From 72880358dd81cc784c046151839db327032ea427 Mon Sep 17 00:00:00 2001
From: rileystephens28 <riley.stephens28@gmail.com>
Date: Thu, 17 Oct 2024 13:10:55 -0500
Subject: [PATCH] Ensure use of hardened bit at account level

---
 src/wallet/hdwallet.ts    | 14 +++++++++++---
 src/wallet/qi-hdwallet.ts |  5 +++--
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/wallet/hdwallet.ts b/src/wallet/hdwallet.ts
index 796c660c..1c610c8c 100644
--- a/src/wallet/hdwallet.ts
+++ b/src/wallet/hdwallet.ts
@@ -9,6 +9,8 @@ import { Zone } from '../constants/index.js';
 import { TransactionRequest, Provider } from '../providers/index.js';
 import { AllowedCoinType } from '../constants/index.js';
 
+export const HARDENED_OFFSET = 2 ** 31;
+
 /**
  * Interface representing information about a neutered address.
  */
@@ -123,7 +125,7 @@ export abstract class AbstractHDWallet {
         isChange: boolean = false,
     ): HDNodeWallet {
         const changeIndex = isChange ? 1 : 0;
-        const changeNode = this._root.deriveChild(account).deriveChild(changeIndex);
+        const changeNode = this._root.deriveChild(account + HARDENED_OFFSET).deriveChild(changeIndex);
 
         let addrIndex = startingIndex;
         let addressNode: HDNodeWallet;
@@ -177,7 +179,10 @@ export abstract class AbstractHDWallet {
 
         // derive the address node and validate the zone
         const changeIndex = isChange ? 1 : 0;
-        const addressNode = this._root.deriveChild(account).deriveChild(changeIndex).deriveChild(addressIndex);
+        const addressNode = this._root
+            .deriveChild(account + HARDENED_OFFSET)
+            .deriveChild(changeIndex)
+            .deriveChild(addressIndex);
         const zone = getZoneForAddress(addressNode.address);
         if (!zone) {
             throw new Error(`Failed to derive a valid address zone for the index ${addressIndex}`);
@@ -413,7 +418,10 @@ export abstract class AbstractHDWallet {
         }
 
         const changeIndex = addressInfo.change ? 1 : 0;
-        return this._root.deriveChild(addressInfo.account).deriveChild(changeIndex).deriveChild(addressInfo.index);
+        return this._root
+            .deriveChild(addressInfo.account + HARDENED_OFFSET)
+            .deriveChild(changeIndex)
+            .deriveChild(addressInfo.index);
     }
 
     /**
diff --git a/src/wallet/qi-hdwallet.ts b/src/wallet/qi-hdwallet.ts
index 5b2a5c93..eb334207 100644
--- a/src/wallet/qi-hdwallet.ts
+++ b/src/wallet/qi-hdwallet.ts
@@ -4,6 +4,7 @@ import {
     SerializedHDWallet,
     _guard,
     MAX_ADDRESS_DERIVATION_ATTEMPTS,
+    HARDENED_OFFSET,
 } from './hdwallet.js';
 import { HDNodeWallet } from './hdnodewallet.js';
 import { QiTransactionRequest, Provider, TransactionResponse } from '../providers/index.js';
@@ -705,7 +706,7 @@ export class QiHDWallet extends AbstractHDWallet {
             // NeuteredAddressInfo (BIP44 addresses)
             const changeIndex = addressInfo.change ? 1 : 0;
             const addressNode = this._root
-                .deriveChild(addressInfo.account)
+                .deriveChild(addressInfo.account + HARDENED_OFFSET)
                 .deriveChild(changeIndex)
                 .deriveChild(addressInfo.index);
             return addressNode.privateKey;
@@ -1297,7 +1298,7 @@ export class QiHDWallet extends AbstractHDWallet {
     private _getPaymentCodePrivate(account: number): PaymentCodePrivate {
         const bip32 = this._getBIP32API();
 
-        const accountNode = this._root.deriveChild(account);
+        const accountNode = this._root.deriveChild(account + HARDENED_OFFSET);
 
         // payment code array
         const pc = new Uint8Array(80);