Client: add tests and config references for JSON-RPC payload limits

Author: ether-wan

packages/client/bin/repl.ts

@@ -7,7 +7,7 @@ import { startRPCServers } from './startRPC.ts'
 import { generateClientConfig, getArgs } from './utils.ts'
 
 import type { Common, GenesisState } from '@ethereumjs/common'
-import type { Config } from '../src/config.ts'
+import { Config } from '../src/config.ts'
 import type { EthereumClient } from '../src/index.ts'
 import type { ClientOpts } from '../src/types.ts'
 
@@ -42,8 +42,8 @@ const setupClient = async (
     jwtSecret: '',
     rpcEngineAuth: false,
     rpcCors: '',
-    rpcEthMaxPayload: args.rpcEthMaxPayload ?? '5mb',
-    rpcEngineMaxPayload: args.rpcEngineMaxPayload ?? '15mb',
+    rpcEthMaxPayload: args.rpcEthMaxPayload ?? Config.RPC_ETH_MAXPAYLOAD_DEFAULT,
+    rpcEngineMaxPayload: args.rpcEngineMaxPayload ?? Config.RPC_ENGINE_MAXPAYLOAD_DEFAULT,
   })
 
   return { client, executionRPC: servers[0], engineRPC: servers[1] }

packages/client/bin/utils.ts

@@ -199,12 +199,12 @@ export function getArgs(): ClientOpts {
       .option('rpcEthMaxPayload', {
         describe: 'Define max JSON payload size for eth/debug RPC requests',
         string: true,
-        default: '5mb',
+        default: Config.RPC_ETH_MAXPAYLOAD_DEFAULT,
       })
       .option('rpcEngineMaxPayload', {
         describe: 'Define max JSON payload size for engine RPC requests',
         string: true,
-        default: '15mb',
+        default: Config.RPC_ENGINE_MAXPAYLOAD_DEFAULT,
       })
       .option('jwtSecret', {
         describe: 'Provide a file containing a hex encoded jwt secret for Engine RPC server',

packages/client/src/config.ts

@@ -366,7 +366,7 @@ export class Config {
   public readonly events: EventEmitter<EventParams>
 
   public static readonly CHAIN_DEFAULT = Mainnet
-  public static readonly SYNCMODE_DEFAULT = SyncMode.None
+  public static readonly SYNCMODE_DEFAULT = SyncMode.Full
   public static readonly DATADIR_DEFAULT = `./datadir`
   public static readonly PORT_DEFAULT = 30303
   public static readonly MAXPERREQUEST_DEFAULT = 100

packages/client/test/util/rpc.spec.ts

@@ -32,7 +32,7 @@ describe('[Util/RPC]', () => {
         const httpServer = createRPCServerListener({
           server,
           withEngineMiddleware: { jwtSecret: new Uint8Array(32) },
-          maxPayload: '15mb',
+          maxPayload: Config.RPC_ETH_MAXPAYLOAD_DEFAULT,
         })
         const wsServer = createWsRPCServerListener({
           server,
@@ -75,7 +75,7 @@ describe('[Util/RPC]', () => {
     const httpServer = createRPCServerListener({
       server,
       withEngineMiddleware: { jwtSecret: new Uint8Array(32) },
-      maxPayload: '15mb',
+      maxPayload: Config.RPC_ENGINE_MAXPAYLOAD_DEFAULT,
     })
     const wsServer = createWsRPCServerListener({
       server,
@@ -86,6 +86,96 @@ describe('[Util/RPC]', () => {
       'should return http and ws servers',
     )
   })
+  it('should reject oversized RPC payloads', async () => {
+    const config = new Config({
+      accountCache: 10000,
+      storageCache: 1000,
+      rpcEthMaxPayload: '1kb',
+      rpcEngineMaxPayload: '10mb',
+    })
+    const client = await EthereumClient.create({ config, metaDB: new MemoryLevel() })
+
+    const manager = new RPCManager(client, config)
+    const { logger } = config
+    const methodConfig = Object.values(MethodConfig)[0]
+    const { server } = createRPCServer(manager, {
+      methodConfig,
+      rpcDebug: 'eth',
+      logger,
+      rpcDebugVerbose: undefined as any,
+    })
+
+    const ethHttpServer = createRPCServerListener({
+      server,
+      withEngineMiddleware: undefined,
+      maxPayload: config.rpcEthMaxPayload,
+    })
+
+    const engineHttpServer = createRPCServerListener({
+      server,
+      withEngineMiddleware: undefined,
+      maxPayload: config.rpcEngineMaxPayload,
+    })
+
+    const ethPort = 8545
+    const enginePort = 8551
+
+    ethHttpServer.listen(ethPort)
+    engineHttpServer.listen(enginePort)
+
+    const oversizedEthPayload = JSON.stringify({
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'eth_getBlockByNumber',
+      params: ['latest', true],
+      data: 'eth'.repeat(2500),
+    })
+
+    const oversizedEnginePayload = JSON.stringify({
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'engine_newPayloadV2',
+      params: [
+        {
+          baseFeePerGas: '0x',
+          blockHash: '0x',
+          blockNumber: '0x',
+          extraData: '0x'.repeat(2500),
+          feeRecipient: '0x',
+          gasLimit: '0x',
+          gasUsed: '0x',
+          logsBloom: '0x',
+          parentHash: '0x',
+          prevRandao: '0x',
+          receiptsRoot: '0x',
+          stateRoot: '0x',
+          timestamp: '0x',
+          transactions: [],
+        },
+      ],
+    })
+
+    const resEth = await fetch(`http://localhost:${ethPort}`, {
+      method: 'POST',
+      body: oversizedEthPayload,
+      headers: { 'Content-Type': 'application/json' },
+    })
+
+    const resEngine = await fetch(`http://localhost:${enginePort}`, {
+      method: 'POST',
+      body: oversizedEnginePayload,
+      headers: {
+        'Content-Type': 'application/json',
+      },
+    })
+
+    assert.strictEqual(
+      resEth.status,
+      413,
+      'ETH server should reject oversized payload with 413 status',
+    )
+    assert.strictEqual(resEngine.status, 200, 'ENGINE server should accept oversized payload')
+  })
 })
 
 describe('[Util/RPC/Engine eth methods]', async () => {