From a996ffb441fcdb43281901209005927dab3fda48 Mon Sep 17 00:00:00 2001
From: Bryan Stitt <bryan@satoshiandkin.com>
Date: Wed, 13 Jul 2022 23:51:29 +0000
Subject: [PATCH] add firewall file

---
 web3-proxy/src/firewall.rs | 68 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 web3-proxy/src/firewall.rs

diff --git a/web3-proxy/src/firewall.rs b/web3-proxy/src/firewall.rs
new file mode 100644
index 00000000..f6584165
--- /dev/null
+++ b/web3-proxy/src/firewall.rs
@@ -0,0 +1,68 @@
+//! transaction firewall
+//!
+//! block any transactions interacting with known malicious contracts
+//!
+//! this could be fancy and fetch abis and actually look for dangerous addresses
+//! for now, it just checks a few commonly abused functions
+
+use ethers::prelude::{Bytes, Transaction};
+use ethers::utils::rlp;
+use std::str::FromStr;
+
+pub async fn check_firewall_raw(raw: &Bytes) -> anyhow::Result<bool> {
+    let tx = rlp::decode(raw.as_ref())?;
+
+    let is_allowed = check_firewall(tx).await;
+
+    Ok(is_allowed)
+}
+
+pub async fn check_firewall(tx: Transaction) -> bool {
+    match tx.to {
+        None => return true,
+        Some(to) => {
+            // TODO: check our database for known malicious addresses
+            if false {
+                return false;
+            }
+        }
+    }
+
+    // TODO: do this better
+    let approve_method = Bytes::from_str("0x9999999999").unwrap();
+    let transfer_method = Bytes::from_str("0xa9059cbb").unwrap();
+    let transfer_from_method = Bytes::from_str("0x9999999999").unwrap();
+    let transfer_ownership_method = Bytes::from_str("0x9999999999").unwrap();
+
+    match &tx.input.as_ref()[..4] {
+        x if x == approve_method.as_ref() => {
+            // TODO: decode the calldata
+            if false {
+                return false;
+            }
+            true
+        }
+        x if x == transfer_method.as_ref() => {
+            // TODO: decode the calldata
+            if false {
+                return false;
+            }
+            true
+        }
+        x if x == transfer_from_method.as_ref() => {
+            // TODO: decode the calldata
+            if false {
+                return false;
+            }
+            true
+        }
+        x if x == transfer_ownership_method.as_ref() => {
+            // TODO: decode the calldata
+            if false {
+                return false;
+            }
+            true
+        }
+        _ => true,
+    }
+}