Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ens-proxy-sdk
Advanced tools
Ethers client extended with on-chain ENS resolution using either a PublicEnsProxy or OwnableEnsProxy, depending on your use case.
When resolving ENS names, you probably make a call to the ENS registry/resolver to get an address and then you execute a transaction using that address. Although uncommon, this makes you vulnerable to MITM (man in the middle) attacks, deep reorgs or any other possible attack vectors that lead to a dirty read. With the ENS proxy SDK, you can be confident that any interaction with, say "omarsayha.eth", is in fact directed to the owner of "omarsayha.eth".
There are two types of contracts that you can use to make this interaction, both with the same interface but different privileges:
PublicEnsProxy:
OwnableEnsProxy:
With Yarn:
yarn add @ens-proxy-sdk
Or with NPM:
npm install @ens-proxy-sdk
Example of using PublicEnsProxy:
import { SafeEns, PUBLIC_ENS_PROXY_ADDRESS } from "ens-proxy-sdk";
import { ethers } from "ethers";
const signer = ethers.provider.getSigner();
// Use public ens to send eth to omarsayha.eth
const publicSafeEns = new SafeEns(PUBLIC_ENS_PROXY_ADDRESS, signer);
const publicSendEthTx = await publicSafeEns.sendEth(
"omarsayha.eth",
"100000000000000000", // NOTE: units are in wei
);
await publicSendEthTx.wait();
Example of using your own OwnableEnsProxy:
import {
SafeEns,
OwnableEnsProxyFactory,
OwnableEnsProxyCreatedEvent,
OwnableEnsProxyFactoryJson,
OWNABLE_ENS_PROXY_FACTORY_ADDRESS,
} from "ens-proxy-sdk";
import { ethers } from "ethers";
const signer = ethers.provider.getSigner();
// Create your own ownable ens proxy
const ownableEnsProxyFactory = new Contract(
OWNABLE_ENS_PROXY_FACTORY_ADDRESS,
OwnableEnsProxyFactoryJson.abi,
signer,
) as OwnableEnsProxyFactory;
await ownableEnsProxyFactory.deployed();
const createEnsProxyTx = await ownableEnsProxyFactory
.connect(signer)
.createEnsProxy();
const createEnsProxyTxReceipt = await createEnsProxyTx.wait();
const { ensProxyAddress } = (
createEnsProxyTxReceipt.events?.[0] as OwnableEnsProxyCreatedEvent
).args;
// Use the created ownable ens proxy to send eth
const ownableSafeEns = new SafeEns(ensProxyAddress, signer);
const ownableSendEthTx = await ownableSafeEns.sendEth(
"omarsayha.eth",
"100000000000000000", // NOTE: units are in wei
);
await ownableSendEthTx.wait();
FAQs
SDK for interacting with smart contracts via an ENS proxy
The npm package ens-proxy-sdk receives a total of 0 weekly downloads. As such, ens-proxy-sdk popularity was classified as not popular.
We found that ens-proxy-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.