (signed) {
value = toTwos(value, size);
return getBytes(zeroPadValue(toBeArray(value), size / 8));
match = type.match(regexBytes);
if (match) {
const size = parseInt(match[1]);
assertArgument(String(size) === match[1] && size !== 0 && size <= 32, "invalid bytes type", "type", type);
assertArgument(dataLength(value) === size, `invalid value for ${type}`, "value", value);
if (isArray) {
return getBytes(zeroPadBytes(value, 32));
return value;
match = type.match(regexArray);
if (match && Array.isArray(value)) {
const baseType = match[1];
const count = parseInt(match[2] || String(value.length));
assertArgument(count === value.length, `invalid array length for ${type}`, "value", value);
const result = [];
value.forEach(function (value) {
result.push(_pack(baseType, value, true));
return getBytes(concat(result));
assertArgument(false, "invalid type", "type", type);
// @TODO: Array Enum
* Computes the [[link-solc-packed]] representation of %%values%%
* respectively to their %%types%%.
* @example:
* addr = "0x8ba1f109551bd432803012645ac136ddd64dba72"
* solidityPacked([ "address", "uint" ], [ addr, 45 ]);
* //_result:
function solidityPacked(types, values) {
assertArgument(types.length === values.length, "wrong number of values; expected ${ types.length }", "values", values);
const tight = [];
types.forEach(function (type, index) {
tight.push(_pack(type, values[index]));
return hexlify(concat(tight));
* Computes the [[link-solc-packed]] [[keccak256]] hash of %%values%%
* respectively to their %%types%%.
* @example:
* addr = "0x8ba1f109551bd432803012645ac136ddd64dba72"
* solidityPackedKeccak256([ "address", "uint" ], [ addr, 45 ]);
* //_result:
function solidityPackedKeccak256(types, values) {
return keccak256(solidityPacked(types, values));
* Computes the [[link-solc-packed]] [[sha256]] hash of %%values%%
* respectively to their %%types%%.
* @example:
* addr = "0x8ba1f109551bd432803012645ac136ddd64dba72"
* solidityPackedSha256([ "address", "uint" ], [ addr, 45 ]);
* //_result:
function solidityPackedSha256(types, values) {
return sha256(solidityPacked(types, values));
//import { TypedDataDomain, TypedDataField } from "@ethersproject/providerabstract-signer";
const padding = new Uint8Array(32);
const BN__1 = BigInt(-1);
const BN_0$3 = BigInt(0);
const BN_1$1 = BigInt(1);
const BN_MAX_UINT256 = BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
function hexPadRight(value) {
const bytes = getBytes(value);
const padOffset = bytes.length % 32;
if (padOffset) {
return concat([bytes, padding.slice(padOffset)]);
return hexlify(bytes);
const hexTrue = toBeHex(BN_1$1, 32);
const hexFalse = toBeHex(BN_0$3, 32);
const domainFieldTypes = {
name: "string",
version: "string",
chainId: "uint256",
verifyingContract: "address",
salt: "bytes32"
const domainFieldNames = [
"name", "version", "chainId", "verifyingContract", "salt"
function checkString(key) {
return function (value) {
assertArgument(typeof (value) === "string", `invalid domain value for ${JSON.stringify(key)}`, `domain.${key}`, value);
return value;
const domainChecks = {
name: checkString("name"),
version: checkString("version"),
chainId: function (value) {
return getBigInt(value, "domain.chainId");
verifyingContract: function (value) {
try {
return getAddress(value).toLowerCase();
catch (error) { }
assertArgument(false, `invalid domain value "verifyingContract"`, "domain.verifyingContract", value);
salt: function (value) {
const bytes = getBytes(value, "domain.salt");
assertArgument(bytes.length === 32, `invalid domain value "salt"`, "domain.salt", value);
return hexlify(bytes);
function getBaseEncoder(type) {
// intXX and uintXX
const match = type.match(/^(u?)int(\d*)$/);
if (match) {
const signed = (match[1] === "");
const width = parseInt(match[2] || "256");
assertArgument(width % 8 === 0 && width !== 0 && width <= 256 && (match[2] == null || match[2] === String(width)), "invalid numeric width", "type", type);
const boundsUpper = mask(BN_MAX_UINT256, signed ? (width - 1) : width);
const boundsLower = signed ? ((boundsUpper + BN_1$1) * BN__1) : BN_0$3;
return function (_value) {
const value = getBigInt(_value, "value");
assertArgument(value >= boundsLower && value <= boundsUpper, `value out-of-bounds for ${type}`, "value", value);
return toBeHex(toTwos(value, 256), 32);
// bytesXX
const match = type.match(/^bytes(\d+)$/);
if (match) {
const width = parseInt(match[1]);
assertArgument(width !== 0 && width <= 32 && match[1] === String(width), "invalid bytes width", "type", type);
return function (value) {
const bytes = getBytes(value);
assertArgument(bytes.length === width, `invalid length for ${type}`, "value", value);
return hexPadRight(value);
switch (type) {
case "address": return function (value) {
return zeroPadValue(getAddress(value), 32);
case "bool": return function (value) {
return ((!value) ? hexFalse : hexTrue);
case "bytes": return function (value) {
return keccak256(value);
case "string": return function (value) {
return id(value);
return null;
function encodeType(name, fields) {
return `${name}(${{ name, type }) => (type + " " + name)).join(",")})`;
class TypedDataEncoder {
get types() {
return JSON.parse(this.#types);
constructor(types) {
this.#types = JSON.stringify(types);
this.#fullTypes = new Map();
this.#encoderCache = new Map();
// Link struct types to their direct child structs
const links = new Map();
// Link structs to structs which contain them as a child
const parents = new Map();
// Link all subtypes within a given struct
const subtypes = new Map();
Object.keys(types).forEach((type) => {
links.set(type, new Set());
parents.set(type, []);
subtypes.set(type, new Set());
for (const name in types) {
const uniqueNames = new Set();
for (const field of types[name]) {
// Check each field has a unique name
assertArgument(!uniqueNames.has(, `duplicate variable name ${JSON.stringify(} in ${JSON.stringify(name)}`, "types", types);
// Get the base type (drop any array specifiers)
const baseType = (field.type.match(/^([^\x5b]*)(\x5b|$)/))[1] || null;
assertArgument(baseType !== name, `circular type reference to ${JSON.stringify(baseType)}`, "types", types);
// Is this a base encoding type?
const encoder = getBaseEncoder(baseType);
if (encoder) {
assertArgument(parents.has(baseType), `unknown type ${JSON.stringify(baseType)}`, "types", types);
// Add linkage
// Deduce the primary type
const primaryTypes = Array.from(parents.keys()).filter((n) => (parents.get(n).length === 0));
assertArgument(primaryTypes.length !== 0, "missing primary type", "types", types);
assertArgument(primaryTypes.length === 1, `ambiguous primary types or unused types: ${ => (JSON.stringify(t))).join(", ")}`, "types", types);
defineProperties(this, { primaryType: primaryTypes[0] });
// Check for circular type references
function checkCircular(type, found) {
assertArgument(!found.has(type), `circular type reference to ${JSON.stringify(type)}`, "types", types);
for (const child of links.get(type)) {
if (!parents.has(child)) {
// Recursively check children
checkCircular(child, found);
// Mark all ancestors as having this decendant
for (const subtype of found) {
checkCircular(this.primaryType, new Set());
// Compute each fully describe type
for (const [name, set] of subtypes) {
const st = Array.from(set);
this.#fullTypes.set(name, encodeType(name, types[name]) + => encodeType(t, types[t])).join(""));
getEncoder(type) {
let encoder = this.#encoderCache.get(type);
if (!encoder) {
encoder = this.#getEncoder(type);
this.#encoderCache.set(type, encoder);
return encoder;
#getEncoder(type) {
// Basic encoder type (address, bool, uint256, etc)
const encoder = getBaseEncoder(type);
if (encoder) {
return encoder;
// Array
const match = type.match(/^(.*)(\x5b(\d*)\x5d)$/);
if (match) {
const subtype = match[1];
const subEncoder = this.getEncoder(subtype);
return (value) => {
assertArgument(!match[3] || parseInt(match[3]) === value.length, `array length mismatch; expected length ${parseInt(match[3])}`, "value", value);
let result =;
if (this.#fullTypes.has(subtype)) {
result =;
return keccak256(concat(result));
// Struct
const fields = this.types[type];
if (fields) {
const encodedType = id(this.#fullTypes.get(type));
return (value) => {
const values ={ name, type }) => {
const result = this.getEncoder(type)(value[name]);
if (this.#fullTypes.has(type)) {
return keccak256(result);
return result;
return concat(values);
assertArgument(false, `unknown type: ${type}`, "type", type);
encodeType(name) {
const result = this.#fullTypes.get(name);
assertArgument(result, `unknown type: ${JSON.stringify(name)}`, "name", name);
return result;
encodeData(type, value) {
return this.getEncoder(type)(value);
hashStruct(name, value) {
return keccak256(this.encodeData(name, value));
encode(value) {
return this.encodeData(this.primaryType, value);
hash(value) {
return this.hashStruct(this.primaryType, value);
_visit(type, value, callback) {
// Basic encoder type (address, bool, uint256, etc)
const encoder = getBaseEncoder(type);
if (encoder) {
return callback(type, value);
// Array
const match = type.match(/^(.*)(\x5b(\d*)\x5d)$/);
if (match) {
assertArgument(!match[3] || parseInt(match[3]) === value.length, `array length mismatch; expected length ${parseInt(match[3])}`, "value", value);
return => this._visit(match[1], v, callback));
// Struct
const fields = this.types[type];
if (fields) {
return fields.reduce((accum, { name, type }) => {
accum[name] = this._visit(type, value[name], callback);
return accum;
}, {});
assertArgument(false, `unknown type: ${type}`, "type", type);
visit(value, callback) {
return this._visit(this.primaryType, value, callback);
static from(types) {
return new TypedDataEncoder(types);
static getPrimaryType(types) {
return TypedDataEncoder.from(types).primaryType;
static hashStruct(name, types, value) {
return TypedDataEncoder.from(types).hashStruct(name, value);
static hashDomain(domain) {
const domainFields = [];
for (const name in domain) {
const type = domainFieldTypes[name];
assertArgument(type, `invalid typed-data domain key: ${JSON.stringify(name)}`, "domain", domain);
domainFields.push({ name, type });
domainFields.sort((a, b) => {
return domainFieldNames.indexOf( - domainFieldNames.indexOf(;
return TypedDataEncoder.hashStruct("EIP712Domain", { EIP712Domain: domainFields }, domain);
static encode(domain, types, value) {
return concat([
static hash(domain, types, value) {
return keccak256(TypedDataEncoder.encode(domain, types, value));
// Replaces all address types with ENS names with their looked up address
static async resolveNames(domain, types, value, resolveName) {
// Make a copy to isolate it from the object passed in
domain = Object.assign({}, domain);
// Look up all ENS names
const ensCache = {};
// Do we need to look up the domain's verifyingContract?
if (domain.verifyingContract && !isHexString(domain.verifyingContract, 20)) {
ensCache[domain.verifyingContract] = "0x";
// We are going to use the encoder to visit all the base values
const encoder = TypedDataEncoder.from(types);
// Get a list of all the addresses
encoder.visit(value, (type, value) => {
if (type === "address" && !isHexString(value, 20)) {
ensCache[value] = "0x";
return value;
// Lookup each name
for (const name in ensCache) {
ensCache[name] = await resolveName(name);
// Replace the domain verifyingContract if needed
if (domain.verifyingContract && ensCache[domain.verifyingContract]) {
domain.verifyingContract = ensCache[domain.verifyingContract];
// Replace all ENS names with their address
value = encoder.visit(value, (type, value) => {
if (type === "address" && ensCache[value]) {
return ensCache[value];
return value;
return { domain, value };
static getPayload(domain, types, value) {
// Validate the domain fields
// Derive the EIP712Domain Struct reference type
const domainValues = {};
const domainTypes = [];
domainFieldNames.forEach((name) => {
const value = domain[name];
if (value == null) {
domainValues[name] = domainChecks[name](value);
domainTypes.push({ name, type: domainFieldTypes[name] });
const encoder = TypedDataEncoder.from(types);
const typesWithDomain = Object.assign({}, types);
assertArgument(typesWithDomain.EIP712Domain == null, "types must not contain EIP712Domain type", "types.EIP712Domain", types);
typesWithDomain.EIP712Domain = domainTypes;
// Validate the data structures and types
return {
types: typesWithDomain,
domain: domainValues,
primaryType: encoder.primaryType,
message: encoder.visit(value, (type, value) => {
// bytes
if (type.match(/^bytes(\d*)/)) {
return hexlify(getBytes(value));
// uint or int
if (type.match(/^u?int/)) {
return getBigInt(value).toString();
switch (type) {
case "address":
return value.toLowerCase();
case "bool":
return !!value;
case "string":
assertArgument(typeof (value) === "string", "invalid string", "value", value);
return value;
assertArgument(false, "unsupported type", "type", type);
* About hashing here...
* @_section: api/hashing:Hashing Utilities [about-hashing]
* About frgaments...
* @_subsection api/abi/abi-coder:Fragments [about-fragments]
// [ "a", "b" ] => { "a": 1, "b": 1 }
function setify(items) {
const result = new Set();
items.forEach((k) => result.add(k));
return Object.freeze(result);
// Visibility Keywords
const _kwVisib = "constant external internal payable private public pure view";
const KwVisib = setify(_kwVisib.split(" "));
const _kwTypes = "constructor error event fallback function receive struct";
const KwTypes = setify(_kwTypes.split(" "));
const _kwModifiers = "calldata memory storage payable indexed";
const KwModifiers = setify(_kwModifiers.split(" "));
const _kwOther = "tuple returns";
// All Keywords
const _keywords = [_kwTypes, _kwModifiers, _kwOther, _kwVisib].join(" ");
const Keywords = setify(_keywords.split(" "));
// Single character tokens
const SimpleTokens = {
"(": "OPEN_PAREN", ")": "CLOSE_PAREN",
",": "COMMA", "@": "AT"
// Parser regexes to consume the next token
const regexWhitespacePrefix = new RegExp("^(\\s*)");
const regexNumberPrefix = new RegExp("^([0-9]+)");
const regexIdPrefix = new RegExp("^([a-zA-Z$_][a-zA-Z0-9$_]*)");
// Parser regexs to check validity
const regexId = new RegExp("^([a-zA-Z$_][a-zA-Z0-9$_]*)$");
const regexType = new RegExp("^(address|bool|bytes([0-9]*)|string|u?int([0-9]*))$");
class TokenString {
get offset() { return this.#offset; }
get length() { return this.#tokens.length - this.#offset; }
constructor(tokens) {
this.#offset = 0;
this.#tokens = tokens.slice();
clone() { return new TokenString(this.#tokens); }
reset() { this.#offset = 0; }
#subTokenString(from = 0, to = 0) {
return new TokenString(this.#tokens.slice(from, to).map((t) => {
return Object.freeze(Object.assign({}, t, {
match: (t.match - from),
linkBack: (t.linkBack - from),
linkNext: (t.linkNext - from),
return t;
// Pops and returns the value of the next token, if it is a keyword in allowed; throws if out of tokens
popKeyword(allowed) {
const top = this.peek();
if (top.type !== "KEYWORD" || !allowed.has(top.text)) {
throw new Error(`expected keyword ${top.text}`);
return this.pop().text;
// Pops and returns the value of the next token if it is `type`; throws if out of tokens
popType(type) {
if (this.peek().type !== type) {
throw new Error(`expected ${type}; got ${JSON.stringify(this.peek())}`);
return this.pop().text;
// Pops and returns a "(" TOKENS ")"
popParen() {
const top = this.peek();
if (top.type !== "OPEN_PAREN") {
throw new Error("bad start");
const result = this.#subTokenString(this.#offset + 1, top.match + 1);
this.#offset = top.match + 1;
return result;
// Pops and returns the items within "(" ITEM1 "," ITEM2 "," ... ")"
popParams() {
const top = this.peek();
if (top.type !== "OPEN_PAREN") {
throw new Error("bad start");
const result = [];
while (this.#offset < top.match - 1) {
const link = this.peek().linkNext;
result.push(this.#subTokenString(this.#offset + 1, link));
this.#offset = link;
this.#offset = top.match + 1;
return result;
// Returns the top Token, throwing if out of tokens
peek() {
if (this.#offset >= this.#tokens.length) {
throw new Error("out-of-bounds");
return this.#tokens[this.#offset];
// Returns the next value, if it is a keyword in `allowed`
peekKeyword(allowed) {
const top = this.peekType("KEYWORD");
return (top != null && allowed.has(top)) ? top : null;
// Returns the value of the next token if it is `type`
peekType(type) {
if (this.length === 0) {
return null;
const top = this.peek();
return (top.type === type) ? top.text : null;
// Returns the next token; throws if out of tokens
pop() {
const result = this.peek();
return result;
toString() {
const tokens = [];
for (let i = this.#offset; i < this.#tokens.length; i++) {
const token = this.#tokens[i];
return `<TokenString ${tokens.join(" ")}>`;
function lex(text) {
const tokens = [];
const throwError = (message) => {
const token = (offset < text.length) ? JSON.stringify(text[offset]) : "$EOI";
throw new Error(`invalid token ${token} at ${offset}: ${message}`);
let brackets = [];
let commas = [];
let offset = 0;
while (offset < text.length) {
// Strip off any leading whitespace
let cur = text.substring(offset);
let match = cur.match(regexWhitespacePrefix);
if (match) {
offset += match[1].length;
cur = text.substring(offset);
const token = { depth: brackets.length, linkBack: -1, linkNext: -1, match: -1, type: "", text: "", offset, value: -1 };
let type = (SimpleTokens[cur[0]] || "");
if (type) {
token.type = type;
token.text = cur[0];
if (type === "OPEN_PAREN") {
brackets.push(tokens.length - 1);
commas.push(tokens.length - 1);
else if (type == "CLOSE_PAREN") {
if (brackets.length === 0) {
throwError("no matching open bracket");
token.match = brackets.pop();
(tokens[token.match]).match = tokens.length - 1;
token.linkBack = commas.pop();
(tokens[token.linkBack]).linkNext = tokens.length - 1;
else if (type === "COMMA") {
token.linkBack = commas.pop();
(tokens[token.linkBack]).linkNext = tokens.length - 1;
commas.push(tokens.length - 1);
else if (type === "OPEN_BRACKET") {
token.type = "BRACKET";
else if (type === "CLOSE_BRACKET") {
// Remove the CLOSE_BRACKET
let suffix = tokens.pop().text;
if (tokens.length > 0 && tokens[tokens.length - 1].type === "NUMBER") {
const value = tokens.pop().text;
suffix = value + suffix;
(tokens[tokens.length - 1]).value = getNumber(value);
if (tokens.length === 0 || tokens[tokens.length - 1].type !== "BRACKET") {
throw new Error("missing opening bracket");
(tokens[tokens.length - 1]).text += suffix;
match = cur.match(regexIdPrefix);
if (match) {
token.text = match[1];
offset += token.text.length;
if (Keywords.has(token.text)) {
token.type = "KEYWORD";
if (token.text.match(regexType)) {
token.type = "TYPE";
token.type = "ID";
match = cur.match(regexNumberPrefix);
if (match) {
token.text = match[1];
token.type = "NUMBER";
offset += token.text.length;
throw new Error(`unexpected token ${JSON.stringify(cur[0])} at position ${offset}`);
return new TokenString( => Object.freeze(t)));
// Check only one of `allowed` is in `set`
function allowSingle(set, allowed) {
let included = [];
for (const key in allowed.keys()) {
if (set.has(key)) {
if (included.length > 1) {
throw new Error(`conflicting types: ${included.join(", ")}`);
// Functions to process a Solidity Signature TokenString from left-to-right for...
// ...the name with an optional type, returning the name
function consumeName(type, tokens) {
if (tokens.peekKeyword(KwTypes)) {
const keyword = tokens.pop().text;
if (keyword !== type) {
throw new Error(`expected ${type}, got ${keyword}`);
return tokens.popType("ID");
// ...all keywords matching allowed, returning the keywords
function consumeKeywords(tokens, allowed) {
const keywords = new Set();
while (true) {
const keyword = tokens.peekType("KEYWORD");
if (keyword == null || (allowed && !allowed.has(keyword))) {
if (keywords.has(keyword)) {
throw new Error(`duplicate keywords: ${JSON.stringify(keyword)}`);
return Object.freeze(keywords);
// ...all visibility keywords, returning the coalesced mutability
function consumeMutability(tokens) {
let modifiers = consumeKeywords(tokens, KwVisib);
// Detect conflicting modifiers
allowSingle(modifiers, setify("constant payable nonpayable".split(" ")));
allowSingle(modifiers, setify("pure view payable nonpayable".split(" ")));
// Process mutability states
if (modifiers.has("view")) {
return "view";
if (modifiers.has("pure")) {
return "pure";
if (modifiers.has("payable")) {
return "payable";
if (modifiers.has("nonpayable")) {
return "nonpayable";
// Process legacy `constant` last
if (modifiers.has("constant")) {
return "view";
return "nonpayable";
// ...a parameter list, returning the ParamType list
function consumeParams(tokens, allowIndexed) {
return tokens.popParams().map((t) => ParamType.from(t, allowIndexed));
// ...a gas limit, returning a BigNumber or null if none
function consumeGas(tokens) {
if (tokens.peekType("AT")) {
if (tokens.peekType("NUMBER")) {
return getBigInt(tokens.pop().text);
throw new Error("invalid gas");
return null;
function consumeEoi(tokens) {
if (tokens.length) {
throw new Error(`unexpected tokens: ${tokens.toString()}`);
const regexArrayType = new RegExp(/^(.*)\[([0-9]*)\]$/);
function verifyBasicType(type) {
const match = type.match(regexType);
assertArgument(match, "invalid type", "type", type);
if (type === "uint") {
return "uint256";
if (type === "int") {
return "int256";
if (match[2]) {
// bytesXX
const length = parseInt(match[2]);
assertArgument(length !== 0 && length <= 32, "invalid bytes length", "type", type);
else if (match[3]) {
// intXX or uintXX
const size = parseInt(match[3]);
assertArgument(size !== 0 && size <= 256 && (size % 8) === 0, "invalid numeric width", "type", type);
return type;
// Make the Fragment constructors effectively private
const _guard$2 = {};
const internal$1 = Symbol.for("_ethers_internal");
const ParamTypeInternal = "_ParamTypeInternal";
const ErrorFragmentInternal = "_ErrorInternal";
const EventFragmentInternal = "_EventInternal";
const ConstructorFragmentInternal = "_ConstructorInternal";
const FallbackFragmentInternal = "_FallbackInternal";
const FunctionFragmentInternal = "_FunctionInternal";
const StructFragmentInternal = "_StructInternal";
* Each input and output of a [[Fragment]] is an Array of **PAramType**.
class ParamType {
* The local name of the parameter (or ``""`` if unbound)
* The fully qualified type (e.g. ``"address"``, ``"tuple(address)"``,
* ``"uint256[3][]"``)
* The base type (e.g. ``"address"``, ``"tuple"``, ``"array"``)
* True if the parameters is indexed.
* For non-indexable types this is ``null``.
* The components for the tuple.
* For non-tuple types this is ``null``.
* The array length, or ``-1`` for dynamic-lengthed arrays.
* For non-array types this is ``null``.
* The type of each child in the array.
* For non-array types this is ``null``.
* @private
constructor(guard, name, type, baseType, indexed, components, arrayLength, arrayChildren) {
assertPrivate(guard, _guard$2, "ParamType");
Object.defineProperty(this, internal$1, { value: ParamTypeInternal });
if (components) {
components = Object.freeze(components.slice());
if (baseType === "array") {
if (arrayLength == null || arrayChildren == null) {
throw new Error("");
else if (arrayLength != null || arrayChildren != null) {
throw new Error("");
if (baseType === "tuple") {
if (components == null) {
throw new Error("");
else if (components != null) {
throw new Error("");
defineProperties(this, {
name, type, baseType, indexed, components, arrayLength, arrayChildren
* Return a string representation of this type.
* For example,
* ``sighash" => "(uint256,address)"``
* ``"minimal" => "tuple(uint256,address) indexed"``
* ``"full" => "tuple(uint256 foo, address bar) indexed baz"``
format(format) {
if (format == null) {
format = "sighash";
if (format === "json") {
let result = {
type: ((this.baseType === "tuple") ? "tuple" : this.type),
name: ( || undefined)
if (typeof (this.indexed) === "boolean") {
result.indexed = this.indexed;
if (this.isTuple()) {
result.components = => JSON.parse(c.format(format)));
return JSON.stringify(result);
let result = "";
// Array
if (this.isArray()) {
result += this.arrayChildren.format(format);
result += `[${(this.arrayLength < 0 ? "" : String(this.arrayLength))}]`;
else {
if (this.isTuple()) {
if (format !== "sighash") {
result += this.type;
result += "(" + => comp.format(format)).join((format === "full") ? ", " : ",") + ")";
else {
result += this.type;
if (format !== "sighash") {
if (this.indexed === true) {
result += " indexed";
if (format === "full" && {
result += " " +;
return result;
* Returns true if %%value%% is an Array type.
* This provides a type gaurd ensuring that the
* [[arrayChildren]] and [[arrayLength]] are non-null.
//static isArray(value: any): value is { arrayChildren: ParamType, arrayLength: number } {
// return value && (value.baseType === "array")
* Returns true if %%this%% is an Array type.
* This provides a type gaurd ensuring that [[arrayChildren]]
* and [[arrayLength]] are non-null.
isArray() {
return (this.baseType === "array");
* Returns true if %%this%% is a Tuple type.
* This provides a type gaurd ensuring that [[components]]
* is non-null.
isTuple() {
return (this.baseType === "tuple");
* Returns true if %%this%% is an Indexable type.
* This provides a type gaurd ensuring that [[indexed]]
* is non-null.
isIndexable() {
return (this.indexed != null);
* Walks the **ParamType** with %%value%%, calling %%process%%
* on each type, destructing the %%value%% recursively.
walk(value, process) {
if (this.isArray()) {
if (!Array.isArray(value)) {
throw new Error("invlaid array value");
if (this.arrayLength !== -1 && value.length !== this.arrayLength) {
throw new Error("array is wrong length");
const _this = this;
return => (_this.arrayChildren.walk(v, process)));
if (this.isTuple()) {
if (!Array.isArray(value)) {
throw new Error("invlaid tuple value");
if (value.length !== this.components.length) {
throw new Error("array is wrong length");
const _this = this;
return, i) => (_this.components[i].walk(v, process)));
return process(this.type, value);
#walkAsync(promises, value, process, setValue) {
if (this.isArray()) {
if (!Array.isArray(value)) {
throw new Error("invlaid array value");
if (this.arrayLength !== -1 && value.length !== this.arrayLength) {
throw new Error("array is wrong length");
const childType = this.arrayChildren;
const result = value.slice();
result.forEach((value, index) => {
childType.#walkAsync(promises, value, process, (value) => {
result[index] = value;
if (this.isTuple()) {
const components = this.components;
// Convert the object into an array
let result;
if (Array.isArray(value)) {
result = value.slice();
else {
if (value == null || typeof (value) !== "object") {
throw new Error("invlaid tuple value");
result = => {
if (! {
throw new Error("cannot use object value with unnamed components");
if (!( in value)) {
throw new Error(`missing value for component ${}`);
return value[];
if (result.length !== this.components.length) {
throw new Error("array is wrong length");
result.forEach((value, index) => {
components[index].#walkAsync(promises, value, process, (value) => {
result[index] = value;
const result = process(this.type, value);
if (result.then) {
promises.push((async function () { setValue(await result); })());
else {
* Walks the **ParamType** with %%value%%, asynchronously calling
* %%process%% on each type, destructing the %%value%% recursively.
* This can be used to resolve ENS naes by walking and resolving each
* ``"address"`` type.
async walkAsync(value, process) {
const promises = [];
const result = [value];
this.#walkAsync(promises, value, process, (value) => {
result[0] = value;
if (promises.length) {
await Promise.all(promises);
return result[0];
* Creates a new **ParamType** for %%obj%%.
* If %%allowIndexed%% then the ``indexed`` keyword is permitted,
* otherwise the ``indexed`` keyword will throw an error.
static from(obj, allowIndexed) {
if (ParamType.isParamType(obj)) {
return obj;
if (typeof (obj) === "string") {
return ParamType.from(lex(obj), allowIndexed);
else if (obj instanceof TokenString) {
let type = "", baseType = "";
let comps = null;
if (consumeKeywords(obj, setify(["tuple"])).has("tuple") || obj.peekType("OPEN_PAREN")) {
// Tuple
baseType = "tuple";
comps = obj.popParams().map((t) => ParamType.from(t));
type = `tuple(${ => c.format()).join(",")})`;
else {
// Normal
type = verifyBasicType(obj.popType("TYPE"));
baseType = type;
// Check for Array
let arrayChildren = null;
let arrayLength = null;
while (obj.length && obj.peekType("BRACKET")) {
const bracket = obj.pop(); //arrays[i];
arrayChildren = new ParamType(_guard$2, "", type, baseType, null, comps, arrayLength, arrayChildren);
arrayLength = bracket.value;
type += bracket.text;
baseType = "array";
comps = null;
let indexed = null;
const keywords = consumeKeywords(obj, KwModifiers);
if (keywords.has("indexed")) {
if (!allowIndexed) {
throw new Error("");
indexed = true;
const name = (obj.peekType("ID") ? obj.pop().text : "");
if (obj.length) {
throw new Error("leftover tokens");
return new ParamType(_guard$2, name, type, baseType, indexed, comps, arrayLength, arrayChildren);
const name =;
assertArgument(!name || (typeof (name) === "string" && name.match(regexId)), "invalid name", "", name);
let indexed = obj.indexed;
if (indexed != null) {
assertArgument(allowIndexed, "parameter cannot be indexed", "obj.indexed", obj.indexed);
indexed = !!indexed;
let type = obj.type;
let arrayMatch = type.match(regexArrayType);
if (arrayMatch) {
const arrayLength = parseInt(arrayMatch[2] || "-1");
const arrayChildren = ParamType.from({
type: arrayMatch[1],
components: obj.components
return new ParamType(_guard$2, name || "", type, "array", indexed, null, arrayLength, arrayChildren);
if (type === "tuple" || type.startsWith("tuple(" /* fix: ) */) || type.startsWith("(" /* fix: ) */)) {
const comps = (obj.components != null) ? => ParamType.from(c)) : null;
const tuple = new ParamType(_guard$2, name || "", type, "tuple", indexed, comps, null, null);
// @TODO: use lexer to validate and normalize type
return tuple;
type = verifyBasicType(obj.type);
return new ParamType(_guard$2, name || "", type, type, indexed, null, null, null);
* Returns true if %%value%% is a **ParamType**.
static isParamType(value) {
return (value && value[internal$1] === ParamTypeInternal);
* An abstract class to represent An individual fragment from a parse ABI.
class Fragment {
* The type of the fragment.
* The inputs for the fragment.
* @private
constructor(guard, type, inputs) {
assertPrivate(guard, _guard$2, "Fragment");
inputs = Object.freeze(inputs.slice());
defineProperties(this, { type, inputs });
* Creates a new **Fragment** for %%obj%%, wich can be any supported
* ABI frgament type.
static from(obj) {
if (typeof (obj) === "string") {
// Try parsing JSON...
try {
catch (e) { }
// ...otherwise, use the human-readable lexer
return Fragment.from(lex(obj));
if (obj instanceof TokenString) {
// Human-readable ABI (already lexed)
const type = obj.peekKeyword(KwTypes);
switch (type) {
case "constructor": return ConstructorFragment.from(obj);
case "error": return ErrorFragment.from(obj);
case "event": return EventFragment.from(obj);
case "fallback":
case "receive":
return FallbackFragment.from(obj);
case "function": return FunctionFragment.from(obj);
case "struct": return StructFragment.from(obj);
else if (typeof (obj) === "object") {
switch (obj.type) {
case "constructor": return ConstructorFragment.from(obj);
case "error": return ErrorFragment.from(obj);
case "event": return EventFragment.from(obj);
case "fallback":
case "receive":
return FallbackFragment.from(obj);
case "function": return FunctionFragment.from(obj);
case "struct": return StructFragment.from(obj);
assert$1(false, `unsupported type: ${obj.type}`, "UNSUPPORTED_OPERATION", {
operation: "Fragment.from"
assertArgument(false, "unsupported frgament object", "obj", obj);
* Returns true if %%value%% is a [[ConstructorFragment]].
static isConstructor(value) {
return ConstructorFragment.isFragment(value);
* Returns true if %%value%% is an [[ErrorFragment]].
static isError(value) {
return ErrorFragment.isFragment(value);
* Returns true if %%value%% is an [[EventFragment]].
static isEvent(value) {
return EventFragment.isFragment(value);
* Returns true if %%value%% is a [[FunctionFragment]].
static isFunction(value) {
return FunctionFragment.isFragment(value);
* Returns true if %%value%% is a [[StructFragment]].
static isStruct(value) {
return StructFragment.isFragment(value);
* An abstract class to represent An individual fragment
* which has a name from a parse ABI.
class NamedFragment extends Fragment {
* The name of the fragment.
* @private
constructor(guard, type, name, inputs) {
super(guard, type, inputs);
assertArgument(typeof (name) === "string" && name.match(regexId), "invalid identifier", "name", name);
inputs = Object.freeze(inputs.slice());
defineProperties(this, { name });
function joinParams(format, params) {
return "(" + => p.format(format)).join((format === "full") ? ", " : ",") + ")";
* A Fragment which represents a //Custom Error//.
class ErrorFragment extends NamedFragment {
* @private
constructor(guard, name, inputs) {
super(guard, "error", name, inputs);
Object.defineProperty(this, internal$1, { value: ErrorFragmentInternal });
* The Custom Error selector.
get selector() {
return id(this.format("sighash")).substring(0, 10);
format(format) {
if (format == null) {
format = "sighash";
if (format === "json") {
return JSON.stringify({
type: "error",
inputs: => JSON.parse(input.format(format))),
const result = [];
if (format !== "sighash") {
result.push( + joinParams(format, this.inputs));
return result.join(" ");
static from(obj) {
if (ErrorFragment.isFragment(obj)) {
return obj;
if (typeof (obj) === "string") {
return ErrorFragment.from(lex(obj));
else if (obj instanceof TokenString) {
const name = consumeName("error", obj);
const inputs = consumeParams(obj);
return new ErrorFragment(_guard$2, name, inputs);
return new ErrorFragment(_guard$2,, obj.inputs ? : []);
static isFragment(value) {
return (value && value[internal$1] === ErrorFragmentInternal);
* A Fragment which represents an Event.
class EventFragment extends NamedFragment {
* @private
constructor(guard, name, inputs, anonymous) {
super(guard, "event", name, inputs);
Object.defineProperty(this, internal$1, { value: EventFragmentInternal });
defineProperties(this, { anonymous });
* The Event topic hash.
get topicHash() {
return id(this.format("sighash"));
format(format) {
if (format == null) {
format = "sighash";
if (format === "json") {
return JSON.stringify({
type: "event",
anonymous: this.anonymous,
inputs: => JSON.parse(i.format(format)))
const result = [];
if (format !== "sighash") {
result.push( + joinParams(format, this.inputs));
if (format !== "sighash" && this.anonymous) {
return result.join(" ");
static getTopicHash(name, params) {
params = (params || []).map((p) => ParamType.from(p));
const fragment = new EventFragment(_guard$2, name, params, false);
return fragment.topicHash;
static from(obj) {
if (EventFragment.isFragment(obj)) {
return obj;
if (typeof (obj) === "string") {
return EventFragment.from(lex(obj));
else if (obj instanceof TokenString) {
const name = consumeName("event", obj);
const inputs = consumeParams(obj, true);
const anonymous = !!consumeKeywords(obj, setify(["anonymous"])).has("anonymous");
return new EventFragment(_guard$2, name, inputs, anonymous);
return new EventFragment(_guard$2,, obj.inputs ? => ParamType.from(p, true)) : [], !!obj.anonymous);
static isFragment(value) {
return (value && value[internal$1] === EventFragmentInternal);
* A Fragment which represents a constructor.
class ConstructorFragment extends Fragment {
* @private
constructor(guard, type, inputs, payable, gas) {
super(guard, type, inputs);
Object.defineProperty(this, internal$1, { value: ConstructorFragmentInternal });
defineProperties(this, { payable, gas });
format(format) {
assert$1(format != null && format !== "sighash", "cannot format a constructor for sighash", "UNSUPPORTED_OPERATION", { operation: "format(sighash)" });
if (format === "json") {
return JSON.stringify({
type: "constructor",
stateMutability: (this.payable ? "payable" : "undefined"),
payable: this.payable,
gas: ((this.gas != null) ? this.gas : undefined),
inputs: => JSON.parse(i.format(format)))
const result = [`constructor${joinParams(format, this.inputs)}`];
result.push((this.payable) ? "payable" : "nonpayable");
if (this.gas != null) {
return result.join(" ");
static from(obj) {
if (ConstructorFragment.isFragment(obj)) {
return obj;
if (typeof (obj) === "string") {
return ConstructorFragment.from(lex(obj));
else if (obj instanceof TokenString) {
consumeKeywords(obj, setify(["constructor"]));
const inputs = consumeParams(obj);
const payable = !!consumeKeywords(obj, setify(["payable"])).has("payable");
const gas = consumeGas(obj);
return new ConstructorFragment(_guard$2, "constructor", inputs, payable, gas);
return new ConstructorFragment(_guard$2, "constructor", obj.inputs ? : [], !!obj.payable, (obj.gas != null) ? obj.gas : null);
static isFragment(value) {
return (value && value[internal$1] === ConstructorFragmentInternal);
* A Fragment which represents a method.
class FallbackFragment extends Fragment {
* If the function can be sent value during invocation.
constructor(guard, inputs, payable) {
super(guard, "fallback", inputs);
Object.defineProperty(this, internal$1, { value: FallbackFragmentInternal });
defineProperties(this, { payable });
format(format) {
const type = ((this.inputs.length === 0) ? "receive" : "fallback");
if (format === "json") {
const stateMutability = (this.payable ? "payable" : "nonpayable");
return JSON.stringify({ type, stateMutability });
return `${type}()${this.payable ? " payable" : ""}`;
static from(obj) {
if (FallbackFragment.isFragment(obj)) {
return obj;
if (typeof (obj) === "string") {
return FallbackFragment.from(lex(obj));
else if (obj instanceof TokenString) {
const errorObj = obj.toString();
const topIsValid = obj.peekKeyword(setify(["fallback", "receive"]));
assertArgument(topIsValid, "type must be fallback or receive", "obj", errorObj);
const type = obj.popKeyword(setify(["fallback", "receive"]));
// receive()
if (type === "receive") {
const inputs = consumeParams(obj);
assertArgument(inputs.length === 0, `receive cannot have arguments`, "obj.inputs", inputs);
consumeKeywords(obj, setify(["payable"]));
return new FallbackFragment(_guard$2, [], true);
// fallback() [payable]
// fallback(bytes) [payable] returns (bytes)
let inputs = consumeParams(obj);
if (inputs.length) {
assertArgument(inputs.length === 1 && inputs[0].type === "bytes", "invalid fallback inputs", "obj.inputs", => i.format("minimal")).join(", "));
else {
inputs = [ParamType.from("bytes")];
const mutability = consumeMutability(obj);
assertArgument(mutability === "nonpayable" || mutability === "payable", "fallback cannot be constants", "obj.stateMutability", mutability);
if (consumeKeywords(obj, setify(["returns"])).has("returns")) {
const outputs = consumeParams(obj);
assertArgument(outputs.length === 1 && outputs[0].type === "bytes", "invalid fallback outputs", "obj.outputs", => i.format("minimal")).join(", "));
return new FallbackFragment(_guard$2, inputs, mutability === "payable");
if (obj.type === "receive") {
return new FallbackFragment(_guard$2, [], true);
if (obj.type === "fallback") {
const inputs = [ParamType.from("bytes")];
const payable = (obj.stateMutability === "payable");
return new FallbackFragment(_guard$2, inputs, payable);
assertArgument(false, "invalid fallback description", "obj", obj);
static isFragment(value) {
return (value && value[internal$1] === FallbackFragmentInternal);
* A Fragment which represents a method.
class FunctionFragment extends NamedFragment {
* If the function is constant (e.g. ``pure`` or ``view`` functions).
* The returned types for the result of calling this function.
* The state mutability (e.g. ``payable``, ``nonpayable``, ``view``
* or ``pure``)
* If the function can be sent value during invocation.
* The amount of gas to send when calling this function
* @private
constructor(guard, name, stateMutability, inputs, outputs, gas) {
super(guard, "function", name, inputs);
Object.defineProperty(this, internal$1, { value: FunctionFragmentInternal });
outputs = Object.freeze(outputs.slice());
const constant = (stateMutability === "view" || stateMutability === "pure");
const payable = (stateMutability === "payable");
defineProperties(this, { constant, gas, outputs, payable, stateMutability });
* The Function selector.
get selector() {
return id(this.format("sighash")).substring(0, 10);
format(format) {
if (format == null) {
format = "sighash";
if (format === "json") {
return JSON.stringify({
type: "function",
constant: this.constant,
stateMutability: ((this.stateMutability !== "nonpayable") ? this.stateMutability : undefined),
payable: this.payable,
gas: ((this.gas != null) ? this.gas : undefined),
inputs: => JSON.parse(i.format(format))),
outputs: => JSON.parse(o.format(format))),
const result = [];
if (format !== "sighash") {
result.push( + joinParams(format, this.inputs));
if (format !== "sighash") {
if (this.stateMutability !== "nonpayable") {
if (this.outputs && this.outputs.length) {
result.push(joinParams(format, this.outputs));
if (this.gas != null) {
return result.join(" ");
static getSelector(name, params) {
params = (params || []).map((p) => ParamType.from(p));
const fragment = new FunctionFragment(_guard$2, name, "view", params, [], null);
return fragment.selector;
static from(obj) {
if (FunctionFragment.isFragment(obj)) {
return obj;
if (typeof (obj) === "string") {
return FunctionFragment.from(lex(obj));
else if (obj instanceof TokenString) {
const name = consumeName("function", obj);
const inputs = consumeParams(obj);
const mutability = consumeMutability(obj);
let outputs = [];
if (consumeKeywords(obj, setify(["returns"])).has("returns")) {
outputs = consumeParams(obj);
const gas = consumeGas(obj);
return new FunctionFragment(_guard$2, name, mutability, inputs, outputs, gas);
// @TODO: verifyState for stateMutability
return new FunctionFragment(_guard$2,, obj.stateMutability, obj.inputs ? : [], obj.outputs ? : [], (obj.gas != null) ? obj.gas : null);
static isFragment(value) {
return (value && value[internal$1] === FunctionFragmentInternal);
* A Fragment which represents a structure.
class StructFragment extends NamedFragment {
* @private
constructor(guard, name, inputs) {
super(guard, "struct", name, inputs);
Object.defineProperty(this, internal$1, { value: StructFragmentInternal });
format() {
throw new Error("@TODO");
static from(obj) {
if (typeof (obj) === "string") {
return StructFragment.from(lex(obj));
else if (obj instanceof TokenString) {
const name = consumeName("struct", obj);
const inputs = consumeParams(obj);
return new StructFragment(_guard$2, name, inputs);
return new StructFragment(_guard$2,, obj.inputs ? : []);
static isFragment(value) {
return (value && value[internal$1] === StructFragmentInternal);
* When sending values to or receiving values from a [[Contract]], the
* data is generally encoded using the [ABI standard](solc-abi-standard).
* The AbiCoder provides a utility to encode values to ABI data and
* decode values from ABI data.
* Most of the time, developers should favour the [[Contract]] class,
* which further abstracts a lot of the finer details of ABI data.
* @_section api/abi/abi-coder:ABI Encoding
const PanicReasons$1 = new Map();
PanicReasons$1.set(0x00, "GENERIC_PANIC");
PanicReasons$1.set(0x01, "ASSERT_FALSE");
PanicReasons$1.set(0x11, "OVERFLOW");
PanicReasons$1.set(0x12, "DIVIDE_BY_ZERO");
PanicReasons$1.set(0x21, "ENUM_RANGE_ERROR");
PanicReasons$1.set(0x22, "BAD_STORAGE_DATA");
PanicReasons$1.set(0x31, "STACK_UNDERFLOW");
PanicReasons$1.set(0x32, "ARRAY_RANGE_ERROR");
PanicReasons$1.set(0x41, "OUT_OF_MEMORY");
PanicReasons$1.set(0x51, "UNINITIALIZED_FUNCTION_CALL");
const paramTypeBytes = new RegExp(/^bytes([0-9]*)$/);
const paramTypeNumber = new RegExp(/^(u?int)([0-9]*)$/);
let defaultCoder = null;
function getBuiltinCallException(action, tx, data, abiCoder) {
let message = "missing revert data";
let reason = null;
const invocation = null;
let revert = null;
if (data) {
message = "execution reverted";
const bytes = getBytes(data);
data = hexlify(data);
if (bytes.length === 0) {
message += " (no data present; likely require(false) occurred";
reason = "require(false)";
else if (bytes.length % 32 !== 4) {
message += " (could not decode reason; invalid data length)";
else if (hexlify(bytes.slice(0, 4)) === "0x08c379a0") {
// Error(string)
try {
reason = abiCoder.decode(["string"], bytes.slice(4))[0];
revert = {
signature: "Error(string)",
name: "Error",
args: [reason]
message += `: ${JSON.stringify(reason)}`;
catch (error) {
message += " (could not decode reason; invalid string data)";
else if (hexlify(bytes.slice(0, 4)) === "0x4e487b71") {
// Panic(uint256)
try {
const code = Number(abiCoder.decode(["uint256"], bytes.slice(4))[0]);
revert = {
signature: "Panic(uint256)",
name: "Panic",
args: [code]
reason = `Panic due to ${PanicReasons$1.get(code) || "UNKNOWN"}(${code})`;
message += `: ${reason}`;
catch (error) {
message += " (could not decode panic code)";
else {
message += " (unknown custom error)";
const transaction = {
to: ( ? getAddress( : null),
data: ( || "0x")
if (tx.from) {
transaction.from = getAddress(tx.from);
return makeError(message, "CALL_EXCEPTION", {
action, data, reason, transaction, invocation, revert
* About AbiCoder
class AbiCoder {
#getCoder(param) {
if (param.isArray()) {
return new ArrayCoder(this.#getCoder(param.arrayChildren), param.arrayLength,;
if (param.isTuple()) {
return new TupleCoder( => this.#getCoder(c)),;
switch (param.baseType) {
case "address":
return new AddressCoder(;
case "bool":
return new BooleanCoder(;
case "string":
return new StringCoder(;
case "bytes":
return new BytesCoder(;
case "":
return new NullCoder(;
// u?int[0-9]*
let match = param.type.match(paramTypeNumber);
if (match) {
let size = parseInt(match[2] || "256");
assertArgument(size !== 0 && size <= 256 && (size % 8) === 0, "invalid " + match[1] + " bit length", "param", param);
return new NumberCoder(size / 8, (match[1] === "int"),;
// bytes[0-9]+
match = param.type.match(paramTypeBytes);
if (match) {
let size = parseInt(match[1]);
assertArgument(size !== 0 && size <= 32, "invalid bytes length", "param", param);
return new FixedBytesCoder(size,;
assertArgument(false, "invalid type", "type", param.type);
* Get the default values for the given %%types%%.
* For example, a ``uint`` is by default ``0`` and ``bool``
* is by default ``false``.
getDefaultValue(types) {
const coders = => this.#getCoder(ParamType.from(type)));
const coder = new TupleCoder(coders, "_");
return coder.defaultValue();
* Encode the %%values%% as the %%types%% into ABI data.
* @returns DataHexstring
encode(types, values) {
assertArgumentCount(values.length, types.length, "types/values length mismatch");
const coders = => this.#getCoder(ParamType.from(type)));
const coder = (new TupleCoder(coders, "_"));
const writer = new Writer();
coder.encode(writer, values);
* Decode the ABI %%data%% as the %%types%% into values.
* If %%loose%% decoding is enabled, then strict padding is
* not enforced. Some older versions of Solidity incorrectly
* padded event data emitted from ``external`` functions.
decode(types, data, loose) {
const coders = => this.#getCoder(ParamType.from(type)));
const coder = new TupleCoder(coders, "_");
return coder.decode(new Reader(data, loose));
* Returns the shared singleton instance of a default [[AbiCoder]].
* On the first call, the instance is created internally.
static defaultAbiCoder() {
if (defaultCoder == null) {
defaultCoder = new AbiCoder();
return defaultCoder;
* Returns an ethers-compatible [[CallExceptionError]] Error for the given
* result %%data%% for the [[CallExceptionAction]] %%action%% against
* the Transaction %%tx%%.
static getBuiltinCallException(action, tx, data) {
return getBuiltinCallException(action, tx, data, AbiCoder.defaultAbiCoder());
* About bytes32 strings...
* @_docloc: api/utils:Bytes32 Strings
* Encodes %%text%% as a Bytes32 string.
function encodeBytes32String(text) {
// Get the bytes
const bytes = toUtf8Bytes(text);
// Check we have room for null-termination
if (bytes.length > 31) {
throw new Error("bytes32 string must be less than 32 bytes");
// Zero-pad (implicitly null-terminates)
return zeroPadBytes(bytes, 32);
* Encodes the Bytes32-encoded %%bytes%% into a string.
function decodeBytes32String(_bytes) {
const data = getBytes(_bytes, "bytes");
// Must be 32 bytes with a null-termination
if (data.length !== 32) {
throw new Error("invalid bytes32 - not 32 bytes long");
if (data[31] !== 0) {
throw new Error("invalid bytes32 string - no null terminator");
// Find the null termination
let length = 31;
while (data[length - 1] === 0) {
// Determine the string value
return toUtf8String(data.slice(0, length));
* About Interface
* @_subsection api/abi:Interfaces [interfaces]
class LogDescription {
constructor(fragment, topic, args) {
const name =, signature = fragment.format();
defineProperties(this, {
fragment, name, signature, topic, args
class TransactionDescription {
constructor(fragment, selector, args, value) {
const name =, signature = fragment.format();
defineProperties(this, {
fragment, name, args, signature, selector, value
class ErrorDescription {
constructor(fragment, selector, args) {
const name =, signature = fragment.format();
defineProperties(this, {
fragment, name, args, signature, selector
class Indexed {
static isIndexed(value) {
return !!(value && value._isIndexed);
constructor(hash) {
defineProperties(this, { hash, _isIndexed: true });
const PanicReasons = {
"0": "generic panic",
"1": "assert(false)",
"17": "arithmetic overflow",
"18": "division or modulo by zero",
"33": "enum overflow",
"34": "invalid encoded storage byte array accessed",
"49": "out-of-bounds array access; popping on an empty array",
"50": "out-of-bounds access of an array or bytesN",
"65": "out of memory",
"81": "uninitialized function",
const BuiltinErrors = {
"0x08c379a0": {
signature: "Error(string)",
name: "Error",
inputs: ["string"],
reason: (message) => {
return `reverted with reason string ${JSON.stringify(message)}`;
"0x4e487b71": {
signature: "Panic(uint256)",
name: "Panic",
inputs: ["uint256"],
reason: (code) => {
let reason = "unknown panic code";
if (code >= 0 && code <= 0xff && PanicReasons[code.toString()]) {
reason = PanicReasons[code.toString()];
return `reverted with panic code 0x${code.toString(16)} (${reason})`;
* An Interface abstracts many of the low-level details for
* encoding and decoding the data on the blockchain.
* An ABI provides information on how to encode data to send to
* a Contract, how to decode the results and events and how to
* interpret revert errors.
* The ABI can be specified by [any supported format](InterfaceAbi).
class Interface {
* All the Contract ABI members (i.e. methods, events, errors, etc).
* The Contract constructor.
* The Fallback method, if any.
* If receiving ether is supported.
// #structs: Map<string, StructFragment>;
* Create a new Interface for the %%fragments%%.
constructor(fragments) {
let abi = [];
if (typeof (fragments) === "string") {
abi = JSON.parse(fragments);
else {
abi = fragments;
this.#functions = new Map();
this.#errors = new Map();
this.#events = new Map();
// this.#structs = new Map();
const frags = [];
for (const a of abi) {
try {
catch (error) {
console.log("EE", error);
defineProperties(this, {
fragments: Object.freeze(frags)
let fallback = null;
let receive = false;
this.#abiCoder = this.getAbiCoder();
// Add all fragments by their signature
this.fragments.forEach((fragment, index) => {
let bucket;
switch (fragment.type) {
case "constructor":
if (this.deploy) {
console.log("duplicate definition - constructor");
//checkNames(fragment, "input", fragment.inputs);
defineProperties(this, { deploy: fragment });
case "fallback":
if (fragment.inputs.length === 0) {
receive = true;
else {
assertArgument(!fallback || fragment.payable !== fallback.payable, "conflicting fallback fragments", `fragments[${index}]`, fragment);
fallback = fragment;
receive = fallback.payable;
case "function":
//checkNames(fragment, "input", fragment.inputs);
//checkNames(fragment, "output", (<FunctionFragment>fragment).outputs);
bucket = this.#functions;
case "event":
//checkNames(fragment, "input", fragment.inputs);
bucket = this.#events;
case "error":
bucket = this.#errors;
// Two identical entries; ignore it
const signature = fragment.format();
if (bucket.has(signature)) {
bucket.set(signature, fragment);
// If we do not have a constructor add a default
if (!this.deploy) {
defineProperties(this, {
deploy: ConstructorFragment.from("constructor()")
defineProperties(this, { fallback, receive });
* Returns the entire Human-Readable ABI, as an array of
* signatures, optionally as %%minimal%% strings, which
* removes parameter names and unneceesary spaces.
format(minimal) {
const format = (minimal ? "minimal" : "full");
const abi = => f.format(format));
return abi;
* Return the JSON-encoded ABI. This is the format Solidiy
* returns.
formatJson() {
const abi = => f.format("json"));
// We need to re-bundle the JSON fragments a bit
return JSON.stringify( => JSON.parse(j)));
* The ABI coder that will be used to encode and decode binary
* data.
getAbiCoder() {
return AbiCoder.defaultAbiCoder();
// Find a function definition by any means necessary (unless it is ambiguous)
#getFunction(key, values, forceUnique) {
// Selector
if (isHexString(key)) {
const selector = key.toLowerCase();
for (const fragment of this.#functions.values()) {
if (selector === fragment.selector) {
return fragment;
return null;
// It is a bare name, look up the function (will return null if ambiguous)
if (key.indexOf("(") === -1) {
const matching = [];
for (const [name, fragment] of this.#functions) {
if (name.split("(" /* fix:) */)[0] === key) {
if (values) {
const lastValue = (values.length > 0) ? values[values.length - 1] : null;
let valueLength = values.length;
let allowOptions = true;
if (Typed.isTyped(lastValue) && lastValue.type === "overrides") {
allowOptions = false;
// Remove all matches that don't have a compatible length. The args
// may contain an overrides, so the match may have n or n - 1 parameters
for (let i = matching.length - 1; i >= 0; i--) {
const inputs = matching[i].inputs.length;
if (inputs !== valueLength && (!allowOptions || inputs !== valueLength - 1)) {
matching.splice(i, 1);
// Remove all matches that don't match the Typed signature
for (let i = matching.length - 1; i >= 0; i--) {
const inputs = matching[i].inputs;
for (let j = 0; j < values.length; j++) {
// Not a typed value
if (!Typed.isTyped(values[j])) {
// We are past the inputs
if (j >= inputs.length) {
if (values[j].type === "overrides") {
matching.splice(i, 1);
// Make sure the value type matches the input type
if (values[j].type !== inputs[j].baseType) {
matching.splice(i, 1);
// We found a single matching signature with an overrides, but the
// last value is something that cannot possibly be an options
if (matching.length === 1 && values && values.length !== matching[0].inputs.length) {
const lastArg = values[values.length - 1];
if (lastArg == null || Array.isArray(lastArg) || typeof (lastArg) !== "object") {
matching.splice(0, 1);
if (matching.length === 0) {
return null;
if (matching.length > 1 && forceUnique) {
const matchStr = => JSON.stringify(m.format())).join(", ");
assertArgument(false, `ambiguous function description (i.e. matches ${matchStr})`, "key", key);
return matching[0];
// Normalize the signature and lookup the function
const result = this.#functions.get(FunctionFragment.from(key).format());
if (result) {
return result;
return null;
* Get the function name for %%key%%, which may be a function selector,
* function name or function signature that belongs to the ABI.
getFunctionName(key) {
const fragment = this.#getFunction(key, null, false);
assertArgument(fragment, "no matching function", "key", key);
* Get the [[FunctionFragment]] for %%key%%, which may be a function
* selector, function name or function signature that belongs to the ABI.
* If %%values%% is provided, it will use the Typed API to handle
* ambiguous cases where multiple functions match by name.
* If the %%key%% and %%values%% do not refine to a single function in
* the ABI, this will throw.
getFunction(key, values) {
return this.#getFunction(key, values || null, true);
* Iterate over all functions, calling %%callback%%, sorted by their name.
forEachFunction(callback) {
const names = Array.from(this.#functions.keys());
names.sort((a, b) => a.localeCompare(b));
for (let i = 0; i < names.length; i++) {
const name = names[i];
callback((this.#functions.get(name)), i);
// Find an event definition by any means necessary (unless it is ambiguous)
#getEvent(key, values, forceUnique) {
// EventTopic
if (isHexString(key)) {
const eventTopic = key.toLowerCase();
for (const fragment of this.#events.values()) {
if (eventTopic === fragment.topicHash) {
return fragment;
return null;
// It is a bare name, look up the function (will return null if ambiguous)
if (key.indexOf("(") === -1) {
const matching = [];
for (const [name, fragment] of this.#events) {
if (name.split("(" /* fix:) */)[0] === key) {
if (values) {
// Remove all matches that don't have a compatible length.
for (let i = matching.length - 1; i >= 0; i--) {
if (matching[i].inputs.length < values.length) {
matching.splice(i, 1);
// Remove all matches that don't match the Typed signature
for (let i = matching.length - 1; i >= 0; i--) {
const inputs = matching[i].inputs;
for (let j = 0; j < values.length; j++) {
// Not a typed value
if (!Typed.isTyped(values[j])) {
// Make sure the value type matches the input type
if (values[j].type !== inputs[j].baseType) {
matching.splice(i, 1);
if (matching.length === 0) {
return null;
if (matching.length > 1 && forceUnique) {
const matchStr = => JSON.stringify(m.format())).join(", ");
assertArgument(false, `ambiguous event description (i.e. matches ${matchStr})`, "key", key);
return matching[0];
// Normalize the signature and lookup the function
const result = this.#events.get(EventFragment.from(key).format());
if (result) {
return result;
return null;
* Get the event name for %%key%%, which may be a topic hash,
* event name or event signature that belongs to the ABI.
getEventName(key) {
const fragment = this.#getEvent(key, null, false);
assertArgument(fragment, "no matching event", "key", key);
* Get the [[EventFragment]] for %%key%%, which may be a topic hash,
* event name or event signature that belongs to the ABI.
* If %%values%% is provided, it will use the Typed API to handle
* ambiguous cases where multiple events match by name.
* If the %%key%% and %%values%% do not refine to a single event in
* the ABI, this will throw.
getEvent(key, values) {
return this.#getEvent(key, values || null, true);
* Iterate over all events, calling %%callback%%, sorted by their name.
forEachEvent(callback) {
const names = Array.from(this.#events.keys());
names.sort((a, b) => a.localeCompare(b));
for (let i = 0; i < names.length; i++) {
const name = names[i];
callback((this.#events.get(name)), i);
* Get the [[ErrorFragment]] for %%key%%, which may be an error
* selector, error name or error signature that belongs to the ABI.
* If %%values%% is provided, it will use the Typed API to handle
* ambiguous cases where multiple errors match by name.
* If the %%key%% and %%values%% do not refine to a single error in
* the ABI, this will throw.
getError(key, values) {
if (isHexString(key)) {
const selector = key.toLowerCase();
if (BuiltinErrors[selector]) {
return ErrorFragment.from(BuiltinErrors[selector].signature);
for (const fragment of this.#errors.values()) {
if (selector === fragment.selector) {
return fragment;
return null;
// It is a bare name, look up the function (will return null if ambiguous)
if (key.indexOf("(") === -1) {
const matching = [];
for (const [name, fragment] of this.#errors) {
if (name.split("(" /* fix:) */)[0] === key) {
if (matching.length === 0) {
if (key === "Error") {
return ErrorFragment.from("error Error(string)");
if (key === "Panic") {
return ErrorFragment.from("error Panic(uint256)");
return null;
else if (matching.length > 1) {
const matchStr = => JSON.stringify(m.format())).join(", ");
assertArgument(false, `ambiguous error description (i.e. ${matchStr})`, "name", key);
return matching[0];
// Normalize the signature and lookup the function
key = ErrorFragment.from(key).format();
if (key === "Error(string)") {
return ErrorFragment.from("error Error(string)");
if (key === "Panic(uint256)") {
return ErrorFragment.from("error Panic(uint256)");
const result = this.#errors.get(key);
if (result) {
return result;
return null;
* Iterate over all errors, calling %%callback%%, sorted by their name.
forEachError(callback) {
const names = Array.from(this.#errors.keys());
names.sort((a, b) => a.localeCompare(b));
for (let i = 0; i < names.length; i++) {
const name = names[i];
callback((this.#errors.get(name)), i);
// Get the 4-byte selector used by Solidity to identify a function
getSelector(fragment: ErrorFragment | FunctionFragment): string {
if (typeof(fragment) === "string") {
const matches: Array<Fragment> = [ ];
try { matches.push(this.getFunction(fragment)); } catch (error) { }
try { matches.push(this.getError(<string>fragment)); } catch (_) { }
if (matches.length === 0) {
logger.throwArgumentError("unknown fragment", "key", fragment);
} else if (matches.length > 1) {
logger.throwArgumentError("ambiguous fragment matches function and error", "key", fragment);
fragment = matches[0];
return dataSlice(id(fragment.format()), 0, 4);
// Get the 32-byte topic hash used by Solidity to identify an event
getEventTopic(fragment: EventFragment): string {
//if (typeof(fragment) === "string") { fragment = this.getEvent(eventFragment); }
return id(fragment.format());
_decodeParams(params, data) {
return this.#abiCoder.decode(params, data);
_encodeParams(params, values) {
return this.#abiCoder.encode(params, values);
* Encodes a ```` object for deploying the Contract with
* the %%values%% as the constructor arguments.
encodeDeploy(values) {
return this._encodeParams(this.deploy.inputs, values || []);
* Decodes the result %%data%% (e.g. from an ``eth_call``) for the
* specified error (see [[getError]] for valid values for
* %%key%%).
* Most developers should prefer the [[parseCallResult]] method instead,
* which will automatically detect a ``CALL_EXCEPTION`` and throw the
* corresponding error.
decodeErrorResult(fragment, data) {
if (typeof (fragment) === "string") {
const f = this.getError(fragment);
assertArgument(f, "unknown error", "fragment", fragment);
fragment = f;
assertArgument(dataSlice(data, 0, 4) === fragment.selector, `data signature does not match error ${}.`, "data", data);
return this._decodeParams(fragment.inputs, dataSlice(data, 4));
* Encodes the transaction revert data for a call result that
* reverted from the the Contract with the sepcified %%error%%
* (see [[getError]] for valid values for %%fragment%%) with the %%values%%.
* This is generally not used by most developers, unless trying to mock
* a result from a Contract.
encodeErrorResult(fragment, values) {
if (typeof (fragment) === "string") {
const f = this.getError(fragment);
assertArgument(f, "unknown error", "fragment", fragment);
fragment = f;
return concat([
this._encodeParams(fragment.inputs, values || [])
* Decodes the %%data%% from a transaction ```` for
* the function specified (see [[getFunction]] for valid values
* for %%fragment%%).
* Most developers should prefer the [[parseTransaction]] method
* instead, which will automatically detect the fragment.
decodeFunctionData(fragment, data) {
if (typeof (fragment) === "string") {
const f = this.getFunction(fragment);
assertArgument(f, "unknown function", "fragment", fragment);
fragment = f;
assertArgument(dataSlice(data, 0, 4) === fragment.selector, `data signature does not match function ${}.`, "data", data);
return this._decodeParams(fragment.inputs, dataSlice(data, 4));
* Encodes the ```` for a transaction that calls the function
* specified (see [[getFunction]] for valid values for %%fragment%%) with
* the %%values%%.
encodeFunctionData(fragment, values) {
if (typeof (fragment) === "string") {
const f = this.getFunction(fragment);
assertArgument(f, "unknown function", "fragment", fragment);
fragment = f;
return concat([
this._encodeParams(fragment.inputs, values || [])
* Decodes the result %%data%% (e.g. from an ``eth_call``) for the
* specified function (see [[getFunction]] for valid values for
* %%key%%).
* Most developers should prefer the [[parseCallResult]] method instead,
* which will automatically detect a ``CALL_EXCEPTION`` and throw the
* corresponding error.
decodeFunctionResult(fragment, data) {
if (typeof (fragment) === "string") {
const f = this.getFunction(fragment);
assertArgument(f, "unknown function", "fragment", fragment);
fragment = f;
let message = "invalid length for result data";
const bytes = getBytesCopy(data);
if ((bytes.length % 32) === 0) {
try {
return this.#abiCoder.decode(fragment.outputs, bytes);
catch (error) {
message = "could not decode result data";
// Call returned data with no error, but the data is junk
assert$1(false, message, "BAD_DATA", {
value: hexlify(bytes),
info: { method:, signature: fragment.format() }
makeError(_data, tx) {
const data = getBytes(_data, "data");
const error = AbiCoder.getBuiltinCallException("call", tx, data);
// Not a built-in error; try finding a custom error
const customPrefix = "execution reverted (unknown custom error)";
if (error.message.startsWith(customPrefix)) {
const selector = hexlify(data.slice(0, 4));
const ef = this.getError(selector);
if (ef) {
try {
const args = this.#abiCoder.decode(ef.inputs, data.slice(4));
error.revert = {
name:, signature: ef.format(), args
error.reason = error.revert.signature;
error.message = `execution reverted: ${error.reason}`;
catch (e) {
error.message = `execution reverted (coult not decode custom error)`;
// Add the invocation, if available
const parsed = this.parseTransaction(tx);
if (parsed) {
error.invocation = {
signature: parsed.signature,
args: parsed.args
return error;
* Encodes the result data (e.g. from an ``eth_call``) for the
* specified function (see [[getFunction]] for valid values
* for %%fragment%%) with %%values%%.
* This is generally not used by most developers, unless trying to mock
* a result from a Contract.
encodeFunctionResult(fragment, values) {
if (typeof (fragment) === "string") {
const f = this.getFunction(fragment);
assertArgument(f, "unknown function", "fragment", fragment);
fragment = f;
return hexlify(this.#abiCoder.encode(fragment.outputs, values || []));
spelunk(inputs: Array<ParamType>, values: ReadonlyArray<any>, processfunc: (type: string, value: any) => Promise<any>): Promise<Array<any>> {
const promises: Array<Promise<>> = [ ];
const process = function(type: ParamType, value: any): any {
if (type.baseType === "array") {
return descend(type.child
if (type. === "address") {
const descend = function (inputs: Array<ParamType>, values: ReadonlyArray<any>) {
if (inputs.length !== values.length) { throw new Error("length mismatch"); }
const result: Array<any> = [ ];
values.forEach((value, index) => {
if (value == null) {
} else if (param.baseType === "array" || param.baseType === "tuple") {
logger.throwArgumentError("filtering with tuples or arrays not supported", ("contract." +, value);
} else if (Array.isArray(value)) {
topics.push( => encodeTopic(param, value)));
} else {
topics.push(encodeTopic(param, value));
// Create the filter for the event with search criteria (e.g. for eth_filterLog)
encodeFilterTopics(fragment, values) {
if (typeof (fragment) === "string") {
const f = this.getEvent(fragment);
assertArgument(f, "unknown event", "eventFragment", fragment);
fragment = f;
assert$1(values.length <= fragment.inputs.length, `too many arguments for ${fragment.format()}`, "UNEXPECTED_ARGUMENT", { count: values.length, expectedCount: fragment.inputs.length });
const topics = [];
if (!fragment.anonymous) {
// @TODO: Use the coders for this; to properly support tuples, etc.
const encodeTopic = (param, value) => {
if (param.type === "string") {
return id(value);
else if (param.type === "bytes") {
return keccak256(hexlify(value));
if (param.type === "bool" && typeof (value) === "boolean") {
value = (value ? "0x01" : "0x00");
if (param.type.match(/^u?int/)) {
value = toBeHex(value);
// Check addresses are valid
if (param.type === "address") {
this.#abiCoder.encode(["address"], [value]);
return zeroPadValue(hexlify(value), 32);
//@TOOD should probably be return toHex(value, 32)
values.forEach((value, index) => {
const param = fragment.inputs[index];
if (!param.indexed) {
assertArgument(value == null, "cannot filter non-indexed parameters; must be null", ("contract." +, value);
if (value == null) {
else if (param.baseType === "array" || param.baseType === "tuple") {
assertArgument(false, "filtering with tuples or arrays not supported", ("contract." +, value);
else if (Array.isArray(value)) {
topics.push( => encodeTopic(param, value)));
else {
topics.push(encodeTopic(param, value));
// Trim off trailing nulls
while (topics.length && topics[topics.length - 1] === null) {
return topics;
encodeEventLog(fragment, values) {
if (typeof (fragment) === "string") {
const f = this.getEvent(fragment);
assertArgument(f, "unknown event", "eventFragment", fragment);
fragment = f;
const topics = [];
const dataTypes = [];
const dataValues = [];
if (!fragment.anonymous) {
assertArgument(values.length === fragment.inputs.length, "event arguments/values mismatch", "values", values);
fragment.inputs.forEach((param, index) => {
const value = values[index];
if (param.indexed) {
if (param.type === "string") {
else if (param.type === "bytes") {
else if (param.baseType === "tuple" || param.baseType === "array") {
// @TODO
throw new Error("not implemented");
else {
topics.push(this.#abiCoder.encode([param.type], [value]));
else {
return {
data: this.#abiCoder.encode(dataTypes, dataValues),
topics: topics
// Decode a filter for the event and the search criteria
decodeEventLog(fragment, data, topics) {
if (typeof (fragment) === "string") {
const f = this.getEvent(fragment);
assertArgument(f, "unknown event", "eventFragment", fragment);
fragment = f;
if (topics != null && !fragment.anonymous) {
const eventTopic = fragment.topicHash;
assertArgument(isHexString(topics[0], 32) && topics[0].toLowerCase() === eventTopic, "fragment/topic mismatch", "topics[0]", topics[0]);
topics = topics.slice(1);
const indexed = [];
const nonIndexed = [];
const dynamic = [];
fragment.inputs.forEach((param, index) => {
if (param.indexed) {
if (param.type === "string" || param.type === "bytes" || param.baseType === "tuple" || param.baseType === "array") {
indexed.push(ParamType.from({ type: "bytes32", name: }));
else {
else {
const resultIndexed = (topics != null) ? this.#abiCoder.decode(indexed, concat(topics)) : null;
const resultNonIndexed = this.#abiCoder.decode(nonIndexed, data, true);
//const result: (Array<any> & { [ key: string ]: any }) = [ ];
const values = [];
const keys = [];
let nonIndexedIndex = 0, indexedIndex = 0;
fragment.inputs.forEach((param, index) => {
let value = null;
if (param.indexed) {
if (resultIndexed == null) {
value = new Indexed(null);
else if (dynamic[index]) {
value = new Indexed(resultIndexed[indexedIndex++]);
else {
try {
value = resultIndexed[indexedIndex++];
catch (error) {
value = error;
else {
try {
value = resultNonIndexed[nonIndexedIndex++];
catch (error) {
value = error;
keys.push( || null);
return Result.fromItems(values, keys);
* Parses a transaction, finding the matching function and extracts
* the parameter values along with other useful function details.
* If the matching function cannot be found, return null.
parseTransaction(tx) {
const data = getBytes(, "");
const value = getBigInt((tx.value != null) ? tx.value : 0, "tx.value");
const fragment = this.getFunction(hexlify(data.slice(0, 4)));
if (!fragment) {
return null;
const args = this.#abiCoder.decode(fragment.inputs, data.slice(4));
return new TransactionDescription(fragment, fragment.selector, args, value);
parseCallResult(data) {
throw new Error("@TODO");
* Parses a receipt log, finding the matching event and extracts
* the parameter values along with other useful event details.
* If the matching event cannot be found, returns null.
parseLog(log) {
const fragment = this.getEvent(log.topics[0]);
if (!fragment || fragment.anonymous) {
return null;
// @TODO: If anonymous, and the only method, and the input count matches, should we parse?
// Probably not, because just because it is the only event in the ABI does
// not mean we have the full ABI; maybe just a fragment?
return new LogDescription(fragment, fragment.topicHash, this.decodeEventLog(fragment,, log.topics));
* Parses a revert data, finding the matching error and extracts
* the parameter values along with other useful error details.
* If the matching event cannot be found, returns null.
parseError(data) {
const hexData = hexlify(data);
const fragment = this.getError(dataSlice(hexData, 0, 4));
if (!fragment) {
return null;
const args = this.#abiCoder.decode(fragment.inputs, dataSlice(hexData, 4));
return new ErrorDescription(fragment, fragment.selector, args);
* Creates a new [[Interface]] from the ABI %%value%%.
* The %%value%% may be provided as an existing [[Interface]] object,
* a JSON-encoded ABI or any Human-Readable ABI format.
static from(value) {
// Already an Interface, which is immutable
if (value instanceof Interface) {
return value;
if (typeof (value) === "string") {
return new Interface(JSON.parse(value));
// Maybe an interface from an older version, or from a symlinked copy
if (typeof (value.format) === "function") {
return new Interface(value.format("json"));
// Array of fragments
return new Interface(value);
* Explain about ABI here...
* @_section api/abi:Application Binary Interface [about-abi]
* @_navTitle: ABI
//import { resolveAddress } from "@ethersproject/address";
const BN_0$2 = BigInt(0);
// -----------------------
function getValue(value) {
if (value == null) {
return null;
return value;
function toJson(value) {
if (value == null) {
return null;
return value.toString();
// @TODO? <T extends FeeData = { }> implements Required<T>
* A **FeeData** wraps all the fee-related values associated with
* the network.
class FeeData {
* The gas price for legacy networks.
* The maximum fee to pay per gas.
* The base fee per gas is defined by the network and based on
* congestion, increasing the cost during times of heavy load
* and lowering when less busy.
* The actual fee per gas will be the base fee for the block
* and the priority fee, up to the max fee per gas.
* This will be ``null`` on legacy networks (i.e. [pre-EIP-1559](link-eip-1559))
* The additional amout to pay per gas to encourage a validator
* to include the transaction.
* The purpose of this is to compensate the validator for the
* adjusted risk for including a given transaction.
* This will be ``null`` on legacy networks (i.e. [pre-EIP-1559](link-eip-1559))
* Creates a new FeeData for %%gasPrice%%, %%maxFeePerGas%% and
* %%maxPriorityFeePerGas%%.
constructor(gasPrice, maxFeePerGas, maxPriorityFeePerGas) {
defineProperties(this, {
gasPrice: getValue(gasPrice),
maxFeePerGas: getValue(maxFeePerGas),
maxPriorityFeePerGas: getValue(maxPriorityFeePerGas)
* Returns a JSON-friendly value.
toJSON() {
const { gasPrice, maxFeePerGas, maxPriorityFeePerGas } = this;
return {
_type: "FeeData",
gasPrice: toJson(gasPrice),
maxFeePerGas: toJson(maxFeePerGas),
maxPriorityFeePerGas: toJson(maxPriorityFeePerGas),
function copyRequest(req) {
const result = {};
// These could be addresses, ENS names or Addressables
if ( { =;
if (req.from) {
result.from = req.from;
if ( { = hexlify(;
const bigIntKeys = "chainId,gasLimit,gasPrice,maxFeePerGas,maxPriorityFeePerGas,value".split(/,/);
for (const key of bigIntKeys) {
if (!(key in req) || req[key] == null) {
result[key] = getBigInt(req[key], `request.${key}`);
const numberKeys = "type,nonce".split(/,/);
for (const key of numberKeys) {
if (!(key in req) || req[key] == null) {
result[key] = getNumber(req[key], `request.${key}`);
if (req.accessList) {
result.accessList = accessListify(req.accessList);
if ("blockTag" in req) {
result.blockTag = req.blockTag;
if ("enableCcipRead" in req) {
result.enableCcipReadEnabled = !!req.enableCcipRead;
if ("customData" in req) {
result.customData = req.customData;
return result;
* A **Block** represents the data associated with a full block on
* Ethereum.
class Block {
* The provider connected to the block used to fetch additional details
* if necessary.
* The block number, sometimes called the block height. This is a
* sequential number that is one higher than the parent block.
* The block hash.
* The timestamp for this block, which is the number of seconds since
* epoch that this block was included.
* The block hash of the parent block.
* The nonce.
* On legacy networks, this is the random number inserted which
* permitted the difficulty target to be reached.
* The difficulty target.
* On legacy networks, this is the proof-of-work target required
* for a block to meet the protocol rules to be included.
* On modern networks, this is a random number arrived at using
* randao. @TODO: Find links?
* The total gas limit for this block.
* The total gas used in this block.
* The miner coinbase address, wihch receives any subsidies for
* including this block.
* Any extra data the validator wished to include.
* The base fee per gas that all transactions in this block were
* charged.
* This adjusts after each block, depending on how congested the network
* is.
* Create a new **Block** object.
* This should generally not be necessary as the unless implementing a
* low-level library.
constructor(block, provider) {
this.#transactions = => {
if (typeof (tx) !== "string") {
return new TransactionResponse(tx, provider);
return tx;
defineProperties(this, {
hash: getValue(block.hash),
number: block.number,
timestamp: block.timestamp,
parentHash: block.parentHash,
nonce: block.nonce,
difficulty: block.difficulty,
gasLimit: block.gasLimit,
gasUsed: block.gasUsed,
miner: block.miner,
extraData: block.extraData,
baseFeePerGas: getValue(block.baseFeePerGas)
* Returns the list of transaction hashes.
get transactions() {
return => {
if (typeof (tx) === "string") {
return tx;
return tx.hash;
* Returns the complete transactions for blocks which
* prefetched them, by passing ``true`` to %%prefetchTxs%%
* into [[provider_getBlock]].
get prefetchedTransactions() {
const txs = this.#transactions.slice();
// Doesn't matter...
if (txs.length === 0) {
return [];
// Make sure we prefetched the transactions
assert$1(typeof (txs[0]) === "object", "transactions were not prefetched with block request", "UNSUPPORTED_OPERATION", {
operation: "transactionResponses()"
return txs;
* Returns a JSON-friendly value.
toJSON() {
const { baseFeePerGas, difficulty, extraData, gasLimit, gasUsed, hash, miner, nonce, number, parentHash, timestamp, transactions } = this;
return {
_type: "Block",
baseFeePerGas: toJson(baseFeePerGas),
difficulty: toJson(difficulty),
gasLimit: toJson(gasLimit),
gasUsed: toJson(gasUsed),
hash, miner, nonce, number, parentHash, timestamp,
[Symbol.iterator]() {
let index = 0;
const txs = this.transactions;
return {
next: () => {
if (index < this.length) {
return {
value: txs[index++], done: false
return { value: undefined, done: true };
* The number of transactions in this block.
get length() { return this.#transactions.length; }
* The [[link-js-date]] this block was included at.
get date() {
if (this.timestamp == null) {
return null;
return new Date(this.timestamp * 1000);
* Get the transaction at %%indexe%% within this block.
async getTransaction(indexOrHash) {
// Find the internal value by its index or hash
let tx = undefined;
if (typeof (indexOrHash) === "number") {
tx = this.#transactions[indexOrHash];
else {
const hash = indexOrHash.toLowerCase();
for (const v of this.#transactions) {
if (typeof (v) === "string") {
if (v !== hash) {
tx = v;
else {
if (v.hash === hash) {
tx = v;
if (tx == null) {
throw new Error("no such tx");
if (typeof (tx) === "string") {
return (await this.provider.getTransaction(tx));
else {
return tx;
getPrefetchedTransaction(indexOrHash) {
const txs = this.prefetchedTransactions;
if (typeof (indexOrHash) === "number") {
return txs[indexOrHash];
indexOrHash = indexOrHash.toLowerCase();
for (const tx of txs) {
if (tx.hash === indexOrHash) {
return tx;
assertArgument(false, "no matching transaction", "indexOrHash", indexOrHash);
* Has this block been mined.
* If true, the block has been typed-gaurded that all mined
* properties are non-null.
isMined() { return !!this.hash; }
isLondon() {
return !!this.baseFeePerGas;
orphanedEvent() {
if (!this.isMined()) {
throw new Error("");
return createOrphanedBlockFilter(this);
// Log
class Log {
constructor(log, provider) {
this.provider = provider;
const topics = Object.freeze(log.topics.slice());
defineProperties(this, {
transactionHash: log.transactionHash,
blockHash: log.blockHash,
blockNumber: log.blockNumber,
removed: log.removed,
address: log.address,
index: log.index,
transactionIndex: log.transactionIndex,
toJSON() {
const { address, blockHash, blockNumber, data, index, removed, topics, transactionHash, transactionIndex } = this;
return {
_type: "log",
address, blockHash, blockNumber, data, index,
removed, topics, transactionHash, transactionIndex
async getBlock() {
const block = await this.provider.getBlock(this.blockHash);
assert$1(!!block, "failed to find transaction", "UNKNOWN_ERROR", {});
return block;
async getTransaction() {
const tx = await this.provider.getTransaction(this.transactionHash);
assert$1(!!tx, "failed to find transaction", "UNKNOWN_ERROR", {});
return tx;
async getTransactionReceipt() {
const receipt = await this.provider.getTransactionReceipt(this.transactionHash);
assert$1(!!receipt, "failed to find transaction receipt", "UNKNOWN_ERROR", {});
return receipt;
removedEvent() {
return createRemovedLogFilter(this);
// Transaction Receipt
export interface LegacyTransactionReceipt {
byzantium: false;
status: null;
root: string;
export interface ByzantiumTransactionReceipt {
byzantium: true;
status: number;
root: null;
class TransactionReceipt {
//readonly byzantium!: boolean;
constructor(tx, provider) {
this.#logs = Object.freeze( => {
return new Log(log, provider);
defineProperties(this, {
from: tx.from,
contractAddress: tx.contractAddress,
hash: tx.hash,
index: tx.index,
blockHash: tx.blockHash,
blockNumber: tx.blockNumber,
logsBloom: tx.logsBloom,
gasUsed: tx.gasUsed,
cumulativeGasUsed: tx.cumulativeGasUsed,
gasPrice: (tx.effectiveGasPrice || tx.gasPrice),
type: tx.type,
//byzantium: tx.byzantium,
status: tx.status,
root: tx.root
get logs() { return this.#logs; }
toJSON() {
const { to, from, contractAddress, hash, index, blockHash, blockNumber, logsBloom, logs, //byzantium,
status, root } = this;
return {
_type: "TransactionReceipt",
blockHash, blockNumber,
cumulativeGasUsed: toJson(this.cumulativeGasUsed),
gasPrice: toJson(this.gasPrice),
gasUsed: toJson(this.gasUsed),
hash, index, logs, logsBloom, root, status, to
get length() { return this.logs.length; }
[Symbol.iterator]() {
let index = 0;
return {
next: () => {
if (index < this.length) {
return { value: this.logs[index++], done: false };
return { value: undefined, done: true };
get fee() {
return this.gasUsed * this.gasPrice;
async getBlock() {
const block = await this.provider.getBlock(this.blockHash);
if (block == null) {
throw new Error("TODO");
return block;
async getTransaction() {
const tx = await this.provider.getTransaction(this.hash);
if (tx == null) {
throw new Error("TODO");
return tx;
async getResult() {
return (await this.provider.getTransactionResult(this.hash));
async confirmations() {
return (await this.provider.getBlockNumber()) - this.blockNumber + 1;
removedEvent() {
return createRemovedTransactionFilter(this);
reorderedEvent(other) {
assert$1(!other || other.isMined(), "unmined 'other' transction cannot be orphaned", "UNSUPPORTED_OPERATION", { operation: "reorderedEvent(other)" });
return createReorderedTransactionFilter(this, other);
export type ReplacementDetectionSetup = {
to: string;
from: string;
value: bigint;
data: string;
nonce: number;
block: number;
class TransactionResponse {
constructor(tx, provider) {
this.provider = provider;
this.blockNumber = (tx.blockNumber != null) ? tx.blockNumber : null;
this.blockHash = (tx.blockHash != null) ? tx.blockHash : null;
this.hash = tx.hash;
this.index = tx.index;
this.type = tx.type;
this.from = tx.from; = || null;
this.gasLimit = tx.gasLimit;
this.nonce = tx.nonce; =;
this.value = tx.value;
this.gasPrice = tx.gasPrice;
this.maxPriorityFeePerGas = (tx.maxPriorityFeePerGas != null) ? tx.maxPriorityFeePerGas : null;
this.maxFeePerGas = (tx.maxFeePerGas != null) ? tx.maxFeePerGas : null;
this.chainId = tx.chainId;
this.signature = tx.signature;
this.accessList = (tx.accessList != null) ? tx.accessList : null;
this.#startBlock = -1;
toJSON() {
const { blockNumber, blockHash, index, hash, type, to, from, nonce, data, signature, accessList } = this;
return {
_type: "TransactionReceipt",
accessList, blockNumber, blockHash,
chainId: toJson(this.chainId),
data, from,
gasLimit: toJson(this.gasLimit),
gasPrice: toJson(this.gasPrice),
maxFeePerGas: toJson(this.maxFeePerGas),
maxPriorityFeePerGas: toJson(this.maxPriorityFeePerGas),
nonce, signature, to, index, type,
value: toJson(this.value),
async getBlock() {
let blockNumber = this.blockNumber;
if (blockNumber == null) {
const tx = await this.getTransaction();
if (tx) {
blockNumber = tx.blockNumber;
if (blockNumber == null) {
return null;
const block = this.provider.getBlock(blockNumber);
if (block == null) {
throw new Error("TODO");
return block;
async getTransaction() {
return this.provider.getTransaction(this.hash);
async wait(_confirms, _timeout) {
const confirms = (_confirms == null) ? 1 : _confirms;
const timeout = (_timeout == null) ? 0 : _timeout;
let startBlock = this.#startBlock;
let nextScan = -1;
let stopScanning = (startBlock === -1) ? true : false;
const checkReplacement = async () => {
// Get the current transaction count for this sender
if (stopScanning) {
return null;
const { blockNumber, nonce } = await resolveProperties({
blockNumber: this.provider.getBlockNumber(),
nonce: this.provider.getTransactionCount(this.from)
// No transaction or our nonce has not been mined yet; but we
// can start scanning later when we do start
if (nonce < this.nonce) {
startBlock = blockNumber;
// We were mined; no replacement
if (stopScanning) {
return null;
const mined = await this.getTransaction();
if (mined && mined.blockNumber != null) {
// We were replaced; start scanning for that transaction
// Starting to scan; look back a few extra blocks for safety
if (nextScan === -1) {
nextScan = startBlock - 3;
if (nextScan < this.#startBlock) {
nextScan = this.#startBlock;
while (nextScan <= blockNumber) {
// Get the next block to scan
if (stopScanning) {
return null;
const block = await this.provider.getBlock(nextScan, true);
// This should not happen; but we'll try again shortly
if (block == null) {
// We were mined; no replacement
for (const hash of block) {
if (hash === this.hash) {
// Search for the transaction that replaced us
for (let i = 0; i < block.length; i++) {
const tx = await block.getTransaction(i);
if (tx.from === this.from && tx.nonce === this.nonce) {
// Get the receipt
if (stopScanning) {
return null;
const receipt = await this.provider.getTransactionReceipt(tx.hash);
// This should not happen; but we'll try again shortly
if (receipt == null) {
// We will retry this on the next block (this case could be optimized)
if ((blockNumber - receipt.blockNumber + 1) < confirms) {
// The reason we were replaced
let reason = "replaced";
if ( === && === && tx.value === this.value) {
reason = "repriced";
else if ( === "0x" && tx.from === && tx.value === BN_0$2) {
reason = "cancelled";
assert$1(false, "transaction was replaced", "TRANSACTION_REPLACED", {
cancelled: (reason === "replaced" || reason === "cancelled"),
replacement: tx.replaceableTransaction(startBlock),
hash: tx.hash,
const receipt = await this.provider.getTransactionReceipt(this.hash);
if (receipt) {
if ((await receipt.confirmations()) >= confirms) {
return receipt;
else {
// Check for a replacement; throws if a replacement was found
await checkReplacement();
// Allow null only when the confirms is 0
if (confirms === 0) {
return null;
const waiter = new Promise((resolve, reject) => {
// List of things to cancel when we have a result (one way or the other)
const cancellers = [];
const cancel = () => { cancellers.forEach((c) => c()); };
// On cancel, stop scanning for replacements
cancellers.push(() => { stopScanning = true; });
// Set up any timeout requested
if (timeout > 0) {
const timer = setTimeout(() => {
reject(makeError("wait for transaction timeout", "TIMEOUT"));
}, timeout);
cancellers.push(() => { clearTimeout(timer); });
const txListener = async (receipt) => {
// Done; return it!
if ((await receipt.confirmations()) >= confirms) {
cancellers.push(() => {, txListener); });
this.provider.on(this.hash, txListener);
// We support replacement detection; start checking
if (startBlock >= 0) {
const replaceListener = async () => {
try {
// Check for a replacement; this throws only if one is found
await checkReplacement();
catch (error) {
// We were replaced (with enough confirms); re-throw the error
if (isError(error, "TRANSACTION_REPLACED")) {
// Rescheudle a check on the next block
if (!stopScanning) {
this.provider.once("block", replaceListener);
cancellers.push(() => {"block", replaceListener); });
this.provider.once("block", replaceListener);
return await waiter;
isMined() {
return (this.blockHash != null);
isLegacy() {
return (this.type === 0);
isBerlin() {
return (this.type === 1);
isLondon() {
return (this.type === 2);
removedEvent() {
assert$1(this.isMined(), "unmined transaction canot be orphaned", "UNSUPPORTED_OPERATION", { operation: "removeEvent()" });
return createRemovedTransactionFilter(this);
reorderedEvent(other) {
assert$1(this.isMined(), "unmined transaction canot be orphaned", "UNSUPPORTED_OPERATION", { operation: "removeEvent()" });
assert$1(!other || other.isMined(), "unmined 'other' transaction canot be orphaned", "UNSUPPORTED_OPERATION", { operation: "removeEvent()" });
return createReorderedTransactionFilter(this, other);
* Returns a new TransactionResponse instance which has the ability to
* detect (and throw an error) if the transaction is replaced, which
* will begin scanning at %%startBlock%%.
* This should generally not be used by developers and is intended
* primarily for internal use. Setting an incorrect %%startBlock%% can
* have devastating performance consequences if used incorrectly.
replaceableTransaction(startBlock) {
assertArgument(Number.isInteger(startBlock) && startBlock >= 0, "invalid startBlock", "startBlock", startBlock);
const tx = new TransactionResponse(this, this.provider);
tx.#startBlock = startBlock;
return tx;
function createOrphanedBlockFilter(block) {
return { orphan: "drop-block", hash: block.hash, number: block.number };
function createReorderedTransactionFilter(tx, other) {
return { orphan: "reorder-transaction", tx, other };
function createRemovedTransactionFilter(tx) {
return { orphan: "drop-transaction", tx };
function createRemovedLogFilter(log) {
return { orphan: "drop-log", log: {
transactionHash: log.transactionHash,
blockHash: log.blockHash,
blockNumber: log.blockNumber,
address: log.address,
topics: Object.freeze(log.topics.slice()),
index: log.index
} };
// import from provider.ts instead of index.ts to prevent circular dep
class EventLog extends Log {
constructor(log, iface, fragment) {
super(log, log.provider);
const args = iface.decodeEventLog(fragment,, log.topics);
defineProperties(this, { args, fragment, interface: iface });
get eventName() { return; }
get eventSignature() { return this.fragment.format(); }
class ContractTransactionReceipt extends TransactionReceipt {
constructor(iface, provider, tx) {
super(tx, provider);
this.#interface = iface;
get logs() {
return => {
const fragment = log.topics.length ? this.#interface.getEvent(log.topics[0]) : null;
if (fragment) {
return new EventLog(log, this.#interface, fragment);
else {
return log;
class ContractTransactionResponse extends TransactionResponse {
constructor(iface, provider, tx) {
super(tx, provider);
this.#interface = iface;
async wait(confirms) {
const receipt = await super.wait();
if (receipt == null) {
return null;
return new ContractTransactionReceipt(this.#interface, this.provider, receipt);
class ContractUnknownEventPayload extends EventPayload {
constructor(contract, listener, filter, log) {
super(contract, listener, filter);
defineProperties(this, { log });
async getBlock() {
return await this.log.getBlock();
async getTransaction() {
return await this.log.getTransaction();
async getTransactionReceipt() {
return await this.log.getTransactionReceipt();
class ContractEventPayload extends ContractUnknownEventPayload {
constructor(contract, listener, filter, fragment, _log) {
super(contract, listener, filter, new EventLog(_log, contract.interface, fragment));
const args = contract.interface.decodeEventLog(fragment,, this.log.topics);
defineProperties(this, { args, fragment });
get eventName() {
get eventSignature() {
return this.fragment.format();
const BN_0$1 = BigInt(0);
function canCall(value) {
return (value && typeof ( === "function");
function canEstimate(value) {
return (value && typeof (value.estimateGas) === "function");
function canResolve(value) {
return (value && typeof (value.resolveName) === "function");
function canSend(value) {
return (value && typeof (value.sendTransaction) === "function");
class PreparedTopicFilter {
constructor(contract, fragment, args) {
defineProperties(this, { fragment });
if (fragment.inputs.length < args.length) {
throw new Error("too many arguments");
// Recursively descend into args and resolve any addresses
const runner = getRunner(contract.runner, "resolveName");
const resolver = canResolve(runner) ? runner : null;
this.#filter = (async function () {
const resolvedArgs = await Promise.all(, index) => {
const arg = args[index];
if (arg == null) {
return null;
return param.walkAsync(args[index], (type, value) => {
if (type === "address") {
return resolveAddress(value, resolver);
return value;
return contract.interface.encodeFilterTopics(fragment, resolvedArgs);
getTopicFilter() {
return this.#filter;
// A = Arguments passed in as a tuple
// R = The result type of the call (i.e. if only one return type,
// the qualified type, otherwise Result)
// D = The type the default call will return (i.e. R for view/pure,
// TransactionResponse otherwise)
//export interface ContractMethod<A extends Array<any> = Array<any>, R = any, D extends R | ContractTransactionResponse = ContractTransactionResponse> {
function _WrappedMethodBase() {
return Function;
function getRunner(value, feature) {
if (value == null) {
return null;
if (typeof (value[feature]) === "function") {
return value;
if (value.provider && typeof (value.provider[feature]) === "function") {
return value.provider;
return null;
function getProvider(value) {
if (value == null) {
return null;
return value.provider || null;
* @_ignore:
async function copyOverrides(arg, allowed) {
// Create a shallow copy (we'll deep-ify anything needed during normalizing)
const overrides = copyRequest(Typed.dereference(arg, "overrides"));
assertArgument( == null || (allowed || []).indexOf("to") >= 0, "cannot override to", "",;
assertArgument( == null || (allowed || []).indexOf("data") >= 0, "cannot override data", "",;
// Resolve any from
if (overrides.from) {
overrides.from = await resolveAddress(overrides.from);
return overrides;
* @_ignore:
async function resolveArgs(_runner, inputs, args) {
// Recursively descend into args and resolve any addresses
const runner = getRunner(_runner, "resolveName");
const resolver = canResolve(runner) ? runner : null;
return await Promise.all(, index) => {
return param.walkAsync(args[index], (type, value) => {
value = Typed.dereference(value, type);
if (type === "address") {
return resolveAddress(value, resolver);
return value;
class WrappedFallback {
constructor(contract) {
defineProperties(this, { _contract: contract });
const proxy = new Proxy(this, {
// Perform send when called
apply: async (target, thisArg, args) => {
return await target.send(...args);
return proxy;
async populateTransaction(overrides) {
// If an overrides was passed in, copy it and normalize the values
const tx = (await copyOverrides(overrides, ["data"])); = await this._contract.getAddress();
const iface = this._contract.interface;
// Only allow payable contracts to set non-zero value
const payable = iface.receive || (iface.fallback && iface.fallback.payable);
assertArgument(payable || (tx.value || BN_0$1) === BN_0$1, "cannot send value to non-payable contract", "overrides.value", tx.value);
// Only allow fallback contracts to set non-empty data
assertArgument(iface.fallback || ( || "0x") === "0x", "cannot send data to receive-only contract", "",;
return tx;
async staticCall(overrides) {
const runner = getRunner(this._contract.runner, "call");
assert$1(canCall(runner), "contract runner does not support calling", "UNSUPPORTED_OPERATION", { operation: "call" });
const tx = await this.populateTransaction(overrides);
try {
return await;
catch (error) {
if (isCallException(error) && {
throw this._contract.interface.makeError(, tx);
throw error;
async send(overrides) {
const runner = this._contract.runner;
assert$1(canSend(runner), "contract runner does not support sending transactions", "UNSUPPORTED_OPERATION", { operation: "sendTransaction" });
const tx = await runner.sendTransaction(await this.populateTransaction(overrides));
const provider = getProvider(this._contract.runner);
// @TODO: the provider can be null; make a custom dummy provider that will throw a
// meaningful error
return new ContractTransactionResponse(this._contract.interface, provider, tx);
async estimateGas(overrides) {
const runner = getRunner(this._contract.runner, "estimateGas");
assert$1(canEstimate(runner), "contract runner does not support gas estimation", "UNSUPPORTED_OPERATION", { operation: "estimateGas" });
return await runner.estimateGas(await this.populateTransaction(overrides));
class WrappedMethod extends _WrappedMethodBase() {
name = ""; // Investigate!
constructor(contract, key) {
defineProperties(this, {
name: contract.interface.getFunctionName(key),
_contract: contract, _key: key
const proxy = new Proxy(this, {
// Perform the default operation for this fragment type
apply: async (target, thisArg, args) => {
const fragment = target.getFragment(...args);
if (fragment.constant) {
return await target.staticCall(...args);
return await target.send(...args);
return proxy;
// Only works on non-ambiguous keys (refined fragment is always non-ambiguous)
get fragment() {
const fragment = this._contract.interface.getFunction(this._key);
assert$1(fragment, "no matching fragment", "UNSUPPORTED_OPERATION", {
operation: "fragment"
return fragment;
getFragment(...args) {
const fragment = this._contract.interface.getFunction(this._key, args);
assert$1(fragment, "no matching fragment", "UNSUPPORTED_OPERATION", {
operation: "fragment"
return fragment;
async populateTransaction(...args) {
const fragment = this.getFragment(...args);
// If an overrides was passed in, copy it and normalize the values
let overrides = {};
if (fragment.inputs.length + 1 === args.length) {
overrides = await copyOverrides(args.pop());
if (fragment.inputs.length !== args.length) {
throw new Error("internal error: fragment inputs doesn't match arguments; should not happen");
const resolvedArgs = await resolveArgs(this._contract.runner, fragment.inputs, args);
return Object.assign({}, overrides, await resolveProperties({
to: this._contract.getAddress(),
data: this._contract.interface.encodeFunctionData(fragment, resolvedArgs)
async staticCall(...args) {
const result = await this.staticCallResult(...args);
if (result.length === 1) {
return result[0];
return result;
async send(...args) {
const runner = this._contract.runner;
assert$1(canSend(runner), "contract runner does not support sending transactions", "UNSUPPORTED_OPERATION", { operation: "sendTransaction" });
const tx = await runner.sendTransaction(await this.populateTransaction(...args));
const provider = getProvider(this._contract.runner);
// @TODO: the provider can be null; make a custom dummy provider that will throw a
// meaningful error
return new ContractTransactionResponse(this._contract.interface, provider, tx);
async estimateGas(...args) {
const runner = getRunner(this._contract.runner, "estimateGas");
assert$1(canEstimate(runner), "contract runner does not support gas estimation", "UNSUPPORTED_OPERATION", { operation: "estimateGas" });
return await runner.estimateGas(await this.populateTransaction(...args));
async staticCallResult(...args) {
const runner = getRunner(this._contract.runner, "call");
assert$1(canCall(runner), "contract runner does not support calling", "UNSUPPORTED_OPERATION", { operation: "call" });
const tx = await this.populateTransaction(...args);
let result = "0x";
try {
result = await;
catch (error) {
if (isCallException(error) && {
throw this._contract.interface.makeError(, tx);
throw error;
const fragment = this.getFragment(...args);
return this._contract.interface.decodeFunctionResult(fragment, result);
function _WrappedEventBase() {
return Function;
class WrappedEvent extends _WrappedEventBase() {
name = ""; // @TODO: investigate
constructor(contract, key) {
defineProperties(this, {
name: contract.interface.getEventName(key),
_contract: contract, _key: key
return new Proxy(this, {
// Perform the default operation for this fragment type
apply: (target, thisArg, args) => {
return new PreparedTopicFilter(contract, target.getFragment(...args), args);
// Only works on non-ambiguous keys
get fragment() {
const fragment = this._contract.interface.getEvent(this._key);
assert$1(fragment, "no matching fragment", "UNSUPPORTED_OPERATION", {
operation: "fragment"
return fragment;
getFragment(...args) {
const fragment = this._contract.interface.getEvent(this._key, args);
assert$1(fragment, "no matching fragment", "UNSUPPORTED_OPERATION", {
operation: "fragment"
return fragment;
// The combination of TypeScrype, Private Fields and Proxies makes
// the world go boom; so we hide variables with some trickery keeping
// a symbol attached to each BaseContract which its sub-class (even
// via a Proxy) can reach and use to look up its internal values.
const internal = Symbol.for("_ethersInternal_contract");
const internalValues = new WeakMap();
function setInternal(contract, values) {
internalValues.set(contract[internal], values);
function getInternal(contract) {
return internalValues.get(contract[internal]);
function isDeferred(value) {
return (value && typeof (value) === "object" && ("getTopicFilter" in value) &&
(typeof (value.getTopicFilter) === "function") && value.fragment);
async function getSubInfo(contract, event) {
let topics;
let fragment = null;
// Convert named events to topicHash and get the fragment for
// events which need deconstructing.
if (Array.isArray(event)) {
const topicHashify = function (name) {
if (isHexString(name, 32)) {
return name;
const fragment = contract.interface.getEvent(name);
assertArgument(fragment, "unknown fragment", "name", name);
return fragment.topicHash;
// Array of Topics and Names; e.g. `[ "0x1234...89ab", "Transfer(address)" ]`
topics = => {
if (e == null) {
return null;
if (Array.isArray(e)) {
return topicHashify(e);
else if (event === "*") {
topics = [null];
else if (typeof (event) === "string") {
if (isHexString(event, 32)) {
// Topic Hash
topics = [event];
else {
// Name or Signature; e.g. `"Transfer", `"Transfer(address)"`
fragment = contract.interface.getEvent(event);
assertArgument(fragment, "unknown fragment", "event", event);
topics = [fragment.topicHash];
else if (isDeferred(event)) {
// Deferred Topic Filter; e.g. `contract.filter.Transfer(from)`
topics = await event.getTopicFilter();
else if ("fragment" in event) {
// ContractEvent; e.g. `contract.filter.Transfer`
fragment = event.fragment;
topics = [fragment.topicHash];
else {
assertArgument(false, "unknown event name", "event", event);
// Normalize topics and sort TopicSets
topics = => {
if (t == null) {
return null;
if (Array.isArray(t)) {
const items = Array.from(new Set( => t.toLowerCase())).values());
if (items.length === 1) {
return items[0];
return items;
return t.toLowerCase();
const tag = => {
if (t == null) {
return "null";
if (Array.isArray(t)) {
return t.join("|");
return t;
return { fragment, tag, topics };
async function hasSub(contract, event) {
const { subs } = getInternal(contract);
return subs.get((await getSubInfo(contract, event)).tag) || null;
async function getSub(contract, operation, event) {
// Make sure our runner can actually subscribe to events
const provider = getProvider(contract.runner);
assert$1(provider, "contract runner does not support subscribing", "UNSUPPORTED_OPERATION", { operation });
const { fragment, tag, topics } = await getSubInfo(contract, event);
const { addr, subs } = getInternal(contract);
let sub = subs.get(tag);
if (!sub) {
const address = (addr ? addr : contract);
const filter = { address, topics };
const listener = (log) => {
let foundFragment = fragment;
if (foundFragment == null) {
try {
foundFragment = contract.interface.getEvent(log.topics[0]);
catch (error) { }
// If fragment is null, we do not deconstruct the args to emit
if (foundFragment) {
const _foundFragment = foundFragment;
const args = fragment ? contract.interface.decodeEventLog(fragment,, log.topics) : [];
emit(contract, event, args, (listener) => {
return new ContractEventPayload(contract, listener, event, _foundFragment, log);
else {
emit(contract, event, [], (listener) => {
return new ContractUnknownEventPayload(contract, listener, event, log);
let starting = [];
const start = () => {
if (starting.length) {
starting.push(provider.on(filter, listener));
const stop = async () => {
if (starting.length == 0) {
let started = starting;
starting = [];
await Promise.all(started);, listener);
sub = { tag, listeners: [], start, stop };
subs.set(tag, sub);
return sub;
// We use this to ensure one emit resolves before firing the next to
// ensure correct ordering (note this cannot throw and just adds the
// notice to the event queu using setTimeout).
let lastEmit = Promise.resolve();
async function _emit(contract, event, args, payloadFunc) {
await lastEmit;
const sub = await hasSub(contract, event);
if (!sub) {
return false;
const count = sub.listeners.length;
sub.listeners = sub.listeners.filter(({ listener, once }) => {
const passArgs = Array.from(args);
if (payloadFunc) {
passArgs.push(payloadFunc(once ? null : listener));
try {, ...passArgs);
catch (error) { }
return !once;
return (count > 0);
async function emit(contract, event, args, payloadFunc) {
try {
await lastEmit;
catch (error) { }
const resultPromise = _emit(contract, event, args, payloadFunc);
lastEmit = resultPromise;
return await resultPromise;
const passProperties = ["then"];
class BaseContract {
constructor(target, abi, runner, _deployTx) {
if (runner == null) {
runner = null;
const iface = Interface.from(abi);
defineProperties(this, { target, runner, interface: iface });
Object.defineProperty(this, internal, { value: {} });
let addrPromise;
let addr = null;
let deployTx = null;
if (_deployTx) {
const provider = getProvider(runner);
// @TODO: the provider can be null; make a custom dummy provider that will throw a
// meaningful error
deployTx = new ContractTransactionResponse(this.interface, provider, _deployTx);
let subs = new Map();
// Resolve the target as the address
if (typeof (target) === "string") {
if (isHexString(target)) {
addr = target;
addrPromise = Promise.resolve(target);
else {
const resolver = getRunner(runner, "resolveName");
if (!canResolve(resolver)) {
throw makeError("contract runner does not support name resolution", "UNSUPPORTED_OPERATION", {
operation: "resolveName"
addrPromise = resolver.resolveName(target).then((addr) => {
if (addr == null) {
throw new Error("TODO");
getInternal(this).addr = addr;
return addr;
else {
addrPromise = target.getAddress().then((addr) => {
if (addr == null) {
throw new Error("TODO");
getInternal(this).addr = addr;
return addr;
// Set our private values
setInternal(this, { addrPromise, addr, deployTx, subs });
// Add the event filters
const filters = new Proxy({}, {
get: (target, _prop, receiver) => {
// Pass important checks (like `then` for Promise) through
if (passProperties.indexOf(_prop) >= 0) {
return Reflect.get(target, _prop, receiver);
const prop = String(_prop);
const result = this.getEvent(prop);
if (result) {
return result;
throw new Error(`unknown contract event: ${prop}`);
defineProperties(this, { filters });
defineProperties(this, {
fallback: ((iface.receive || iface.fallback) ? (new WrappedFallback(this)) : null)
// Return a Proxy that will respond to functions
return new Proxy(this, {
get: (target, _prop, receiver) => {
if (_prop in target || passProperties.indexOf(_prop) >= 0) {
return Reflect.get(target, _prop, receiver);
const prop = String(_prop);
const result = target.getFunction(prop);
if (result) {
return result;
throw new Error(`unknown contract method: ${prop}`);
connect(runner) {
return new BaseContract(, this.interface, runner);
async getAddress() { return await getInternal(this).addrPromise; }
async getDeployedCode() {
const provider = getProvider(this.runner);
assert$1(provider, "runner does not support .provider", "UNSUPPORTED_OPERATION", { operation: "getDeployedCode" });
const code = await provider.getCode(await this.getAddress());
if (code === "0x") {
return null;
return code;
async waitForDeployment() {
// We have the deployement transaction; just use that (throws if deployement fails)
const deployTx = this.deploymentTransaction();
if (deployTx) {
await deployTx.wait();
return this;
// Check for code
const code = await this.getDeployedCode();
if (code != null) {
return this;
// Make sure we can subscribe to a provider event
const provider = getProvider(this.runner);
assert$1(provider != null, "contract runner does not support .provider", "UNSUPPORTED_OPERATION", { operation: "waitForDeployment" });
return new Promise((resolve, reject) => {
const checkCode = async () => {
try {
const code = await this.getDeployedCode();
if (code != null) {
return resolve(this);
provider.once("block", checkCode);
catch (error) {
deploymentTransaction() {
return getInternal(this).deployTx;
getFunction(key) {
if (typeof (key) !== "string") {
key = key.format();
return (new WrappedMethod(this, key));
getEvent(key) {
if (typeof (key) !== "string") {
key = key.format();
return (new WrappedEvent(this, key));
async queryTransaction(hash) {
// Is this useful?
throw new Error("@TODO");
async queryFilter(event, fromBlock, toBlock) {
if (fromBlock == null) {
fromBlock = 0;
if (toBlock == null) {
toBlock = "latest";
const { addr, addrPromise } = getInternal(this);
const address = (addr ? addr : (await addrPromise));
const { fragment, topics } = await getSubInfo(this, event);
const filter = { address, topics, fromBlock, toBlock };
const provider = getProvider(this.runner);
assert$1(provider, "contract runner does not have a provider", "UNSUPPORTED_OPERATION", { operation: "queryFilter" });
return (await provider.getLogs(filter)).map((log) => {
let foundFragment = fragment;
if (foundFragment == null) {
try {
foundFragment = this.interface.getEvent(log.topics[0]);
catch (error) { }
if (foundFragment) {
return new EventLog(log, this.interface, foundFragment);
else {
return new Log(log, provider);
async on(event, listener) {
const sub = await getSub(this, "on", event);
sub.listeners.push({ listener, once: false });
return this;
async once(event, listener) {
const sub = await getSub(this, "once", event);
sub.listeners.push({ listener, once: true });
return this;
async emit(event, ...args) {
return await emit(this, event, args, null);
async listenerCount(event) {
if (event) {
const sub = await hasSub(this, event);
if (!sub) {
return 0;
return sub.listeners.length;
const { subs } = getInternal(this);
let total = 0;
for (const { listeners } of subs.values()) {
total += listeners.length;
return total;
async listeners(event) {
if (event) {
const sub = await hasSub(this, event);
if (!sub) {
return [];
return{ listener }) => listener);
const { subs } = getInternal(this);
let result = [];
for (const { listeners } of subs.values()) {
result = result.concat({ listener }) => listener));
return result;
async off(event, listener) {
const sub = await hasSub(this, event);
if (!sub) {
return this;
if (listener) {
const index ={ listener }) => listener).indexOf(listener);
if (index >= 0) {
sub.listeners.splice(index, 1);
if (listener == null || sub.listeners.length === 0) {
return this;
async removeAllListeners(event) {
if (event) {
const sub = await hasSub(this, event);
if (!sub) {
return this;
else {
const { subs } = getInternal(this);
for (const { tag, stop } of subs.values()) {
return this;
// Alias for "on"
async addListener(event, listener) {
return await this.on(event, listener);
// Alias for "off"
async removeListener(event, listener) {
return await, listener);
static buildClass(abi) {
class CustomContract extends BaseContract {
constructor(address, runner = null) {
super(address, abi, runner);
return CustomContract;
static from(target, abi, runner) {
if (runner == null) {
runner = null;
const contract = new this(target, abi, runner);
return contract;
function _ContractBase() {
return BaseContract;
class Contract extends _ContractBase() {
// A = Arguments to the constructor
// I = Interface of deployed contracts
class ContractFactory {
constructor(abi, bytecode, runner) {
const iface = Interface.from(abi);
// Dereference Solidity bytecode objects and allow a missing `0x`-prefix
if (bytecode instanceof Uint8Array) {
bytecode = hexlify(getBytes(bytecode));
else {
if (typeof (bytecode) === "object") {
bytecode = bytecode.object;
if (!bytecode.startsWith("0x")) {
bytecode = "0x" + bytecode;
bytecode = hexlify(getBytes(bytecode));
defineProperties(this, {
bytecode, interface: iface, runner: (runner || null)
async getDeployTransaction(...args) {
let overrides = {};
const fragment = this.interface.deploy;
if (fragment.inputs.length + 1 === args.length) {
overrides = await copyOverrides(args.pop());
if (fragment.inputs.length !== args.length) {
throw new Error("incorrect number of arguments to constructor");
const resolvedArgs = await resolveArgs(this.runner, fragment.inputs, args);
const data = concat([this.bytecode, this.interface.encodeDeploy(resolvedArgs)]);
return Object.assign({}, overrides, { data });
async deploy(...args) {
const tx = await this.getDeployTransaction(...args);
assert$1(this.runner && typeof (this.runner.sendTransaction) === "function", "factory runner does not support sending transactions", "UNSUPPORTED_OPERATION", {
operation: "sendTransaction"
const sentTx = await this.runner.sendTransaction(tx);
const address = getCreateAddress(sentTx);
return new BaseContract(address, this.interface, this.runner, sentTx);
connect(runner) {
return new ContractFactory(this.interface, this.bytecode, runner);
static fromSolidity(output, runner) {
assertArgument(output != null, "bad compiler output", "output", output);
if (typeof (output) === "string") {
output = JSON.parse(output);
const abi = output.abi;
let bytecode = "";
if (output.bytecode) {
bytecode = output.bytecode;
else if (output.evm && output.evm.bytecode) {
bytecode = output.evm.bytecode;
return new this(abi, bytecode, runner);
* About contracts...
* @_section: api/contract:Contracts [about-contracts]
* About ENS Resolver
* @_section: api/providers/ens-resolver:ENS Resolver [about-ens-rsolver]
// @TODO: This should use the fetch-data:ipfs gateway
// Trim off the ipfs:// prefix and return the default gateway URL
function getIpfsLink(link) {
if (link.match(/^ipfs:\/\/ipfs\//i)) {
link = link.substring(12);
else if (link.match(/^ipfs:\/\//i)) {
link = link.substring(7);
else {
assertArgument(false, "unsupported IPFS format", "link", link);
return `https:/\/${link}`;
* A provider plugin super-class for processing multicoin address types.
class MulticoinProviderPlugin {
constructor(name) {
defineProperties(this, { name });
connect(proivder) {
return this;
supportsCoinType(coinType) {
return false;
async encodeAddress(coinType, address) {
throw new Error("unsupported coin");
async decodeAddress(coinType, data) {
throw new Error("unsupported coin");
const BasicMulticoinPluginId = "org.ethers.plugins.provider.BasicMulticoin";
* A basic multicoin provider plugin.
class BasicMulticoinProviderPlugin extends MulticoinProviderPlugin {
constructor() {
const matcherIpfs = new RegExp("^(ipfs):/\/(.*)$", "i");
const matchers = [
new RegExp("^(https):/\/(.*)$", "i"),
new RegExp("^(data):(.*)$", "i"),
new RegExp("^eip155:[0-9]+/(erc[0-9]+):(.*)$", "i"),
* A connected object to a resolved ENS name resolver, which can be
* used to query additional details.
class EnsResolver {
* The connected provider.
* The address of the resolver.
* The name this resovler was resolved against.
// For EIP-2544 names, the ancestor that provided the resolver
constructor(provider, address, name) {
defineProperties(this, { provider, address, name });
this.#supports2544 = null;
this.#resolver = new Contract(address, [
"function supportsInterface(bytes4) view returns (bool)",
"function resolve(bytes, bytes) view returns (bytes)",
"function addr(bytes32) view returns (address)",
"function addr(bytes32, uint) view returns (address)",
"function text(bytes32, string) view returns (string)",
"function contenthash() view returns (bytes)",
], provider);
* Resolves to true if the resolver supports wildcard resolution.
async supportsWildcard() {
if (this.#supports2544 == null) {
this.#supports2544 = (async () => {
try {
return await this.#resolver.supportsInterface("0x9061b923");
catch (error) {
// Wildcard resolvers must understand supportsInterface
// and return true.
if (isError(error, "CALL_EXCEPTION")) {
return false;
// Let future attempts try again...
this.#supports2544 = null;
throw error;
return await this.#supports2544;
async #fetch(funcName, params) {
params = (params || []).slice();
const iface = this.#resolver.interface;
// The first parameters is always the nodehash
let fragment = null;
if (await this.supportsWildcard()) {
fragment = iface.getFunction(funcName);
assert$1(fragment, "missing fragment", "UNKNOWN_ERROR", {
info: { funcName }
params = [
iface.encodeFunctionData(fragment, params)
funcName = "resolve(bytes,bytes)";
ccipReadEnable: true
try {
const result = await this.#resolver[funcName](...params);
if (fragment) {
return iface.decodeFunctionResult(fragment, result)[0];
return result;
catch (error) {
if (!isError(error, "CALL_EXCEPTION")) {
throw error;
return null;
* Resolves to the address for %%coinType%% or null if the
* provided %%coinType%% has not been configured.
async getAddress(coinType) {
if (coinType == null) {
coinType = 60;
if (coinType === 60) {
try {
const result = await this.#fetch("addr(bytes32)");
// No address
if (result == null || result === ZeroAddress) {
return null;
return result;
catch (error) {
if (isError(error, "CALL_EXCEPTION")) {
return null;
throw error;
let coinPlugin = null;
for (const plugin of this.provider.plugins) {
if (!(plugin instanceof MulticoinProviderPlugin)) {
if (plugin.supportsCoinType(coinType)) {
coinPlugin = plugin;
if (coinPlugin == null) {
return null;
// keccak256("addr(bytes32,uint256")
const data = await this.#fetch("addr(bytes32,uint)", [coinType]);
// No address
if (data == null || data === "0x") {
return null;
// Compute the address
const address = await coinPlugin.encodeAddress(coinType, data);
if (address != null) {
return address;
assert$1(false, `invalid coin data`, "UNSUPPORTED_OPERATION", {
operation: `getAddress(${coinType})`,
info: { coinType, data }
* Resovles to the EIP-643 text record for %%key%%, or ``null``
* if unconfigured.
async getText(key) {
const data = await this.#fetch("text(bytes32,string)", [key]);
if (data == null || data === "0x") {
return null;
return data;
* Rsolves to the content-hash or ``null`` if unconfigured.
async getContentHash() {
// keccak256("contenthash()")
const data = await this.#fetch("contenthash()");
// No contenthash
if (data == null || data === "0x") {
return null;
// IPFS (CID: 1, Type: 70=DAG-PB, 72=libp2p-key)
const ipfs = data.match(/^0x(e3010170|e5010172)(([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f]*))$/);
if (ipfs) {
const scheme = (ipfs[1] === "e3010170") ? "ipfs" : "ipns";
const length = parseInt(ipfs[4], 16);
if (ipfs[5].length === length * 2) {
return `${scheme}:/\/${encodeBase58("0x" + ipfs[2])}`;
// Swarm (CID: 1, Type: swarm-manifest; hash/length hard-coded to keccak256/32)
const swarm = data.match(/^0xe40101fa011b20([0-9a-f]*)$/);
if (swarm && swarm[1].length === 64) {
return `bzz:/\/${swarm[1]}`;
assert$1(false, `invalid or unsupported content hash data`, "UNSUPPORTED_OPERATION", {
operation: "getContentHash()",
info: { data }
* Resolves to the avatar url or ``null`` if the avatar is either
* unconfigured or incorrectly configured (e.g. references an NFT
* not owned by the address).
* If diagnosing issues with configurations, the [[_getAvatar]]
* method may be useful.
async getAvatar() {
const avatar = await this._getAvatar();
return avatar.url;
* When resolving an avatar, there are many steps involved, such
* fetching metadata and possibly validating ownership of an
* NFT.
* This method can be used to examine each step and the value it
* was working from.
async _getAvatar() {
const linkage = [{ type: "name", value: }];
try {
// test data for ricmoo.eth
//const avatar = "eip155:1/erc721:0x265385c7f4132228A0d54EB1A9e7460b91c0cC68/29233";
const avatar = await this.getText("avatar");
if (avatar == null) {
linkage.push({ type: "!avatar", value: "" });
return { url: null, linkage };
linkage.push({ type: "avatar", value: avatar });
for (let i = 0; i < matchers.length; i++) {
const match = avatar.match(matchers[i]);
if (match == null) {
const scheme = match[1].toLowerCase();
switch (scheme) {
case "https":
case "data":
linkage.push({ type: "url", value: avatar });
return { linkage, url: avatar };
case "ipfs": {
const url = getIpfsLink(avatar);
linkage.push({ type: "ipfs", value: avatar });
linkage.push({ type: "url", value: url });
return { linkage, url };
case "erc721":
case "erc1155": {
// Depending on the ERC type, use tokenURI(uint256) or url(uint256)
const selector = (scheme === "erc721") ? "tokenURI(uint256)" : "uri(uint256)";
linkage.push({ type: scheme, value: avatar });
// The owner of this name
const owner = await this.getAddress();
if (owner == null) {
linkage.push({ type: "!owner", value: "" });
return { url: null, linkage };
const comps = (match[2] || "").split("/");
if (comps.length !== 2) {
linkage.push({ type: `!${scheme}caip`, value: (match[2] || "") });
return { url: null, linkage };
const tokenId = comps[1];
const contract = new Contract(comps[0], [
// ERC-721
"function tokenURI(uint) view returns (string)",
"function ownerOf(uint) view returns (address)",
// ERC-1155
"function uri(uint) view returns (string)",
"function balanceOf(address, uint256) view returns (uint)"
], this.provider);
// Check that this account owns the token
if (scheme === "erc721") {
const tokenOwner = await contract.ownerOf(tokenId);
if (owner !== tokenOwner) {
linkage.push({ type: "!owner", value: tokenOwner });
return { url: null, linkage };
linkage.push({ type: "owner", value: tokenOwner });
else if (scheme === "erc1155") {
const balance = await contract.balanceOf(owner, tokenId);
if (!balance) {
linkage.push({ type: "!balance", value: "0" });
return { url: null, linkage };
linkage.push({ type: "balance", value: balance.toString() });
// Call the token contract for the metadata URL
let metadataUrl = await contract[selector](tokenId);
if (metadataUrl == null || metadataUrl === "0x") {
linkage.push({ type: "!metadata-url", value: "" });
return { url: null, linkage };
linkage.push({ type: "metadata-url-base", value: metadataUrl });
// ERC-1155 allows a generic {id} in the URL
if (scheme === "erc1155") {
metadataUrl = metadataUrl.replace("{id}", toBeHex(tokenId, 32).substring(2));
linkage.push({ type: "metadata-url-expanded", value: metadataUrl });
// Transform IPFS metadata links
if (metadataUrl.match(/^ipfs:/i)) {
metadataUrl = getIpfsLink(metadataUrl);
linkage.push({ type: "metadata-url", value: metadataUrl });
// Get the token metadata
let metadata = {};
const response = await (new FetchRequest(metadataUrl)).send();
try {
metadata = response.bodyJson;
catch (error) {
try {
linkage.push({ type: "!metadata", value: response.bodyText });
catch (error) {
const bytes = response.body;
if (bytes) {
linkage.push({ type: "!metadata", value: hexlify(bytes) });
return { url: null, linkage };
return { url: null, linkage };
if (!metadata) {
linkage.push({ type: "!metadata", value: "" });
return { url: null, linkage };
linkage.push({ type: "metadata", value: JSON.stringify(metadata) });
// Pull the image URL out
let imageUrl = metadata.image;
if (typeof (imageUrl) !== "string") {
linkage.push({ type: "!imageUrl", value: "" });
return { url: null, linkage };
if (imageUrl.match(/^(https:\/\/|data:)/i)) {
// Allow
else {
// Transform IPFS link to gateway
const ipfs = imageUrl.match(matcherIpfs);
if (ipfs == null) {
linkage.push({ type: "!imageUrl-ipfs", value: imageUrl });
return { url: null, linkage };
linkage.push({ type: "imageUrl-ipfs", value: imageUrl });
imageUrl = getIpfsLink(imageUrl);
linkage.push({ type: "url", value: imageUrl });
return { linkage, url: imageUrl };
catch (error) { }
return { linkage, url: null };
static async getEnsAddress(provider) {
const network = await provider.getNetwork();
const ensPlugin = network.getPlugin("");
// No ENS...
assert$1(ensPlugin, "network does not support ENS", "UNSUPPORTED_OPERATION", {
operation: "getEnsAddress", info: { network }
return ensPlugin.address;
static async #getResolver(provider, name) {
const ensAddr = await EnsResolver.getEnsAddress(provider);
try {
const contract = new Contract(ensAddr, [
"function resolver(bytes32) view returns (address)"
], provider);
const addr = await contract.resolver(namehash(name), {
enableCcipRead: true
if (addr === ZeroAddress) {
return null;
return addr;
catch (error) {
// ENS registry cannot throw errors on resolver(bytes32),
// so probably a link error
throw error;
return null;
* Resolve to the ENS resolver for %%name%% using %%provider%% or
* ``null`` if unconfigured.
static async fromName(provider, name) {
let currentName = name;
while (true) {
if (currentName === "" || currentName === ".") {
return null;
// Optimization since the eth node cannot change and does
// not have a wildcar resolver
if (name !== "eth" && currentName === "eth") {
return null;
// Check the current node for a resolver
const addr = await EnsResolver.#getResolver(provider, currentName);
// Found a resolver!
if (addr != null) {
const resolver = new EnsResolver(provider, addr, name);
// Legacy resolver found, using EIP-2544 so it isn't safe to use
if (currentName !== name && !(await resolver.supportsWildcard())) {
return null;
return resolver;
// Get the parent node
currentName = currentName.split(".").slice(1).join(".");
* @_ignore
const BN_0 = BigInt(0);
function allowNull(format, nullValue) {
return (function (value) {
if (value == null) {
return nullValue;
return format(value);
function arrayOf(format) {
return ((array) => {
if (!Array.isArray(array)) {
throw new Error("not an array");
return => format(i));
// Requires an object which matches a fleet of other formatters
// Any FormatFunc may return `undefined` to have the value omitted
// from the result object. Calls preserve `this`.
function object(format, altNames) {
return ((value) => {
const result = {};
for (const key in format) {
let srcKey = key;
if (altNames && key in altNames && !(srcKey in value)) {
for (const altKey of altNames[key]) {
if (altKey in value) {
srcKey = altKey;
try {
const nv = format[key](value[srcKey]);
if (nv !== undefined) {
result[key] = nv;
catch (error) {
const message = (error instanceof Error) ? error.message : "not-an-error";
assert$1(false, `invalid value for value.${key} (${message})`, "BAD_DATA", { value });
return result;
function formatBoolean(value) {
switch (value) {
case true:
case "true":
return true;
case false:
case "false":
return false;
assertArgument(false, `invalid boolean; ${JSON.stringify(value)}`, "value", value);
function formatData(value) {
assertArgument(isHexString(value, true), "invalid data", "value", value);
return value;
function formatHash(value) {
assertArgument(isHexString(value, 32), "invalid hash", "value", value);
return value;
function formatUint256(value) {
if (!isHexString(value)) {
throw new Error("invalid uint256");
return zeroPadValue(value, 32);
const _formatLog = object({
address: getAddress,
blockHash: formatHash,
blockNumber: getNumber,
data: formatData,
index: getNumber,
removed: formatBoolean,
topics: arrayOf(formatHash),
transactionHash: formatHash,
transactionIndex: getNumber,
}, {
index: ["logIndex"]
function formatLog(value) {
return _formatLog(value);
const _formatBlock = object({
hash: allowNull(formatHash),
parentHash: formatHash,
number: getNumber,
timestamp: getNumber,
nonce: allowNull(formatData),
difficulty: getBigInt,
gasLimit: getBigInt,
gasUsed: getBigInt,
miner: allowNull(getAddress),
extraData: formatData,
baseFeePerGas: allowNull(getBigInt)
function formatBlock(value) {
const result = _formatBlock(value);
result.transactions = => {
if (typeof (tx) === "string") {
return tx;
return formatTransactionResponse(tx);
return result;
const _formatReceiptLog = object({
transactionIndex: getNumber,
blockNumber: getNumber,
transactionHash: formatHash,
address: getAddress,
topics: arrayOf(formatHash),
data: formatData,
index: getNumber,
blockHash: formatHash,
}, {
index: ["logIndex"]
function formatReceiptLog(value) {
return _formatReceiptLog(value);
const _formatTransactionReceipt = object({
to: allowNull(getAddress, null),
from: allowNull(getAddress, null),
contractAddress: allowNull(getAddress, null),
// should be allowNull(hash), but broken-EIP-658 support is handled in receipt
index: getNumber,
root: allowNull(hexlify),
gasUsed: getBigInt,
logsBloom: allowNull(formatData),
blockHash: formatHash,
hash: formatHash,
logs: arrayOf(formatReceiptLog),
blockNumber: getNumber,
//confirmations: allowNull(getNumber, null),
cumulativeGasUsed: getBigInt,
effectiveGasPrice: allowNull(getBigInt),
status: allowNull(getNumber),
type: allowNull(getNumber, 0)
}, {
effectiveGasPrice: ["gasPrice"],
hash: ["transactionHash"],
index: ["transactionIndex"],
function formatTransactionReceipt(value) {
return _formatTransactionReceipt(value);
function formatTransactionResponse(value) {
// Some clients (TestRPC) do strange things like return 0x0 for the
// 0 address; correct this to be a real address
if ( && getBigInt( === BN_0) { = "0x0000000000000000000000000000000000000000";
const result = object({
hash: formatHash,
type: (value) => {
if (value === "0x" || value == null) {
return 0;
return getNumber(value);
accessList: allowNull(accessListify, null),
blockHash: allowNull(formatHash, null),
blockNumber: allowNull(getNumber, null),
transactionIndex: allowNull(getNumber, null),
//confirmations: allowNull(getNumber, null),
from: getAddress,
// either (gasPrice) or (maxPriorityFeePerGas + maxFeePerGas) must be set
gasPrice: allowNull(getBigInt),
maxPriorityFeePerGas: allowNull(getBigInt),
maxFeePerGas: allowNull(getBigInt),
gasLimit: getBigInt,
to: allowNull(getAddress, null),
value: getBigInt,
nonce: getNumber,
data: formatData,
creates: allowNull(getAddress, null),
chainId: allowNull(getBigInt, null)
}, {
data: ["input"],
gasLimit: ["gas"]
// If to and creates are empty, populate the creates from the value
if ( == null && result.creates == null) {
result.creates = getCreateAddress(result);
// @TODO: Check fee data
// Add an access list to supported transaction types
if ((value.type === 1 || value.type === 2) && value.accessList == null) {
result.accessList = [];
// Compute the signature
if (value.signature) {
result.signature = Signature.from(value.signature);
else {
result.signature = Signature.from(value);
// Some backends omit ChainId on legacy transactions, but we can compute it
if (result.chainId == null) {
const chainId = result.signature.legacyChainId;
if (chainId != null) {
result.chainId = chainId;
// @TODO: check chainID
if (value.chainId != null) {
let chainId = value.chainId;
if (isHexString(chainId)) {
chainId = BigNumber.from(chainId).toNumber();
result.chainId = chainId;
} else {
let chainId = value.networkId;
// geth-etc returns chainId
if (chainId == null && result.v == null) {
chainId = value.chainId;
if (isHexString(chainId)) {
chainId = BigNumber.from(chainId).toNumber();
if (typeof(chainId) !== "number" && result.v != null) {
chainId = (result.v - 35) / 2;
if (chainId < 0) { chainId = 0; }
chainId = parseInt(chainId);
if (typeof(chainId) !== "number") { chainId = 0; }
result.chainId = chainId;
// 0x0000... should actually be null
if (result.blockHash && getBigInt(result.blockHash) === BN_0) {
result.blockHash = null;
return result;
const EnsAddress = "0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e";
class NetworkPlugin {
constructor(name) {
defineProperties(this, { name });
clone() {
return new NetworkPlugin(;
class GasCostPlugin extends NetworkPlugin {
constructor(effectiveBlock, costs) {
if (effectiveBlock == null) {
effectiveBlock = 0;
super(`${(effectiveBlock || 0)}`);
const props = { effectiveBlock };
function set(name, nullish) {
let value = (costs || {})[name];
if (value == null) {
value = nullish;
assertArgument(typeof (value) === "number", `invalud value for ${name}`, "costs", costs);
props[name] = value;
set("txBase", 21000);
set("txCreate", 32000);
set("txDataZero", 4);
set("txDataNonzero", 16);
set("txAccessListStorageKey", 1900);
set("txAccessListAddress", 2400);
defineProperties(this, props);
clone() {
return new GasCostPlugin(this.effectiveBlock, this);
// Networks shoudl use this plugin to specify the contract address
// and network necessary to resolve ENS names.
class EnsPlugin extends NetworkPlugin {
// The ENS contract address
// The network ID that the ENS contract lives on
constructor(address, targetNetwork) {
defineProperties(this, {
address: (address || EnsAddress),
targetNetwork: ((targetNetwork == null) ? 1 : targetNetwork)
clone() {
return new EnsPlugin(this.address, this.targetNetwork);
class FeeDataNetworkPlugin extends NetworkPlugin {
get feeDataFunc() {
return this.#feeDataFunc;
constructor(feeDataFunc) {
this.#feeDataFunc = feeDataFunc;
async getFeeData(provider) {
return await this.#feeDataFunc(provider);
clone() {
return new FeeDataNetworkPlugin(this.#feeDataFunc);
export class CustomBlockNetworkPlugin extends NetworkPlugin {
readonly #blockFunc: (provider: Provider, block: BlockParams<string>) => Block<string>;
readonly #blockWithTxsFunc: (provider: Provider, block: BlockParams<TransactionResponseParams>) => Block<TransactionResponse>;
constructor(blockFunc: (provider: Provider, block: BlockParams<string>) => Block<string>, blockWithTxsFunc: (provider: Provider, block: BlockParams<TransactionResponseParams>) => Block<TransactionResponse>) {
this.#blockFunc = blockFunc;
this.#blockWithTxsFunc = blockWithTxsFunc;
async getBlock(provider: Provider, block: BlockParams<string>): Promise<Block<string>> {
return await this.#blockFunc(provider, block);
async getBlockions(provider: Provider, block: BlockParams<TransactionResponseParams>): Promise<Block<TransactionResponse>> {
return await this.#blockWithTxsFunc(provider, block);
clone(): CustomBlockNetworkPlugin {
return new CustomBlockNetworkPlugin(this.#blockFunc, this.#blockWithTxsFunc);
* About networks
* @_subsection: api/providers:Networks [networks]
/* * * *
// Networks which operation against an L2 can use this plugin to
// specify how to access L1, for the purpose of resolving ENS,
// for example.
export class LayerOneConnectionPlugin extends NetworkPlugin {
readonly provider!: Provider;
// @TODO: Rename to ChainAccess and allow for connecting to any chain
constructor(provider: Provider) {
defineProperties<LayerOneConnectionPlugin>(this, { provider });
clone(): LayerOneConnectionPlugin {
return new LayerOneConnectionPlugin(this.provider);
/* * * *
export class PriceOraclePlugin extends NetworkPlugin {
readonly address!: string;
constructor(address: string) {
defineProperties<PriceOraclePlugin>(this, { address });
clone(): PriceOraclePlugin {
return new PriceOraclePlugin(this.address);
// Networks or clients with a higher need for security (such as clients
// that may automatically make CCIP requests without user interaction)
// can use this plugin to anonymize requests or intercept CCIP requests
// to notify and/or receive authorization from the user
/* * * *
export type FetchDataFunc = (req: Frozen<FetchRequest>) => Promise<FetchRequest>;
export class CcipPreflightPlugin extends NetworkPlugin {
readonly fetchData!: FetchDataFunc;
constructor(fetchData: FetchDataFunc) {
defineProperties<CcipPreflightPlugin>(this, { fetchData });
clone(): CcipPreflightPlugin {
return new CcipPreflightPlugin(this.fetchData);
const Networks = new Map();
// @TODO: Add a _ethersNetworkObj variable to better detect network ovjects
class Network {
constructor(name, chainId) {
this.#name = name;
this.#chainId = getBigInt(chainId);
this.#plugins = new Map();
toJSON() {
return { name:, chainId: this.chainId };
get name() { return this.#name; }
set name(value) { this.#name = value; }
get chainId() { return this.#chainId; }
set chainId(value) { this.#chainId = getBigInt(value, "chainId"); }
get plugins() {
return Array.from(this.#plugins.values());
attachPlugin(plugin) {
if (this.#plugins.get( {
throw new Error(`cannot replace existing plugin: ${} `);
this.#plugins.set(, plugin.clone());
return this;
getPlugin(name) {
return (this.#plugins.get(name)) || null;
// Gets a list of Plugins which match basename, ignoring any fragment
getPlugins(basename) {
return (this.plugins.filter((p) => ("#")[0] === basename)));
clone() {
const clone = new Network(, this.chainId);
this.plugins.forEach((plugin) => {
return clone;
computeIntrinsicGas(tx) {
const costs = this.getPlugin("") || (new GasCostPlugin());
let gas = costs.txBase;
if ( == null) {
gas += costs.txCreate;
if ( {
for (let i = 2; i <; i += 2) {
if (, i + 2) === "00") {
gas += costs.txDataZero;
else {
gas += costs.txDataNonzero;
if (tx.accessList) {
const accessList = accessListify(tx.accessList);
for (const addr in accessList) {
gas += costs.txAccessListAddress + costs.txAccessListStorageKey * accessList[addr].storageKeys.length;
return gas;
* Returns a new Network for the %%network%% name or chainId.
static from(network) {
// Default network
if (network == null) {
return Network.from("mainnet");
// Canonical name or chain ID
if (typeof (network) === "number") {
network = BigInt(network);
if (typeof (network) === "string" || typeof (network) === "bigint") {
const networkFunc = Networks.get(network);
if (networkFunc) {
return networkFunc();
if (typeof (network) === "bigint") {
return new Network("unknown", network);
assertArgument(false, "unknown network", "network", network);
// Clonable with network-like abilities
if (typeof (network.clone) === "function") {
const clone = network.clone();
//if (typeof( !== "string" || typeof(network.chainId) !== "number") {
return clone;
// Networkish
if (typeof (network) === "object") {
assertArgument(typeof ( === "string" && typeof (network.chainId) === "number", "invalid network object name or chainId", "network", network);
const custom = new Network((, (network.chainId));
if (network.ensAddress || network.ensNetwork != null) {
custom.attachPlugin(new EnsPlugin(network.ensAddress, network.ensNetwork));
//if ((<any>network).layerOneConnection) {
// custom.attachPlugin(new LayerOneConnectionPlugin((<any>network).layerOneConnection));
return custom;
assertArgument(false, "invalid network", "network", network);
* Register %%nameOrChainId%% with a function which returns
* an instance of a Network representing that chain.
static register(nameOrChainId, networkFunc) {
if (typeof (nameOrChainId) === "number") {
nameOrChainId = BigInt(nameOrChainId);
const existing = Networks.get(nameOrChainId);
if (existing) {
assertArgument(false, `conflicting network for ${JSON.stringify(}`, "nameOrChainId", nameOrChainId);
Networks.set(nameOrChainId, networkFunc);
// See:
let injected = false;
function injectCommonNetworks() {
if (injected) {
injected = true;
/// Register popular Ethereum networks
function registerEth(name, chainId, options) {
const func = function () {
const network = new Network(name, chainId);
// We use 0 to disable ENS
if (options.ensNetwork != null) {
network.attachPlugin(new EnsPlugin(null, options.ensNetwork));
if (options.priorityFee) {
// network.attachPlugin(new MaxPriorityFeePlugin(options.priorityFee));
if (options.etherscan) {
const { url, apiKey } = options.etherscan;
network.attachPlugin(new EtherscanPlugin(url, apiKey));
network.attachPlugin(new GasCostPlugin());
return network;
// Register the network by name and chain ID
Network.register(name, func);
Network.register(chainId, func);
if (options.altNames) {
options.altNames.forEach((name) => {
Network.register(name, func);
registerEth("mainnet", 1, { ensNetwork: 1, altNames: ["homestead"] });
registerEth("ropsten", 3, { ensNetwork: 3 });
registerEth("rinkeby", 4, { ensNetwork: 4 });
registerEth("goerli", 5, { ensNetwork: 5 });
registerEth("kovan", 42, { ensNetwork: 42 });
registerEth("classic", 61, {});
registerEth("classicKotti", 6, {});
registerEth("xdai", 100, { ensNetwork: 1 });
registerEth("optimism", 10, {
ensNetwork: 1,
etherscan: { url: "https:/\/" }
registerEth("optimism-goerli", 420, {
etherscan: { url: "https:/\/" }
registerEth("arbitrum", 42161, {
ensNetwork: 1,
etherscan: { url: "https:/\/" }
registerEth("arbitrum-goerli", 421613, {
etherscan: { url: "https:/\/" }
// Polygon has a 35 gwei maxPriorityFee requirement
registerEth("matic", 137, {
ensNetwork: 1,
// priorityFee: 35000000000,
etherscan: {
// apiKey: "W6T8DJW654GNTQ34EFEYYP3EZD9DD27CT7",
url: "https:/\/"
registerEth("maticMumbai", 80001, {
// priorityFee: 35000000000,
etherscan: {
// apiKey: "W6T8DJW654GNTQ34EFEYYP3EZD9DD27CT7",
url: "https:/\/"
registerEth("bnb", 56, {
ensNetwork: 1,
etherscan: {
url: "http:/\/"
registerEth("bnbt", 97, {
etherscan: {
url: "http:/\/"
function copy$2(obj) {
return JSON.parse(JSON.stringify(obj));
* @_docloc: api/providers/abstract-provider
function getPollingSubscriber(provider, event) {
if (event === "block") {
return new PollingBlockSubscriber(provider);
if (isHexString(event, 32)) {
return new PollingTransactionSubscriber(provider, event);
assert$1(false, "unsupported polling event", "UNSUPPORTED_OPERATION", {
operation: "getPollingSubscriber", info: { event }
// @TODO: refactor this
* @_docloc: api/providers/abstract-provider
class PollingBlockSubscriber {
// The most recent block we have scanned for events. The value -2
// indicates we still need to fetch an initial block number
constructor(provider) {
this.#provider = provider;
this.#poller = null;
this.#interval = 4000;
this.#blockNumber = -2;
get pollingInterval() { return this.#interval; }
set pollingInterval(value) { this.#interval = value; }
async #poll() {
const blockNumber = await this.#provider.getBlockNumber();
if (this.#blockNumber === -2) {
this.#blockNumber = blockNumber;
// @TODO: Put a cap on the maximum number of events per loop?
if (blockNumber !== this.#blockNumber) {
for (let b = this.#blockNumber + 1; b <= blockNumber; b++) {
// We have been stopped
if (this.#poller == null) {
await this.#provider.emit("block", b);
this.#blockNumber = blockNumber;
// We have been stopped
if (this.#poller == null) {
this.#poller = this.#provider._setTimeout(this.#poll.bind(this), this.#interval);
start() {
if (this.#poller) {
this.#poller = this.#provider._setTimeout(this.#poll.bind(this), this.#interval);
stop() {
if (!this.#poller) {
this.#poller = null;
pause(dropWhilePaused) {
if (dropWhilePaused) {
this.#blockNumber = -2;
resume() {
* @_docloc: api/providers/abstract-provider
class OnBlockSubscriber {
constructor(provider) {
this.#provider = provider;
this.#running = false;
this.#poll = (blockNumber) => {
this._poll(blockNumber, this.#provider);
async _poll(blockNumber, provider) {
throw new Error("sub-classes must override this");
start() {
if (this.#running) {
this.#running = true;
this.#provider.on("block", this.#poll);
stop() {
if (!this.#running) {
this.#running = false;"block", this.#poll);
pause(dropWhilePaused) { this.stop(); }
resume() { this.start(); }
* @_docloc: api/providers/abstract-provider
class PollingOrphanSubscriber extends OnBlockSubscriber {
constructor(provider, filter) {
this.#filter = copy$2(filter);
async _poll(blockNumber, provider) {
throw new Error("@TODO");
* @_docloc: api/providers/abstract-provider
class PollingTransactionSubscriber extends OnBlockSubscriber {
constructor(provider, hash) {
this.#hash = hash;
async _poll(blockNumber, provider) {
const tx = await provider.getTransactionReceipt(this.#hash);
if (tx) {
provider.emit(this.#hash, tx);
* @_docloc: api/providers/abstract-provider
class PollingEventSubscriber {
// The most recent block we have scanned for events. The value -2
// indicates we still need to fetch an initial block number
constructor(provider, filter) {
this.#provider = provider;
this.#filter = copy$2(filter);
this.#poller = this.#poll.bind(this);
this.#running = false;
this.#blockNumber = -2;
async #poll(blockNumber) {
// The initial block hasn't been determined yet
if (this.#blockNumber === -2) {
const filter = copy$2(this.#filter);
filter.fromBlock = this.#blockNumber + 1;
filter.toBlock = blockNumber;
const logs = await this.#provider.getLogs(filter);
// No logs could just mean the node has not indexed them yet,
// so we keep a sliding window of 60 blocks to keep scanning
if (logs.length === 0) {
if (this.#blockNumber < blockNumber - 60) {
this.#blockNumber = blockNumber - 60;
this.#blockNumber = blockNumber;
for (const log of logs) {
this.#provider.emit(this.#filter, log);
start() {
if (this.#running) {
this.#running = true;
if (this.#blockNumber === -2) {
this.#provider.getBlockNumber().then((blockNumber) => {
this.#blockNumber = blockNumber;
this.#provider.on("block", this.#poller);
stop() {
if (!this.#running) {
this.#running = false;"block", this.#poller);
pause(dropWhilePaused) {
if (dropWhilePaused) {
this.#blockNumber = -2;
resume() {
* About Subclassing the Provider...
* @_section: api/providers/abstract-provider: Subclassing Provider [abstract-provider]
// Constants
const BN_2$1 = BigInt(2);
function isPromise$1(value) {
return (value && typeof (value.then) === "function");
function getTag(prefix, value) {
return prefix + ":" + JSON.stringify(value, (k, v) => {
if (v == null) {
return "null";
if (typeof (v) === "bigint") {
return `bigint:${v.toString()}`;
if (typeof (v) === "string") {
return v.toLowerCase();
// Sort object keys
if (typeof (v) === "object" && !Array.isArray(v)) {
const keys = Object.keys(v);
return keys.reduce((accum, key) => {
accum[key] = v[key];
return accum;
}, {});
return v;
class UnmanagedSubscriber {
constructor(name) { defineProperties(this, { name }); }
start() { }
stop() { }
pause(dropWhilePaused) { }
resume() { }
function copy$1(value) {
return JSON.parse(JSON.stringify(value));
function concisify(items) {
items = Array.from((new Set(items)).values());
return items;
async function getSubscription(_event, provider) {
if (_event == null) {
throw new Error("invalid event");
// Normalize topic array info an EventFilter
if (Array.isArray(_event)) {
_event = { topics: _event };
if (typeof (_event) === "string") {
switch (_event) {
case "block":
case "pending":
case "debug":
case "network": {
return { type: _event, tag: _event };
if (isHexString(_event, 32)) {
const hash = _event.toLowerCase();
return { type: "transaction", tag: getTag("tx", { hash }), hash };
if (_event.orphan) {
const event = _event;
// @TODO: Should lowercase and whatnot things here instead of copy...
return { type: "orphan", tag: getTag("orphan", event), filter: copy$1(event) };
if ((_event.address || _event.topics)) {
const event = _event;
const filter = {
topics: ((event.topics || []).map((t) => {
if (t == null) {
return null;
if (Array.isArray(t)) {
return concisify( => t.toLowerCase()));
return t.toLowerCase();
if (event.address) {
const addresses = [];
const promises = [];
const addAddress = (addr) => {
if (isHexString(addr)) {
else {
promises.push((async () => {
addresses.push(await resolveAddress(addr, provider));
if (Array.isArray(event.address)) {
else {
if (promises.length) {
await Promise.all(promises);
filter.address = concisify( => a.toLowerCase()));
return { filter, tag: getTag("event", filter), type: "event" };
assertArgument(false, "unknown ProviderEvent", "event", _event);
function getTime$1() { return (new Date()).getTime(); }
class AbstractProvider {
// null=unpaused, true=paused+dropWhilePaused, false=paused
// The most recent block number if running an event or -1 if no "block" event
// @TODO: This should be a () => Promise<Network> so network can be
// done when needed; or rely entirely on _detectNetwork?
constructor(_network) {
if (_network === "any") {
this.#anyNetwork = true;
this.#networkPromise = null;
else if (_network) {
const network = Network.from(_network);
this.#anyNetwork = false;
this.#networkPromise = Promise.resolve(network);
setTimeout(() => { this.emit("network", network, null); }, 0);
else {
this.#anyNetwork = false;
this.#networkPromise = null;
this.#lastBlockNumber = -1;
this.#performCache = new Map();
this.#subs = new Map();
this.#plugins = new Map();
this.#pausedState = null;
this.#nextTimer = 1;
this.#timers = new Map();
this.#disableCcipRead = false;
get provider() { return this; }
get plugins() {
return Array.from(this.#plugins.values());
attachPlugin(plugin) {
if (this.#plugins.get( {
throw new Error(`cannot replace existing plugin: ${} `);
this.#plugins.set(, plugin.connect(this));
return this;
getPlugin(name) {
return (this.#plugins.get(name)) || null;
get disableCcipRead() { return this.#disableCcipRead; }
set disableCcipRead(value) { this.#disableCcipRead = !!value; }
// Shares multiple identical requests made during the same 250ms
async #perform(req) {
// Create a tag
const tag = getTag(req.method, req);
let perform = this.#performCache.get(tag);
if (!perform) {
perform = this._perform(req);
this.#performCache.set(tag, perform);
setTimeout(() => {
if (this.#performCache.get(tag) === perform) {
}, 250);
return await perform;
async ccipReadFetch(tx, calldata, urls) {
if (this.disableCcipRead || urls.length === 0 || == null) {
return null;
const sender =;
const data = calldata.toLowerCase();
const errorMessages = [];
for (let i = 0; i < urls.length; i++) {
const url = urls[i];
// URL expansion
const href = url.replace("{sender}", sender).replace("{data}", data);
// If no {data} is present, use POST; otherwise GET
//const json: string | null = (url.indexOf("{data}") >= 0) ? null: JSON.stringify({ data, sender });
//const result = await fetchJson({ url: href, errorPassThrough: true }, json, (value, response) => {
// value.status = response.statusCode;
// return value;
const request = new FetchRequest(href);
if (url.indexOf("{data}") === -1) {
request.body = { data, sender };
this.emit("debug", { action: "sendCcipReadFetchRequest", request, index: i, urls });
let errorMessage = "unknown error";
const resp = await request.send();
try {
const result = resp.bodyJson;
if ( {
this.emit("debug", { action: "receiveCcipReadFetchResult", request, result });
if (result.message) {
errorMessage = result.message;
this.emit("debug", { action: "receiveCcipReadFetchError", request, result });
catch (error) { }
// 4xx indicates the result is not present; stop
assert$1(resp.statusCode < 400 || resp.statusCode >= 500, `response not found during CCIP fetch: ${errorMessage}`, "OFFCHAIN_FAULT", { reason: "404_MISSING_RESOURCE", transaction: tx, info: { url, errorMessage } });
// 5xx indicates server issue; try the next url
assert$1(false, `error encountered during CCIP fetch: ${ => JSON.stringify(m)).join(", ")}`, "OFFCHAIN_FAULT", {
reason: "500_SERVER_ERROR",
transaction: tx, info: { urls, errorMessages }
_wrapBlock(value, network) {
return new Block(formatBlock(value), this);
_wrapLog(value, network) {
return new Log(formatLog(value), this);
_wrapTransactionReceipt(value, network) {
return new TransactionReceipt(formatTransactionReceipt(value), this);
_wrapTransactionResponse(tx, network) {
return new TransactionResponse(tx, this);
_detectNetwork() {
assert$1(false, "sub-classes must implement this", "UNSUPPORTED_OPERATION", {
operation: "_detectNetwork"
// Sub-classes should override this and handle PerformActionRequest requests, calling
// the super for any unhandled actions.
async _perform(req) {
assert$1(false, `unsupported method: ${req.method}`, "UNSUPPORTED_OPERATION", {
operation: req.method,
info: req
// State
async getBlockNumber() {
const blockNumber = getNumber(await this.#perform({ method: "getBlockNumber" }), "%response");
if (this.#lastBlockNumber >= 0) {
this.#lastBlockNumber = blockNumber;
return blockNumber;
_getAddress(address) {
return resolveAddress(address, this);
_getBlockTag(blockTag) {
if (blockTag == null) {
return "latest";
switch (blockTag) {
case "earliest":
return "0x0";
case "latest":
case "pending":
case "safe":
case "finalized":
return blockTag;
if (isHexString(blockTag)) {
if (isHexString(blockTag, 32)) {
return blockTag;
return toQuantity(blockTag);
if (typeof (blockTag) === "number") {
if (blockTag >= 0) {
return toQuantity(blockTag);
if (this.#lastBlockNumber >= 0) {
return toQuantity(this.#lastBlockNumber + blockTag);
return this.getBlockNumber().then((b) => toQuantity(b + blockTag));
assertArgument(false, "invalid blockTag", "blockTag", blockTag);
_getFilter(filter) {
// Create a canonical representation of the topics
const topics = (filter.topics || []).map((t) => {
if (t == null) {
return null;
if (Array.isArray(t)) {
return concisify( => t.toLowerCase()));
return t.toLowerCase();
const blockHash = ("blockHash" in filter) ? filter.blockHash : undefined;
const resolve = (_address, fromBlock, toBlock) => {
let address = undefined;
switch (_address.length) {
case 0: break;
case 1:
address = _address[0];
address = _address;
if (blockHash) {
if (fromBlock != null || toBlock != null) {
throw new Error("invalid filter");
const filter = {};
if (address) {
filter.address = address;
if (topics.length) {
filter.topics = topics;
if (fromBlock) {
filter.fromBlock = fromBlock;
if (toBlock) {
filter.toBlock = toBlock;
if (blockHash) {
filter.blockHash = blockHash;
return filter;
// Addresses could be async (ENS names or Addressables)
let address = [];
if (filter.address) {
if (Array.isArray(filter.address)) {
for (const addr of filter.address) {
else {
let fromBlock = undefined;
if ("fromBlock" in filter) {
fromBlock = this._getBlockTag(filter.fromBlock);
let toBlock = undefined;
if ("toBlock" in filter) {
toBlock = this._getBlockTag(filter.toBlock);
if (address.filter((a) => (typeof (a) !== "string")).length ||
(fromBlock != null && typeof (fromBlock) !== "string") ||
(toBlock != null && typeof (toBlock) !== "string")) {
return Promise.all([Promise.all(address), fromBlock, toBlock]).then((result) => {
return resolve(result[0], result[1], result[2]);
return resolve(address, fromBlock, toBlock);
_getTransactionRequest(_request) {
const request = copyRequest(_request);
const promises = [];
["to", "from"].forEach((key) => {
if (request[key] == null) {
const addr = resolveAddress(request[key]);
if (isPromise$1(addr)) {
promises.push((async function () { request[key] = await addr; })());
else {
request[key] = addr;
if (request.blockTag != null) {
const blockTag = this._getBlockTag(request.blockTag);
if (isPromise$1(blockTag)) {
promises.push((async function () { request.blockTag = await blockTag; })());
else {
request.blockTag = blockTag;
if (promises.length) {
return (async function () {
await Promise.all(promises);
return request;
return request;
async getNetwork() {
// No explicit network was set and this is our first time
if (this.#networkPromise == null) {
// Detect the current network (shared with all calls)
const detectNetwork = this._detectNetwork().then((network) => {
this.emit("network", network, null);
return network;
}, (error) => {
// Reset the networkPromise on failure, so we will try again
if (this.#networkPromise === detectNetwork) {
this.#networkPromise = null;
throw error;
this.#networkPromise = detectNetwork;
return (await detectNetwork).clone();
const networkPromise = this.#networkPromise;
const [expected, actual] = await Promise.all([
this._detectNetwork() // The actual connected network
if (expected.chainId !== actual.chainId) {
if (this.#anyNetwork) {
// The "any" network can change, so notify listeners
this.emit("network", actual, expected);
// Update the network if something else hasn't already changed it
if (this.#networkPromise === networkPromise) {
this.#networkPromise = Promise.resolve(actual);
else {
// Otherwise, we do not allow changes to the underlying network
assert$1(false, `network changed: ${expected.chainId} => ${actual.chainId} `, "NETWORK_ERROR", {
event: "changed"
return expected.clone();
async getFeeData() {
const { block, gasPrice } = await resolveProperties({
block: this.getBlock("latest"),
gasPrice: ((async () => {
try {
const gasPrice = await this.#perform({ method: "getGasPrice" });
return getBigInt(gasPrice, "%response");
catch (error) { }
return null;
let maxFeePerGas = null, maxPriorityFeePerGas = null;
if (block && block.baseFeePerGas) {
// We may want to compute this more accurately in the future,
// using the formula "check if the base fee is correct".
// See:
maxPriorityFeePerGas = BigInt("1000000000");
// Allow a network to override their maximum priority fee per gas
//const priorityFeePlugin = (await this.getNetwork()).getPlugin<MaxPriorityFeePlugin>("org.ethers.plugins.max-priority-fee");
//if (priorityFeePlugin) {
// maxPriorityFeePerGas = await priorityFeePlugin.getPriorityFee(this);
maxFeePerGas = (block.baseFeePerGas * BN_2$1) + maxPriorityFeePerGas;
return new FeeData(gasPrice, maxFeePerGas, maxPriorityFeePerGas);
async estimateGas(_tx) {
let tx = this._getTransactionRequest(_tx);
if (isPromise$1(tx)) {
tx = await tx;
return getBigInt(await this.#perform({
method: "estimateGas", transaction: tx
}), "%response");
async #call(tx, blockTag, attempt) {
assert$1(attempt < MAX_CCIP_REDIRECTS, "CCIP read exceeded maximum redirections", "OFFCHAIN_FAULT", {
transaction: Object.assign({}, tx, { blockTag, enableCcipRead: true })
// This came in as a PerformActionTransaction, so to/from are safe; we can cast
const transaction = copyRequest(tx);
try {
return hexlify(await this._perform({ method: "call", transaction, blockTag }));
catch (error) {
// CCIP Read OffchainLookup
if (!this.disableCcipRead && isCallException(error) && && attempt >= 0 && blockTag === "latest" && != null && dataSlice(, 0, 4) === "0x556f1830") {
const data =;
const txSender = await resolveAddress(, this);
// Parse the CCIP Read Arguments
let ccipArgs;
try {
ccipArgs = parseOffchainLookup(dataSlice(, 4));
catch (error) {
assert$1(false, error.message, "OFFCHAIN_FAULT", {
reason: "BAD_DATA", transaction, info: { data }
// Check the sender of the OffchainLookup matches the transaction
assert$1(ccipArgs.sender.toLowerCase() === txSender.toLowerCase(), "CCIP Read sender mismatch", "CALL_EXCEPTION", {
action: "call",
reason: "OffchainLookup",
transaction: transaction,
invocation: null,
revert: {
signature: "OffchainLookup(address,string[],bytes,bytes4,bytes)",
name: "OffchainLookup",
args: ccipArgs.errorArgs
const ccipResult = await this.ccipReadFetch(transaction, ccipArgs.calldata, ccipArgs.urls);
assert$1(ccipResult != null, "CCIP Read failed to fetch data", "OFFCHAIN_FAULT", {
reason: "FETCH_FAILED", transaction, info: { data:, errorArgs: ccipArgs.errorArgs }
const tx = {
to: txSender,
data: concat([ccipArgs.selector, encodeBytes([ccipResult, ccipArgs.extraData])])
this.emit("debug", { action: "sendCcipReadCall", transaction: tx });
try {
const result = await this.#call(tx, blockTag, attempt + 1);
this.emit("debug", { action: "receiveCcipReadCallResult", transaction: Object.assign({}, tx), result });
return result;
catch (error) {
this.emit("debug", { action: "receiveCcipReadCallError", transaction: Object.assign({}, tx), error });
throw error;
throw error;
async #checkNetwork(promise) {
const { value } = await resolveProperties({
network: this.getNetwork(),
value: promise
return value;
async call(_tx) {
const { tx, blockTag } = await resolveProperties({
tx: this._getTransactionRequest(_tx),
blockTag: this._getBlockTag(_tx.blockTag)
return await this.#checkNetwork(this.#call(tx, blockTag, _tx.enableCcipRead ? 0 : -1));
// Account
async #getAccountValue(request, _address, _blockTag) {
let address = this._getAddress(_address);
let blockTag = this._getBlockTag(_blockTag);
if (typeof (address) !== "string" || typeof (blockTag) !== "string") {
[address, blockTag] = await Promise.all([address, blockTag]);
return await this.#checkNetwork(this.#perform(Object.assign(request, { address, blockTag })));
async getBalance(address, blockTag) {
return getBigInt(await this.#getAccountValue({ method: "getBalance" }, address, blockTag), "%response");
async getTransactionCount(address, blockTag) {
return getNumber(await this.#getAccountValue({ method: "getTransactionCount" }, address, blockTag), "%response");
async getCode(address, blockTag) {
return hexlify(await this.#getAccountValue({ method: "getCode" }, address, blockTag));
async getStorage(address, _position, blockTag) {
const position = getBigInt(_position, "position");
return hexlify(await this.#getAccountValue({ method: "getStorage", position }, address, blockTag));
// Write
async broadcastTransaction(signedTx) {
const { blockNumber, hash, network } = await resolveProperties({
blockNumber: this.getBlockNumber(),
hash: this._perform({
method: "broadcastTransaction",
signedTransaction: signedTx
network: this.getNetwork()
const tx = Transaction.from(signedTx);
if (tx.hash !== hash) {
throw new Error("@TODO: the returned hash did not match");
return this._wrapTransactionResponse(tx, network).replaceableTransaction(blockNumber);
async #getBlock(block, includeTransactions) {
// @TODO: Add CustomBlockPlugin check
if (isHexString(block, 32)) {
return await this.#perform({
method: "getBlock", blockHash: block, includeTransactions
let blockTag = this._getBlockTag(block);
if (typeof (blockTag) !== "string") {
blockTag = await blockTag;
return await this.#perform({
method: "getBlock", blockTag, includeTransactions
// Queries
async getBlock(block, prefetchTxs) {
const { network, params } = await resolveProperties({
network: this.getNetwork(),
params: this.#getBlock(block, !!prefetchTxs)
if (params == null) {
return null;
return this._wrapBlock(formatBlock(params), network);
async getTransaction(hash) {
const { network, params } = await resolveProperties({
network: this.getNetwork(),
params: this.#perform({ method: "getTransaction", hash })
if (params == null) {
return null;
return this._wrapTransactionResponse(formatTransactionResponse(params), network);
async getTransactionReceipt(hash) {
const { network, params } = await resolveProperties({
network: this.getNetwork(),
params: this.#perform({ method: "getTransactionReceipt", hash })
if (params == null) {
return null;
// Some backends did not backfill the effectiveGasPrice into old transactions
// in the receipt, so we look it up manually and inject it.
if (params.gasPrice == null && params.effectiveGasPrice == null) {
const tx = await this.#perform({ method: "getTransaction", hash });
if (tx == null) {
throw new Error("report this; could not find tx or effectiveGasPrice");
params.effectiveGasPrice = tx.gasPrice;
return this._wrapTransactionReceipt(formatTransactionReceipt(params), network);
async getTransactionResult(hash) {
const { result } = await resolveProperties({
network: this.getNetwork(),
result: this.#perform({ method: "getTransactionResult", hash })
if (result == null) {
return null;
return hexlify(result);
// Bloom-filter Queries
async getLogs(_filter) {
let filter = this._getFilter(_filter);
if (isPromise$1(filter)) {
filter = await filter;
const { network, params } = await resolveProperties({
network: this.getNetwork(),
params: this.#perform({ method: "getLogs", filter })
return => this._wrapLog(formatLog(p), network));
// ENS
_getProvider(chainId) {
assert$1(false, "provider cannot connect to target network", "UNSUPPORTED_OPERATION", {
operation: "_getProvider()"
async getResolver(name) {
return await EnsResolver.fromName(this, name);
async getAvatar(name) {
const resolver = await this.getResolver(name);
if (resolver) {
return await resolver.getAvatar();
return null;
async resolveName(name) {
const resolver = await this.getResolver(name);
if (resolver) {
return await resolver.getAddress();
return null;
async lookupAddress(address) {
address = getAddress(address);
const node = namehash(address.substring(2).toLowerCase() + ".addr.reverse");
try {
const ensAddr = await EnsResolver.getEnsAddress(this);
const ensContract = new Contract(ensAddr, [
"function resolver(bytes32) view returns (address)"
], this);
const resolver = await ensContract.resolver(node);
if (resolver == null || resolver === ZeroHash) {
return null;
const resolverContract = new Contract(resolver, [
"function name(bytes32) view returns (string)"
], this);
const name = await;
// Failed forward resolution
const check = await this.resolveName(name);
if (check !== address) {
return null;
return name;
catch (error) {
// No data was returned from the resolver
if (isError(error, "BAD_DATA") && error.value === "0x") {
return null;
// Something reerted
if (isError(error, "CALL_EXCEPTION")) {
return null;
throw error;
return null;
async waitForTransaction(hash, _confirms, timeout) {
const confirms = (_confirms != null) ? _confirms : 1;
if (confirms === 0) {
return this.getTransactionReceipt(hash);
return new Promise(async (resolve, reject) => {
let timer = null;
const listener = (async (blockNumber) => {
try {
const receipt = await this.getTransactionReceipt(hash);
if (receipt != null) {
if (blockNumber - receipt.blockNumber + 1 >= confirms) {
//"block", listener);
if (timer) {
timer = null;
catch (error) {
console.log("EEE", error);
this.once("block", listener);
if (timeout != null) {
timer = setTimeout(() => {
if (timer == null) {
timer = null;"block", listener);
reject(makeError("timeout", "TIMEOUT", { reason: "timeout" }));
}, timeout);
listener(await this.getBlockNumber());
async waitForBlock(blockTag) {
assert$1(false, "not implemented yet", "NOT_IMPLEMENTED", {
operation: "waitForBlock"
_clearTimeout(timerId) {
const timer = this.#timers.get(timerId);
if (!timer) {
if (timer.timer) {
_setTimeout(_func, timeout) {
if (timeout == null) {
timeout = 0;
const timerId = this.#nextTimer++;
const func = () => {
if (this.paused) {
this.#timers.set(timerId, { timer: null, func, time: timeout });
else {
const timer = setTimeout(func, timeout);
this.#timers.set(timerId, { timer, func, time: getTime$1() });
return timerId;
_forEachSubscriber(func) {
for (const sub of this.#subs.values()) {
// Event API; sub-classes should override this; any supported
// event filter will have been munged into an EventFilter
_getSubscriber(sub) {
switch (sub.type) {
case "debug":
case "network":
return new UnmanagedSubscriber(sub.type);
case "block":
return new PollingBlockSubscriber(this);
case "event":
return new PollingEventSubscriber(this, sub.filter);
case "transaction":
return new PollingTransactionSubscriber(this, sub.hash);
case "orphan":
return new PollingOrphanSubscriber(this, sub.filter);
throw new Error(`unsupported event: ${sub.type}`);
_recoverSubscriber(oldSub, newSub) {
for (const sub of this.#subs.values()) {
if (sub.subscriber === oldSub) {
if (sub.started) {
sub.subscriber = newSub;
if (sub.started) {
if (this.#pausedState != null) {
async #hasSub(event, emitArgs) {
let sub = await getSubscription(event, this);
// This is a log that is removing an existing log; we actually want
// to emit an orphan event for the removed log
if (sub.type === "event" && emitArgs && emitArgs.length > 0 && emitArgs[0].removed === true) {
sub = await getSubscription({ orphan: "drop-log", log: emitArgs[0] }, this);
return this.#subs.get(sub.tag) || null;
async #getSub(event) {
const subscription = await getSubscription(event, this);
// Prevent tampering with our tag in any subclass' _getSubscriber
const tag = subscription.tag;
let sub = this.#subs.get(tag);
if (!sub) {
const subscriber = this._getSubscriber(subscription);
const addressableMap = new WeakMap();
const nameMap = new Map();
sub = { subscriber, tag, addressableMap, nameMap, started: false, listeners: [] };
this.#subs.set(tag, sub);
return sub;
async on(event, listener) {
const sub = await this.#getSub(event);
sub.listeners.push({ listener, once: false });
if (!sub.started) {
sub.started = true;
if (this.#pausedState != null) {
return this;
async once(event, listener) {
const sub = await this.#getSub(event);
sub.listeners.push({ listener, once: true });
if (!sub.started) {
sub.started = true;
if (this.#pausedState != null) {
return this;
async emit(event, ...args) {
const sub = await this.#hasSub(event, args);
// If there is not subscription or if a recent emit removed
// the last of them (which also deleted the sub) do nothing
if (!sub || sub.listeners.length === 0) {
return false;
const count = sub.listeners.length;
sub.listeners = sub.listeners.filter(({ listener, once }) => {
const payload = new EventPayload(this, (once ? null : listener), event);
try {, ...args, payload);
catch (error) { }
return !once;
if (sub.listeners.length === 0) {
if (sub.started) {
return (count > 0);
async listenerCount(event) {
if (event) {
const sub = await this.#hasSub(event);
if (!sub) {
return 0;
return sub.listeners.length;
let total = 0;
for (const { listeners } of this.#subs.values()) {
total += listeners.length;
return total;
async listeners(event) {
if (event) {
const sub = await this.#hasSub(event);
if (!sub) {
return [];
return{ listener }) => listener);
let result = [];
for (const { listeners } of this.#subs.values()) {
result = result.concat({ listener }) => listener));
return result;
async off(event, listener) {
const sub = await this.#hasSub(event);
if (!sub) {
return this;
if (listener) {
const index ={ listener }) => listener).indexOf(listener);
if (index >= 0) {
sub.listeners.splice(index, 1);
if (!listener || sub.listeners.length === 0) {
if (sub.started) {
return this;
async removeAllListeners(event) {
if (event) {
const { tag, started, subscriber } = await this.#getSub(event);
if (started) {
else {
for (const [tag, { started, subscriber }] of this.#subs) {
if (started) {
return this;
// Alias for "on"
async addListener(event, listener) {
return await this.on(event, listener);
// Alias for "off"
async removeListener(event, listener) {
return, listener);
// Sub-classes should override this to shutdown any sockets, etc.
// but MUST call this super.shutdown.
destroy() {
// Stop all listeners
// Shut down all tiemrs
for (const timerId of this.#timers.keys()) {
get paused() { return (this.#pausedState != null); }
set paused(pause) {
if (!!pause === this.paused) {
if (this.paused) {
else {
pause(dropWhilePaused) {
this.#lastBlockNumber = -1;
if (this.#pausedState != null) {
if (this.#pausedState == !!dropWhilePaused) {
assert$1(false, "cannot change pause type; resume first", "UNSUPPORTED_OPERATION", {
operation: "pause"
this._forEachSubscriber((s) => s.pause(dropWhilePaused));
this.#pausedState = !!dropWhilePaused;
for (const timer of this.#timers.values()) {
// Clear the timer
if (timer.timer) {
// Remaining time needed for when we become unpaused
timer.time = getTime$1() - timer.time;
resume() {
if (this.#pausedState == null) {
this._forEachSubscriber((s) => s.resume());
this.#pausedState = null;
for (const timer of this.#timers.values()) {
// Remaining time when we were paused
let timeout = timer.time;
if (timeout < 0) {
timeout = 0;
// Start time (in cause paused, so we con compute remaininf time)
timer.time = getTime$1();
// Start the timer
setTimeout(timer.func, timeout);
function _parseString(result, start) {
try {
const bytes = _parseBytes(result, start);
if (bytes) {
return toUtf8String(bytes);
catch (error) { }
return null;
function _parseBytes(result, start) {
if (result === "0x") {
return null;
try {
const offset = getNumber(dataSlice(result, start, start + 32));
const length = getNumber(dataSlice(result, offset, offset + 32));
return dataSlice(result, offset + 32, offset + 32 + length);
catch (error) { }
return null;
function numPad(value) {
const result = toBeArray(value);
if (result.length > 32) {
throw new Error("internal; should not happen");
const padded = new Uint8Array(32);
padded.set(result, 32 - result.length);
return padded;
function bytesPad(value) {
if ((value.length % 32) === 0) {
return value;
const result = new Uint8Array(Math.ceil(value.length / 32) * 32);
return result;
const empty = new Uint8Array([]);
// ABI Encodes a series of (bytes, bytes, ...)
function encodeBytes(datas) {
const result = [];
let byteCount = 0;
// Add place-holders for pointers as we add items
for (let i = 0; i < datas.length; i++) {
byteCount += 32;
for (let i = 0; i < datas.length; i++) {
const data = getBytes(datas[i]);
// Update the bytes offset
result[i] = numPad(byteCount);
// The length and padded value of data
byteCount += 32 + Math.ceil(data.length / 32) * 32;
return concat(result);
const zeros = "0x0000000000000000000000000000000000000000000000000000000000000000";
function parseOffchainLookup(data) {
const result = {
sender: "", urls: [], calldata: "", selector: "", extraData: "", errorArgs: []
assert$1(dataLength(data) >= 5 * 32, "insufficient OffchainLookup data", "OFFCHAIN_FAULT", {
reason: "insufficient OffchainLookup data"
const sender = dataSlice(data, 0, 32);
assert$1(dataSlice(sender, 0, 12) === dataSlice(zeros, 0, 12), "corrupt OffchainLookup sender", "OFFCHAIN_FAULT", {
reason: "corrupt OffchainLookup sender"
result.sender = dataSlice(sender, 12);
// Read the URLs from the response
try {
const urls = [];
const urlsOffset = getNumber(dataSlice(data, 32, 64));
const urlsLength = getNumber(dataSlice(data, urlsOffset, urlsOffset + 32));
const urlsData = dataSlice(data, urlsOffset + 32);
for (let u = 0; u < urlsLength; u++) {
const url = _parseString(urlsData, u * 32);
if (url == null) {
throw new Error("abort");
result.urls = urls;
catch (error) {
assert$1(false, "corrupt OffchainLookup urls", "OFFCHAIN_FAULT", {
reason: "corrupt OffchainLookup urls"
// Get the CCIP calldata to forward
try {
const calldata = _parseBytes(data, 64);
if (calldata == null) {
throw new Error("abort");
result.calldata = calldata;
catch (error) {
assert$1(false, "corrupt OffchainLookup calldata", "OFFCHAIN_FAULT", {
reason: "corrupt OffchainLookup calldata"
// Get the callbackSelector (bytes4)
assert$1(dataSlice(data, 100, 128) === dataSlice(zeros, 0, 28), "corrupt OffchainLookup callbaackSelector", "OFFCHAIN_FAULT", {
reason: "corrupt OffchainLookup callbaackSelector"
result.selector = dataSlice(data, 96, 100);
// Get the extra data to send back to the contract as context
try {
const extraData = _parseBytes(data, 128);
if (extraData == null) {
throw new Error("abort");
result.extraData = extraData;
catch (error) {
assert$1(false, "corrupt OffchainLookup extraData", "OFFCHAIN_FAULT", {
reason: "corrupt OffchainLookup extraData"
result.errorArgs = "sender,urls,calldata,selector,extraData".split(/,/).map((k) => result[k]);
return result;
* About Abstract Signer and subclassing
* @_section: api/providers/abstract-signer: Subclassing Signer [abstract-signer]
function checkProvider(signer, operation) {
if (signer.provider) {
return signer.provider;
assert$1(false, "missing provider", "UNSUPPORTED_OPERATION", { operation });
async function populate(signer, tx) {
let pop = copyRequest(tx);
if ( != null) { = resolveAddress(, signer);
if (pop.from != null) {
const from = pop.from;
pop.from = Promise.all([
resolveAddress(from, signer)
]).then(([address, from]) => {
assertArgument(address.toLowerCase() === from.toLowerCase(), "transaction from mismatch", "tx.from", from);
return address;
else {
pop.from = signer.getAddress();
return await resolveProperties(pop);
class AbstractSigner {
constructor(provider) {
defineProperties(this, { provider: (provider || null) });
async getNonce(blockTag) {
return checkProvider(this, "getTransactionCount").getTransactionCount(await this.getAddress(), blockTag);
async populateCall(tx) {
const pop = await populate(this, tx);
return pop;
async populateTransaction(tx) {
const provider = checkProvider(this, "populateTransaction");
const pop = await populate(this, tx);
if (pop.nonce == null) {
pop.nonce = await this.getNonce("pending");
if (pop.gasLimit == null) {
pop.gasLimit = await this.estimateGas(pop);
// Populate the chain ID
const network = await (this.provider).getNetwork();
if (pop.chainId != null) {
const chainId = getBigInt(pop.chainId);
assertArgument(chainId === network.chainId, "transaction chainId mismatch", "tx.chainId", tx.chainId);
else {
pop.chainId = network.chainId;
// Do not allow mixing pre-eip-1559 and eip-1559 properties
const hasEip1559 = (pop.maxFeePerGas != null || pop.maxPriorityFeePerGas != null);
if (pop.gasPrice != null && (pop.type === 2 || hasEip1559)) {
assertArgument(false, "eip-1559 transaction do not support gasPrice", "tx", tx);
else if ((pop.type === 0 || pop.type === 1) && hasEip1559) {
assertArgument(false, "pre-eip-1559 transaction do not support maxFeePerGas/maxPriorityFeePerGas", "tx", tx);
if ((pop.type === 2 || pop.type == null) && (pop.maxFeePerGas != null && pop.maxPriorityFeePerGas != null)) {
// Fully-formed EIP-1559 transaction (skip getFeeData)
pop.type = 2;
else if (pop.type === 0 || pop.type === 1) {
// Explicit Legacy or EIP-2930 transaction
// We need to get fee data to determine things
const feeData = await provider.getFeeData();
assert$1(feeData.gasPrice != null, "network does not support gasPrice", "UNSUPPORTED_OPERATION", {
operation: "getGasPrice"
// Populate missing gasPrice
if (pop.gasPrice == null) {
pop.gasPrice = feeData.gasPrice;
else {
// We need to get fee data to determine things
const feeData = await provider.getFeeData();
if (pop.type == null) {
// We need to auto-detect the intended type of this transaction...
if (feeData.maxFeePerGas != null && feeData.maxPriorityFeePerGas != null) {
// The network supports EIP-1559!
// Upgrade transaction from null to eip-1559
pop.type = 2;
if (pop.gasPrice != null) {
// Using legacy gasPrice property on an eip-1559 network,
// so use gasPrice as both fee properties
const gasPrice = pop.gasPrice;
delete pop.gasPrice;
pop.maxFeePerGas = gasPrice;
pop.maxPriorityFeePerGas = gasPrice;
else {
// Populate missing fee data
if (pop.maxFeePerGas == null) {
pop.maxFeePerGas = feeData.maxFeePerGas;
if (pop.maxPriorityFeePerGas == null) {
pop.maxPriorityFeePerGas = feeData.maxPriorityFeePerGas;
else if (feeData.gasPrice != null) {
// Network doesn't support EIP-1559...
// ...but they are trying to use EIP-1559 properties
assert$1(!hasEip1559, "network does not support EIP-1559", "UNSUPPORTED_OPERATION", {
operation: "populateTransaction"
// Populate missing fee data
if (pop.gasPrice == null) {
pop.gasPrice = feeData.gasPrice;
// Explicitly set untyped transaction to legacy
// @TODO: Maybe this shold allow type 1?
pop.type = 0;
else {
// getFeeData has failed us.
assert$1(false, "failed to get consistent fee data", "UNSUPPORTED_OPERATION", {
operation: "signer.getFeeData"
else if (pop.type === 2) {
// Explicitly using EIP-1559
// Populate missing fee data
if (pop.maxFeePerGas == null) {
pop.maxFeePerGas = feeData.maxFeePerGas;
if (pop.maxPriorityFeePerGas == null) {
pop.maxPriorityFeePerGas = feeData.maxPriorityFeePerGas;
//@TOOD: Don't await all over the place; save them up for
// the end for better batching
return await resolveProperties(pop);
async estimateGas(tx) {
return checkProvider(this, "estimateGas").estimateGas(await this.populateCall(tx));
async call(tx) {
return checkProvider(this, "call").call(await this.populateCall(tx));
async resolveName(name) {
const provider = checkProvider(this, "resolveName");
return await provider.resolveName(name);
async sendTransaction(tx) {
const provider = checkProvider(this, "sendTransaction");
const pop = await this.populateTransaction(tx);
delete pop.from;
const txObj = Transaction.from(pop);
return await provider.broadcastTransaction(await this.signTransaction(txObj));
class VoidSigner extends AbstractSigner {
constructor(address, provider) {
defineProperties(this, { address });
async getAddress() { return this.address; }
connect(provider) {
return new VoidSigner(this.address, provider);
#throwUnsupported(suffix, operation) {
assert$1(false, `VoidSigner cannot sign ${suffix}`, "UNSUPPORTED_OPERATION", { operation });
async signTransaction(tx) {
this.#throwUnsupported("transactions", "signTransaction");
async signMessage(message) {
this.#throwUnsupported("messages", "signMessage");
async signTypedData(domain, types, value) {
this.#throwUnsupported("typed-data", "signTypedData");
* There are many awesome community services that provide Ethereum
* nodes both for developers just starting out and for large-scale
* communities.
* @_section: api/providers/thirdparty: Community Providers [thirdparty]
// Show the throttle message only once per service
const shown = new Set();
* Displays a warning in tht console when the community resource is
* being used too heavily by the app, recommending the developer
* acquire their own credentials instead of using the community
* credentials.
* The notification will only occur once per service.
function showThrottleMessage(service) {
if (shown.has(service)) {
console.log("========= NOTICE =========");
console.log(`Request-Rate Exceeded for ${service} (this message will not be repeated)`);
console.log("The default API keys for each service are provided as a highly-throttled,");
console.log("community resource for low-traffic projects and early prototyping.");
console.log("While your application will continue to function, we highly recommended");
console.log("signing up for your own API keys to improve performance, increase your");
console.log("request rate/limit and enable other perks, such as metrics and advanced APIs.");
console.log("For more details: https:/\/");
function copy(obj) {
return JSON.parse(JSON.stringify(obj));
* Some backends support subscribing to events using a Filter ID.
* When subscribing with this technique, the node issues a unique
* //Filter ID//. At this point the node dedicates resources to
* the filter, so that periodic calls to follow up on the //Filter ID//
* will receive any events since the last call.
* @_docloc: api/providers/abstract-provider
class FilterIdSubscriber {
constructor(provider) {
this.#provider = provider;
this.#filterIdPromise = null;
this.#poller = this.#poll.bind(this);
this.#running = false;
this.#network = null;
this.#hault = false;
_subscribe(provider) {
throw new Error("subclasses must override this");
_emitResults(provider, result) {
throw new Error("subclasses must override this");
_recover(provider) {
throw new Error("subclasses must override this");
async #poll(blockNumber) {
try {
// Subscribe if necessary
if (this.#filterIdPromise == null) {
this.#filterIdPromise = this._subscribe(this.#provider);
// Get the Filter ID
let filterId = null;
try {
filterId = await this.#filterIdPromise;
catch (error) {
if (!isError(error, "UNSUPPORTED_OPERATION") || error.operation !== "eth_newFilter") {
throw error;
// The backend does not support Filter ID; downgrade to
// polling
if (filterId == null) {
this.#filterIdPromise = null;
this.#provider._recoverSubscriber(this, this._recover(this.#provider));
const network = await this.#provider.getNetwork();
if (!this.#network) {
this.#network = network;
if (this.#network.chainId !== network.chainId) {
throw new Error("chaid changed");
if (this.#hault) {
const result = await this.#provider.send("eth_getFilterChanges", [filterId]);
await this._emitResults(this.#provider, result);
catch (error) {
console.log("@TODO", error);
this.#provider.once("block", this.#poller);
#teardown() {
const filterIdPromise = this.#filterIdPromise;
if (filterIdPromise) {
this.#filterIdPromise = null;
filterIdPromise.then((filterId) => {
this.#provider.send("eth_uninstallFilter", [filterId]);
start() {
if (this.#running) {
this.#running = true;
stop() {
if (!this.#running) {
this.#running = false;
this.#hault = true;
this.#teardown();"block", this.#poller);
pause(dropWhilePaused) {
if (dropWhilePaused) {
}"block", this.#poller);
resume() { this.start(); }
* A **FilterIdSubscriber** for receiving contract events.
* @_docloc: api/providers/abstract-provider
class FilterIdEventSubscriber extends FilterIdSubscriber {
constructor(provider, filter) {
this.#event = copy(filter);
_recover(provider) {
return new PollingEventSubscriber(provider, this.#event);
async _subscribe(provider) {
const filterId = await provider.send("eth_newFilter", [this.#event]);
return filterId;
async _emitResults(provider, results) {
for (const result of results) {
provider.emit(this.#event, provider._wrapLog(result, provider._network));
* A **FilterIdSubscriber** for receiving pending transactions events.
* @_docloc: api/providers/abstract-provider
class FilterIdPendingSubscriber extends FilterIdSubscriber {
async _subscribe(provider) {
return await provider.send("eth_newPendingTransactionFilter", []);
async _emitResults(provider, results) {
for (const result of results) {
provider.emit("pending", result);
* About JSON-RPC...
* @_section: api/providers/jsonrpc:JSON-RPC Provider [about-jsonrpcProvider]
const Primitive = "bigint,boolean,function,number,string,symbol".split(/,/g);
//const Methods = "getAddress,then".split(/,/g);
function deepCopy(value) {
if (value == null || Primitive.indexOf(typeof (value)) >= 0) {
return value;
// Keep any Addressable
if (typeof (value.getAddress) === "function") {
return value;
if (Array.isArray(value)) {
return (;
if (typeof (value) === "object") {
return Object.keys(value).reduce((accum, key) => {
accum[key] = value[key];
return accum;
}, {});
throw new Error(`should not happen: ${value} (${typeof (value)})`);
function stall$3(duration) {
return new Promise((resolve) => { setTimeout(resolve, duration); });
function getLowerCase(value) {
if (value) {
return value.toLowerCase();
return value;
function isPollable(value) {
return (value && typeof (value.pollingInterval) === "number");
const defaultOptions = {
polling: false,
staticNetwork: null,
batchStallTime: 10,
batchMaxSize: (1 << 20),
batchMaxCount: 100 // 100 requests
// @TODO: Unchecked Signers
class JsonRpcSigner extends AbstractSigner {
constructor(provider, address) {
defineProperties(this, { address });
connect(provider) {
assert$1(false, "cannot reconnect JsonRpcSigner", "UNSUPPORTED_OPERATION", {
operation: "signer.connect"
async getAddress() {
return this.address;
// JSON-RPC will automatially fill in nonce, etc. so we just check from
async populateTransaction(tx) {
return await this.populateCall(tx);
// Returns just the hash of the transaction after sent, which is what
// the bare JSON-RPC API does;
async sendUncheckedTransaction(_tx) {
const tx = deepCopy(_tx);
const promises = [];
// Make sure the from matches the sender
if (tx.from) {
const _from = tx.from;
promises.push((async () => {
const from = await resolveAddress(_from, this.provider);
assertArgument(from != null && from.toLowerCase() === this.address.toLowerCase(), "from address mismatch", "transaction", _tx);
tx.from = from;
else {
tx.from = this.address;
// The JSON-RPC for eth_sendTransaction uses 90000 gas; if the user
// wishes to use this, it is easy to specify explicitly, otherwise
// we look it up for them.
if (tx.gasLimit == null) {
promises.push((async () => {
tx.gasLimit = await this.provider.estimateGas({ ...tx, from: this.address });
// The address may be an ENS name or Addressable
if ( != null) {
const _to =;
promises.push((async () => { = await resolveAddress(_to, this.provider);
// Wait until all of our properties are filled in
if (promises.length) {
await Promise.all(promises);
const hexTx = this.provider.getRpcTransaction(tx);
return this.provider.send("eth_sendTransaction", [hexTx]);
async sendTransaction(tx) {
// This cannot be mined any earlier than any recent block
const blockNumber = await this.provider.getBlockNumber();
// Send the transaction
const hash = await this.sendUncheckedTransaction(tx);
// Unfortunately, JSON-RPC only provides and opaque transaction hash
// for a response, and we need the actual transaction, so we poll
// for it; it should show up very quickly
return await (new Promise((resolve, reject) => {
const timeouts = [1000, 100];
const checkTx = async () => {
// Try getting the transaction
const tx = await this.provider.getTransaction(hash);
if (tx != null) {
// Wait another 4 seconds
this.provider._setTimeout(() => { checkTx(); }, timeouts.pop() || 4000);
async signTransaction(_tx) {
const tx = deepCopy(_tx);
// Make sure the from matches the sender
if (tx.from) {
const from = await resolveAddress(tx.from, this.provider);
assertArgument(from != null && from.toLowerCase() === this.address.toLowerCase(), "from address mismatch", "transaction", _tx);
tx.from = from;
else {
tx.from = this.address;
const hexTx = this.provider.getRpcTransaction(tx);
return await this.provider.send("eth_signTransaction", [hexTx]);
async signMessage(_message) {
const message = ((typeof (_message) === "string") ? toUtf8Bytes(_message) : _message);
return await this.provider.send("personal_sign", [
hexlify(message), this.address.toLowerCase()
async signTypedData(domain, types, _value) {
const value = deepCopy(_value);
// Populate any ENS names (in-place)
const populated = await TypedDataEncoder.resolveNames(domain, types, value, async (value) => {
const address = await resolveAddress(value);
assertArgument(address != null, "TypedData does not support null address", "value", value);
return address;
return await this.provider.send("eth_signTypedData_v4", [
JSON.stringify(TypedDataEncoder.getPayload(populated.domain, types, populated.value))
async unlock(password) {
return this.provider.send("personal_unlockAccount", [
this.address.toLowerCase(), password, null
async _legacySignMessage(_message) {
const message = ((typeof (_message) === "string") ? toUtf8Bytes(_message) : _message);
return await this.provider.send("eth_sign", [
this.address.toLowerCase(), hexlify(message)
* The JsonRpcApiProvider is an abstract class and **MUST** be
* sub-classed.
* It provides the base for all JSON-RPC-based Provider interaction.
* Sub-classing Notes:
* - a sub-class MUST override _send
* - a sub-class MUST call the `_start()` method once connected
class JsonRpcApiProvider extends AbstractProvider {
// The next ID to use for the JSON-RPC ID field
// Payloads are queued and triggered in batches using the drainTimer
#scheduleDrain() {
if (this.#drainTimer) {
// If we aren't using batching, no hard in sending it immeidately
const stallTime = (this._getOption("batchMaxCount") === 1) ? 0 : this._getOption("batchStallTime");
this.#drainTimer = setTimeout(() => {
this.#drainTimer = null;
const payloads = this.#payloads;
this.#payloads = [];
while (payloads.length) {
// Create payload batches that satisfy our batch constraints
const batch = [(payloads.shift())];
while (payloads.length) {
if (batch.length === this.#options.batchMaxCount) {
const bytes = JSON.stringify( => p.payload));
if (bytes.length > this.#options.batchMaxSize) {
// Process the result to each payload
(async () => {
const payload = ((batch.length === 1) ? batch[0].payload : => p.payload));
this.emit("debug", { action: "sendRpcPayload", payload });
try {
const result = await this._send(payload);
this.emit("debug", { action: "receiveRpcResult", result });
// Process results in batch order
for (const { resolve, reject, payload } of batch) {
// Find the matching result
const resp = result.filter((r) => ( ===[0];
// No result; the node failed us in unexpected ways
if (resp == null) {
return reject(new Error("@TODO: no result"));
// The response is an error
if ("error" in resp) {
return reject(this.getRpcError(payload, resp));
// All good; send the result
catch (error) {
this.emit("debug", { action: "receiveRpcError", error });
for (const { reject } of batch) {
// @TODO: augment the error with the payload
}, stallTime);
constructor(network, options) {
this.#nextId = 1;
this.#options = Object.assign({}, defaultOptions, options || {});
this.#payloads = [];
this.#drainTimer = null;
this.#network = null;
let resolve = null;
const promise = new Promise((_resolve) => {
resolve = _resolve;
this.#notReady = { promise, resolve };
// This could be relaxed in the future to just check equivalent networks
const staticNetwork = this._getOption("staticNetwork");
if (staticNetwork) {
assertArgument(staticNetwork === network, "staticNetwork MUST match network object", "options", options);
this.#network = staticNetwork;
* Returns the value associated with the option %%key%%.
* Sub-classes can use this to inquire about configuration options.
_getOption(key) {
return this.#options[key];
* Gets the [[Network]] this provider has committed to. On each call, the network
* is detected, and if it has changed, the call will reject.
get _network() {
assert$1(this.#network, "network is not available yet", "NETWORK_ERROR");
return this.#network;
assert(false, "sub-classes must override _send", "UNSUPPORTED_OPERATION", {
operation: "jsonRpcApiProvider._send"
* Resolves to the non-normalized value by performing %%req%%.
* Sub-classes may override this to modify behavior of actions,
* and should generally call ``super._perform`` as a fallback.
async _perform(req) {
// Legacy networks do not like the type field being passed along (which
// is fair), so we delete type if it is 0 and a non-EIP-1559 network
if (req.method === "call" || req.method === "estimateGas") {
let tx = req.transaction;
if (tx && tx.type != null && getBigInt(tx.type)) {
// If there are no EIP-1559 properties, it might be non-EIP-a559
if (tx.maxFeePerGas == null && tx.maxPriorityFeePerGas == null) {
const feeData = await this.getFeeData();
if (feeData.maxFeePerGas == null && feeData.maxPriorityFeePerGas == null) {
// Network doesn't know about EIP-1559 (and hence type)
req = Object.assign({}, req, {
transaction: Object.assign({}, tx, { type: undefined })
const request = this.getRpcRequest(req);
if (request != null) {
return await this.send(request.method, request.args);
return super._perform(req);
* Sub-classes may override this; it detects the *actual* network that
* we are **currently** connected to.
* Keep in mind that [[send]] may only be used once [[ready]], otherwise the
* _send primitive must be used instead.
async _detectNetwork() {
const network = this._getOption("staticNetwork");
if (network) {
return network;
// If we are ready, use ``send``, which enabled requests to be batched
if (this.ready) {
return Network.from(getBigInt(await this.send("eth_chainId", [])));
// We are not ready yet; use the primitive _send
const payload = {
id: this.#nextId++, method: "eth_chainId", params: [], jsonrpc: "2.0"
this.emit("debug", { action: "sendRpcPayload", payload });
let result;
try {
result = (await this._send(payload))[0];
catch (error) {
this.emit("debug", { action: "receiveRpcError", error });
throw error;
this.emit("debug", { action: "receiveRpcResult", result });
if ("result" in result) {
return Network.from(getBigInt(result.result));
throw this.getRpcError(payload, result);
* Sub-classes **MUST** call this. Until [[_start]] has been called, no calls
* will be passed to [[_send]] from [[send]]. If it is overridden, then
* ``super._start()`` **MUST** be called.
* Calling it multiple times is safe and has no effect.
_start() {
if (this.#notReady == null || this.#notReady.resolve == null) {
this.#notReady = null;
(async () => {
// Bootstrap the network
while (this.#network == null) {
try {
this.#network = await this._detectNetwork();
catch (error) {
console.log("JsonRpcProvider failed to startup; retry in 1s");
await stall$3(1000);
// Start dispatching requests
* Resolves once the [[_start]] has been called. This can be used in
* sub-classes to defer sending data until the connection has been
* established.
async _waitUntilReady() {
if (this.#notReady == null) {
return await this.#notReady.promise;
* Return a Subscriber that will manage the %%sub%%.
* Sub-classes may override this to modify the behavior of
* subscription management.
_getSubscriber(sub) {
// Pending Filters aren't availble via polling
if (sub.type === "pending") {
return new FilterIdPendingSubscriber(this);
if (sub.type === "event") {
if (this._getOption("polling")) {
return new PollingEventSubscriber(this, sub.filter);
return new FilterIdEventSubscriber(this, sub.filter);
// Orphaned Logs are handled automatically, by the filter, since
// logs with removed are emitted by it
if (sub.type === "orphan" && sub.filter.orphan === "drop-log") {
return new UnmanagedSubscriber("orphan");
return super._getSubscriber(sub);
* Returns true only if the [[_start]] has been called.
get ready() { return this.#notReady == null; }
* Returns %%tx%% as a normalized JSON-RPC transaction request,
* which has all values hexlified and any numeric values converted
* to Quantity values.
getRpcTransaction(tx) {
const result = {};
// JSON-RPC now requires numeric values to be "quantity" values
["chainId", "gasLimit", "gasPrice", "type", "maxFeePerGas", "maxPriorityFeePerGas", "nonce", "value"].forEach((key) => {
if (tx[key] == null) {
let dstKey = key;
if (key === "gasLimit") {
dstKey = "gas";
result[dstKey] = toQuantity(getBigInt(tx[key], `tx.${key}`));
// Make sure addresses and data are lowercase
["from", "to", "data"].forEach((key) => {
if (tx[key] == null) {
result[key] = hexlify(tx[key]);
// Normalize the access list object
if (tx.accessList) {
result["accessList"] = accessListify(tx.accessList);
return result;
* Returns the request method and arguments required to perform
* %%req%%.
getRpcRequest(req) {
switch (req.method) {
case "chainId":
return { method: "eth_chainId", args: [] };
case "getBlockNumber":
return { method: "eth_blockNumber", args: [] };
case "getGasPrice":
return { method: "eth_gasPrice", args: [] };
case "getBalance":
return {
method: "eth_getBalance",
args: [getLowerCase(req.address), req.blockTag]
case "getTransactionCount":
return {
method: "eth_getTransactionCount",
args: [getLowerCase(req.address), req.blockTag]
case "getCode":
return {
method: "eth_getCode",
args: [getLowerCase(req.address), req.blockTag]
case "getStorage":
return {
method: "eth_getStorageAt",
args: [
("0x" + req.position.toString(16)),
case "broadcastTransaction":
return {
method: "eth_sendRawTransaction",
args: [req.signedTransaction]
case "getBlock":
if ("blockTag" in req) {
return {
method: "eth_getBlockByNumber",
args: [req.blockTag, !!req.includeTransactions]
else if ("blockHash" in req) {
return {
method: "eth_getBlockByHash",
args: [req.blockHash, !!req.includeTransactions]
case "getTransaction":
return {
method: "eth_getTransactionByHash",
args: [req.hash]
case "getTransactionReceipt":
return {
method: "eth_getTransactionReceipt",
args: [req.hash]
case "call":
return {
method: "eth_call",
args: [this.getRpcTransaction(req.transaction), req.blockTag]
case "estimateGas": {
return {
method: "eth_estimateGas",
args: [this.getRpcTransaction(req.transaction)]
case "getLogs":
if (req.filter && req.filter.address != null) {
if (Array.isArray(req.filter.address)) {
req.filter.address =;
else {
req.filter.address = getLowerCase(req.filter.address);
return { method: "eth_getLogs", args: [req.filter] };
return null;
* Returns an ethers-style Error for the given JSON-RPC error
* %%payload%%, coalescing the various strings and error shapes
* that different nodes return, coercing them into a machine-readable
* standardized error.
getRpcError(payload, _error) {
const { method } = payload;
const { error } = _error;
if (method === "eth_estimateGas" && error.message) {
const msg = error.message;
if (!msg.match(/revert/i) && msg.match(/insufficient funds/i)) {
return makeError("insufficient funds", "INSUFFICIENT_FUNDS", {
transaction: (payload.params[0]),
if (method === "eth_call" || method === "eth_estimateGas") {
const result = spelunkData(error);
const e = AbiCoder.getBuiltinCallException((method === "eth_call") ? "call" : "estimateGas", (payload.params[0]), (result ? : null)); = { error, payload };
return e;
// Only estimateGas and call can return arbitrary contract-defined text, so now we
// we can process text safely.
const message = JSON.stringify(spelunkMessage(error));
if (typeof (error.message) === "string" && error.message.match(/user denied|ethers-user-denied/i)) {
const actionMap = {
eth_sign: "signMessage",
personal_sign: "signMessage",
eth_signTypedData_v4: "signTypedData",
eth_signTransaction: "signTransaction",
eth_sendTransaction: "sendTransaction",
eth_requestAccounts: "requestAccess",
wallet_requestAccounts: "requestAccess",
return makeError(`user rejected action`, "ACTION_REJECTED", {
action: (actionMap[method] || "unknown"),
reason: "rejected",
info: { payload, error }
if (method === "eth_sendRawTransaction" || method === "eth_sendTransaction") {
const transaction = (payload.params[0]);
if (message.match(/insufficient funds|base fee exceeds gas limit/i)) {
return makeError("insufficient funds for intrinsic transaction cost", "INSUFFICIENT_FUNDS", {
transaction, info: { error }
if (message.match(/nonce/i) && message.match(/too low/i)) {
return makeError("nonce has already been used", "NONCE_EXPIRED", { transaction });
// "replacement transaction underpriced"
if (message.match(/replacement transaction/i) && message.match(/underpriced/i)) {
return makeError("replacement fee too low", "REPLACEMENT_UNDERPRICED", { transaction });
if (message.match(/only replay-protected/i)) {
return makeError("legacy pre-eip-155 transactions not supported", "UNSUPPORTED_OPERATION", {
operation: method, info: { transaction }
if (message.match(/the method .* does not exist/i)) {
return makeError("unsupported operation", "UNSUPPORTED_OPERATION", {
operation: payload.method, info: { error }
return makeError("could not coalesce error", "UNKNOWN_ERROR", { error });
* Requests the %%method%% with %%params%% via the JSON-RPC protocol
* over the underlying channel. This can be used to call methods
* on the backend that do not have a high-level API within the Provider
* API.
* This method queues requests according to the batch constraints
* in the options, assigns the request a unique ID.
* **Do NOT override** this method in sub-classes; instead
* override [[_send]] or force the options values in the
* call to the constructor to modify this method's behavior.
send(method, params) {
// @TODO: cache chainId?? purge on switch_networks
const id = this.#nextId++;
const promise = new Promise((resolve, reject) => {
resolve, reject,
payload: { method, params, id, jsonrpc: "2.0" }
// If there is not a pending drainTimer, set one
return promise;
* Resolves to the [[Signer]] account for %%address%% managed by
* the client.
* If the %%address%% is a number, it is used as an index in the
* the accounts from [[listAccounts]].
* This can only be used on clients which manage accounts (such as
* Geth with imported account or MetaMask).
* Throws if the account doesn't exist.
async getSigner(address) {
if (address == null) {
address = 0;
const accountsPromise = this.send("eth_accounts", []);
// Account index
if (typeof (address) === "number") {
const accounts = (await accountsPromise);
if (address >= accounts.length) {
throw new Error("no such account");
return new JsonRpcSigner(this, accounts[address]);
const { accounts } = await resolveProperties({
network: this.getNetwork(),
accounts: accountsPromise
// Account address
address = getAddress(address);
for (const account of accounts) {
if (getAddress(account) === account) {
return new JsonRpcSigner(this, account);
throw new Error("invalid account");
class JsonRpcApiPollingProvider extends JsonRpcApiProvider {
constructor(network, options) {
super(network, options);
this.#pollingInterval = 4000;
_getSubscriber(sub) {
const subscriber = super._getSubscriber(sub);
if (isPollable(subscriber)) {
subscriber.pollingInterval = this.#pollingInterval;
return subscriber;
* The polling interval (default: 4000 ms)
get pollingInterval() { return this.#pollingInterval; }
set pollingInterval(value) {
if (!Number.isInteger(value) || value < 0) {
throw new Error("invalid interval");
this.#pollingInterval = value;
this._forEachSubscriber((sub) => {
if (isPollable(sub)) {
sub.pollingInterval = this.#pollingInterval;
* The JsonRpcProvider is one of the most common Providers,
* which performs all operations over HTTP (or HTTPS) requests.
* Events are processed by polling the backend for the current block
* number; when it advances, all block-base events are then checked
* for updates.
class JsonRpcProvider extends JsonRpcApiPollingProvider {
constructor(url, network, options) {
if (url == null) {
url = "http:/\/localhost:8545";
super(network, options);
if (typeof (url) === "string") {
this.#connect = new FetchRequest(url);
else {
this.#connect = url.clone();
_getConnection() {
return this.#connect.clone();
async send(method, params) {
// All requests are over HTTP, so we can just start handling requests
// We do this here rather than the constructor so that we don't send any
// requests to the network (i.e. eth_chainId) until we absolutely have to.
await this._start();
return await super.send(method, params);
async _send(payload) {
// Configure a POST connection for the requested method
const request = this._getConnection();
request.body = JSON.stringify(payload);
request.setHeader("content-type", "application/json");
const response = await request.send();
let resp = response.bodyJson;
if (!Array.isArray(resp)) {
resp = [resp];
return resp;
function spelunkData(value) {
if (value == null) {
return null;
// These *are* the droids we're looking for.
if (typeof (value.message) === "string" && value.message.match("reverted") && isHexString( {
return { message: value.message, data: };
// Spelunk further...
if (typeof (value) === "object") {
for (const key in value) {
const result = spelunkData(value[key]);
if (result) {
return result;
return null;
// Might be a JSON string we can further descend...
if (typeof (value) === "string") {
try {
return spelunkData(JSON.parse(value));
catch (error) { }
return null;
function _spelunkMessage(value, result) {
if (value == null) {
// These *are* the droids we're looking for.
if (typeof (value.message) === "string") {
// Spelunk further...
if (typeof (value) === "object") {
for (const key in value) {
_spelunkMessage(value[key], result);
// Might be a JSON string we can further descend...
if (typeof (value) === "string") {
try {
return _spelunkMessage(JSON.parse(value), result);
catch (error) { }
function spelunkMessage(value) {
const result = [];
_spelunkMessage(value, result);
return result;
* [[link-ankr]] provides a third-party service for connecting to
* various blockchains over JSON-RPC.
* **Supported Networks**
* - Ethereum Mainnet (``mainnet``)
* - Goerli Testnet (``goerli``)
* - Polygon (``matic``)
* - Arbitrum (``arbitrum``)
* @_subsection: api/providers/thirdparty:Ankr [providers-ankr]
const defaultApiKey$1 = "9f7d929b018cdffb338517efa06f58359e86ff1ffd350bc889738523659e7972";
function getHost$4(name) {
switch (name) {
case "mainnet":
return "";
case "goerli":
return "";
case "matic":
return "";
case "arbitrum":
return "";
assertArgument(false, "unsupported network", "network", name);
* The **AnkrProvider** connects to the [[link-ankr]]
* JSON-RPC end-points.
* By default, a highly-throttled API key is used, which is
* appropriate for quick prototypes and simple scripts. To
* gain access to an increased rate-limit, it is highly
* recommended to [sign up here](link-ankr-signup).
class AnkrProvider extends JsonRpcProvider {
* The API key for the Ankr connection.
* Create a new **AnkrProvider**.
* By default connecting to ``mainnet`` with a highly throttled
* API key.
constructor(_network, apiKey) {
if (_network == null) {
_network = "mainnet";
const network = Network.from(_network);
if (apiKey == null) {
apiKey = defaultApiKey$1;
// Ankr does not support filterId, so we force polling
const options = { polling: true, staticNetwork: network };
const request = AnkrProvider.getRequest(network, apiKey);
super(request, network, options);
defineProperties(this, { apiKey });
_getProvider(chainId) {
try {
return new AnkrProvider(chainId, this.apiKey);
catch (error) { }
return super._getProvider(chainId);
* Returns a prepared request for connecting to %%network%% with
* %%apiKey%%.
static getRequest(network, apiKey) {
if (apiKey == null) {
apiKey = defaultApiKey$1;
const request = new FetchRequest(`https:/\/${getHost$4(}/${apiKey}`);
request.allowGzip = true;
if (apiKey === defaultApiKey$1) {
request.retryFunc = async (request, response, attempt) => {
return true;
return request;
getRpcError(payload, error) {
if (payload.method === "eth_sendRawTransaction") {
if (error && error.error && error.error.message === "INTERNAL_ERROR: could not replace existing tx") {
error.error.message = "replacement transaction underpriced";
return super.getRpcError(payload, error);
isCommunityResource() {
return (this.apiKey === defaultApiKey$1);
* About Alchemy
* @_subsection: api/providers/thirdparty:Alchemy [providers-alchemy]
const defaultApiKey = "_gg7wSSi0KMBsdKnGVfHDueq6xMB9EkC";
function getHost$3(name) {
switch (name) {
case "mainnet":
return "";
case "goerli":
return "";
case "arbitrum":
return "";
case "arbitrum-goerli":
return "";
case "matic":
return "";
case "maticmum":
return "";
case "optimism":
return "";
case "optimism-goerli":
return "";
assertArgument(false, "unsupported network", "network", name);
* The **AlchemyProvider** connects to the [[link-alchemy]]
* JSON-RPC end-points.
* By default, a highly-throttled API key is used, which is
* appropriate for quick prototypes and simple scripts. To
* gain access to an increased rate-limit, it is highly
* recommended to [sign up here](link-alchemy-signup).
* @_docloc: api/providers/thirdparty
class AlchemyProvider extends JsonRpcProvider {
constructor(_network, apiKey) {
if (_network == null) {
_network = "mainnet";
const network = Network.from(_network);
if (apiKey == null) {
apiKey = defaultApiKey;
const request = AlchemyProvider.getRequest(network, apiKey);
super(request, network, { staticNetwork: network });
defineProperties(this, { apiKey });
_getProvider(chainId) {
try {
return new AlchemyProvider(chainId, this.apiKey);
catch (error) { }
return super._getProvider(chainId);
async _perform(req) {
if (req.method === "getTransactionResult") {
const { trace, tx } = await resolveProperties({
trace: this.send("trace_transaction", [req.hash]),
tx: this.getTransaction(req.hash)
if (trace == null || tx == null) {
return null;
let data;
let error = false;
try {
data = trace[0].result.output;
error = (trace[0].error === "Reverted");
catch (error) { }
if (data) {
assert$1(!error, "an error occurred during transaction executions", "CALL_EXCEPTION", {
action: "getTransactionResult",
reason: null,
transaction: tx,
invocation: null,
revert: null // @TODO
return data;
assert$1(false, "could not parse trace result", "BAD_DATA", { value: trace });
return await super._perform(req);
isCommunityResource() {
return (this.apiKey === defaultApiKey);
static getRequest(network, apiKey) {
if (apiKey == null) {
apiKey = defaultApiKey;
const request = new FetchRequest(`https:/\/${getHost$3(}/v2/${apiKey}`);
request.allowGzip = true;
if (apiKey === defaultApiKey) {
request.retryFunc = async (request, response, attempt) => {
return true;
return request;
* About Cloudflare
* @_subsection: api/providers/thirdparty:Cloudflare [providers-cloudflare]
* About Cloudflare...
class CloudflareProvider extends JsonRpcProvider {
constructor(_network) {
if (_network == null) {
_network = "mainnet";
const network = Network.from(_network);
assertArgument( === "mainnet", "unsupported network", "network", _network);
super("https:/\/", network, { staticNetwork: network });
* [[link-etherscan]] provides a third-party service for connecting to
* various blockchains over a combination of JSON-RPC and custom API
* endpoints.
* **Supported Networks**
* - Ethereum Mainnet (``mainnet``)
* - Goerli Testnet (``goerli``)
* - Sepolia Testnet (``sepolia``)
* - Arbitrum (``arbitrum``)
* - Arbitrum Goerli Testnet (``arbitrum-goerli``)
* - Optimism (``optimism``)
* - Optimism Goerli Testnet (``optimism-goerli``)
* - Polygon (``matic``)
* - Polygon Mumbai Testnet (``maticmum``)
* @_subsection api/providers/thirdparty:Etherscan [providers-etherscan]
const THROTTLE = 2000;
function isPromise(value) {
return (value && typeof (value.then) === "function");
const EtherscanPluginId = "org.ethers.plugins.provider.Etherscan";
* A Network can include an **EtherscanPlugin** to provide
* a custom base URL.
* @_docloc: api/providers/thirdparty:Etherscan
class EtherscanPlugin extends NetworkPlugin {
* The Etherscan API base URL.
* Creates a new **EtherscanProvider** which will use
* %%baseUrl%%.
constructor(baseUrl) {
defineProperties(this, { baseUrl });
clone() {
return new EtherscanPlugin(this.baseUrl);
let nextId = 1;
* The **EtherscanBaseProvider** is the super-class of
* [[EtherscanProvider]], which should generally be used instead.
* Since the **EtherscanProvider** includes additional code for
* [[Contract]] access, in //rare cases// that contracts are not
* used, this class can reduce code size.
* @_docloc: api/providers/thirdparty:Etherscan
class EtherscanProvider extends AbstractProvider {
* The connected network.
* The API key or null if using the community provided bandwidth.
* Creates a new **EtherscanBaseProvider**.
constructor(_network, _apiKey) {
const apiKey = (_apiKey != null) ? _apiKey : null;
const network = Network.from(_network);
this.#plugin = network.getPlugin(EtherscanPluginId);
defineProperties(this, { apiKey, network });
// Test that the network is supported by Etherscan
* Returns the base URL.
* If an [[EtherscanPlugin]] is configured on the
* [[EtherscanBaseProvider_network]], returns the plugin's
* baseUrl.
getBaseUrl() {
if (this.#plugin) {
return this.#plugin.baseUrl;
switch ( {
case "mainnet":
return "https:/\/";
case "goerli":
return "https:/\/";
case "sepolia":
return "https:/\/";
case "arbitrum":
return "https:/\/";
case "arbitrum-goerli":
return "https:/\/";
case "matic":
return "https:/\/";
case "maticmum":
return "https:/\/";
case "optimism":
return "https:/\/";
case "optimism-goerli":
return "https:/\/";
assertArgument(false, "unsupported network", "network",;
* Returns the URL for the %%module%% and %%params%%.
getUrl(module, params) {
const query = Object.keys(params).reduce((accum, key) => {
const value = params[key];
if (value != null) {
accum += `&${key}=${value}`;
return accum;
}, "");
const apiKey = ((this.apiKey) ? `&apikey=${this.apiKey}` : "");
return `${this.getBaseUrl()}/api?module=${module}${query}${apiKey}`;
* Returns the URL for using POST requests.
getPostUrl() {
return `${this.getBaseUrl()}/api`;
* Returns the parameters for using POST requests.
getPostData(module, params) {
params.module = module;
params.apikey = this.apiKey;
return params;
async detectNetwork() {
* Resolves to the result of calling %%module%% with %%params%%.
* If %%post%%, the request is made as a POST request.
async fetch(module, params, post) {
const id = nextId++;
const url = (post ? this.getPostUrl() : this.getUrl(module, params));
const payload = (post ? this.getPostData(module, params) : null);
this.emit("debug", { action: "sendRequest", id, url, payload: payload });
const request = new FetchRequest(url);
request.setThrottleParams({ slotInterval: 1000 });
request.retryFunc = (req, resp, attempt) => {
if (this.isCommunityResource()) {
return Promise.resolve(true);
request.processFunc = async (request, response) => {
const result = response.hasBody() ? JSON.parse(toUtf8String(response.body)) : {};
const throttle = ((typeof (result.result) === "string") ? result.result : "").toLowerCase().indexOf("rate limit") >= 0;
if (module === "proxy") {
// This JSON response indicates we are being throttled
if (result && result.status == 0 && result.message == "NOTOK" && throttle) {
this.emit("debug", { action: "receiveError", id, reason: "proxy-NOTOK", error: result });
response.throwThrottleError(result.result, THROTTLE);
else {
if (throttle) {
this.emit("debug", { action: "receiveError", id, reason: "null result", error: result.result });
response.throwThrottleError(result.result, THROTTLE);
return response;
if (payload) {
request.setHeader("content-type", "application/x-www-form-urlencoded; charset=UTF-8");
request.body = Object.keys(payload).map((k) => `${k}=${payload[k]}`).join("&");
const response = await request.send();
try {
catch (error) {
this.emit("debug", { action: "receiveError", id, error, reason: "assertOk" });
assert$1(false, "response error", "SERVER_ERROR", { request, response });
if (!response.hasBody()) {
this.emit("debug", { action: "receiveError", id, error: "missing body", reason: "null body" });
assert$1(false, "missing response", "SERVER_ERROR", { request, response });
const result = JSON.parse(toUtf8String(response.body));
if (module === "proxy") {
if (result.jsonrpc != "2.0") {
this.emit("debug", { action: "receiveError", id, result, reason: "invalid JSON-RPC" });
assert$1(false, "invalid JSON-RPC response (missing jsonrpc='2.0')", "SERVER_ERROR", { request, response, info: { result } });
if (result.error) {
this.emit("debug", { action: "receiveError", id, result, reason: "JSON-RPC error" });
assert$1(false, "error response", "SERVER_ERROR", { request, response, info: { result } });
this.emit("debug", { action: "receiveRequest", id, result });
return result.result;
else {
// getLogs, getHistory have weird success responses
if (result.status == 0 && (result.message === "No records found" || result.message === "No transactions found")) {
this.emit("debug", { action: "receiveRequest", id, result });
return result.result;
if (result.status != 1 || (typeof (result.message) === "string" && !result.message.match(/^OK/))) {
this.emit("debug", { action: "receiveError", id, result });
assert$1(false, "error response", "SERVER_ERROR", { request, response, info: { result } });
this.emit("debug", { action: "receiveRequest", id, result });
return result.result;
* Returns %%transaction%% normalized for the Etherscan API.
_getTransactionPostData(transaction) {
const result = {};
for (let key in transaction) {
if (transaction[key] == null) {
let value = transaction[key];
if (key === "type" && value === 0) {
// Quantity-types require no leading zero, unless 0
if ({ type: true, gasLimit: true, gasPrice: true, maxFeePerGs: true, maxPriorityFeePerGas: true, nonce: true, value: true }[key]) {
value = toQuantity(value);
else if (key === "accessList") {
value = "[" + accessListify(value).map((set) => {
return `{address:"${set.address}",storageKeys:["${set.storageKeys.join('","')}"]}`;
}).join(",") + "]";
else {
value = hexlify(value);
result[key] = value;
return result;
* Throws the normalized Etherscan error.
_checkError(req, error, transaction) {
// Pull any message out if, possible
let message = "";
if (isError(error, "SERVER_ERROR")) {
// Check for an error emitted by a proxy call
try {
message =;
catch (e) { }
if (!message) {
try {
message =;
catch (e) { }
if (req.method === "estimateGas") {
if (!message.match(/revert/i) && message.match(/insufficient funds/i)) {
assert$1(false, "insufficient funds", "INSUFFICIENT_FUNDS", {
transaction: req.transaction
if (req.method === "call" || req.method === "estimateGas") {
if (message.match(/execution reverted/i)) {
let data = "";
try {
data =;
catch (error) { }
const e = AbiCoder.getBuiltinCallException(req.method, req.transaction, data); = { request: req, error };
throw e;
if (message) {
if (req.method === "broadcastTransaction") {
const transaction = Transaction.from(req.signedTransaction);
if (message.match(/replacement/i) && message.match(/underpriced/i)) {
assert$1(false, "replacement fee too low", "REPLACEMENT_UNDERPRICED", {
if (message.match(/insufficient funds/)) {
assert$1(false, "insufficient funds for intrinsic transaction cost", "INSUFFICIENT_FUNDS", {
if (message.match(/same hash was already imported|transaction nonce is too low|nonce too low/)) {
assert$1(false, "nonce has already been used", "NONCE_EXPIRED", {
// Something we could not process
throw error;
async _detectNetwork() {
async _perform(req) {
switch (req.method) {
case "chainId":
case "getBlockNumber":
return this.fetch("proxy", { action: "eth_blockNumber" });
case "getGasPrice":
return this.fetch("proxy", { action: "eth_gasPrice" });
case "getBalance":
// Returns base-10 result
return this.fetch("account", {
action: "balance",
address: req.address,
tag: req.blockTag
case "getTransactionCount":
return this.fetch("proxy", {
action: "eth_getTransactionCount",
address: req.address,
tag: req.blockTag
case "getCode":
return this.fetch("proxy", {
action: "eth_getCode",
address: req.address,
tag: req.blockTag
case "getStorage":
return this.fetch("proxy", {
action: "eth_getStorageAt",
address: req.address,
position: req.position,
tag: req.blockTag
case "broadcastTransaction":
return this.fetch("proxy", {
action: "eth_sendRawTransaction",
hex: req.signedTransaction
}, true).catch((error) => {
return this._checkError(req, error, req.signedTransaction);
case "getBlock":
if ("blockTag" in req) {
return this.fetch("proxy", {
action: "eth_getBlockByNumber",
tag: req.blockTag,
boolean: (req.includeTransactions ? "true" : "false")
assert$1(false, "getBlock by blockHash not supported by Etherscan", "UNSUPPORTED_OPERATION", {
operation: "getBlock(blockHash)"
case "getTransaction":
return this.fetch("proxy", {
action: "eth_getTransactionByHash",
txhash: req.hash
case "getTransactionReceipt":
return this.fetch("proxy", {
action: "eth_getTransactionReceipt",
txhash: req.hash
case "call": {
if (req.blockTag !== "latest") {
throw new Error("EtherscanProvider does not support blockTag for call");
const postData = this._getTransactionPostData(req.transaction);
postData.module = "proxy";
postData.action = "eth_call";
try {
return await this.fetch("proxy", postData, true);
catch (error) {
return this._checkError(req, error, req.transaction);
case "estimateGas": {
const postData = this._getTransactionPostData(req.transaction);
postData.module = "proxy";
postData.action = "eth_estimateGas";
try {
return await this.fetch("proxy", postData, true);
catch (error) {
return this._checkError(req, error, req.transaction);
case "getLogs": {
// Needs to complain if more than one address is passed in
const args: Record<string, any> = { action: "getLogs" }
if (params.filter.fromBlock) {
args.fromBlock = checkLogTag(params.filter.fromBlock);
if (params.filter.toBlock) {
args.toBlock = checkLogTag(params.filter.toBlock);
if (params.filter.address) {
args.address = params.filter.address;
// @TODO: We can handle slightly more complicated logs using the logs API
if (params.filter.topics && params.filter.topics.length > 0) {
if (params.filter.topics.length > 1) {
logger.throwError("unsupported topic count", Logger.Errors.UNSUPPORTED_OPERATION, { topics: params.filter.topics });
if (params.filter.topics.length === 1) {
const topic0 = params.filter.topics[0];
if (typeof(topic0) !== "string" || topic0.length !== 66) {
logger.throwError("unsupported topic format", Logger.Errors.UNSUPPORTED_OPERATION, { topic0: topic0 });
args.topic0 = topic0;
const logs: Array<any> = await this.fetch("logs", args);
// Cache txHash => blockHash
let blocks: { [tag: string]: string } = {};
// Add any missing blockHash to the logs
for (let i = 0; i < logs.length; i++) {
const log = logs[i];
if (log.blockHash != null) { continue; }
if (blocks[log.blockNumber] == null) {
const block = await this.getBlock(log.blockNumber);
if (block) {
blocks[log.blockNumber] = block.hash;
log.blockHash = blocks[log.blockNumber];
return logs;
return super._perform(req);
async getNetwork() {
* Resolves to the current price of ether.
* This returns ``0`` on any network other than ``mainnet``.
async getEtherPrice() {
if ( !== "mainnet") {
return 0.0;
return parseFloat((await this.fetch("stats", { action: "ethprice" })).ethusd);
* Resolves to a [Contract]] for %%address%%, using the
* Etherscan API to retreive the Contract ABI.
async getContract(_address) {
let address = this._getAddress(_address);
if (isPromise(address)) {
address = await address;
try {
const resp = await this.fetch("contract", {
action: "getabi", address
const abi = JSON.parse(resp);
return new Contract(address, abi, this);
catch (error) {
return null;
isCommunityResource() {
return (this.apiKey == null);
function getGlobal() {
if (typeof self !== 'undefined') {
return self;
if (typeof window !== 'undefined') {
return window;
if (typeof global !== 'undefined') {
return global;
throw new Error('unable to locate global object');
const _WebSocket = getGlobal().WebSocket;
* Generic long-lived socket provider.
* Sub-classing notes
* - a sub-class MUST call the `_start()` method once connected
* - a sub-class MUST override the `_write(string)` method
* - a sub-class MUST call `_processMessage(string)` for each message
* @_subsection: api/providers/abstract-provider
class SocketSubscriber {
get filter() { return JSON.parse(this.#filter); }
constructor(provider, filter) {
this.#provider = provider;
this.#filter = JSON.stringify(filter);
this.#filterId = null;
this.#paused = null;
this.#emitPromise = null;
start() {
this.#filterId = this.#provider.send("eth_subscribe", this.filter).then((filterId) => {
this.#provider._register(filterId, this);
return filterId;
stop() {
(this.#filterId).then((filterId) => {
this.#provider.send("eth_unsubscribe", [filterId]);
this.#filterId = null;
// @TODO: pause should trap the current blockNumber, unsub, and on resume use getLogs
// and resume
pause(dropWhilePaused) {
assert$1(dropWhilePaused, "preserve logs while paused not supported by SocketSubscriber yet", "UNSUPPORTED_OPERATION", { operation: "pause(false)" });
this.#paused = !!dropWhilePaused;
resume() {
this.#paused = null;
_handleMessage(message) {
if (this.#filterId == null) {
if (this.#paused === null) {
let emitPromise = this.#emitPromise;
if (emitPromise == null) {
emitPromise = this._emit(this.#provider, message);
else {
emitPromise = emitPromise.then(async () => {
await this._emit(this.#provider, message);
this.#emitPromise = emitPromise.then(() => {
if (this.#emitPromise === emitPromise) {
this.#emitPromise = null;
async _emit(provider, message) {
throw new Error("sub-classes must implemente this; _emit");
class SocketBlockSubscriber extends SocketSubscriber {
constructor(provider) {
super(provider, ["newHeads"]);
async _emit(provider, message) {
provider.emit("block", parseInt(message.number));
class SocketPendingSubscriber extends SocketSubscriber {
constructor(provider) {
super(provider, ["newPendingTransactions"]);
async _emit(provider, message) {
provider.emit("pending", message);
class SocketEventSubscriber extends SocketSubscriber {
get logFilter() { return JSON.parse(this.#logFilter); }
constructor(provider, filter) {
super(provider, ["logs", filter]);
this.#logFilter = JSON.stringify(filter);
async _emit(provider, message) {
provider.emit(this.#logFilter, provider._wrapLog(message, provider._network));
* SocketProvider...
class SocketProvider extends JsonRpcApiProvider {
// Maps each filterId to its subscriber
// If any events come in before a subscriber has finished
// registering, queue them
constructor(network) {
super(network, { batchMaxCount: 1 });
this.#callbacks = new Map();
this.#subs = new Map();
this.#pending = new Map();
// This value is only valid after _start has been called
get _network(): Network {
if (this.#network == null) {
throw new Error("this shouldn't happen");
return this.#network.clone();
_getSubscriber(sub) {
switch (sub.type) {
case "close":
return new UnmanagedSubscriber("close");
case "block":
return new SocketBlockSubscriber(this);
case "pending":
return new SocketPendingSubscriber(this);
case "event":
return new SocketEventSubscriber(this, sub.filter);
case "orphan":
// Handled auto-matically within AbstractProvider
// when the log.removed = true
if (sub.filter.orphan === "drop-log") {
return new UnmanagedSubscriber("drop-log");
return super._getSubscriber(sub);
_register(filterId, subscriber) {
this.#subs.set(filterId, subscriber);
const pending = this.#pending.get(filterId);
if (pending) {
for (const message of pending) {
async _send(payload) {
// WebSocket provider doesn't accept batches
assertArgument(!Array.isArray(payload), "WebSocket does not support batch send", "payload", payload);
// @TODO: stringify payloads here and store to prevent mutations
// Prepare a promise to respond to
const promise = new Promise((resolve, reject) => {
this.#callbacks.set(, { payload, resolve, reject });
// Wait until the socket is connected before writing to it
await this._waitUntilReady();
// Write the request to the socket
await this._write(JSON.stringify(payload));
return [await promise];
// Sub-classes must call this once they are connected
async _start(): Promise<void> {
if (this.#ready) { return; }
for (const { payload } of this.#callbacks.values()) {
await this._write(JSON.stringify(payload));
this.#ready = (async function() {
await super._start();
// Sub-classes must call this for each message
async _processMessage(message) {
const result = (JSON.parse(message));
if ("id" in result) {
const callback = this.#callbacks.get(;
if (callback == null) {
console.log("Weird... Response for not a thing we sent");
if ("error" in result) {
const { message, code, data } = result.error;
const error = makeError(message || "unkonwn error", "SERVER_ERROR", {
request: `ws:${ JSON.stringify(callback.payload) }`,
info: { code, data }
} else {
else if (result.method === "eth_subscription") {
const filterId = result.params.subscription;
const subscriber = this.#subs.get(filterId);
if (subscriber) {
else {
let pending = this.#pending.get(filterId);
if (pending == null) {
pending = [];
this.#pending.set(filterId, pending);
async _write(message) {
throw new Error("sub-classes must override this");
class WebSocketProvider extends SocketProvider {
get websocket() {
if (this.#websocket == null) {
throw new Error("websocket closed");
return this.#websocket;
constructor(url, network) {
if (typeof (url) === "string") {
this.#connect = () => { return new _WebSocket(url); };
this.#websocket = this.#connect();
else if (typeof (url) === "function") {
this.#connect = url;
this.#websocket = url();
else {
this.#connect = null;
this.#websocket = url;
this.websocket.onopen = async () => {
try {
await this._start();
catch (error) {
console.log("failed to start WebsocketProvider", error);
// @TODO: now what? Attempt reconnect?
this.websocket.onmessage = (message) => {
this.websocket.onclose = (event) => {
// @TODO: What event.code should we reconnect on?
const reconnect = false;
if (reconnect) {
if (this.#connect) {
this.#websocket = this.#connect();
this.#websocket.onopen = ...
// @TODO: this requires the super class to rebroadcast; move it there
async _write(message) {
async destroy() {
if (this.#websocket != null) {
this.#websocket = null;
* [[link-infura]] provides a third-party service for connecting to
* various blockchains over JSON-RPC.
* **Supported Networks**
* - Ethereum Mainnet (``mainnet``)
* - Goerli Testnet (``goerli``)
* - Sepolia Testnet (``sepolia``)
* - Arbitrum (``arbitrum``)
* - Arbitrum Goerli Testnet (``arbitrum-goerli``)
* - Optimism (``optimism``)
* - Optimism Goerli Testnet (``optimism-goerli``)
* - Polygon (``matic``)
* - Polygon Mumbai Testnet (``maticmum``)
* @_subsection: api/providers/thirdparty:INFURA [providers-infura]
const defaultProjectId = "84842078b09946638c03157f83405213";
function getHost$2(name) {
switch (name) {
case "mainnet":
return "";
case "goerli":
return "";
case "sepolia":
return "";
case "arbitrum":
return "";
case "arbitrum-goerli":
return "";
case "matic":
return "";
case "maticmum":
return "";
case "optimism":
return "";
case "optimism-goerli":
return "";
assertArgument(false, "unsupported network", "network", name);
* The **InfuraWebSocketProvider** connects to the [[link-infura]]
* WebSocket end-points.
* By default, a highly-throttled API key is used, which is
* appropriate for quick prototypes and simple scripts. To
* gain access to an increased rate-limit, it is highly
* recommended to [sign up here](link-infura-signup).
class InfuraWebSocketProvider extends WebSocketProvider {
* The Project ID for the INFURA connection.
* The Project Secret.
* If null, no authenticated requests are made. This should not
* be used outside of private contexts.
* Creates a new **InfuraWebSocketProvider**.
constructor(network, projectId) {
const provider = new InfuraProvider(network, projectId);
const req = provider._getConnection();
assert$1(!req.credentials, "INFURA WebSocket project secrets unsupported", "UNSUPPORTED_OPERATION", { operation: "InfuraProvider.getWebSocketProvider()" });
const url = req.url.replace(/^http/i, "ws").replace("/v3/", "/ws/v3/");
super(url, network);
defineProperties(this, {
projectId: provider.projectId,
projectSecret: provider.projectSecret
isCommunityResource() {
return (this.projectId === defaultProjectId);
* The **InfuraProvider** connects to the [[link-infura]]
* JSON-RPC end-points.
* By default, a highly-throttled API key is used, which is
* appropriate for quick prototypes and simple scripts. To
* gain access to an increased rate-limit, it is highly
* recommended to [sign up here](link-infura-signup).
class InfuraProvider extends JsonRpcProvider {
* The Project ID for the INFURA connection.
* The Project Secret.
* If null, no authenticated requests are made. This should not
* be used outside of private contexts.
* Creates a new **InfuraProvider**.
constructor(_network, projectId, projectSecret) {
if (_network == null) {
_network = "mainnet";
const network = Network.from(_network);
if (projectId == null) {
projectId = defaultProjectId;
if (projectSecret == null) {
projectSecret = null;
const request = InfuraProvider.getRequest(network, projectId, projectSecret);
super(request, network, { staticNetwork: network });
defineProperties(this, { projectId, projectSecret });
_getProvider(chainId) {
try {
return new InfuraProvider(chainId, this.projectId, this.projectSecret);
catch (error) { }
return super._getProvider(chainId);
isCommunityResource() {
return (this.projectId === defaultProjectId);
* Creates a new **InfuraWebSocketProvider**.
static getWebSocketProvider(network, projectId) {
return new InfuraWebSocketProvider(network, projectId);
* Returns a prepared request for connecting to %%network%%
* with %%projectId%% and %%projectSecret%%.
static getRequest(network, projectId, projectSecret) {
if (projectId == null) {
projectId = defaultProjectId;
if (projectSecret == null) {
projectSecret = null;
const request = new FetchRequest(`https:/\/${getHost$2(}/v3/${projectId}`);
request.allowGzip = true;
if (projectSecret) {
request.setCredentials("", projectSecret);
if (projectId === defaultProjectId) {
request.retryFunc = async (request, response, attempt) => {
return true;
return request;
* [[link-quicknode]] provides a third-party service for connecting to
* various blockchains over JSON-RPC.
* **Supported Networks**
* - Ethereum Mainnet (``mainnet``)
* - Goerli Testnet (``goerli``)
* - Arbitrum (``arbitrum``)
* - Arbitrum Goerli Testnet (``arbitrum-goerli``)
* - Optimism (``optimism``)
* - Optimism Goerli Testnet (``optimism-goerli``)
* - Polygon (``matic``)
* - Polygon Mumbai Testnet (``maticmum``)
* @_subsection: api/providers/thirdparty:QuickNode [providers-quicknode]
const defaultToken = "919b412a057b5e9c9b6dce193c5a60242d6efadb";
function getHost$1(name) {
switch (name) {
case "mainnet":
return "";
case "goerli":
return "";
//case "sepolia":
// return "";
case "arbitrum":
return "";
case "arbitrum-goerli":
return "";
case "matic":
return "";
case "maticmum":
return "";
case "optimism":
return "";
case "optimism-goerli":
return "";
assertArgument(false, "unsupported network", "network", name);
* The **QuickNodeProvider** connects to the [[link-quicknode]]
* JSON-RPC end-points.
* By default, a highly-throttled API token is used, which is
* appropriate for quick prototypes and simple scripts. To
* gain access to an increased rate-limit, it is highly
* recommended to [sign up here](link-quicknode).
class QuickNodeProvider extends JsonRpcProvider {
* The API token.
* Creates a new **QuickNodeProvider**.
constructor(_network, token) {
if (_network == null) {
_network = "mainnet";
const network = Network.from(_network);
if (token == null) {
token = defaultToken;
const request = QuickNodeProvider.getRequest(network, token);
super(request, network, { staticNetwork: network });
defineProperties(this, { token });
_getProvider(chainId) {
try {
return new QuickNodeProvider(chainId, this.token);
catch (error) { }
return super._getProvider(chainId);
isCommunityResource() {
return (this.token === defaultToken);
* Returns a new request prepared for %%network%% and the
* %%token%%.
static getRequest(network, token) {
if (token == null) {
token = defaultToken;
const request = new FetchRequest(`https:/\/${getHost$1(}/${token}`);
request.allowGzip = true;
//if (projectSecret) { request.setCredentials("", projectSecret); }
if (token === defaultToken) {
request.retryFunc = async (request, response, attempt) => {
return true;
return request;
* Explain all the nitty-gritty about the **FallbackProvider**.
* @_section: api/providers/fallback-provider:Fallback Provider [about-fallback-provider]
const BN_1 = BigInt("1");
const BN_2 = BigInt("2");
function shuffle(array) {
for (let i = array.length - 1; i > 0; i--) {
const j = Math.floor(Math.random() * (i + 1));
const tmp = array[i];
array[i] = array[j];
array[j] = tmp;
function stall$2(duration) {
return new Promise((resolve) => { setTimeout(resolve, duration); });
function getTime() { return (new Date()).getTime(); }
function stringify(value) {
return JSON.stringify(value, (key, value) => {
if (typeof (value) === "bigint") {
return { type: "bigint", value: value.toString() };
return value;
const defaultConfig = { stallTimeout: 400, priority: 1, weight: 1 };
const defaultState = {
blockNumber: -2, requests: 0, lateResponses: 0, errorResponses: 0,
outOfSync: -1, unsupportedEvents: 0, rollingDuration: 0, score: 0,
_network: null, _updateNumber: null, _totalTime: 0
async function waitForSync(config, blockNumber) {
while (config.blockNumber < 0 || config.blockNumber < blockNumber) {
if (!config._updateNumber) {
config._updateNumber = (async () => {
const blockNumber = await config.provider.getBlockNumber();
if (blockNumber > config.blockNumber) {
config.blockNumber = blockNumber;
config._updateNumber = null;
await config._updateNumber;
function _normalize(value) {
if (value == null) {
return "null";
if (Array.isArray(value)) {
return "[" + (",") + "]";
if (typeof (value) === "object" && typeof (value.toJSON) === "function") {
return _normalize(value.toJSON());
switch (typeof (value)) {
case "boolean":
case "symbol":
return value.toString();
case "bigint":
case "number":
return BigInt(value).toString();
case "string":
return JSON.stringify(value);
case "object": {
const keys = Object.keys(value);
return "{" + => `${JSON.stringify(k)}:${_normalize(value[k])}`).join(",") + "}";
console.log("Could not serialize", value);
throw new Error("Hmm...");
function normalizeResult(value) {
if ("error" in value) {
const error = value.error;
return { tag: _normalize(error), value: error };
const result = value.result;
return { tag: _normalize(result), value: result };
// This strategy picks the highest weight result, as long as the weight is
// equal to or greater than quorum
function checkQuorum(quorum, results) {
const tally = new Map();
for (const { value, tag, weight } of results) {
const t = tally.get(tag) || { value, weight: 0 };
t.weight += weight;
tally.set(tag, t);
let best = null;
for (const r of tally.values()) {
if (r.weight >= quorum && (!best || r.weight > best.weight)) {
best = r;
if (best) {
return best.value;
return undefined;
function getMedian(quorum, results) {
let resultWeight = 0;
const errorMap = new Map();
let bestError = null;
const values = [];
for (const { value, tag, weight } of results) {
if (value instanceof Error) {
const e = errorMap.get(tag) || { value, weight: 0 };
e.weight += weight;
errorMap.set(tag, e);
if (bestError == null || e.weight > bestError.weight) {
bestError = e;
else {
resultWeight += weight;
if (resultWeight < quorum) {
// We have quorum for an error
if (bestError && bestError.weight >= quorum) {
return bestError.value;
// We do not have quorum for a result
return undefined;
// Get the sorted values
values.sort((a, b) => ((a < b) ? -1 : (b > a) ? 1 : 0));
const mid = Math.floor(values.length / 2);
// Odd-length; take the middle value
if (values.length % 2) {
return values[mid];
// Even length; take the ceiling of the mean of the center two values
return (values[mid - 1] + values[mid] + BN_1) / BN_2;
function getAnyResult(quorum, results) {
// If any value or error meets quorum, that is our preferred result
const result = checkQuorum(quorum, results);
if (result !== undefined) {
return result;
// Otherwise, do we have any result?
for (const r of results) {
if (r.value) {
return r.value;
// Nope!
return undefined;
function getFuzzyMode(quorum, results) {
if (quorum === 1) {
return getNumber(getMedian(quorum, results), "%internal");
const tally = new Map();
const add = (result, weight) => {
const t = tally.get(result) || { result, weight: 0 };
t.weight += weight;
tally.set(result, t);
for (const { weight, value } of results) {
const r = getNumber(value);
add(r - 1, weight);
add(r, weight);
add(r + 1, weight);
let bestWeight = 0;
let bestResult = undefined;
for (const { weight, result } of tally.values()) {
// Use this result, if this result meets quorum and has either:
// - a better weight
// - or equal weight, but the result is larger
if (weight >= quorum && (weight > bestWeight || (bestResult != null && weight === bestWeight && result > bestResult))) {
bestWeight = weight;
bestResult = result;
return bestResult;
* A Fallback Provider.
class FallbackProvider extends AbstractProvider {
constructor(providers, network) {
this.#configs = => {
if (p instanceof AbstractProvider) {
return Object.assign({ provider: p }, defaultConfig, defaultState);
else {
return Object.assign({}, defaultConfig, p, defaultState);
this.#height = -2;
this.#initialSyncPromise = null;
this.quorum = 2; //Math.ceil(providers.length / 2);
this.eventQuorum = 1;
this.eventWorkers = 1;
assertArgument(this.quorum <= this.#configs.reduce((a, c) => (a + c.weight), 0), "quorum exceed provider wieght", "quorum", this.quorum);
get providerConfigs() {
return => {
const result = Object.assign({}, c);
for (const key in result) {
if (key[0] === "_") {
delete result[key];
return result;
async _detectNetwork() {
return Network.from(getBigInt(await this._perform({ method: "chainId" })));
// @TODO: Add support to select providers to be the event subscriber
//_getSubscriber(sub: Subscription): Subscriber {
// throw new Error("@TODO");
async _translatePerform(provider, req) {
switch (req.method) {
case "broadcastTransaction":
return await provider.broadcastTransaction(req.signedTransaction);
case "call":
return await{}, req.transaction, { blockTag: req.blockTag }));
case "chainId":
return (await provider.getNetwork()).chainId;
case "estimateGas":
return await provider.estimateGas(req.transaction);
case "getBalance":
return await provider.getBalance(req.address, req.blockTag);
case "getBlock": {
const block = ("blockHash" in req) ? req.blockHash : req.blockTag;
return await provider.getBlock(block, req.includeTransactions);
case "getBlockNumber":
return await provider.getBlockNumber();
case "getCode":
return await provider.getCode(req.address, req.blockTag);
case "getGasPrice":
return (await provider.getFeeData()).gasPrice;
case "getLogs":
return await provider.getLogs(req.filter);
case "getStorage":
return await provider.getStorage(req.address, req.position, req.blockTag);
case "getTransaction":
return await provider.getTransaction(req.hash);
case "getTransactionCount":
return await provider.getTransactionCount(req.address, req.blockTag);
case "getTransactionReceipt":
return await provider.getTransactionReceipt(req.hash);
case "getTransactionResult":
return await provider.getTransactionResult(req.hash);
// Grab the next (random) config that is not already part of
// the running set
#getNextConfig(running) {
// @TODO: Maybe do a check here to favour (heavily) providers that
// do not require waitForSync and disfavour providers that
// seem down-ish or are behaving slowly
const configs = Array.from(running).map((r) => r.config);
// Shuffle the states, sorted by priority
const allConfigs = this.#configs.slice();
allConfigs.sort((a, b) => (b.priority - a.priority));
for (const config of allConfigs) {
if (configs.indexOf(config) === -1) {
return config;
return null;
// Adds a new runner (if available) to running.
#addRunner(running, req) {
const config = this.#getNextConfig(running);
// No runners available
if (config == null) {
return null;
// Create a new runner
const runner = {
config, result: null, didBump: false,
perform: null, staller: null
const now = getTime();
// Start performing this operation
runner.perform = (async () => {
try {
const result = await this._translatePerform(config.provider, req);
runner.result = { result };
catch (error) {
runner.result = { error };
const dt = (getTime() - now);
config._totalTime += dt;
config.rollingDuration = 0.95 * config.rollingDuration + 0.05 * dt;
runner.perform = null;
// Start a staller; when this times out, it's time to force
// kicking off another runner because we are taking too long
runner.staller = (async () => {
await stall$2(config.stallTimeout);
runner.staller = null;
return runner;
// Initializes the blockNumber and network for each runner and
// blocks until initialized
async #initialSync() {
let initialSync = this.#initialSyncPromise;
if (!initialSync) {
const promises = [];
this.#configs.forEach((config) => {
promises.push(waitForSync(config, 0));
promises.push((async () => {
config._network = await config.provider.getNetwork();
this.#initialSyncPromise = initialSync = (async () => {
// Wait for all providers to have a block number and network
await Promise.all(promises);
// Check all the networks match
let chainId = null;
for (const config of this.#configs) {
const network = (config._network);
if (chainId == null) {
chainId = network.chainId;
else if (network.chainId !== chainId) {
assert$1(false, "cannot mix providers on different networks", "UNSUPPORTED_OPERATION", {
operation: "new FallbackProvider"
await initialSync;
async #checkQuorum(running, req) {
// Get all the result objects
const results = [];
for (const runner of running) {
if (runner.result != null) {
const { tag, value } = normalizeResult(runner.result);
results.push({ tag, value, weight: runner.config.weight });
// Are there enough results to event meet quorum?
if (results.reduce((a, r) => (a + r.weight), 0) < this.quorum) {
return undefined;
switch (req.method) {
case "getBlockNumber": {
// We need to get the bootstrap block height
if (this.#height === -2) {
this.#height = Math.ceil(getNumber(getMedian(this.quorum, => ({
value: c.blockNumber,
tag: getNumber(c.blockNumber).toString(),
weight: c.weight
// Find the mode across all the providers, allowing for
// a little drift between block heights
const mode = getFuzzyMode(this.quorum, results);
if (mode === undefined) {
return undefined;
if (mode > this.#height) {
this.#height = mode;
return this.#height;
case "getGasPrice":
case "estimateGas":
return getMedian(this.quorum, results);
case "getBlock":
// Pending blocks are in the mempool and already
// quite untrustworthy; just grab anything
if ("blockTag" in req && req.blockTag === "pending") {
return getAnyResult(this.quorum, results);
return checkQuorum(this.quorum, results);
case "call":
case "chainId":
case "getBalance":
case "getTransactionCount":
case "getCode":
case "getStorage":
case "getTransaction":
case "getTransactionReceipt":
case "getLogs":
return checkQuorum(this.quorum, results);
case "broadcastTransaction":
return getAnyResult(this.quorum, results);
assert$1(false, "unsupported method", "UNSUPPORTED_OPERATION", {
operation: `_perform(${stringify(req.method)})`
async #waitForQuorum(running, req) {
if (running.size === 0) {
throw new Error("no runners?!");
// Any promises that are interesting to watch for; an expired stall
// or a successful perform
const interesting = [];
let newRunners = 0;
for (const runner of running) {
// No responses, yet; keep an eye on it
if (runner.perform) {
// Still stalling...
if (runner.staller) {
// This runner has already triggered another runner
if (runner.didBump) {
// Got a response (result or error) or stalled; kick off another runner
runner.didBump = true;
// Check if we have reached quorum on a result (or error)
const value = await this.#checkQuorum(running, req);
if (value !== undefined) {
if (value instanceof Error) {
throw value;
return value;
// Add any new runners, because a staller timed out or a result
// or error response came in.
for (let i = 0; i < newRunners; i++) {
this.#addRunner(running, req);
// All providers have returned, and we have no result
assert$1(interesting.length > 0, "quorum not met", "SERVER_ERROR", {
request: "%sub-requests",
info: { request: req, results: Array.from(running).map((r) => stringify(r.result)) }
// Wait for someone to either complete its perform or stall out
await Promise.race(interesting);
// This is recursive, but at worst case the depth is 2x the
// number of providers (each has a perform and a staller)
return await this.#waitForQuorum(running, req);
async _perform(req) {
// Broadcasting a transaction is rare (ish) and already incurs
// a cost on the user, so spamming is safe-ish. Just send it to
// every backend.
if (req.method === "broadcastTransaction") {
const results = await Promise.all( ({ provider, weight }) => {
try {
const result = await provider._perform(req);
return Object.assign(normalizeResult({ result }), { weight });
catch (error) {
return Object.assign(normalizeResult({ error }), { weight });
const result = getAnyResult(this.quorum, results);
assert$1(result !== undefined, "problem multi-broadcasting", "SERVER_ERROR", {
request: "%sub-requests",
info: { request: req, results: }
if (result instanceof Error) {
throw result;
return result;
await this.#initialSync();
// Bootstrap enough runners to meet quorum
const running = new Set();
for (let i = 0; i < this.quorum; i++) {
this.#addRunner(running, req);
const result = await this.#waitForQuorum(running, req);
// Track requests sent to a provider that are still
// outstanding after quorum has been otherwise found
for (const runner of running) {
if (runner.perform && runner.result == null) {
return result;
async destroy() {
for (const { provider } of this.#configs) {
function isWebSocketLike(value) {
return (value && typeof (value.send) === "function" &&
typeof (value.close) === "function");
function getDefaultProvider(network, options) {
if (options == null) {
options = {};
if (typeof (network) === "string" && network.match(/^https?:/)) {
return new JsonRpcProvider(network);
if (typeof (network) === "string" && network.match(/^wss?:/) || isWebSocketLike(network)) {
return new WebSocketProvider(network);
const providers = [];
if (options.alchemy !== "-") {
try {
providers.push(new AlchemyProvider(network, options.alchemy));
catch (error) {
if (options.ankr !== "-") {
try {
providers.push(new AnkrProvider(network, options.ankr));
catch (error) {
if (options.cloudflare !== "-") {
try {
providers.push(new CloudflareProvider(network));
catch (error) {
if (options.etherscan !== "-") {
try {
providers.push(new EtherscanProvider(network, options.etherscan));
catch (error) {
if (options.infura !== "-") {
try {
let projectId = options.infura;
let projectSecret = undefined;
if (typeof (projectId) === "object") {
projectSecret = projectId.projectSecret;
projectId = projectId.projectId;
providers.push(new InfuraProvider(network, projectId, projectSecret));
catch (error) {
if (options.pocket !== "-") {
try {
let appId = options.pocket;
let secretKey: undefined | string = undefined;
let loadBalancer: undefined | boolean = undefined;
if (typeof(appId) === "object") {
loadBalancer = !!appId.loadBalancer;
secretKey = appId.secretKey;
appId = appId.appId;
providers.push(new PocketProvider(network, appId, secretKey, loadBalancer));
} catch (error) { console.log(error); }
if (options.quicknode !== "-") {
try {
let token = options.quicknode;
providers.push(new QuickNodeProvider(network, token));
catch (error) {
assert$1(providers.length, "unsupported default network", "UNSUPPORTED_OPERATION", {
operation: "getDefaultProvider"
if (providers.length === 1) {
return providers[0];
return new FallbackProvider(providers);
class NonceManager extends AbstractSigner {
constructor(signer) {
defineProperties(this, { signer });
this.#noncePromise = null;
this.#delta = 0;
async getAddress() {
return this.signer.getAddress();
connect(provider) {
return new NonceManager(this.signer.connect(provider));
async getNonce(blockTag) {
if (blockTag === "pending") {
if (this.#noncePromise == null) {
this.#noncePromise = super.getNonce("pending");
const delta = this.#delta;
return (await this.#noncePromise) + delta;
return super.getNonce(blockTag);
increment() {
reset() {
this.#delta = 0;
this.#noncePromise = null;
async sendTransaction(tx) {
const noncePromise = this.getNonce("pending");
tx = await this.signer.populateTransaction(tx);
tx.nonce = await noncePromise;
// @TODO: Maybe handle interesting/recoverable errors?
// Like don't increment if the tx was certainly not sent
return await this.signer.sendTransaction(tx);
signTransaction(tx) {
return this.signer.signTransaction(tx);
signMessage(message) {
return this.signer.signMessage(message);
signTypedData(domain, types, value) {
return this.signer.signTypedData(domain, types, value);
class BrowserProvider extends JsonRpcApiPollingProvider {
constructor(ethereum, network) {
super(network, { batchMaxCount: 1 });
this.#request = async (method, params) => {
const payload = { method, params };
this.emit("debug", { action: "sendEip1193Request", payload });
try {
const result = await ethereum.request(payload);
this.emit("debug", { action: "receiveEip1193Result", result });
return result;
catch (e) {
const error = new Error(e.message);
error.code = e.code; =;
error.payload = payload;
this.emit("debug", { action: "receiveEip1193Error", error });
throw error;
async send(method, params) {
await this._start();
return await super.send(method, params);
async _send(payload) {
assertArgument(!Array.isArray(payload), "EIP-1193 does not support batch request", "payload", payload);
try {
const result = await this.#request(payload.method, payload.params || []);
return [{ id:, result }];
catch (e) {
return [{
error: { code: e.code, data:, message: e.message }
getRpcError(payload, error) {
error = JSON.parse(JSON.stringify(error));
// EIP-1193 gives us some machine-readable error codes, so rewrite
// them into
switch (error.error.code || -1) {
case 4001:
error.error.message = `ethers-user-denied: ${error.error.message}`;
case 4200:
error.error.message = `ethers-unsupported: ${error.error.message}`;
return super.getRpcError(payload, error);
async hasSigner(address) {
if (address == null) {
address = 0;
const accounts = await this.send("eth_accounts", []);
if (typeof (address) === "number") {
return (accounts.length > address);
address = address.toLowerCase();
return accounts.filter((a) => (a.toLowerCase() === address)).length !== 0;
async getSigner(address) {
if (address == null) {
address = 0;
if (!(await this.hasSigner(address))) {
try {
//const resp =
await this.#request("eth_requestAccounts", []);
//console.log("RESP", resp);
catch (error) {
const payload = error.payload;
throw this.getRpcError(payload, { id:, error });
return await super.getSigner(address);
* [[link-pocket]] provides a third-party service for connecting to
* various blockchains over JSON-RPC.
* **Supported Networks**
* - Ethereum Mainnet (``mainnet``)
* - Goerli Testnet (``goerli``)
* - Polygon (``matic``)
* - Arbitrum (``arbitrum``)
* @_subsection: api/providers/thirdparty:Pocket [providers-pocket]
const defaultApplicationId = "62e1ad51b37b8e00394bda3b";
function getHost(name) {
switch (name) {
case "mainnet":
return "";
case "goerli":
return "";
case "matic":
return "";
case "maticmum":
return "";
assertArgument(false, "unsupported network", "network", name);
* The **PocketProvider** connects to the [[link-pocket]]
* JSON-RPC end-points.
* By default, a highly-throttled API key is used, which is
* appropriate for quick prototypes and simple scripts. To
* gain access to an increased rate-limit, it is highly
* recommended to [sign up here](link-pocket-signup).
class PocketProvider extends JsonRpcProvider {
* The Application ID for the Pocket connection.
* The Application Secret for making authenticated requests
* to the Pocket connection.
* Create a new **PocketProvider**.
* By default connecting to ``mainnet`` with a highly throttled
* API key.
constructor(_network, applicationId, applicationSecret) {
if (_network == null) {
_network = "mainnet";
const network = Network.from(_network);
if (applicationId == null) {
applicationId = defaultApplicationId;
if (applicationSecret == null) {
applicationSecret = null;
const options = { staticNetwork: network };
const request = PocketProvider.getRequest(network, applicationId, applicationSecret);
super(request, network, options);
defineProperties(this, { applicationId, applicationSecret });
_getProvider(chainId) {
try {
return new PocketProvider(chainId, this.applicationId, this.applicationSecret);
catch (error) { }
return super._getProvider(chainId);
* Returns a prepared request for connecting to %%network%% with
* %%applicationId%%.
static getRequest(network, applicationId, applicationSecret) {
if (applicationId == null) {
applicationId = defaultApplicationId;
const request = new FetchRequest(`https:/\/${getHost(}/v1/lb/${applicationId}`);
request.allowGzip = true;
if (applicationSecret) {
request.setCredentials("", applicationSecret);
if (applicationId === defaultApplicationId) {
request.retryFunc = async (request, response, attempt) => {
return true;
return request;
isCommunityResource() {
return (this.applicationId === defaultApplicationId);
const IpcSocketProvider = undefined;
* About providers.
* @_section: api/providers:Providers [about-providers]
* The **BaseWallet** is a stream-lined implementation of a
* [[Signer]] that operates with a private key.
* It is preferred to use the [[Wallet]] class, as it offers
* additional functionality and simplifies loading a variety
* of JSON formats, Mnemonic Phrases, etc.
* This class may be of use for those attempting to implement
* a minimal Signer.
class BaseWallet extends AbstractSigner {
* The wallet address.
* Creates a new BaseWallet for %%privateKey%%, optionally
* connected to %%provider%%.
* If %%provider%% is not specified, only offline methods can
* be used.
constructor(privateKey, provider) {
assertArgument(privateKey && typeof (privateKey.sign) === "function", "invalid private key", "privateKey", "[ REDACTED ]");
this.#signingKey = privateKey;
const address = computeAddress(this.signingKey.publicKey);
defineProperties(this, { address });
// Store private values behind getters to reduce visibility
// in console.log
* The [[SigningKey]] used for signing payloads.
get signingKey() { return this.#signingKey; }
* The private key for this wallet.
get privateKey() { return this.signingKey.privateKey; }
async getAddress() { return this.address; }
connect(provider) {
return new BaseWallet(this.#signingKey, provider);
async signTransaction(tx) {
// Replace any Addressable or ENS name with an address
const { to, from } = await resolveProperties({
to: ( ? resolveAddress(, this.provider) : undefined),
from: (tx.from ? resolveAddress(tx.from, this.provider) : undefined)
if (to != null) { = to;
if (from != null) {
tx.from = from;
if (tx.from != null) {
assertArgument(getAddress((tx.from)) === this.address, "transaction from address mismatch", "tx.from", tx.from);
delete tx.from;
// Build the transaction
const btx = Transaction.from(tx);
btx.signature = this.signingKey.sign(btx.unsignedHash);
return btx.serialized;
async signMessage(message) {
return this.signMessageSync(message);
// @TODO: Add a secialized signTx and signTyped sync that enforces
// all parameters are known?
* Returns the signature for %%message%% signed with this wallet.
signMessageSync(message) {
return this.signingKey.sign(hashMessage(message)).serialized;
async signTypedData(domain, types, value) {
// Populate any ENS names
const populated = await TypedDataEncoder.resolveNames(domain, types, value, async (name) => {
// @TODO: this should use resolveName; addresses don't
// need a provider
assert$1(this.provider != null, "cannot resolve ENS names without a provider", "UNSUPPORTED_OPERATION", {
operation: "resolveName",
info: { name }
const address = await this.provider.resolveName(name);
assert$1(address != null, "unconfigured ENS name", "UNCONFIGURED_NAME", {
value: name
return address;
return this.signingKey.sign(TypedDataEncoder.hash(populated.domain, types, populated.value)).serialized;
const subsChrs = " !#$%&'()*+,-./<=>?@[]^_`{|}~";
const Word = /^[a-z]*$/i;
function unfold(words, sep) {
let initial = 97;
return words.reduce((accum, word) => {
if (word === sep) {
else if (word.match(Word)) {
accum.push(String.fromCharCode(initial) + word);
else {
initial = 97;
return accum;
}, []);
* @_ignore
function decode(data, subs) {
// Replace all the substitutions with their expanded form
for (let i = subsChrs.length - 1; i >= 0; i--) {
data = data.split(subsChrs[i]).join(subs.substring(2 * i, 2 * i + 2));
// Get all tle clumps; each suffix, first-increment and second-increment
const clumps = [];
const leftover = data.replace(/(:|([0-9])|([A-Z][a-z]*))/g, (all, item, semi, word) => {
if (semi) {
for (let i = parseInt(semi); i >= 0; i--) {
else {
return "";
/* c8 ignore start */
if (leftover) {
throw new Error(`leftovers: ${JSON.stringify(leftover)}`);
/* c8 ignore stop */
return unfold(unfold(clumps, ";"), ":");
* @_ignore
function decodeOwl(data) {
assertArgument(data[0] === "0", "unsupported auwl data", "data", data);
return decode(data.substring(1 + 2 * subsChrs.length), data.substring(1, 1 + 2 * subsChrs.length));
* A Wordlist represents a collection of language-specific
* words used to encode and devoce [[link-bip-39]] encoded data
* by mapping words to 11-bit values and vice versa.
class Wordlist {
* Creates a new Wordlist instance.
* Sub-classes MUST call this if they provide their own constructor,
* passing in the locale string of the language.
* Generally there is no need to create instances of a Wordlist,
* since each language-specific Wordlist creates an instance and
* there is no state kept internally, so they are safe to share.
constructor(locale) {
defineProperties(this, { locale });
* Sub-classes may override this to provide a language-specific
* method for spliting %%phrase%% into individual words.
* By default, %%phrase%% is split using any sequences of
* white-space as defined by regular expressions (i.e. ``/\s+/``).
split(phrase) {
return phrase.toLowerCase().split(/\s+/g);
* Sub-classes may override this to provider a language-specific
* method for joining %%words%% into a phrase.
* By default, %%words%% are joined by a single space.
join(words) {
return words.join(" ");
// Use the encode-latin.js script to create the necessary
* An OWL format Wordlist is an encoding method that exploits
* the general locality of alphabetically sorted words to
* achieve a simple but effective means of compression.
* This class is generally not useful to most developers as
* it is used mainly internally to keep Wordlists for languages
* based on ASCII-7 small.
* If necessary, there are tools within the ``generation/`` folder
* to create these necessary data.
class WordlistOwl extends Wordlist {
* Creates a new Wordlist for %%locale%% using the OWL %%data%%
* and validated against the %%checksum%%.
constructor(locale, data, checksum) {
this.#data = data;
this.#checksum = checksum;
this.#words = null;
get _data() { return this.#data; }
_decodeWords() {
return decodeOwl(this.#data);
#loadWords() {
if (this.#words == null) {
const words = this._decodeWords();
// Verify the computed list matches the official list
const checksum = id(words.join("\n") + "\n");
/* c8 ignore start */
if (checksum !== this.#checksum) {
throw new Error(`BIP39 Wordlist for ${this.locale} FAILED`);
/* c8 ignore stop */
this.#words = words;
return this.#words;
getWord(index) {
const words = this.#loadWords();
assertArgument(index >= 0 && index < words.length, `invalid word index: ${index}`, "index", index);
return words[index];
getWordIndex(word) {
return this.#loadWords().indexOf(word);
const words = "0erleonalorenseinceregesticitStanvetearctssi#ch2Athck&tneLl0And#Il.yLeOutO=S|S%b/ra@SurdU'0Ce[Cid|CountCu'Hie=IdOu,-Qui*Ro[TT]T%T*[Tu$0AptDD-tD*[Ju,M.UltV<)Vi)0Rob-0FairF%dRaid0A(EEntRee0Ead0MRRp%tS!_rmBumCoholErtI&LLeyLowMo,O}PhaReadySoT Ways0A>urAz(gOngOuntU'd0Aly,Ch%Ci|G G!GryIm$K!Noun)Nu$O` Sw T&naTiqueXietyY1ArtOlogyPe?P!Pro=Ril1ChCt-EaEnaGueMMedM%MyOundR<+Re,Ri=RowTTefa@Ti,Tw%k0KPe@SaultSetSi,SumeThma0H!>OmTa{T&dT.udeTra@0Ct]D.Gu,NtTh%ToTumn0Era+OcadoOid0AkeA*AyEsomeFulKw?d0Is:ByChel%C#D+GL<)Lc#y~MbooN<aNn RRelyRga(R*lSeS-SketTt!3A^AnAutyCau'ComeEfF%eG(Ha=H(dLie=LowLtN^Nef./TrayTt Twe&Y#d3Cyc!DKeNdOlogyRdR`Tt _{AdeAmeAnketA,EakE[IndOodO[omOu'UeUrUsh_rdAtDyIlMbNeNusOkO,Rd R(gRrowSsTtomUn)XY_{etA(AndA[A=EadEezeI{Id+IefIghtIngIskOccoliOk&OnzeOomO` OwnUsh2Bb!DdyD+tFf$oIldLbLkL!tNd!Nk Rd&Rg R,SS(e[SyTt Y Zz:Bba+B(B!CtusGeKe~LmM aMpNN$N)lNdyNn#NoeNvasNy#Pab!P.$Pta(RRb#RdRgoRpetRryRtSeShS(o/!Su$TT$ogT^Teg%yTt!UghtU'Ut]Ve3Il(gL yM|NsusNturyRe$Rta(_irAlkAmp]An+AosApt Ar+A'AtEapE{Ee'EfErryE,I{&IefIldIm}yOi)Oo'R#-U{!UnkUrn0G?Nnam#Rc!Tiz&TyVil_imApArifyAwAyE<ErkEv I{I|IffImbIn-IpO{OgO'O`OudOwnUbUmpU, Ut^_^A,C#utDeFfeeIlInL!@L%LumnMb(eMeMf%tM-Mm#Mp<yNc tNdu@NfirmNg*[N}@Nsid NtrolNv()OkOlPp PyR$ReRnR*@/Tt#U^UntryUp!Ur'Us(V Yo>_{Ad!AftAmA}AshAt AwlAzyEamEd.EekEwI{etImeIspIt-OpO[Ou^OwdUci$UelUi'Umb!Un^UshYY,$2BeLtu*PPbo?dRiousRr|Rta(R=Sh]/omTe3C!:DMa+MpN)Ng R(gShUght WnY3AlBa>BrisCadeCemb CideCl(eC%a>C*a'ErF&'F(eFyG*eLayLiv M<dMi'Ni$Nti,NyP?tP&dPos.P`PutyRi=ScribeS tSignSkSpair/royTailTe@VelopVi)Vo>3AgramAlAm#dAryCeE'lEtFf G.$Gn.yLemmaNn NosaurRe@RtSag*eScov Sea'ShSmi[S%d Splay/<)V tVideV%)Zzy5Ct%Cum|G~Lph(Ma(Na>NkeyN%OrSeUb!Ve_ftAg#AmaA,-AwEamE[IftIllInkIpI=OpUmY2CkMbNeR(g/T^Ty1Arf1Nam-:G G!RlyRnR`Sily/Sy1HoOlogyOnomy0GeItUca>1F%t0G1GhtTh 2BowD E@r-Eg<tEm|Eph<tEvat%I>Se0B?kBodyBra)Er+Ot]PloyPow Pty0Ab!A@DD![D%'EmyErgyF%)Ga+G(eH<)JoyLi,OughR-hRollSu*T Ti*TryVelope1Isode0U$Uip0AA'OdeOs]R%Upt0CapeSayS&)Ta>0Ern$H-s1Id&)IlOkeOl=1A@Amp!Ce[Ch<+C.eCludeCu'Ecu>Erci'Hau,Hib.I!I,ItOt-P<dPe@Pi*Pla(Po'P*[T&dTra0EEbrow:Br-CeCultyDeIntI`~L'MeMilyMousNNcyNtasyRmSh]TT$Th TigueUltV%.e3Atu*Bru?yD $EEdElMa!N)/iv$T^V W3B Ct]EldGu*LeLmLt N$NdNeNg NishReRmR,Sc$ShTT}[X_gAmeAshAtAv%EeIghtIpOatO{O%Ow UidUshY_mCusGIlLd~owOdOtR)Re,R+tRkRtu}RumRw?dSsil/ UndX_gi!AmeEqu|EshI&dIn+OgOntO,OwnOz&U.2ElNNnyRna)RyTu*:D+tInLaxy~ yMePRa+Rba+Rd&Rl-Rm|SSpTeTh U+Ze3N $NiusN*Nt!Nu(e/u*2O,0AntFtGg!Ng RaffeRlVe_dAn)A*A[IdeImp'ObeOomOryO=OwUe_tDde[LdOdO'RillaSpelSsipV nWn_bA)A(AntApeA[Av.yEatE&IdIefItOc yOupOwUnt_rdE[IdeIltIt?N3M:B.IrLfMm M, NdPpyRb%RdRshR=,TVeWkZ?d3AdAl`ArtAvyD+hogIght~oLmetLpNRo3Dd&Gh~NtPRe/%y5BbyCkeyLdLeLiday~owMeNeyOdPeRnRr%R'Sp.$/TelUrV 5BGeM<Mb!M%Nd*dNgryNtRd!RryRtSb<d3Brid:1EOn0EaEntifyLe2N%e4LLeg$L}[0A+Ita>M&'Mu}Pa@Po'Pro=Pul'0ChCludeComeC*a'DexD-a>Do%Du,ryF<tFl-tF%mHa!H .Iti$Je@JuryMa>N Noc|PutQuiryS<eSe@SideSpi*/$lTa@T e,ToVe,V.eVol=3On0L<dOla>Sue0Em1Ory:CketGu?RZz3AlousAns~yWel9BInKeUr}yY5D+I)MpNg!Ni%Nk/:Ng?oo3EnEpT^upY3CkDD}yNdNgdomSsTT^&TeTt&Wi4EeIfeO{Ow:BBelB%Dd DyKeMpNgua+PtopR+T T(UghUndryVaWWnWsu.Y Zy3Ad AfArnA=Ctu*FtGG$G&dIsu*M#NdNg`NsOp?dSs#Tt Vel3ArB tyBr?yC&'FeFtGhtKeMbM.NkOnQuid/Tt!VeZ?d5AdAnB, C$CkG-NelyNgOpTt yUdUn+VeY$5CkyGga+Mb N?N^Xury3R-s:Ch(eDG-G}tIdIlInJ%KeMm$NNa+Nda>NgoNs]Nu$P!Rb!R^Rg(R(eRketRria+SkSs/ T^T i$ThTrixTt XimumZe3AdowAnAsu*AtCh<-D$DiaLodyLtMb M%yNt]NuRcyR+R.RryShSsa+T$Thod3Dd!DnightLk~]M-NdNimumN%Nu>Rac!Rr%S ySs/akeXXedXtu*5Bi!DelDifyMM|N.%NkeyN, N`OnR$ReRn(gSqu.oTh T]T%Unta(U'VeVie5ChFf(LeLtiplySc!SeumShroomS-/Tu$3Self/ yTh:I=MePk(Rrow/yT]Tu*3ArCkEdGati=G!@I` PhewR=/TTw%kUtr$V WsXt3CeGht5B!I'M(eeOd!Rm$R`SeTab!TeTh(gTi)VelW5C!?Mb R'T:K0EyJe@Li+Scu*S =Ta(Vious0CurE<Tob 0Or1FF Fi)T&2L1Ay0DI=Ymp-0It0CeEI#L(eLy1EnEraIn]Po'T]1An+B.Ch?dD D(?yG<I|Ig($Ph<0Tr-h0H 0Tdo%T TputTside0AlEnEr0NN 0Yg&0/ 0O}:CtDd!GeIrLa)LmNdaNelN-N` P RadeR|RkRrotRtySsT^ThTi|TrolTt nU'VeYm|3A)AnutArAs<tL-<NN$tyNcilOp!Pp Rfe@Rm.Rs#T2O}OtoRa'Ys-$0AnoCn-Ctu*E)GGe#~LotNkO} Pe/olT^Zza_)A}tA,-A>AyEa'Ed+U{UgUn+2EmEtIntL?LeLi)NdNyOlPul?Rt]S.]Ssib!/TatoTt yV tyWd W _@i)Ai'Ed-tEf Epa*Es|EttyEv|I)IdeIm?yIntI%.yIs#Iva>IzeOb!mO)[Odu)Of.OgramOj
const checksum = "0x3c8acc1e7b08d8e76f9fda015ef48dc8c710a73cb7e0f77b2c18a9b5a7adde60";
let wordlist = null;
* The [[link-bip39-en]] for [mnemonic phrases](link-bip-39).
* @_docloc: api/wordlists
class LangEn extends WordlistOwl {
* Creates a new instance of the English language Wordlist.
* This should be unnecessary most of the time as the exported
* [[langEn]] should suffice.
* @_ignore:
constructor() { super("en", words, checksum); }
* Returns a singleton instance of a ``LangEn``, creating it
* if this is the first time being called.
static wordlist() {
if (wordlist == null) {
wordlist = new LangEn();
return wordlist;
// Returns a byte with the MSB bits set
function getUpperMask(bits) {
return ((1 << bits) - 1) << (8 - bits) & 0xff;
// Returns a byte with the LSB bits set
function getLowerMask(bits) {
return ((1 << bits) - 1) & 0xff;
function mnemonicToEntropy(mnemonic, wordlist) {
if (wordlist == null) {
wordlist = LangEn.wordlist();
const words = wordlist.split(mnemonic);
assertArgument((words.length % 3) === 0 && words.length >= 12 && words.length <= 24, "invalid mnemonic length", "mnemonic", "[ REDACTED ]");
const entropy = new Uint8Array(Math.ceil(11 * words.length / 8));
let offset = 0;
for (let i = 0; i < words.length; i++) {
let index = wordlist.getWordIndex(words[i].normalize("NFKD"));
assertArgument(index >= 0, `invalid mnemonic word at index ${i}`, "mnemonic", "[ REDACTED ]");
for (let bit = 0; bit < 11; bit++) {
if (index & (1 << (10 - bit))) {
entropy[offset >> 3] |= (1 << (7 - (offset % 8)));
const entropyBits = 32 * words.length / 3;
const checksumBits = words.length / 3;
const checksumMask = getUpperMask(checksumBits);
const checksum = getBytes(sha256(entropy.slice(0, entropyBits / 8)))[0] & checksumMask;
assertArgument(checksum === (entropy[entropy.length - 1] & checksumMask), "invalid mnemonic checksum", "mnemonic", "[ REDACTED ]");
return hexlify(entropy.slice(0, entropyBits / 8));
function entropyToMnemonic(entropy, wordlist) {
assertArgument((entropy.length % 4) === 0 && entropy.length >= 16 && entropy.length <= 32, "invalid entropy size", "entropy", "[ REDACTED ]");
if (wordlist == null) {
wordlist = LangEn.wordlist();
const indices = [0];
let remainingBits = 11;
for (let i = 0; i < entropy.length; i++) {
// Consume the whole byte (with still more to go)
if (remainingBits > 8) {
indices[indices.length - 1] <<= 8;
indices[indices.length - 1] |= entropy[i];
remainingBits -= 8;
// This byte will complete an 11-bit index
else {
indices[indices.length - 1] <<= remainingBits;
indices[indices.length - 1] |= entropy[i] >> (8 - remainingBits);
// Start the next word
indices.push(entropy[i] & getLowerMask(8 - remainingBits));
remainingBits += 3;
// Compute the checksum bits
const checksumBits = entropy.length / 4;
const checksum = parseInt(sha256(entropy).substring(2, 4), 16) & getUpperMask(checksumBits);
// Shift the checksum into the word indices
indices[indices.length - 1] <<= checksumBits;
indices[indices.length - 1] |= (checksum >> (8 - checksumBits));
return wordlist.join( => wordlist.getWord(index)));
const _guard$1 = {};
* A **Mnemonic** wraps all properties required to compute [[link-bip-39]]
* seeds and convert between phrases and entropy.
class Mnemonic {
* The mnemonic phrase of 12, 15, 18, 21 or 24 words.
* Use the [[wordlist]] ``split`` method to get the individual words.
* The password used for this mnemonic. If no password is used this
* is the empty string (i.e. ``""``) as per the specification.
* The wordlist for this mnemonic.
* The underlying entropy which the mnemonic encodes.
* @private
constructor(guard, entropy, phrase, password, wordlist) {
if (password == null) {
password = "";
if (wordlist == null) {
wordlist = LangEn.wordlist();
assertPrivate(guard, _guard$1, "Mnemonic");
defineProperties(this, { phrase, password, wordlist, entropy });
* Returns the seed for the mnemonic.
computeSeed() {
const salt = toUtf8Bytes("mnemonic" + this.password, "NFKD");
return pbkdf2(toUtf8Bytes(this.phrase, "NFKD"), salt, 2048, 64, "sha512");
* Creates a new Mnemonic for the %%phrase%%.
* The default %%password%% is the empty string and the default
* wordlist is the [English wordlists](LangEn).
static fromPhrase(phrase, password, wordlist) {
// Normalize the case and space; throws if invalid
const entropy = mnemonicToEntropy(phrase, wordlist);
phrase = entropyToMnemonic(getBytes(entropy), wordlist);
return new Mnemonic(_guard$1, entropy, phrase, password, wordlist);
* Create a new **Mnemonic** from the %%entropy%%.
* The default %%password%% is the empty string and the default
* wordlist is the [English wordlists](LangEn).
static fromEntropy(_entropy, password, wordlist) {
const entropy = getBytes(_entropy, "entropy");
const phrase = entropyToMnemonic(entropy, wordlist);
return new Mnemonic(_guard$1, hexlify(entropy), phrase, password, wordlist);
* Returns the phrase for %%mnemonic%%.
static entropyToPhrase(_entropy, wordlist) {
const entropy = getBytes(_entropy, "entropy");
return entropyToMnemonic(entropy, wordlist);
* Returns the entropy for %%phrase%%.
static phraseToEntropy(phrase, wordlist) {
return mnemonicToEntropy(phrase, wordlist);
* Returns true if %%phrase%% is a valid [[link-bip-39]] phrase.
* This checks all the provided words belong to the %%wordlist%%,
* that the length is valid and the checksum is correct.
static isValidMnemonic(phrase, wordlist) {
try {
mnemonicToEntropy(phrase, wordlist);
return true;
catch (error) { }
return false;
/*! MIT License. Copyright 2015-2022 Richard Moore <>. See LICENSE.txt. */
var __classPrivateFieldSet$4 = (window && window.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
if (kind === "m") throw new TypeError("Private method is not writable");
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
return (kind === "a" ?, value) : f ? f.value = value : state.set(receiver, value)), value;
var __classPrivateFieldGet$4 = (window && window.__classPrivateFieldGet) || function (receiver, state, kind, f) {
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
return kind === "m" ? f : kind === "a" ? : f ? f.value : state.get(receiver);
var _AES_key, _AES_Kd, _AES_Ke;
// Number of rounds by keysize
const numberOfRounds = { 16: 10, 24: 12, 32: 14 };
// Round constant words
const rcon = [0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91];
// S-box and Inverse S-box (S is for Substitution)
const S = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16];
const Si = [0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d];
// Transformations for encryption
const T1 = [0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a];
const T2 = [0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0, 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc, 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1, 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a, 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded, 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f, 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5, 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2, 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c, 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea, 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e, 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616];
const T3 = [0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b, 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d, 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0, 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0, 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26, 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1, 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15, 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a, 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2, 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a, 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0, 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384, 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed, 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239, 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf, 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185, 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f, 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f, 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5, 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2, 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec, 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d, 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673, 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88, 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814, 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb, 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a, 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c, 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279, 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d, 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea, 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008, 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6, 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f, 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66, 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e, 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e, 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211, 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9, 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df, 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d, 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068, 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f, 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16];
const T4 = [0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56, 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa, 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb, 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b, 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c, 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9, 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a, 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f, 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf, 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34, 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b, 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713, 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1, 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72, 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85, 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411, 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe, 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05, 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1, 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf, 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3, 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a, 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6, 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b, 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28, 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad, 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14, 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8, 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2, 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da, 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf, 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810, 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197, 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e, 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc, 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c, 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927, 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322, 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9, 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5, 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a, 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0, 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e, 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c];
// Transformations for decryption
const T5 = [0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742];
const T6 = [0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708, 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10, 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015, 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000, 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91, 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46, 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a, 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8, 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6, 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95, 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857];
const T7 = [0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3, 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502, 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe, 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3, 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9, 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9, 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253, 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908, 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655, 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337, 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69, 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6, 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e, 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6, 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9, 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8, 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000, 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a, 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d, 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b, 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12, 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e, 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f, 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4, 0xdccad731, 0x85104263, 0x22401397, 0x112084c6, 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1, 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9, 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4, 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad, 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3, 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25, 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f, 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15, 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0, 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2, 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7, 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496, 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665, 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6, 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13, 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7, 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844, 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d, 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8];
const T8 = [0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5, 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d, 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b, 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e, 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27, 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562, 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9, 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66, 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3, 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced, 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e, 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4, 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd, 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d, 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60, 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767, 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79, 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000, 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c, 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736, 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b, 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c, 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814, 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3, 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8, 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084, 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077, 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247, 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698, 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f, 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582, 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf, 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883, 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef, 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035, 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533, 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4, 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46, 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb, 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d, 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb, 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73, 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678, 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff, 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064, 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0];
// Transformations for decryption key expansion
const U1 = [0x00000000, 0x0e090d0b, 0x1c121a16, 0x121b171d, 0x3824342c, 0x362d3927, 0x24362e3a, 0x2a3f2331, 0x70486858, 0x7e416553, 0x6c5a724e, 0x62537f45, 0x486c5c74, 0x4665517f, 0x547e4662, 0x5a774b69, 0xe090d0b0, 0xee99ddbb, 0xfc82caa6, 0xf28bc7ad, 0xd8b4e49c, 0xd6bde997, 0xc4a6fe8a, 0xcaaff381, 0x90d8b8e8, 0x9ed1b5e3, 0x8ccaa2fe, 0x82c3aff5, 0xa8fc8cc4, 0xa6f581cf, 0xb4ee96d2, 0xbae79bd9, 0xdb3bbb7b, 0xd532b670, 0xc729a16d, 0xc920ac66, 0xe31f8f57, 0xed16825c, 0xff0d9541, 0xf104984a, 0xab73d323, 0xa57ade28, 0xb761c935, 0xb968c43e, 0x9357e70f, 0x9d5eea04, 0x8f45fd19, 0x814cf012, 0x3bab6bcb, 0x35a266c0, 0x27b971dd, 0x29b07cd6, 0x038f5fe7, 0x0d8652ec, 0x1f9d45f1, 0x119448fa, 0x4be30393, 0x45ea0e98, 0x57f11985, 0x59f8148e, 0x73c737bf, 0x7dce3ab4, 0x6fd52da9, 0x61dc20a2, 0xad766df6, 0xa37f60fd, 0xb16477e0, 0xbf6d7aeb, 0x955259da, 0x9b5b54d1, 0x894043cc, 0x87494ec7, 0xdd3e05ae, 0xd33708a5, 0xc12c1fb8, 0xcf2512b3, 0xe51a3182, 0xeb133c89, 0xf9082b94, 0xf701269f, 0x4de6bd46, 0x43efb04d, 0x51f4a750, 0x5ffdaa5b, 0x75c2896a, 0x7bcb8461, 0x69d0937c, 0x67d99e77, 0x3daed51e, 0x33a7d815, 0x21bccf08, 0x2fb5c203, 0x058ae132, 0x0b83ec39, 0x1998fb24, 0x1791f62f, 0x764dd68d, 0x7844db86, 0x6a5fcc9b, 0x6456c190, 0x4e69e2a1, 0x4060efaa, 0x527bf8b7, 0x5c72f5bc, 0x0605bed5, 0x080cb3de, 0x1a17a4c3, 0x141ea9c8, 0x3e218af9, 0x302887f2, 0x223390ef, 0x2c3a9de4, 0x96dd063d, 0x98d40b36, 0x8acf1c2b, 0x84c61120, 0xaef93211, 0xa0f03f1a, 0xb2eb2807, 0xbce2250c, 0xe6956e65, 0xe89c636e, 0xfa877473, 0xf48e7978, 0xdeb15a49, 0xd0b85742, 0xc2a3405f, 0xccaa4d54, 0x41ecdaf7, 0x4fe5d7fc, 0x5dfec0e1, 0x53f7cdea, 0x79c8eedb, 0x77c1e3d0, 0x65daf4cd, 0x6bd3f9c6, 0x31a4b2af, 0x3fadbfa4, 0x2db6a8b9, 0x23bfa5b2, 0x09808683, 0x07898b88, 0x15929c95, 0x1b9b919e, 0xa17c0a47, 0xaf75074c, 0xbd6e1051, 0xb3671d5a, 0x99583e6b, 0x97513360, 0x854a247d, 0x8b432976, 0xd134621f, 0xdf3d6f14, 0xcd267809, 0xc32f7502, 0xe9105633, 0xe7195b38, 0xf5024c25, 0xfb0b412e, 0x9ad7618c, 0x94de6c87, 0x86c57b9a, 0x88cc7691, 0xa2f355a0, 0xacfa58ab, 0xbee14fb6, 0xb0e842bd, 0xea9f09d4, 0xe49604df, 0xf68d13c2, 0xf8841ec9, 0xd2bb3df8, 0xdcb230f3, 0xcea927ee, 0xc0a02ae5, 0x7a47b13c, 0x744ebc37, 0x6655ab2a, 0x685ca621, 0x42638510, 0x4c6a881b, 0x5e719f06, 0x5078920d, 0x0a0fd964, 0x0406d46f, 0x161dc372, 0x1814ce79, 0x322bed48, 0x3c22e043, 0x2e39f75e, 0x2030fa55, 0xec9ab701, 0xe293ba0a, 0xf088ad17, 0xfe81a01c, 0xd4be832d, 0xdab78e26, 0xc8ac993b, 0xc6a59430, 0x9cd2df59, 0x92dbd252, 0x80c0c54f, 0x8ec9c844, 0xa4f6eb75, 0xaaffe67e, 0xb8e4f163, 0xb6edfc68, 0x0c0a67b1, 0x02036aba, 0x10187da7, 0x1e1170ac, 0x342e539d, 0x3a275e96, 0x283c498b, 0x26354480, 0x7c420fe9, 0x724b02e2, 0x605015ff, 0x6e5918f4, 0x44663bc5, 0x4a6f36ce, 0x587421d3, 0x567d2cd8, 0x37a10c7a, 0x39a80171, 0x2bb3166c, 0x25ba1b67, 0x0f853856, 0x018c355d, 0x13972240, 0x1d9e2f4b, 0x47e96422, 0x49e06929, 0x5bfb7e34, 0x55f2733f, 0x7fcd500e, 0x71c45d05, 0x63df4a18, 0x6dd64713, 0xd731dcca, 0xd938d1c1, 0xcb23c6dc, 0xc52acbd7, 0xef15e8e6, 0xe11ce5ed, 0xf307f2f0, 0xfd0efffb, 0xa779b492, 0xa970b999, 0xbb6bae84, 0xb562a38f, 0x9f5d80be, 0x91548db5, 0x834f9aa8, 0x8d4697a3];
const U2 = [0x00000000, 0x0b0e090d, 0x161c121a, 0x1d121b17, 0x2c382434, 0x27362d39, 0x3a24362e, 0x312a3f23, 0x58704868, 0x537e4165, 0x4e6c5a72, 0x4562537f, 0x74486c5c, 0x7f466551, 0x62547e46, 0x695a774b, 0xb0e090d0, 0xbbee99dd, 0xa6fc82ca, 0xadf28bc7, 0x9cd8b4e4, 0x97d6bde9, 0x8ac4a6fe, 0x81caaff3, 0xe890d8b8, 0xe39ed1b5, 0xfe8ccaa2, 0xf582c3af, 0xc4a8fc8c, 0xcfa6f581, 0xd2b4ee96, 0xd9bae79b, 0x7bdb3bbb, 0x70d532b6, 0x6dc729a1, 0x66c920ac, 0x57e31f8f, 0x5ced1682, 0x41ff0d95, 0x4af10498, 0x23ab73d3, 0x28a57ade, 0x35b761c9, 0x3eb968c4, 0x0f9357e7, 0x049d5eea, 0x198f45fd, 0x12814cf0, 0xcb3bab6b, 0xc035a266, 0xdd27b971, 0xd629b07c, 0xe7038f5f, 0xec0d8652, 0xf11f9d45, 0xfa119448, 0x934be303, 0x9845ea0e, 0x8557f119, 0x8e59f814, 0xbf73c737, 0xb47dce3a, 0xa96fd52d, 0xa261dc20, 0xf6ad766d, 0xfda37f60, 0xe0b16477, 0xebbf6d7a, 0xda955259, 0xd19b5b54, 0xcc894043, 0xc787494e, 0xaedd3e05, 0xa5d33708, 0xb8c12c1f, 0xb3cf2512, 0x82e51a31, 0x89eb133c, 0x94f9082b, 0x9ff70126, 0x464de6bd, 0x4d43efb0, 0x5051f4a7, 0x5b5ffdaa, 0x6a75c289, 0x617bcb84, 0x7c69d093, 0x7767d99e, 0x1e3daed5, 0x1533a7d8, 0x0821bccf, 0x032fb5c2, 0x32058ae1, 0x390b83ec, 0x241998fb, 0x2f1791f6, 0x8d764dd6, 0x867844db, 0x9b6a5fcc, 0x906456c1, 0xa14e69e2, 0xaa4060ef, 0xb7527bf8, 0xbc5c72f5, 0xd50605be, 0xde080cb3, 0xc31a17a4, 0xc8141ea9, 0xf93e218a, 0xf2302887, 0xef223390, 0xe42c3a9d, 0x3d96dd06, 0x3698d40b, 0x2b8acf1c, 0x2084c611, 0x11aef932, 0x1aa0f03f, 0x07b2eb28, 0x0cbce225, 0x65e6956e, 0x6ee89c63, 0x73fa8774, 0x78f48e79, 0x49deb15a, 0x42d0b857, 0x5fc2a340, 0x54ccaa4d, 0xf741ecda, 0xfc4fe5d7, 0xe15dfec0, 0xea53f7cd, 0xdb79c8ee, 0xd077c1e3, 0xcd65daf4, 0xc66bd3f9, 0xaf31a4b2, 0xa43fadbf, 0xb92db6a8, 0xb223bfa5, 0x83098086, 0x8807898b, 0x9515929c, 0x9e1b9b91, 0x47a17c0a, 0x4caf7507, 0x51bd6e10, 0x5ab3671d, 0x6b99583e, 0x60975133, 0x7d854a24, 0x768b4329, 0x1fd13462, 0x14df3d6f, 0x09cd2678, 0x02c32f75, 0x33e91056, 0x38e7195b, 0x25f5024c, 0x2efb0b41, 0x8c9ad761, 0x8794de6c, 0x9a86c57b, 0x9188cc76, 0xa0a2f355, 0xabacfa58, 0xb6bee14f, 0xbdb0e842, 0xd4ea9f09, 0xdfe49604, 0xc2f68d13, 0xc9f8841e, 0xf8d2bb3d, 0xf3dcb230, 0xeecea927, 0xe5c0a02a, 0x3c7a47b1, 0x37744ebc, 0x2a6655ab, 0x21685ca6, 0x10426385, 0x1b4c6a88, 0x065e719f, 0x0d507892, 0x640a0fd9, 0x6f0406d4, 0x72161dc3, 0x791814ce, 0x48322bed, 0x433c22e0, 0x5e2e39f7, 0x552030fa, 0x01ec9ab7, 0x0ae293ba, 0x17f088ad, 0x1cfe81a0, 0x2dd4be83, 0x26dab78e, 0x3bc8ac99, 0x30c6a594, 0x599cd2df, 0x5292dbd2, 0x4f80c0c5, 0x448ec9c8, 0x75a4f6eb, 0x7eaaffe6, 0x63b8e4f1, 0x68b6edfc, 0xb10c0a67, 0xba02036a, 0xa710187d, 0xac1e1170, 0x9d342e53, 0x963a275e, 0x8b283c49, 0x80263544, 0xe97c420f, 0xe2724b02, 0xff605015, 0xf46e5918, 0xc544663b, 0xce4a6f36, 0xd3587421, 0xd8567d2c, 0x7a37a10c, 0x7139a801, 0x6c2bb316, 0x6725ba1b, 0x560f8538, 0x5d018c35, 0x40139722, 0x4b1d9e2f, 0x2247e964, 0x2949e069, 0x345bfb7e, 0x3f55f273, 0x0e7fcd50, 0x0571c45d, 0x1863df4a, 0x136dd647, 0xcad731dc, 0xc1d938d1, 0xdccb23c6, 0xd7c52acb, 0xe6ef15e8, 0xede11ce5, 0xf0f307f2, 0xfbfd0eff, 0x92a779b4, 0x99a970b9, 0x84bb6bae, 0x8fb562a3, 0xbe9f5d80, 0xb591548d, 0xa8834f9a, 0xa38d4697];
const U3 = [0x00000000, 0x0d0b0e09, 0x1a161c12, 0x171d121b, 0x342c3824, 0x3927362d, 0x2e3a2436, 0x23312a3f, 0x68587048, 0x65537e41, 0x724e6c5a, 0x7f456253, 0x5c74486c, 0x517f4665, 0x4662547e, 0x4b695a77, 0xd0b0e090, 0xddbbee99, 0xcaa6fc82, 0xc7adf28b, 0xe49cd8b4, 0xe997d6bd, 0xfe8ac4a6, 0xf381caaf, 0xb8e890d8, 0xb5e39ed1, 0xa2fe8cca, 0xaff582c3, 0x8cc4a8fc, 0x81cfa6f5, 0x96d2b4ee, 0x9bd9bae7, 0xbb7bdb3b, 0xb670d532, 0xa16dc729, 0xac66c920, 0x8f57e31f, 0x825ced16, 0x9541ff0d, 0x984af104, 0xd323ab73, 0xde28a57a, 0xc935b761, 0xc43eb968, 0xe70f9357, 0xea049d5e, 0xfd198f45, 0xf012814c, 0x6bcb3bab, 0x66c035a2, 0x71dd27b9, 0x7cd629b0, 0x5fe7038f, 0x52ec0d86, 0x45f11f9d, 0x48fa1194, 0x03934be3, 0x0e9845ea, 0x198557f1, 0x148e59f8, 0x37bf73c7, 0x3ab47dce, 0x2da96fd5, 0x20a261dc, 0x6df6ad76, 0x60fda37f, 0x77e0b164, 0x7aebbf6d, 0x59da9552, 0x54d19b5b, 0x43cc8940, 0x4ec78749, 0x05aedd3e, 0x08a5d337, 0x1fb8c12c, 0x12b3cf25, 0x3182e51a, 0x3c89eb13, 0x2b94f908, 0x269ff701, 0xbd464de6, 0xb04d43ef, 0xa75051f4, 0xaa5b5ffd, 0x896a75c2, 0x84617bcb, 0x937c69d0, 0x9e7767d9, 0xd51e3dae, 0xd81533a7, 0xcf0821bc, 0xc2032fb5, 0xe132058a, 0xec390b83, 0xfb241998, 0xf62f1791, 0xd68d764d, 0xdb867844, 0xcc9b6a5f, 0xc1906456, 0xe2a14e69, 0xefaa4060, 0xf8b7527b, 0xf5bc5c72, 0xbed50605, 0xb3de080c, 0xa4c31a17, 0xa9c8141e, 0x8af93e21, 0x87f23028, 0x90ef2233, 0x9de42c3a, 0x063d96dd, 0x0b3698d4, 0x1c2b8acf, 0x112084c6, 0x3211aef9, 0x3f1aa0f0, 0x2807b2eb, 0x250cbce2, 0x6e65e695, 0x636ee89c, 0x7473fa87, 0x7978f48e, 0x5a49deb1, 0x5742d0b8, 0x405fc2a3, 0x4d54ccaa, 0xdaf741ec, 0xd7fc4fe5, 0xc0e15dfe, 0xcdea53f7, 0xeedb79c8, 0xe3d077c1, 0xf4cd65da, 0xf9c66bd3, 0xb2af31a4, 0xbfa43fad, 0xa8b92db6, 0xa5b223bf, 0x86830980, 0x8b880789, 0x9c951592, 0x919e1b9b, 0x0a47a17c, 0x074caf75, 0x1051bd6e, 0x1d5ab367, 0x3e6b9958, 0x33609751, 0x247d854a, 0x29768b43, 0x621fd134, 0x6f14df3d, 0x7809cd26, 0x7502c32f, 0x5633e910, 0x5b38e719, 0x4c25f502, 0x412efb0b, 0x618c9ad7, 0x6c8794de, 0x7b9a86c5, 0x769188cc, 0x55a0a2f3, 0x58abacfa, 0x4fb6bee1, 0x42bdb0e8, 0x09d4ea9f, 0x04dfe496, 0x13c2f68d, 0x1ec9f884, 0x3df8d2bb, 0x30f3dcb2, 0x27eecea9, 0x2ae5c0a0, 0xb13c7a47, 0xbc37744e, 0xab2a6655, 0xa621685c, 0x85104263, 0x881b4c6a, 0x9f065e71, 0x920d5078, 0xd9640a0f, 0xd46f0406, 0xc372161d, 0xce791814, 0xed48322b, 0xe0433c22, 0xf75e2e39, 0xfa552030, 0xb701ec9a, 0xba0ae293, 0xad17f088, 0xa01cfe81, 0x832dd4be, 0x8e26dab7, 0x993bc8ac, 0x9430c6a5, 0xdf599cd2, 0xd25292db, 0xc54f80c0, 0xc8448ec9, 0xeb75a4f6, 0xe67eaaff, 0xf163b8e4, 0xfc68b6ed, 0x67b10c0a, 0x6aba0203, 0x7da71018, 0x70ac1e11, 0x539d342e, 0x5e963a27, 0x498b283c, 0x44802635, 0x0fe97c42, 0x02e2724b, 0x15ff6050, 0x18f46e59, 0x3bc54466, 0x36ce4a6f, 0x21d35874, 0x2cd8567d, 0x0c7a37a1, 0x017139a8, 0x166c2bb3, 0x1b6725ba, 0x38560f85, 0x355d018c, 0x22401397, 0x2f4b1d9e, 0x642247e9, 0x692949e0, 0x7e345bfb, 0x733f55f2, 0x500e7fcd, 0x5d0571c4, 0x4a1863df, 0x47136dd6, 0xdccad731, 0xd1c1d938, 0xc6dccb23, 0xcbd7c52a, 0xe8e6ef15, 0xe5ede11c, 0xf2f0f307, 0xfffbfd0e, 0xb492a779, 0xb999a970, 0xae84bb6b, 0xa38fb562, 0x80be9f5d, 0x8db59154, 0x9aa8834f, 0x97a38d46];
const U4 = [0x00000000, 0x090d0b0e, 0x121a161c, 0x1b171d12, 0x24342c38, 0x2d392736, 0x362e3a24, 0x3f23312a, 0x48685870, 0x4165537e, 0x5a724e6c, 0x537f4562, 0x6c5c7448, 0x65517f46, 0x7e466254, 0x774b695a, 0x90d0b0e0, 0x99ddbbee, 0x82caa6fc, 0x8bc7adf2, 0xb4e49cd8, 0xbde997d6, 0xa6fe8ac4, 0xaff381ca, 0xd8b8e890, 0xd1b5e39e, 0xcaa2fe8c, 0xc3aff582, 0xfc8cc4a8, 0xf581cfa6, 0xee96d2b4, 0xe79bd9ba, 0x3bbb7bdb, 0x32b670d5, 0x29a16dc7, 0x20ac66c9, 0x1f8f57e3, 0x16825ced, 0x0d9541ff, 0x04984af1, 0x73d323ab, 0x7ade28a5, 0x61c935b7, 0x68c43eb9, 0x57e70f93, 0x5eea049d, 0x45fd198f, 0x4cf01281, 0xab6bcb3b, 0xa266c035, 0xb971dd27, 0xb07cd629, 0x8f5fe703, 0x8652ec0d, 0x9d45f11f, 0x9448fa11, 0xe303934b, 0xea0e9845, 0xf1198557, 0xf8148e59, 0xc737bf73, 0xce3ab47d, 0xd52da96f, 0xdc20a261, 0x766df6ad, 0x7f60fda3, 0x6477e0b1, 0x6d7aebbf, 0x5259da95, 0x5b54d19b, 0x4043cc89, 0x494ec787, 0x3e05aedd, 0x3708a5d3, 0x2c1fb8c1, 0x2512b3cf, 0x1a3182e5, 0x133c89eb, 0x082b94f9, 0x01269ff7, 0xe6bd464d, 0xefb04d43, 0xf4a75051, 0xfdaa5b5f, 0xc2896a75, 0xcb84617b, 0xd0937c69, 0xd99e7767, 0xaed51e3d, 0xa7d81533, 0xbccf0821, 0xb5c2032f, 0x8ae13205, 0x83ec390b, 0x98fb2419, 0x91f62f17, 0x4dd68d76, 0x44db8678, 0x5fcc9b6a, 0x56c19064, 0x69e2a14e, 0x60efaa40, 0x7bf8b752, 0x72f5bc5c, 0x05bed506, 0x0cb3de08, 0x17a4c31a, 0x1ea9c814, 0x218af93e, 0x2887f230, 0x3390ef22, 0x3a9de42c, 0xdd063d96, 0xd40b3698, 0xcf1c2b8a, 0xc6112084, 0xf93211ae, 0xf03f1aa0, 0xeb2807b2, 0xe2250cbc, 0x956e65e6, 0x9c636ee8, 0x877473fa, 0x8e7978f4, 0xb15a49de, 0xb85742d0, 0xa3405fc2, 0xaa4d54cc, 0xecdaf741, 0xe5d7fc4f, 0xfec0e15d, 0xf7cdea53, 0xc8eedb79, 0xc1e3d077, 0xdaf4cd65, 0xd3f9c66b, 0xa4b2af31, 0xadbfa43f, 0xb6a8b92d, 0xbfa5b223, 0x80868309, 0x898b8807, 0x929c9515, 0x9b919e1b, 0x7c0a47a1, 0x75074caf, 0x6e1051bd, 0x671d5ab3, 0x583e6b99, 0x51336097, 0x4a247d85, 0x4329768b, 0x34621fd1, 0x3d6f14df, 0x267809cd, 0x2f7502c3, 0x105633e9, 0x195b38e7, 0x024c25f5, 0x0b412efb, 0xd7618c9a, 0xde6c8794, 0xc57b9a86, 0xcc769188, 0xf355a0a2, 0xfa58abac, 0xe14fb6be, 0xe842bdb0, 0x9f09d4ea, 0x9604dfe4, 0x8d13c2f6, 0x841ec9f8, 0xbb3df8d2, 0xb230f3dc, 0xa927eece, 0xa02ae5c0, 0x47b13c7a, 0x4ebc3774, 0x55ab2a66, 0x5ca62168, 0x63851042, 0x6a881b4c, 0x719f065e, 0x78920d50, 0x0fd9640a, 0x06d46f04, 0x1dc37216, 0x14ce7918, 0x2bed4832, 0x22e0433c, 0x39f75e2e, 0x30fa5520, 0x9ab701ec, 0x93ba0ae2, 0x88ad17f0, 0x81a01cfe, 0xbe832dd4, 0xb78e26da, 0xac993bc8, 0xa59430c6, 0xd2df599c, 0xdbd25292, 0xc0c54f80, 0xc9c8448e, 0xf6eb75a4, 0xffe67eaa, 0xe4f163b8, 0xedfc68b6, 0x0a67b10c, 0x036aba02, 0x187da710, 0x1170ac1e, 0x2e539d34, 0x275e963a, 0x3c498b28, 0x35448026, 0x420fe97c, 0x4b02e272, 0x5015ff60, 0x5918f46e, 0x663bc544, 0x6f36ce4a, 0x7421d358, 0x7d2cd856, 0xa10c7a37, 0xa8017139, 0xb3166c2b, 0xba1b6725, 0x8538560f, 0x8c355d01, 0x97224013, 0x9e2f4b1d, 0xe9642247, 0xe0692949, 0xfb7e345b, 0xf2733f55, 0xcd500e7f, 0xc45d0571, 0xdf4a1863, 0xd647136d, 0x31dccad7, 0x38d1c1d9, 0x23c6dccb, 0x2acbd7c5, 0x15e8e6ef, 0x1ce5ede1, 0x07f2f0f3, 0x0efffbfd, 0x79b492a7, 0x70b999a9, 0x6bae84bb, 0x62a38fb5, 0x5d80be9f, 0x548db591, 0x4f9aa883, 0x4697a38d];
function convertToInt32(bytes) {
const result = [];
for (let i = 0; i < bytes.length; i += 4) {
result.push((bytes[i] << 24) | (bytes[i + 1] << 16) | (bytes[i + 2] << 8) | bytes[i + 3]);
return result;
class AES {
constructor(key) {
_AES_key.set(this, void 0);
_AES_Kd.set(this, void 0);
_AES_Ke.set(this, void 0);
if (!(this instanceof AES)) {
throw Error('AES must be instanitated with `new`');
__classPrivateFieldSet$4(this, _AES_key, new Uint8Array(key), "f");
const rounds = numberOfRounds[this.key.length];
if (rounds == null) {
throw new TypeError('invalid key size (must be 16, 24 or 32 bytes)');
// encryption round keys
__classPrivateFieldSet$4(this, _AES_Ke, [], "f");
// decryption round keys
__classPrivateFieldSet$4(this, _AES_Kd, [], "f");
for (let i = 0; i <= rounds; i++) {
__classPrivateFieldGet$4(this, _AES_Ke, "f").push([0, 0, 0, 0]);
__classPrivateFieldGet$4(this, _AES_Kd, "f").push([0, 0, 0, 0]);
const roundKeyCount = (rounds + 1) * 4;
const KC = this.key.length / 4;
// convert the key into ints
const tk = convertToInt32(this.key);
// copy values into round key arrays
let index;
for (let i = 0; i < KC; i++) {
index = i >> 2;
__classPrivateFieldGet$4(this, _AES_Ke, "f")[index][i % 4] = tk[i];
__classPrivateFieldGet$4(this, _AES_Kd, "f")[rounds - index][i % 4] = tk[i];
// key expansion (fips-197 section 5.2)
let rconpointer = 0;
let t = KC, tt;
while (t < roundKeyCount) {
tt = tk[KC - 1];
tk[0] ^= ((S[(tt >> 16) & 0xFF] << 24) ^
(S[(tt >> 8) & 0xFF] << 16) ^
(S[tt & 0xFF] << 8) ^
S[(tt >> 24) & 0xFF] ^
(rcon[rconpointer] << 24));
rconpointer += 1;
// key expansion (for non-256 bit)
if (KC != 8) {
for (let i = 1; i < KC; i++) {
tk[i] ^= tk[i - 1];
// key expansion for 256-bit keys is "slightly different" (fips-197)
else {
for (let i = 1; i < (KC / 2); i++) {
tk[i] ^= tk[i - 1];
tt = tk[(KC / 2) - 1];
tk[KC / 2] ^= (S[tt & 0xFF] ^
(S[(tt >> 8) & 0xFF] << 8) ^
(S[(tt >> 16) & 0xFF] << 16) ^
(S[(tt >> 24) & 0xFF] << 24));
for (let i = (KC / 2) + 1; i < KC; i++) {
tk[i] ^= tk[i - 1];
// copy values into round key arrays
let i = 0, r, c;
while (i < KC && t < roundKeyCount) {
r = t >> 2;
c = t % 4;
__classPrivateFieldGet$4(this, _AES_Ke, "f")[r][c] = tk[i];
__classPrivateFieldGet$4(this, _AES_Kd, "f")[rounds - r][c] = tk[i++];
// inverse-cipher-ify the decryption round key (fips-197 section 5.3)
for (let r = 1; r < rounds; r++) {
for (let c = 0; c < 4; c++) {
tt = __classPrivateFieldGet$4(this, _AES_Kd, "f")[r][c];
__classPrivateFieldGet$4(this, _AES_Kd, "f")[r][c] = (U1[(tt >> 24) & 0xFF] ^
U2[(tt >> 16) & 0xFF] ^
U3[(tt >> 8) & 0xFF] ^
U4[tt & 0xFF]);
get key() { return __classPrivateFieldGet$4(this, _AES_key, "f").slice(); }
encrypt(plaintext) {
if (plaintext.length != 16) {
throw new TypeError('invalid plaintext size (must be 16 bytes)');
const rounds = __classPrivateFieldGet$4(this, _AES_Ke, "f").length - 1;
const a = [0, 0, 0, 0];
// convert plaintext to (ints ^ key)
let t = convertToInt32(plaintext);
for (let i = 0; i < 4; i++) {
t[i] ^= __classPrivateFieldGet$4(this, _AES_Ke, "f")[0][i];
// apply round transforms
for (let r = 1; r < rounds; r++) {
for (let i = 0; i < 4; i++) {
a[i] = (T1[(t[i] >> 24) & 0xff] ^
T2[(t[(i + 1) % 4] >> 16) & 0xff] ^
T3[(t[(i + 2) % 4] >> 8) & 0xff] ^
T4[t[(i + 3) % 4] & 0xff] ^
__classPrivateFieldGet$4(this, _AES_Ke, "f")[r][i]);
t = a.slice();
// the last round is special
const result = new Uint8Array(16);
let tt = 0;
for (let i = 0; i < 4; i++) {
tt = __classPrivateFieldGet$4(this, _AES_Ke, "f")[rounds][i];
result[4 * i] = (S[(t[i] >> 24) & 0xff] ^ (tt >> 24)) & 0xff;
result[4 * i + 1] = (S[(t[(i + 1) % 4] >> 16) & 0xff] ^ (tt >> 16)) & 0xff;
result[4 * i + 2] = (S[(t[(i + 2) % 4] >> 8) & 0xff] ^ (tt >> 8)) & 0xff;
result[4 * i + 3] = (S[t[(i + 3) % 4] & 0xff] ^ tt) & 0xff;
return result;
decrypt(ciphertext) {
if (ciphertext.length != 16) {
throw new TypeError('invalid ciphertext size (must be 16 bytes)');
const rounds = __classPrivateFieldGet$4(this, _AES_Kd, "f").length - 1;
const a = [0, 0, 0, 0];
// convert plaintext to (ints ^ key)
let t = convertToInt32(ciphertext);
for (let i = 0; i < 4; i++) {
t[i] ^= __classPrivateFieldGet$4(this, _AES_Kd, "f")[0][i];
// apply round transforms
for (let r = 1; r < rounds; r++) {
for (let i = 0; i < 4; i++) {
a[i] = (T5[(t[i] >> 24) & 0xff] ^
T6[(t[(i + 3) % 4] >> 16) & 0xff] ^
T7[(t[(i + 2) % 4] >> 8) & 0xff] ^
T8[t[(i + 1) % 4] & 0xff] ^
__classPrivateFieldGet$4(this, _AES_Kd, "f")[r][i]);
t = a.slice();
// the last round is special
const result = new Uint8Array(16);
let tt = 0;
for (let i = 0; i < 4; i++) {
tt = __classPrivateFieldGet$4(this, _AES_Kd, "f")[rounds][i];
result[4 * i] = (Si[(t[i] >> 24) & 0xff] ^ (tt >> 24)) & 0xff;
result[4 * i + 1] = (Si[(t[(i + 3) % 4] >> 16) & 0xff] ^ (tt >> 16)) & 0xff;
result[4 * i + 2] = (Si[(t[(i + 2) % 4] >> 8) & 0xff] ^ (tt >> 8)) & 0xff;
result[4 * i + 3] = (Si[t[(i + 1) % 4] & 0xff] ^ tt) & 0xff;
return result;
_AES_key = new WeakMap(), _AES_Kd = new WeakMap(), _AES_Ke = new WeakMap();
class ModeOfOperation {
constructor(name, key, cls) {
if (cls && !(this instanceof cls)) {
throw new Error(`${name} must be instantiated with "new"`);
Object.defineProperties(this, {
aes: { enumerable: true, value: new AES(key) },
name: { enumerable: true, value: name }
// Cipher Block Chaining
var __classPrivateFieldSet$3 = (window && window.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
if (kind === "m") throw new TypeError("Private method is not writable");
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
return (kind === "a" ?, value) : f ? f.value = value : state.set(receiver, value)), value;
var __classPrivateFieldGet$3 = (window && window.__classPrivateFieldGet) || function (receiver, state, kind, f) {
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
return kind === "m" ? f : kind === "a" ? : f ? f.value : state.get(receiver);
var _CBC_iv, _CBC_lastBlock;
class CBC extends ModeOfOperation {
constructor(key, iv) {
super("ECC", key, CBC);
_CBC_iv.set(this, void 0);
_CBC_lastBlock.set(this, void 0);
if (iv) {
if (iv.length % 16) {
throw new TypeError("invalid iv size (must be 16 bytes)");
__classPrivateFieldSet$3(this, _CBC_iv, new Uint8Array(iv), "f");
else {
__classPrivateFieldSet$3(this, _CBC_iv, new Uint8Array(16), "f");
__classPrivateFieldSet$3(this, _CBC_lastBlock, this.iv, "f");
get iv() { return new Uint8Array(__classPrivateFieldGet$3(this, _CBC_iv, "f")); }
encrypt(plaintext) {
if (plaintext.length % 16) {
throw new TypeError("invalid plaintext size (must be multiple of 16 bytes)");
const ciphertext = new Uint8Array(plaintext.length);
for (let i = 0; i < plaintext.length; i += 16) {
for (let j = 0; j < 16; j++) {
__classPrivateFieldGet$3(this, _CBC_lastBlock, "f")[j] ^= plaintext[i + j];
__classPrivateFieldSet$3(this, _CBC_lastBlock, this.aes.encrypt(__classPrivateFieldGet$3(this, _CBC_lastBlock, "f")), "f");
ciphertext.set(__classPrivateFieldGet$3(this, _CBC_lastBlock, "f"), i);
return ciphertext;
decrypt(ciphertext) {
if (ciphertext.length % 16) {
throw new TypeError("invalid ciphertext size (must be multiple of 16 bytes)");
const plaintext = new Uint8Array(ciphertext.length);
for (let i = 0; i < ciphertext.length; i += 16) {
const block = this.aes.decrypt(ciphertext.subarray(i, i + 16));
for (let j = 0; j < 16; j++) {
plaintext[i + j] = block[j] ^ __classPrivateFieldGet$3(this, _CBC_lastBlock, "f")[j];
__classPrivateFieldGet$3(this, _CBC_lastBlock, "f")[j] = ciphertext[i + j];
return plaintext;
_CBC_iv = new WeakMap(), _CBC_lastBlock = new WeakMap();
// Cipher Feedback
var __classPrivateFieldSet$2 = (window && window.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
if (kind === "m") throw new TypeError("Private method is not writable");
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
return (kind === "a" ?, value) : f ? f.value = value : state.set(receiver, value)), value;
var __classPrivateFieldGet$2 = (window && window.__classPrivateFieldGet) || function (receiver, state, kind, f) {
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
return kind === "m" ? f : kind === "a" ? : f ? f.value : state.get(receiver);
var _CFB_instances, _CFB_iv, _CFB_shiftRegister, _CFB_shift;
class CFB extends ModeOfOperation {
constructor(key, iv, segmentSize = 8) {
super("CFB", key, CFB);
_CFB_iv.set(this, void 0);
_CFB_shiftRegister.set(this, void 0);
// This library currently only handles byte-aligned segmentSize
if (!Number.isInteger(segmentSize) || (segmentSize % 8)) {
throw new TypeError("invalid segmentSize");
Object.defineProperties(this, {
segmentSize: { enumerable: true, value: segmentSize }
if (iv) {
if (iv.length % 16) {
throw new TypeError("invalid iv size (must be 16 bytes)");
__classPrivateFieldSet$2(this, _CFB_iv, new Uint8Array(iv), "f");
else {
__classPrivateFieldSet$2(this, _CFB_iv, new Uint8Array(16), "f");
__classPrivateFieldSet$2(this, _CFB_shiftRegister, this.iv, "f");
get iv() { return new Uint8Array(__classPrivateFieldGet$2(this, _CFB_iv, "f")); }
encrypt(plaintext) {
if (8 * plaintext.length % this.segmentSize) {
throw new TypeError("invalid plaintext size (must be multiple of segmentSize bytes)");
const segmentSize = this.segmentSize / 8;
const ciphertext = new Uint8Array(plaintext);
for (let i = 0; i < ciphertext.length; i += segmentSize) {
const xorSegment = this.aes.encrypt(__classPrivateFieldGet$2(this, _CFB_shiftRegister, "f"));
for (let j = 0; j < segmentSize; j++) {
ciphertext[i + j] ^= xorSegment[j];
__classPrivateFieldGet$2(this, _CFB_instances, "m", _CFB_shift).call(this, ciphertext.subarray(i));
return ciphertext;
decrypt(ciphertext) {
if (8 * ciphertext.length % this.segmentSize) {
throw new TypeError("invalid ciphertext size (must be multiple of segmentSize bytes)");
const segmentSize = this.segmentSize / 8;
const plaintext = new Uint8Array(ciphertext);
for (let i = 0; i < plaintext.length; i += segmentSize) {
const xorSegment = this.aes.encrypt(__classPrivateFieldGet$2(this, _CFB_shiftRegister, "f"));
for (let j = 0; j < segmentSize; j++) {
plaintext[i + j] ^= xorSegment[j];
__classPrivateFieldGet$2(this, _CFB_instances, "m", _CFB_shift).call(this, ciphertext.subarray(i));
return plaintext;
_CFB_iv = new WeakMap(), _CFB_shiftRegister = new WeakMap(), _CFB_instances = new WeakSet(), _CFB_shift = function _CFB_shift(data) {
const segmentSize = this.segmentSize / 8;
// Shift the register
__classPrivateFieldGet$2(this, _CFB_shiftRegister, "f").set(__classPrivateFieldGet$2(this, _CFB_shiftRegister, "f").subarray(segmentSize));
__classPrivateFieldGet$2(this, _CFB_shiftRegister, "f").set(data.subarray(0, segmentSize), 16 - segmentSize);
// Counter Mode
var __classPrivateFieldSet$1 = (window && window.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
if (kind === "m") throw new TypeError("Private method is not writable");
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
return (kind === "a" ?, value) : f ? f.value = value : state.set(receiver, value)), value;
var __classPrivateFieldGet$1 = (window && window.__classPrivateFieldGet) || function (receiver, state, kind, f) {
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
return kind === "m" ? f : kind === "a" ? : f ? f.value : state.get(receiver);
var _CTR_remaining, _CTR_remainingIndex, _CTR_counter;
class CTR extends ModeOfOperation {
constructor(key, initialValue) {
super("CTR", key, CTR);
// Remaining bytes for the one-time pad
_CTR_remaining.set(this, void 0);
_CTR_remainingIndex.set(this, void 0);
// The current counter
_CTR_counter.set(this, void 0);
__classPrivateFieldSet$1(this, _CTR_counter, new Uint8Array(16), "f");
__classPrivateFieldGet$1(this, _CTR_counter, "f").fill(0);
__classPrivateFieldSet$1(this, _CTR_remaining, __classPrivateFieldGet$1(this, _CTR_counter, "f"), "f"); // This will be discarded immediately
__classPrivateFieldSet$1(this, _CTR_remainingIndex, 16, "f");
if (initialValue == null) {
initialValue = 1;
if (typeof (initialValue) === "number") {
else {
get counter() { return new Uint8Array(__classPrivateFieldGet$1(this, _CTR_counter, "f")); }
setCounterValue(value) {
if (!Number.isInteger(value) || value < 0 || value > Number.MAX_SAFE_INTEGER) {
throw new TypeError("invalid counter initial integer value");
for (let index = 15; index >= 0; --index) {
__classPrivateFieldGet$1(this, _CTR_counter, "f")[index] = value % 256;
value = Math.floor(value / 256);
setCounterBytes(value) {
if (value.length !== 16) {
throw new TypeError("invalid counter initial Uint8Array value length");
__classPrivateFieldGet$1(this, _CTR_counter, "f").set(value);
increment() {
for (let i = 15; i >= 0; i--) {
if (__classPrivateFieldGet$1(this, _CTR_counter, "f")[i] === 255) {
__classPrivateFieldGet$1(this, _CTR_counter, "f")[i] = 0;
else {
__classPrivateFieldGet$1(this, _CTR_counter, "f")[i]++;
encrypt(plaintext) {
var _a, _b;
const crypttext = new Uint8Array(plaintext);
for (let i = 0; i < crypttext.length; i++) {
if (__classPrivateFieldGet$1(this, _CTR_remainingIndex, "f") === 16) {
__classPrivateFieldSet$1(this, _CTR_remaining, this.aes.encrypt(__classPrivateFieldGet$1(this, _CTR_counter, "f")), "f");
__classPrivateFieldSet$1(this, _CTR_remainingIndex, 0, "f");
crypttext[i] ^= __classPrivateFieldGet$1(this, _CTR_remaining, "f")[__classPrivateFieldSet$1(this, _CTR_remainingIndex, (_b = __classPrivateFieldGet$1(this, _CTR_remainingIndex, "f"), _a = _b++, _b), "f"), _a];
return crypttext;
decrypt(ciphertext) {
return this.encrypt(ciphertext);
_CTR_remaining = new WeakMap(), _CTR_remainingIndex = new WeakMap(), _CTR_counter = new WeakMap();
// Electronic Code Book
class ECB extends ModeOfOperation {
constructor(key) {
super("ECB", key, ECB);
encrypt(plaintext) {
if (plaintext.length % 16) {
throw new TypeError("invalid plaintext size (must be multiple of 16 bytes)");
const crypttext = new Uint8Array(plaintext.length);
for (let i = 0; i < plaintext.length; i += 16) {
crypttext.set(this.aes.encrypt(plaintext.subarray(i, i + 16)), i);
return crypttext;
decrypt(crypttext) {
if (crypttext.length % 16) {
throw new TypeError("invalid ciphertext size (must be multiple of 16 bytes)");
const plaintext = new Uint8Array(crypttext.length);
for (let i = 0; i < crypttext.length; i += 16) {
plaintext.set(this.aes.decrypt(crypttext.subarray(i, i + 16)), i);
return plaintext;
// Output Feedback
var __classPrivateFieldSet = (window && window.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
if (kind === "m") throw new TypeError("Private method is not writable");
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
return (kind === "a" ?, value) : f ? f.value = value : state.set(receiver, value)), value;
var __classPrivateFieldGet = (window && window.__classPrivateFieldGet) || function (receiver, state, kind, f) {
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
return kind === "m" ? f : kind === "a" ? : f ? f.value : state.get(receiver);
var _OFB_iv, _OFB_lastPrecipher, _OFB_lastPrecipherIndex;
class OFB extends ModeOfOperation {
constructor(key, iv) {
super("OFB", key, OFB);
_OFB_iv.set(this, void 0);
_OFB_lastPrecipher.set(this, void 0);
_OFB_lastPrecipherIndex.set(this, void 0);
if (iv) {
if (iv.length % 16) {
throw new TypeError("invalid iv size (must be 16 bytes)");
__classPrivateFieldSet(this, _OFB_iv, new Uint8Array(iv), "f");
else {
__classPrivateFieldSet(this, _OFB_iv, new Uint8Array(16), "f");
__classPrivateFieldSet(this, _OFB_lastPrecipher, this.iv, "f");
__classPrivateFieldSet(this, _OFB_lastPrecipherIndex, 16, "f");
get iv() { return new Uint8Array(__classPrivateFieldGet(this, _OFB_iv, "f")); }
encrypt(plaintext) {
var _a, _b;
if (plaintext.length % 16) {
throw new TypeError("invalid plaintext size (must be multiple of 16 bytes)");
const ciphertext = new Uint8Array(plaintext);
for (let i = 0; i < ciphertext.length; i++) {
if (__classPrivateFieldGet(this, _OFB_lastPrecipherIndex, "f") === 16) {
__classPrivateFieldSet(this, _OFB_lastPrecipher, this.aes.encrypt(__classPrivateFieldGet(this, _OFB_lastPrecipher, "f")), "f");
__classPrivateFieldSet(this, _OFB_lastPrecipherIndex, 0, "f");
ciphertext[i] ^= __classPrivateFieldGet(this, _OFB_lastPrecipher, "f")[__classPrivateFieldSet(this, _OFB_lastPrecipherIndex, (_b = __classPrivateFieldGet(this, _OFB_lastPrecipherIndex, "f"), _a = _b++, _b), "f"), _a];
return ciphertext;
decrypt(ciphertext) {
if (ciphertext.length % 16) {
throw new TypeError("invalid ciphertext size (must be multiple of 16 bytes)");
return this.encrypt(ciphertext);
_OFB_iv = new WeakMap(), _OFB_lastPrecipher = new WeakMap(), _OFB_lastPrecipherIndex = new WeakMap();
function pkcs7Pad(data) {
const padder = 16 - (data.length % 16);
const result = new Uint8Array(data.length + padder);
for (let i = data.length; i < result.length; i++) {
result[i] = padder;
return result;
function pkcs7Strip(data) {
if (data.length < 16) {
throw new TypeError('PKCS#7 invalid length');
const padder = data[data.length - 1];
if (padder > 16) {
throw new TypeError('PKCS#7 padding byte out of range');
const length = data.length - padder;
for (let i = 0; i < padder; i++) {
if (data[length + i] !== padder) {
throw new TypeError('PKCS#7 invalid padding byte');
return new Uint8Array(data.subarray(0, length));
* @_ignore
function looseArrayify(hexString) {
if (typeof (hexString) === "string" && !hexString.startsWith("0x")) {
hexString = "0x" + hexString;
return getBytesCopy(hexString);
function zpad$1(value, length) {
value = String(value);
while (value.length < length) {
value = '0' + value;
return value;
function getPassword(password) {
if (typeof (password) === 'string') {
return toUtf8Bytes(password, "NFKC");
return getBytesCopy(password);
function spelunk(object, _path) {
const match = _path.match(/^([a-z0-9$_.-]*)(:([a-z]+))?(!)?$/i);
assertArgument(match != null, "invalid path", "path", _path);
const path = match[1];
const type = match[3];
const reqd = (match[4] === "!");
let cur = object;
for (const comp of path.toLowerCase().split('.')) {
// Search for a child object with a case-insensitive matching key
if (Array.isArray(cur)) {
if (!comp.match(/^[0-9]+$/)) {
cur = cur[parseInt(comp)];
else if (typeof (cur) === "object") {
let found = null;
for (const key in cur) {
if (key.toLowerCase() === comp) {
found = cur[key];
cur = found;
else {
cur = null;
if (cur == null) {
assertArgument(!reqd || cur != null, "missing required value", "path", path);
if (type && cur != null) {
if (type === "int") {
if (typeof (cur) === "string" && cur.match(/^-?[0-9]+$/)) {
return parseInt(cur);
else if (Number.isSafeInteger(cur)) {
return cur;
if (type === "number") {
if (typeof (cur) === "string" && cur.match(/^-?[0-9.]*$/)) {
return parseFloat(cur);
if (type === "data") {
if (typeof (cur) === "string") {
return looseArrayify(cur);
if (type === "array" && Array.isArray(cur)) {
return cur;
if (type === typeof (cur)) {
return cur;
assertArgument(false, `wrong type found for ${type} `, "path", path);
return cur;
export function follow(object: any, path: string): null | string {
let currentChild = object;
for (const comp of path.toLowerCase().split('/')) {
// Search for a child object with a case-insensitive matching key
let matchingChild = null;
for (const key in currentChild) {
if (key.toLowerCase() === comp) {
matchingChild = currentChild[key];
if (matchingChild === null) { return null; }
currentChild = matchingChild;
return currentChild;
// "path/to/something:type!"
export function followRequired(data: any, path: string): string {
const value = follow(data, path);
if (value != null) { return value; }
return logger.throwArgumentError("invalid value", `data:${ path }`,
// See: (Section 4.4)
export function uuidV4(randomBytes: BytesLike): string {
const bytes = getBytes(randomBytes, "randomBytes");
// Section: 4.1.3:
// - time_hi_and_version[12:16] = 0b0100
bytes[6] = (bytes[6] & 0x0f) | 0x40;
// Section 4.4
// - clock_seq_hi_and_reserved[6] = 0b0
// - clock_seq_hi_and_reserved[7] = 0b1
bytes[8] = (bytes[8] & 0x3f) | 0x80;
const value = hexlify(bytes);
return [
value.substring(2, 10),
value.substring(10, 14),
value.substring(14, 18),
value.substring(18, 22),
value.substring(22, 34),
* The JSON Wallet formats allow a simple way to store the private
* keys needed in Ethereum along with related information and allows
* for extensible forms of encryption.
* These utilities facilitate decrypting and encrypting the most common
* JSON Wallet formats.
* @_subsection: api/wallet:JSON Wallets [json-wallets]
const defaultPath$1 = "m/44'/60'/0'/0/0";
* Returns true if %%json%% is a valid JSON Keystore Wallet.
function isKeystoreJson(json) {
try {
const data = JSON.parse(json);
const version = ((data.version != null) ? parseInt(data.version) : 0);
if (version === 3) {
return true;
catch (error) { }
return false;
function decrypt(data, key, ciphertext) {
const cipher = spelunk(data, "crypto.cipher:string");
if (cipher === "aes-128-ctr") {
const iv = spelunk(data, "crypto.cipherparams.iv:data!");
const aesCtr = new CTR(key, iv);
return hexlify(aesCtr.decrypt(ciphertext));
assert$1(false, "unsupported cipher", "UNSUPPORTED_OPERATION", {
operation: "decrypt"
function getAccount(data, _key) {
const key = getBytes(_key);
const ciphertext = spelunk(data, "crypto.ciphertext:data!");
const computedMAC = hexlify(keccak256(concat([key.slice(16, 32), ciphertext]))).substring(2);
assertArgument(computedMAC === spelunk(data, "crypto.mac:string!").toLowerCase(), "incorrect password", "password", "[ REDACTED ]");
const privateKey = decrypt(data, key.slice(0, 16), ciphertext);
const address = computeAddress(privateKey);
if (data.address) {
let check = data.address.toLowerCase();
if (!check.startsWith("0x")) {
check = "0x" + check;
assertArgument(getAddress(check) === address, "keystore address/privateKey mismatch", "address", data.address);
const account = { address, privateKey };
// Version 0.1 x-ethers metadata must contain an encrypted mnemonic phrase
const version = spelunk(data, "x-ethers.version:string");
if (version === "0.1") {
const mnemonicKey = key.slice(32, 64);
const mnemonicCiphertext = spelunk(data, "x-ethers.mnemonicCiphertext:data!");
const mnemonicIv = spelunk(data, "x-ethers.mnemonicCounter:data!");
const mnemonicAesCtr = new CTR(mnemonicKey, mnemonicIv);
account.mnemonic = {
path: (spelunk(data, "x-ethers.path:string") || defaultPath$1),
locale: (spelunk(data, "x-ethers.locale:string") || "en"),
entropy: hexlify(getBytes(mnemonicAesCtr.decrypt(mnemonicCiphertext)))
return account;
function getDecryptKdfParams(data) {
const kdf = spelunk(data, "crypto.kdf:string");
if (kdf && typeof (kdf) === "string") {
if (kdf.toLowerCase() === "scrypt") {
const salt = spelunk(data, "crypto.kdfparams.salt:data!");
const N = spelunk(data, "crypto.kdfparams.n:int!");
const r = spelunk(data, "crypto.kdfparams.r:int!");
const p = spelunk(data, "crypto.kdfparams.p:int!");
// Make sure N is a power of 2
assertArgument(N > 0 && (N & (N - 1)) === 0, "invalid kdf.N", "kdf.N", N);
assertArgument(r > 0 && p > 0, "invalid kdf", "kdf", kdf);
const dkLen = spelunk(data, "crypto.kdfparams.dklen:int!");
assertArgument(dkLen === 32, "invalid kdf.dklen", "kdf.dflen", dkLen);
return { name: "scrypt", salt, N, r, p, dkLen: 64 };
else if (kdf.toLowerCase() === "pbkdf2") {
const salt = spelunk(data, "crypto.kdfparams.salt:data!");
const prf = spelunk(data, "crypto.kdfparams.prf:string!");
const algorithm = prf.split("-").pop();
assertArgument(algorithm === "sha256" || algorithm === "sha512", "invalid kdf.pdf", "kdf.pdf", prf);
const count = spelunk(data, "crypto.kdfparams.c:int!");
const dkLen = spelunk(data, "crypto.kdfparams.dklen:int!");
assertArgument(dkLen === 32, "invalid kdf.dklen", "kdf.dklen", dkLen);
return { name: "pbkdf2", salt, count, dkLen, algorithm };
assertArgument(false, "unsupported key-derivation function", "kdf", kdf);
* Returns the account details for the JSON Keystore Wallet %%json%%
* using %%password%%.
* It is preferred to use the [async version](decryptKeystoreJson)
* instead, which allows a [[ProgressCallback]] to keep the user informed
* as to the decryption status.
* This method will block the event loop (freezing all UI) until decryption
* is complete, which can take quite some time, depending on the wallet
* paramters and platform.
function decryptKeystoreJsonSync(json, _password) {
const data = JSON.parse(json);
const password = getPassword(_password);
const params = getDecryptKdfParams(data);
if ( === "pbkdf2") {
const { salt, count, dkLen, algorithm } = params;
const key = pbkdf2(password, salt, count, dkLen, algorithm);
return getAccount(data, key);
assert$1( === "scrypt", "cannot be reached", "UNKNOWN_ERROR", { params });
const { salt, N, r, p, dkLen } = params;
const key = scryptSync(password, salt, N, r, p, dkLen);
return getAccount(data, key);
function stall$1(duration) {
return new Promise((resolve) => { setTimeout(() => { resolve(); }, duration); });
* Resolves to the decrypted JSON Keystore Wallet %%json%% using the
* %%password%%.
* If provided, %%progress%% will be called periodically during the
* decrpytion to provide feedback, and if the function returns
* ``false`` will halt decryption.
* The %%progressCallback%% will **always** receive ``0`` before
* decryption begins and ``1`` when complete.
async function decryptKeystoreJson(json, _password, progress) {
const data = JSON.parse(json);
const password = getPassword(_password);
const params = getDecryptKdfParams(data);
if ( === "pbkdf2") {
if (progress) {
await stall$1(0);
const { salt, count, dkLen, algorithm } = params;
const key = pbkdf2(password, salt, count, dkLen, algorithm);
if (progress) {
await stall$1(0);
return getAccount(data, key);
assert$1( === "scrypt", "cannot be reached", "UNKNOWN_ERROR", { params });
const { salt, N, r, p, dkLen } = params;
const key = await scrypt(password, salt, N, r, p, dkLen, progress);
return getAccount(data, key);
function getEncryptKdfParams(options) {
// Check/generate the salt
const salt = (options.salt != null) ? getBytes(options.salt, "options.salt") : randomBytes(32);
// Override the scrypt password-based key derivation function parameters
let N = (1 << 17), r = 8, p = 1;
if (options.scrypt) {
if (options.scrypt.N) {
N = options.scrypt.N;
if (options.scrypt.r) {
r = options.scrypt.r;
if (options.scrypt.p) {
p = options.scrypt.p;
assertArgument(typeof (N) === "number" && N > 0 && Number.isSafeInteger(N) && (BigInt(N) & BigInt(N - 1)) === BigInt(0), "invalid scrypt N parameter", "options.N", N);
assertArgument(typeof (r) === "number" && r > 0 && Number.isSafeInteger(r), "invalid scrypt r parameter", "options.r", r);
assertArgument(typeof (p) === "number" && p > 0 && Number.isSafeInteger(p), "invalid scrypt p parameter", "options.p", p);
return { name: "scrypt", dkLen: 32, salt, N, r, p };
function _encryptKeystore(key, kdf, account, options) {
const privateKey = getBytes(account.privateKey, "privateKey");
// Override initialization vector
const iv = (options.iv != null) ? getBytes(options.iv, "options.iv") : randomBytes(16);
assertArgument(iv.length === 16, "invalid options.iv length", "options.iv", options.iv);
// Override the uuid
const uuidRandom = (options.uuid != null) ? getBytes(options.uuid, "options.uuid") : randomBytes(16);
assertArgument(uuidRandom.length === 16, "invalid options.uuid length", "options.uuid", options.iv);
// This will be used to encrypt the wallet (as per Web3 secret storage)
// - 32 bytes As normal for the Web3 secret storage (derivedKey, macPrefix)
// - 32 bytes AES key to encrypt mnemonic with (required here to be Ethers Wallet)
const derivedKey = key.slice(0, 16);
const macPrefix = key.slice(16, 32);
// Encrypt the private key
const aesCtr = new CTR(derivedKey, iv);
const ciphertext = getBytes(aesCtr.encrypt(privateKey));
// Compute the message authentication code, used to check the password
const mac = keccak256(concat([macPrefix, ciphertext]));
// See:
const data = {
address: account.address.substring(2).toLowerCase(),
id: uuidV4(uuidRandom),
version: 3,
Crypto: {
cipher: "aes-128-ctr",
cipherparams: {
iv: hexlify(iv).substring(2),
ciphertext: hexlify(ciphertext).substring(2),
kdf: "scrypt",
kdfparams: {
salt: hexlify(kdf.salt).substring(2),
n: kdf.N,
dklen: 32,
p: kdf.p,
r: kdf.r
mac: mac.substring(2)
// If we have a mnemonic, encrypt it into the JSON wallet
if (account.mnemonic) {
const client = (options.client != null) ? options.client : `ethers/${version}`;
const path = account.mnemonic.path || defaultPath$1;
const locale = account.mnemonic.locale || "en";
const mnemonicKey = key.slice(32, 64);
const entropy = getBytes(account.mnemonic.entropy, "account.mnemonic.entropy");
const mnemonicIv = randomBytes(16);
const mnemonicAesCtr = new CTR(mnemonicKey, mnemonicIv);
const mnemonicCiphertext = getBytes(mnemonicAesCtr.encrypt(entropy));
const now = new Date();
const timestamp = (now.getUTCFullYear() + "-" +
zpad$1(now.getUTCMonth() + 1, 2) + "-" +
zpad$1(now.getUTCDate(), 2) + "T" +
zpad$1(now.getUTCHours(), 2) + "-" +
zpad$1(now.getUTCMinutes(), 2) + "-" +
zpad$1(now.getUTCSeconds(), 2) + ".0Z");
const gethFilename = ("UTC--" + timestamp + "--" + data.address);
data["x-ethers"] = {
client, gethFilename, path, locale,
mnemonicCounter: hexlify(mnemonicIv).substring(2),
mnemonicCiphertext: hexlify(mnemonicCiphertext).substring(2),
version: "0.1"
return JSON.stringify(data);
* Return the JSON Keystore Wallet for %%account%% encrypted with
* %%password%%.
* The %%options%% can be used to tune the password-based key
* derivation function parameters, explicitly set the random values
* used. Any provided [[ProgressCallback]] is ignord.
function encryptKeystoreJsonSync(account, password, options) {
if (options == null) {
options = {};
const passwordBytes = getPassword(password);
const kdf = getEncryptKdfParams(options);
const key = scryptSync(passwordBytes, kdf.salt, kdf.N, kdf.r, kdf.p, 64);
return _encryptKeystore(getBytes(key), kdf, account, options);
* Resolved to the JSON Keystore Wallet for %%account%% encrypted
* with %%password%%.
* The %%options%% can be used to tune the password-based key
* derivation function parameters, explicitly set the random values
* used and provide a [[ProgressCallback]] to receive periodic updates
* on the completion status..
async function encryptKeystoreJson(account, password, options) {
if (options == null) {
options = {};
const passwordBytes = getPassword(password);
const kdf = getEncryptKdfParams(options);
const key = await scrypt(passwordBytes, kdf.salt, kdf.N, kdf.r, kdf.p, 64, options.progressCallback);
return _encryptKeystore(getBytes(key), kdf, account, options);
* Explain HD Wallets..
* @_subsection: api/wallet:HD Wallets [hd-wallets]
* The default derivation path for Ethereum HD Nodes. (i.e. ``"m/44'/60'/0'/0/0"``)
const defaultPath = "m/44'/60'/0'/0/0";
// "Bitcoin seed"
const MasterSecret = new Uint8Array([66, 105, 116, 99, 111, 105, 110, 32, 115, 101, 101, 100]);
const HardenedBit = 0x80000000;
const N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
const Nibbles = "0123456789abcdef";
function zpad(value, length) {
let result = "";
while (value) {
result = Nibbles[value % 16] + result;
value = Math.trunc(value / 16);
while (result.length < length * 2) {
result = "0" + result;
return "0x" + result;
function encodeBase58Check(_value) {
const value = getBytes(_value);
const check = dataSlice(sha256(sha256(value)), 0, 4);
const bytes = concat([value, check]);
return encodeBase58(bytes);
const _guard = {};
function ser_I(index, chainCode, publicKey, privateKey) {
const data = new Uint8Array(37);
if (index & HardenedBit) {
assert$1(privateKey != null, "cannot derive child of neutered node", "UNSUPPORTED_OPERATION", {
operation: "deriveChild"
// Data = 0x00 || ser_256(k_par)
data.set(getBytes(privateKey), 1);
else {
// Data = ser_p(point(k_par))
// Data += ser_32(i)
for (let i = 24; i >= 0; i -= 8) {
data[33 + (i >> 3)] = ((index >> (24 - i)) & 0xff);
const I = getBytes(computeHmac("sha512", chainCode, data));
return { IL: I.slice(0, 32), IR: I.slice(32) };
function derivePath(node, path) {
const components = path.split("/");
assertArgument(components.length > 0 && (components[0] === "m" || node.depth > 0), "invalid path", "path", path);
if (components[0] === "m") {
let result = node;
for (let i = 0; i < components.length; i++) {
const component = components[i];
if (component.match(/^[0-9]+'$/)) {
const index = parseInt(component.substring(0, component.length - 1));
assertArgument(index < HardenedBit, "invalid path index", `path[${i}]`, component);
result = result.deriveChild(HardenedBit + index);
else if (component.match(/^[0-9]+$/)) {
const index = parseInt(component);
assertArgument(index < HardenedBit, "invalid path index", `path[${i}]`, component);
result = result.deriveChild(index);
else {
assertArgument(false, "invalid path component", `path[${i}]`, component);
return result;
* An **HDNodeWallet** is a [[Signer]] backed by the private key derived
* from an HD Node using the [[link-bip-32]] stantard.
* An HD Node forms a hierarchal structure with each HD Node having a
* private key and the ability to derive child HD Nodes, defined by
* a path indicating the index of each child.
class HDNodeWallet extends BaseWallet {
* The compressed public key.
* The fingerprint.
* A fingerprint allows quick qay to detect parent and child nodes,
* but developers should be prepared to deal with collisions as it
* is only 4 bytes.
* The parent fingerprint.
* The mnemonic used to create this HD Node, if available.
* Sources such as extended keys do not encode the mnemonic, in
* which case this will be ``null``.
* The chaincode, which is effectively a public key used
* to derive children.
* The derivation path of this wallet.
* Since extended keys do not provider full path details, this
* may be ``null``, if instantiated from a source that does not
* enocde it.
* The child index of this wallet. Values over ``2 *\* 31`` indicate
* the node is hardened.
* The depth of this wallet, which is the number of components
* in its path.
* @private
constructor(guard, signingKey, parentFingerprint, chainCode, path, index, depth, mnemonic, provider) {
super(signingKey, provider);
assertPrivate(guard, _guard, "HDNodeWallet");
defineProperties(this, { publicKey: signingKey.compressedPublicKey });
const fingerprint = dataSlice(ripemd160(sha256(this.publicKey)), 0, 4);
defineProperties(this, {
parentFingerprint, fingerprint,
chainCode, path, index, depth
defineProperties(this, { mnemonic });
connect(provider) {
return new HDNodeWallet(_guard, this.signingKey, this.parentFingerprint, this.chainCode, this.path, this.index, this.depth, this.mnemonic, provider);
#account() {
const account = { address: this.address, privateKey: this.privateKey };
const m = this.mnemonic;
if (this.path && m && m.wordlist.locale === "en" && m.password === "") {
account.mnemonic = {
path: this.path,
locale: "en",
entropy: m.entropy
return account;
* Resolves to a [JSON Keystore Wallet](json-wallets) encrypted with
* %%password%%.
* If %%progressCallback%% is specified, it will receive periodic
* updates as the encryption process progreses.
async encrypt(password, progressCallback) {
return await encryptKeystoreJson(this.#account(), password, { progressCallback });
* Returns a [JSON Keystore Wallet](json-wallets) encryped with
* %%password%%.
* It is preferred to use the [async version](encrypt) instead,
* which allows a [[ProgressCallback]] to keep the user informed.
* This method will block the event loop (freezing all UI) until
* it is complete, which may be a non-trivial duration.
encryptSync(password) {
return encryptKeystoreJsonSync(this.#account(), password);
* The extended key.
* This key will begin with the prefix ``xpriv`` and can be used to
* reconstruct this HD Node to derive its children.
get extendedKey() {
// We only support the mainnet values for now, but if anyone needs
// testnet values, let me know. I believe current sentiment is that
// we should always use mainnet, and use BIP-44 to derive the network
// - Mainnet: public=0x0488B21E, private=0x0488ADE4
// - Testnet: public=0x043587CF, private=0x04358394
assert$1(this.depth < 256, "Depth too deep", "UNSUPPORTED_OPERATION", { operation: "extendedKey" });
return encodeBase58Check(concat([
"0x0488ADE4", zpad(this.depth, 1), this.parentFingerprint,
zpad(this.index, 4), this.chainCode,
concat(["0x00", this.privateKey])
* Returns true if this wallet has a path, providing a Type Guard
* that the path is non-null.
hasPath() { return (this.path != null); }
* Returns a neutered HD Node, which removes the private details
* of an HD Node.
* A neutered node has no private key, but can be used to derive
* child addresses and other public data about the HD Node.
neuter() {
return new HDNodeVoidWallet(_guard, this.address, this.publicKey, this.parentFingerprint, this.chainCode, this.path, this.index, this.depth, this.provider);
* Return the child for %%index%%.
deriveChild(_index) {
const index = getNumber(_index, "index");
assertArgument(index <= 0xffffffff, "invalid index", "index", index);
// Base path
let path = this.path;
if (path) {
path += "/" + (index & ~HardenedBit);
if (index & HardenedBit) {
path += "'";
const { IR, IL } = ser_I(index, this.chainCode, this.publicKey, this.privateKey);
const ki = new SigningKey(toBeHex((toBigInt(IL) + BigInt(this.privateKey)) % N, 32));
return new HDNodeWallet(_guard, ki, this.fingerprint, hexlify(IR), path, index, this.depth + 1, this.mnemonic, this.provider);
* Return the HDNode for %%path%% from this node.
derivePath(path) {
return derivePath(this, path);
static #fromSeed(_seed, mnemonic) {
assertArgument(isBytesLike(_seed), "invalid seed", "seed", "[REDACTED]");
const seed = getBytes(_seed, "seed");
assertArgument(seed.length >= 16 && seed.length <= 64, "invalid seed", "seed", "[REDACTED]");
const I = getBytes(computeHmac("sha512", MasterSecret, seed));
const signingKey = new SigningKey(hexlify(I.slice(0, 32)));
return new HDNodeWallet(_guard, signingKey, "0x00000000", hexlify(I.slice(32)), "m", 0, 0, mnemonic, null);
* Creates a new HD Node from %%extendedKey%%.
* If the %%extendedKey%% will either have a prefix or ``xpub`` or
* ``xpriv``, returning a neutered HD Node ([[HDNodeVoidWallet]])
* or full HD Node ([[HDNodeWallet) respectively.
static fromExtendedKey(extendedKey) {
const bytes = toBeArray(decodeBase58(extendedKey)); // @TODO: redact
assertArgument(bytes.length === 82 || encodeBase58Check(bytes.slice(0, 78)) === extendedKey, "invalid extended key", "extendedKey", "[ REDACTED ]");
const depth = bytes[4];
const parentFingerprint = hexlify(bytes.slice(5, 9));
const index = parseInt(hexlify(bytes.slice(9, 13)).substring(2), 16);
const chainCode = hexlify(bytes.slice(13, 45));
const key = bytes.slice(45, 78);
switch (hexlify(bytes.slice(0, 4))) {
// Public Key
case "0x0488b21e":
case "0x043587cf": {
const publicKey = hexlify(key);
return new HDNodeVoidWallet(_guard, computeAddress(publicKey), publicKey, parentFingerprint, chainCode, null, index, depth, null);
// Private Key
case "0x0488ade4":
case "0x04358394 ":
if (key[0] !== 0) {
return new HDNodeWallet(_guard, new SigningKey(key.slice(1)), parentFingerprint, chainCode, null, index, depth, null, null);
assertArgument(false, "invalid extended key prefix", "extendedKey", "[ REDACTED ]");
* Creates a new random HDNode.
static createRandom(password, path, wordlist) {
if (password == null) {
password = "";
if (path == null) {
path = defaultPath;
if (wordlist == null) {
wordlist = LangEn.wordlist();
const mnemonic = Mnemonic.fromEntropy(randomBytes(16), password, wordlist);
return HDNodeWallet.#fromSeed(mnemonic.computeSeed(), mnemonic).derivePath(path);
* Create am HD Node from %%mnemonic%%.
static fromMnemonic(mnemonic, path) {
if (!path) {
path = defaultPath;
return HDNodeWallet.#fromSeed(mnemonic.computeSeed(), mnemonic).derivePath(path);
* Creates an HD Node from a mnemonic %%phrase%%.
static fromPhrase(phrase, password, path, wordlist) {
if (password == null) {
password = "";
if (path == null) {
path = defaultPath;
if (wordlist == null) {
wordlist = LangEn.wordlist();
const mnemonic = Mnemonic.fromPhrase(phrase, password, wordlist);
return HDNodeWallet.#fromSeed(mnemonic.computeSeed(), mnemonic).derivePath(path);
* Creates an HD Node from a %%seed%%.
static fromSeed(seed) {
return HDNodeWallet.#fromSeed(seed, null);
* A **HDNodeVoidWallet** cannot sign, but provides access to
* the children nodes of a [[link-bip-32]] HD wallet addresses.
* The can be created by using an extended ``xpub`` key to
* [[HDNodeWallet_fromExtendedKey]] or by
* [nuetering](HDNodeWallet-neuter) a [[HDNodeWallet]].
class HDNodeVoidWallet extends VoidSigner {
* The compressed public key.
* The fingerprint.
* A fingerprint allows quick qay to detect parent and child nodes,
* but developers should be prepared to deal with collisions as it
* is only 4 bytes.
* The parent node fingerprint.
* The chaincode, which is effectively a public key used
* to derive children.
* The derivation path of this wallet.
* Since extended keys do not provider full path details, this
* may be ``null``, if instantiated from a source that does not
* enocde it.
* The child index of this wallet. Values over ``2 *\* 31`` indicate
* the node is hardened.
* The depth of this wallet, which is the number of components
* in its path.
* @private
constructor(guard, address, publicKey, parentFingerprint, chainCode, path, index, depth, provider) {
super(address, provider);
assertPrivate(guard, _guard, "HDNodeVoidWallet");
defineProperties(this, { publicKey });
const fingerprint = dataSlice(ripemd160(sha256(publicKey)), 0, 4);
defineProperties(this, {
publicKey, fingerprint, parentFingerprint, chainCode, path, index, depth
connect(provider) {
return new HDNodeVoidWallet(_guard, this.address, this.publicKey, this.parentFingerprint, this.chainCode, this.path, this.index, this.depth, provider);
* The extended key.
* This key will begin with the prefix ``xpub`` and can be used to
* reconstruct this neutered key to derive its children addresses.
get extendedKey() {
// We only support the mainnet values for now, but if anyone needs
// testnet values, let me know. I believe current sentiment is that
// we should always use mainnet, and use BIP-44 to derive the network
// - Mainnet: public=0x0488B21E, private=0x0488ADE4
// - Testnet: public=0x043587CF, private=0x04358394
assert$1(this.depth < 256, "Depth too deep", "UNSUPPORTED_OPERATION", { operation: "extendedKey" });
return encodeBase58Check(concat([
zpad(this.depth, 1),
zpad(this.index, 4),
* Returns true if this wallet has a path, providing a Type Guard
* that the path is non-null.
hasPath() { return (this.path != null); }
* Return the child for %%index%%.
deriveChild(_index) {
const index = getNumber(_index, "index");
assertArgument(index <= 0xffffffff, "invalid index", "index", index);
// Base path
let path = this.path;
if (path) {
path += "/" + (index & ~HardenedBit);
if (index & HardenedBit) {
path += "'";
const { IR, IL } = ser_I(index, this.chainCode, this.publicKey, null);
const Ki = SigningKey.addPoints(IL, this.publicKey, true);
const address = computeAddress(Ki);
return new HDNodeVoidWallet(_guard, address, Ki, this.fingerprint, hexlify(IR), path, index, this.depth + 1, this.provider);
* Return the signer for %%path%% from this node.
derivePath(path) {
return derivePath(this, path);
export class HDNodeWalletManager {
#root: HDNodeWallet;
constructor(phrase: string, password?: null | string, path?: null | string, locale?: null | Wordlist) {
if (password == null) { password = ""; }
if (path == null) { path = "m/44'/60'/0'/0"; }
if (locale == null) { locale = LangEn.wordlist(); }
this.#root = HDNodeWallet.fromPhrase(phrase, password, path, locale);
getSigner(index?: number): HDNodeWallet {
return this.#root.deriveChild((index == null) ? 0: index);
* Returns the [[link-bip-32]] path for the acount at %%index%%.
* This is the pattern used by wallets like Ledger.
* There is also an [alternate pattern](getIndexedAccountPath) used by
* some software.
function getAccountPath(_index) {
const index = getNumber(_index, "index");
assertArgument(index >= 0 && index < HardenedBit, "invalid account index", "index", index);
return `m/44'/60'/${index}'/0/0`;
* Returns the path using an alternative pattern for deriving accounts,
* at %%index%%.
* This derivation path uses the //index// component rather than the
* //account// component to derive sequential accounts.
* This is the pattern used by wallets like MetaMask.
function getIndexedAccountPath(_index) {
const index = getNumber(_index, "index");
assertArgument(index >= 0 && index < HardenedBit, "invalid account index", "index", index);
return `m/44'/60'/0'/0/${index}`;
* @_subsection: api/wallet:JSON Wallets [json-wallets]
* Returns true if %%json%% is a valid JSON Crowdsale wallet.
function isCrowdsaleJson(json) {
try {
const data = JSON.parse(json);
if (data.encseed) {
return true;
catch (error) { }
return false;
// See:
* Before Ethereum launched, it was necessary to create a wallet
* format for backers to use, which would be used to receive ether
* as a reward for contributing to the project.
* The [[link-crowdsale]] format is now obsolete, but it is still
* useful to support and the additional code is fairly trivial as
* all the primitives required are used through core portions of
* the library.
function decryptCrowdsaleJson(json, _password) {
const data = JSON.parse(json);
const password = getPassword(_password);
// Ethereum Address
const address = getAddress(spelunk(data, "ethaddr:string!"));
// Encrypted Seed
const encseed = looseArrayify(spelunk(data, "encseed:string!"));
assertArgument(encseed && (encseed.length % 16) === 0, "invalid encseed", "json", json);
const key = getBytes(pbkdf2(password, password, 2000, 32, "sha256")).slice(0, 16);
const iv = encseed.slice(0, 16);
const encryptedSeed = encseed.slice(16);
// Decrypt the seed
const aesCbc = new CBC(key, iv);
const seed = pkcs7Strip(getBytes(aesCbc.decrypt(encryptedSeed)));
// This wallet format is weird... Convert the binary encoded hex to a string.
let seedHex = "";
for (let i = 0; i < seed.length; i++) {
seedHex += String.fromCharCode(seed[i]);
return { address, privateKey: id(seedHex) };
function stall(duration) {
return new Promise((resolve) => { setTimeout(() => { resolve(); }, duration); });
* A **Wallet** manages a single private key which is used to sign
* transactions, messages and other common payloads.
* This class is generally the main entry point for developers
* that wish to use a private key directly, as it can create
* instances from a large variety of common sources, including
* raw private key, [[link-bip-39]] mnemonics and encrypte JSON
* wallets.
class Wallet extends BaseWallet {
* Create a new wallet for the %%privateKey%%, optionally connected
* to %%provider%%.
constructor(key, provider) {
if (typeof (key) === "string" && !key.startsWith("0x")) {
key = "0x" + key;
let signingKey = (typeof (key) === "string") ? new SigningKey(key) : key;
super(signingKey, provider);
connect(provider) {
return new Wallet(this.signingKey, provider);
* Resolves to a [JSON Keystore Wallet](json-wallets) encrypted with
* %%password%%.
* If %%progressCallback%% is specified, it will receive periodic
* updates as the encryption process progreses.
async encrypt(password, progressCallback) {
const account = { address: this.address, privateKey: this.privateKey };
return await encryptKeystoreJson(account, password, { progressCallback });
* Returns a [JSON Keystore Wallet](json-wallets) encryped with
* %%password%%.
* It is preferred to use the [async version](encrypt) instead,
* which allows a [[ProgressCallback]] to keep the user informed.
* This method will block the event loop (freezing all UI) until
* it is complete, which may be a non-trivial duration.
encryptSync(password) {
const account = { address: this.address, privateKey: this.privateKey };
return encryptKeystoreJsonSync(account, password);
static #fromAccount(account) {
assertArgument(account, "invalid JSON wallet", "json", "[ REDACTED ]");
if ("mnemonic" in account && account.mnemonic && account.mnemonic.locale === "en") {
const mnemonic = Mnemonic.fromEntropy(account.mnemonic.entropy);
const wallet = HDNodeWallet.fromMnemonic(mnemonic, account.mnemonic.path);
if (wallet.address === account.address && wallet.privateKey === account.privateKey) {
return wallet;
console.log("WARNING: JSON mismatch address/privateKey != mnemonic; fallback onto private key");
const wallet = new Wallet(account.privateKey);
assertArgument(wallet.address === account.address, "address/privateKey mismatch", "json", "[ REDACTED ]");
return wallet;
* Creates (asynchronously) a **Wallet** by decrypting the %%json%%
* with %%password%%.
* If %%progress%% is provided, it is called periodically during
* decryption so that any UI can be updated.
static async fromEncryptedJson(json, password, progress) {
let account = null;
if (isKeystoreJson(json)) {
account = await decryptKeystoreJson(json, password, progress);
else if (isCrowdsaleJson(json)) {
if (progress) {
await stall(0);
account = decryptCrowdsaleJson(json, password);
if (progress) {
await stall(0);
return Wallet.#fromAccount(account);
* Creates a **Wallet** by decrypting the %%json%% with %%password%%.
* The [[fromEncryptedJson]] method is preferred, as this method
* will lock up and freeze the UI during decryption, which may take
* some time.
static fromEncryptedJsonSync(json, password) {
let account = null;
if (isKeystoreJson(json)) {
account = decryptKeystoreJsonSync(json, password);
else if (isCrowdsaleJson(json)) {
account = decryptCrowdsaleJson(json, password);
else {
assertArgument(false, "invalid JSON wallet", "json", "[ REDACTED ]");
return Wallet.#fromAccount(account);
* Creates a new random [[HDNodeWallet]] using the avavilable
* [cryptographic random source](randomBytes).
* If there is no crytographic random source, this will throw.
static createRandom(provider) {
const wallet = HDNodeWallet.createRandom();
if (provider) {
return wallet.connect(provider);
return wallet;
* Creates a [[HDNodeWallet]] for %%phrase%%.
static fromPhrase(phrase, provider) {
const wallet = HDNodeWallet.fromPhrase(phrase);
if (provider) {
return wallet.connect(provider);
return wallet;
* When interacting with Ethereum, it is necessary to use a private
* key authenticate actions by signing a payload.
* Wallets are the simplest way to expose the concept of an
* //Externally Owner Account// (EOA) as it wraps a private key
* and supports high-level methods to sign common types of interaction
* and send transactions.
* The class most developers will want to use is [[Wallet]], which
* can load a private key directly or from any common wallet format.
* The [[HDNodeWallet]] can be used when it is necessary to access
* low-level details of how an HD wallets are derived, exported
* or imported.
* @_section: api/wallet:Wallets [about-wallets]
const Base64 = ")!@#$%^&*(ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_";
* @_ignore
function decodeBits(width, data) {
const maxValue = (1 << width) - 1;
const result = [];
let accum = 0, bits = 0, flood = 0;
for (let i = 0; i < data.length; i++) {
// Accumulate 6 bits of data
accum = ((accum << 6) | Base64.indexOf(data[i]));
bits += 6;
// While we have enough for a word...
while (bits >= width) {
// the word
const value = (accum >> (bits - width));
accum &= (1 << (bits - width)) - 1;
bits -= width;
// A value of 0 indicates we exceeded maxValue, it
// floods over into the next value
if (value === 0) {
flood += maxValue;
else {
result.push(value + flood);
flood = 0;
return result;
* @_ignore
function decodeOwlA(data, accents) {
let words = decodeOwl(data).join(",");
// Inject the accents
accents.split(/,/g).forEach((accent) => {
const match = accent.match(/^([a-z]*)([0-9]+)([0-9])(.*)$/);
assertArgument(match !== null, "internal error parsing accents", "accents", accents);
let posOffset = 0;
const positions = decodeBits(parseInt(match[3]), match[4]);
const charCode = parseInt(match[2]);
const regex = new RegExp(`([${match[1]}])`, "g");
words = words.replace(regex, (all, letter) => {
const rem = --positions[posOffset];
if (rem === 0) {
letter = String.fromCharCode(letter.charCodeAt(0), charCode);
return letter;
return words.split(",");
* An OWL-A format Wordlist extends the OWL format to add an
* overlay onto an OWL format Wordlist to support diacritic
* marks.
* This class is generally not useful to most developers as
* it is used mainly internally to keep Wordlists for languages
* based on latin-1 small.
* If necessary, there are tools within the ``generation/`` folder
* to create these necessary data.
class WordlistOwlA extends WordlistOwl {
constructor(locale, data, accent, checksum) {
super(locale, data, checksum);
this.#accent = accent;
get _accent() { return this.#accent; }
_decodeWords() {
return decodeOwlA(this._data, this._accent);
const wordlists = {
en: LangEn.wordlist(),
* A Wordlist is a set of 2048 words used to encode private keys
* (or other binary data) that is easier for humans to write down,
* transcribe and dictate.
* The [[link-bip-39]] standard includes several checksum bits,
* depending on the size of the mnemonic phrase.
* A mnemonic phrase may be 12, 15, 18, 21 or 24 words long. For
* most purposes 12 word mnemonics should be used, as including
* additional words increases the difficulty and potential for
* mistakes and does not offer any effective improvement on security.
* There are a variety of [[link-bip39-wordlists]] for different
* languages, but for maximal compatibility, the
* [English Wordlist](LangEn) is recommended.
* @_section: api/wordlists:Wordlists [about-wordlists]
var ethers = /*#__PURE__*/Object.freeze({
__proto__: null,
version: version,
decodeBytes32String: decodeBytes32String,
encodeBytes32String: encodeBytes32String,
AbiCoder: AbiCoder,
ConstructorFragment: ConstructorFragment,
ErrorFragment: ErrorFragment,
EventFragment: EventFragment,
Fragment: Fragment,
FunctionFragment: FunctionFragment,
ParamType: ParamType,
checkResultErrors: checkResultErrors,
Indexed: Indexed,
Interface: Interface,
LogDescription: LogDescription,
Result: Result,
TransactionDescription: TransactionDescription,
Typed: Typed,
getAddress: getAddress,
getIcapAddress: getIcapAddress,
getCreateAddress: getCreateAddress,
getCreate2Address: getCreate2Address,
isAddressable: isAddressable,
isAddress: isAddress,
resolveAddress: resolveAddress,
ZeroAddress: ZeroAddress,
WeiPerEther: WeiPerEther,
MaxUint256: MaxUint256,
MinInt256: MinInt256,
MaxInt256: MaxInt256,
N: N$1,
ZeroHash: ZeroHash,
EtherSymbol: EtherSymbol,
MessagePrefix: MessagePrefix,
BaseContract: BaseContract,
Contract: Contract,
ContractFactory: ContractFactory,
ContractEventPayload: ContractEventPayload,
ContractTransactionReceipt: ContractTransactionReceipt,
ContractTransactionResponse: ContractTransactionResponse,
EventLog: EventLog,
computeHmac: computeHmac,
randomBytes: randomBytes,
keccak256: keccak256,
ripemd160: ripemd160,
sha256: sha256,
sha512: sha512,
pbkdf2: pbkdf2,
scrypt: scrypt,
scryptSync: scryptSync,
lock: lock,
Signature: Signature,
SigningKey: SigningKey,
id: id,
ensNormalize: ensNormalize,
isValidName: isValidName,
namehash: namehash,
dnsEncode: dnsEncode,
hashMessage: hashMessage,
verifyMessage: verifyMessage,
solidityPacked: solidityPacked,
solidityPackedKeccak256: solidityPackedKeccak256,
solidityPackedSha256: solidityPackedSha256,
TypedDataEncoder: TypedDataEncoder,
getDefaultProvider: getDefaultProvider,
Block: Block,
FeeData: FeeData,
Log: Log,
TransactionReceipt: TransactionReceipt,
TransactionResponse: TransactionResponse,
AbstractSigner: AbstractSigner,
NonceManager: NonceManager,
VoidSigner: VoidSigner,
AbstractProvider: AbstractProvider,
FallbackProvider: FallbackProvider,
JsonRpcApiProvider: JsonRpcApiProvider,
JsonRpcProvider: JsonRpcProvider,
JsonRpcSigner: JsonRpcSigner,
BrowserProvider: BrowserProvider,
AlchemyProvider: AlchemyProvider,
AnkrProvider: AnkrProvider,
CloudflareProvider: CloudflareProvider,
EtherscanProvider: EtherscanProvider,
InfuraProvider: InfuraProvider,
PocketProvider: PocketProvider,
QuickNodeProvider: QuickNodeProvider,
IpcSocketProvider: IpcSocketProvider,
SocketProvider: SocketProvider,
WebSocketProvider: WebSocketProvider,
EnsResolver: EnsResolver,
Network: Network,
accessListify: accessListify,
computeAddress: computeAddress,
recoverAddress: recoverAddress,
Transaction: Transaction,
decodeBase58: decodeBase58,
encodeBase58: encodeBase58,
decodeBase64: decodeBase64,
encodeBase64: encodeBase64,
concat: concat,
dataLength: dataLength,
dataSlice: dataSlice,
getBytes: getBytes,
getBytesCopy: getBytesCopy,
hexlify: hexlify,
isHexString: isHexString,
isBytesLike: isBytesLike,
stripZerosLeft: stripZerosLeft,
zeroPadBytes: zeroPadBytes,
zeroPadValue: zeroPadValue,
defineProperties: defineProperties,
assert: assert$1,
assertArgument: assertArgument,
assertArgumentCount: assertArgumentCount,
assertNormalize: assertNormalize,
assertPrivate: assertPrivate,
makeError: makeError,
isCallException: isCallException,
isError: isError,
FetchRequest: FetchRequest,
FetchResponse: FetchResponse,
FetchCancelSignal: FetchCancelSignal,
FixedNumber: FixedNumber,
getBigInt: getBigInt,
getNumber: getNumber,
getUint: getUint,
toBeArray: toBeArray,
toBigInt: toBigInt,
toBeHex: toBeHex,
toNumber: toNumber,
toQuantity: toQuantity,
fromTwos: fromTwos,
toTwos: toTwos,
mask: mask,
formatEther: formatEther,
parseEther: parseEther,
formatUnits: formatUnits,
parseUnits: parseUnits,
toUtf8Bytes: toUtf8Bytes,
toUtf8CodePoints: toUtf8CodePoints,
toUtf8String: toUtf8String,
Utf8ErrorFuncs: Utf8ErrorFuncs,
decodeRlp: decodeRlp,
encodeRlp: encodeRlp,
Mnemonic: Mnemonic,
BaseWallet: BaseWallet,
HDNodeWallet: HDNodeWallet,
HDNodeVoidWallet: HDNodeVoidWallet,
Wallet: Wallet,
defaultPath: defaultPath,
getAccountPath: getAccountPath,
isCrowdsaleJson: isCrowdsaleJson,
isKeystoreJson: isKeystoreJson,
decryptCrowdsaleJson: decryptCrowdsaleJson,
decryptKeystoreJsonSync: decryptKeystoreJsonSync,
decryptKeystoreJson: decryptKeystoreJson,
encryptKeystoreJson: encryptKeystoreJson,
encryptKeystoreJsonSync: encryptKeystoreJsonSync,
Wordlist: Wordlist,
LangEn: LangEn,
WordlistOwl: WordlistOwl,
WordlistOwlA: WordlistOwlA
* The Application Programming Interface (API) is the collection of
* functions, classes and types offered by the Ethers library.
* @_section: api:Application Programming Interface [about-api]
* @_navTitle: API
exports.AbiCoder = AbiCoder;
exports.AbstractProvider = AbstractProvider;
exports.AbstractSigner = AbstractSigner;
exports.AlchemyProvider = AlchemyProvider;
exports.AnkrProvider = AnkrProvider;
exports.BaseContract = BaseContract;
exports.BaseWallet = BaseWallet;
exports.Block = Block;
exports.BrowserProvider = BrowserProvider;
exports.CloudflareProvider = CloudflareProvider;
exports.ConstructorFragment = ConstructorFragment;
exports.Contract = Contract;
exports.ContractEventPayload = ContractEventPayload;
exports.ContractFactory = ContractFactory;
exports.ContractTransactionReceipt = ContractTransactionReceipt;
exports.ContractTransactionResponse = ContractTransactionResponse;
exports.EnsResolver = EnsResolver;
exports.ErrorFragment = ErrorFragment;
exports.EtherSymbol = EtherSymbol;
exports.EtherscanProvider = EtherscanProvider;
exports.EventFragment = EventFragment;
exports.EventLog = EventLog;
exports.FallbackProvider = FallbackProvider;
exports.FeeData = FeeData;
exports.FetchCancelSignal = FetchCancelSignal;
exports.FetchRequest = FetchRequest;
exports.FetchResponse = FetchResponse;
exports.FixedNumber = FixedNumber;
exports.Fragment = Fragment;
exports.FunctionFragment = FunctionFragment;
exports.HDNodeVoidWallet = HDNodeVoidWallet;
exports.HDNodeWallet = HDNodeWallet;
exports.Indexed = Indexed;
exports.InfuraProvider = InfuraProvider;
exports.Interface = Interface;
exports.IpcSocketProvider = IpcSocketProvider;
exports.JsonRpcApiProvider = JsonRpcApiProvider;
exports.JsonRpcProvider = JsonRpcProvider;
exports.JsonRpcSigner = JsonRpcSigner;
exports.LangEn = LangEn;
exports.Log = Log;
exports.LogDescription = LogDescription;
exports.MaxInt256 = MaxInt256;
exports.MaxUint256 = MaxUint256;
exports.MessagePrefix = MessagePrefix;
exports.MinInt256 = MinInt256;
exports.Mnemonic = Mnemonic;
exports.N = N$1;
exports.Network = Network;
exports.NonceManager = NonceManager;
exports.ParamType = ParamType;
exports.PocketProvider = PocketProvider;
exports.QuickNodeProvider = QuickNodeProvider;
exports.Result = Result;
exports.Signature = Signature;
exports.SigningKey = SigningKey;
exports.SocketProvider = SocketProvider;
exports.Transaction = Transaction;
exports.TransactionDescription = TransactionDescription;
exports.TransactionReceipt = TransactionReceipt;
exports.TransactionResponse = TransactionResponse;
exports.Typed = Typed;
exports.TypedDataEncoder = TypedDataEncoder;
exports.Utf8ErrorFuncs = Utf8ErrorFuncs;
exports.VoidSigner = VoidSigner;
exports.Wallet = Wallet;
exports.WebSocketProvider = WebSocketProvider;
exports.WeiPerEther = WeiPerEther;
exports.Wordlist = Wordlist;
exports.WordlistOwl = WordlistOwl;
exports.WordlistOwlA = WordlistOwlA;
exports.ZeroAddress = ZeroAddress;
exports.ZeroHash = ZeroHash;
exports.accessListify = accessListify;
exports.assert = assert$1;
exports.assertArgument = assertArgument;
exports.assertArgumentCount = assertArgumentCount;
exports.assertNormalize = assertNormalize;
exports.assertPrivate = assertPrivate;
exports.checkResultErrors = checkResultErrors;
exports.computeAddress = computeAddress;
exports.computeHmac = computeHmac;
exports.concat = concat;
exports.dataLength = dataLength;
exports.dataSlice = dataSlice;
exports.decodeBase58 = decodeBase58;
exports.decodeBase64 = decodeBase64;
exports.decodeBytes32String = decodeBytes32String;
exports.decodeRlp = decodeRlp;
exports.decryptCrowdsaleJson = decryptCrowdsaleJson;
exports.decryptKeystoreJson = decryptKeystoreJson;
exports.decryptKeystoreJsonSync = decryptKeystoreJsonSync;
exports.defaultPath = defaultPath;
exports.defineProperties = defineProperties;
exports.dnsEncode = dnsEncode;
exports.encodeBase58 = encodeBase58;
exports.encodeBase64 = encodeBase64;
exports.encodeBytes32String = encodeBytes32String;
exports.encodeRlp = encodeRlp;
exports.encryptKeystoreJson = encryptKeystoreJson;
exports.encryptKeystoreJsonSync = encryptKeystoreJsonSync;
exports.ensNormalize = ensNormalize;
exports.ethers = ethers;
exports.formatEther = formatEther;
exports.formatUnits = formatUnits;
exports.fromTwos = fromTwos;
exports.getAccountPath = getAccountPath;
exports.getAddress = getAddress;
exports.getBigInt = getBigInt;
exports.getBytes = getBytes;
exports.getBytesCopy = getBytesCopy;
exports.getCreate2Address = getCreate2Address;
exports.getCreateAddress = getCreateAddress;
exports.getDefaultProvider = getDefaultProvider;
exports.getIcapAddress = getIcapAddress;
exports.getNumber = getNumber;
exports.getUint = getUint;
exports.hashMessage = hashMessage;
exports.hexlify = hexlify; = id;
exports.isAddress = isAddress;
exports.isAddressable = isAddressable;
exports.isBytesLike = isBytesLike;
exports.isCallException = isCallException;
exports.isCrowdsaleJson = isCrowdsaleJson;
exports.isError = isError;
exports.isHexString = isHexString;
exports.isKeystoreJson = isKeystoreJson;
exports.isValidName = isValidName;
exports.keccak256 = keccak256;
exports.lock = lock;
exports.makeError = makeError;
exports.mask = mask;
exports.namehash = namehash;
exports.parseEther = parseEther;
exports.parseUnits = parseUnits;
exports.pbkdf2 = pbkdf2;
exports.randomBytes = randomBytes;
exports.recoverAddress = recoverAddress;
exports.resolveAddress = resolveAddress;
exports.ripemd160 = ripemd160;
exports.scrypt = scrypt;
exports.scryptSync = scryptSync;
exports.sha256 = sha256;
exports.sha512 = sha512;
exports.solidityPacked = solidityPacked;
exports.solidityPackedKeccak256 = solidityPackedKeccak256;
exports.solidityPackedSha256 = solidityPackedSha256;
exports.stripZerosLeft = stripZerosLeft;
exports.toBeArray = toBeArray;
exports.toBeHex = toBeHex;
exports.toBigInt = toBigInt;
exports.toNumber = toNumber;
exports.toQuantity = toQuantity;
exports.toTwos = toTwos;
exports.toUtf8Bytes = toUtf8Bytes;
exports.toUtf8CodePoints = toUtf8CodePoints;
exports.toUtf8String = toUtf8String;
exports.verifyMessage = verifyMessage;
exports.version = version;
exports.zeroPadBytes = zeroPadBytes;
exports.zeroPadValue = zeroPadValue;
Object.defineProperty(exports, '__esModule', { value: true });