Add protection from abusing relayers (force spending fee for reverted tx): fail if address is invalid or smart-contract (not EOA)

src/worker.js

@@ -11,11 +11,9 @@ const { queue } = require('./queue')
 const {
   poseidonHash2,
   getInstance,
-  fromDecimals,
+  isAddress,
   sleep,
   toBN,
-  toWei,
-  fromWei,
   toChecksumAddress,
   RelayerError,
   logRelayerError,
@@ -193,6 +191,18 @@ function checkOldProxy(address) {
   return toChecksumAddress(address) === toChecksumAddress(OLD_PROXY)
 }
 
+async function checkRecipient({ data }) {
+  // Checks only for default withdrawals
+  if (data.type !== jobType.TORNADO_WITHDRAW) return
+
+  console.log(data.args)
+  const recipient = data.args[2]
+  if (!isAddress(recipient)) throw new Error('Recipient address is invalid')
+
+  const addressCode = await web3.eth.getCode(toChecksumAddress(recipient))
+  if (addressCode !== '0x') throw new Error('Recipient cannot be a smart-contract, only EOA')
+}
+
 async function getTxObject({ data }) {
   if (data.type === jobType.TORNADO_WITHDRAW) {
     let { contract, isOldProxy } = await getProxyContract()
@@ -257,6 +267,7 @@ async function processJob(job) {
 }
 
 async function submitTx(job, retry = 0) {
+  await checkRecipient(job);
   await checkFee(job)
   currentTx = await txManager.createTx(await getTxObject(job))