forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-06-23 23:24:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

eth/gasprice: add query limit for FeeHistory to defend DDOS attack (#29644)

Browse source
This commit is contained in:
Daniel Liu 2025-03-13 16:47:42 +08:00
parent bdd7cf1f0c
commit 8f68af5da0
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
eth/gasprice/feehistory.go
View file

@ -42,6 +42,8 @@ const (
// maxBlockFetchers is the max number of goroutines to spin up to pull blocks
// for the fee history calculation (mostly relevant for LES).
maxBlockFetchers = 4
// maxQueryLimit is the max number of requested percentiles.
maxQueryLimit = 100
)
// blockFees represents a single block for processing
@ -221,6 +223,9 @@ func (oracle *Oracle) FeeHistory(ctx context.Context, blocks uint64, unresolvedL
if len(rewardPercentiles) != 0 {
maxFeeHistory = oracle.maxBlockHistory
}
if len(rewardPercentiles) > maxQueryLimit {
return common.Big0, nil, nil, nil, fmt.Errorf("%w: over the query limit %d", errInvalidPercentile, maxQueryLimit)
}
if blocks > maxFeeHistory {
log.Warn("Sanitizing fee history length", "requested", blocks, "truncated", maxFeeHistory)
blocks = maxFeeHistory