fix: add tx protected check at eth_sendRawTranasaction api (#144)

* add tx protected check at eth_sendRawTranasaction api * update jsonrpc readme * add test case
initia-labs · Jan 28, 2025 · 9d2df76 · 9d2df76
1 parent 9bcc1da
commit 9d2df76
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/jsonrpc/README.md b/jsonrpc/README.md
@@ -34,7 +34,7 @@ The ETH JSON-RPC (Remote Procedure Call) is a protocol that allows clients to in
 | eth       | eth_fillTransaction                        | 🚫        | Fills the defaults (nonce, gas, gasPrice or 1559 fields) on a given unsigned transaction, and returns it to the caller for further processing (signing + broadcast). |
 | eth       | eth_sendTransaction                        | 🚫        | Creates a new message call transaction or a contract creation if the data field contains code.                                                                       |
 | eth       | eth_resend                                 | 🚫        | Remove the given transaction from the pool and reinsert it with the new gas price and limit.                                                                         |
-| eth       | eth_sendRawTransaction                     | ✅        | Sends a signed transaction to the network.                                                                                                                           |
+| eth       | eth_sendRawTransaction                     | ✅        | Sends a signed transaction to the network. Only replay-protected (EIP-155) transactions are accepted.                                                                |
 | eth       | eth_call                                   | ✅        | Executes a new message call immediately without creating a transaction on the block chain.                                                                           |
 | eth       | eth_estimateGas                            | ✅        | Generates an estimate of how much gas is necessary to allow the transaction to complete.                                                                             |
 | eth       | eth_getBlockByHash                         | ✅        | Returns information about a block by hash.                                                                                                                           |

diff --git a/jsonrpc/backend/tx.go b/jsonrpc/backend/tx.go
@@ -29,6 +29,11 @@ func (b *JSONRPCBackend) SendRawTransaction(input hexutil.Bytes) (common.Hash, e
 		return common.Hash{}, err
 	}
 
+	if !tx.Protected() {
+		// Ensure only eip155 signed transactions are submitted if EIP155Required is set.
+		return common.Hash{}, errors.New("only replay-protected (EIP-155) transactions allowed over RPC")
+	}
+
 	if err := b.SendTx(tx); err != nil {
 		return common.Hash{}, err
 	}