From fa507a91c3522de4e085de5669e993255ca4da92 Mon Sep 17 00:00:00 2001
From: lyambo <lyambo@bitpay.com>
Date: Fri, 25 Jul 2025 17:00:08 -0400
Subject: [PATCH 1/3] throw descriptve errors

---
 packages/bitcore-wallet-client/src/lib/api.ts      |  2 +-
 packages/bitcore-wallet-client/src/lib/verifier.ts | 13 ++++++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/packages/bitcore-wallet-client/src/lib/api.ts b/packages/bitcore-wallet-client/src/lib/api.ts
index 191e0ad8399..1541aa6722e 100644
--- a/packages/bitcore-wallet-client/src/lib/api.ts
+++ b/packages/bitcore-wallet-client/src/lib/api.ts
@@ -1632,7 +1632,7 @@ export class API extends EventEmitter {
               return acb(isLegit);
             })
             .catch(err => {
-              return acb(err);
+              return cb(err);
             });
         },
         isLegit => {
diff --git a/packages/bitcore-wallet-client/src/lib/verifier.ts b/packages/bitcore-wallet-client/src/lib/verifier.ts
index 0890b598e30..baf9de75df4 100644
--- a/packages/bitcore-wallet-client/src/lib/verifier.ts
+++ b/packages/bitcore-wallet-client/src/lib/verifier.ts
@@ -182,7 +182,9 @@ export class Verifier {
         return true;
     });
 
-    if (!creatorKeys) return false;
+    if (!creatorKeys)
+      throw new Error('Missing creator key')
+
     var creatorSigningPubKey;
 
     // If the txp using a selfsigned pub key?
@@ -195,13 +197,14 @@ export class Verifier {
           creatorKeys.xPubKey
         )
       )
-        return false;
+        throw new Error('Invalid self-signed proposal signature')
 
       creatorSigningPubKey = txp.proposalSignaturePubKey;
     } else {
       creatorSigningPubKey = creatorKeys.requestPubKey;
     }
-    if (!creatorSigningPubKey) return false;
+    if (!creatorSigningPubKey)
+      throw new Error('Missing creator signing key');
 
     var hash;
     if (parseInt(txp.version) >= 3) {
@@ -220,10 +223,10 @@ export class Verifier {
   
     const verified = Utils.verifyMessage(hash, txp.proposalSignature, creatorSigningPubKey);
     if (!verified && !txp.prePublishRaw)
-        return false;
+        throw new Error('Invalid proposal signature');
     
     if (!verified && txp.prePublishRaw && !Utils.verifyMessage(txp.prePublishRaw, txp.proposalSignature, creatorSigningPubKey))
-        return false;
+        throw new Error('Invalid refreshed proposal signature');
 
     if (Constants.UTXO_CHAINS.includes(chain)) {
       if (!this.checkAddress(credentials, txp.changeAddress)) {

From 88384f7cddc18edfff30114aee270ef3ed2caa45 Mon Sep 17 00:00:00 2001
From: lyambo <lyambo@bitpay.com>
Date: Tue, 26 Aug 2025 18:01:07 -0400
Subject: [PATCH 2/3] log instead of throwing errors

---
 .../bitcore-wallet-client/src/lib/verifier.ts | 42 ++++++++++++-------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/packages/bitcore-wallet-client/src/lib/verifier.ts b/packages/bitcore-wallet-client/src/lib/verifier.ts
index baf9de75df4..5a2d6466312 100644
--- a/packages/bitcore-wallet-client/src/lib/verifier.ts
+++ b/packages/bitcore-wallet-client/src/lib/verifier.ts
@@ -182,8 +182,10 @@ export class Verifier {
         return true;
     });
 
-    if (!creatorKeys)
-      throw new Error('Missing creator key')
+    if (!creatorKeys) {
+      log.error('Missing creator key')
+      return false;
+    }
 
     var creatorSigningPubKey;
 
@@ -196,15 +198,17 @@ export class Verifier {
           txp.proposalSignaturePubKeySig,
           creatorKeys.xPubKey
         )
-      )
-        throw new Error('Invalid self-signed proposal signature')
-
+      ) {
+        log.error('Invalid self-signed proposal signature')
+        return false;
+      }
       creatorSigningPubKey = txp.proposalSignaturePubKey;
     } else {
       creatorSigningPubKey = creatorKeys.requestPubKey;
     }
-    if (!creatorSigningPubKey)
-      throw new Error('Missing creator signing key');
+    if (!creatorSigningPubKey){
+      log.error('Missing creator signing key');
+    }
 
     var hash;
     if (parseInt(txp.version) >= 3) {
@@ -222,11 +226,15 @@ export class Verifier {
     );
   
     const verified = Utils.verifyMessage(hash, txp.proposalSignature, creatorSigningPubKey);
-    if (!verified && !txp.prePublishRaw)
-        throw new Error('Invalid proposal signature');
-    
-    if (!verified && txp.prePublishRaw && !Utils.verifyMessage(txp.prePublishRaw, txp.proposalSignature, creatorSigningPubKey))
-        throw new Error('Invalid refreshed proposal signature');
+    if (!verified && !txp.prePublishRaw) {
+      log.error('Invalid proposal signature');
+      return false;
+    }
+        
+    if (!verified && txp.prePublishRaw && !Utils.verifyMessage(txp.prePublishRaw, txp.proposalSignature, creatorSigningPubKey)) {
+      log.error('Invalid proposal signature');'Invalid refreshed proposal signature');
+      return false 
+    }
 
     if (Constants.UTXO_CHAINS.includes(chain)) {
       if (!this.checkAddress(credentials, txp.changeAddress)) {
@@ -289,9 +297,15 @@ export class Verifier {
   static checkTxProposal(credentials, txp, opts) {
     opts = opts || {};
 
-    if (!this.checkTxProposalSignature(credentials, txp)) return false;
+    if (!this.checkTxProposalSignature(credentials, txp)) {
+      log.error('Transaction proposal signature check failed');
+      return false;
+    }
 
-    if (opts.paypro && !this.checkPaypro(txp, opts.paypro)) return false;
+    if (opts.paypro && !this.checkPaypro(txp, opts.paypro)) {
+      log.error('Transaction proposal paypro check failed');
+      return false;
+    }
 
     return true;
   }

From fccd2995a4f780dd849fab816774c15bc81efc3a Mon Sep 17 00:00:00 2001
From: lyambo <lyambo@bitpay.com>
Date: Tue, 26 Aug 2025 18:02:28 -0400
Subject: [PATCH 3/3] log on verification failure

---
 packages/bitcore-wallet-client/src/lib/api.ts | 19 ++++++++++++++++---
 .../bitcore-wallet-client/src/lib/verifier.ts |  4 ++--
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/packages/bitcore-wallet-client/src/lib/api.ts b/packages/bitcore-wallet-client/src/lib/api.ts
index 1541aa6722e..40c76e79d0e 100644
--- a/packages/bitcore-wallet-client/src/lib/api.ts
+++ b/packages/bitcore-wallet-client/src/lib/api.ts
@@ -580,6 +580,7 @@ export class API extends EventEmitter {
 
       if (this.credentials.walletPrivKey) {
         if (!Verifier.checkCopayers(this.credentials, wallet.copayers)) {
+          log.error('Copayer verification falied on openWallet');
           return cb(new Errors.SERVER_COMPROMISED());
         }
       } else {
@@ -1457,6 +1458,7 @@ export class API extends EventEmitter {
           this.credentials.sharedEncryptingKey
         )
       ) {
+        log.error('Transaction proposal verification falied on createTxProposal');
         return cb(new Errors.SERVER_COMPROMISED());
       }
 
@@ -1520,6 +1522,7 @@ export class API extends EventEmitter {
       if (err) return cb(err);
 
       if (!Verifier.checkAddress(this.credentials, address)) {
+        log.error('Address verification falied on createAddress');
         return cb(new Errors.SERVER_COMPROMISED());
       }
 
@@ -1555,7 +1558,10 @@ export class API extends EventEmitter {
 
       if (!opts.doNotVerify) {
         const fake = (addresses || []).some(address => !Verifier.checkAddress(this.credentials, address));
-        if (fake) return cb(new Errors.SERVER_COMPROMISED());
+        if (fake) {
+          log.error('Address verification falied on getMainAddresses');
+          return cb(new Errors.SERVER_COMPROMISED());
+        }
       }
       return cb(null, addresses);
     });
@@ -1636,7 +1642,10 @@ export class API extends EventEmitter {
             });
         },
         isLegit => {
-          if (!isLegit) return cb(new Errors.SERVER_COMPROMISED());
+          if (!isLegit) {
+            log.error('Transaction proposal verification falied on getTxProposals');
+            return cb(new Errors.SERVER_COMPROMISED());
+          }
 
           var result;
           if (opts.forAirGapped) {
@@ -1724,7 +1733,10 @@ export class API extends EventEmitter {
     this.getPayProV2(txp)
       .then(paypro => {
         const isLegit = Verifier.checkTxProposal(this.credentials, txp, { paypro });
-        if (!isLegit) return cb(new Errors.SERVER_COMPROMISED());
+        if (!isLegit) {
+          log.error('Transaction proposal verification falied on pushSignatures');
+          return cb(new Errors.SERVER_COMPROMISED());
+        }
 
         baseUrl = baseUrl || '/v2/txproposals/';
         const url = baseUrl + txp.id + '/signatures/';
@@ -2924,6 +2936,7 @@ export class API extends EventEmitter {
 
           if (credentials.walletPrivKey) {
             if (!Verifier.checkCopayers(credentials, wallet.copayers)) {
+              log.error('Copayer verification falied on serverAssistedImport');
               return cb2(null, new Errors.SERVER_COMPROMISED());
             }
           } else {
diff --git a/packages/bitcore-wallet-client/src/lib/verifier.ts b/packages/bitcore-wallet-client/src/lib/verifier.ts
index 5a2d6466312..2b80b05369a 100644
--- a/packages/bitcore-wallet-client/src/lib/verifier.ts
+++ b/packages/bitcore-wallet-client/src/lib/verifier.ts
@@ -206,7 +206,7 @@ export class Verifier {
     } else {
       creatorSigningPubKey = creatorKeys.requestPubKey;
     }
-    if (!creatorSigningPubKey){
+    if (!creatorSigningPubKey) {
       log.error('Missing creator signing key');
     }
 
@@ -232,7 +232,7 @@ export class Verifier {
     }
         
     if (!verified && txp.prePublishRaw && !Utils.verifyMessage(txp.prePublishRaw, txp.proposalSignature, creatorSigningPubKey)) {
-      log.error('Invalid proposal signature');'Invalid refreshed proposal signature');
+      log.error('Invalid refreshed proposal signature');
       return false 
     }