chore: use Keychains and extract commonKeychain verfn

TICKET: WP-6378

Author: pranavjain97

modules/sdk-coin-dot/test/unit/dot.ts

@@ -678,7 +678,7 @@ describe('DOT:', function () {
       const commonKeychain =
         '6d2d5150f6e435dfd9b4f225f2cc29d95ec3b61b34e8bec98693b1a7ffe44cd764f99ee5058838d785c73360ad4f24d78e0255ab2c368c09060b29a9b27f040e';
       const index = '3';
-      const keychains = [{ commonKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain }];
 
       const result = await basecoin.isWalletAddress({ keychains, address, index });
       result.should.equal(true);
@@ -689,7 +689,7 @@ describe('DOT:', function () {
       const wrongKeychain =
         '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
       const index = '3';
-      const keychains = [{ commonKeychain: wrongKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain: wrongKeychain }];
 
       const result = await basecoin.isWalletAddress({ keychains, address, index });
       result.should.equal(false);
@@ -700,7 +700,7 @@ describe('DOT:', function () {
       const commonKeychain =
         '6d2d5150f6e435dfd9b4f225f2cc29d95ec3b61b34e8bec98693b1a7ffe44cd764f99ee5058838d785c73360ad4f24d78e0255ab2c368c09060b29a9b27f040e';
       const wrongIndex = '999';
-      const keychains = [{ commonKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain }];
 
       const result = await basecoin.isWalletAddress({ keychains, address, index: wrongIndex });
       result.should.equal(false);
@@ -711,35 +711,12 @@ describe('DOT:', function () {
       const commonKeychain =
         '6d2d5150f6e435dfd9b4f225f2cc29d95ec3b61b34e8bec98693b1a7ffe44cd764f99ee5058838d785c73360ad4f24d78e0255ab2c368c09060b29a9b27f040e';
       const index = '3';
-      const keychains = [{ commonKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain }];
 
       await assert.rejects(async () => await basecoin.isWalletAddress({ keychains, address: invalidAddress, index }), {
         message: `invalid address: ${invalidAddress}`,
       });
     });
-
-    it('should throw error when keychains are missing', async function () {
-      const address = '5DxD9nT16GQLrU6aB5pSS5VtxoZbVju3NHUCcawxZyZCTf74';
-      const index = '3';
-
-      await assert.rejects(async () => await basecoin.isWalletAddress({ address, index } as any), {
-        message: 'missing required param keychains',
-      });
-    });
-
-    it('should throw error when keychains have different commonKeychains', async function () {
-      const address = '5DxD9nT16GQLrU6aB5pSS5VtxoZbVju3NHUCcawxZyZCTf74';
-      const commonKeychain1 =
-        '6d2d5150f6e435dfd9b4f225f2cc29d95ec3b61b34e8bec98693b1a7ffe44cd764f99ee5058838d785c73360ad4f24d78e0255ab2c368c09060b29a9b27f040e';
-      const commonKeychain2 =
-        '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
-      const index = '3';
-      const keychains = [{ commonKeychain: commonKeychain1 }, { commonKeychain: commonKeychain2 }];
-
-      await assert.rejects(async () => await basecoin.isWalletAddress({ keychains, address, index }), {
-        message: 'all keychains must have the same commonKeychain for MPC coins',
-      });
-    });
   });
 
   describe('getAddressFromPublicKey', () => {

modules/sdk-coin-sol/test/unit/sol.ts

@@ -3360,7 +3360,7 @@ describe('SOL:', function () {
       const commonKeychain =
         '8ea32ecacfc83effbd2e2790ee44fa7c59b4d86c29a12f09fb613d8195f93f4e21875cad3b98adada40c040c54c3569467df41a020881a6184096378701862bd';
       const index = '1';
-      const keychains = [{ commonKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain }];
 
       const result = await basecoin.isWalletAddress({ keychains, address, index });
       result.should.equal(true);
@@ -3371,7 +3371,7 @@ describe('SOL:', function () {
       const wrongKeychain =
         '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
       const index = '1';
-      const keychains = [{ commonKeychain: wrongKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain: wrongKeychain }];
 
       const result = await basecoin.isWalletAddress({ keychains, address, index });
       result.should.equal(false);
@@ -3382,7 +3382,7 @@ describe('SOL:', function () {
       const commonKeychain =
         '8ea32ecacfc83effbd2e2790ee44fa7c59b4d86c29a12f09fb613d8195f93f4e21875cad3b98adada40c040c54c3569467df41a020881a6184096378701862bd';
       const wrongIndex = '999';
-      const keychains = [{ commonKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain }];
 
       const result = await basecoin.isWalletAddress({ keychains, address, index: wrongIndex });
       result.should.equal(false);
@@ -3393,35 +3393,12 @@ describe('SOL:', function () {
       const commonKeychain =
         '8ea32ecacfc83effbd2e2790ee44fa7c59b4d86c29a12f09fb613d8195f93f4e21875cad3b98adada40c040c54c3569467df41a020881a6184096378701862bd';
       const index = '1';
-      const keychains = [{ commonKeychain }];
+      const keychains = [{ id: '1', type: 'tss' as const, commonKeychain }];
 
       await assert.rejects(async () => await basecoin.isWalletAddress({ keychains, address: invalidAddress, index }), {
         message: `invalid address: ${invalidAddress}`,
       });
     });
-
-    it('should throw error when keychains are missing', async function () {
-      const address = '7YAesfwPk41VChUgr65bm8FEep7ymWqLSW5rpYB5zZPY';
-      const index = '1';
-
-      await assert.rejects(async () => await basecoin.isWalletAddress({ address, index } as any), {
-        message: 'missing required param keychains',
-      });
-    });
-
-    it('should throw error when keychains have different commonKeychains', async function () {
-      const address = '7YAesfwPk41VChUgr65bm8FEep7ymWqLSW5rpYB5zZPY';
-      const commonKeychain1 =
-        '8ea32ecacfc83effbd2e2790ee44fa7c59b4d86c29a12f09fb613d8195f93f4e21875cad3b98adada40c040c54c3569467df41a020881a6184096378701862bd';
-      const commonKeychain2 =
-        '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
-      const index = '1';
-      const keychains = [{ commonKeychain: commonKeychain1 }, { commonKeychain: commonKeychain2 }];
-
-      await assert.rejects(async () => await basecoin.isWalletAddress({ keychains, address, index }), {
-        message: 'all keychains must have the same commonKeychain for MPC coins',
-      });
-    });
   });
 
   describe('getAddressFromPublicKey', () => {

modules/sdk-coin-ton/src/ton.ts

@@ -30,6 +30,7 @@ import {
   MPCTxs,
   MPCSweepRecoveryOptions,
   AuditDecryptedKeyParams,
+  extractCommonKeychain,
 } from '@bitgo/sdk-core';
 import { auditEddsaPrivateKey, getDerivationPath } from '@bitgo/sdk-lib-mpc';
 import { BaseCoin as StaticsBaseCoin, coins } from '@bitgo/statics';
@@ -159,29 +160,21 @@ export class Ton extends BaseCoin {
       throw new InvalidAddressError(`invalid address: ${newAddress}`);
     }
 
-    if (!keychains) {
-      throw new Error('missing required param keychains');
-    }
-
-    for (const keychain of keychains) {
-      const [address, memoId] = newAddress.split('?memoId=');
-      const MPC = await EDDSAMethods.getInitializedMpcInstance();
-      const commonKeychain = keychain.commonKeychain as string;
+    const [address, memoId] = newAddress.split('?memoId=');
 
-      const derivationPath = 'm/' + index;
-      const derivedPublicKey = MPC.deriveUnhardened(commonKeychain, derivationPath).slice(0, 64);
-      const expectedAddress = await Utils.default.getAddressFromPublicKey(derivedPublicKey);
+    // TON supports memoId for address tagging - verify it matches the index
+    if (memoId) {
+      return memoId === `${index}`;
+    }
 
-      if (memoId) {
-        return memoId === `${index}`;
-      }
+    const commonKeychain = extractCommonKeychain(keychains);
 
-      if (address !== expectedAddress) {
-        return false;
-      }
-    }
+    const MPC = await EDDSAMethods.getInitializedMpcInstance();
+    const derivationPath = 'm/' + index;
+    const derivedPublicKey = MPC.deriveUnhardened(commonKeychain, derivationPath).slice(0, 64);
+    const expectedAddress = await Utils.default.getAddressFromPublicKey(derivedPublicKey);
 
-    return true;
+    return address === expectedAddress;
   }
 
   async parseTransaction(params: TonParseTransactionOptions): Promise<ParsedTransaction> {

modules/sdk-core/src/bitgo/baseCoin/iBaseCoin.ts

@@ -155,12 +155,24 @@ export interface VerifyAddressOptions {
   impliedForwarderVersion?: number;
 }
 
+/**
+ * Options for verifying if an address belongs to a TSS/MPC wallet.
+ * Used for EdDSA-based MPC coins (SOL, DOT, SUI, TON, IOTA, NEAR, etc.)
+ * to cryptographically verify address derivation without trusting the platform.
+ */
 export interface TssVerifyAddressOptions {
+  /** The address to verify */
   address: string;
-  keychains: {
-    commonKeychain: string;
-  }[];
-  chain?: string;
+  /**
+   * Keychains containing the commonKeychain for HD derivation.
+   * For MPC wallets, the commonKeychain (combined public key from MPC key generation)
+   * should be identical across all keychains (user, backup, bitgo).
+   */
+  keychains: Keychain[];
+  /**
+   * Derivation index for the address.
+   * Used to derive child addresses from the root keychain via HD derivation path: m/{index}
+   */
   index: string;
 }
 

modules/sdk-core/src/bitgo/utils/tss/addressVerification.ts

@@ -2,6 +2,31 @@ import { TssVerifyAddressOptions } from '../../baseCoin/iBaseCoin';
 import { InvalidAddressError } from '../../errors';
 import { EDDSAMethods } from '../../tss';
 
+/**
+ * Extracts and validates the commonKeychain from keychains array.
+ * For MPC wallets, all keychains should have the same commonKeychain.
+ *
+ * @param keychains - Array of keychains containing commonKeychain
+ * @returns The validated commonKeychain
+ * @throws {Error} if keychains are missing, empty, or have mismatched commonKeychains
+ */
+export function extractCommonKeychain(keychains: TssVerifyAddressOptions['keychains']): string {
+  if (!keychains?.length) {
+    throw new Error('missing required param keychains');
+  }
+
+  const commonKeychain = keychains[0].commonKeychain;
+  if (!commonKeychain) {
+    throw new Error('missing required param commonKeychain');
+  }
+
+  // Verify all keychains have the same commonKeychain
+  if (keychains.find((kc) => kc.commonKeychain !== commonKeychain))
+    throw new Error('all keychains must have the same commonKeychain for MPC coins');
+
+  return commonKeychain;
+}
+
 /**
  * Verifies if an address belongs to a wallet using EdDSA TSS MPC derivation.
  * This is a common implementation for EdDSA-based MPC coins (SOL, DOT, SUI, TON, IOTA, etc.)
@@ -24,24 +49,8 @@ export async function verifyEddsaTssWalletAddress(
     throw new InvalidAddressError(`invalid address: ${address}`);
   }
 
-  if (!keychains || keychains.length === 0) {
-    throw new Error('missing required param keychains');
-  }
-
-  // For MPC coins, commonKeychain should be the same for all keychains
-  const commonKeychain = keychains[0].commonKeychain as string;
-  if (!commonKeychain) {
-    throw new Error('missing required param commonKeychain');
-  }
-
-  // Verify all keychains have the same commonKeychain
-  for (const keychain of keychains) {
-    if (keychain.commonKeychain !== commonKeychain) {
-      throw new Error('all keychains must have the same commonKeychain for MPC coins');
-    }
-  }
+  const commonKeychain = extractCommonKeychain(keychains);
 
-  // Only perform derivation once since commonKeychain is the same
   const MPC = await EDDSAMethods.getInitializedMpcInstance();
   const derivationPath = 'm/' + index;
   const derivedPublicKey = MPC.deriveUnhardened(commonKeychain, derivationPath).slice(0, 64);