Security: RPC-API-CALL sendrawtransaction needs validation #116
Labels
A priority
bounty
make money
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
security
Comments
silkroadnomad
added
enhancement
|
hey @inspiraluna, i just blocked this bounty, can i get more context regarding to this task? Little more detail for the workflow would make things easier for me to work on this |
silkroadnomad
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When calling RPC-API sendrawtransaction please validate and limit the data given over the body parameters to prevent dDoS attacks.
This RPC-Call is located in:
meteor-api package: https://github.com/Doichain/meteor-api
inside file: server/api/rest/imports/send.js
around line 639: Api.addRoute(DOICHAIN_BROADCAST_TX, {
parameter*: !params.templateDataEncrypted || ... etc. is not yet limited.
The size of this parameter (size of data) should be able to be limited in settings
The question here is if restivus (the REST API package of meteor) already has such capabilities or we must do it AFTER we received 1 GB of data. I think this could be already too late here.
The text was updated successfully, but these errors were encountered: