tornadocontrib/web3-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove incomplete code

Browse Source
This commit is contained in:
Bryan Stitt 2022-08-09 16:54:05 +00:00
parent 71b07f0e45
commit 7802d9b6f7
5 changed files with 7 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
TODO.md
View File

@ -99,10 +99,7 @@
- [ ] right now we send too many getTransaction queries to the private rpc tier and i are being rate limited by some of them. change to be serial and weight by hard/soft limit.
- [ ] improved logging with useful instrumentation
- [ ] Got warning: "WARN subscribe_new_heads:send_block: web3_proxy::connection: unable to get block from https://rpc.ethermine.org: Deserialization Error: expected value at line 1 column 1. Response: error code: 1015". this is cloudflare rate limiting on fetching a block, but this is a private rpc. why is there a block subscription?
- [ ] basic transaction firewall
- this is part done, but we need to pick a database schema to check
- [ ] cli for creating and editing api keys
- [ ] cli for blocking malicious contracts with the firewall
- [ ] Api keys need option to lock to IP, cors header, etc
- [ ] Only subscribe to transactions when someone is listening and if the server has opted in to it
- [ ] When sending eth_sendRawTransaction, retry errors
@ -153,7 +150,6 @@ new endpoints for users:
- look at average request time for getBlock? i'm not sure how good a proxy that will be for serving eth_call, but its a start
- https://crates.io/crates/histogram-sampler
- [ ] interval for http subscriptions should be based on block time. load from config is easy, but better to query. currently hard coded to 13 seconds
- [ ] improve transaction firewall
- [ ] handle user payments
- [ ] Load testing script so we can find optimal cost servers

35
migration/src/m20220101_000001_create_table.rs
View File

@ -69,29 +69,6 @@ impl MigrationTrait for Migration {
)
.await?;
// block list for the transaction firewall
manager
.create_table(
Table::create()
.table(BlockList::Table)
.col(
ColumnDef::new(BlockList::Id)
.big_integer()
.not_null()
.auto_increment()
.primary_key(),
)
.col(
ColumnDef::new(BlockList::Address)
.binary_len(20)
.not_null()
.unique_key(),
)
.col(ColumnDef::new(BlockList::Description).string())
.to_owned(),
)
.await?;
// api keys
manager
.create_table(
@ -151,9 +128,6 @@ impl MigrationTrait for Migration {
manager
.drop_table(Table::drop().table(SecondaryUser::Table).to_owned())
.await?;
manager
.drop_table(Table::drop().table(BlockList::Table).to_owned())
.await?;
manager
.drop_table(Table::drop().table(UserKeys::Table).to_owned())
.await?;
@ -190,15 +164,6 @@ enum SecondaryUser {
Role,
}
// TODO: creation time?
#[derive(Iden)]
enum BlockList {
Table,
Id,
Address,
Description,
}
/*
-- TODO: foreign keys
-- TODO: index on api_key

29
web3_proxy/src/app.rs
View File

@ -32,7 +32,6 @@ use tracing::{info, info_span, instrument, trace, warn, Instrument};
use crate::bb8_helpers;
use crate::config::AppConfig;
use crate::connections::Web3Connections;
use crate::firewall::check_firewall_raw;
use crate::jsonrpc::JsonRpcForwardedResponse;
use crate::jsonrpc::JsonRpcForwardedResponseEnum;
use crate::jsonrpc::JsonRpcRequest;
@ -887,27 +886,13 @@ impl Web3ProxyApp {
}
// TODO: eth_sendBundle (flashbots command)
// broadcast transactions to all private rpcs at once
"eth_sendRawTransaction" => match &request.params {
Some(serde_json::Value::Array(params)) => {
// parsing params like this is gross. make struct and use serde to do all these checks and error handling
if params.len() != 1 || !params[0].is_string() {
return Err(anyhow::anyhow!("invalid request"));
}
let raw_tx = Bytes::from_str(params[0].as_str().unwrap())?;
if check_firewall_raw(&raw_tx).await? {
return self
.private_rpcs
.try_send_all_upstream_servers(request, None)
.instrument(span)
.await;
} else {
return Err(anyhow::anyhow!("transaction blocked by firewall"));
}
}
_ => return Err(anyhow::anyhow!("invalid request")),
},
"eth_sendRawTransaction" => {
return self
.private_rpcs
.try_send_all_upstream_servers(request, None)
.instrument(span)
.await;
}
"eth_syncing" => {
// TODO: return a real response if all backends are syncing or if no servers in sync
json!(false)

68
web3_proxy/src/firewall.rs
View File

@ -1,68 +0,0 @@
//! transaction firewall
//!
//! block any transactions interacting with known malicious contracts
//!
//! this could be fancy and fetch abis and actually look for dangerous addresses
//! for now, it just checks a few commonly abused functions
use ethers::prelude::{Bytes, Transaction};
use ethers::utils::rlp;
use std::str::FromStr;
pub async fn check_firewall_raw(raw: &Bytes) -> anyhow::Result<bool> {
let tx = rlp::decode(raw.as_ref())?;
let is_allowed = check_firewall(tx).await;
Ok(is_allowed)
}
pub async fn check_firewall(tx: Transaction) -> bool {
match tx.to {
None => return true,
Some(to) => {
// TODO: check our database for known malicious addresses
if false {
return false;
}
}
}
// TODO: do this better
let approve_method = Bytes::from_str("0x9999999999").unwrap();
let transfer_method = Bytes::from_str("0xa9059cbb").unwrap();
let transfer_from_method = Bytes::from_str("0x9999999999").unwrap();
let transfer_ownership_method = Bytes::from_str("0x9999999999").unwrap();
match &tx.input.as_ref()[..4] {
x if x == approve_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
x if x == transfer_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
x if x == transfer_from_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
x if x == transfer_ownership_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
_ => true,
}
}

1
web3_proxy/src/lib.rs
View File

@ -3,7 +3,6 @@ pub mod bb8_helpers;
pub mod config;
pub mod connection;
pub mod connections;
pub mod firewall;
pub mod frontend;
pub mod jsonrpc;
pub mod users;