Address code review comments: fix bip39 crate, chain IDs, documentation, and safety improvements

Co-authored-by: Steake <530040+Steake@users.noreply.github.com>

Author: Copilot

crates/bitcell-wallet/Cargo.toml

@@ -21,7 +21,7 @@ rand_core.workspace = true
 hex.workspace = true
 
 # BIP39/BIP32 seed phrases
-tiny-bip39 = "1.0"
+bip39 = "2.0"
 hmac = "0.12"
 pbkdf2 = { version = "0.12", default-features = false }
 

crates/bitcell-wallet/src/address.rs

@@ -45,9 +45,10 @@ impl Address {
     }
 
     /// Generate a BitCell address from a public key
+    /// 
+    /// Uses double SHA256 and takes the first 20 bytes as the address.
+    /// This is a simplified scheme for BitCell's native addresses.
     pub fn from_public_key_bitcell(public_key: &PublicKey, index: u32) -> Self {
-        // BitCell address = RIPEMD160(SHA256(compressed_pubkey))
-        // For simplicity, we use SHA256 twice (similar to Bitcoin but simplified)
         let pubkey_bytes = public_key.as_bytes();
         let hash1 = Sha256::digest(pubkey_bytes);
         let hash2 = Sha256::digest(hash1);
@@ -58,10 +59,15 @@ impl Address {
     }
 
     /// Generate a Bitcoin P2PKH address from a public key
+    /// 
+    /// Note: This is a simplified implementation using double SHA256.
+    /// For full Bitcoin compatibility, use RIPEMD160(SHA256(pubkey)).
+    /// Addresses generated here are for internal use and may not be
+    /// compatible with external Bitcoin wallets.
     pub fn from_public_key_bitcoin(public_key: &PublicKey, testnet: bool, index: u32) -> Self {
         let pubkey_bytes = public_key.as_bytes();
-        // Bitcoin address = RIPEMD160(SHA256(compressed_pubkey))
         // Simplified: using double SHA256 and taking 20 bytes
+        // For full compatibility, implement RIPEMD160(SHA256(pubkey))
         let hash1 = Sha256::digest(pubkey_bytes);
         let hash2 = Sha256::digest(hash1);
         let address_bytes = hash2[..20].to_vec();
@@ -71,10 +77,16 @@ impl Address {
     }
 
     /// Generate an Ethereum address from a public key
+    /// 
+    /// Note: This is a simplified implementation using SHA256.
+    /// For full Ethereum compatibility, use Keccak256 on the uncompressed
+    /// public key (excluding the 0x04 prefix) and take the last 20 bytes.
+    /// Addresses generated here are for internal use and may not be
+    /// compatible with external Ethereum wallets.
     pub fn from_public_key_ethereum(public_key: &PublicKey, testnet: bool, index: u32) -> Self {
-        // Ethereum address = last 20 bytes of Keccak256(uncompressed_pubkey[1:])
-        // Simplified: using SHA256 for demonstration
         let pubkey_bytes = public_key.as_bytes();
+        // Simplified: using SHA256 instead of Keccak256
+        // For full compatibility, implement Keccak256(uncompressed_pubkey[1:])
         let hash = Sha256::digest(pubkey_bytes);
         let address_bytes = hash[12..].to_vec(); // Last 20 bytes
 

crates/bitcell-wallet/src/balance.rs

@@ -54,15 +54,18 @@ impl Balance {
     }
 
     /// Format with fixed decimal places
+    /// 
+    /// Note: Uses u128 for intermediate calculations to prevent overflow
+    /// with large fractions (e.g., Ethereum's 18 decimals).
     pub fn format_fixed(&self, decimal_places: u8) -> String {
         let decimals = self.chain.decimals() as u32;
         let divisor = 10u64.pow(decimals);
         let whole = self.amount / divisor;
         let fraction = self.amount % divisor;
 
-        // Scale fraction to desired decimal places
+        // Scale fraction to desired decimal places using u128 to prevent overflow
         let scale = 10u64.pow(decimal_places as u32);
-        let scaled_fraction = (fraction * scale) / divisor;
+        let scaled_fraction = ((fraction as u128 * scale as u128) / divisor as u128) as u64;
 
         format!(
             "{}.{:0>width$} {}",
@@ -99,6 +102,10 @@ impl Balance {
     }
 
     /// Convert amount from one unit to smallest unit
+    /// 
+    /// Note: This conversion can lose precision for very large values or
+    /// values with many decimal places due to floating-point limitations.
+    /// For precise conversions, consider using a decimal arithmetic library.
     pub fn from_units(amount: f64, chain: Chain) -> Self {
         let decimals = chain.decimals() as u32;
         let multiplier = 10u64.pow(decimals);
@@ -127,6 +134,9 @@ impl std::fmt::Display for Balance {
 }
 
 /// Balance tracker for multiple addresses
+/// 
+/// Note: When deserializing, call `rebuild_totals()` to ensure
+/// the cached totals are correctly populated.
 #[derive(Debug, Clone, Default, Serialize, Deserialize)]
 pub struct BalanceTracker {
     /// Balances by address string
@@ -145,6 +155,14 @@ impl BalanceTracker {
         }
     }
 
+    /// Rebuild cached totals after deserialization
+    /// 
+    /// Call this method after deserializing a BalanceTracker to ensure
+    /// the totals cache is correctly populated.
+    pub fn rebuild_totals(&mut self) {
+        self.update_totals();
+    }
+
     /// Set balance for an address
     pub fn set_balance(&mut self, address: &Address, balance: Balance) {
         let key = address.to_string_formatted();

crates/bitcell-wallet/src/chain.rs

@@ -24,12 +24,19 @@ pub enum Chain {
 
 impl Chain {
     /// Get the chain ID
+    /// 
+    /// Each chain has a unique identifier to prevent replay attacks across chains.
+    /// - BitCell: 8888 (custom chain ID)
+    /// - Bitcoin: 0 (Bitcoin doesn't use chain IDs traditionally)
+    /// - Bitcoin Testnet: 1
+    /// - Ethereum Mainnet: 1 (EIP-155)
+    /// - Ethereum Sepolia: 11155111
     pub fn chain_id(&self) -> u32 {
         match self {
-            Chain::BitCell => 1,
-            Chain::Bitcoin => 0,
-            Chain::BitcoinTestnet => 1,
-            Chain::Ethereum => 1,
+            Chain::BitCell => 8888,      // Unique BitCell chain ID
+            Chain::Bitcoin => 0,          // Bitcoin mainnet
+            Chain::BitcoinTestnet => 1,   // Bitcoin testnet
+            Chain::Ethereum => 1,         // Ethereum mainnet (EIP-155)
             Chain::EthereumSepolia => 11155111,
             Chain::Custom(id) => *id,
         }

crates/bitcell-wallet/src/history.rs

@@ -106,9 +106,15 @@ impl TransactionRecord {
     }
 
     /// Get a short version of the tx hash
+    /// 
+    /// Returns a truncated hash in the format "prefix...suffix".
+    /// Assumes the hash is an ASCII hex string.
     pub fn short_hash(&self) -> String {
-        if self.tx_hash.len() > 16 {
-            format!("{}...{}", &self.tx_hash[..8], &self.tx_hash[self.tx_hash.len()-8..])
+        let chars: Vec<char> = self.tx_hash.chars().collect();
+        if chars.len() > 16 {
+            let prefix: String = chars[..8].iter().collect();
+            let suffix: String = chars[chars.len()-8..].iter().collect();
+            format!("{}...{}", prefix, suffix)
         } else {
             self.tx_hash.clone()
         }
@@ -137,15 +143,76 @@ impl TransactionRecord {
     }
 
     /// Format date for display
+    /// 
+    /// Returns a human-readable date string in the format "YYYY-MM-DD HH:MM:SS UTC".
     pub fn format_date(&self) -> String {
-        // Simple date formatting (YYYY-MM-DD HH:MM)
-        use std::time::{Duration, UNIX_EPOCH};
-        let datetime = UNIX_EPOCH + Duration::from_secs(self.timestamp);
-        format!("{:?}", datetime) // Simplified; in production use chrono
+        // Convert Unix timestamp to date components
+        const SECONDS_PER_MINUTE: u64 = 60;
+        const SECONDS_PER_HOUR: u64 = 3600;
+        const SECONDS_PER_DAY: u64 = 86400;
+        
+        let mut remaining = self.timestamp;
+        
+        // Calculate days since epoch
+        let days = remaining / SECONDS_PER_DAY;
+        remaining %= SECONDS_PER_DAY;
+        
+        // Calculate time components
+        let hours = remaining / SECONDS_PER_HOUR;
+        remaining %= SECONDS_PER_HOUR;
+        let minutes = remaining / SECONDS_PER_MINUTE;
+        let seconds = remaining % SECONDS_PER_MINUTE;
+        
+        // Calculate year, month, day from days since epoch (1970-01-01)
+        let (year, month, day) = days_to_ymd(days);
+        
+        format!("{:04}-{:02}-{:02} {:02}:{:02}:{:02} UTC", year, month, day, hours, minutes, seconds)
+    }
+}
+
+/// Convert days since epoch to year, month, day
+fn days_to_ymd(days: u64) -> (u64, u64, u64) {
+    // Simplified calculation - handles dates from 1970 onwards
+    let mut remaining_days = days;
+    let mut year = 1970u64;
+    
+    loop {
+        let days_in_year = if is_leap_year(year) { 366 } else { 365 };
+        if remaining_days < days_in_year {
+            break;
+        }
+        remaining_days -= days_in_year;
+        year += 1;
+    }
+    
+    let days_in_months: [u64; 12] = if is_leap_year(year) {
+        [31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]
+    } else {
+        [31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]
+    };
+    
+    let mut month = 1u64;
+    for days_in_month in days_in_months.iter() {
+        if remaining_days < *days_in_month {
+            break;
+        }
+        remaining_days -= *days_in_month;
+        month += 1;
     }
+    
+    let day = remaining_days + 1;
+    (year, month, day)
+}
+
+/// Check if a year is a leap year
+fn is_leap_year(year: u64) -> bool {
+    (year % 4 == 0 && year % 100 != 0) || (year % 400 == 0)
 }
 
 /// Transaction history manager
+/// 
+/// Note: When deserializing, call `rebuild_index()` to ensure
+/// the hash index is correctly populated for lookups.
 #[derive(Debug, Clone, Default, Serialize, Deserialize)]
 pub struct TransactionHistory {
     /// All transactions
@@ -164,6 +231,16 @@ impl TransactionHistory {
         }
     }
 
+    /// Rebuild the hash index after deserialization
+    /// 
+    /// Call this method after deserializing a TransactionHistory to ensure
+    /// lookups via get() and get_mut() work correctly.
+    pub fn ensure_indexed(&mut self) {
+        if self.hash_index.is_empty() && !self.transactions.is_empty() {
+            self.rebuild_index();
+        }
+    }
+
     /// Add a transaction to history
     pub fn add(&mut self, record: TransactionRecord) {
         let hash = record.tx_hash.clone();

crates/bitcell-wallet/src/mnemonic.rs

@@ -4,7 +4,7 @@
 //! for wallet creation and recovery.
 
 use crate::{Error, Result};
-use bip39::{Language, Mnemonic as Bip39Mnemonic, MnemonicType, Seed};
+use bip39::{Language, Mnemonic as Bip39Mnemonic};
 use zeroize::Zeroize;
 
 /// Mnemonic word count options
@@ -20,11 +20,12 @@ pub enum WordCount {
 }
 
 impl WordCount {
-    fn to_mnemonic_type(self) -> MnemonicType {
+    /// Get the number of entropy bytes for this word count
+    fn entropy_bytes(self) -> usize {
         match self {
-            WordCount::Words12 => MnemonicType::Words12,
-            WordCount::Words18 => MnemonicType::Words18,
-            WordCount::Words24 => MnemonicType::Words24,
+            WordCount::Words12 => 16,  // 128 bits
+            WordCount::Words18 => 24,  // 192 bits
+            WordCount::Words24 => 32,  // 256 bits
         }
     }
 }
@@ -38,7 +39,19 @@ pub struct Mnemonic {
 impl Mnemonic {
     /// Generate a new random mnemonic with the specified word count
     pub fn generate(word_count: WordCount) -> Self {
-        let mnemonic = Bip39Mnemonic::new(word_count.to_mnemonic_type(), Language::English);
+        let entropy_size = word_count.entropy_bytes();
+        let mut entropy = vec![0u8; entropy_size];
+        
+        // Use rand to generate entropy
+        use rand::RngCore;
+        rand::thread_rng().fill_bytes(&mut entropy);
+        
+        let mnemonic = Bip39Mnemonic::from_entropy(&entropy)
+            .expect("Valid entropy size should always produce valid mnemonic");
+        
+        // Securely clear entropy
+        entropy.zeroize();
+        
         Self { inner: mnemonic }
     }
 
@@ -49,35 +62,37 @@ impl Mnemonic {
 
     /// Parse a mnemonic from a phrase string
     pub fn from_phrase(phrase: &str) -> Result<Self> {
-        let mnemonic = Bip39Mnemonic::from_phrase(phrase, Language::English)
+        let mnemonic = Bip39Mnemonic::parse_in_normalized(Language::English, phrase)
             .map_err(|e| Error::InvalidMnemonic(e.to_string()))?;
         Ok(Self { inner: mnemonic })
     }
 
     /// Get the mnemonic phrase as a string
-    pub fn phrase(&self) -> &str {
-        self.inner.phrase()
+    pub fn phrase(&self) -> String {
+        self.inner.to_string()
     }
 
     /// Get words as a vector
     pub fn words(&self) -> Vec<&str> {
-        self.inner.phrase().split_whitespace().collect()
+        self.inner.words().collect()
     }
 
     /// Get the number of words in the mnemonic
     pub fn word_count(&self) -> usize {
-        self.words().len()
+        self.inner.word_count()
     }
 
     /// Derive a seed from the mnemonic with optional passphrase
     pub fn to_seed(&self, passphrase: &str) -> SeedBytes {
-        let seed = Seed::new(&self.inner, passphrase);
-        SeedBytes::new(seed.as_bytes().try_into().expect("Seed should be 64 bytes"))
+        let seed = self.inner.to_seed(passphrase);
+        let seed_array: [u8; 64] = seed.try_into()
+            .expect("BIP39 seed should always be 64 bytes");
+        SeedBytes::new(seed_array)
     }
 
     /// Validate the mnemonic phrase
     pub fn validate(phrase: &str) -> bool {
-        Bip39Mnemonic::from_phrase(phrase, Language::English).is_ok()
+        Bip39Mnemonic::parse_in_normalized(Language::English, phrase).is_ok()
     }
 }
 
@@ -185,7 +200,7 @@ mod tests {
     #[test]
     fn test_mnemonic_validation() {
         let mnemonic = Mnemonic::new();
-        assert!(Mnemonic::validate(mnemonic.phrase()));
+        assert!(Mnemonic::validate(&mnemonic.phrase()));
         assert!(!Mnemonic::validate("invalid phrase here"));
     }
 

crates/bitcell-wallet/src/transaction.rs

@@ -219,6 +219,10 @@ impl TransactionBuilder {
     }
 
     /// Build the transaction
+    /// 
+    /// Note: A zero fee is allowed but may cause transactions to be rejected
+    /// or remain pending indefinitely on some chains. Consider using
+    /// FeeEstimator to calculate appropriate fees.
     pub fn build(self) -> Result<Transaction> {
         let from = self.from.ok_or(Error::TransactionError("Missing sender address".into()))?;
         let to = self.to.ok_or(Error::TransactionError("Missing recipient address".into()))?;
@@ -286,11 +290,17 @@ impl FeeEstimator {
     }
 
     /// Estimate fee for simple transfer
+    /// 
+    /// Note: These are placeholder values for demonstration purposes.
+    /// Real implementations should use dynamic fee estimation based on
+    /// network conditions (e.g., gas price oracles for Ethereum).
+    /// The Ethereum base fee of 20 Gwei may be outdated depending on
+    /// network congestion.
     pub fn estimate_simple_transfer(&self, chain: Chain) -> u64 {
         let base_fee: u64 = match chain {
             Chain::BitCell => 100,
             Chain::Bitcoin | Chain::BitcoinTestnet => 2000, // ~200 bytes * 10 sat/byte
-            Chain::Ethereum | Chain::EthereumSepolia => 21_000_u64 * 20_000_000_000_u64, // 21k gas * 20 Gwei
+            Chain::Ethereum | Chain::EthereumSepolia => 21_000_u64 * 20_000_000_000_u64, // 21k gas * 20 Gwei (placeholder)
             Chain::Custom(_) => 100,
         };