tornadocontrib/ web3-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove incomplete code

This commit is contained in:
Bryan Stitt 2022-08-09 16:54:05 +00:00
parent 71b07f0e45
commit 7802d9b6f7
5 changed files with 7 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
TODO.md
View File

@ -99,10 +99,7 @@
- [ ] right now we send too many getTransaction queries to the private rpc tier and i are being rate limited by some of them. change to be serial and weight by hard/soft limit. - [ ] right now we send too many getTransaction queries to the private rpc tier and i are being rate limited by some of them. change to be serial and weight by hard/soft limit.
- [ ] improved logging with useful instrumentation - [ ] improved logging with useful instrumentation
- [ ] Got warning: "WARN subscribe_new_heads:send_block: web3_proxy::connection: unable to get block from https://rpc.ethermine.org: Deserialization Error: expected value at line 1 column 1. Response: error code: 1015". this is cloudflare rate limiting on fetching a block, but this is a private rpc. why is there a block subscription? - [ ] Got warning: "WARN subscribe_new_heads:send_block: web3_proxy::connection: unable to get block from https://rpc.ethermine.org: Deserialization Error: expected value at line 1 column 1. Response: error code: 1015". this is cloudflare rate limiting on fetching a block, but this is a private rpc. why is there a block subscription?
- [ ] basic transaction firewall
- this is part done, but we need to pick a database schema to check
- [ ] cli for creating and editing api keys - [ ] cli for creating and editing api keys
- [ ] cli for blocking malicious contracts with the firewall
- [ ] Api keys need option to lock to IP, cors header, etc - [ ] Api keys need option to lock to IP, cors header, etc
- [ ] Only subscribe to transactions when someone is listening and if the server has opted in to it - [ ] Only subscribe to transactions when someone is listening and if the server has opted in to it
- [ ] When sending eth_sendRawTransaction, retry errors - [ ] When sending eth_sendRawTransaction, retry errors
@ -153,7 +150,6 @@ new endpoints for users:
- look at average request time for getBlock? i'm not sure how good a proxy that will be for serving eth_call, but its a start - look at average request time for getBlock? i'm not sure how good a proxy that will be for serving eth_call, but its a start
- https://crates.io/crates/histogram-sampler - https://crates.io/crates/histogram-sampler
- [ ] interval for http subscriptions should be based on block time. load from config is easy, but better to query. currently hard coded to 13 seconds - [ ] interval for http subscriptions should be based on block time. load from config is easy, but better to query. currently hard coded to 13 seconds
- [ ] improve transaction firewall
- [ ] handle user payments - [ ] handle user payments
- [ ] Load testing script so we can find optimal cost servers - [ ] Load testing script so we can find optimal cost servers

35
migration/src/m20220101_000001_create_table.rs
View File

@ -69,29 +69,6 @@ impl MigrationTrait for Migration {
) )
.await?; .await?;
// block list for the transaction firewall
manager
.create_table(
Table::create()
.table(BlockList::Table)
.col(
ColumnDef::new(BlockList::Id)
.big_integer()
.not_null()
.auto_increment()
.primary_key(),
)
.col(
ColumnDef::new(BlockList::Address)
.binary_len(20)
.not_null()
.unique_key(),
)
.col(ColumnDef::new(BlockList::Description).string())
.to_owned(),
)
.await?;
// api keys // api keys
manager manager
.create_table( .create_table(
@ -151,9 +128,6 @@ impl MigrationTrait for Migration {
manager manager
.drop_table(Table::drop().table(SecondaryUser::Table).to_owned()) .drop_table(Table::drop().table(SecondaryUser::Table).to_owned())
.await?; .await?;
manager
.drop_table(Table::drop().table(BlockList::Table).to_owned())
.await?;
manager manager
.drop_table(Table::drop().table(UserKeys::Table).to_owned()) .drop_table(Table::drop().table(UserKeys::Table).to_owned())
.await?; .await?;
@ -190,15 +164,6 @@ enum SecondaryUser {
Role, Role,
} }
// TODO: creation time?
#[derive(Iden)]
enum BlockList {
Table,
Id,
Address,
Description,
}
/* /*
-- TODO: foreign keys -- TODO: foreign keys
-- TODO: index on api_key -- TODO: index on api_key

29
web3_proxy/src/app.rs
View File

@ -32,7 +32,6 @@ use tracing::{info, info_span, instrument, trace, warn, Instrument};
use crate::bb8_helpers; use crate::bb8_helpers;
use crate::config::AppConfig; use crate::config::AppConfig;
use crate::connections::Web3Connections; use crate::connections::Web3Connections;
use crate::firewall::check_firewall_raw;
use crate::jsonrpc::JsonRpcForwardedResponse; use crate::jsonrpc::JsonRpcForwardedResponse;
use crate::jsonrpc::JsonRpcForwardedResponseEnum; use crate::jsonrpc::JsonRpcForwardedResponseEnum;
use crate::jsonrpc::JsonRpcRequest; use crate::jsonrpc::JsonRpcRequest;
@ -887,27 +886,13 @@ impl Web3ProxyApp {
} }
// TODO: eth_sendBundle (flashbots command) // TODO: eth_sendBundle (flashbots command)
// broadcast transactions to all private rpcs at once // broadcast transactions to all private rpcs at once
"eth_sendRawTransaction" => match &request.params { "eth_sendRawTransaction" => {
Some(serde_json::Value::Array(params)) => { return self
// parsing params like this is gross. make struct and use serde to do all these checks and error handling .private_rpcs
if params.len() != 1 || !params[0].is_string() { .try_send_all_upstream_servers(request, None)
return Err(anyhow::anyhow!("invalid request")); .instrument(span)
} .await;
}
let raw_tx = Bytes::from_str(params[0].as_str().unwrap())?;
if check_firewall_raw(&raw_tx).await? {
return self
.private_rpcs
.try_send_all_upstream_servers(request, None)
.instrument(span)
.await;
} else {
return Err(anyhow::anyhow!("transaction blocked by firewall"));
}
}
_ => return Err(anyhow::anyhow!("invalid request")),
},
"eth_syncing" => { "eth_syncing" => {
// TODO: return a real response if all backends are syncing or if no servers in sync // TODO: return a real response if all backends are syncing or if no servers in sync
json!(false) json!(false)

68
web3_proxy/src/firewall.rs
View File

@ -1,68 +0,0 @@
//! transaction firewall
//!
//! block any transactions interacting with known malicious contracts
//!
//! this could be fancy and fetch abis and actually look for dangerous addresses
//! for now, it just checks a few commonly abused functions
use ethers::prelude::{Bytes, Transaction};
use ethers::utils::rlp;
use std::str::FromStr;
pub async fn check_firewall_raw(raw: &Bytes) -> anyhow::Result<bool> {
let tx = rlp::decode(raw.as_ref())?;
let is_allowed = check_firewall(tx).await;
Ok(is_allowed)
}
pub async fn check_firewall(tx: Transaction) -> bool {
match tx.to {
None => return true,
Some(to) => {
// TODO: check our database for known malicious addresses
if false {
return false;
}
}
}
// TODO: do this better
let approve_method = Bytes::from_str("0x9999999999").unwrap();
let transfer_method = Bytes::from_str("0xa9059cbb").unwrap();
let transfer_from_method = Bytes::from_str("0x9999999999").unwrap();
let transfer_ownership_method = Bytes::from_str("0x9999999999").unwrap();
match &tx.input.as_ref()[..4] {
x if x == approve_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
x if x == transfer_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
x if x == transfer_from_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
x if x == transfer_ownership_method.as_ref() => {
// TODO: decode the calldata
if false {
return false;
}
true
}
_ => true,
}
}

1
web3_proxy/src/lib.rs
View File

@ -3,7 +3,6 @@ pub mod bb8_helpers;
pub mod config; pub mod config;
pub mod connection; pub mod connection;
pub mod connections; pub mod connections;
pub mod firewall;
pub mod frontend; pub mod frontend;
pub mod jsonrpc; pub mod jsonrpc;
pub mod users; pub mod users;