Conversation
Marzooqa
changed the title
Contributor
zahin-mohammad
left a comment
zahin-mohammad
left a comment
There was a problem hiding this comment.
Reviewed against base #8687. Built locally — tsc --noEmit clean in sdk-core, signTxRequest.ts test passes (5/5).
The orchestration faithfully mirrors ECDSA's EcdsaMPCv2Utils.signRequestBase and the protocol structure looks right: WASM rounds 0/1/2 interleaved with API rounds 1/2/3, no client-side verification on round 3 (WP finalises). Nothing here freezes public API surface — the two new public methods (signTxRequest, signTxRequestForMessage) match the existing ITSSUtils/ECDSA shape, and signRequestBase is private. So everything below is follow-up safe.
Most significant finding is the missing mpcv2PartyId plumbing — backup signing is implicitly unsupported here even though the helpers from #8687 already accept the party id. ECDSA supports it; this is a behavioral gap vs the parallel path.
See inline comments.
Marzooqa
force-pushed
the
WCI-153
branch
2 times, most recently
from
969535a to
3d581de
Compare
zahin-mohammad
previously approved these changes
May 7, 2026
Contributor
zahin-mohammad
left a comment
zahin-mohammad
left a comment
There was a problem hiding this comment.
LGTM — gated on #8687 landing first (per the DO NOT MERGE label).
All 8 prior comments are resolved in this revision:
- ✅ Backup-signer plumbing:
params.mpcv2PartyIdnow flows through DSG init + all threegetSignatureShareRound{One,Two,Three}calls;signerShareTypederived frompartyId - ✅ Typo
handleIncomingMessagexs→handleIncomingMessages - ✅ Assert ordering moved before
Buffer.from(...)in both tx and message branches - ✅ Defensive
assert(userMsg2, ...)/assert(userMsg3, ...)after eachhandleIncomingMessagesdestructure - ✅ Fragile
[length - 1]share lookup replaced with newgetBitgoSignatureShare(shares, signerShareType)helper intss/common.tsthat filters byfrom === BITGO && to === signerShareType - ✅
messageRaw/bufferToSignfootgun tracked as follow-up WCI-362 - ✅ Rate-limit retry tests added for rounds 1 and 3 (round 2 was already covered)
- ✅ Test coverage: BACKUP path ("signs a txRequest with backup key") + malformed round-3 response added. Round-2 tampered-signature is covered at the helper level in #8687 (
verifyBitGoMessageRoundTwo should throw on a tampered message), so the orchestration-level gap is acceptable
Residual nits — non-blocking, address in a follow-up
- Inconsistent error style in
signRequestBase. The GPG-key check usesif (!bitgoGpgPubKey) throw new Error(...)while every other invariant in this method usesassert(...). Unifying onassert(bitgoGpgPubKey, 'Missing BitGo GPG key for MPCv2')would keep the failure-mode style consistent. - Unnamed boolean args to
pickBitgoPubGpgKeyForSigning(true, params.reqId, txRequest.enterpriseId, true). This is a pre-existing pattern carried over from ECDSA, not introduced here, but the call site reads as flag soup. Worth a separate cleanup ticket against the helper signature (named-options object or named consts) so the pattern doesn't propagate further. - Round-2 orchestration-level negative test for a wrong-type response would mirror the existing
should throw if round 1 response has wrong typeand round the symmetry out. Not strictly needed sinceverifyBitGoMessageRoundTwois unit-tested at the helper layer, but cheap to add.
None of these block — happy to approve as-is.
- Add signTxRequest, signTxRequestForMessage, and signRequestBase to EddsaMPCv2Utils implementing the full online DSG protocol: WASM round 0, API rounds 1-3, and sendTxRequest - Support BACKUP party signing via mpcv2PartyId param - Verify PGP signatures on BitGo round1Output and round2Output - Use pickBitgoPubGpgKeyForSigning with isEddsaMpcv2=true for ed25519 key - Use decodeWithCodec for type-safe parsing of signature share responses - Move getBitgoSignatureShare helper to tss/common.ts; use .find() by from/to instead of fragile array-index lookup - Add defensive asserts after each WASM and API round - Add comprehensive signTxRequest unit tests covering: - tx signing and message signing (all 3 rounds + send) - BACKUP party signing path - 429 rate-limit retry handling on rounds 1, 2, and 3 - rejection after 4+ consecutive 429 errors - rejection on wrong round1Output type - rejection on malformed round3 response Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> TICKET: WCI-154
zahin-mohammad
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
TICKET: WCI-154