safe-react icon indicating copy to clipboard operation
safe-react copied to clipboard

Published 20 hours ago verified publisher icon safe-global

RPC use for Safe Apps

Open dasanra opened this issue 3 years ago • 5 comments

Title/Description

Some full featured safe apps rely on our web3 instance to fetch information from blockchain. This is something out of our control and it's usually a heavy usage. We are already pushing many queries to our RPC provider, so having more apps that don't optimize this enough will add cost for us.

Steps to reproduce

Try http://staking.synthetix.io/ using it as a safe app Open developer tools. Check that on each navigation the amount of requests is already pretty heavy Execute a transaction and check that queries are sent every few seconds to get the state of the transaction, at an approximate rate of 200 each 1 minute

The same behavior was detected with other full featured apps like Sorbet Finance https://www.sorbet.finance/

Expected result

We should find a way of limiting the amount of request or provide a different RPC endpoint to avoid that an external app overflows the api key we use for the Safe web

Backend involvement

Proxy specs: https://docs.google.com/document/d/1euMeCIH4FJxhuXCsKht_3HjPLZ6gC5od2odfQHuRJWY/edit?usp=sharing

Steps

  • [x] https://github.com/gnosis/safe-react/issues/2558
  • [ ] Look into rate limiting/analytics/proxy/etc

dasanra avatar Jun 01 '21 15:06 dasanra

Is there a way that we can identify which app sent which request? Is it possible to block just a single app?

How would we handle cases where one app causes unexpected extreme traffic and minimize the impact on other Safe apps?

While it is ok if we don't solve all of the question in 1 issue, we should generate a concrete plan that we can implement step by step.

rmeissner avatar Jun 17 '21 08:06 rmeissner

Is there a way that we can identify which app sent which request? Is it possible to block just a single app?

Would a proxy between interface <-> rpc endpoint help in this case?

Alchemy supports blocklists, but I'm not sure if they allow functionality for differentiating Safe Apps (maybe custom HTTP header)

mmv08 avatar Jun 17 '21 08:06 mmv08

I think is not related, but it might help. While developing the Uniswap Safe App i noticed that once a tx was made using the Gnosis provider, i wouldn't have the tx information inmediately. Maybe this is an issue other safe apps have and that's why they are making so many calls. If there was a way of making a tx and then asynchronously get the tx information, that would solve this type of problem

juampibermani avatar Jun 17 '21 15:06 juampibermani

Is this still relevant given that #2558 is closed? Rate-limiting could be now added on the backend and the RPC URL modified accordingly in the admin. Sounds like nothing to do on the frontend.

katspaugh avatar Dec 13 '21 10:12 katspaugh

Is this still relevant given that #2558 is closed? Rate-limiting could be now added on the backend and the RPC URL modified accordingly in the admin. Sounds like nothing to do on the frontend.

it is still relevant, the second point from the ticket ( Look into rate limiting/analytics/proxy/etc) wasn't addressed but we'd still like to have it. Perhaps we can close this one and create a separate, more specific one cc @dasanra

mmv08 avatar Dec 13 '21 11:12 mmv08