feat(sdk-core): add suspicious transaction error classes

mohammadalfaiyazbitgo · mohammadalfaiyazbitgo · commit 66411acf520e · 2025-10-01T23:56:31.000-04:00
- Add base SuspiciousTransactionError class extending BitGoJsError - Add SuspiciousTransactionParameterMismatchError for recipient mismatches - Add SuspiciousContractInteractionError for contract interaction issues - Add SuspiciousUnauthorizedTokenApproval for unauthorized token approvals - Add complete unit test suite with 7 test cases covering all error scenarios TICKET: WP-6187
diff --git a/modules/sdk-core/src/bitgo/errors.ts b/modules/sdk-core/src/bitgo/errors.ts
@@ -1,6 +1,9 @@
 // Descriptive error types for common issues which may arise
 // during the operation of BitGoJS or BitGoExpress
 import { BitGoJsError } from '../bitgojsError';
+import { IRequestTracer } from '../api/types';
+import { TransactionParams } from './baseCoin';
+import { TokenTransferRecipientParams } from './utils/tss/baseTypes';
 
 // re-export for backwards compat
 export { BitGoJsError };
@@ -175,7 +178,7 @@ export class NeedUserSignupError extends BitGoJsError {
   }
 }
 
-export class ApiResponseError<ResponseBodyType = any> extends BitGoJsError {
+export class ApiResponseError<ResponseBodyType = unknown> extends BitGoJsError {
   message: string;
   status: number;
   result?: ResponseBodyType;
@@ -197,3 +200,188 @@ export class ApiResponseError<ResponseBodyType = any> extends BitGoJsError {
     this.needsOTP = needsOTP;
   }
 }
+
+/**
+ * Interface for token approval information used in suspicious transaction detection
+ *
+ * @interface TokenApproval
+ * @property {string} [tokenName] - Optional human-readable name of the token
+ * @property {string} tokenAddress - The contract address of the token being approved
+ * @property {number | 'unlimited'} authorizingAmount - The amount being authorized for spending, or 'unlimited' for infinite approval
+ * @property {string} authorizingAddress - The address being authorized to spend the tokens
+ */
+export interface TokenApproval {
+  tokenName?: string;
+  tokenAddress: string;
+  authorizingAmount: number | 'unlimited';
+  authorizingAddress: string;
+}
+
+/**
+ * Interface for mismatched recipient information detected during transaction verification
+ *
+ * @interface MismatchedRecipient
+ * @property {string} address - The recipient address that was found in the transaction
+ * @property {string} amount - The amount being sent to this recipient
+ * @property {string | TokenTransferRecipientParams} [data] - Optional transaction data or token transfer parameters
+ * @property {string} [tokenName] - Optional name of the token being transferred
+ * @property {TokenTransferRecipientParams} [tokenData] - Optional structured token transfer data
+ */
+export interface MismatchedRecipient {
+  address: string;
+  amount: string;
+  data?: string | TokenTransferRecipientParams;
+  tokenName?: string;
+  tokenData?: TokenTransferRecipientParams;
+}
+
+/**
+ * Interface for contract interaction data payload used in suspicious transaction detection
+ *
+ * @interface ContractDataPayload
+ * @property {string} address - The contract address being interacted with
+ * @property {string} rawContractPayload - The raw contract payload in serialized form specific to the blockchain
+ * @property {unknown} decodedContractPayload - The decoded contract payload, structure varies by coin/chain implementation
+ */
+export interface ContractDataPayload {
+  address: string;
+  // The raw contract payload in serialized form of the chain
+  rawContractPayload: string;
+  // To be defined on a per-coin basis
+  decodedContractPayload: unknown;
+}
+
+/**
+ * Base error class for suspicious transaction detection
+ *
+ * This error is thrown when a transaction is detected to have suspicious characteristics
+ * that don't match the expected parameters or behavior.
+ *
+ * @class SuspiciousTransactionError
+ * @extends {BitGoJsError}
+ * @property {string | IRequestTracer} id - Transaction ID or request tracer for tracking
+ * @property {TransactionParams[]} txParams - Array of transaction parameters that were analyzed
+ * @property {string} txHex - The raw transaction in hexadecimal format
+ */
+export class SuspiciousTransactionError extends BitGoJsError {
+  public readonly id: string | IRequestTracer;
+  public readonly txParams: TransactionParams[];
+  public readonly txHex: string;
+
+  /**
+   * Creates an instance of SuspiciousTransactionError
+   *
+   * @param {string} message - Error message describing the suspicious activity
+   * @param {string | IRequestTracer} id - Transaction ID or request tracer
+   * @param {TransactionParams[]} txParams - Transaction parameters that were analyzed
+   * @param {string} txHex - Raw transaction hex string
+   */
+  public constructor(message: string, id: string | IRequestTracer, txParams: TransactionParams[], txHex: string) {
+    super(message);
+    this.id = id;
+    this.txParams = txParams;
+    this.txHex = txHex;
+  }
+}
+
+/**
+ * Error thrown when transaction parameters don't match the expected recipients
+ *
+ * This error occurs when the transaction contains recipients or amounts that differ
+ * from what was expected based on the original transaction parameters.
+ *
+ * @class SuspiciousTransactionParameterMismatchError
+ * @extends {SuspiciousTransactionError}
+ * @property {MismatchedRecipient[]} mismatchedRecipients - Array of recipients that don't match expectations
+ */
+export class SuspiciousTransactionParameterMismatchError extends SuspiciousTransactionError {
+  public readonly mismatchedRecipients: MismatchedRecipient[];
+
+  /**
+   * Creates an instance of SuspiciousTransactionParameterMismatchError
+   *
+   * @param {string} message - Error message describing the parameter mismatch
+   * @param {string | IRequestTracer} id - Transaction ID or request tracer
+   * @param {TransactionParams[]} txParams - Transaction parameters that were analyzed
+   * @param {string} txHex - Raw transaction hex string
+   * @param {MismatchedRecipient[]} mismatchedRecipients - Array of mismatched recipient information
+   */
+  public constructor(
+    message: string,
+    id: string | IRequestTracer,
+    txParams: TransactionParams[],
+    txHex: string,
+    mismatchedRecipients: MismatchedRecipient[]
+  ) {
+    super(message, id, txParams, txHex);
+    this.mismatchedRecipients = mismatchedRecipients;
+  }
+}
+
+/**
+ * Error thrown when contract interaction data doesn't match expected payload
+ *
+ * This error occurs when a transaction interacts with a smart contract but the
+ * contract call data or method doesn't match what was expected.
+ *
+ * @class SuspiciousContractInteractionError
+ * @extends {SuspiciousTransactionError}
+ * @property {ContractDataPayload} mismatchedDataPayload - The contract interaction data that was unexpected
+ */
+export class SuspiciousContractInteractionError extends SuspiciousTransactionError {
+  public readonly mismatchedDataPayload: ContractDataPayload;
+
+  /**
+   * Creates an instance of SuspiciousContractInteractionError
+   *
+   * @param {string} message - Error message describing the contract interaction issue
+   * @param {string | IRequestTracer} id - Transaction ID or request tracer
+   * @param {TransactionParams[]} txParams - Transaction parameters that were analyzed
+   * @param {string} txHex - Raw transaction hex string
+   * @param {ContractDataPayload} mismatchedDataPayload - The unexpected contract interaction data
+   */
+  public constructor(
+    message: string,
+    id: string | IRequestTracer,
+    txParams: TransactionParams[],
+    txHex: string,
+    mismatchedDataPayload: ContractDataPayload
+  ) {
+    super(message, id, txParams, txHex);
+    this.mismatchedDataPayload = mismatchedDataPayload;
+  }
+}
+
+/**
+ * Error thrown when unauthorized token approval is detected
+ *
+ * This error occurs when a transaction contains a token approval that wasn't
+ * expected or authorized by the user, potentially indicating malicious activity.
+ *
+ * @class SuspiciousUnauthorizedTokenApproval
+ * @extends {SuspiciousTransactionError}
+ * @property {TokenApproval} tokenApproval - Details of the unauthorized token approval
+ */
+export class SuspiciousUnauthorizedTokenApproval extends SuspiciousTransactionError {
+  public readonly tokenApproval: TokenApproval;
+
+  /**
+   * Creates an instance of SuspiciousUnauthorizedTokenApproval
+   *
+   * @param {string} message - Error message describing the unauthorized approval
+   * @param {string | IRequestTracer} id - Transaction ID or request tracer
+   * @param {TransactionParams[]} txParams - Transaction parameters that were analyzed
+   * @param {string} txHex - Raw transaction hex string
+   * @param {TokenApproval} tokenApproval - Details of the unauthorized token approval
+   */
+  public constructor(
+    message: string,
+    id: string | IRequestTracer,
+    txParams: TransactionParams[],
+    txHex: string,
+    tokenApproval: TokenApproval
+  ) {
+    super(message, id, txParams, txHex);
+    this.tokenApproval = tokenApproval;
+  }
+}
diff --git a/modules/sdk-core/test/unit/bitgo/errors.ts b/modules/sdk-core/test/unit/bitgo/errors.ts
@@ -0,0 +1,166 @@
+import should from 'should';
+import {
+  SuspiciousTransactionError,
+  SuspiciousTransactionParameterMismatchError,
+  SuspiciousContractInteractionError,
+  SuspiciousUnauthorizedTokenApproval,
+  MismatchedRecipient,
+  ContractDataPayload,
+  TokenApproval,
+} from '../../../src/bitgo/errors';
+
+describe('Suspicious Transaction Errors', () => {
+  const mockTransactionId = '0x1234567890abcdef';
+  const mockTxParams: any[] = [
+    { address: '0xrecipient1', amount: '1000000000000000000' },
+    { address: '0xrecipient2', amount: '2000000000000000000' },
+  ];
+  const mockTxHex = '0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef';
+
+  describe('SuspiciousTransactionError', () => {
+    it('should create base suspicious transaction error with all required properties', () => {
+      const message = 'Suspicious transaction detected';
+      const error = new SuspiciousTransactionError(message, mockTransactionId, mockTxParams, mockTxHex);
+
+      should.exist(error);
+      should.equal(error.message, message);
+      should.equal(error.name, 'SuspiciousTransactionError');
+      should.equal(error.id, mockTransactionId);
+      should.deepEqual(error.txParams, mockTxParams);
+      should.equal(error.txHex, mockTxHex);
+    });
+
+    it('should be an instance of Error', () => {
+      const error = new SuspiciousTransactionError('Test message', mockTransactionId, mockTxParams, mockTxHex);
+
+      should(error).be.instanceOf(Error);
+    });
+  });
+
+  describe('SuspiciousTransactionParameterMismatchError', () => {
+    it('should create parameter mismatch error with mismatched recipients', () => {
+      const message = 'Transaction parameters do not match expected recipients';
+      const mismatchedRecipients: MismatchedRecipient[] = [
+        { address: '0xexpected1', amount: '1000' },
+        { address: '0xexpected2', amount: '2000' },
+      ];
+
+      const error = new SuspiciousTransactionParameterMismatchError(
+        message,
+        mockTransactionId,
+        mockTxParams,
+        mockTxHex,
+        mismatchedRecipients
+      );
+
+      should.exist(error);
+      should.equal(error.message, message);
+      should.equal(error.name, 'SuspiciousTransactionParameterMismatchError');
+      should.equal(error.id, mockTransactionId);
+      should.deepEqual(error.txParams, mockTxParams);
+      should.equal(error.txHex, mockTxHex);
+      should.deepEqual(error.mismatchedRecipients, mismatchedRecipients);
+    });
+  });
+
+  describe('SuspiciousContractInteractionError', () => {
+    it('should create contract interaction error with mismatched data payload', () => {
+      const message = 'Contract interaction data does not match expected payload';
+      const mismatchedDataPayload: ContractDataPayload = {
+        address: '0xcontract123',
+        rawContractPayload: '0xabcdef',
+        decodedContractPayload: { method: 'transfer', params: ['0xrecipient', '1000'] },
+      };
+
+      const error = new SuspiciousContractInteractionError(
+        message,
+        mockTransactionId,
+        mockTxParams,
+        mockTxHex,
+        mismatchedDataPayload
+      );
+
+      should.exist(error);
+      should.equal(error.message, message);
+      should.equal(error.name, 'SuspiciousContractInteractionError');
+      should.equal(error.id, mockTransactionId);
+      should.deepEqual(error.txParams, mockTxParams);
+      should.equal(error.txHex, mockTxHex);
+      should.deepEqual(error.mismatchedDataPayload, mismatchedDataPayload);
+    });
+  });
+
+  describe('SuspiciousUnauthorizedTokenApproval', () => {
+    it('should create unauthorized token approval error with token approval details', () => {
+      const message = 'Unauthorized token approval detected';
+      const tokenApproval: TokenApproval = {
+        tokenName: 'TestToken',
+        tokenAddress: '0xtoken123',
+        authorizingAmount: 'unlimited',
+        authorizingAddress: '0xspender456',
+      };
+
+      const error = new SuspiciousUnauthorizedTokenApproval(
+        message,
+        mockTransactionId,
+        mockTxParams,
+        mockTxHex,
+        tokenApproval
+      );
+
+      should.exist(error);
+      should.equal(error.message, message);
+      should.equal(error.name, 'SuspiciousUnauthorizedTokenApproval');
+      should.equal(error.id, mockTransactionId);
+      should.deepEqual(error.txParams, mockTxParams);
+      should.equal(error.txHex, mockTxHex);
+      should.deepEqual(error.tokenApproval, tokenApproval);
+    });
+  });
+
+  describe('Error inheritance and properties', () => {
+    it('should maintain proper inheritance chain', () => {
+      const baseError = new SuspiciousTransactionError('Base error', mockTransactionId, mockTxParams, mockTxHex);
+      const paramError = new SuspiciousTransactionParameterMismatchError(
+        'Param error',
+        mockTransactionId,
+        mockTxParams,
+        mockTxHex,
+        []
+      );
+      const contractError = new SuspiciousContractInteractionError(
+        'Contract error',
+        mockTransactionId,
+        mockTxParams,
+        mockTxHex,
+        { address: '0xtest', rawContractPayload: '0x', decodedContractPayload: {} }
+      );
+      const tokenError = new SuspiciousUnauthorizedTokenApproval(
+        'Token error',
+        mockTransactionId,
+        mockTxParams,
+        mockTxHex,
+        { tokenAddress: '0xtoken', authorizingAmount: 1000, authorizingAddress: '0xspender' }
+      );
+
+      // All should be instances of Error
+      should(baseError).be.instanceOf(Error);
+      should(paramError).be.instanceOf(Error);
+      should(contractError).be.instanceOf(Error);
+      should(tokenError).be.instanceOf(Error);
+
+      // All should be instances of SuspiciousTransactionError
+      should(paramError).be.instanceOf(SuspiciousTransactionError);
+      should(contractError).be.instanceOf(SuspiciousTransactionError);
+      should(tokenError).be.instanceOf(SuspiciousTransactionError);
+    });
+
+    it('should preserve stack trace', () => {
+      const error = new SuspiciousTransactionError('Test error', mockTransactionId, mockTxParams, mockTxHex);
+
+      should.exist(error.stack);
+      should(error.stack).be.a.String();
+      should(error.stack).containEql('SuspiciousTransactionError');
+    });
+  });
+});
