feat(sdk-core): add skipTssRecipientVerification opt-out flag

Ticket: WCN-151

Author: mrdanish26

modules/abstract-eth/src/abstractEthLikeNewCoins.ts

@@ -3105,7 +3105,15 @@ export abstract class AbstractEthLikeNewCoins extends AbstractEthLikeCoin {
       );
     };
 
+    if (!wallet || !txPrebuild) {
+      throw new Error('missing params');
+    }
+    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
+      throw new Error('tx cannot be both a batch and hop transaction');
+    }
+
     if (
+      !params.verification?.skipTssRecipientVerification &&
       !txParams?.recipients &&
       !(
         txParams.prebuildTx?.consolidateId ||
@@ -3117,14 +3125,8 @@ export abstract class AbstractEthLikeNewCoins extends AbstractEthLikeCoin {
     ) {
       throw new Error('missing txParams');
     }
-    if (!wallet || !txPrebuild) {
-      throw new Error('missing params');
-    }
-    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
-      throw new Error('tx cannot be both a batch and hop transaction');
-    }
 
-    if (txParams.type && ['transfer'].includes(txParams.type)) {
+    if (!params.verification?.skipTssRecipientVerification && txParams.type && ['transfer'].includes(txParams.type)) {
       if (txParams.recipients && txParams.recipients.length === 1) {
         const recipients = txParams.recipients;
         const expectedAmount = recipients[0].amount.toString();

modules/express/src/typedRoutes/api/v2/prebuildAndSignTransaction.ts

@@ -287,6 +287,8 @@ export const VerificationOptions = t.partial({
   verifyTokenEnablement: t.boolean,
   /** Verify consolidation to base address */
   consolidationToBaseAddress: t.boolean,
+  /** Skip TSS recipient verification during signing */
+  skipTssRecipientVerification: t.boolean,
 });
 
 /**

modules/sdk-coin-bsc/src/bsc.ts

@@ -74,7 +74,15 @@ export class Bsc extends AbstractEthLikeNewCoins {
    */
   async verifyTssTransaction(params: VerifyEthTransactionOptions): Promise<boolean> {
     const { txParams, txPrebuild, wallet } = params;
+    if (!wallet || !txPrebuild) {
+      throw new Error(`missing params`);
+    }
+    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
+      throw new Error(`tx cannot be both a batch and hop transaction`);
+    }
+
     if (
+      !params.verification?.skipTssRecipientVerification &&
       !txParams?.recipients &&
       !(
         txParams.prebuildTx?.consolidateId ||
@@ -85,12 +93,6 @@ export class Bsc extends AbstractEthLikeNewCoins {
     ) {
       throw new Error(`missing txParams`);
     }
-    if (!wallet || !txPrebuild) {
-      throw new Error(`missing params`);
-    }
-    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
-      throw new Error(`tx cannot be both a batch and hop transaction`);
-    }
 
     return true;
   }

modules/sdk-coin-bsc/src/bscToken.ts

@@ -54,7 +54,15 @@ export class BscToken extends EthLikeToken {
    */
   async verifyTssTransaction(params: VerifyEthTransactionOptions): Promise<boolean> {
     const { txParams, txPrebuild, wallet } = params;
+    if (!wallet || !txPrebuild) {
+      throw new Error(`missing params`);
+    }
+    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
+      throw new Error(`tx cannot be both a batch and hop transaction`);
+    }
+
     if (
+      !params.verification?.skipTssRecipientVerification &&
       !txParams?.recipients &&
       !(
         txParams.prebuildTx?.consolidateId ||
@@ -65,12 +73,6 @@ export class BscToken extends EthLikeToken {
     ) {
       throw new Error(`missing txParams`);
     }
-    if (!wallet || !txPrebuild) {
-      throw new Error(`missing params`);
-    }
-    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
-      throw new Error(`tx cannot be both a batch and hop transaction`);
-    }
 
     return true;
   }

modules/sdk-coin-bsc/test/unit/bsc.ts

@@ -1,4 +1,5 @@
 import 'should';
+import assert from 'assert';
 
 import { TestBitGo, TestBitGoAPI } from '@bitgo/sdk-test';
 import { BitGoAPI } from '@bitgo/sdk-api';
@@ -39,4 +40,123 @@ describe('Native BNB', function () {
       tbsc.allowsAccountConsolidations().should.equal(true);
     });
   });
+
+  describe('verifyTssTransaction', function () {
+    let bsc: Bsc;
+
+    before(function () {
+      bsc = bitgo.coin('bsc') as Bsc;
+    });
+
+    const baseTxPrebuild = { txHex: '0xdeadbeef' } as any;
+    const baseWallet = {} as any;
+
+    it('returns true immediately when skipTssRecipientVerification is true', async function () {
+      const result = await bsc.verifyTssTransaction({
+        txParams: {} as any,
+        txPrebuild: baseTxPrebuild,
+        wallet: baseWallet,
+        verification: { skipTssRecipientVerification: true },
+      });
+      assert.strictEqual(result, true);
+    });
+
+    it('throws when no recipients and skipTssRecipientVerification is false', async function () {
+      await assert.rejects(
+        () =>
+          bsc.verifyTssTransaction({
+            txParams: {} as any,
+            txPrebuild: baseTxPrebuild,
+            wallet: baseWallet,
+            verification: { skipTssRecipientVerification: false },
+          }),
+        /missing txParams/
+      );
+    });
+
+    it('throws when no recipients and verification is not set', async function () {
+      await assert.rejects(
+        () =>
+          bsc.verifyTssTransaction({
+            txParams: {} as any,
+            txPrebuild: baseTxPrebuild,
+            wallet: baseWallet,
+          }),
+        /missing txParams/
+      );
+    });
+
+    it('returns true for exempt type without skipTssRecipientVerification', async function () {
+      const result = await bsc.verifyTssTransaction({
+        txParams: { type: 'delegate' } as any,
+        txPrebuild: baseTxPrebuild,
+        wallet: baseWallet,
+      });
+      assert.strictEqual(result, true);
+    });
+
+    it('returns true when recipients are present without flag', async function () {
+      const result = await bsc.verifyTssTransaction({
+        txParams: { recipients: [{ address: '0xabc', amount: '100' }] } as any,
+        txPrebuild: baseTxPrebuild,
+        wallet: baseWallet,
+      });
+      assert.strictEqual(result, true);
+    });
+
+    it('still throws missing params when wallet is missing even with skipTssRecipientVerification', async function () {
+      await assert.rejects(
+        () =>
+          bsc.verifyTssTransaction({
+            txParams: {} as any,
+            txPrebuild: baseTxPrebuild,
+            wallet: undefined as any,
+            verification: { skipTssRecipientVerification: true },
+          }),
+        /missing params/
+      );
+    });
+
+    it('still throws missing params when txPrebuild is missing even with skipTssRecipientVerification', async function () {
+      await assert.rejects(
+        () =>
+          bsc.verifyTssTransaction({
+            txParams: {} as any,
+            txPrebuild: undefined as any,
+            wallet: baseWallet,
+            verification: { skipTssRecipientVerification: true },
+          }),
+        /missing params/
+      );
+    });
+
+    it('still throws hop error even with skipTssRecipientVerification', async function () {
+      await assert.rejects(
+        () =>
+          bsc.verifyTssTransaction({
+            txParams: {
+              hop: true,
+              recipients: [
+                { address: '0xabc', amount: '100' },
+                { address: '0xdef', amount: '200' },
+              ],
+            } as any,
+            txPrebuild: baseTxPrebuild,
+            wallet: baseWallet,
+            verification: { skipTssRecipientVerification: true },
+          }),
+        /tx cannot be both a batch and hop transaction/
+      );
+    });
+
+    it('skips recipient check but passes other validation with skipTssRecipientVerification', async function () {
+      const result = await bsc.verifyTssTransaction({
+        txParams: {} as any,
+        txPrebuild: baseTxPrebuild,
+        wallet: baseWallet,
+        verification: { skipTssRecipientVerification: true },
+      });
+      assert.strictEqual(result, true);
+    });
+  });
 });

modules/sdk-coin-evm/src/evmCoin.ts

@@ -113,8 +113,17 @@ export class EvmCoin extends AbstractEthLikeNewCoins {
   private async verifyLegacyTssTransaction(params: VerifyEthTransactionOptions): Promise<boolean> {
     const { txParams, txPrebuild, wallet } = params;
 
-    // Basic validation for legacy transactions only
+    if (!wallet || !txPrebuild) {
+      throw new Error(`missing params`);
+    }
+
+    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
+      throw new Error(`tx cannot be both a batch and hop transaction`);
+    }
+
+    // Only enforce recipient presence when skipTssRecipientVerification is not set
     if (
+      !params.verification?.skipTssRecipientVerification &&
       !txParams?.recipients &&
       !(
         txParams.prebuildTx?.consolidateId ||
@@ -126,14 +135,6 @@ export class EvmCoin extends AbstractEthLikeNewCoins {
       throw new Error(`missing txParams`);
     }
 
-    if (!wallet || !txPrebuild) {
-      throw new Error(`missing params`);
-    }
-
-    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
-      throw new Error(`tx cannot be both a batch and hop transaction`);
-    }
-
     // If validation passes, consider it verified
     return true;
   }

modules/sdk-coin-xdc/src/xdc.ts

@@ -66,7 +66,15 @@ export class Xdc extends AbstractEthLikeNewCoins {
    */
   async verifyTssTransaction(params: VerifyEthTransactionOptions): Promise<boolean> {
     const { txParams, txPrebuild, wallet } = params;
+    if (!wallet || !txPrebuild) {
+      throw new Error(`missing params`);
+    }
+    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
+      throw new Error(`tx cannot be both a batch and hop transaction`);
+    }
+
     if (
+      !params.verification?.skipTssRecipientVerification &&
       !txParams?.recipients &&
       !(
         txParams.prebuildTx?.consolidateId ||
@@ -77,12 +85,6 @@ export class Xdc extends AbstractEthLikeNewCoins {
     ) {
       throw new Error(`missing txParams`);
     }
-    if (!wallet || !txPrebuild) {
-      throw new Error(`missing params`);
-    }
-    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
-      throw new Error(`tx cannot be both a batch and hop transaction`);
-    }
 
     return true;
   }

modules/sdk-coin-xdc/src/xdcToken.ts

@@ -76,7 +76,15 @@ export class XdcToken extends EthLikeToken {
    */
   async verifyTssTransaction(params: VerifyEthTransactionOptions): Promise<boolean> {
     const { txParams, txPrebuild, wallet } = params;
+    if (!wallet || !txPrebuild) {
+      throw new Error(`missing params`);
+    }
+    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
+      throw new Error(`tx cannot be both a batch and hop transaction`);
+    }
+
     if (
+      !params.verification?.skipTssRecipientVerification &&
       !txParams?.recipients &&
       !(
         txParams.prebuildTx?.consolidateId ||
@@ -87,12 +95,6 @@ export class XdcToken extends EthLikeToken {
     ) {
       throw new Error(`missing txParams`);
     }
-    if (!wallet || !txPrebuild) {
-      throw new Error(`missing params`);
-    }
-    if (txParams.hop && txParams.recipients && txParams.recipients.length > 1) {
-      throw new Error(`tx cannot be both a batch and hop transaction`);
-    }
 
     return true;
   }

modules/sdk-core/src/bitgo/baseCoin/iBaseCoin.ts

@@ -238,6 +238,9 @@ export interface VerificationOptions {
   verifyTokenEnablement?: boolean;
   // Verify transaction is consolidating to wallet's base address
   consolidationToBaseAddress?: boolean;
+  // Skip TSS recipient verification during signing (safety-net opt-out for callers
+  // whose transaction type legitimately carries no explicit recipients).
+  skipTssRecipientVerification?: boolean;
 }
 
 export interface VerifyTransactionOptions {

modules/sdk-core/src/bitgo/utils/tss/baseTypes.ts

@@ -1,6 +1,12 @@
 import { Key, SerializedKeyPair } from 'openpgp';
 import { EncryptionVersion, IEncryptionSession, IRequestTracer } from '../../../api';
-import { type ITransactionRecipient, KeychainsTriplet, ParsedTransaction, TransactionParams } from '../../baseCoin';
+import {
+  type ITransactionRecipient,
+  KeychainsTriplet,
+  ParsedTransaction,
+  TransactionParams,
+  VerificationOptions,
+} from '../../baseCoin';
 import { ApiKeyShare, Keychain, WebauthnKeyEncryptionInfo } from '../../keychain';
 import { ApiVersion, Memo, WalletType } from '../../wallet';
 import { EDDSA, GShare, Signature, SignShare } from '../../../account-lib/mpc/tss';
@@ -679,6 +685,7 @@ export type TssSignTxExplicitRecipientParams = {
   apiVersion?: ApiVersion;
   recipientSource: typeof TssTxRecipientSource.Explicit;
   txParams: TransactionParamsWithMandatoryRecipients;
+  verification?: VerificationOptions;
 };
 
 export type TssSignTxResolvedRecipientParams = {
@@ -687,6 +694,7 @@ export type TssSignTxResolvedRecipientParams = {
   apiVersion?: ApiVersion;
   recipientSource?: typeof TssTxRecipientSource.Resolved;
   txParams?: TransactionParams;
+  verification?: VerificationOptions;
 };
 
 /**