// npm package
@aztec/validator-client
The validator client handles consensus duties for Aztec validators: validating block proposals, attesting to checkpoints, and detecting slashable some offenses. Validators do NOT attest to individual blocks. Attestations are only created for checkpoint pr
versions
982
maintainers
6
first publish
2025-02-07
publisher
charlielye
tarball
414,425 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-06-04
// exfil path
what is read → where it shipssteals
- ● Seed phrase
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// publisher campaignby charlielye
9 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 8 other packages that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @4.3.1· 3 files flagged
- @4.3.1··AUTO-PUBLISHED·publisher: charlielyeheuristic 64/100static flags 1llm skippednew-publisher:15dmature-packagepublisher-multi-name-burst:40publisher-version-pump:41reads-seed-phrase
// offending code· 3 files flaggedpatterns: 1
--- package/src/key_store/node_keystore_adapter.ts (excerpt) --- import type { EthSigner } from '@aztec/ethereum/eth-signer'; import type { Buffer32 } from '@aztec/foundation/buffer'; import { EthAddress } from '@aztec/foundation/eth-address'; import type { Signature } from '@aztec/foundation/eth-signature'; import { KeystoreManager, loadKeystoreFile } from '@aztec/node-keystore'; import type { EthRemoteSignerConfig } from '@aztec/node-keystore'; import { AztecAddress } from '@aztec/stdlib/aztec-address'; import { InvalidValidatorPrivateKeyError } from '@aztec/stdlib/validators'; import type { SigningContext } from '@aztec/validator-ha-signer/types'; import type { TypedDataDefinition } from 'viem'; import { privateKeyToAccount } from 'viem/accounts'; import type { ExtendedValidatorKeyStore } from './interface.js'; type AddressHex = string; type ValidatorIndex = number; interface ValidatorCache { attesters: EthSigner[]; publishers: EthSigner[]; all: EthSigner[]; byAddress: Map<AddressHex, EthSigner>; // all signers, any role attesterSet: Set<AddressHex>; // attester addresses only } export class NodeKeystoreAdapter implements ExtendedValidatorKeyStore { private readonly keystoreManager: KeystoreManager; // Per-validator cache (lazy) private readonly validators = new Map<ValidatorIndex, ValidatorCache>(); private readonly addressIndex = new Map<AddressHex, { signer: EthSigner; validatorIndex: ValidatorIndex }>(); private constructor(keystoreManager: KeystoreManager) { this.keystoreManager = keystoreManager; --- package/dest/key_store/node_keystore_adapter.d.ts (excerpt) --- import type { Buffer32 } from '@aztec/foundation/buffer'; import { EthAddress } from '@aztec/foundation/eth-address'; import type { Signature } from '@aztec/foundation/eth-signature'; import { KeystoreManager } from '@aztec/node-keystore'; import type { EthRemoteSignerConfig } from '@aztec/node-keystore'; import { AztecAddress } from '@aztec/stdlib/aztec-address'; import type { SigningContext } from '@aztec/validator-ha-signer/types'; import type { TypedDataDefinition } from 'viem'; import type { ExtendedValidatorKeyStore } from './interface.js'; export declare class NodeKeystoreAdapter implements ExtendedValidatorKeyStore { private readonly keystoreManager; private readonly validators; private readonly addressIndex; private constructor(); /** * Create an adapter from a keystore JSON file on disk. * @param keystoreFilePath Absolute or relative path to a keystore JSON file * @returns A configured NodeKeystoreAdapter instance * @throws Error when the file fails schema validation or cannot be read */ static fromKeystoreFile(keystoreFilePath: string): NodeKeystoreAdapter; /** * Create an adapter from an in-memory keystore-like object. * Validates resolved duplicate attester addresses across validators and sources. * @param keystoreConfig Parsed config object (typically result of loadKeystoreFile) * @returns A configured NodeKeystoreAdapter instance * @throws Error when resolved duplicate attester addres --- package/dest/key_store/node_keystore_adapter.js (excerpt) --- import { KeystoreManager, loadKeystoreFile } from '@aztec/node-keystore'; import { InvalidValidatorPrivateKeyError } from '@aztec/stdlib/validators'; import { privateKeyToAccount } from 'viem/accounts'; export class NodeKeystoreAdapter { keystoreManager; // Per-validator cache (lazy) validators = new Map(); addressIndex = new Map(); constructor(keystoreManager){ this.keystoreManager = keystoreManager; } /** * Create an adapter from a keystore JSON file on disk. * @param keystoreFilePath Absolute or relative path to a keystore JSON file * @returns A configured NodeKeystoreAdapter instance * @throws Error when the file fails schema validation or cannot be read */ static fromKeystoreFile(keystoreFilePath) { const keystoreConfig = loadKeystoreFile(keystoreFilePath); return NodeKeystoreAdapter.fromKeystoreConfig(keystoreConfig); } /** * Create an adapter from an in-memory keystore-like object. * Validates resolved duplicate attester addresses across validators and sources. * @param keystoreConfig Parsed config object (typically result of loadKeystoreFile) * @returns A configured NodeKeystoreAdapter instance * @throws Error when resolved duplicate attester addresses are detected */ static fromKeystoreConfig(keystoreConfig) { const keystoreManager = new KeystoreManager(keystoreConfig); // Validate resolved attester addresses (covers JSON V3 and mnemonic duplicates across vali
