tornadocash/tornado-relayer
2
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

Add protection from abusing relayers (force spending fee for reverted tx): fail if address is invalid or smart-contract (not EOA)

Browse Source
This commit is contained in:
Theo 2023-10-16 16:40:03 -07:00
parent cb1212d793
commit 52473197ea
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/worker.js
View File

@ -14,6 +14,7 @@ const {
toBN, toBN,
fromWei, fromWei,
toChecksumAddress, toChecksumAddress,
isAddress,
RelayerError, RelayerError,
logRelayerError, logRelayerError,
} = require('./utils') } = require('./utils')
@ -200,6 +201,18 @@ function checkOldProxy(address) {
return toChecksumAddress(address) === toChecksumAddress(OLD_PROXY) return toChecksumAddress(address) === toChecksumAddress(OLD_PROXY)
} }
async function checkRecipient({ data }) {
// Checks only for default withdrawals
if (data.type !== jobType.TORNADO_WITHDRAW) return
console.log(data.args)
const recipient = data.args[2]
if (!isAddress(recipient)) throw new Error('Recipient address is invalid')
const addressCode = await web3.eth.getCode(toChecksumAddress(recipient))
if (addressCode !== '0x') throw new Error('Recipient cannot be a smart-contract, only EOA')
}
async function getTxObject({ data }) { async function getTxObject({ data }) {
if (data.type === jobType.TORNADO_WITHDRAW) { if (data.type === jobType.TORNADO_WITHDRAW) {
let { contract, isOldProxy } = await getProxyContract() let { contract, isOldProxy } = await getProxyContract()
@ -265,6 +278,7 @@ async function processJob(job) {
} }
async function submitTx(job, retry = 0) { async function submitTx(job, retry = 0) {
await checkRecipient(job)
const rawTx = await getTxObject(job) const rawTx = await getTxObject(job)
await checkFee(job, rawTx) await checkFee(job, rawTx)
currentTx = await txManager.createTx(rawTx) currentTx = await txManager.createTx(rawTx)