search

foundry-rs / foundry

Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
https://getfoundry.sh
Apache License 2.0
8.17k stars 1.7k forks source link

feat(`anvil`): add the ability to disable specific RPC methods and cheatcodes in Anvil #8731

Open gtg2619 opened 1 month ago

gtg2619 commented 1 month ago

Component

Anvil

Describe the feature you would like

Description:

Currently, Anvil provides a robust set of RPC methods, including several non-standard methods that are extremely useful for development and testing. However, in certain scenarios, especially in environments that require stricter security and control, it would be beneficial to have the ability to disable specific RPC methods to prevent unintended use or tampering.

Motivation:

The ability to disable specific RPC methods would allow users to:

Ensure that certain RPC methods, which could be potentially dangerous in a controlled environment (e.g., anvil_reset, anvil_autoImpersonateAccount), are not accessible. Improve security in environments where strict RPC method control is necessary. Provide more granular control over the Anvil node configuration, aligning it with more restrictive deployment requirements. Proposed Solution:

Introduce a configuration option, either via a command-line argument or a configuration file, that allows users to specify a list of RPC methods to disable when starting the Anvil node. This could be implemented as follows:

A command-line argument such as --disable-rpc-methods "method1,method2" to disable specific methods. Alternatively, a configuration file option where users can list methods to be disabled.

Additionally, as requested in #8699 it would be beneficial to disable certain cheatcodes from being used in Anvil.

Additional context

No response

grandizzy commented 1 month ago

I think that's better (and easy achievable) with a proxy like nginx in front of anvil server

guidanoli commented 1 month ago

Related to #8699

guidanoli commented 1 month ago

I was thinking of adding an option to Anvil named something like --safe-rpc-mode, which would essentially block any RPC method that is not described in the standard Ethereum JSON-RPC API. This would, therefore, block:

Among others.

zerosnacks commented 1 month ago

Merging https://github.com/foundry-rs/foundry/issues/8699 in here, updated the title

ShantelPeters commented 1 month ago

Hi @gtg2619 can i work on this?