GasGuard now features a robust multi-chain RPC failover system:
- Provider Management: Configurable list of primary, secondary, and fallback RPC endpoints per chain.
- Automatic Failover: Detects failures or high latency and switches to backup providers with retry logic.
- Health Monitoring: Tracks response time, error rates, and uptime for each provider. Health status is available via the
/v1/analytics/rpc-healthendpoint. - Security: All sensitive RPC URLs and API keys are managed via environment variables.
- Logging: Failover events are logged for diagnostics and auditing.
See the code in apps/api/src/services/rpc-provider-manager.ts and apps/api/src/services/cross-chain-gas.service.ts for implementation details.
All sensitive RPC URLs and API keys should be set via environment variables (e.g., ETHEREUM_RPC_URL, POLYGON_RPC_URL, etc.). Never commit secrets to source control. Use a .env file or your deployment environment's secret manager.
Example .env:
ETHEREUM_RPC_URL=https://mainnet.infura.io/v3/your-key
POLYGON_RPC_URL=https://polygon-mainnet.infura.io/v3/your-key
BSC_RPC_URL=https://bsc-dataseed1.binance.org
ARBITRUM_RPC_URL=https://arb1.arbitrum.io/rpc
OPTIMISM_RPC_URL=https://mainnet.optimism.io
The backend will automatically use these for primary endpoints and failover to public endpoints if needed.
GasGuard is an open-source static analysis tool built to secure and optimize the Stellar ecosystem (Soroban), with extended support for Ethereum and Layer 2 networks. By identifying inefficient storage patterns and redundant operations during development, GasGuard enables developers to ship leaner code, reducing end-user transaction costs by an estimated 15-30%.
In the high-stakes world of smart contracts, inefficient code is more than a nuisanceβit's an expense. GasGuard analyzes codebases to find "gas-heavy" patterns before they reach the mainnet. Specifically optimized for Soroban's resource limits, it ensures that Stellar developers can maximize their contract's efficiency and reach.
As Web3 scales, transaction costs remain a significant barrier to entry.
- Legacy Patterns: Many developers use outdated coding patterns that result in "bloated" contracts.
- Tooling Gap: Existing tools are often too complex for junior developers or lack native support for modern environments like Soroban or Optimism.
- Resource Exhaustion: On Stellar, exceeding CPU or Ledger limits can cause contract failure; developers need early-warning systems to prevent this.
- π Static Analysis: Scans code for common gas-heavy patterns (e.g., inefficient loops, unoptimized storage slots).
- π‘ Auto-Refactor Suggestions: Provides "Copy-Paste" ready code snippets to replace inefficient logic instantly.
- π€ CI/CD Integration: A dedicated GitHub Action that runs on every push, ensuring no "gas regressions" are introduced.
- π Educational Tooltips: Every suggestion includes a link to documentation explaining why the change saves money, fostering developer growth.
- Phase 1: Complete the Core CLI tool for local developer use (Rust/Soroban focus).
- Phase 2: Launch the GitHub Action Marketplace integration for automated PR reviews.
- Phase 3: Establish a "Community Ruleset" allowing users to contribute new optimization patterns via Pull Requests.
- Public Good: The core engine is 100% free and MIT-licensed to benefit the entire developer community.
- Scalability: The modular design allows us to add support for 3 new languages (Rust, Vyper, Move) over the next 6 months.
- Sustainability: We use Drips to "pass through" 15% of our funding to the foundational security libraries (like Slither or Cargo-Audit) that power our engine.
GasGuard/
βββ apps/
β βββ api/ # Nest.js backend handling remote scan requests
β βββ api-service/ # Enhanced API service with database and E2E testing
βββ libs/
β βββ engine/ # Core logic for parsing Rust, Solidity, and Vyper
βββ packages/
β βββ rules/ # Library of optimization rules and logic
βββ .gitignore # Optimized for Node.js and Rust
βββ LICENSE # MIT Licensed
The public API includes IP-based rate limiting to protect against abuse and ensure fair usage.
| Setting | Value | Description |
|---|---|---|
| Limit | 10 requests | Maximum requests per IP address |
| Window | 60 seconds | Time window for rate limit |
| Response | HTTP 429 | Returned when limit is exceeded |
Rate limiting is implemented using @nestjs/throttler and applies globally to all public API endpoints.
cd apps/api
npm install
npm run startThe API will be available at http://localhost:3000.
The GasGuard API uses NestJS built-in versioning with URI-based versioning strategy. All endpoints require a version prefix.
- Type: URI-based versioning
- Current Version:
v1 - Format: All endpoints must include
/v1/prefix - Unversioned Requests: Return
404 Not Found
# β
Correct - Versioned endpoint
GET /v1/example
# β Incorrect - Unversioned (returns 404)
GET /exampleWhen creating new controllers, always include the @Version('1') decorator:
import { Controller, Get, Version } from '@nestjs/common';
@Controller('users')
@Version('1')
export class UsersController {
@Get()
findAll() {
// Accessible at GET /v1/users
}
}Versioning is configured in apps/api/src/main.ts:
app.enableVersioning({
type: VersioningType.URI,
// No defaultVersion - unversioned requests return 404
});This ensures all API consumers explicitly specify the version, making the API future-proof for version migrations.
GasGuard includes comprehensive end-to-end testing to ensure reliable gasless transaction flows across all services.
- Framework: Jest with Supertest for API testing
- Blockchain: Hardhat local network for contract interactions
- Services: Dockerized PostgreSQL, Redis, and mock RPC providers
- Coverage: Full gasless transaction workflows and failure scenarios
# Install dependencies
pnpm install
# Start test environment
docker-compose -f apps/api-service/docker-compose.e2e.yml up -d
# Run E2E tests
cd apps/api-service
pnpm run test:e2e
# Or run from root
pnpm run test:e2eapps/api-service/test/
βββ e2e/ # E2E test suites
β βββ basic-api.e2e-spec.ts
β βββ gasless-transaction.e2e-spec.ts
β βββ failure-scenarios.e2e-spec.ts
β βββ contract-interaction.e2e-spec.ts
βββ utils/ # Test utilities
β βββ test-helpers.ts
β βββ blockchain-setup.ts
βββ fixtures/ # Test data fixtures
For detailed information, see:
GasGuard includes a comprehensive audit logging system for enterprise compliance and accountability. The system tracks all critical actions including:
- API Requests: Every endpoint access with status, latency, and requestor information
- Key Management: API key creation, rotation, and revocation events
- Gas Transactions: All gas transaction submissions and processing with chain context
- Immutable Storage: Append-only logs with SHA256 integrity verification
- Enterprise Reporting: CSV/JSON export, advanced filtering, and compliance reports
- β Automatic HTTP request capture via interceptor
- β Multi-chain support (Ethereum, Solana, Stellar, etc.)
- β PostgreSQL storage with optimized indexing
- β RESTful API for querying and exporting logs
- β 70%+ test coverage with unit and E2E tests
- β Configurable retention policies
# Query logs with filtering
curl "http://localhost:3000/audit/logs?eventType=APIRequest&from=2024-02-01&to=2024-02-28"
# Export logs for compliance
curl -X POST "http://localhost:3000/audit/logs/export" \
-H "Content-Type: application/json" \
-d '{"format": "csv"}' > audit-logs.csvFor comprehensive documentation, see:
- Node.js 18+
- Docker & Docker Compose
- pnpm package manager
- Rust toolchain (for core engine)
# Clone the repository
git clone https://github.com/your-username/GasGuard.git
cd GasGuard
# Install dependencies
pnpm install
# Run tests
pnpm run test
# Start the API
cd apps/api
npm run start:devWe welcome contributions! Please see our contributing guidelines for more details.
This project is licensed under the MIT License - see the LICENSE file for details.