web
web copied to clipboard
shapeshift
Block smart contract receive addresses for SwapOut longtails
Overview
We currently have safety for smart contract addresses on the sell side
However, with longtail in the works, we may now be in a state where the receive side is a custom receive addres for SwapOut long tails
i.e User -> Deposit into THORChain -> Swap to Base Asset -> Call into Aggregator -> Swap Via AMM
e.g BTC -> CRV
While the receive address wouldn't be an issue for us for regular THOR trades, and we don't have any risk of running into such issue at the moment, it's an issue for longtails:
It's not entirely clear if this flow could happen with our current wallet support and custom receive address logic, as there should be no wallet that has support for non-EVM assets e.g UTXOs/Cosmos/RUNE, but no support for EVMs. Keplr comes to mind, however, swapper is disabled for Keplr.
There could be a flow in the future where we consistently allow custom receive addresses, and we should definitely be prepared for it and err on the side of safety by blocking smart contract receive addresses too.
For the time being, implementing this will just be a no-op, since the sell and receive addresses are the same, and the calls are cached.
References and additional details
https://github.com/shapeshift/web/pull/5716 https://github.com/shapeshift/web/pull/5724
Acceptance Criteria
- Both sell and receive addresses are checked against being smart contract wallets in swapper
Need By Date
No response
Screenshots/Mockups
No response
Estimated effort
No response
Implemented in #6072 but cannot be tested yet. Dependant on https://github.com/shapeshift/web/issues/5892