Skip to content

Create script to register btc coinbase transaction#65

Open
julia-zack wants to merge 1 commit into
masterfrom
feat/register-btc-coinbase-tx
Open

Create script to register btc coinbase transaction#65
julia-zack wants to merge 1 commit into
masterfrom
feat/register-btc-coinbase-tx

Conversation

@julia-zack

Copy link
Copy Markdown

No description provided.

@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/ws 8.17.1 🟢 5.5
Details
CheckScoreReason
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Code-Review⚠️ 0Found 1/29 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1013 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@adraffy/ens-normalize 1.10.1 UnknownUnknown
npm/@noble/curves 1.2.0 UnknownUnknown
npm/@noble/hashes 1.3.2 UnknownUnknown
npm/@types/node 22.7.5 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
npm/aes-js 4.0.0-beta.5 ⚠️ 2.1
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Code-Review⚠️ 1Found 5/27 approved changesets -- score normalized to 1
Token-Permissions⚠️ -1No tokens found
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/brace-expansion 2.1.1 🟢 7.3
Details
CheckScoreReason
Maintained🟢 1010 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 4Found 9/22 approved changesets -- score normalized to 4
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/ethers 6.16.0 🟢 4.6
Details
CheckScoreReason
Maintained🟢 1020 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
npm/js-yaml 4.2.0 🟢 6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
SAST⚠️ 0no SAST tool detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 4security policy file detected
npm/tslib 2.7.0 🟢 5.5
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 0
Code-Review🟢 7GitHub code reviews found for 23 commits out of the last 30 -- score normalized to 7
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1no published package detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Dependency-Update-Tool⚠️ 0no update tool detected
Fuzzing⚠️ -1internal error: internal error: Client.Search.Code: Search.Code: GET https://api.github.com/search/code?q=github.com+microsoft+tslib+repo%3Agoogle%2Foss-fuzz+in%3Afile+filename%3Aproject.yaml: 400 []
npm/undici-types 6.19.8 🟢 8.2
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 17/21 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 8binaries present in source code
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 9SAST tool detected but not run on all commits
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
CI-Tests🟢 1027 out of 27 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 75 contributing companies or organizations
npm/valibot 1.4.1 UnknownUnknown

Scanned Files

  • package-lock.json

Comment thread tool/registerBtcCoinbaseTransaction.js Fixed
Comment thread tool/registerBtcCoinbaseTransaction.js Fixed
Comment thread tool/registerBtcCoinbaseTransaction.js Fixed
@julia-zack julia-zack force-pushed the feat/register-btc-coinbase-tx branch from c12adb1 to 5356bbc Compare June 10, 2026 22:32
@marcos-iov marcos-iov marked this pull request as ready for review June 11, 2026 17:29
@marcos-iov marcos-iov requested a review from a team as a code owner June 11, 2026 17:29
Copilot AI review requested due to automatic review settings June 11, 2026 17:29

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a Node.js tool script intended to sign (and optionally broadcast) an RSK Bridge registerBtcCoinbaseTransaction call, reusing the existing coinbase “information ready” builder, and introduces ethers as a dependency to perform transaction signing.

Changes:

  • Added tool/registerBtcCoinbaseTransaction.js to build calldata, sign a legacy tx, and optionally broadcast via eth_sendRawTransaction.
  • Exported getInformationReadyForRegisterBtcCoinbaseTransaction for reuse by other scripts.
  • Added ethers@6.16.0 to package.json (and updated package-lock.json accordingly).

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 5 comments.

File Description
tool/registerBtcCoinbaseTransaction.js New script to sign/broadcast a Bridge registerBtcCoinbaseTransaction call (currently has runtime-breaking issues noted in comments).
tool/getInformationReadyForRegisterBtcCoinbaseTransaction.js Exports helper function; needs a CLI entrypoint guard to avoid require-time side effects.
package.json Adds ethers dependency.
package-lock.json Lockfile updates for ethers and transitive deps.
Comments suppressed due to low confidence (1)

tool/getInformationReadyForRegisterBtcCoinbaseTransaction.js:119

  • This file now exports getInformationReadyForRegisterBtcCoinbaseTransaction, but it still executes its CLI IIFE at require-time. Any script that require()s this module will unexpectedly run the CLI flow (and may process.exit(1) via parseBridgeRegisterBtcCliArgs). Guard the CLI entrypoint with if (require.main === module).
})();

module.exports = { getInformationReadyForRegisterBtcCoinbaseTransaction };


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

const path = require('path');
require('dotenv').config({ path: path.join(__dirname, '..', '.env'), quiet: true });

const { ethers } = require('ethers');
Comment on lines +32 to +41
const network = await provider.getNetwork();
const btcTxHash = process.argv[2];;
const {
btcTxSerialized,
blockHash,
pmtSerialized,
witnessMerkleRoot,
witnessReservedValue
} = await getInformationReadyForRegisterBtcCoinbaseTransaction(network, btcTxHash);

Comment on lines +57 to +59
const data = iface.encodeFunctionData('registerBtcCoinbaseTransaction', [
btcTxSerialized, blockHash, pmtSerialized, witnessMerkleRoot, witnessReservedValue,
]);
Comment on lines +61 to +62
const chainId = network.chainId;
const nonce = await provider.getTransactionCount(wallet.address, 'pending');
Comment on lines +5 to +13
* Get the 5 values first:
* node tool/getInformationReadyForRegisterBtcCoinbaseTransaction.js testnet <btcTxidInBlock> \
* and save the {btcTxSerialized, btcBlockHash, pmtSerialized, witnessMerkleRoot, witnessReservedValue}
* object into a JSON file, e.g. coinbase-values.json
*
* Usage:
* node tool/registerBtcCoinbaseTransaction.js --btcTxHash # dry run: prints the raw signed tx
* node tool/registerBtcCoinbaseTransaction.js --btcTxHash --send # also broadcasts via eth_sendRawTransaction
*/
Comment thread package.json
"dependencies": {
"chai": "6.2.2",
"dotenv": "17.4.2",
"ethers": "6.16.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it's just for the tool it can be a devDependency

Comment on lines +20 to +21
const BRIDGE_ADDRESS = '0x0000000000000000000000000000000001000006';
const BRIDGE_ABI = [

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe use precompiled-abis for this? Can be a devDependency as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants