add forgecmd changes

flashbots · Feb 21, 2024 · c9495c5 · c9495c5
1 parent a23cb5c
commit c9495c5
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 6 deletions.
diff --git a/cmd/geth/forgecmd.go b/cmd/geth/forgecmd.go
@@ -36,6 +36,10 @@ var (
 		Name:  "whitelist",
 		Usage: `The whitelist external endpoints to call`,
 	}
+	dnsRegistryForgeFlag = &cli.StringSliceFlag{
+		Name:  "dns-registry",
+		Usage: `The DNS registry to resolve aliases to endpoints`,
+	}
 	ethBackendForgeFlag = &cli.StringFlag{
 		Name:  "eth-backend",
 		Usage: `The endpoint of the confidential eth backend`,
@@ -47,8 +51,9 @@ var (
 )
 
 type suaveForgeConfig struct {
-	Whitelist  []string `toml:"whitelist"`
-	EthBackend string   `toml:"eth_backend"`
+	Whitelist   []string          `toml:"whitelist"`
+	DnsRegistry map[string]string `toml:"dns_registry"`
+	EthBackend  string            `toml:"eth_backend"`
 }
 
 func readContext(ctx *cli.Context) (*vm.SuaveContext, error) {
@@ -87,6 +92,22 @@ func readContext(ctx *cli.Context) (*vm.SuaveContext, error) {
 	if ctx.IsSet(whiteListForgeFlag.Name) {
 		cfg.Whitelist = ctx.StringSlice(whiteListForgeFlag.Name)
 	}
+	if ctx.IsSet(dnsRegistryForgeFlag.Name) {
+		dnsRegistry := make(map[string]string)
+		for _, endpoint := range ctx.StringSlice(dnsRegistryForgeFlag.Name) {
+			parts := strings.Split(endpoint, "=")
+			if len(parts) != 2 {
+				return nil, fmt.Errorf("invalid value for remote backend endpoint: %s", endpoint)
+			}
+			chainId := new(big.Int)
+			if _, ok := chainId.SetString(parts[0], 10); !ok {
+				return nil, fmt.Errorf("invalid chain id: %s", parts[0])
+			}
+			rpcUrl := parts[1]
+			dnsRegistry[chainId.String()] = rpcUrl
+		}
+		cfg.DnsRegistry = dnsRegistry
+	}
 
 	// create the suave context
 	var suaveEthBackend suave.ConfidentialEthBackend

diff --git a/cmd/geth/forgecmd_test.go b/cmd/geth/forgecmd_test.go
@@ -33,15 +33,18 @@ func TestForgeReadConfig(t *testing.T) {
 	sCtx, err := readContext(ctx)
 	require.NoError(t, err)
 	require.Equal(t, sCtx.Backend.ExternalWhitelist, []string{"a", "b"})
+	require.Equal(t, sCtx.Backend.DnsRegistry, map[string]string{"a": "b", "c": "d"})
 	require.Equal(t, sCtx.Backend.ConfidentialEthBackend.(*suave_backends.RemoteEthBackend).Endpoint(), "suave")
 
 	// override the config if the flags are set
 	ctx.Set("eth-backend", "http://localhost:8545")
 	ctx.Set("whitelist", "c,d")
+	ctx.Set("dns-registry", "e=f,g=h")
 
 	sCtx, err = readContext(ctx)
 	require.NoError(t, err)
 	require.Equal(t, sCtx.Backend.ExternalWhitelist, []string{"c", "d"})
+	require.Equal(t, sCtx.Backend.DnsRegistry, map[string]string{"e": "f", "g": "h"})
 	require.Equal(t, sCtx.Backend.ConfidentialEthBackend.(*suave_backends.RemoteEthBackend).Endpoint(), "http://localhost:8545")
 
 	// set flags to null and use default values

diff --git a/cmd/geth/testdata/forge.toml b/cmd/geth/testdata/forge.toml
@@ -1,6 +1,7 @@
 [profile.suave]
 whitelist = ["a", "b"]
 eth_backend = "suave"
+dns_registry = { "a" = "b", "c" = "d" }
 [profile.ci.fuzz]
 runs = 10_000
 solc_version = "0.8.23"
diff --git a/core/vm/contracts_suave.go b/core/vm/contracts_suave.go
@@ -220,12 +220,20 @@ func (s *suaveRuntime) doHTTPRequest(request types.HttpRequest) ([]byte, error)
 	}
 
 	var allowed bool
-	for _, allowedDomain := range s.suaveContext.Backend.ExternalWhitelist {
-		if allowedDomain == "*" || allowedDomain == parsedURL.Hostname() {
-			allowed = true
-			break
+	// resolve dns if possible
+	if domain, ok := s.suaveContext.Backend.DnsRegistry[parsedURL.Hostname()]; ok {
+		parsedURL.Host = domain
+		allowed = true
+	} else {
+		// check if the domain is allowed
+		for _, allowedDomain := range s.suaveContext.Backend.ExternalWhitelist {
+			if allowedDomain == "*" || allowedDomain == parsedURL.Hostname() {
+				allowed = true
+				break
+			}
 		}
 	}
+
 	if !allowed {
 		return nil, fmt.Errorf("domain %s is not allowed", parsedURL.Hostname())
 	}