refactor(sdk-core): centralize derivation prefix computation for SMC wallet address verification

TICKET: WP-7507

Author: Marzooqa

modules/sdk-coin-sol/test/unit/sol.ts

@@ -3485,13 +3485,12 @@ describe('SOL:', function () {
       const commonKeychain =
         '8ea32ecacfc83effbd2e2790ee44fa7c59b4d86c29a12f09fb613d8195f93f4e21875cad3b98adada40c040c54c3569467df41a020881a6184096378701862bd';
       const index = '1';
-      const testSeed = 'smc-test-seed-123';
-      const derivationPrefix = require('@bitgo/sdk-lib-mpc').getDerivationPath(testSeed);
+      const derivedFromParentWithSeed = 'smc-test-seed-123';
       const keychains = [{ id: '1', type: 'tss' as const, commonKeychain }];
 
-      // This test verifies that derivationPrefix is accepted as a parameter and correctly validates addresses
-      // derived with the SMC wallet derivation prefix
-      const result = await basecoin.isWalletAddress({ keychains, address, index, derivationPrefix });
+      // This test verifies that derivedFromParentWithSeed is accepted as a parameter
+      // and the verification function correctly computes the derivation prefix internally
+      const result = await basecoin.isWalletAddress({ keychains, address, index, derivedFromParentWithSeed });
       result.should.equal(true);
     });
   });

modules/sdk-core/src/bitgo/baseCoin/iBaseCoin.ts

@@ -155,10 +155,10 @@ export interface VerifyAddressOptions {
   coinSpecific?: AddressCoinSpecific;
   impliedForwarderVersion?: number;
   /**
-   * Optional derivation prefix for SMC wallets.
-   * Used when verifying TSS addresses for Self-Managed Custodial wallets.
+   * Optional seed value from user keychain's derivedFromParentWithSeed field.
+   * For SMC (Self-Managed Custodial) TSS wallets, this is used to compute the derivation prefix.
    */
-  derivationPrefix?: string;
+  derivedFromParentWithSeed?: string;
 }
 
 /**
@@ -182,11 +182,11 @@ export interface TssVerifyAddressOptions {
    */
   index: number | string;
   /**
-   * Optional derivation prefix for SMC wallets.
-   * For SMC wallets, addresses are derived using m/{derivationPrefix}/{index} instead of m/{index}.
-   * This prefix comes from derivedFromParentWithSeed on the user keychain.
+   * Optional seed value from user keychain's derivedFromParentWithSeed field.
+   * For SMC (Self-Managed Custodial) wallets, this is used to compute the derivation prefix.
+   * The derivation path becomes {computedPrefix}/{index} instead of m/{index}.
    */
-  derivationPrefix?: string;
+  derivedFromParentWithSeed?: string;
 }
 
 export function isTssVerifyAddressOptions<T extends VerifyAddressOptions | TssVerifyAddressOptions>(

modules/sdk-core/src/bitgo/utils/tss/addressVerification.ts

@@ -1,6 +1,8 @@
+import { getDerivationPath } from '@bitgo/sdk-lib-mpc';
 import { Ecdsa } from '../../../account-lib/mpc';
 import { TssVerifyAddressOptions } from '../../baseCoin/iBaseCoin';
 import { InvalidAddressError } from '../../errors';
+import { EDDSAMethods } from '../../tss';
 
 /**
  * Extracts and validates the commonKeychain from keychains array.
@@ -64,23 +66,20 @@ export async function verifyMPCWalletAddress(
   isValidAddress: (address: string) => boolean,
   getAddressFromPublicKey: (publicKey: string) => string
 ): Promise<boolean> {
-  const { keychains, address, index, derivationPrefix } = params;
+  const { keychains, address, index, derivedFromParentWithSeed } = params;
 
   if (!isValidAddress(address)) {
     throw new InvalidAddressError(`invalid address: ${address}`);
   }
 
-  // Lazy import EDDSAMethods to avoid circular dependency: utils/tss -> tss -> utils
-  const MPC =
-    params.keyCurve === 'secp256k1'
-      ? new Ecdsa()
-      : await (await import('../../tss')).EDDSAMethods.getInitializedMpcInstance();
+  const MPC = params.keyCurve === 'secp256k1' ? new Ecdsa() : await EDDSAMethods.getInitializedMpcInstance();
   const commonKeychain = extractCommonKeychain(keychains);
 
-  // For SMC cold TSS wallets with prefix, use derivation path {derivationPrefix}/{index}
-  // derivationPrefix already includes 'm/' (e.g., "m/999999/12345/67890")
-  // For wallets without prefix, use derivation path m/{index}
-  const derivationPath = derivationPrefix ? `${derivationPrefix}/${index}` : `m/${index}`;
+  // Compute derivation path:
+  // - For SMC wallets with derivedFromParentWithSeed, compute prefix and use: {prefix}/{index}
+  // - For other wallets, use simple path: m/{index}
+  const prefix = derivedFromParentWithSeed ? getDerivationPath(derivedFromParentWithSeed.toString()) : undefined;
+  const derivationPath = prefix ? `${prefix}/${index}` : `m/${index}`;
   const derivedPublicKey = MPC.deriveUnhardened(commonKeychain, derivationPath);
 
   // secp256k1 expects 33 bytes; ed25519 expects 32 bytes

modules/sdk-core/src/bitgo/wallet/wallet.ts

@@ -53,7 +53,6 @@ import { postWithCodec } from '../utils/postWithCodec';
 import { EcdsaMPCv2Utils, EcdsaUtils } from '../utils/tss/ecdsa';
 import EddsaUtils from '../utils/tss/eddsa';
 import { getTxRequestApiVersion, validateTxRequestApiVersion } from '../utils/txRequest';
-import { getDerivationPath } from '@bitgo/sdk-lib-mpc';
 import { buildParamKeys, BuildParams } from './BuildParams';
 import {
   AccelerateTransactionOptions,
@@ -1410,15 +1409,12 @@ export class Wallet implements IWallet {
 
       verificationData.impliedForwarderVersion = forwarderVersion ?? verificationData.coinSpecific?.forwarderVersion;
 
-      // For SMC (Self-Managed Custodial) wallets, extract derivation prefix from User keychain
+      // For SMC (Self-Managed Custodial) wallets, pass derivedFromParentWithSeed from user keychain
+      // The verification function will compute the derivation prefix internally
       // Custodial wallets don't need this as their commonKeychain already accounts for the prefix
       if (this.multisigType() === 'tss' && this.type() === 'cold' && this._wallet.keys.length > KeyIndices.USER) {
-        // Find the user keychain by index
         const userKeychain = keychains[KeyIndices.USER] as Keychain | undefined;
-        if (userKeychain?.derivedFromParentWithSeed) {
-          const derivationPrefix = getDerivationPath(userKeychain.derivedFromParentWithSeed.toString());
-          verificationData.derivationPrefix = derivationPrefix;
-        }
+        verificationData.derivedFromParentWithSeed = userKeychain?.derivedFromParentWithSeed;
       }
 
       // This condition was added in first place because in celo, when verifyAddress method was called on addresses which were having pendingChainInitialization as true, it used to throw some error

modules/sdk-core/test/unit/bitgo/wallet/walletTssAddressVerification.ts

@@ -2,7 +2,6 @@ import * as assert from 'assert';
 import * as sinon from 'sinon';
 import 'should';
 import { Wallet } from '../../../../src/bitgo/wallet/wallet';
-import { getDerivationPath } from '@bitgo/sdk-lib-mpc';
 import { KeyIndices } from '../../../../src/bitgo/keychain';
 
 describe('Wallet - TSS Address Verification with Derivation Prefix', function () {
@@ -98,11 +97,11 @@ describe('Wallet - TSS Address Verification with Derivation Prefix', function ()
 
       await wallet.createAddress({ chain: 0 });
 
-      // Verify that custodial wallets don't use derivationPrefix
+      // Verify that custodial wallets don't use derivedFromParentWithSeed
       // (their commonKeychain already accounts for the prefix)
       const verificationCall = mockBaseCoin.isWalletAddress.getCall(0);
       const verificationData = verificationCall.args[0];
-      assert.strictEqual(verificationData.derivationPrefix, undefined);
+      assert.strictEqual(verificationData.derivedFromParentWithSeed, undefined);
     });
   });
 
@@ -130,13 +129,12 @@ describe('Wallet - TSS Address Verification with Derivation Prefix', function ()
 
       await wallet.createAddress({ chain: 0 });
 
-      // Verify that isWalletAddress was called with derivationPrefix from User keychain
+      // Verify that isWalletAddress was called with derivedFromParentWithSeed from User keychain
       const verificationCall = mockBaseCoin.isWalletAddress.getCall(0);
       const verificationData = verificationCall.args[0];
 
-      verificationData.should.have.property('derivationPrefix');
-      verificationData.derivationPrefix.should.equal(getDerivationPath('test-seed-user'));
-      verificationData.derivationPrefix.should.match(/^m\/999999\/\d+\/\d+$/);
+      verificationData.should.have.property('derivedFromParentWithSeed');
+      verificationData.derivedFromParentWithSeed.should.equal('test-seed-user');
     });
 
     it('should handle missing derivedFromParentWithSeed gracefully for cold wallet', async function () {
@@ -160,10 +158,10 @@ describe('Wallet - TSS Address Verification with Derivation Prefix', function ()
 
       await wallet.createAddress({ chain: 0 });
 
-      // Should not have derivationPrefix if seed is missing (no prefix used in this case)
+      // Should not have derivedFromParentWithSeed if seed is missing
       const verificationCall = mockBaseCoin.isWalletAddress.getCall(0);
       const verificationData = verificationCall.args[0];
-      assert.strictEqual(verificationData.derivationPrefix, undefined);
+      assert.strictEqual(verificationData.derivedFromParentWithSeed, undefined);
     });
   });
 
@@ -192,10 +190,10 @@ describe('Wallet - TSS Address Verification with Derivation Prefix', function ()
 
       await wallet.createAddress({ chain: 0 });
 
-      // Verify that derivationPrefix is not set for non-TSS wallets
+      // Verify that derivedFromParentWithSeed is not set for non-TSS wallets
       const verificationCall = mockBaseCoin.isWalletAddress.getCall(0);
       const verificationData = verificationCall.args[0];
-      assert.strictEqual(verificationData.derivationPrefix, undefined);
+      assert.strictEqual(verificationData.derivedFromParentWithSeed, undefined);
     });
   });
 
@@ -236,8 +234,8 @@ describe('Wallet - TSS Address Verification with Derivation Prefix', function ()
 
       const verificationCall = mockBaseCoin.isWalletAddress.getCall(0);
       const verificationData = verificationCall.args[0];
-      // Should not have derivationPrefix if USER keychain doesn't exist in keys array
-      assert.strictEqual(verificationData.derivationPrefix, undefined);
+      // Should not have derivedFromParentWithSeed if USER keychain doesn't exist in keys array
+      assert.strictEqual(verificationData.derivedFromParentWithSeed, undefined);
     });
 
     it('should handle pendingChainInitialization correctly', async function () {