fix: support DelegateVtxo and server timelocks in Ark signature verification

The initial Ark offchainAddr verification only tried DefaultVtxo.Script
with the default 144-block timelock. Real wallets using arkade.computer
use a 605184-second server timelock and delegation via delegate.arkade.money,
producing DelegateVtxo addresses with 3 taproot leaves instead of 2.

- Fetch ASP server's unilateralExitDelay and try both default and server timelocks
- Fetch delegate pubkeys and try DelegateVtxo.Script in addition to DefaultVtxo
- Cache server info to avoid repeated network calls
- Update Jest mock with BIP68 timelock encoding and DelegateVtxo support
- Add tests for server-timelock and DelegateVtxo address verification

Author: TaprootFreak

src/integration/blockchain/ark/__mocks__/arkade-sdk.mock.ts

@@ -44,9 +44,17 @@ export class ReadonlyWallet {}
 
 const { p2tr, taprootListToTree, TAPROOT_UNSPENDABLE_KEY } = require('@scure/btc-signer');
 const { bech32m } = require('bech32');
+const bip68 = require('bip68');
 
 const TAP_LEAF_VERSION = 0xc0;
 
+interface RelativeTimelock {
+  value: bigint;
+  type: 'seconds' | 'blocks';
+}
+
+const DEFAULT_TIMELOCK: RelativeTimelock = { value: 144n, type: 'blocks' };
+
 class _ArkAddress {
   readonly serverPubKey: Uint8Array;
   readonly vtxoTaprootKey: Uint8Array;
@@ -89,31 +97,93 @@ function buildForfeitScript(pubKey: Uint8Array, serverPubKey: Uint8Array): Uint8
   return buf;
 }
 
-function buildExitScript(pubKey: Uint8Array): Uint8Array {
-  // <144 blocks> OP_CHECKSEQUENCEVERIFY OP_DROP <pubkey> OP_CHECKSIG
-  const buf = new Uint8Array(1 + 2 + 1 + 1 + 1 + 32 + 1);
-  buf[0] = 0x02;
-  buf[1] = 0x90;
-  buf[2] = 0x00; // 144 LE
-  buf[3] = 0xb2; // OP_CHECKSEQUENCEVERIFY
-  buf[4] = 0x75; // OP_DROP
-  buf[5] = 0x20;
-  buf.set(pubKey, 6);
-  buf[38] = 0xac;
-  return buf;
+function minimalScriptNum(n: number): Uint8Array {
+  if (n === 0) return new Uint8Array(0);
+  const negative = n < 0;
+  let abs = Math.abs(n);
+  const bytes: number[] = [];
+  while (abs > 0) {
+    bytes.push(abs & 0xff);
+    abs >>= 8;
+  }
+  if (bytes[bytes.length - 1] & 0x80) {
+    bytes.push(negative ? 0x80 : 0x00);
+  } else if (negative) {
+    bytes[bytes.length - 1] |= 0x80;
+  }
+  return new Uint8Array(bytes);
+}
+
+function buildExitScript(pubKey: Uint8Array, csvTimelock: RelativeTimelock = DEFAULT_TIMELOCK): Uint8Array {
+  // <sequence> OP_CHECKSEQUENCEVERIFY OP_DROP <pubkey> OP_CHECKSIG
+  const sequence = bip68.encode(
+    csvTimelock.type === 'blocks'
+      ? { blocks: Number(csvTimelock.value) }
+      : { seconds: Number(csvTimelock.value) },
+  );
+  const seqBytes = minimalScriptNum(sequence);
+  const pushOp = seqBytes.length === 1 ? [] : [seqBytes.length]; // OP_N for 1 byte, else explicit push
+  const seqPush = seqBytes.length === 1 ? [seqBytes[0]] : [...pushOp, ...seqBytes];
+
+  const buf = new Uint8Array(seqPush.length + 1 + 1 + 1 + 32 + 1);
+  let offset = 0;
+  for (const b of seqPush) buf[offset++] = b;
+  buf[offset++] = 0xb2; // OP_CHECKSEQUENCEVERIFY
+  buf[offset++] = 0x75; // OP_DROP
+  buf[offset++] = 0x20; // push 32 bytes
+  buf.set(pubKey, offset);
+  offset += 32;
+  buf[offset++] = 0xac; // OP_CHECKSIG
+  return buf.slice(0, offset);
+}
+
+function buildMultisigScript(pubkeys: Uint8Array[]): Uint8Array {
+  // <pk1> CHECKSIGVERIFY ... <pkN> CHECKSIG
+  const parts: number[] = [];
+  for (let i = 0; i < pubkeys.length; i++) {
+    parts.push(0x20); // push 32 bytes
+    parts.push(...pubkeys[i]);
+    parts.push(i < pubkeys.length - 1 ? 0xad : 0xac); // CHECKSIGVERIFY / CHECKSIG
+  }
+  return new Uint8Array(parts);
+}
+
+function buildTaprootTree(scripts: Uint8Array[]): Uint8Array {
+  // Reverse odd-length script arrays (VtxoScript base class behavior)
+  const list = scripts.length % 2 !== 0 ? scripts.slice().reverse() : scripts;
+  const tapTree = taprootListToTree(list.map((s: Uint8Array) => ({ script: s, leafVersion: TAP_LEAF_VERSION })));
+  const payment = p2tr(TAPROOT_UNSPENDABLE_KEY, tapTree, undefined, true);
+  return payment.tweakedPubkey;
 }
 
 class _DefaultVtxoScript {
   readonly tweakedPublicKey: Uint8Array;
+  readonly scripts: Uint8Array[];
+
+  constructor(options: { pubKey: Uint8Array; serverPubKey: Uint8Array; csvTimelock?: RelativeTimelock }) {
+    const { pubKey, serverPubKey, csvTimelock } = options;
+    this.scripts = [buildForfeitScript(pubKey, serverPubKey), buildExitScript(pubKey, csvTimelock)];
+    this.tweakedPublicKey = buildTaprootTree(this.scripts);
+  }
+}
+
+class _DelegateVtxoScript {
+  readonly tweakedPublicKey: Uint8Array;
 
-  constructor(options: { pubKey: Uint8Array; serverPubKey: Uint8Array }) {
-    const { pubKey, serverPubKey } = options;
-    const scripts = [buildForfeitScript(pubKey, serverPubKey), buildExitScript(pubKey)];
-    const tapTree = taprootListToTree(scripts.map((s: Uint8Array) => ({ script: s, leafVersion: TAP_LEAF_VERSION })));
-    const payment = p2tr(TAPROOT_UNSPENDABLE_KEY, tapTree, undefined, true);
-    this.tweakedPublicKey = payment.tweakedPubkey;
+  constructor(options: {
+    pubKey: Uint8Array;
+    serverPubKey: Uint8Array;
+    delegatePubKey: Uint8Array;
+    csvTimelock?: RelativeTimelock;
+  }) {
+    const { pubKey, serverPubKey, delegatePubKey, csvTimelock } = options;
+    const defaultVtxo = new _DefaultVtxoScript({ pubKey, serverPubKey, csvTimelock });
+    const delegateScript = buildMultisigScript([pubKey, delegatePubKey, serverPubKey]);
+    const allScripts = [...defaultVtxo.scripts, delegateScript];
+    this.tweakedPublicKey = buildTaprootTree(allScripts);
   }
 }
 
 export const ArkAddress = _ArkAddress;
 export const DefaultVtxo = { Script: _DefaultVtxoScript };
+export const DelegateVtxo = { Script: _DelegateVtxoScript };

src/integration/blockchain/ark/__tests__/ark.service.spec.ts

@@ -1,4 +1,4 @@
-import { ArkAddress, DefaultVtxo } from '@arkade-os/sdk';
+import { ArkAddress, DefaultVtxo, DelegateVtxo } from '@arkade-os/sdk';
 import { secp256k1 } from '@noble/curves/secp256k1';
 import { sha256 } from '@noble/hashes/sha2';
 import { ArkService } from '../ark.service';
@@ -86,4 +86,94 @@ describe('ArkService', () => {
       expect(result).toBe(false);
     });
   });
+
+  // --- OFFCHAIN ADDRESS WITH SERVER TIMELOCK --- //
+
+  describe('verifySignature with server timelock', () => {
+    const serverTimelock = { value: 605184n, type: 'seconds' as const };
+
+    const serverVtxoScript = new DefaultVtxo.Script({
+      pubKey: xOnlyKey,
+      serverPubKey: serverKey,
+      csvTimelock: serverTimelock,
+    });
+    const serverOffchainAddr = new ArkAddress(serverKey, serverVtxoScript.tweakedPublicKey, 'ark').encode();
+
+    beforeEach(() => {
+      // Mock fetch to return the server's unilateralExitDelay
+      jest.spyOn(global, 'fetch').mockResolvedValue({
+        json: async () => ({ unilateralExitDelay: '605184' }),
+      } as Response);
+    });
+
+    afterEach(() => {
+      jest.restoreAllMocks();
+    });
+
+    it('should verify a signature against an offchainAddr with server timelock', async () => {
+      const message = 'test message for server timelock verification';
+      const signature = signMessage(message);
+
+      const result = await service.verifySignature(message, serverOffchainAddr, signature);
+
+      expect(result).toBe(true);
+    });
+
+    it('should reject a wrong signature against server-timelock offchainAddr', async () => {
+      const signature = signMessage('original message');
+
+      const result = await service.verifySignature('different message', serverOffchainAddr, signature);
+
+      expect(result).toBe(false);
+    });
+  });
+
+  // --- DELEGATE VTXO ADDRESS --- //
+
+  describe('verifySignature with DelegateVtxo address', () => {
+    const serverTimelock = { value: 605184n, type: 'seconds' as const };
+    const delegateKey = Buffer.alloc(32, 0xdd);
+
+    const delegateVtxoScript = new DelegateVtxo.Script({
+      pubKey: xOnlyKey,
+      serverPubKey: serverKey,
+      delegatePubKey: delegateKey,
+      csvTimelock: serverTimelock,
+    });
+    const delegateAddr = new ArkAddress(serverKey, delegateVtxoScript.tweakedPublicKey, 'ark').encode();
+
+    beforeEach(() => {
+      jest.spyOn(global, 'fetch').mockImplementation(async (url: string | URL | Request) => {
+        const urlStr = typeof url === 'string' ? url : url.toString();
+        if (urlStr.includes('/v1/info')) {
+          return { json: async () => ({ unilateralExitDelay: '605184' }) } as Response;
+        }
+        if (urlStr.includes('/v1/delegator/info')) {
+          return { json: async () => ({ pubkey: '00' + Buffer.from(delegateKey).toString('hex') }) } as Response;
+        }
+        throw new Error(`Unexpected fetch: ${urlStr}`);
+      });
+    });
+
+    afterEach(() => {
+      jest.restoreAllMocks();
+    });
+
+    it('should verify a signature against a DelegateVtxo offchainAddr', async () => {
+      const message = 'test message for delegate verification';
+      const signature = signMessage(message);
+
+      const result = await service.verifySignature(message, delegateAddr, signature);
+
+      expect(result).toBe(true);
+    });
+
+    it('should reject a wrong signature against DelegateVtxo offchainAddr', async () => {
+      const signature = signMessage('original message');
+
+      const result = await service.verifySignature('different message', delegateAddr, signature);
+
+      expect(result).toBe(false);
+    });
+  });
 });

src/integration/blockchain/ark/ark.service.ts

@@ -1,15 +1,19 @@
 import { Injectable } from '@nestjs/common';
-import { ArkAddress, DefaultVtxo } from '@arkade-os/sdk';
+import { ArkAddress, DefaultVtxo, DelegateVtxo } from '@arkade-os/sdk';
 import { secp256k1 } from '@noble/curves/secp256k1';
 import { sha256 } from '@noble/hashes/sha2';
+import { GetConfig } from 'src/config/config';
 import { Bech32mService } from '../shared/bech32m/bech32m.service';
 import { ArkClient, ArkTransaction } from './ark-client';
 
+type CsvTimelock = { value: bigint; type: 'seconds' | 'blocks' } | undefined;
+
 @Injectable()
 export class ArkService extends Bech32mService {
   readonly defaultPrefix = 'ark';
 
   private readonly client: ArkClient;
+  private serverInfo: { exitDelay: bigint; delegatePubKeys: Uint8Array[] } | null | undefined;
 
   constructor() {
     super();
@@ -28,22 +32,28 @@ export class ArkService extends Bech32mService {
       const decoded = ArkAddress.decode(address);
       const messageHash = sha256(new TextEncoder().encode(message));
       const signatureBytes = Buffer.from(signatureHex, 'hex');
-
-      for (let recovery = 0; recovery <= 3; recovery++) {
-        try {
-          const sig = secp256k1.Signature.fromBytes(signatureBytes, 'compact').addRecoveryBit(recovery);
-          const xOnlyKey = sig.recoverPublicKey(messageHash).toBytes(true).slice(1);
-
-          const vtxoScript = new DefaultVtxo.Script({
-            pubKey: xOnlyKey,
-            serverPubKey: decoded.serverPubKey,
-          });
-
-          if (Buffer.from(vtxoScript.tweakedPublicKey).equals(Buffer.from(decoded.vtxoTaprootKey))) {
-            return true;
+      const csvTimelocks = await this.getCsvTimelocks();
+      const delegatePubKeys = await this.getDelegatePubKeys();
+
+      for (const csvTimelock of csvTimelocks) {
+        for (let recovery = 0; recovery <= 3; recovery++) {
+          try {
+            const sig = secp256k1.Signature.fromBytes(signatureBytes, 'compact').addRecoveryBit(recovery);
+            const xOnlyKey = sig.recoverPublicKey(messageHash).toBytes(true).slice(1);
+
+            const baseOpts = { pubKey: xOnlyKey, serverPubKey: decoded.serverPubKey, ...(csvTimelock && { csvTimelock }) };
+
+            // Try DefaultVtxo (non-delegated address)
+            if (this.tweakedKeyMatches(new DefaultVtxo.Script(baseOpts), decoded.vtxoTaprootKey)) return true;
+
+            // Try DelegateVtxo for each known delegate pubkey
+            for (const delegatePubKey of delegatePubKeys) {
+              if (this.tweakedKeyMatches(new DelegateVtxo.Script({ ...baseOpts, delegatePubKey }), decoded.vtxoTaprootKey))
+                return true;
+            }
+          } catch {
+            continue;
           }
-        } catch {
-          continue;
         }
       }
     } catch {
@@ -53,6 +63,60 @@ export class ArkService extends Bech32mService {
     return false;
   }
 
+  private tweakedKeyMatches(vtxoScript: { tweakedPublicKey: Uint8Array }, target: Uint8Array): boolean {
+    return Buffer.from(vtxoScript.tweakedPublicKey).equals(Buffer.from(target));
+  }
+
+  private async getCsvTimelocks(): Promise<CsvTimelock[]> {
+    const timelocks: CsvTimelock[] = [undefined];
+
+    const info = await this.getServerInfo();
+    if (info) {
+      timelocks.push({
+        value: info.exitDelay,
+        type: info.exitDelay < 512n ? 'blocks' : 'seconds',
+      });
+    }
+
+    return timelocks;
+  }
+
+  private async getDelegatePubKeys(): Promise<Uint8Array[]> {
+    const info = await this.getServerInfo();
+    return info?.delegatePubKeys ?? [];
+  }
+
+  private async getServerInfo(): Promise<{ exitDelay: bigint; delegatePubKeys: Uint8Array[] } | null> {
+    if (this.serverInfo !== undefined) return this.serverInfo;
+
+    try {
+      const { arkServerUrl } = GetConfig().blockchain.ark;
+
+      const infoRes = await fetch(`${arkServerUrl}/v1/info`);
+      const info = await infoRes.json();
+      const exitDelay = BigInt(info.unilateralExitDelay);
+
+      // Fetch known delegate pubkeys
+      const delegatePubKeys: Uint8Array[] = [];
+      const delegatorUrls = ['https://delegate.arkade.money'];
+      for (const url of delegatorUrls) {
+        try {
+          const res = await fetch(`${url}/v1/delegator/info`);
+          const data = await res.json();
+          if (data?.pubkey) delegatePubKeys.push(Buffer.from(data.pubkey, 'hex').subarray(1));
+        } catch {
+          // delegator unreachable
+        }
+      }
+
+      this.serverInfo = { exitDelay, delegatePubKeys };
+      return this.serverInfo;
+    } catch {
+      this.serverInfo = null;
+      return null;
+    }
+  }
+
   async isHealthy(): Promise<boolean> {
     return this.client.isHealthy();
   }