feat: add Arbitrum, Optimism, BNB Chain, and Linea network support#3
Open
Officialhomie wants to merge 6 commits intorawgroundbeef:mainfrom
Open
feat: add Arbitrum, Optimism, BNB Chain, and Linea network support#3Officialhomie wants to merge 6 commits intorawgroundbeef:mainfrom
Officialhomie wants to merge 6 commits intorawgroundbeef:mainfrom
Conversation
- Add chain configs for Arbitrum One (42161) and Arbitrum Sepolia (421614) - Add chain configs for Optimism (10) and Optimism Sepolia (11155420) - Add chain configs for BNB Chain (56) and BNB Testnet (97) - Add chain configs for Linea (59144) and Linea Goerli (59140) - Add viem chain definitions and RPC configurations - Add USDC token addresses for all new chains - Update SDK networks list - Update dashboard network card component - Add integration test for Arbitrum (arbitrum-real.test.ts) - Add test script: pnpm test:arbitrum All chains follow existing patterns and are ERC-3009 compatible.
|
@Officialhomie is attempting to deploy a commit to the Ben's Team Team on Vercel. A member of the Team first needs to authorize it. |
This commit adds a critical security feature that prevents replay attacks after server restarts by implementing persistent nonce tracking in the database. Problem Fixed: - Before: Nonce deduplication relied solely on in-memory cache - After server restart, cache is wiped → same authorization can be replayed - This created a critical replay attack window Solution: - Two-tier nonce validation system (L1 cache + L2 database) - Database PRIMARY KEY constraint ensures atomic nonce acquisition - Survives server restarts, crashes, and deployments - Backward compatible: falls back to in-memory if no validator provided Core Package Changes: - Added NonceValidator interface to types.ts - Integrated optional nonceValidator into ERC-3009 settlement - Updated Facilitator class to pass validator to settlement Server Package Changes: - Added used_nonces table schema with PRIMARY KEY constraint - Created nonce-tracker service (L1 cache + L2 database) - Created nonce-validator-adapter to bridge server and core - Created nonce-cleanup background job for expired nonces - Integrated validator injection into facilitator routes - Added comprehensive test suite (15 tests, all passing) Security Impact: - Eliminates replay attack window after server restarts - Prevents double-settlement of same authorization - Multi-tenant safe (scoped by facilitator ID) - Audit trail with transaction hash storage Testing: - 15/15 tests passing - Backward compatible (graceful degradation) - Core and server packages build successfully Files: - packages/core/src/types.ts - packages/core/src/erc3009.ts - packages/core/src/facilitator.ts - packages/server/src/db/index.ts - packages/server/src/routes/facilitator.ts - packages/server/src/index.ts - packages/server/src/services/nonce-tracker.ts (NEW) - packages/server/src/services/nonce-validator-adapter.ts (NEW) - packages/server/src/services/nonce-cleanup.ts (NEW) - packages/server/src/services/nonce-tracker.test.ts (NEW) Refs: #security #replay-protection
- Use unique timestamp-based database file to avoid locking conflicts - Update edge case test to use fresh nonce (0xEEE... instead of 0xDDD...) - Add clarifying comment about expiration validation Fixes test failures when running full test suite concurrently. All 40 server tests now passing.
Bring branch up to date with latest upstream changes.
- package.json: add root `of:doctor` script to run server diagnostics from repo root. - packages/server/package.json: add `of:doctor` script (tsx) to run `scripts/doctor.ts`. - packages/server/scripts/doctor.ts: implement non-invasive doctor tool (env + DB + migrations + RPC checks) with `--json` output and safe secret handling.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for 4 major L2 networks: Arbitrum, Optimism, BNB Chain, and Linea (8 networks total including testnets).
Changes
pnpm test:arbitrumTesting
All chains are ERC-3009 compatible and follow the same pattern as existing chains.