go-ethereum icon indicating copy to clipboard operation
go-ethereum copied to clipboard

Published 20 hours ago verified publisher icon ethereum

internal/ethapi: crash casued by no limits for rewardPercentiles at interface FeeHistory

Open buddh0 opened this issue 9 months ago • 0 comments

there is no number limit for rewardPercentiles when maxBlockHistory set to 1024, then set 600k element(limited by rpc requtest size) in rewardPercentiles to call FeeHistory the node will crash, for too many memory need.

maybe only a few nodes set maxBlockHistory such a big number, but I think It's better to limit the number of rewardPercentiles to defend attack. so, please check this PR eth/gasprice: add query limit for FeeHistory to defend DDOS attack again, thx.

buddh0 avatar May 06 '24 02:05 buddh0