From a996ffb441fcdb43281901209005927dab3fda48 Mon Sep 17 00:00:00 2001 From: Bryan Stitt Date: Wed, 13 Jul 2022 23:51:29 +0000 Subject: [PATCH] add firewall file --- web3-proxy/src/firewall.rs | 68 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 web3-proxy/src/firewall.rs diff --git a/web3-proxy/src/firewall.rs b/web3-proxy/src/firewall.rs new file mode 100644 index 00000000..f6584165 --- /dev/null +++ b/web3-proxy/src/firewall.rs @@ -0,0 +1,68 @@ +//! transaction firewall +//! +//! block any transactions interacting with known malicious contracts +//! +//! this could be fancy and fetch abis and actually look for dangerous addresses +//! for now, it just checks a few commonly abused functions + +use ethers::prelude::{Bytes, Transaction}; +use ethers::utils::rlp; +use std::str::FromStr; + +pub async fn check_firewall_raw(raw: &Bytes) -> anyhow::Result { + let tx = rlp::decode(raw.as_ref())?; + + let is_allowed = check_firewall(tx).await; + + Ok(is_allowed) +} + +pub async fn check_firewall(tx: Transaction) -> bool { + match tx.to { + None => return true, + Some(to) => { + // TODO: check our database for known malicious addresses + if false { + return false; + } + } + } + + // TODO: do this better + let approve_method = Bytes::from_str("0x9999999999").unwrap(); + let transfer_method = Bytes::from_str("0xa9059cbb").unwrap(); + let transfer_from_method = Bytes::from_str("0x9999999999").unwrap(); + let transfer_ownership_method = Bytes::from_str("0x9999999999").unwrap(); + + match &tx.input.as_ref()[..4] { + x if x == approve_method.as_ref() => { + // TODO: decode the calldata + if false { + return false; + } + true + } + x if x == transfer_method.as_ref() => { + // TODO: decode the calldata + if false { + return false; + } + true + } + x if x == transfer_from_method.as_ref() => { + // TODO: decode the calldata + if false { + return false; + } + true + } + x if x == transfer_ownership_method.as_ref() => { + // TODO: decode the calldata + if false { + return false; + } + true + } + _ => true, + } +}