Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HackerOne-2485380] Prevent DOS by limiting sent requests to one per peer #3257

Merged
merged 3 commits into from
May 23, 2024
Merged

[HackerOne-2485380] Prevent DOS by limiting sent requests to one per peer #3257

merged 3 commits into from
May 23, 2024

Conversation

raychu86
Copy link
Contributor

Motivation

This PR aims to solve a DOS vector that is outlined in #3243, where a malicious validator can fill up the max_redundant_requests and not respond. This PR adjusts the rules so that we only send one request for that item to a given peer at a time.

This means that max_redundant_requests can only be reached with unique peers. And because max_redundant_requests is based on the availability threshold you can expect at least one node to be honest.

Test Plan

A test has been added to ensure that the functionality of contains_peer_with_sent_request is as intended.

@raychu86 raychu86 requested a review from ljedrz May 16, 2024 00:06
@raychu86 raychu86 mentioned this pull request May 16, 2024
Open
@ghostant-1017
Copy link
Contributor

LGTM!

ljedrz
ljedrz approved these changes May 16, 2024
View reviewed changes
Copy link
Collaborator

@ljedrz ljedrz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@howardwu howardwu merged commit 6065ee2 into mainnet-staging May 23, 2024
4 of 24 checks passed
@howardwu howardwu deleted the feat/bound-requests branch May 23, 2024 22:31
zosorock added a commit that referenced this pull request May 24, 2024
@zosorock
Revert "Merge pull request #3257 from AleoNet/feat/bound-requests"
01f1b86 
This reverts commit 6065ee2, reversing
changes made to b55162b.
vicsn added a commit to AleoHQ/snarkOS that referenced this pull request May 28, 2024
@vicsn
Revert "Revert "Merge pull request AleoNet#3257 from AleoNet/feat/bou…
53cd24c 
…nd-requests""

This reverts commit 01f1b86.
joske pushed a commit to eqlabs/snarkOS that referenced this pull request May 29, 2024
@zosorock @joske
Revert "Merge pull request AleoNet#3257 from AleoNet/feat/bound-reque…
4f5ec5b 
…sts"

This reverts commit 6065ee2, reversing
changes made to b55162b.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljedrz ljedrz ljedrz approved these changes

@howardwu howardwu howardwu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@raychu86 @ghostant-1017 @ljedrz @howardwu