Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ens-proxy-sdk
Advanced tools
Ethers client extended with on-chain ENS resolution using either a PublicEnsProxy or OwnableEnsProxy, depending on your use case.
When resolving ENS names, you probably make a call to the ENS registry/resolver to get an address and then you execute a transaction using that address. Although uncommon, this makes you vulnerable to MITM (man in the middle) attacks, deep reorgs or any other possible attack vectors that lead to a dirty read. With the ENS proxy SDK, you can be confident that any interaction with, say "omarsayha.eth", is in fact directed to the owner of "omarsayha.eth".
There are two types of contracts that you can use to make this interaction, both with the same interface but different privileges:
PublicEnsProxy:
OwnableEnsProxy:
const signer = ethers.provider.getSigner();
const ownableEnsProxyFactory = new Contract(
TODO_ADDRESS,
ownableEnsProxyJson.abi,
signer,
) as OwnableEnsProxyFactory;
await ownableEnsProxyFactory.deployed();
const tx = await ownableEnsProxyFactory.connect(signer).createEnsProxy();
const receipt = await tx.wait();
const { ensProxyAddress } = (receipt.events?.[0] as OwnableEnsProxyCreatedEvent)
.args;
const ownableSafeEns = new SafeEns(ensProxyAddress, signer);
With Yarn:
yarn add @ens-proxy-sdk
Or with NPM:
npm install @ens-proxy-sdk
const ENS_PROXY_ADDRESS = TODO_ADDRESS; // either the PublicEnsProxy address or your OwnableEnsProxy address
const signer = ethers.provider.getSigner();
const safeEns = new SafeEns(ENS_PROXY_ADDRESS, signer);
// Send eth (NOTE: units are in wei):
safeEns.sendEth("omarsayha.eth", "100000000000000000");
// NOTE: Since there are thousands of smart contracts you can interact with,
// the following example expects you to replace everything starting with YOUR
const contract = safeEns.newContract<YourContractType>(
yourContractAddress,
yourContractAbi,
);
// Interact with a contract using the proxy:
const tx1 = await contract.yourMintMethod("omarsayha.eth");
// Interact with a contract without using the proxy:
const tx2 = await contract.baseContract.yourTransferMethod("omarsayha.eth");
FAQs
SDK for interacting with smart contracts via an ENS proxy
The npm package ens-proxy-sdk receives a total of 0 weekly downloads. As such, ens-proxy-sdk popularity was classified as not popular.
We found that ens-proxy-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.