Problem
Blockbook currently supports ALLOWED_RPC_CALL_TO, which allows the rpcCall endpoint to call any method on explicitly whitelisted contract addresses.
This works well for known contracts, but it does not cover cases where we need to call the same safe read-only method across many different contracts.
A good example is ERC-20 allowance(address owner, address spender), which is needed by Trezor Suite for features like Yield and Trading.
Right now, allowing this would require whitelisting every token contract address individually, which is not practical.
Proposed solution
Introduce a new configuration option, for example:
ALLOWED_EVM_CALL_METHODS=0xdd62ed3e
This option would allow specific EVM call method selectors to be used with the rpcCall endpoint, regardless of the target contract address.
The allow check would be based on the first 4 bytes of the data field.
For example, this call should be allowed because the calldata starts with 0xdd62ed3e, which is the selector for:
allowance(address owner, address spender)
Example call:
to: 0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599
data: 0xdd62ed3e0000000000000000000000009ea3721b5bf3b64b4418c38b603154d2d597fae3000000000000000000000000e4db1c5a1b709ce4d2ada6985d9d506e58f73829
Should be allowed because data start by 0xdd62ed3e
Expected behavior
When rpcCall is called:
- If the target contract address is allowed by
ALLOWED_RPC_CALL_TO, keep the current behavior.
- Otherwise, check whether the calldata starts with one of the selectors configured in ALLOWED_EVM_CALL_METHODS.
- If the selector is allowed, permit the call.
- If neither the target contract nor the method selector is allowed, reject the call as today.
Acceptance criteria
- Add support for a new config option such as
ALLOWED_EVM_CALL_METHODS.
- The config should support one or more comma-separated 4-byte selectors.
- The check should match only the first 4 bytes of the calldata.
allowance(address,address) with selector 0xdd62ed3e should work when configured.
- Existing
ALLOWED_RPC_CALL_TO behavior must stay unchanged.
- Calls with non-whitelisted selectors must continue to be rejected.
- Invalid or malformed calldata should not bypass the allowlist.
Motivation
This is needed by Trezor Suite to safely support read-only contract calls that are generic across many ERC-20 contracts.
For Yield and Trading, Suite needs to read ERC-20 allowances before showing or performing approve/deposit flows.
Whitelisting the method selector is safer and easier to maintain than whitelisting every possible ERC-20 token contract address.
Problem
Blockbook currently supports
ALLOWED_RPC_CALL_TO, which allows therpcCallendpoint to call any method on explicitly whitelisted contract addresses.This works well for known contracts, but it does not cover cases where we need to call the same safe read-only method across many different contracts.
A good example is ERC-20
allowance(address owner, address spender), which is needed by Trezor Suite for features like Yield and Trading.Right now, allowing this would require whitelisting every token contract address individually, which is not practical.
Proposed solution
Introduce a new configuration option, for example:
This option would allow specific EVM call method selectors to be used with the rpcCall endpoint, regardless of the target contract address.
The allow check would be based on the first 4 bytes of the data field.
For example, this call should be allowed because the calldata starts with
0xdd62ed3e, which is the selector for:Example call:
Should be allowed because
datastart by0xdd62ed3eExpected behavior
When rpcCall is called:
ALLOWED_RPC_CALL_TO, keep the current behavior.Acceptance criteria
ALLOWED_EVM_CALL_METHODS.allowance(address,address)with selector0xdd62ed3eshould work when configured.ALLOWED_RPC_CALL_TObehavior must stay unchanged.Motivation
This is needed by Trezor Suite to safely support read-only contract calls that are generic across many ERC-20 contracts.
For Yield and Trading, Suite needs to read ERC-20 allowances before showing or performing approve/deposit flows.
Whitelisting the method selector is safer and easier to maintain than whitelisting every possible ERC-20 token contract address.