project screenshot 1
project screenshot 2
project screenshot 3

Safenode

Smart anti-fraud/phishing ETH JSON-RPC firewall with visualized transaction simulation

Safenode

Created At

ETHNewYork 2022

Winner of

🚀 Optimism — Just Deploy!

🥈 Pocket — Best Use

🏊‍♂️ Pocket — Pool Prize

🤝 Tenderly — Solve an existing real problem

🥇 Covalent — Best Use

🥇 Worldcoin — Best Use

🥉 OpenSea — Best Integration

🏆 ETHNewYork Finalist

Project Description

Please see GitHub for most up-to-date documentation. The following is a transcript of my pitch: Imagine this: a new announcement in your favorite NFT discord - a free claim for your new NFT. Utility. As you click “submit transaction”, an irreversible spiral begins as your transaction is sent to an RPC. It’s too late. Your ape is gone. Phished.

Blockchain is terrifying. Once your transaction is mined, there’s no taking it back; blockchain is forever. Though most of us use hardware wallets and are technical, millions are stolen through phishing; fake mint sites, free airdrops, send 1 eth get 2 back. Even for those like us who work full time in crypto, transactions are too much of a black box.

I took a screenshot of a contract interaction yesterday. What do you think this transaction does? It’s setApprovalForAll - if someone sent this, they would have been phished for all their NFT’s of a particular collection. If we truly want to onboard a billion users, we need to take the guesswork out of security. RPC’s should be smarter and detect fraud and phishing. RPC’s should make users think twice about submitting dangerous transactions, showing data to help inform this decision.

Welcome to Safenode, a layer of trust in a trustless environment. It’s simple. Users simply add it as their RPC and block explorer in their wallet.

When you first use our RPC, the addresses they interacted with are added to a personal whitelist. For these transactions, “It just works”.

But then, when a transaction is queued, it means Safenode has proxied it and hasn’t sent it to the mempool; it’s awaiting your approval. When this happens, we provide data to inform user decisions. We think a dump of hex data that Metamask gives us isn’t intuitive. Safenode does visualization differently.

We simulate the transaction before it’s submitted and log all events in a simulation of their transaction; including ERC20/721 approvals, transfers etc. The UI is meant to be obvious; no clutter. It’s like Etherscan, but before you even send the transaction. This is Safenode’s transaction simulation; one element of how we keep users safe.

Another layer of protection is to block transactions of addresses on our blacklist. One example of this would be that recently, a VC sent 500k USDC to… the Circle contract. Overall wETH/Tether have over 1 million dollars worth of their respective tokens in their contracts; these funds are irrecoverable. Safenode is smart enough that it can detect whether tokens sent to a contract are recoverable -- if not, we won’t let a transaction be sent. If a user nonetheless wants to send this transaction and lose funds, they can switch back to Infura to send it in two clicks. This blacklist can also be used to block a list of known malicious users.

In fact, perhaps blacklists can be combined with user reporting; something that is really only possible with blockchain. Playing on screen now is the full flow from sending a transaction that would have “hacked” all my Paradigm NFT’s, to viewing a simulation on Safenode, to reporting an address. Reporting is done through Worldcoin ’s World ID. Here, the number of reports is shown. This is sybil proof. If you know that 200 real people have reported an address, maybe you don’t want to interact with it. If it all looks good, they can sign a nonce and submit the transaction to the mempool.

The coolest part of all of this is that we have a list of globally whitelisted contracts and addresses - OpenSea, Uniswap, Curve, wrapping/unwrapping wETH, etc. Interacting with these is the same as with any other RPC. This idea is similar to the billion dollar industry of SSL certificates. This would be our main source of revenue; through auditing contracts for security and fair claims, and adding them to our list of trusted contracts. This way, Safenode won’t be obtrusive enough to make you miss a gas war on the newest mint.

Finally, Safenode works on any EVM chain; be it Optimism Kovan, Polygon Mumbai, etc.

Safenode is a user-centric RPC designed to keep the next billion ETH users safe. In web3, we all want trustlessness; Safenode informs the user to make the best decision on the trustworthiness of a transaction. We add trust to a trustless environment.

How it's Made

Tenderly simulations, Pocket network RPC's, Covalent for blockchain data (specifically, transaction log for address), OpenSea API for images/tokenID's of NFT's for a collection and user, Worldcoin World ID for anti-sybil voting. In terms of web2, I used sqlite3 for the database, nextjs/chakra for the UI.

background image mobile

Join the mailing list

Get the latest news and updates