d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/rpc-translator-138/SMART_INTERCEPTION_IMPLEMENTED.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

5.4 KiB
Raw Permalink Blame History

Smart Interception - Implementation Complete

Date: 2026-01-06
Status: IMPLEMENTED

What Was Implemented

1. Added hasKey() Method to Web3SignerClient

File: src/clients/web3signer-client.ts

Added a new method to check if an address has a key loaded in Web3Signer:

async hasKey(address: string): Promise<boolean> {
  // Gets all public keys from Web3Signer
  // Checks if the address is in the list
  // Returns false if check fails (allows pass-through)
}

2. Modified RPC Handler for Smart Interception

File: src/handlers/rpc-handler.ts

Changes:

  • Added Web3SignerClient as optional constructor parameter
  • Modified handleInterceptedMethod() to check if address has key before intercepting
  • If no key: Pass through to Besu (user wallet like MetaMask)
  • If key exists: Intercept and sign via Web3Signer (service wallet)

Logic Flow:

eth_sendTransaction received
    ↓
Check if address has key in Web3Signer
    ↓
    ├─→ No key? → Pass through to Besu (user wallet)
    └─→ Has key? → Intercept and sign via Web3Signer (service wallet)

3. Updated Main Entry Point

File: src/main.ts

  • Pass web3SignerClient to RpcHandler constructor
  • Enables smart interception functionality

How It Works

For User Wallets (MetaMask)

  1. User connects MetaMask wallet
  2. Thirdweb SDK calls eth_sendTransaction
  3. Translator checks: Does address have key in Web3Signer? NO
  4. Translator passes through to Besu
  5. Besu returns error (doesn't support unsigned transactions)
  6. OR MetaMask signs locally and uses eth_sendRawTransaction (already works )

For Service Wallets (Web3Signer)

  1. Service wallet address has key in Web3Signer
  2. Thirdweb SDK calls eth_sendTransaction (unsigned)
  3. Translator checks: Does address have key in Web3Signer? YES
  4. Translator intercepts and signs via Web3Signer
  5. Translator converts to eth_sendRawTransaction
  6. Translator submits to Besu

Benefits

  1. Automatic Detection: No manual allowlist configuration needed for user wallets
  2. MetaMask Compatible: User wallets automatically pass through
  3. Service Wallet Support: Service wallets still get signed via Web3Signer
  4. Backward Compatible: Existing allowlist still works as additional security layer
  5. Fail-Safe: If Web3Signer check fails, defaults to pass-through

Configuration

Allowlist Behavior

With Smart Interception:

  • Allowlist is now optional for user wallets
  • Allowlist still provides additional security for service wallets
  • Empty allowlist = allow all (not recommended for production)
  • Populated allowlist = only listed addresses can send transactions

Recommended:

  • Keep allowlist with only service wallet addresses
  • User wallets don't need to be in allowlist (they pass through automatically)

Testing

Test User Wallet (MetaMask)

# This should pass through to Besu
curl -X POST http://192.168.11.240:9545 \
  -H 'Content-Type: application/json' \
  -d '{
    "jsonrpc": "2.0",
    "method": "eth_sendTransaction",
    "params": [{
      "from": "0x71e81eaec98e507f68bbcf5e2005f179db851603",
      "to": "0x0000000000000000000000000000000000000000",
      "value": "0x0"
    }],
    "id": 1
  }'

Expected: Passes through to Besu (may return error from Besu if unsigned)

Test Service Wallet

# Get a service wallet address from Web3Signer
ADDRESS=$(curl -s http://192.168.11.111:9000/api/v1/eth1/publicKeys | jq -r '.[0]')

# This should be intercepted and signed
curl -X POST http://192.168.11.240:9545 \
  -H 'Content-Type: application/json' \
  -d "{
    \"jsonrpc\": \"2.0\",
    \"method\": \"eth_sendTransaction\",
    \"params\": [{
      \"from\": \"$ADDRESS\",
      \"to\": \"0x0000000000000000000000000000000000000000\",
      \"value\": \"0x0\"
    }],
    \"id\": 1
  }"

Expected: Intercepted, signed via Web3Signer, submitted to Besu

Deployment

Step 1: Build

cd /home/intlc/projects/proxmox/rpc-translator-138
pnpm run build

Step 2: Deploy to All VMIDs

./scripts/deploy-all-vmids.sh

Step 3: Verify

# Check logs for smart interception messages
ssh -i ~/.ssh/proxmox_translator root@192.168.11.240 "journalctl -u rpc-translator-138.service -n 50 --no-pager | grep -i 'has.*key\|pass.*through\|intercepting'"

Code Changes Summary

Files Modified

  1. src/clients/web3signer-client.ts

    • Added hasKey(address: string): Promise<boolean> method

  2. src/handlers/rpc-handler.ts

    • Added web3SignerClient?: Web3SignerClient parameter
    • Modified handleInterceptedMethod() with smart interception logic
    • Added key check before intercepting

  3. src/main.ts

    • Pass web3SignerClient to RpcHandler constructor

  4. src/interceptors/tx-interceptor.ts

    • Updated comment in validateTx() to reflect smart interception behavior

Next Steps

  1. Build the project: pnpm run build
  2. Deploy to VMIDs: ./scripts/deploy-all-vmids.sh
  3. Test with MetaMask: Connect MetaMask and send transaction
  4. Test with service wallet: Send transaction from address with key in Web3Signer
  5. Monitor logs: Check for smart interception messages

Status: Smart interception implemented and ready for deployment!

Reference in New Issue View Git Blame Copy Permalink