From ab2444b233eaba4d4f8956b44a4e2362c1b91534 Mon Sep 17 00:00:00 2001 From: Manoj Kumar Date: Tue, 3 Feb 2026 16:04:46 +0530 Subject: [PATCH 1/2] feat(statics): onboard Chiliz Chain (CHZ) L1 EVM - Add CHILIZ to CoinFamily and UnderlyingAsset enums - Add Chiliz mainnet (chainId: 88888) and testnet (chainId: 88882) networks - Add ChilizERC20Token class and factory functions for token support - Add chiliz and tchiliz coin definitions with EVM features - Add ofcchiliz and ofctchiliz OFC entries - Add Chiliz explorer API URLs for wallet recovery - Add chiliz/tchiliz to expectedColdFeatures test fixture WIN-8547 TICKET: WIN-8547 --- modules/sdk-core/src/bitgo/environments.ts | 6 ++ modules/statics/src/account.ts | 100 ++++++++++++++++++ modules/statics/src/allCoinsAndTokens.ts | 44 ++++++++ modules/statics/src/base.ts | 2 + modules/statics/src/coins/ofcCoins.ts | 9 ++ modules/statics/src/networks.ts | 24 ++++- .../unit/fixtures/expectedColdFeatures.ts | 2 + 7 files changed, 186 insertions(+), 1 deletion(-) diff --git a/modules/sdk-core/src/bitgo/environments.ts b/modules/sdk-core/src/bitgo/environments.ts index f0d73dc7e2..afe57f8404 100644 --- a/modules/sdk-core/src/bitgo/environments.ts +++ b/modules/sdk-core/src/bitgo/environments.ts @@ -218,6 +218,9 @@ const mainnetBase: EnvironmentTemplate = { apechain: { baseUrl: 'https://api.etherscan.io/v2', }, + chiliz: { + baseUrl: 'https://api.chiliscan.com', + }, phrs: { baseUrl: 'https://testnet.dplabs-internal.com', // TODO: WIN-5787 add mainnet url when its available }, @@ -403,6 +406,9 @@ const testnetBase: EnvironmentTemplate = { apechain: { baseUrl: 'https://api.etherscan.io/v2', }, + chiliz: { + baseUrl: 'https://api.testnet.chiliscan.com', + }, phrs: { baseUrl: 'https://testnet.dplabs-internal.com', // Wrong value, Not available yet }, diff --git a/modules/statics/src/account.ts b/modules/statics/src/account.ts index 42e6419c32..9a7e77d840 100644 --- a/modules/statics/src/account.ts +++ b/modules/statics/src/account.ts @@ -517,6 +517,16 @@ export class CoredaoERC20Token extends ContractAddressDefinedToken { } } +/** + * The Chiliz Chain network supports tokens + * Chiliz Chain Tokens are ERC20 tokens + */ +export class ChilizERC20Token extends ContractAddressDefinedToken { + constructor(options: Erc20ConstructorOptions) { + super(options); + } +} + /** * The World Chain network supports tokens * World Chain Tokens are ERC20 tokens @@ -2720,6 +2730,96 @@ export function tcoredaoErc20( ); } +/** + * Factory function for ChilizErc20 token instances. + * + * @param id uuid v4 + * @param name unique identifier of the token + * @param fullName Complete human-readable name of the token + * @param decimalPlaces Number of decimal places this token supports (divisibility exponent) + * @param contractAddress Contract address of this token + * @param asset Asset which this coin represents. This is the same for both mainnet and testnet variants of a coin. + * @param prefix? Optional token prefix. Defaults to empty string + * @param suffix? Optional token suffix. Defaults to token name. + * @param network? Optional token network. Defaults to Chiliz Chain mainnet network. + * @param features? Features of this coin. Defaults to the DEFAULT_FEATURES defined in `AccountCoin` + * @param primaryKeyCurve The elliptic curve for this chain/token + */ +export function chilizErc20( + id: string, + name: string, + fullName: string, + decimalPlaces: number, + contractAddress: string, + asset: UnderlyingAsset, + features: CoinFeature[] = [...AccountCoin.DEFAULT_FEATURES, CoinFeature.EIP1559], + prefix = '', + suffix: string = name.toUpperCase(), + network: AccountNetwork = Networks.main.chiliz, + primaryKeyCurve: KeyCurve = KeyCurve.Secp256k1 +) { + return Object.freeze( + new ChilizERC20Token({ + id, + name, + fullName, + network, + contractAddress, + prefix, + suffix, + features, + decimalPlaces, + asset, + isToken: true, + primaryKeyCurve, + baseUnit: BaseUnit.ETH, + }) + ); +} + +/** + * Factory function for Chiliz testnet ChilizErc20 token instances. + * + * @param id uuid v4 + * @param name unique identifier of the token + * @param fullName Complete human-readable name of the token + * @param decimalPlaces Number of decimal places this token supports (divisibility exponent) + * @param contractAddress Contract address of this token + * @param asset Asset which this coin represents. This is the same for both mainnet and testnet variants of a coin. + * @param prefix? Optional token prefix. Defaults to empty string + * @param suffix? Optional token suffix. Defaults to token name. + * @param network? Optional token network. Defaults to the Chiliz Chain test network. + * @param features? Features of this coin. Defaults to the DEFAULT_FEATURES defined in `AccountCoin` + * @param primaryKeyCurve The elliptic curve for this chain/token + */ +export function tchilizErc20( + id: string, + name: string, + fullName: string, + decimalPlaces: number, + contractAddress: string, + asset: UnderlyingAsset, + features: CoinFeature[] = [...AccountCoin.DEFAULT_FEATURES, CoinFeature.EIP1559], + prefix = '', + suffix: string = name.toUpperCase(), + network: AccountNetwork = Networks.test.chiliz, + primaryKeyCurve: KeyCurve = KeyCurve.Secp256k1 +) { + return chilizErc20( + id, + name, + fullName, + decimalPlaces, + contractAddress, + asset, + features, + prefix, + suffix, + network, + primaryKeyCurve + ); +} + /** * Factory function for WorldErc20 token instances. * diff --git a/modules/statics/src/allCoinsAndTokens.ts b/modules/statics/src/allCoinsAndTokens.ts index 3aee9a3e1a..99bb4505c3 100644 --- a/modules/statics/src/allCoinsAndTokens.ts +++ b/modules/statics/src/allCoinsAndTokens.ts @@ -7,6 +7,8 @@ import { arbethErc20, beraErc20, celoToken, + // eslint-disable-next-line @typescript-eslint/no-unused-vars + chilizErc20, coredaoErc20, eosToken, erc1155, @@ -32,6 +34,8 @@ import { tarbethErc20, tberaErc20, tceloToken, + // eslint-disable-next-line @typescript-eslint/no-unused-vars + tchilizErc20, tcoredaoErc20, teosToken, terc1155, @@ -2828,6 +2832,46 @@ export const allCoinsAndTokens = [ BaseUnit.ETH, CELO_FEATURES ), + account( + 'c7e1dc7f-add5-4eed-9931-2c201801e3a2', + 'chiliz', + 'Chiliz', + Networks.main.chiliz, + 18, + UnderlyingAsset.CHILIZ, + BaseUnit.ETH, + [ + ...EVM_FEATURES, + CoinFeature.SHARED_EVM_SIGNING, + CoinFeature.SHARED_EVM_SDK, + CoinFeature.EVM_COMPATIBLE_IMS, + CoinFeature.EVM_COMPATIBLE_UI, + CoinFeature.EVM_COMPATIBLE_WP, + CoinFeature.EVM_NON_BITGO_RECOVERY, + CoinFeature.EVM_UNSIGNED_SWEEP_RECOVERY, + CoinFeature.SUPPORTS_ERC20, + ] + ), + account( + 'c014b2ec-02ea-468f-b73f-24442146208e', + 'tchiliz', + 'Testnet Chiliz', + Networks.test.chiliz, + 18, + UnderlyingAsset.CHILIZ, + BaseUnit.ETH, + [ + ...EVM_FEATURES, + CoinFeature.SHARED_EVM_SIGNING, + CoinFeature.SHARED_EVM_SDK, + CoinFeature.EVM_COMPATIBLE_IMS, + CoinFeature.EVM_COMPATIBLE_UI, + CoinFeature.EVM_COMPATIBLE_WP, + CoinFeature.EVM_NON_BITGO_RECOVERY, + CoinFeature.EVM_UNSIGNED_SWEEP_RECOVERY, + CoinFeature.SUPPORTS_ERC20, + ] + ), erc20Token( '16c438c1-714a-4ad7-bdb1-fb8d2575c466', 'tbaseeth:usdc', diff --git a/modules/statics/src/base.ts b/modules/statics/src/base.ts index 56854a856b..f4b9516537 100644 --- a/modules/statics/src/base.ts +++ b/modules/statics/src/base.ts @@ -41,6 +41,7 @@ export enum CoinFamily { BTG = 'btg', CANTON = 'canton', CELO = 'celo', + CHILIZ = 'chiliz', // Chiliz Chain COREDAO = 'coredao', COREUM = 'coreum', CRONOS = 'cronos', @@ -568,6 +569,7 @@ export enum UnderlyingAsset { DASH = 'dash', DOT = 'dot', CELO = 'celo', // Celo main coin + CHILIZ = 'chiliz', // Chiliz Chain native coin COREDAO = 'coredao', COREUM = 'coreum', CRONOS = 'cronos', diff --git a/modules/statics/src/coins/ofcCoins.ts b/modules/statics/src/coins/ofcCoins.ts index 37a6978006..91700be8bc 100644 --- a/modules/statics/src/coins/ofcCoins.ts +++ b/modules/statics/src/coins/ofcCoins.ts @@ -134,6 +134,15 @@ export const ofcCoins = [ ), ofc('8b93e788-52fa-4fd6-b499-40f13fe194fc', 'ofccoreum', 'Coreum', 6, UnderlyingAsset.COREUM, CoinKind.CRYPTO), ofc('a88adc55-c1c8-4a4e-8436-df3868a50daa', 'ofccelo', 'Celo Gold', 18, UnderlyingAsset.CELO, CoinKind.CRYPTO), + ofc('17cf28b5-f958-46c3-be88-53cc42bf0c76', 'ofcchiliz', 'Chiliz', 18, UnderlyingAsset.CHILIZ, CoinKind.CRYPTO), + tofc( + '365ea5b1-71a8-4c57-82ba-a0effb9aae47', + 'ofctchiliz', + 'Testnet Chiliz', + 18, + UnderlyingAsset.CHILIZ, + CoinKind.CRYPTO + ), ofc('9e2da785-8349-4153-8276-941319575833', 'ofcxtz', 'Tezos', 6, UnderlyingAsset.XTZ, CoinKind.CRYPTO), ofc( '283b93b5-741b-4c85-a201-097267d65097', diff --git a/modules/statics/src/networks.ts b/modules/statics/src/networks.ts index 4d871edb69..228bc66044 100644 --- a/modules/statics/src/networks.ts +++ b/modules/statics/src/networks.ts @@ -613,6 +613,26 @@ class CeloTestnet extends Testnet implements EthereumNetwork { tokenOperationHashPrefix = 'CELO-ERC20'; } +class Chiliz extends Mainnet implements EthereumNetwork { + name = 'Chiliz'; + family = CoinFamily.CHILIZ; + explorerUrl = 'https://chiliscan.com/tx/'; + accountExplorerUrl = 'https://chiliscan.com/address/'; + chainId = 88888; + nativeCoinOperationHashPrefix = '88888'; + tokenOperationHashPrefix = '88888-ERC20'; +} + +class ChilizTestnet extends Testnet implements EthereumNetwork { + name = 'ChilizTestnet'; + family = CoinFamily.CHILIZ; + explorerUrl = 'https://testnet.chiliscan.com/tx/'; + accountExplorerUrl = 'https://testnet.chiliscan.com/address/'; + chainId = 88882; + nativeCoinOperationHashPrefix = '88882'; + tokenOperationHashPrefix = '88882-ERC20'; +} + // TODO update explorerUrl STLX-1657 class Casper extends Mainnet implements AccountNetwork { name = 'Casper'; @@ -2393,6 +2413,7 @@ export const Networks = { canton: Object.freeze(new Canton()), casper: Object.freeze(new Casper()), celo: Object.freeze(new Celo()), + chiliz: Object.freeze(new Chiliz()), coredao: Object.freeze(new Coredao()), coreum: Object.freeze(new Coreum()), cronos: Object.freeze(new Cronos()), @@ -2506,8 +2527,9 @@ export const Networks = { bsc: Object.freeze(new BinanceSmartChainTestnet()), canton: Object.freeze(new CantonTestnet()), casper: Object.freeze(new CasperTestnet()), - coredao: Object.freeze(new CoredaoTestnet()), celo: Object.freeze(new CeloTestnet()), + chiliz: Object.freeze(new ChilizTestnet()), + coredao: Object.freeze(new CoredaoTestnet()), cronos: Object.freeze(new CronosTestnet()), dash: Object.freeze(new DashTestnet()), dogecoin: Object.freeze(new DogecoinTestnet()), diff --git a/modules/statics/test/unit/fixtures/expectedColdFeatures.ts b/modules/statics/test/unit/fixtures/expectedColdFeatures.ts index 1519283dff..c73226e3b3 100644 --- a/modules/statics/test/unit/fixtures/expectedColdFeatures.ts +++ b/modules/statics/test/unit/fixtures/expectedColdFeatures.ts @@ -83,6 +83,7 @@ export const expectedColdFeatures = { 'bld', 'bsc', 'canton', + 'chiliz', 'coredao', 'coreum', 'cronos', @@ -149,6 +150,7 @@ export const expectedColdFeatures = { 'tbld', 'tbsc', 'tcanton', + 'tchiliz', 'tcoredao', 'tcoreum', 'tcronos', From d99cdc4452f388f83c2b600f0d73d20322a3a16c Mon Sep 17 00:00:00 2001 From: Manoj Kumar Date: Tue, 3 Feb 2026 16:04:58 +0530 Subject: [PATCH 2/2] fix(key-card): upgrade jspdf to 4.1.0 to fix security vulnerabilities Fixes: - GHSA-pqxr-3g65-p328 - GHSA-95fx-jjr5-f39c TICKET: WIN-8547 --- modules/key-card/package.json | 2 +- package.json | 2 +- yarn.lock | 18 +++++++++--------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/key-card/package.json b/modules/key-card/package.json index f5d0f0da90..a69c3ac9f5 100644 --- a/modules/key-card/package.json +++ b/modules/key-card/package.json @@ -36,7 +36,7 @@ "@bitgo/sdk-api": "^1.73.4", "@bitgo/sdk-core": "^36.30.0", "@bitgo/statics": "^58.24.0", - "jspdf": "^4.0.0", + "jspdf": "^4.1.0", "qrcode": "^1.5.1" }, "devDependencies": { diff --git a/package.json b/package.json index 4a2fc82608..aaae27a33d 100644 --- a/package.json +++ b/package.json @@ -67,7 +67,7 @@ "**/cacache/glob": "11.1.0", "**/pacote/glob": "11.1.0", "**/sha.js": ">=2.4.12", - "jspdf": ">=4.0.0", + "jspdf": ">=4.1.0", "@ethereumjs/util": "8.0.3", "@types/keyv": "3.1.4", "@types/react": "17.0.24", diff --git a/yarn.lock b/yarn.lock index 88afc9b143..a49b17dd48 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10369,10 +10369,10 @@ domhandler@^5.0.2, domhandler@^5.0.3: dependencies: domelementtype "^2.3.0" -dompurify@^3.2.4: - version "3.2.6" - resolved "https://registry.npmjs.org/dompurify/-/dompurify-3.2.6.tgz" - integrity sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ== +dompurify@^3.3.1: + version "3.3.1" + resolved "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz#c7e1ddebfe3301eacd6c0c12a4af284936dbbb86" + integrity sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q== optionalDependencies: "@types/trusted-types" "^2.0.7" @@ -14180,10 +14180,10 @@ jsonpointer@^5.0.0: resolved "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz" integrity sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ== -jspdf@>=4.0.0, jspdf@^4.0.0: - version "4.0.0" - resolved "https://registry.npmjs.org/jspdf/-/jspdf-4.0.0.tgz#3731c0a1a7d8afe28c681891236f8ad4a662d893" - integrity sha512-w12U97Z6edKd2tXDn3LzTLg7C7QLJlx0BPfM3ecjK2BckUl9/81vZ+r5gK4/3KQdhAcEZhENUxRhtgYBj75MqQ== +jspdf@>=4.1.0, jspdf@^4.1.0: + version "4.1.0" + resolved "https://registry.npmjs.org/jspdf/-/jspdf-4.1.0.tgz#4fb476251c8751c996175cfaac02d30fdf8c7b7a" + integrity sha512-xd1d/XRkwqnsq6FP3zH1Q+Ejqn2ULIJeDZ+FTKpaabVpZREjsJKRJwuokTNgdqOU+fl55KgbvgZ1pRTSWCP2kQ== dependencies: "@babel/runtime" "^7.28.4" fast-png "^6.2.0" @@ -14191,7 +14191,7 @@ jspdf@>=4.0.0, jspdf@^4.0.0: optionalDependencies: canvg "^3.0.11" core-js "^3.6.0" - dompurify "^3.2.4" + dompurify "^3.3.1" html2canvas "^1.0.0-rc.5" jsprim@^2.0.2: