
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@resolverworks/ezccip
Advanced tools
Turnkey EIP-3668: CCIP-Read Handler for ENS and arbitrary functions.
npm i @resolverworks/ezccip
✓
"tor"
— resolverworks/TheOffchainResolver.sol"ens"
— ensdomains/offchain-resolver and ccip.tools"raw"
— raw response (EVM Gateway, testing, etc.)enableENSIP10()
drop-in support for resolverworks/enson.js Record-typeresolve(name, multicall([...]))
multicall([resolve(name, ...), ...])
multicall([resolve(name, multicall([...])), ...])
serve()
to quickly launch a servernpm run start
— starts a CCIP-Read server for TOR protocol using serve()
http://localhost:8016
0xd00d726b2aD6C81E894DC6B87BE6Ce9c5572D2cd http://localhost:8016
"tor"
protocol on Mainnet): ezccip.raffy.xyz
0x7CE6Cf740075B5AF6b1681d67136B84431B43AbD
0xd00d726b2aD6C81E894DC6B87BE6Ce9c5572D2cd https://raffy.xyz/ezccip/0x7CE6Cf740075B5AF6b1681d67136B84431B43AbD
"tor"
protocol on Sepolia): ezccip.eth
0x3c187BAb6dC2C94790d4dA5308672e6F799DcEC3
0xd00d726b2aD6C81E894DC6B87BE6Ce9c5572D2cd https://raffy.xyz/ezccip/0x3c187BAb6dC2C94790d4dA5308672e6F799DcEC3
"ens"
protocol on Mainnet) ens.ezccip.raffy.xyz
0xd00d726b2aD6C81E894DC6B87BE6Ce9c5572D2cd https://raffy.xyz/ezccip/0x3CA097Edd180Ea2C2436BD30c021Ca20869087a0
Create an instance and register some handlers.
import {EZCCIP} from '@resolverworks/ezccip';
let ezccip = new EZCCIP();
// implement an arbitrary function
ezccip.register('add(uint256, uint256) returns (uint256)', ([a, b]) => [a + b]);
// implement a wildcard ENSIP-10 resolver
// which handles resolve() automatically
ezccip.enableENSIP10(async (name, context) => {
return {
async text(key) {
switch (key) {
case 'name': return 'Raffy';
case 'avatar': return 'https://raffy.antistupid.com/ens.jpg';
}
},
};
});
// more complicated example
let abi = new ethers.Interface([
'function f(bytes32 x) returns (string)',
'function g(uint256 a, uint256 b) returns (uint256)',
]);
ezccip.register(abi, { // register multiple functions at once using existing ABI
async ['f(bytes32)']([x], context, history) { // match function by signature
history.show = [context.sender]; // replace arguments of f(...) in logger
history.name = 'Chonk'; // rename f() to Chonk() in logger
return [context.calldata]; // echo incoming calldata
},
async ['0xe2179b8e']([a, b], context) { // match by selector
context.protocol = "tor"; // override signing protocol
return ethers.toBeHex(1337n, 32); // return raw encoded result
}
});
When your server has a request for CCIP-Read, use EZCCIP to produce a response.
let {sender, data: calldata} = JSON.parse(req.body); // ABI-encoded request in JSON from EIP-3668
let {data, history} = await ezccip.handleRead(sender, calldata, {
protocol: 'tor', // default, tor requires signingKey + resolver
signingKey, // your private key
});
reply.json({data}); // ABI-encoded response in JSON for EIP-3668
console.log(history.toString()); // description of response
GET
, POST
, or query directlycontext
carries useful information about the incoming requesthistory
collects information as the response is generatedStart a simple server for an EZCCIP instance or a function representing the enableENSIP10()
handler.
import {serve} from '@resolverworks/ezccip/serve';
let ccip = await serve(ezccip); // see types for more configuration
// ...
await ccip.shutdown();
// minimal example:
// return fixed text() for any name
await serve(() => { text: () => 'Raffy' });
sender
may not be the originating contract
origin
into the endpoint as a path component:
http://my.server/.../0xABCD/...
origin = 0xABCD
parseOrigin(path: string) => string
to extract origin
from an arbitrary pathorigin
origin
is not detected, origin = sender
Apply ENSIP-10 calldata
to a Record
-object and generate the corresponding ABI-encoded response. This is a free-function.
let record = {
text(key) { if (key == 'name') return 'raffy'; }
addr(type) { if (type == 60) return '0x1234'; }
};
let calldata = '0x...'; // encodeFunctionData('text', ['name']);
let res = await processENSIP10(record, calldata); // encodeFunctionResult('text', ['raffy']);
FAQs
Turnkey CCIP-Read Handler
The npm package @resolverworks/ezccip receives a total of 2 weekly downloads. As such, @resolverworks/ezccip popularity was classified as not popular.
We found that @resolverworks/ezccip demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.