dev(indexer): verify event origin

kkrt-labs / kakarot-rpc

Kakarot ZK EVM Ethereum RPC adapter

MIT License

131 stars 87 forks source link

dev(indexer): verify event origin #1290

Closed greged93 closed 1 month ago

greged93 commented 1 month ago

Describe the enhancement request

Currently, we do not verify that origin of an event (present in the fromAddress field of events) is equal to the KakarotAddress. We should verify this as it could pose an issue if we ever allow arbitrary calls to Cairo contracts from Kakarot.

Details

In the function toEthLog, update the logic in order to verify that the fromAddress of each event is the KakarotAddress. This can be added in the lines below: https://github.com/kkrt-labs/kakarot-rpc/blob/3cee3db54ada8ee1622c625e51f1614c5feccb02/indexer/src/types/log.ts#L50-L53

There, you can verify that the fromAddress field of the event is equal to KAKAROT_ADDRESS which can be imported from: https://github.com/kkrt-labs/kakarot-rpc/blob/3cee3db54ada8ee1622c625e51f1614c5feccb02/indexer/src/constants.ts#L48-L52

Time: 20 min

swetshaw commented 1 month ago

Can I take this up ?

onlydustapp[bot] commented 1 month ago

Hey @swetshaw! Thanks for showing interest. We've created an application for you to contribute to Kakarot zkEVM. Go check it out on OnlyDust!

DilanHern commented 1 month ago

I am applying to this issue via OnlyDust platform.

My background and how it can be leveraged

Hello @greged93 , my name is Dilan. I´ve worked with rust a lot of times, im acquainted with the language so i think I should be able to complete this issue approximately in a week. I would like to investigate more and try to solve it. ¿Could i take this issue? I´m a responsible person so I'll try my best to help and complete the issue.

How I plan on tackling this issue

First, i'm going to see a little bit of how the project works. After I got an idea, i'm going to check in which part of the code is the problem located (in this case in the field of events). Finally i'm going to try and find a solution to the problem (which would be just to verify the origin present in "fromAddress" is the same of the ""KakarotAddress"). If i get a problem or a question about the project, i would ask in this section or if it exists, on Telegram/Discord.

onlydustapp[bot] commented 1 month ago

Hey @DilanHern! Thanks for showing interest. We've created an application for you to contribute to Kakarot zkEVM. Go check it out on OnlyDust!

greged93 commented 1 month ago

Hey sorry @DilanHern but I will assign this to Sweta as she commented first