Can make a big sized tx that is able to be committed #3442
Comments
|
How exactly would this be a DOS attack vector besides committing these large txs to disk? |
|
I think a big transaction prevents other's transaction from committing because there is a limit on max block size. In addition, I suspect that block which has useless big transactions can increase the cost of network per nodes. Currently, cosmos-sdk is not charging fees or gas depending on the transaction's size, attackers can create transactions that lay more burden on nodes than they are consuming. |
|
Related, that we are working on for this release: #3256 |
jleni
pushed a commit
to Zondax/cosmos-sdk
that referenced
this issue
Jan 31, 2019
It defaults to false, users can override it via gaiacli config
and avoid to append --indent to all commands:
$ gaiacli config indent true
Closes: cosmos#2607
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
reopen if applicable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary of Bug
It is possible to make a big sized transaction because length of int is not restricted when amino decoding, and there is no restriction on denom's length in coin.
https://github.com/cosmos/cosmos-sdk/blob/develop/types/int.go#L59
Steps to Reproduce
By making cli skip to validate a coin like this, I can make transaction's size big. Of course, that transaction couldn't succeed. However, that can be passed ante handler, so honest validators will commit this transaction.
EX) gaiacli tx send --from test --to cosmos134zr33w96gsjwmxdwz6lmucpldnsszca23t88e --amount 9999999999999999999999testtttttttttt --chain-id gaia-10k --fees 1stake
I think it is possible to attack a DOS because attackers can make a big transaction with just consuming fees.
For Admin Use
The text was updated successfully, but these errors were encountered: