Proxy transactions with proper header

[sambacha]

Some services use MetaMasks header information as a naive filter to reduce automated traffic/etc.

TLDR: some services will check for the value

Origin: chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn

to make sure that its a MetaMask or some other browser extension interacting with it. example: flashbots relay has this (disabled last i checked).

This is part of how Infura guards its gateway for metamask usage too.

POST /v3/9aa3d95b3bc440fa88ea12eaa4456161 HTTP/1.1
Host: mainnet.infura.io
Connection: keep-alive
Content-Length: 1035
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
Accept: application/json
DNT: 1
Content-Type: application/json
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Infura-Source: metamask/internal
Origin: chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: _ga=<TRUNCATED>

{
  "id": 10,
  "jsonrpc": "2.0",
  "method": "eth_call",
  "params": [
    {
      "to": "0xb1f8e55c7f64d203c1400b9d8555d050f94adf39",
      "data": "0xf0002ea90000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000090000000000000000000000005a974f95cbfe83abefa2c6322a4fc4da03287047000000000000000000000000a0766b65a4f7b1da79a1af79ac695456efa28644000000000000000000000000988c949876099ba2718fe60d0e639f35c0068cc600000000000000000000000008c9ea0843866691d491d4cd137cb8807a20eab7000000000000000000000000221e99f19f9ede27bdaea9e278fddbc3277d73b00000000000000000000000000043f09a0113cc5c5685340ef3956feae297c0e10000000000000000000000008cf35b93cfd6d97c6b66ad441e2472f47f1c4c460000000000000000000000003fc4b5df0205775bd812a5eb5b50341d1ad1b1fc000000000000000000000000086132af06003626b03b850bead54f5ca68543b000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000"
    },
    "0xc7dfb9"
  ]
}

[GregTheGreek]

Hey thanks for checking it out!

Is your suggestion to add:

Origin: chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn

I've been making this work thus far with infura, so just trying to understand what would happen?

[sambacha]

Hey thanks for checking it out!

Is your suggestion to add:

Origin: chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn

I've been making this work thus far with infura, so just trying to understand what would happen?

some services like MiningPoolDAO or Flashbots check for this as away to prevent spam.

Also I am interested in this subject specifically because it has forced us to use eth_sign since metamask does not allow configuration via API to change RPC info for default chainIds

side note, if you are interested in seeing how metamask ;s transaction insight stuff works here is the standalone PoC https://github.com/trufflesuite/react-eth-tx-params

[GregTheGreek]

@sambacha thanks again :)

I'm currently working on boiler plating app specific logic. Once I get that done I was thinking of using @truffle/fetch-and-compile but I'm wondering if thats used under the hood