Heliaia - a proxy that sits between your wallet and a node🧑‍⚖️

Overview

Heliaia

Heliaia is a proxy that sits between your wallet and a node, with the sole purpose to intercept transactions before they are broadcasted. Transactions are thuroughly analysed by various rules that provide the user with deep insights into what they are signing. Wallet UIs can only present you with so much information before it becomes exhaustive. Heliaia aims to provide a user with an indepth analysis of their transactons to help them make a more informed decision when signing transactions.

TL/DR: If you're paranoid like me, this is the sanity check you need.

Motiviation

Wallet UIs can only present you with so much information before it becomes exhaustive. Heliaia aims to provide you with

Name Origins

Heliaia was the supreme court of ancient Athens, the Heliaia functioned as a court for litigation of public, criminal and private international law. A fitting name for a tool that scrutinizes a transaction to ensure it adhers to a strict set of rules. I'm also Greek and chose this purely on bias :)

Usage

git clone https://github.com/GregTheGreek/Heliaia.git
cd Heliaia
yarn
yarn start [args]

Available command line arguments:

Port number to listen on (default: "9545") -h, --help display help for command">
Options:
  -r --rpc 
   
          RPC URL to proxy to (default: "http://localhost:8545/")
  -p --port 
    
       Port number to listen on (default: "9545")
  -h, --help          display help for command

    
   

Once started, connect your wallet (eg, MetaMask) to the endpoint exposed by the proxy (by default, http://localhost:9545/), and interact with apps and contracts normally.

When rules are run, they'll appear in the terminal like so:

=========================
==== ENS Rule Module ====
=========================
From: 0xCC71BBe481A50b9fb36afD36aE6EF63FE8eD94bB
To: example.eth (0xabc...1234)

As a user you can then choose to submit the transaction or reject it:

Do you want to submit the transaction?
? Do you want to submit the transaction? › (y/N)

Features

  • Ens checks
  • Contract verification
  • Malicious address (todo)
    • Warn the user about any flagged addresses (eg: DAO hacker, spam token)
    • 0x0 address?
  • Known contracts (todo)
    • For known contracts describe the interaction in english
  • Allow the user to choose which rules to apply (todo)
    • Store a config file somewhere?
  • Simulate calls in ganache (todo)
  • ?

Contributing

There are two types of rules: Generic rules and App rules. Generic rule sets are general things such as ENS integrations or contract verificaiton. App rules are meant to be application specific such that it can generate in-depth analysis for the user. An example of this would be the uniswap rule, which gives the user a very human readable understanding of what is happening.

Inspiration

Inspired by Nick Johnson's flashbots-proxy

Disclaimer

This has not been extensively tested. I take no responsibility for any damages it causes, and you use it entirely at your own risk.

You might also like...

A MITM cache between RPCs and a a dAPP. Useful to allow for better performance on a public RPC node

better-cosmos-rpcs A cheaper way to allow for public RPCs as a service WITHOUT scaling issues. No need to rate limit either. How it is done: User GET

Nov 19, 2022

RepoProvas API, a system for sharing tests between students, built with Typescript, Node.js, Express, Prisma and Postgres.

Repoprovas Built With 📋 Description RepoProvas API, a system for sharing tests between students, built with Typescript, Node.js, Express, Prisma and

Dec 13, 2022

🔐 Protect your Smart Contract Proxy from storage collisions upon upgrading, by running this action in a CI on each of your Pull Requests!

🔥 🛠️ Foundry Storage Upgrade Seatbelt Protect your Smart Contract Proxy from storage collisions upon upgrading, by running this action in a CI on ea

Dec 24, 2022

A Node.js HTTP proxy that tracks managed PaaS account applications and auto-stop&start them

A Node.js HTTP proxy that tracks managed PaaS account applications and auto-stop&start them

paastis-engine Features Paastis engine is the heart of the Paastis project. Its goal is to monitor and manage (start & stop) PaaS applications based o

Nov 8, 2022

🎯 Wallet Lite is a Quick and Simple way to use your Tokens of Lunes Blockchain in a light Chrome extension

Lunes Wallet Lite Offered by: Lunes Installing Web store: Lunes Lite will be available on Chrome Web Store Build: Requisites NodeJS (16 or higher) Git

Oct 25, 2022

A serverless proxy for filtering JSON using node-jq

jqp jqp is a free serverless proxy that lets you request data from remote sources, filter it using node-jq, and receive the filtered response. How to

Dec 28, 2022

A list of EVM-based chains that also allows you to add chains to your favorite Web3 wallet

A list of EVM-based chains that also allows you to add chains to your favorite Web3 wallet. An alternative to the closing chainlist.org

Jan 5, 2023

✍️ Easily sign any message using your Ethereum wallet

wallet-sign Easily sign any message using your Ethereum wallet Use the app here: https://marcusmolchany.github.io/wallet-sign Depolyment yarn deploy D

Nov 26, 2022
Comments
  • Major updates

    Major updates

    Changes

    • Structural changes to Rules and file tree
    • How rules are loaded into the rules engine
    • Rule interfaces to support ganache

    Additions

    • Erc20 rule to check balance changes
    • Interactive rule selector
    • Add ganache forking to trace state (incomplete)
    opened by GregTheGreek 0
  • Proxy transactions with proper header

    Proxy transactions with proper header

    Some services use MetaMasks header information as a naive filter to reduce automated traffic/etc.

    TLDR: some services will check for the value

    Origin: chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn
    

    to make sure that its a MetaMask or some other browser extension interacting with it. example: flashbots relay has this (disabled last i checked).

    This is part of how Infura guards its gateway for metamask usage too.

    POST /v3/9aa3d95b3bc440fa88ea12eaa4456161 HTTP/1.1
    Host: mainnet.infura.io
    Connection: keep-alive
    Content-Length: 1035
    sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
    Accept: application/json
    DNT: 1
    Content-Type: application/json
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
    Infura-Source: metamask/internal
    Origin: chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Cookie: _ga=<TRUNCATED>
    
    {
      "id": 10,
      "jsonrpc": "2.0",
      "method": "eth_call",
      "params": [
        {
          "to": "0xb1f8e55c7f64d203c1400b9d8555d050f94adf39",
          "data": "0xf0002ea90000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000090000000000000000000000005a974f95cbfe83abefa2c6322a4fc4da03287047000000000000000000000000a0766b65a4f7b1da79a1af79ac695456efa28644000000000000000000000000988c949876099ba2718fe60d0e639f35c0068cc600000000000000000000000008c9ea0843866691d491d4cd137cb8807a20eab7000000000000000000000000221e99f19f9ede27bdaea9e278fddbc3277d73b00000000000000000000000000043f09a0113cc5c5685340ef3956feae297c0e10000000000000000000000008cf35b93cfd6d97c6b66ad441e2472f47f1c4c460000000000000000000000003fc4b5df0205775bd812a5eb5b50341d1ad1b1fc000000000000000000000000086132af06003626b03b850bead54f5ca68543b000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000"
        },
        "0xc7dfb9"
      ]
    }
    
    opened by sambacha 3
Owner
Gregory Markou
Blockchains and stuff. @ChainSafeSystems
Gregory Markou
Jonathan Parker 6 Nov 23, 2022
A simple CLI Tools to Empty Crypto Wallet & Send to your other Wallet Address

A simple CLI tools to empty crypto wallet & send to your other wallet, Build with Nodejs using Ethers API Run Locally Clone the project git clone ht

Raihan Ramadhani 11 Dec 29, 2022
Nami Wallet is a browser based wallet extension to interact with the Cardano blockchain.

Nami Wallet Nami Wallet is a browser based wallet extension to interact with the Cardano blockchain. It's an open-source project and built by Berry Po

Berry 335 Dec 29, 2022
proxy 🦄 yxorp is your Web Proxy as a Service (SAAS) Multi-tenant, Multi-Threaded, with Cache & Article Spinner

proxy ?? yxorp is your Web Proxy as a Service (SAAS) Multi-tenant, Multi-Threaded, with Cache & Article Spinner. Batteries are included, Content Spinning and Caching Engine, all housed within a stunning web GUI. A unique high-performance, plug-and-play, multi-threaded website mirror and article spinner

4D/ҵ.com Dashboards 13 Dec 30, 2022
Proxy but misspelled -- closed proxy for the internet

pyrox Proxy that runs on Cloudflare Workers. Setup Install wrangler2. npm install wrangler. Generate a public Ed25519 key, exported under SPKI mode wi

bots.gg 10 Sep 9, 2022
The frontend of a full stack application of a personal wallet made with React, Node and MongoDB that allows you to add inputs, outputs and see all your extract.

The frontend of a full stack application of a personal wallet made with React, Node and MongoDB that allows you to add inputs, outputs and see all your extract.

Bernardo Rodrigues 5 Jun 2, 2022
The backend of a full stack application of a personal wallet made with React, Node and MongoDB that allows you to add inputs, outputs and see all your extract.

My first full stack application with the concept of a personal wallet that allows you to create a personal account to keep track of your entire statement by adding incoming and outgoing transactions, as well as calculating the total balance and being able to edit and delete old transactions.

Bernardo Rodrigues 6 Jun 23, 2022
Generate random ethereum wallets & private keys and then check if they match a wallet that contains some kind of balance, so that you can take it. In Node.js

Ethereum-Stealer Generate random ethereum wallets & private keys and then check if they match a wallet that contains some kind of balance, so that you

Michał 74 Dec 24, 2022
Babel plugin and helper functions for interoperation between Node.js native ESM and Babel ESM

babel-plugin-node-cjs-interop and node-cjs-interop: fix the default import interoperability issue in Node.js The problem to solve Consider the followi

Masaki Hara 15 Nov 6, 2022
Differences between Node + Koa and Deno + Oak

Node + Koa VS Deno + Oak Differences between Node + Koa and Deno + Oak About This is a project that aims to observe the differences between a simple R

Ronald Guilherme P. dos Santos 3 Jun 28, 2022