From 6bc04b5e3a900e7d6aad37141dc7bd3496c6699d Mon Sep 17 00:00:00 2001
From: Steven Luscher <steveluscher@users.noreply.github.com>
Date: Tue, 6 Sep 2022 22:38:11 -0700
Subject: [PATCH] fix: replace js-sha3 with `@noble/hashes/sha3` (#27630)

---
 web3.js/package.json                         |  1 -
 web3.js/rollup.config.js                     |  4 ++--
 web3.js/src/programs/secp256k1.ts            | 12 +++++-------
 web3.js/test/program-tests/secp256k1.test.ts | 10 +++++-----
 4 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/web3.js/package.json b/web3.js/package.json
index 457f4cf70..f3cb7b58f 100644
--- a/web3.js/package.json
+++ b/web3.js/package.json
@@ -69,7 +69,6 @@
     "buffer": "6.0.1",
     "fast-stable-stringify": "^1.0.0",
     "jayson": "^3.4.4",
-    "js-sha3": "^0.8.0",
     "node-fetch": "2",
     "rpc-websockets": "^7.5.0",
     "superstruct": "^0.14.2"
diff --git a/web3.js/rollup.config.js b/web3.js/rollup.config.js
index 99d0256b4..f8bcbec7c 100644
--- a/web3.js/rollup.config.js
+++ b/web3.js/rollup.config.js
@@ -97,6 +97,7 @@ function generateConfig(configType, format) {
       /@babel\/runtime/,
       '@noble/hashes/hmac',
       '@noble/hashes/sha256',
+      '@noble/hashes/sha3',
       '@noble/hashes/sha512',
       '@noble/ed25519',
       '@noble/secp256k1',
@@ -108,7 +109,6 @@ function generateConfig(configType, format) {
       'buffer',
       'crypto-hash',
       'jayson/lib/client/browser',
-      'js-sha3',
       'node-fetch',
       'rpc-websockets',
       'superstruct',
@@ -164,6 +164,7 @@ function generateConfig(configType, format) {
             '@solana/buffer-layout',
             '@noble/hashes/hmac',
             '@noble/hashes/sha256',
+            '@noble/hashes/sha3',
             '@noble/hashes/sha512',
             '@noble/ed25519',
             '@noble/secp256k1',
@@ -176,7 +177,6 @@ function generateConfig(configType, format) {
             'http',
             'https',
             'jayson/lib/client/browser',
-            'js-sha3',
             'node-fetch',
             'react-native-url-polyfill',
             'rpc-websockets',
diff --git a/web3.js/src/programs/secp256k1.ts b/web3.js/src/programs/secp256k1.ts
index 13bfa50cb..724879825 100644
--- a/web3.js/src/programs/secp256k1.ts
+++ b/web3.js/src/programs/secp256k1.ts
@@ -1,6 +1,6 @@
 import {Buffer} from 'buffer';
 import * as BufferLayout from '@solana/buffer-layout';
-import sha3 from 'js-sha3';
+import {keccak_256} from '@noble/hashes/sha3';
 
 import {PublicKey} from '../publickey';
 import {TransactionInstruction} from '../transaction';
@@ -98,9 +98,9 @@ export class Secp256k1Program {
     );
 
     try {
-      return Buffer.from(
-        sha3.keccak_256.update(toBuffer(publicKey)).digest(),
-      ).slice(-ETHEREUM_ADDRESS_BYTES);
+      return Buffer.from(keccak_256(toBuffer(publicKey))).slice(
+        -ETHEREUM_ADDRESS_BYTES,
+      );
     } catch (error) {
       throw new Error(`Error constructing Ethereum address: ${error}`);
     }
@@ -211,9 +211,7 @@ export class Secp256k1Program {
         privateKey,
         false /* isCompressed */,
       ).slice(1); // throw away leading byte
-      const messageHash = Buffer.from(
-        sha3.keccak_256.update(toBuffer(message)).digest(),
-      );
+      const messageHash = Buffer.from(keccak_256(toBuffer(message)));
       const [signature, recoveryId] = ecdsaSign(messageHash, privateKey);
 
       return this.createInstructionWithPublicKey({
diff --git a/web3.js/test/program-tests/secp256k1.test.ts b/web3.js/test/program-tests/secp256k1.test.ts
index d2e0d22ad..50f26c946 100644
--- a/web3.js/test/program-tests/secp256k1.test.ts
+++ b/web3.js/test/program-tests/secp256k1.test.ts
@@ -1,5 +1,5 @@
 import {Buffer} from 'buffer';
-import {keccak_256} from 'js-sha3';
+import {keccak_256} from '@noble/hashes/sha3';
 
 import {
   ecdsaSign,
@@ -43,7 +43,7 @@ if (process.env.TEST_LIVE) {
 
     it('create secp256k1 instruction with string address', async () => {
       const message = Buffer.from('string address');
-      const messageHash = Buffer.from(keccak_256.update(message).digest());
+      const messageHash = Buffer.from(keccak_256(message));
       const [signature, recoveryId] = ecdsaSign(messageHash, privateKey);
       const transaction = new Transaction().add(
         Secp256k1Program.createInstructionWithEthAddress({
@@ -59,7 +59,7 @@ if (process.env.TEST_LIVE) {
 
     it('create secp256k1 instruction with 0x prefix string address', async () => {
       const message = Buffer.from('0x string address');
-      const messageHash = Buffer.from(keccak_256.update(message).digest());
+      const messageHash = Buffer.from(keccak_256(message));
       const [signature, recoveryId] = ecdsaSign(messageHash, privateKey);
       const transaction = new Transaction().add(
         Secp256k1Program.createInstructionWithEthAddress({
@@ -75,7 +75,7 @@ if (process.env.TEST_LIVE) {
 
     it('create secp256k1 instruction with buffer address', async () => {
       const message = Buffer.from('buffer address');
-      const messageHash = Buffer.from(keccak_256.update(message).digest());
+      const messageHash = Buffer.from(keccak_256(message));
       const [signature, recoveryId] = ecdsaSign(messageHash, privateKey);
       const transaction = new Transaction().add(
         Secp256k1Program.createInstructionWithEthAddress({
@@ -91,7 +91,7 @@ if (process.env.TEST_LIVE) {
 
     it('create secp256k1 instruction with public key', async () => {
       const message = Buffer.from('public key');
-      const messageHash = Buffer.from(keccak_256.update(message).digest());
+      const messageHash = Buffer.from(keccak_256(message));
       const [signature, recoveryId] = ecdsaSign(messageHash, privateKey);
       const transaction = new Transaction().add(
         Secp256k1Program.createInstructionWithPublicKey({