Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eth/gasprice: add query limit for FeeHistory to defend DDOS attack #29644

Merged
merged 2 commits into from
May 7, 2024
Merged

eth/gasprice: add query limit for FeeHistory to defend DDOS attack #29644

merged 2 commits into from
May 7, 2024
+4 −0

Conversation

NathanBSC
Copy link
Contributor

@NathanBSC NathanBSC commented Apr 25, 2024
edited
Loading

Add query limit to defend DDoS attack. Max allow 100 different percentiles in rewardPercentiles.

this PR is ported from bsc 2423

@NathanBSC NathanBSC marked this pull request as ready for review April 25, 2024 06:18
@NathanBSC NathanBSC marked this pull request as draft April 25, 2024 07:23
@NathanBSC NathanBSC marked this pull request as ready for review April 25, 2024 07:42
@NathanBSC
Copy link
Contributor Author

I checked the failed golangci-lint, It's strange
and on my mac, it's ok
image

@AaronChen0
Copy link
Contributor

AaronChen0 commented Apr 25, 2024
edited
Loading

Please rebase your commit. Your branch is 236 commits behind the master branch. And the return values of function FeeHistory was changed in this commit 1ec7af2

@fjl
Copy link
Contributor

fjl commented Apr 29, 2024
edited
Loading

This new limit is not necessary because it is already covered by other limits. The percentiles have to be in increasing order, and < 100. It is therefore impossible to submit more than 100.

There was a bug in the validation until recently, but it got fixed in #28954 .

@fjl fjl closed this Apr 29, 2024
@buddh0
Copy link
Contributor

buddh0 commented Apr 30, 2024
edited
Loading

This new limit is not necessary because it is already covered by other limits. The percentiles have to be in increasing order, and < 100. It is therefore impossible to submit more than 100.

the element of rewardPercentiles is type float64 now, not integer, so is it impossible to submit more than 100? @fjl

@buddh0 buddh0 mentioned this pull request May 6, 2024
Closed
@karalabe karalabe reopened this May 7, 2024
karalabe
karalabe approved these changes May 7, 2024
View reviewed changes
Copy link
Member

@karalabe karalabe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@karalabe karalabe added this to the 1.14.1 milestone May 7, 2024
holiman
holiman approved these changes May 7, 2024
View reviewed changes
Copy link
Contributor

@holiman holiman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@karalabe karalabe merged commit e4b8058 into ethereum:master May 7, 2024
2 of 3 checks passed
@BrewTestBot BrewTestBot mentioned this pull request May 8, 2024
Merged
@ian0371 ian0371 mentioned this pull request May 9, 2024
Merged
9 tasks
@yosuzzy yosuzzy mentioned this pull request May 30, 2024
Merged
jorgemmsilva pushed a commit to iotaledger/go-ethereum that referenced this pull request Jun 17, 2024
@NathanBSC @zlacfzy @jorgemmsilva
eth/gasprice: add query limit for FeeHistory to defend DDOS attack (e…
573c19b 
…thereum#29644)

* eth/gasprice: add query limit for FeeHistory to defend DDOS attack

* fix return values after cherry-pick

---------

Co-authored-by: Eric <[email protected]>
stwiname pushed a commit to subquery/data-node-go-ethereum that referenced this pull request Sep 9, 2024
@NathanBSC @zlacfzy @stwiname
eth/gasprice: add query limit for FeeHistory to defend DDOS attack (e…
3cd13ea 
…thereum#29644)

* eth/gasprice: add query limit for FeeHistory to defend DDOS attack

* fix return values after cherry-pick

---------

Co-authored-by: Eric <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holiman holiman holiman approved these changes

@karalabe karalabe karalabe approved these changes

@rjl493456442 rjl493456442 Awaiting requested review from rjl493456442 rjl493456442 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.14.2
Development

Successfully merging this pull request may close these issues.
7 participants
@NathanBSC @AaronChen0 @fjl @buddh0 @karalabe @holiman @zlacfzy