fix(detectors): disable verification for decommissioned blocknative API#5097
Open
Tanmay9223 wants to merge 2 commits into
Open
fix(detectors): disable verification for decommissioned blocknative API#5097Tanmay9223 wants to merge 2 commits into
Tanmay9223 wants to merge 2 commits into
Conversation
trufflesecurity#4982) The Blocknative gas estimation API was shut down on June 19, 2026. This commit migrates the blocknative credential verification to use the drop-in replacement API provided by LogicNodes. - Updated API endpoint from blocknative.com to logicnodes.io - Updated request method to POST and added JSON payload - Handled 402 Payment Required as an expected unverified response
Removes the LogicNodes verification endpoint as it is a third-party service. Since Blocknative API is shut down, verification is marked as unverified (false) to prevent credential leaks.
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Reviewed by Cursor Bugbot for commit 370c19f. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Description:
The Blocknative gas estimation API was shut down on June 19, 2026. This PR disables the Blocknative credential verification logic in
pkg/detectors/blocknative/blocknative.gosince verification against the original issuer is no longer possible.The original issue suggested migrating to a third-party LogicNodes endpoint as a drop-in replacement, but we explicitly rejected that approach because sending detected secrets to an unaffiliated third party introduces a severe security risk and changes the trust model of the scanner. Therefore, the detector now safely returns unverified (
false, nil) for all detected Blocknative keys without making any network requests.Closes #4982.
Checklist:
make test-community)?make lintthis requires golangci-lint)?