Address security vulnerabilities

packages/client/libp2pBrowserBuild/libp2pnode.ts

@@ -8,7 +8,7 @@ import Libp2p from 'libp2p'
 import Bootstrap from 'libp2p-bootstrap'
 
 import type { Multiaddr } from 'multiaddr'
-import type PeerId from 'peer-id'
+import type { PeerId } from '@libp2p/interface-peer-id'
 
 const MPLEX = require('libp2p-mplex')
 const Websockets = require('libp2p-websockets')

packages/client/libp2pBrowserBuild/net/peer/libp2pnode.ts

@@ -8,7 +8,7 @@ import LibP2P from 'libp2p'
 import Bootstrap from 'libp2p-bootstrap'
 
 import type { Multiaddr } from 'multiaddr'
-import type * as PeerId from 'peer-id'
+import type { PeerId } from '@libp2p/interface-peer-id'
 
 const KadDht = require('libp2p-kad-dht')
 const MPLEX = require('libp2p-mplex')

packages/client/libp2pBrowserBuild/net/peer/libp2ppeer.ts

@@ -1,6 +1,5 @@
 //@ts-nocheck
 import { multiaddr } from 'multiaddr'
-import PeerId from 'peer-id'
 
 import { Peer } from '../../../src/net/peer/peer'
 import { Libp2pSender } from '../libp2psender'
@@ -13,6 +12,7 @@ import type { Protocol } from '../../../src/net/protocol'
 import type { Libp2pServer } from '../../../src/net/server'
 import type { MuxedStream } from 'libp2p-interfaces/dist/src/stream-muxer/types'
 import type { Multiaddr } from 'multiaddr'
+import { PeerId, isPeerId } from '@libp2p/interface-peer-id'
 
 export interface Libp2pPeerOptions extends Omit<PeerOptions, 'address' | 'transport'> {
   /* Multiaddrs to listen on */
@@ -104,7 +104,7 @@ export class Libp2pPeer extends Peer {
           const { stream } = await node.dialProtocol(peer as any, protocol)
           await this.bindProtocol(p, new Libp2pSender(stream))
         } catch (err: any) {
-          const peerInfo = peer instanceof PeerId ? `id=${peer.toB58String()}` : `multiaddr=${peer}`
+          const peerInfo = isPeerId(peer) ? `id=${peer.toB58String()}` : `multiaddr=${peer}`
           this.config.logger.debug(
             `Peer doesn't support protocol=${protocol} ${peerInfo} ${err.stack}`
           )

packages/client/libp2pBrowserBuild/net/server/libp2pserver.ts

@@ -2,7 +2,7 @@
 // eslint-disable-next-line implicit-dependencies/no-implicit, import/no-extraneous-dependencies
 import { keys } from 'libp2p-crypto'
 import { multiaddr } from 'multiaddr'
-import PeerId from 'peer-id'
+import { PeerId } from '@libp2p/interface-peer-id'
 
 import { Event } from '../../../src/types'
 import { Libp2pPeer } from '../../../src/net/peer'
@@ -13,6 +13,7 @@ import { Server } from '../../../src/net/server/server'
 import type { ServerOptions } from '../../../src/net/server/server'
 import type Connection from 'libp2p-interfaces/dist/src/connection/connection'
 import type { Multiaddr } from 'multiaddr'
+import { createFromPrivKey } from '@libp2p/peer-id-factory'
 
 export interface Libp2pServerOptions extends ServerOptions {
   /* Multiaddrs to listen on */
@@ -79,7 +80,7 @@ export class Libp2pServer extends Server {
       }
     }
     this.node.on('peer:discovery', async (peerId: PeerId) => {
-      const id = peerId.toB58String()
+      const id = peerId.toString()
       if (this.peers.get(id) || this.isBanned(id)) {
         return
       }
@@ -103,7 +104,7 @@ export class Libp2pServer extends Server {
     this.node.addressManager.getListenAddrs().map(async (ma) => {
       this.config.events.emit(Event.SERVER_LISTENING, {
         transport: this.name,
-        url: `${ma}/p2p/${peerId.toB58String()}`,
+        url: `${ma}/p2p/${peerId.toString()}`,
       })
     })
     this.started = true
@@ -161,7 +162,7 @@ export class Libp2pServer extends Server {
   async getPeerId() {
     const privKey = await keys.generateKeyPairFromSeed('ed25519', this.key, 512)
     const protoBuf = keys.marshalPrivateKey(privKey)
-    return PeerId.createFromPrivKey(protoBuf)
+    return createFromPrivKey(protoBuf)
   }
 
   getPeerInfo(connection: Connection): [peerId: PeerId, multiaddr: Multiaddr, inbound: boolean] {
@@ -171,7 +172,7 @@ export class Libp2pServer extends Server {
   createPeer(peerId: PeerId, multiaddrs?: Multiaddr[], inbound = false) {
     const peer = new Libp2pPeer({
       config: this.config,
-      id: peerId.toB58String(),
+      id: peerId.toString(),
       multiaddrs,
       protocols: Array.from(this.protocols),
       inbound,

packages/client/package.json

@@ -84,7 +84,8 @@
     "level": "^8.0.0",
     "memory-level": "^1.0.0",
     "multiaddr": "^10.0.1",
-    "peer-id": "^0.14.3",
+    "@libp2p/interface-peer-id": "2.0.2",
+    "@libp2p/peer-id-factory": "2.0.4",
     "qheap": "^1.4.0",
     "winston": "^3.3.3",
     "winston-daily-rotate-file": "^4.5.5",

packages/client/src/util/parse.ts

@@ -29,8 +29,8 @@ export function parseMultiaddrs(input: MultiaddrLike): Multiaddr[] {
     input = input.split(',')
   }
   try {
-    return (input as string[]).map((s) => {
-      if (Multiaddr.isMultiaddr(s)) {
+    return input.map((s) => {
+      if (s instanceof Multiaddr) {
         return s
       }
       // parse as multiaddr

packages/client/test/net/server/rlpxserver.spec.ts

@@ -237,7 +237,7 @@ describe('[RlpxServer]', async () => {
         assert.equal(err.message, 'err0', 'got error')
       })
     )
-    server['dpt'].events.emit('error', new Error('err0'))
+    server['dpt']?.events.emit('error', new Error('err0'))
   })
 
   it('should init rlpx', async () => {

packages/client/test/util/parse.spec.ts

@@ -49,7 +49,14 @@ describe('[Util/Parse]', () => {
       [{ name: 't1', options: {} }],
       'parsed transport without options'
     )
-    assert.deepEqual(
+    assert.deepEqual<
+      {
+        name: string
+        options: {
+          [key: string]: string | undefined
+        }
+      }[]
+    >(
       parseTransports(['t2:k1=v1,k:k=v2,k3="v3",k4,k5=']),
       [
         {

packages/devp2p/package.json

@@ -70,7 +70,6 @@
   "devDependencies": {
     "@ethereumjs/block": "5.0.0-rc.1",
     "@ethereumjs/tx": "5.0.0-rc.1",
-    "@types/chalk": "^2.2.0",
     "@types/debug": "^4.1.4",
     "@types/k-bucket": "^5.0.0",
     "chalk": "^2.4.2",

packages/devp2p/src/@types/snappyjs/convert.d.ts

@@ -0,0 +1 @@
+declare module 'multiaddr/src/convert.js'

packages/devp2p/src/dns/enr.ts

@@ -2,15 +2,14 @@ import { RLP } from '@ethereumjs/rlp'
 import { bytesToUtf8, utf8ToBytes } from '@ethereumjs/util'
 import { base32, base64url } from '@scure/base'
 import { ecdsaVerify } from 'ethereum-cryptography/secp256k1-compat.js'
-import { Multiaddr } from 'multiaddr'
+import { protocols } from 'multiaddr'
+import { toString } from 'multiaddr/src/convert.js'
 import { sscanf } from 'scanf'
 
 import { keccak256, toNewUint8Array } from '../util.js'
 
 import type { PeerInfo } from '../types.js'
 
-const Convert = require('multiaddr/src/convert')
-
 type ProtocolCodes = {
   ipCode: number
   tcpCode: number
@@ -83,9 +82,9 @@ export class ENR {
     const { ipCode, tcpCode, udpCode } = this._getIpProtocolConversionCodes(obj.id)
 
     const peerInfo: PeerInfo = {
-      address: Convert.toString(ipCode, obj.ip) as string,
-      tcpPort: Number(Convert.toString(tcpCode, toNewUint8Array(obj.tcp))),
-      udpPort: Number(Convert.toString(udpCode, toNewUint8Array(obj.udp))),
+      address: toString(ipCode, obj.ip) as string,
+      tcpPort: Number(toString(tcpCode, toNewUint8Array(obj.tcp))),
+      udpPort: Number(toString(udpCode, toNewUint8Array(obj.udp))),
     }
 
     return peerInfo
@@ -185,19 +184,19 @@ export class ENR {
 
     switch (bytesToUtf8(protocolId)) {
       case 'v4':
-        ipCode = Multiaddr.protocols.names.ip4.code
+        ipCode = protocols(4).code
         break
       case 'v6':
-        ipCode = Multiaddr.protocols.names.ip6.code
+        ipCode = protocols(41).code
         break
       default:
         throw new Error("IP protocol must be 'v4' or 'v6'")
     }
 
     return {
       ipCode,
-      tcpCode: Multiaddr.protocols.names.tcp.code,
-      udpCode: Multiaddr.protocols.names.udp.code,
+      tcpCode: protocols('tcp').code,
+      udpCode: protocols('udp').code,
     }
   }
 }

packages/devp2p/test/dns.spec.ts

@@ -158,18 +158,22 @@ describe('DNS: (integration)', () => {
   const enrTree = `enrtree://${publicKey}@${goerliDNS}`
   const ipTestRegex = /^\d+\.\d+\.\d+\.\d+$/ // e.g 123.44.55.77
 
-  it('should retrieve 5 PeerInfos for goerli', async () => {
-    // Google's dns server address. Needs to be set explicitly to run in CI
-    const dns = new DNS({ dnsServerAddress: '8.8.8.8' })
-    const peers = await dns.getPeers(5, [enrTree])
-
-    assert.equal(peers.length, 5, 'returns 5 peers')
-
-    const seen: string[] = []
-    for (const peer of peers) {
-      assert.ok(peer!.address!.match(ipTestRegex), 'address is a valid ip')
-      assert.ok(!seen.includes(peer!.address as string), 'peer is not duplicate')
-      seen.push(peer!.address as string)
-    }
-  })
+  it(
+    'should retrieve 5 PeerInfos for goerli',
+    async () => {
+      // Google's dns server address. Needs to be set explicitly to run in CI
+      const dns = new DNS({ dnsServerAddress: '8.8.8.8' })
+      const peers = await dns.getPeers(5, [enrTree])
+
+      assert.equal(peers.length, 5, 'returns 5 peers')
+
+      const seen: string[] = []
+      for (const peer of peers) {
+        assert.ok(peer!.address!.match(ipTestRegex), 'address is a valid ip')
+        assert.ok(!seen.includes(peer!.address as string), 'peer is not duplicate')
+        seen.push(peer!.address as string)
+      }
+    },
+    { timeout: 10000 }
+  )
 })

packages/trie/package.json

@@ -61,7 +61,6 @@
   },
   "devDependencies": {
     "@ethereumjs/genesis": "0.1.0-rc.1",
-    "0x": "^4.9.1",
     "@types/benchmark": "^1.0.33",
     "abstract-level": "^1.0.3",
     "level": "^8.0.0",