// npm 패키지
@aztec/bot
Simple bot that connects to a PXE to send txs on a recurring basis.
버전
1029
메인테이너
6
최초 publish
2024-07-30
publisher
charlielye
tarball
218,498 B
AUTO-PUBLISHED·1개 버전 인덱싱됨·최근 publish: 2026-06-04
// exfil path
what is read → where it shipssteals
- ● Seed phrase
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
evidence in excerpt
> l1RpcUrls: string[] | undefined; > l1RpcUrls: string[] | undefined;
// publisher 캠페인by charlielye
이 계정에서 catch된 패키지 9건고립된 catch가 아닙니다. 동일 publisher가 8개의 다른 패키지를 추가로 발행했고, 모두 파이프라인이 catch했습니다 — 일회성이 아닌 조직적 캠페인의 형태. 아래 링크는 각 형제 catch의 분석으로 이동합니다.
// offending code· @4.3.1· 3 files flagged
- @4.3.1··AUTO-PUBLISHED·publisher: charlielyeheuristic 64/100static flags 1llm skippednew-publisher:15dmature-packagepublisher-multi-name-burst:35publisher-version-pump:36reads-seed-phrase
// offending code· 3 files flaggedpatterns: 1
--- package/src/config.ts (excerpt) --- import { type ConfigMappingsType, SecretValue, booleanConfigHelper, getConfigFromMappings, getDefaultConfig, numberConfigHelper, optionalNumberConfigHelper, pickConfigMappings, secretFrConfigHelper, secretStringConfigHelper, } from '@aztec/foundation/config'; import { Fr } from '@aztec/foundation/curves/bn254'; import { type DataStoreConfig, dataConfigMappings } from '@aztec/kv-store/config'; import { getVKTreeRoot } from '@aztec/noir-protocol-circuits-types/vk-tree'; import { protocolContractsHash } from '@aztec/protocol-contracts'; import { schemas, zodFor } from '@aztec/stdlib/schemas'; import type { ComponentsVersions } from '@aztec/stdlib/versioning'; import { z } from 'zod'; const BotFollowChain = ['NONE', 'PROPOSED', 'CHECKPOINTED', 'PROVEN'] as const; type BotFollowChain = (typeof BotFollowChain)[number]; const BotMode = ['transfer', 'amm', 'crosschain'] as const; type BotMode = (typeof BotMode)[number]; export enum SupportedTokenContracts { TokenContract = 'TokenContract', PrivateTokenContract = 'PrivateTokenContract', } export type BotConfig = { /** The URL to the Aztec node to check for tx pool status. */ nodeUrl: string | undefined; /** The URL to the Aztec node admin API to force-flush txs if configured. */ nodeAdminUrl: string | undefined; /** Url of the ethereum host. */ l1RpcUrls: string[] | undefined; /** The mnemonic for the account to bridge fee juice from L1. */ l1Mnemonic: SecretValue<string> | undefined; /** --- package/src/factory.ts (excerpt) --- import { getInitialTestAccountsData } from '@aztec/accounts/testing'; import { NO_FROM } from '@aztec/aztec.js/account'; import { AztecAddress } from '@aztec/aztec.js/addresses'; import { BatchCall, ContractBase, ContractFunctionInteraction, type DeployMethod, type DeployOptions, NO_WAIT, } from '@aztec/aztec.js/contracts'; import type { L2AmountClaim } from '@aztec/aztec.js/ethereum'; import { L1FeeJuicePortalManager } from '@aztec/aztec.js/ethereum'; import { FeeJuicePaymentMethodWithClaim } from '@aztec/aztec.js/fee'; import { deriveKeys } from '@aztec/aztec.js/keys'; import { createLogger } from '@aztec/aztec.js/log'; import { waitForL1ToL2MessageReady } from '@aztec/aztec.js/messaging'; import { waitForTx } from '@aztec/aztec.js/node'; import { ContractInitializationStatus } from '@aztec/aztec.js/wallet'; import { createEthereumChain } from '@aztec/ethereum/chain'; import { createExtendedL1Client } from '@aztec/ethereum/client'; import { RollupContract } from '@aztec/ethereum/contracts'; import type { ExtendedViemWalletClient } from '@aztec/ethereum/types'; import { Fr } from '@aztec/foundation/curves/bn254'; import { EthAddress } from '@aztec/foundation/eth-address'; import { Timer } from '@aztec/foundation/timer'; import { AMMContract } from '@aztec/noir-contracts.js/AMM'; import { PrivateTokenContract } from '@aztec/noir-contracts.js/PrivateToken'; import { TokenContract } from '@aztec/noir-contracts.js/Token'; import { TestContract } from '@aztec/noir-tes --- package/dest/config.d.ts (excerpt) --- import { type ConfigMappingsType, SecretValue } from '@aztec/foundation/config'; import { Fr } from '@aztec/foundation/curves/bn254'; import { type DataStoreConfig } from '@aztec/kv-store/config'; import type { ComponentsVersions } from '@aztec/stdlib/versioning'; import { z } from 'zod'; declare const BotFollowChain: readonly ["NONE", "PROPOSED", "CHECKPOINTED", "PROVEN"]; type BotFollowChain = (typeof BotFollowChain)[number]; declare const BotMode: readonly ["transfer", "amm", "crosschain"]; type BotMode = (typeof BotMode)[number]; export declare enum SupportedTokenContracts { TokenContract = "TokenContract", PrivateTokenContract = "PrivateTokenContract" } export type BotConfig = { /** The URL to the Aztec node to check for tx pool status. */ nodeUrl: string | undefined; /** The URL to the Aztec node admin API to force-flush txs if configured. */ nodeAdminUrl: string | undefined; /** Url of the ethereum host. */ l1RpcUrls: string[] | undefined; /** The mnemonic for the account to bridge fee juice from L1. */ l1Mnemonic: SecretValue<string> | undefined; /** The private key for the account to bridge fee juice from L1. */ l1PrivateKey: SecretValue<string> | undefined; /** How long to wait for L1 to L2 messages to become available on L2 */ l1ToL2MessageTimeoutSeconds: number; /** Signing private key for the sender account. */ senderPrivateKey: SecretValue<Fr> | undefined; /** Optional salt to use to instantiate
