-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve trust ratio of rpcs served #60
Comments
My rpc manager compares permit2 bytecode to verify rpcs. It works well! |
This is not regarding a 'health check' which is what you are referring to. Eresdev could explain better but it's that the RPC provider might be a bad actor and our RPC requests can be used to hijack the card feature. |
Tell me more about it?
If I am not mistaken, I recall seeing "official" flag with the list of chainlist rpcs which were official rpcs by the the blockchains, but I don't see that anymore. Anyways, one of the solutions is to have such rpcs taken from official websites like https://docs.gnosischain.com/tools/RPC%20Providers/ We don't need to go for all blockchains at once. Maybe we can start with only those that we are using and later add others. This improvement can be offered by a new class A second even easier solution is to have hardcoded trusted rpcs in the backend pages functions of the card feature, and not use rpc-handler there. This improvement is needed only if you don't trust the rpcs by chainlist. I have mixed feelings. We can also control this by keeping a limited balance in reloadly for now. |
I love this approach actually because if we ever return the Ubiquity RPCs that once were then they could live here too as they'd be the most trusted
It's unclear to me whether we are supporting all networks with cards right off the bat or if you intend on releasing chains gradually, if so this sounds good but personally I'd prefer the new function as it sounds more useful and re-useable. You could pass the whitelist from the ui logic into the handler instead of constantly updating the handler pkg with new rpcs. |
What exactly can a "nefarious rpc provider do" As I understand either it can process requests accurately or revert, and nothing in between. @rndquu rfc
|
In our card feature backend, we read the blockchain state to confirm that the user has already transferred a permit to our treasury before giving them a card. If the user injects the nefarious rpc (which they control), they can give answers according to our criteria, they can mint a card without transferring a real permit amount to card treasury. |
Perhaps this is possible but isn't the chances for theirs to be chosen quite slim? And they can only have one shot per permit, right? In this case we can consider it a low priority task? |
If
Chances are slim. I suppose the safest option is to finally run a private node and use https://github.com/ubiquity/rpc-handler as a fallback. |
This is only for mainnet. Also we couldn't get this to work again after I disabled it some time ago. |
The easier option is to use handpicked official RPCs in the backend functions. 2 rpcs for each network are good enough. Easy to do and easy to maintain. Or, this can also be automated by introducing Having a private node that supports all networks we use only for this purpose feels like more work and probably some cost. |
Whitelisting a public "official" node or even a private node (deployed via smth like https://chainstack.com/protocols/gnosis-chain/) doesn't solve the issue when RPC node becomes malicious. Here are 2 issues actually:
|
I like 2 better because then we don't have to worry about this problem again. I think it could be interesting to add a special method to the RPC handler where it references something like We can use this method exactly for applications like this. But it isn't clear to me how we can make the request to test the response without writing to the chain. |
To sum up, as a part of this issue we could add a new method
In the end here we should be able to call smth like P.S. The |
@EresDev has made it known it's possible for pay.ubq.fi' new card feature to be taken over/hijacked by an RPC provider if it turns out they are nefarious.
This is how chainlist fetch their RPC list which we also use, they validate chains based on DeFiLlama TVL stats.
Their UI produces a "Score" value but I don't think that's something we can use to determine a level of trust and I think it may be UI specific as there's nothing like that returned from in this json
Problems:
Solutions:
I was contacted on TG a while back with a shill for this https://github.com/erpc/erpc, which is our
rpc-handler
on steroids by the looks of it, idk if we are considering just replacing this package completely in place of a 3rd party offering, are we?original context
The text was updated successfully, but these errors were encountered: