From a659c01f585bd6403f0cc8623a87065699ab2e9f Mon Sep 17 00:00:00 2001 From: jlafiandra6 Date: Fri, 25 Oct 2024 12:28:46 -0400 Subject: [PATCH 1/6] adding gas limit --- src/server.ts | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/server.ts b/src/server.ts index 5f35b65..c2dfa49 100644 --- a/src/server.ts +++ b/src/server.ts @@ -17,6 +17,7 @@ let PROJECT_ID = process.env.PROJECT_ID! let LOCATION_ID = process.env.LOCATION_ID! let keyRingId = process.env.KEY_RING_ID! let keyId = process.env.KEY_ID! +let TX_LIMIT = BigInt(process.env.TX_LIMIT!) kmsProvider.setPath({ projectId: PROJECT_ID, @@ -35,6 +36,12 @@ app.post('/', async (request, reply) => { reply.code(400).send({error: 'Invalid request'}); return; } + + let feesValid = await feesTooHigh(result.data); + if (!feesValid) { + reply.code(400).send({error: `Fees too high TX_LIMIT [${TX_LIMIT}] reached`}); + return; + } let signedTx = await handleEthSignTransaction(result.data); reply.code(200).send({result: signedTx}); return; @@ -50,6 +57,34 @@ app.get('/address', async (_, reply) => { return reply.code(200).send(address); }) +async function feesTooHigh(transactionArgs: TransactionArgs) { + let maxFeePerGas = BigInt(0); + let maxPriorityFeePerGas = BigInt(0); + let maxFeePerBlobGas = BigInt(0); + if (transactionArgs.maxFeePerGas ){ + maxFeePerGas = BigInt(transactionArgs.maxFeePerGas); + } + if (transactionArgs.maxPriorityFeePerGas) { + maxPriorityFeePerGas = BigInt(transactionArgs.maxPriorityFeePerGas); + } + if (transactionArgs.maxFeePerBlobGas) { + maxFeePerBlobGas = BigInt(transactionArgs.maxFeePerBlobGas); + } + + var gasCost = BigInt(transactionArgs.gas) * (maxFeePerGas + maxPriorityFeePerGas); + if (gasCost > TX_LIMIT) { + return false; + } + + if (transactionArgs.blobVersionedHashes && transactionArgs.blobVersionedHashes.length > 0) { + var blobGasCost = BigInt(transactionArgs.gas) * maxFeePerBlobGas; + if (blobGasCost > TX_LIMIT) { + return false; + } + } + return true; +} + async function handleEthSignTransaction(transactionArgs: TransactionArgs) { console.log('Transaction Args:', transactionArgs); const kzg = await loadKZG() From 7736d526afadbbd178c46c238625a05d6d3f1847 Mon Sep 17 00:00:00 2001 From: jlafiandra6 Date: Fri, 25 Oct 2024 12:39:29 -0400 Subject: [PATCH 2/6] comments --- src/server.ts | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/server.ts b/src/server.ts index c2dfa49..fa9c1c5 100644 --- a/src/server.ts +++ b/src/server.ts @@ -37,8 +37,12 @@ app.post('/', async (request, reply) => { return; } - let feesValid = await feesTooHigh(result.data); - if (!feesValid) { + if (TX_LIMIT <= 0) { + reply.code(400).send({error: `Invalid TX_LIMIT [${TX_LIMIT}]`}); + return; + } + let areFeesTooHigh = await feesTooHigh(result.data); + if (areFeesTooHigh) { reply.code(400).send({error: `Fees too high TX_LIMIT [${TX_LIMIT}] reached`}); return; } @@ -61,6 +65,9 @@ async function feesTooHigh(transactionArgs: TransactionArgs) { let maxFeePerGas = BigInt(0); let maxPriorityFeePerGas = BigInt(0); let maxFeePerBlobGas = BigInt(0); + + + if (transactionArgs.maxFeePerGas ){ maxFeePerGas = BigInt(transactionArgs.maxFeePerGas); } @@ -73,16 +80,16 @@ async function feesTooHigh(transactionArgs: TransactionArgs) { var gasCost = BigInt(transactionArgs.gas) * (maxFeePerGas + maxPriorityFeePerGas); if (gasCost > TX_LIMIT) { - return false; + return true; } if (transactionArgs.blobVersionedHashes && transactionArgs.blobVersionedHashes.length > 0) { var blobGasCost = BigInt(transactionArgs.gas) * maxFeePerBlobGas; if (blobGasCost > TX_LIMIT) { - return false; + return true; } } - return true; + return false; } async function handleEthSignTransaction(transactionArgs: TransactionArgs) { From 8a34ec195e0d724caeaf408779c0ae20ff50f6b8 Mon Sep 17 00:00:00 2001 From: jlafiandra6 Date: Fri, 25 Oct 2024 12:50:00 -0400 Subject: [PATCH 3/6] price instead of total --- src/server.ts | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/src/server.ts b/src/server.ts index fa9c1c5..3d93336 100644 --- a/src/server.ts +++ b/src/server.ts @@ -17,7 +17,8 @@ let PROJECT_ID = process.env.PROJECT_ID! let LOCATION_ID = process.env.LOCATION_ID! let keyRingId = process.env.KEY_RING_ID! let keyId = process.env.KEY_ID! -let TX_LIMIT = BigInt(process.env.TX_LIMIT!) +let TX_GASPRICE_LIMIT = BigInt(process.env.TXPRICE_LIMIT!) +let TX_BLOBPRICE_LIMIT = BigInt(process.env.TX_BLOBPRICE_LIMIT!) kmsProvider.setPath({ projectId: PROJECT_ID, @@ -37,13 +38,18 @@ app.post('/', async (request, reply) => { return; } - if (TX_LIMIT <= 0) { - reply.code(400).send({error: `Invalid TX_LIMIT [${TX_LIMIT}]`}); + if (TX_GASPRICE_LIMIT <= 0) { + reply.code(400).send({error: `Invalid TX_LIMIT [${TX_GASPRICE_LIMIT}]`}); return; } + if (TX_BLOBPRICE_LIMIT <= 0) { + reply.code(400).send({error: `Invalid TX_BLOBPRICE_LIMIT [${TX_BLOBPRICE_LIMIT}]`}); + return; + } + let areFeesTooHigh = await feesTooHigh(result.data); if (areFeesTooHigh) { - reply.code(400).send({error: `Fees too high TX_LIMIT [${TX_LIMIT}] reached`}); + reply.code(400).send({error: `Fees too high TX_GAS_LIMIT|TX_BLOBPRICE_LIMIT [${TX_GASPRICE_LIMIT} |${TX_BLOBPRICE_LIMIT}] reached`}); return; } let signedTx = await handleEthSignTransaction(result.data); @@ -78,14 +84,13 @@ async function feesTooHigh(transactionArgs: TransactionArgs) { maxFeePerBlobGas = BigInt(transactionArgs.maxFeePerBlobGas); } - var gasCost = BigInt(transactionArgs.gas) * (maxFeePerGas + maxPriorityFeePerGas); - if (gasCost > TX_LIMIT) { + var gasPrice = (maxFeePerGas + maxPriorityFeePerGas); + if (gasPrice > TX_GASPRICE_LIMIT) { return true; } if (transactionArgs.blobVersionedHashes && transactionArgs.blobVersionedHashes.length > 0) { - var blobGasCost = BigInt(transactionArgs.gas) * maxFeePerBlobGas; - if (blobGasCost > TX_LIMIT) { + if (maxFeePerBlobGas > TX_BLOBPRICE_LIMIT) { return true; } } From ed79dbb4e26ced00711a500af14a725c1b2d83b6 Mon Sep 17 00:00:00 2001 From: jlafiandra6 Date: Fri, 25 Oct 2024 12:55:01 -0400 Subject: [PATCH 4/6] addres comments --- src/server.ts | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/src/server.ts b/src/server.ts index 3d93336..21cd134 100644 --- a/src/server.ts +++ b/src/server.ts @@ -38,19 +38,13 @@ app.post('/', async (request, reply) => { return; } - if (TX_GASPRICE_LIMIT <= 0) { - reply.code(400).send({error: `Invalid TX_LIMIT [${TX_GASPRICE_LIMIT}]`}); - return; - } - if (TX_BLOBPRICE_LIMIT <= 0) { - reply.code(400).send({error: `Invalid TX_BLOBPRICE_LIMIT [${TX_BLOBPRICE_LIMIT}]`}); - return; - } - - let areFeesTooHigh = await feesTooHigh(result.data); - if (areFeesTooHigh) { - reply.code(400).send({error: `Fees too high TX_GAS_LIMIT|TX_BLOBPRICE_LIMIT [${TX_GASPRICE_LIMIT} |${TX_BLOBPRICE_LIMIT}] reached`}); - return; + + if (TX_BLOBPRICE_LIMIT > 0 || TX_GASPRICE_LIMIT > 0) { + let areFeesTooHigh = await feesTooHigh(result.data); + if (areFeesTooHigh) { + reply.code(400).send({error: `Fees too high TX_GAS_LIMIT|TX_BLOBPRICE_LIMIT [${TX_GASPRICE_LIMIT} |${TX_BLOBPRICE_LIMIT}] reached`}); + return; + } } let signedTx = await handleEthSignTransaction(result.data); reply.code(200).send({result: signedTx}); From a6cd1145a1c2b66728ce04141861524d65405932 Mon Sep 17 00:00:00 2001 From: jlafiandra6 Date: Fri, 25 Oct 2024 13:48:33 -0400 Subject: [PATCH 5/6] gas error logging --- src/server.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/server.ts b/src/server.ts index 21cd134..e5df732 100644 --- a/src/server.ts +++ b/src/server.ts @@ -41,7 +41,7 @@ app.post('/', async (request, reply) => { if (TX_BLOBPRICE_LIMIT > 0 || TX_GASPRICE_LIMIT > 0) { let areFeesTooHigh = await feesTooHigh(result.data); - if (areFeesTooHigh) { + if (areFeesTooHigh) { reply.code(400).send({error: `Fees too high TX_GAS_LIMIT|TX_BLOBPRICE_LIMIT [${TX_GASPRICE_LIMIT} |${TX_BLOBPRICE_LIMIT}] reached`}); return; } @@ -80,11 +80,13 @@ async function feesTooHigh(transactionArgs: TransactionArgs) { var gasPrice = (maxFeePerGas + maxPriorityFeePerGas); if (gasPrice > TX_GASPRICE_LIMIT) { + console.error('Tx fees too high: %d > %d', gasPrice, TX_GASPRICE_LIMIT); return true; } if (transactionArgs.blobVersionedHashes && transactionArgs.blobVersionedHashes.length > 0) { if (maxFeePerBlobGas > TX_BLOBPRICE_LIMIT) { + console.error('Blob fees too high: %d > %d', maxFeePerBlobGas, TX_BLOBPRICE_LIMIT ); return true; } } From a3a4cfeaf119173e117b1ff549afcd217d109486 Mon Sep 17 00:00:00 2001 From: jlafiandra6 Date: Fri, 25 Oct 2024 14:03:06 -0400 Subject: [PATCH 6/6] vuln scan --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index ce6242e..d926b54 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "@ethereumjs/util": "^9.0.3", "@google-cloud/kms": "^4.2.0", "asn1js": "^3.0.5", - "axios": "^1.6.8", + "axios": "^1.7.4", "bn.js": "^5.2.1", "ethers": "^6.13.1", "fast-crc32c": "github:ChainSafe/node-fast-crc32c", @@ -879,9 +879,9 @@ } }, "node_modules/axios": { - "version": "1.6.8", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.8.tgz", - "integrity": "sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==", + "version": "1.7.7", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz", + "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==", "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.0", diff --git a/package.json b/package.json index 2a57698..deaa5d8 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "@ethereumjs/util": "^9.0.3", "@google-cloud/kms": "^4.2.0", "asn1js": "^3.0.5", - "axios": "^1.6.8", + "axios": "^1.7.4", "bn.js": "^5.2.1", "ethers": "^6.13.1", "fast-crc32c": "github:ChainSafe/node-fast-crc32c",