interesting
/
go-ethereum
mirror of https://github.com/ethereum/go-ethereum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

eth/gasprice: add query limit for FeeHistory to defend DDOS attack (#29644) 

* eth/gasprice: add query limit for FeeHistory to defend DDOS attack

* fix return values after cherry-pick

---------

Co-authored-by: Eric <45141191+zlacfzy@users.noreply.github.com>
This commit is contained in:
Nathan 2024-05-07 15:25:15 +08:00 committed by GitHub
parent 3e896c875a
commit e4b8058d5a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
eth/gasprice/feehistory.go
View File

@ -44,6 +44,7 @@ const (
// maxBlockFetchers is the max number of goroutines to spin up to pull blocks
// for the fee history calculation (mostly relevant for LES).
maxBlockFetchers = 4
maxQueryLimit = 100
)
// blockFees represents a single block for processing
@ -240,6 +241,9 @@ func (oracle *Oracle) FeeHistory(ctx context.Context, blocks uint64, unresolvedL
if len(rewardPercentiles) != 0 {
maxFeeHistory = oracle.maxBlockHistory
}
if len(rewardPercentiles) > maxQueryLimit {
return common.Big0, nil, nil, nil, nil, nil, fmt.Errorf("%w: over the query limit %d", errInvalidPercentile, maxQueryLimit)
}
if blocks > maxFeeHistory {
log.Warn("Sanitizing fee history length", "requested", blocks, "truncated", maxFeeHistory)
blocks = maxFeeHistory