• RPC Firewall

    Protect yourself from accidentally transferring your crypto assets

    Documentation

    Cyber criminals steal your NFTs by asking you to confirm transactions you didn't expect to receive. Normally, this doesn't happen so long as we stay on sites we trust. Problem is the sheer amount of ways we may accidentally end up on the wrong site:

    • Server vulnerabilities
      • Verified twitter account mentions
      • Discord moderators and server codes
      • Official site
        • Any team member with access to modifying the frontend
        • 3rd-party dependencies: Cloud server, CDN, DNS, JS libraries
        • Unrestricted ad banner platforms
    • NFT team prioritizes growth over security
      • Easily impersonated names: ONI, 0N1, ON1, ONL, oniiiiii, oniiii, oniiiiis
      • Inconsistent links for every social media platform
      • Cult-like hype mechanics
    • User-focused attacks
      • Platforms
        • Direct messages
        • Emails
        • Sponsored links
      • Psychological
        • Messages with emotional impact
        • Market swings
        • User has stopped paying attention what they confirm

    Therefore I created a firewall designed to add more "friction" whenever a site makes a dangerous request.

    How it works

    The typical transaction (txn) travels from:
    MetaMask ⇒ RPC Gateway ⇒ Mempool ⇒ Blockchain.

    We added an extra step so now it's:
    MetaMask ⇒ KK779 FIREWALL ⇒ RPC Gateway ⇒ Mempool ⇒ Blockchain.

    This forces you to change your usual behavior when confirming dangerous transactions.

    ERC-721 NFTs have four methods that can cause ownership to transfer: safeTransferFrom(), transferFrom(), approve(), and setApprovalForAll(). setApprovalForAll() is the most dangerous because it gives someone the ability to take everything from a collection while the others only take one. What's important to recognize is that ANY NFT in your wallet may be requested using one of these four methods.

    Thus due to its reach, the firewall blocks ALL FOUR methods.

    This means if you are presented with one of the four types of transactions, you have to conciously turn off the firewall first to complete it.

    Typical Use Cases

    Mint NFT
    Leave firewall ON. Unless they specifically require a token that isn't ETH. Almost never the case.
    Free Mint
    Leave firewall ON
    List NFT from new collections or marketplaces
    Turn off firewall. MetaMask should say setApprovalForAll. Confirm. After it's done, turn firewall back on.
    List NFT from PREVIOUSLY APPROVED collections and marketplaces
    Leave firewall ON
    Buy NFT
    Leave firewall ON
    Stake NFT
    Most likely need to turn off firewall the first time. Double check to make sure you are on the correct site.
    Collecting Tokens or Airdrops
    Leave firewall ON
    When in doubt, leave firewall ON. It doesn't cost you gas if firewall blocks a transaction.

    Additional Notes

    Let's talk about what this firewall will NOT do:

    1. It will NOT block you from losing ETH or ERC-20 tokens but it's worth exploring. Firewall works for ERC-20 tokens now including WETH but NOT ETH. -
    2. It will NOT block you from losing ERC-1155 NFTs but it's also worth exploring.
    3. It will NOT protect you from compromised seed phrases or private keys.
    4. It will NOT protect you from compromised computers. Still need a cold wallet
    5. It will NOT protect you from coercion.
    Due to server restraints, some legitimate transactions may get blocked. If this happens, please let me know. I am not responsible for any time-critical transactions not making it on the blockchain. I do not suggest purposely testing this firewall on a fake site unless you know what you are doing. Who knows what other devious techniques they are using.

    Related