0xPolygon · jhkimqd · Aug 6, 2025 · Aug 5, 2025 · Aug 5, 2025 · Aug 5, 2025
diff --git a/cmd/ulxly/ulxly.go b/cmd/ulxly/ulxly.go
@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/ecdsa"
+	"crypto/tls"
 	_ "embed"
 	"encoding/binary"
 	"encoding/json"
@@ -30,11 +31,11 @@ import (
 	ethclient "github.com/ethereum/go-ethereum/ethclient"
 	ethrpc "github.com/ethereum/go-ethereum/rpc"
 
-	smcerror "github.com/0xPolygon/polygon-cli/errors"
 	"github.com/0xPolygon/polygon-cli/bindings/tokens"
 	"github.com/0xPolygon/polygon-cli/bindings/ulxly"
 	"github.com/0xPolygon/polygon-cli/bindings/ulxly/polygonrollupmanager"
 	"github.com/0xPolygon/polygon-cli/cmd/flag_loader"
+	smcerror "github.com/0xPolygon/polygon-cli/errors"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
@@ -117,13 +118,27 @@ func readDeposit(cmd *cobra.Command) error {
 	fromBlock := getEvent.FromBlock
 	filter := getEvent.FilterSize
 
-	// Dial the Ethereum RPC server.
-	rpc, err := ethrpc.DialContext(cmd.Context(), rpcUrl)
-	if err != nil {
-		log.Error().Err(err).Msg("Unable to Dial RPC")
-		return err
+	// Use the new helper function
+	var rpc *ethrpc.Client
+	var err error
+
+	if getEvent.Insecure {
+		client, clientErr := createInsecureEthClient(rpcUrl)
+		if clientErr != nil {
+			log.Error().Err(clientErr).Msg("Unable to create insecure client")
+			return clientErr
+		}
+		defer client.Close()
+		rpc = client.Client()
+	} else {
+		rpc, err = ethrpc.DialContext(cmd.Context(), rpcUrl)
+		if err != nil {
+			log.Error().Err(err).Msg("Unable to Dial RPC")
+			return err
+		}
+		defer rpc.Close()
 	}
-	defer rpc.Close()
+
 	ec := ethclient.NewClient(rpc)
 
 	bridgeV2, err := ulxly.NewUlxly(common.HexToAddress(bridgeAddress), ec)
@@ -193,13 +208,27 @@ func readClaim(cmd *cobra.Command) error {
 	fromBlock := getEvent.FromBlock
 	filter := getEvent.FilterSize
 
-	// Dial the Ethereum RPC server.
-	rpc, err := ethrpc.DialContext(cmd.Context(), rpcUrl)
-	if err != nil {
-		log.Error().Err(err).Msg("Unable to Dial RPC")
-		return err
+	// Use the new helper function
+	var rpc *ethrpc.Client
+	var err error
+
+	if getEvent.Insecure {
+		client, clientErr := createInsecureEthClient(rpcUrl)
+		if clientErr != nil {
+			log.Error().Err(clientErr).Msg("Unable to create insecure client")
+			return clientErr
+		}
+		defer client.Close()
+		rpc = client.Client()
+	} else {
+		rpc, err = ethrpc.DialContext(cmd.Context(), rpcUrl)
+		if err != nil {
+			log.Error().Err(err).Msg("Unable to Dial RPC")
+			return err
+		}
+		defer rpc.Close()
 	}
-	defer rpc.Close()
+
 	ec := ethclient.NewClient(rpc)
 
 	bridgeV2, err := ulxly.NewUlxly(common.HexToAddress(bridgeAddress), ec)
@@ -251,20 +280,35 @@ func readClaim(cmd *cobra.Command) error {
 
 	return nil
 }
+
 func readVerifyBatches(cmd *cobra.Command) error {
 	rollupManagerAddress := getVerifyBatchesOptions.RollupManagerAddress
 	rpcUrl := getEvent.URL
 	toBlock := getEvent.ToBlock
 	fromBlock := getEvent.FromBlock
 	filter := getEvent.FilterSize
 
-	// Dial the Ethereum RPC server.
-	rpc, err := ethrpc.DialContext(cmd.Context(), rpcUrl)
-	if err != nil {
-		log.Error().Err(err).Msg("Unable to Dial RPC")
-		return err
+	// Use the new helper function
+	var rpc *ethrpc.Client
+	var err error
+
+	if getEvent.Insecure {
+		client, clientErr := createInsecureEthClient(rpcUrl)
+		if clientErr != nil {
+			log.Error().Err(clientErr).Msg("Unable to create insecure client")
+			return clientErr
+		}
+		defer client.Close()
+		rpc = client.Client()
+	} else {
+		rpc, err = ethrpc.DialContext(cmd.Context(), rpcUrl)
+		if err != nil {
+			log.Error().Err(err).Msg("Unable to Dial RPC")
+			return err
+		}
+		defer rpc.Close()
 	}
-	defer rpc.Close()
+
 	client := ethclient.NewClient(rpc)
 	rm := common.HexToAddress(rollupManagerAddress)
 	rollupManager, err := polygonrollupmanager.NewPolygonrollupmanager(rm, client)
@@ -322,10 +366,20 @@ func proof(args []string) error {
 func balanceTree() error {
 	l2NetworkID := balanceTreeOptions.L2NetworkID
 	bridgeAddress := common.HexToAddress(balanceTreeOptions.BridgeAddress)
-	client, err := ethclient.DialContext(context.Background(), balanceTreeOptions.RpcURL)
+
+	var client *ethclient.Client
+	var err error
+
+	if balanceTreeOptions.Insecure {
+		client, err = createInsecureEthClient(balanceTreeOptions.RpcURL)
+	} else {
+		client, err = ethclient.DialContext(context.Background(), balanceTreeOptions.RpcURL)
+	}
+
 	if err != nil {
 		return err
 	}
+	defer client.Close()
 	l2RawClaimsData, l2RawDepositsData, err := getBalanceTreeData()
 	if err != nil {
 		return err
@@ -362,10 +416,20 @@ func nullifierTree(args []string) error {
 func nullifierAndBalanceTree(args []string) error {
 	l2NetworkID := balanceTreeOptions.L2NetworkID
 	bridgeAddress := common.HexToAddress(balanceTreeOptions.BridgeAddress)
-	client, err := ethclient.DialContext(context.Background(), balanceTreeOptions.RpcURL)
+
+	var client *ethclient.Client
+	var err error
+
+	if balanceTreeOptions.Insecure {
+		client, err = createInsecureEthClient(balanceTreeOptions.RpcURL)
+	} else {
+		client, err = ethclient.DialContext(context.Background(), balanceTreeOptions.RpcURL)
+	}
+
 	if err != nil {
 		return err
 	}
+	defer client.Close()
 	l2RawClaimsData, l2RawDepositsData, err := getBalanceTreeData()
 	if err != nil {
 		return err
@@ -616,7 +680,7 @@ func logAndReturnJsonError(ctx context.Context, client *ethclient.Client, tx *ty
 		errLog = errLog.Err(callErr)
 	}
 
-	customErr := errors.New(err.Error()+": " + reason)
+	customErr := errors.New(err.Error() + ": " + reason)
 	if errCode, isValid := jsonError.Data.(string); isValid && errCode == "0x646cf558" {
 		// I don't want to bother with the additional error logging for previously claimed deposits
 		return customErr
@@ -685,8 +749,7 @@ func bridgeAsset(cmd *cobra.Command) error {
 	timeoutTxnReceipt := *inputUlxlyArgs.timeout
 	RPCURL := *inputUlxlyArgs.rpcURL
 
-	// Dial the Ethereum RPC server.
-	client, err := ethclient.DialContext(cmd.Context(), RPCURL)
+	client, err := createEthClient(cmd.Context(), RPCURL)
 	if err != nil {
 		log.Error().Err(err).Msg("Unable to Dial RPC")
 		return err
@@ -775,7 +838,7 @@ func bridgeMessage(cmd *cobra.Command) error {
 	RPCURL := *inputUlxlyArgs.rpcURL
 
 	// Dial the Ethereum RPC server.
-	client, err := ethclient.DialContext(cmd.Context(), RPCURL)
+	client, err := createEthClient(cmd.Context(), RPCURL)
 	if err != nil {
 		log.Error().Err(err).Msg("Unable to Dial RPC")
 		return err
@@ -828,7 +891,7 @@ func bridgeWETHMessage(cmd *cobra.Command) error {
 	RPCURL := *inputUlxlyArgs.rpcURL
 
 	// Dial the Ethereum RPC server.
-	client, err := ethclient.DialContext(cmd.Context(), RPCURL)
+	client, err := createEthClient(cmd.Context(), RPCURL)
 	if err != nil {
 		log.Error().Err(err).Msg("Unable to Dial RPC")
 		return err
@@ -886,7 +949,7 @@ func claimAsset(cmd *cobra.Command) error {
 	wait := *inputUlxlyArgs.wait
 
 	// Dial Ethereum client
-	client, err := ethclient.DialContext(cmd.Context(), RPCURL)
+	client, err := createEthClient(cmd.Context(), RPCURL)
 	if err != nil {
 		log.Error().Err(err).Msg("Unable to Dial RPC")
 		return err
@@ -940,7 +1003,7 @@ func claimMessage(cmd *cobra.Command) error {
 	wait := *inputUlxlyArgs.wait
 
 	// Dial Ethereum client
-	client, err := ethclient.DialContext(cmd.Context(), RPCURL)
+	client, err := createEthClient(cmd.Context(), RPCURL)
 	if err != nil {
 		log.Error().Err(err).Msg("Unable to Dial RPC")
 		return err
@@ -1078,7 +1141,7 @@ func claimEverything(cmd *cobra.Command) error {
 		}
 	}
 
-	client, err := ethclient.DialContext(cmd.Context(), RPCURL)
+	client, err := createEthClient(cmd.Context(), RPCURL)
 	if err != nil {
 		log.Error().Err(err).Msg("Unable to Dial RPC")
 		return err
@@ -1802,8 +1865,25 @@ func generateTransactionPayload(ctx context.Context, client *ethclient.Client, u
 	return bridgeV2, toAddress, opts, err
 }
 
+// Helper function to get the appropriate HTTP client
+func getHTTPClient() *http.Client {
+	if *inputUlxlyArgs.insecure {
+		log.Warn().Msg("WARNING: Using insecure HTTP client for bridge service requests")
+		return &http.Client{
+			Timeout: 30 * time.Second,
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			},
+		}
+	}
+	return &http.Client{
+		Timeout: 30 * time.Second,
+	}
+}
+
 func getMerkleProofsExitRoots(bridgeServiceProofEndpoint string) (merkleProofArray [32][32]byte, rollupMerkleProofArray [32][32]byte, mainExitRoot []byte, rollupExitRoot []byte) {
-	reqBridgeProof, err := http.Get(bridgeServiceProofEndpoint)
+	client := getHTTPClient()
+	reqBridgeProof, err := client.Get(bridgeServiceProofEndpoint)
 	if err != nil {
 		log.Error().Err(err)
 		return
@@ -1851,7 +1931,8 @@ func getMerkleProofsExitRoots(bridgeServiceProofEndpoint string) (merkleProofArr
 }
 
 func getDeposit(bridgeServiceDepositsEndpoint string) (globalIndex *big.Int, originAddress common.Address, amount *big.Int, metadata []byte, leafType uint8, claimDestNetwork, claimOriginalNetwork uint32, err error) {
-	reqBridgeDeposit, err := http.Get(bridgeServiceDepositsEndpoint)
+	client := getHTTPClient()
+	reqBridgeDeposit, err := client.Get(bridgeServiceDepositsEndpoint)
 	if err != nil {
 		log.Error().Err(err)
 		return
@@ -1909,7 +1990,8 @@ func getDepositsForAddress(bridgeRequestUrl string) ([]BridgeDeposit, error) {
 		Deposits []BridgeDeposit `json:"deposits"`
 		Total    int             `json:"total_cnt,string"`
 	}
-	httpResp, err := http.Get(bridgeRequestUrl)
+	client := getHTTPClient()
+	httpResp, err := client.Get(bridgeRequestUrl)
 	if err != nil {
 		return nil, err
 	}
@@ -1929,6 +2011,33 @@ func getDepositsForAddress(bridgeRequestUrl string) ([]BridgeDeposit, error) {
 	return resp.Deposits, nil
 }
 
+// Add the helper function to create an insecure client
+func createInsecureEthClient(rpcURL string) (*ethclient.Client, error) {
+	// WARNING: This disables TLS certificate verification
+	log.Warn().Msg("WARNING: TLS certificate verification is disabled. This is unsafe for production use.")
+
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		},
+	}
+
+	rpcClient, err := ethrpc.DialOptions(context.Background(), rpcURL, ethrpc.WithHTTPClient(httpClient))
+	if err != nil {
+		return nil, err
+	}
+
+	return ethclient.NewClient(rpcClient), nil
+}
+
+// Add helper function to create either secure or insecure client based on flag
+func createEthClient(ctx context.Context, rpcURL string) (*ethclient.Client, error) {
+	if *inputUlxlyArgs.insecure {
+		return createInsecureEthClient(rpcURL)
+	}
+	return ethclient.DialContext(ctx, rpcURL)
+}
+
 //go:embed BridgeAssetUsage.md
 var bridgeAssetUsage string
 
@@ -2040,6 +2149,7 @@ type ulxlyArgs struct {
 	bridgeOffset        *int
 	wait                *time.Duration
 	concurrency         *uint
+	insecure            *bool
 }
 
 var inputUlxlyArgs = ulxlyArgs{}
@@ -2106,6 +2216,7 @@ const (
 	ArgBridgeOffset         = "bridge-offset"
 	ArgWait                 = "wait"
 	ArgConcurrency          = "concurrency"
+	ArgInsecure             = "insecure"
 )
 
 func prepInputs(cmd *cobra.Command, args []string) error {
@@ -2164,6 +2275,7 @@ func (o *FileOptions) AddFlags(cmd *cobra.Command) {
 type BalanceTreeOptions struct {
 	L2ClaimsFile, L2DepositsFile, BridgeAddress, RpcURL string
 	L2NetworkID                                         uint32
+	Insecure                                            bool
 }
 
 func (o *BalanceTreeOptions) AddFlags(cmd *cobra.Command) {
@@ -2172,6 +2284,7 @@ func (o *BalanceTreeOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVarP(&o.BridgeAddress, ArgBridgeAddress, "", "", "Bridge Address")
 	cmd.Flags().StringVarP(&o.RpcURL, ArgRPCURL, "r", "", "RPC URL")
 	cmd.Flags().Uint32VarP(&o.L2NetworkID, ArgL2NetworkID, "", 0, "The L2 networkID")
+	cmd.Flags().BoolVarP(&o.Insecure, ArgInsecure, "", false, "skip TLS certificate verification")
 }
 
 type ProofOptions struct {
@@ -2195,13 +2308,15 @@ func (o *RollupsProofOptions) AddFlags(cmd *cobra.Command) {
 type GetEvent struct {
 	URL                            string
 	FromBlock, ToBlock, FilterSize uint64
+	Insecure                       bool
 }
 
 func (o *GetEvent) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVarP(&o.URL, ArgRPCURL, "u", "", "The RPC URL to read the events data")
 	cmd.Flags().Uint64VarP(&o.FromBlock, ArgFromBlock, "f", 0, "The start of the range of blocks to retrieve")
 	cmd.Flags().Uint64VarP(&o.ToBlock, ArgToBlock, "t", 0, "The end of the range of blocks to retrieve")
 	cmd.Flags().Uint64VarP(&o.FilterSize, ArgFilterSize, "i", 1000, "The batch size for individual filter queries")
+	cmd.Flags().BoolVarP(&o.Insecure, ArgInsecure, "", false, "skip TLS certificate verification")
 	fatalIfError(cmd.MarkFlagRequired(ArgFromBlock))
 	fatalIfError(cmd.MarkFlagRequired(ArgToBlock))
 	fatalIfError(cmd.MarkFlagRequired(ArgRPCURL))
@@ -2440,6 +2555,7 @@ or if it's actually an intermediate hash.`,
 	inputUlxlyArgs.timeout = ulxlyBridgeAndClaimCmd.PersistentFlags().Uint64(ArgTimeout, 60, "the amount of time to wait while trying to confirm a transaction receipt")
 	inputUlxlyArgs.gasPrice = ulxlyBridgeAndClaimCmd.PersistentFlags().String(ArgGasPrice, "", "the gas price to be used")
 	inputUlxlyArgs.dryRun = ulxlyBridgeAndClaimCmd.PersistentFlags().Bool(ArgDryRun, false, "do all of the transaction steps but do not send the transaction")
+	inputUlxlyArgs.insecure = ulxlyBridgeAndClaimCmd.PersistentFlags().Bool(ArgInsecure, false, "skip TLS certificate verification")
 	fatalIfError(ulxlyBridgeAndClaimCmd.MarkPersistentFlagRequired(ArgBridgeAddress))
 
 	// bridge specific args

diff --git a/doc/polycli_ulxly_bridge.md b/doc/polycli_ulxly_bridge.md
@@ -35,6 +35,7 @@ The command also inherits flags from parent commands.
       --dry-run                            do all of the transaction steps but do not send the transaction
       --gas-limit uint                     force a gas limit when sending a transaction
       --gas-price string                   the gas price to be used
+      --insecure                           skip TLS certificate verification
       --pretty-logs                        Should logs be in pretty format or JSON (default true)
       --private-key string                 the hex encoded private key to be used when sending the tx
       --rpc-url string                     the URL of the RPC to send the transaction

diff --git a/doc/polycli_ulxly_bridge_asset.md b/doc/polycli_ulxly_bridge_asset.md
@@ -109,6 +109,7 @@ The command also inherits flags from parent commands.
       --force-update-root                  indicates if the new global exit root is updated or not (default true)
       --gas-limit uint                     force a gas limit when sending a transaction
       --gas-price string                   the gas price to be used
+      --insecure                           skip TLS certificate verification
       --pretty-logs                        Should logs be in pretty format or JSON (default true)
       --private-key string                 the hex encoded private key to be used when sending the tx
       --rpc-url string                     the URL of the RPC to send the transaction

diff --git a/doc/polycli_ulxly_bridge_message.md b/doc/polycli_ulxly_bridge_message.md
@@ -106,6 +106,7 @@ The command also inherits flags from parent commands.
       --force-update-root                  indicates if the new global exit root is updated or not (default true)
       --gas-limit uint                     force a gas limit when sending a transaction
       --gas-price string                   the gas price to be used
+      --insecure                           skip TLS certificate verification
       --pretty-logs                        Should logs be in pretty format or JSON (default true)
       --private-key string                 the hex encoded private key to be used when sending the tx
       --rpc-url string                     the URL of the RPC to send the transaction