Summary
The HTTP JSON-RPC server exposes relay and quote methods to any client that can reach the bind address (src/rpc.rs). There is no API key, JWT, or IP allowlist in the core path.
Risks
- Unauthorized relay: Anyone who can reach the port may submit
relayer_sendTransaction (subject only to chain config and simulation), consuming operator RPC quota and relayer gas for sponsored flows.
- Denial of service: No per-IP or global rate limits; attackers can hammer simulation (
eth_call / eth_estimateGas) and submission endpoints.
Suggested mitigations
- Document that production deployments must place the service behind an authenticated reverse proxy or private network.
- Optionally implement spec-aligned
401 / 4100 behavior and rate limits (4203) as first-class middleware.
References
src/rpc.rs (method registration)src/utils/errors/rpc_errors.rs (helpers exist but are not wired universally)
Summary
The HTTP JSON-RPC server exposes relay and quote methods to any client that can reach the bind address (
src/rpc.rs). There is no API key, JWT, or IP allowlist in the core path.Risks
relayer_sendTransaction(subject only to chain config and simulation), consuming operator RPC quota and relayer gas for sponsored flows.eth_call/eth_estimateGas) and submission endpoints.Suggested mitigations
401/4100behavior and rate limits (4203) as first-class middleware.References
src/rpc.rs(method registration)src/utils/errors/rpc_errors.rs(helpers exist but are not wired universally)