Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
input-control-contract
Advanced tools
input-control-contract
InputControl allows you to specify the order and value of inputs that users can send to your functions. It can be used as global public infrastructure or in a private way
InputControl Contract 📜
It allows you to specify the order and value of inputs that users can send to your functions. It can be used as global public infrastructure or in a private way.
💽 Testing repo with implementation examples
💽 NPM repo
Index 📌
- General usecase explanation 🤖
- Problems Addressed 🙀
- How to use ✨
- Last Changes 📰
- Contributing 💻
- Contact 📨
- Buy me a CryptoCoffee ☕
- License MIT 📜
🤖 General Usecase Explanation 🤖
InputControl lets you set the order in which, and the value of, the inputs users can send to your functions.
Example: Imagine you want a user to invoke a function thrice—first with an input value of 1, next with 2, and finally, 3. InputControl ensures these values are used in the specified sequence. Alternatively, with the unordered option, users can provide these inputs in any order they prefer.
In broader terms, it grants permissions to users for securely (with consent) calling any function affecting a state you own on the blockchain. It acts as a platform for agreements akin to third-party function calls or consensus-driven functions involving multiple participants.
By merging it with other contracts in development, such as CallOrderControl and InteractionControl, or even using it standalone, InputControl can be a primary component for public infrastructure. This strategy can speed up development for projects requiring the features of InputControl, as outlined in the "Problems Addressed 🙀" section.
Problems Addressed 🙀
InputControl addresses several challenges. While the list below mentions 2 of them, more use-cases await discovery. Further work is ongoing on CallOrderControl and InteractionControl, which could revolutionize the orchestration of complex contract interactions involving multiple parties. Still, the focus has primarily been on InputControl since I couldn't think of real use-cases for the other Control contracts. Explore them here:
-
Decentralized Matchmaking: Imagine a decentralized gaming platform where players wager and compete. Guaranteeing both parties initiate the match and secure funds can be intricate. InputControl can manage the complexities of any game logic agreement.
-
Decentralized NFT Upgrades: Envision an NFT collection requiring a token URI update. Exclusively allowing the
updateURI()function to be callable by you might strain trust with your client. With InputControl, you can externalize the function, letting the client call it with a known, correct token URI—promoting transparency without sacrificing integrity. Imagine a NFT game implements upgrades but doesn't want the backend to handle them in a centralized way. It enables the user to do it without any user making their NFT overpowered by faking a superior upgrade. The InputControl contract would make that possible.
How to use ✨
InputControl's versatility comes in different implementations tailored for particular use-cases:
- InputControl by Inheritance (ICI): Best for single contracts.
- InputControl by Composition (ICC): Perfect for private systems with multiple contracts, especially when a single contract's code results in a "too big to be deployed" error.
- InputControl by Public (ICP): A global contract for public use. With intentions to launch across many EVM-compatible blockchains, it provides decentralized input control management for any interested contract.
How to use IC from your contracts 🧑🔧
- ICI Example: UseCaseContract.sol
- ICC Example: UseCaseContractComposite.sol
- ICP Example: UseCaseContractPublic.sol
Last Changes 📰
- 🔄 All code has been refactored: Admin based (centralized) or non-admin based (decentralized public infrastructure) versions.
Contributing 💻
Open issues or PRs in the testing repo.
If further independent development occurs, a mention of me in your work would be much appreciated 😄
Contact 📨
Carlos Alegre Urquizú - calegreu@gmail.com
Buy me a CryptoCoffee ☕
Support me with ETH, MATIC, BNB, or any token of your choice ☕🧐☕
0x2365bf29236757bcfD141Fdb5C9318183716d866
License 📜
Distributed under the MIT License. View LICENSE in the repository for further details.
FAQs
InputControl allows you to specify the order and value of inputs that users can send to your functions. It can be used as global public infrastructure or in a private way
The npm package input-control-contract receives a total of 4 weekly downloads. As such, input-control-contract popularity was classified as not popular.
We found that input-control-contract demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Aug 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026