From 7802d9b6f7673758d28e2ee2772a22d25454d03d Mon Sep 17 00:00:00 2001 From: Bryan Stitt Date: Tue, 9 Aug 2022 16:54:05 +0000 Subject: [PATCH] remove incomplete code --- TODO.md | 4 -- .../src/m20220101_000001_create_table.rs | 35 ---------- web3_proxy/src/app.rs | 29 ++------ web3_proxy/src/firewall.rs | 68 ------------------- web3_proxy/src/lib.rs | 1 - 5 files changed, 7 insertions(+), 130 deletions(-) delete mode 100644 web3_proxy/src/firewall.rs diff --git a/TODO.md b/TODO.md index 9422d021..e9117cb2 100644 --- a/TODO.md +++ b/TODO.md @@ -99,10 +99,7 @@ - [ ] right now we send too many getTransaction queries to the private rpc tier and i are being rate limited by some of them. change to be serial and weight by hard/soft limit. - [ ] improved logging with useful instrumentation - [ ] Got warning: "WARN subscribe_new_heads:send_block: web3_proxy::connection: unable to get block from https://rpc.ethermine.org: Deserialization Error: expected value at line 1 column 1. Response: error code: 1015". this is cloudflare rate limiting on fetching a block, but this is a private rpc. why is there a block subscription? -- [ ] basic transaction firewall - - this is part done, but we need to pick a database schema to check - [ ] cli for creating and editing api keys -- [ ] cli for blocking malicious contracts with the firewall - [ ] Api keys need option to lock to IP, cors header, etc - [ ] Only subscribe to transactions when someone is listening and if the server has opted in to it - [ ] When sending eth_sendRawTransaction, retry errors @@ -153,7 +150,6 @@ new endpoints for users: - look at average request time for getBlock? i'm not sure how good a proxy that will be for serving eth_call, but its a start - https://crates.io/crates/histogram-sampler - [ ] interval for http subscriptions should be based on block time. load from config is easy, but better to query. currently hard coded to 13 seconds -- [ ] improve transaction firewall - [ ] handle user payments - [ ] Load testing script so we can find optimal cost servers diff --git a/migration/src/m20220101_000001_create_table.rs b/migration/src/m20220101_000001_create_table.rs index 04e15ca2..2f488930 100644 --- a/migration/src/m20220101_000001_create_table.rs +++ b/migration/src/m20220101_000001_create_table.rs @@ -69,29 +69,6 @@ impl MigrationTrait for Migration { ) .await?; - // block list for the transaction firewall - manager - .create_table( - Table::create() - .table(BlockList::Table) - .col( - ColumnDef::new(BlockList::Id) - .big_integer() - .not_null() - .auto_increment() - .primary_key(), - ) - .col( - ColumnDef::new(BlockList::Address) - .binary_len(20) - .not_null() - .unique_key(), - ) - .col(ColumnDef::new(BlockList::Description).string()) - .to_owned(), - ) - .await?; - // api keys manager .create_table( @@ -151,9 +128,6 @@ impl MigrationTrait for Migration { manager .drop_table(Table::drop().table(SecondaryUser::Table).to_owned()) .await?; - manager - .drop_table(Table::drop().table(BlockList::Table).to_owned()) - .await?; manager .drop_table(Table::drop().table(UserKeys::Table).to_owned()) .await?; @@ -190,15 +164,6 @@ enum SecondaryUser { Role, } -// TODO: creation time? -#[derive(Iden)] -enum BlockList { - Table, - Id, - Address, - Description, -} - /* -- TODO: foreign keys -- TODO: index on api_key diff --git a/web3_proxy/src/app.rs b/web3_proxy/src/app.rs index 7153795b..41c72329 100644 --- a/web3_proxy/src/app.rs +++ b/web3_proxy/src/app.rs @@ -32,7 +32,6 @@ use tracing::{info, info_span, instrument, trace, warn, Instrument}; use crate::bb8_helpers; use crate::config::AppConfig; use crate::connections::Web3Connections; -use crate::firewall::check_firewall_raw; use crate::jsonrpc::JsonRpcForwardedResponse; use crate::jsonrpc::JsonRpcForwardedResponseEnum; use crate::jsonrpc::JsonRpcRequest; @@ -887,27 +886,13 @@ impl Web3ProxyApp { } // TODO: eth_sendBundle (flashbots command) // broadcast transactions to all private rpcs at once - "eth_sendRawTransaction" => match &request.params { - Some(serde_json::Value::Array(params)) => { - // parsing params like this is gross. make struct and use serde to do all these checks and error handling - if params.len() != 1 || !params[0].is_string() { - return Err(anyhow::anyhow!("invalid request")); - } - - let raw_tx = Bytes::from_str(params[0].as_str().unwrap())?; - - if check_firewall_raw(&raw_tx).await? { - return self - .private_rpcs - .try_send_all_upstream_servers(request, None) - .instrument(span) - .await; - } else { - return Err(anyhow::anyhow!("transaction blocked by firewall")); - } - } - _ => return Err(anyhow::anyhow!("invalid request")), - }, + "eth_sendRawTransaction" => { + return self + .private_rpcs + .try_send_all_upstream_servers(request, None) + .instrument(span) + .await; + } "eth_syncing" => { // TODO: return a real response if all backends are syncing or if no servers in sync json!(false) diff --git a/web3_proxy/src/firewall.rs b/web3_proxy/src/firewall.rs deleted file mode 100644 index f6584165..00000000 --- a/web3_proxy/src/firewall.rs +++ /dev/null @@ -1,68 +0,0 @@ -//! transaction firewall -//! -//! block any transactions interacting with known malicious contracts -//! -//! this could be fancy and fetch abis and actually look for dangerous addresses -//! for now, it just checks a few commonly abused functions - -use ethers::prelude::{Bytes, Transaction}; -use ethers::utils::rlp; -use std::str::FromStr; - -pub async fn check_firewall_raw(raw: &Bytes) -> anyhow::Result { - let tx = rlp::decode(raw.as_ref())?; - - let is_allowed = check_firewall(tx).await; - - Ok(is_allowed) -} - -pub async fn check_firewall(tx: Transaction) -> bool { - match tx.to { - None => return true, - Some(to) => { - // TODO: check our database for known malicious addresses - if false { - return false; - } - } - } - - // TODO: do this better - let approve_method = Bytes::from_str("0x9999999999").unwrap(); - let transfer_method = Bytes::from_str("0xa9059cbb").unwrap(); - let transfer_from_method = Bytes::from_str("0x9999999999").unwrap(); - let transfer_ownership_method = Bytes::from_str("0x9999999999").unwrap(); - - match &tx.input.as_ref()[..4] { - x if x == approve_method.as_ref() => { - // TODO: decode the calldata - if false { - return false; - } - true - } - x if x == transfer_method.as_ref() => { - // TODO: decode the calldata - if false { - return false; - } - true - } - x if x == transfer_from_method.as_ref() => { - // TODO: decode the calldata - if false { - return false; - } - true - } - x if x == transfer_ownership_method.as_ref() => { - // TODO: decode the calldata - if false { - return false; - } - true - } - _ => true, - } -} diff --git a/web3_proxy/src/lib.rs b/web3_proxy/src/lib.rs index 22318914..1e2b5eaf 100644 --- a/web3_proxy/src/lib.rs +++ b/web3_proxy/src/lib.rs @@ -3,7 +3,6 @@ pub mod bb8_helpers; pub mod config; pub mod connection; pub mod connections; -pub mod firewall; pub mod frontend; pub mod jsonrpc; pub mod users;