near-contract-helper icon indicating copy to clipboard operation
near-contract-helper copied to clipboard

Published 20 hours ago verified publisher icon near

Rate limit faucet by IP

Open kcole16 opened this issue 4 years ago • 2 comments

Overview

We're experiencing issues with users "mining" the faucet to accumulate large amounts of NEAR.

To prevent this, we should implement rate limiting by IP address.

Relevant route: https://github.com/near/near-contract-helper/blob/master/app.js#L83

Acceptance Criteria

  • [ ] A unique IP address is unable to receive more than 500 NEAR per hour (1 account)
  • [ ] Calls to /account return an error "Account limit reached. Try again in 60 minutes" if the IP is over the limit

kcole16 avatar Jun 02 '20 20:06 kcole16

Closing for now, as we decided to adjust faucet amount instead

kcole16 avatar Jun 02 '20 22:06 kcole16

@kcole16 I think we should re-open with lower priority. We still need to figure out long term solution.

Maybe for example we should always use POA setup as primary networks for development and have strict limits on testnet/betanet faucets, etc.

vgrichina avatar Jun 02 '20 23:06 vgrichina