ethereumjs / ethrpc Goto Github PK

Maximal RPC wrapper

License: MIT License

JavaScript 99.82% HTML 0.13% Dockerfile 0.05%

ethrpc's Issues

Fix websocket batch RPC

Currently throws an "unknown message received" error. Example data field is:

'[{"jsonrpc":"2.0","id":4,"result":"0x00000000000000000000000000000000000000000000021a72a75ef8d57ef000"},{"jsonrpc":"2.0","id":5,"result":"0x0000000000000000000000000000000000000000000000028c418afbbb5c0000"}]\n'

Error:

/home/brandan/node_modules/ethrpc/src/rpc/submit-request-to-blockchain.js:47
    internalState.get("transporter").blockchainRpc(jso, transportRequirements, debug.broadcast);
                                    ^
 
TypeError: Cannot read property 'blockchainRpc' of null
    at /home/brandan/node_modules/ethrpc/src/rpc/submit-request-to-blockchain.js:47:37
    at store.dispatch (/home/brandan/node_modules/redux-thunk-subscribe/src/index.js:10:18)
    at /home/brandan/node_modules/ethrpc/src/wrappers/raw.js:10:12
    at store.dispatch (/home/brandan/node_modules/redux-thunk-subscribe/src/index.js:10:18)
    at /home/brandan/node_modules/ethrpc/src/wrappers/make-wrapper.js:12:14
    at store.dispatch (/home/brandan/node_modules/redux-thunk-subscribe/src/index.js:10:18)
    at /home/brandan/node_modules/ethrpc/src/transact/call-or-send-transaction.js:31:14
    at store.dispatch (/home/brandan/node_modules/redux-thunk-subscribe/src/index.js:10:18)
    at Object.callOrSendTransaction (/home/brandan/node_modules/ethrpc/src/create-ethrpc.js:240:66)
    at Object.<anonymous> (/home/brandan/grava/tests/ethrpc.js:11:17)

Code:

var rpc = require("ethrpc");
 
rpc.connect({
    httpAddresses: ["http://localhost:9545"],
    wsAddresses: [],
    ipcAddresses: []
}, function (err) {
    console.log(err)
});
 
console.log(rpc.callOrSendTransaction({
    to: '0xfb88de099e13c3ed21f80a7a1e49f8caecf10df6',
    name: 'getIndex',
    signature: [],
    params: [],
    send: true,
    returns: 'int'
}))

Resubmit unfulfilled transactions to eth node after a predetermined timeout

Vulnerabilities reported by npm audit

Using Node 9.11.1, npm 6.4.1, Xubuntu 18.04, on ethrpc latest master branch:

jack@substrate:~/src/ethrpc$ npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
# Run  npm install --save-dev [email protected]  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimatch                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ browserify [dev]                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ browserify > glob > minimatch                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/118                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Potential Command Injection                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ shell-quote                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ browserify [dev]                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ browserify > shell-quote                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/117                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm install --save-dev [email protected]  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ethereumjs-stub-rpc-server [dev]                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ethereumjs-stub-rpc-server > ws                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/550                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm install --save-dev [email protected]  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ws [dev]                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/550                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm install --save-dev [email protected]  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Memory Exposure                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tunnel-agent                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ bufferutil [dev]                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ bufferutil > prebuild-install > tunnel-agent                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/598                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


# Run  npm install --save-dev [email protected]  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Memory Exposure                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tunnel-agent                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ utf-8-validate [dev]                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ utf-8-validate > prebuild-install > tunnel-agent             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/598                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


found 6 vulnerabilities (2 moderate, 3 high, 1 critical) in 7198 scanned packages
  run `npm audit fix` to fix 1 of them.
  5 vulnerabilities require semver-major dependency updates.

Number validation

Number validation allow number to be null or undefined

ethrpc/src/validate/validate-number.js

Lines 5 to 6 in 4f37898

    
           if (number === null) return number; 
        
           if (number === undefined) return number;

transaction validator uses this validator for gas, gas price, value, nonce -- all this fields can be empty? (null/undefined)

Add onConfirmed callback support to transact

transact should accept an optional fourth callback function, onConfirmed, which fires after some pre-set number of confirmations (i.e., block arrivals where the transaction is still valid). For example, a good default value for the number of required transactions to be "confirmed" is rpc.REQUIRED_CONFIRMATIONS=5.

The augur.rpc.txs status labels should probably be updated at the same time, since confirmed status presently refers to transactions that have been mined (but have received 0 confirmations). Better labels might be mined for freshly mined, 0-confirmation transactions and confirmed for transactions that have been confirmed rpc.REQUIRED_CONFIRMATIONS times.

Critical: ERR_OUT_OF_RANGE from websocket library

Looks like the same issue as web3/web3.js#1613

Update websocket dependency version in package.json to fix it

Upgrade transact sequence to use block subscriptions / filters

Right now the transact callback sequence uses manual polling to confirm transactions. This should be replaced with:

a shared block filter for HTTP RPC transactions, so that the chain only must be polled once for all pending transactions. To avoid unnecessary polling, the filter should probably be unset when there are no pending transactions.
a new block subscription for transactions sent over websockets/IPC, so that geth's push notifications can replace the current polling method altogether.

No error when trying to connect to geth, and no peers.

To reproduce:

Start geth and make sure there are no peers connected.
Run rpc.connect.
No error returns. hangs forever.

The issue happens because when trying to do the initial connection you do 3 things in parallel, where the first thing is ensureLatestBlock, and if you look at the code you will see that it fails silently, causing the async.parallel to hang forever.

Error: Channel does not exist

hi, what is this error? and whats the meaning channel here? - (I took the code from here: (https://github.com/ScaleDrone/react-chat-tutorial))
Error: Channel does not exist
at exports.wrapError (scaledrone.min.js:297)
at Object. (scaledrone.min.js:288)
at l (scaledrone.min.js:2)
at Object.trigger (scaledrone.min.js:2)
at WebSocket.o.onmessage (scaledrone.min.js:294)

Add full synchronous support to transact

Full synchronous support would be nice because it would make setup and debugging of long client-side sequences both simpler and more similar to the sequences in the back-end tests, which (by the time the client-side sequence is under construction) are confirmed working. transact already does the initial eth_sendTransaction invoke synchronously (if no onSent callback is supplied), but this only supplies the txHash; including the initial fire error check, call return, and mutable return value lookup would allow the whole sequence setup to be written in simple synchronous style (for tests only, of course).

[NPM AUDIT] Please update lodash dependency

Running Node 8.10.0, npm 6.4.1 on Ubuntu 18.04, after pulling latest version of ethrpc (6.1.3)

`
=== npm audit security report ===

Run npm update lodash --depth 3 to resolve 1 vulnerability

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ethrpc │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ ethrpc > async > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/782 │
└───────────────┴──────────────────────────────────────────────────────────────┘

Run npm update node.extend --depth 2 to resolve 1 vulnerability

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node.extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-yaml-config │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ node-yaml-config > node.extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/781 │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.11 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ethrpc │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ ethrpc > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/782 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 3 moderate severity vulnerabilities in 990 scanned packages
run npm audit fix to fix 2 of them.
1 vulnerability requires manual review. See the full report for details.
`

Address validation

Address validation use regexp ^0x[0-9a-fA-F]*$

ethrpc/src/validate/validate-address.js

Line 14 in 4f37898

if (!/^0x[0-9a-fA-F]*$/.test(address)) {

not sure, but should not you check checksum if address has upper case symbols?

	if (number === null) return number;
	if (number === undefined) return number;

ethereumjs / ethrpc Goto Github PK

ethrpc's Issues

Error:

Code:

Run npm update lodash --depth 3 to resolve 1 vulnerability

Run npm update node.extend --depth 2 to resolve 1 vulnerability

Recommend Projects

Recommend Topics

Recommend Org