hardhat-gas-reporter icon indicating copy to clipboard operation
hardhat-gas-reporter copied to clipboard

Published 20 hours ago verified publisher icon cgewecke

Don't send analytics data without permission

Open nmushegian opened this issue 2 years ago • 4 comments

The gas reporter is hitting the coinmarketcap API without asking or telling

Screen Shot 2022-03-04 at 5 44 41 PM

nmushegian avatar Mar 04 '22 22:03 nmushegian

This isn't sending analytics data. It's requesting price data.

cgewecke avatar Mar 04 '22 22:03 cgewecke

There is a lot of metadata in the request Coinmarketcap is not exactly a “no logs” company I’m not suggesting you are collecting analytics data, but someone is

nmushegian avatar Mar 04 '22 22:03 nmushegian

@nmushegian What would make you most comfortable here? No requests by default?

cgewecke avatar Mar 04 '22 22:03 cgewecke

I think that's reasonable. FWIW in my experience the only other entities that ships packages that make spurious requests, are Facebook and Google.

One possible usage

  • print a helpful one liner like no price provider configured, type <relevant help command> for info at start of report
  • not configured or similar as default value in the table
  • you can provide the url as an env var or part of the hardhat config

One side benefit of encouraging an explicit PRICE_RPC_URL is eventually we can swap it out with some nice eth AMM backed whatever. Like how we can swap ETH_RPC_API now that theoretical concerns about Infura are becoming real.

nmushegian avatar Mar 04 '22 23:03 nmushegian

Fixed in eth-gas-reporter 0.2.26

rip @nmushegian

cgewecke avatar Sep 30 '23 06:09 cgewecke