fix: Transaction hash validation (#687)

* fix: more address validation

* fix: Add validation to all transaction/userop hashes

* stringify bigints

Author: arcoraven

src/server/routes/contract/events/getContractEventLogs.ts

@@ -4,7 +4,7 @@ import { StatusCodes } from "http-status-codes";
 import { getContractEventLogsByBlockAndTopics } from "../../../../db/contractEventLogs/getContractEventLogs";
 import { isContractSubscribed } from "../../../../db/contractSubscriptions/getContractSubscriptions";
 import { createCustomError } from "../../../middleware/error";
-import { AddressSchema } from "../../../schemas/address";
+import { AddressSchema, TransactionHashSchema } from "../../../schemas/address";
 import {
   contractParamSchema,
   standardResponseSchema,
@@ -24,7 +24,7 @@ const responseSchema = Type.Object({
         chainId: Type.Number(),
         contractAddress: AddressSchema,
         blockNumber: Type.Number(),
-        transactionHash: Type.String(),
+        transactionHash: TransactionHashSchema,
         topics: Type.Array(Type.String()),
         data: Type.String(),
         eventName: Type.Optional(Type.String()),

src/server/routes/contract/extensions/erc1155/write/claimTo.ts

@@ -5,6 +5,7 @@ import type { Address } from "thirdweb";
 import { claimTo } from "thirdweb/extensions/erc1155";
 import { getContractV5 } from "../../../../../../utils/cache/getContractv5";
 import { queueTransaction } from "../../../../../../utils/transaction/queueTransation";
+import { AddressSchema } from "../../../../../schemas/address";
 import {
   erc1155ContractParamSchema,
   requestQuerystringSchema,
@@ -22,9 +23,10 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUTS
 const requestSchema = erc1155ContractParamSchema;
 const requestBodySchema = Type.Object({
-  receiver: Type.String({
+  receiver: {
+    ...AddressSchema,
     description: "Address of the wallet to claim the NFT to",
-  }),
+  },
   tokenId: Type.String({
     description: "Token ID of the NFT to claim",
   }),

src/server/routes/contract/extensions/erc1155/write/mintAdditionalSupplyTo.ts

@@ -3,6 +3,7 @@ import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { queueTx } from "../../../../../../db/transactions/queueTx";
 import { getContract } from "../../../../../../utils/cache/getContract";
+import { AddressSchema } from "../../../../../schemas/address";
 import {
   erc1155ContractParamSchema,
   requestQuerystringSchema,
@@ -16,9 +17,10 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUTS
 const requestSchema = erc1155ContractParamSchema;
 const requestBodySchema = Type.Object({
-  receiver: Type.String({
+  receiver: {
+    ...AddressSchema,
     description: "Address of the wallet to mint the NFT to",
-  }),
+  },
   tokenId: Type.String({
     description: "Token ID to mint additional supply to",
   }),

src/server/routes/contract/extensions/erc1155/write/mintBatchTo.ts

@@ -3,6 +3,7 @@ import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { queueTx } from "../../../../../../db/transactions/queueTx";
 import { getContract } from "../../../../../../utils/cache/getContract";
+import { AddressSchema } from "../../../../../schemas/address";
 import { nftAndSupplySchema } from "../../../../../schemas/nft";
 import {
   erc1155ContractParamSchema,
@@ -17,9 +18,10 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUTS
 const requestSchema = erc1155ContractParamSchema;
 const requestBodySchema = Type.Object({
-  receiver: Type.String({
+  receiver: {
+    ...AddressSchema,
     description: "Address of the wallet to mint the NFT to",
-  }),
+  },
   metadataWithSupply: Type.Array(nftAndSupplySchema),
   ...txOverridesWithValueSchema.properties,
 });

src/server/routes/contract/extensions/erc1155/write/mintTo.ts

@@ -3,6 +3,7 @@ import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { queueTx } from "../../../../../../db/transactions/queueTx";
 import { getContract } from "../../../../../../utils/cache/getContract";
+import { AddressSchema } from "../../../../../schemas/address";
 import { nftAndSupplySchema } from "../../../../../schemas/nft";
 import {
   erc1155ContractParamSchema,
@@ -17,9 +18,10 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUTS
 const requestSchema = erc1155ContractParamSchema;
 const requestBodySchema = Type.Object({
-  receiver: Type.String({
+  receiver: {
+    ...AddressSchema,
     description: "Address of the wallet to mint the NFT to",
-  }),
+  },
   metadataWithSupply: nftAndSupplySchema,
   ...txOverridesWithValueSchema.properties,
 });

src/server/routes/contract/extensions/erc721/write/claimTo.ts

@@ -5,6 +5,7 @@ import type { Address } from "thirdweb";
 import { claimTo } from "thirdweb/extensions/erc721";
 import { getContractV5 } from "../../../../../../utils/cache/getContractv5";
 import { queueTransaction } from "../../../../../../utils/transaction/queueTransation";
+import { AddressSchema } from "../../../../../schemas/address";
 import {
   contractParamSchema,
   requestQuerystringSchema,
@@ -22,9 +23,10 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUTS
 const requestSchema = contractParamSchema;
 const requestBodySchema = Type.Object({
-  receiver: Type.String({
+  receiver: {
+    ...AddressSchema,
     description: "Address of the wallet to claim the NFT to",
-  }),
+  },
   quantity: Type.String({
     description: "Quantity of NFTs to mint",
   }),

src/server/routes/contract/extensions/erc721/write/mintBatchTo.ts

@@ -3,6 +3,7 @@ import { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { queueTx } from "../../../../../../db/transactions/queueTx";
 import { getContract } from "../../../../../../utils/cache/getContract";
+import { AddressSchema } from "../../../../../schemas/address";
 import { nftOrInputSchema } from "../../../../../schemas/nft";
 import {
   contractParamSchema,
@@ -17,9 +18,10 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUTS
 const requestSchema = contractParamSchema;
 const requestBodySchema = Type.Object({
-  receiver: Type.String({
+  receiver: {
+    ...AddressSchema,
     description: "Address of the wallet to mint the NFT to",
-  }),
+  },
   metadatas: Type.Array(nftOrInputSchema),
   ...txOverridesWithValueSchema.properties,
 });

src/server/routes/contract/extensions/erc721/write/mintTo.ts

@@ -3,6 +3,7 @@ import { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
 import { queueTx } from "../../../../../../db/transactions/queueTx";
 import { getContract } from "../../../../../../utils/cache/getContract";
+import { AddressSchema } from "../../../../../schemas/address";
 import { nftOrInputSchema } from "../../../../../schemas/nft";
 import {
   contractParamSchema,
@@ -17,9 +18,10 @@ import { getChainIdFromChain } from "../../../../../utils/chain";
 // INPUTS
 const requestSchema = contractParamSchema;
 const requestBodySchema = Type.Object({
-  receiver: Type.String({
+  receiver: {
+    ...AddressSchema,
     description: "Address of the wallet to mint the NFT to",
-  }),
+  },
   metadata: nftOrInputSchema,
   ...txOverridesWithValueSchema.properties,
 });

src/server/routes/index.ts

@@ -94,7 +94,7 @@ import { updateRelayer } from "./relayer/update";
 import { healthCheck } from "./system/health";
 import { queueStatus } from "./system/queue";
 import { getTransactionLogs } from "./transaction/blockchain/getLogs";
-import { getTxHashReceipt } from "./transaction/blockchain/getTxReceipt";
+import { getTransactionReceipt } from "./transaction/blockchain/getReceipt";
 import { getUserOpReceipt } from "./transaction/blockchain/getUserOpReceipt";
 import { sendSignedTransaction } from "./transaction/blockchain/sendSignedTx";
 import { sendSignedUserOp } from "./transaction/blockchain/sendSignedUserOp";
@@ -225,7 +225,7 @@ export const withRoutes = async (fastify: FastifyInstance) => {
   await fastify.register(cancelTransaction);
   await fastify.register(sendSignedTransaction);
   await fastify.register(sendSignedUserOp);
-  await fastify.register(getTxHashReceipt);
+  await fastify.register(getTransactionReceipt);
   await fastify.register(getUserOpReceipt);
   await fastify.register(getTransactionLogs);
 

src/server/routes/transaction/blockchain/getTxReceipt.ts renamed to src/server/routes/transaction/blockchain/getReceipt.ts

@@ -1,20 +1,31 @@
-import { Static, Type } from "@sinclair/typebox";
-import { FastifyInstance } from "fastify";
+import { Type, type Static } from "@sinclair/typebox";
+import type { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
-import { getSdk } from "../../../../utils/cache/getSdk";
-import { AddressSchema } from "../../../schemas/address";
+import {
+  eth_getTransactionReceipt,
+  getRpcClient,
+  toHex,
+  type Hex,
+} from "thirdweb";
+import { stringify } from "thirdweb/utils";
+import type { TransactionReceipt } from "viem";
+import { getChain } from "../../../../utils/chain";
+import {
+  thirdwebClient,
+  toTransactionStatus,
+  toTransactionType,
+} from "../../../../utils/sdk";
+import { createCustomError } from "../../../middleware/error";
+import { AddressSchema, TransactionHashSchema } from "../../../schemas/address";
 import { standardResponseSchema } from "../../../schemas/sharedApiSchemas";
 import { getChainIdFromChain } from "../../../utils/chain";
 
 // INPUT
 const requestSchema = Type.Object({
-  txHash: Type.String({
+  transactionHash: {
+    ...TransactionHashSchema,
     description: "Transaction hash",
-    examples: [
-      "0xd9bcba8f5bc4ce5bf4d631b2a0144329c1df3b56ddb9fc64637ed3a4219dd087",
-    ],
-    pattern: "^0x([A-Fa-f0-9]{64})$",
-  }),
+  },
   chain: Type.String({
     examples: ["80002"],
     description: "Chain ID or name",
@@ -34,7 +45,7 @@ export const responseBodySchema = Type.Object({
         gasUsed: Type.String(),
         logsBloom: Type.String(),
         blockHash: Type.String(),
-        transactionHash: Type.String(),
+        transactionHash: TransactionHashSchema,
         logs: Type.Array(Type.Any()),
         blockNumber: Type.Number(),
         confirmations: Type.Number(),
@@ -108,40 +119,56 @@ responseBodySchema.example = {
   },
 };
 
-export async function getTxHashReceipt(fastify: FastifyInstance) {
+export async function getTransactionReceipt(fastify: FastifyInstance) {
   fastify.route<{
     Params: Static<typeof requestSchema>;
     Reply: Static<typeof responseBodySchema>;
   }>({
     method: "GET",
-    url: "/transaction/:chain/tx-hash/:txHash",
+    url: "/transaction/:chain/tx-hash/:transactionHash",
     schema: {
-      summary: "Get transaction receipt from transaction hash",
+      summary: "Get transaction receipt",
       description: "Get the transaction receipt from a transaction hash.",
       tags: ["Transaction"],
-      operationId: "txHashReceipt",
+      operationId: "getTransactionReceipt",
       params: requestSchema,
       response: {
         ...standardResponseSchema,
         [StatusCodes.OK]: responseBodySchema,
       },
     },
     handler: async (request, reply) => {
-      const { chain, txHash } = request.params;
+      const { chain, transactionHash } = request.params;
 
       const chainId = await getChainIdFromChain(chain);
-      const sdk = await getSdk({ chainId });
-      const receipt = await sdk.getProvider().getTransactionReceipt(txHash);
+      const rpcRequest = getRpcClient({
+        client: thirdwebClient,
+        chain: await getChain(chainId),
+      });
+
+      let receipt: TransactionReceipt;
+      try {
+        receipt = await eth_getTransactionReceipt(rpcRequest, {
+          hash: transactionHash as Hex,
+        });
+      } catch {
+        throw createCustomError(
+          "Transaction is not mined.",
+          StatusCodes.BAD_REQUEST,
+          "TRANSACTION_NOT_MINED",
+        );
+      }
 
       reply.status(StatusCodes.OK).send({
-        result: receipt
-          ? {
-              ...receipt,
-              gasUsed: receipt.gasUsed.toHexString(),
-              cumulativeGasUsed: receipt.cumulativeGasUsed.toHexString(),
-              effectiveGasPrice: receipt.effectiveGasPrice?.toHexString(),
-            }
-          : null,
+        result: {
+          ...JSON.parse(stringify(receipt)),
+          gasUsed: toHex(receipt.gasUsed),
+          cumulativeGasUsed: toHex(receipt.cumulativeGasUsed),
+          effectiveGasPrice: toHex(receipt.effectiveGasPrice),
+          blockNumber: Number(receipt.blockNumber),
+          type: toTransactionType(receipt.type),
+          status: toTransactionStatus(receipt.status),
+        },
       });
     },
   });