rwadurian

Commit Graph

Author	SHA1	Message	Date
hailin	6b85401d5c	fix(mnemonic): fix recovery-by-mnemonic using hash verification instead of address matching ## Problem MPC wallet addresses have no cryptographic relationship with recovery mnemonics, so address-based verification always failed for account recovery. ## Solution Changed mnemonic verification from address matching to hash-based verification: - Mnemonic acts as identity credential, verified by hash stored in blockchain-service - Uses accountSequence to lookup stored mnemonic hash for verification ## Changes ### blockchain-service - recovery-mnemonic.adapter.ts: - generateMnemonic() now async, uses bcrypt (rounds=12) for secure hashing - verifyMnemonic() now async, supports both bcrypt and legacy SHA256 hashes - Added backward compatibility for existing SHA256 hashed mnemonics - mnemonic-verification.service.ts: - await verifyMnemonic() for async bcrypt comparison - address-derivation.service.ts: - await generateMnemonic() for async bcrypt hashing - package.json: added bcrypt dependency ### identity-service - user-application.service.ts: - Changed recoverByMnemonic() to use verifyMnemonicByAccount (hash verification) - Added rate limiting: 5 failed attempts per hour per accountSequence - Uses Redis to track failed verification attempts - redis.service.ts: - Added incr() and expire() methods for rate limiting - Added updateKeygenStatusAtomic() with Lua script for atomic state transitions - mpc-keygen-completed.handler.ts: - Uses atomic Redis update to prevent race conditions - blockchain-wallet.handler.ts: - Uses atomic Redis update for completed status ## Security Improvements - bcrypt with 12 rounds for mnemonic hashing (anti-brute-force) - Rate limiting prevents brute force attacks on mnemonic recovery - Atomic Redis operations prevent race conditions in wallet creation flow 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-08 09:02:24 -08:00
hailin	2e815cec6e	feat: move address derivation from identity-service to blockchain-service - Add Cosmos address derivation (bech32) to blockchain-service - KAVA: kava1... format - DST: dst1... format - BSC: 0x... EVM format - Create MpcEventConsumerService in blockchain-service to consume mpc.KeygenCompleted events - Create BlockchainEventConsumerService in identity-service to consume blockchain.WalletAddressCreated events - Simplify identity-service MpcKeygenCompletedHandler to only manage status updates - Add CosmosAddress value object for Cosmos chain addresses Event flow: 1. identity-service -> mpc.KeygenRequested 2. mpc-service -> mpc.KeygenCompleted (with publicKey) 3. blockchain-service consumes mpc.KeygenCompleted, derives addresses 4. blockchain-service -> blockchain.WalletAddressCreated (with all chain addresses) 5. identity-service consumes blockchain.WalletAddressCreated, saves to user account 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-06 21:08:21 -08:00
hailin	23043d5d79	feat: add detailed debug logging for MPC Kafka event flow - Add comprehensive [INIT], [CONNECT], [PUBLISH], [RECEIVE], [HANDLE] logs to identity-service and mpc-service Kafka services - Add KeygenStarted event for tracking keygen progress - Add MpcKeygenCompletedHandler to process keygen completion events - Fix topic routing for MPC events between services 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-06 19:49:06 -08:00

Author

SHA1

Message

Date

hailin

6b85401d5c

fix(mnemonic): fix recovery-by-mnemonic using hash verification instead of address matching

## Problem
MPC wallet addresses have no cryptographic relationship with recovery mnemonics,
so address-based verification always failed for account recovery.

## Solution
Changed mnemonic verification from address matching to hash-based verification:
- Mnemonic acts as identity credential, verified by hash stored in blockchain-service
- Uses accountSequence to lookup stored mnemonic hash for verification

## Changes

### blockchain-service
- recovery-mnemonic.adapter.ts:
  - generateMnemonic() now async, uses bcrypt (rounds=12) for secure hashing
  - verifyMnemonic() now async, supports both bcrypt and legacy SHA256 hashes
  - Added backward compatibility for existing SHA256 hashed mnemonics
- mnemonic-verification.service.ts:
  - await verifyMnemonic() for async bcrypt comparison
- address-derivation.service.ts:
  - await generateMnemonic() for async bcrypt hashing
- package.json: added bcrypt dependency

### identity-service
- user-application.service.ts:
  - Changed recoverByMnemonic() to use verifyMnemonicByAccount (hash verification)
  - Added rate limiting: 5 failed attempts per hour per accountSequence
  - Uses Redis to track failed verification attempts
- redis.service.ts:
  - Added incr() and expire() methods for rate limiting
  - Added updateKeygenStatusAtomic() with Lua script for atomic state transitions
- mpc-keygen-completed.handler.ts:
  - Uses atomic Redis update to prevent race conditions
- blockchain-wallet.handler.ts:
  - Uses atomic Redis update for completed status

## Security Improvements
- bcrypt with 12 rounds for mnemonic hashing (anti-brute-force)
- Rate limiting prevents brute force attacks on mnemonic recovery
- Atomic Redis operations prevent race conditions in wallet creation flow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-08 09:02:24 -08:00

hailin

2e815cec6e

feat: move address derivation from identity-service to blockchain-service

- Add Cosmos address derivation (bech32) to blockchain-service
  - KAVA: kava1... format
  - DST: dst1... format
  - BSC: 0x... EVM format

- Create MpcEventConsumerService in blockchain-service to consume mpc.KeygenCompleted events

- Create BlockchainEventConsumerService in identity-service to consume blockchain.WalletAddressCreated events

- Simplify identity-service MpcKeygenCompletedHandler to only manage status updates

- Add CosmosAddress value object for Cosmos chain addresses

Event flow:
1. identity-service -> mpc.KeygenRequested
2. mpc-service -> mpc.KeygenCompleted (with publicKey)
3. blockchain-service consumes mpc.KeygenCompleted, derives addresses
4. blockchain-service -> blockchain.WalletAddressCreated (with all chain addresses)
5. identity-service consumes blockchain.WalletAddressCreated, saves to user account

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-06 21:08:21 -08:00

hailin

23043d5d79

feat: add detailed debug logging for MPC Kafka event flow

- Add comprehensive [INIT], [CONNECT], [PUBLISH], [RECEIVE], [HANDLE] logs
  to identity-service and mpc-service Kafka services
- Add KeygenStarted event for tracking keygen progress
- Add MpcKeygenCompletedHandler to process keygen completion events
- Fix topic routing for MPC events between services

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-06 19:49:06 -08:00

3 Commits