RPC vulnerable to DoS #5778

rob-solana · 2019-09-04T17:38:07Z

RPC is unauthenticated, free, and probably not hardened against DoS attacks, like slow clients, infinite requests, infinite connections, etc.

audit and fix? add authentication to RPC?

mvines · 2020-02-20T16:20:42Z

For now we mitigate this by recommending that staked validators not expose an RPC port, and instead provide RPC from an unstaked "api node"

rob-solana added this to the The Future! milestone Sep 4, 2019

mvines modified the milestones: The Future!, Sultans v0.21.0 Sep 4, 2019

mvines modified the milestones: Sultans v0.21.0, Supertubes v0.22.0 Nov 5, 2019

mvines modified the milestones: Supertubes v0.22.0, v0.23.0 Nov 25, 2019

mvines modified the milestones: Tofino v0.23.0, Rincon v0.24.0 Jan 13, 2020

ryoqun mentioned this issue Jan 21, 2020

snapshots security may need to be improved #7167

Closed

4 tasks

mvines modified the milestones: Rincon v0.24.0, v0.25.0 Feb 20, 2020

mvines mentioned this issue Mar 14, 2020

RPC does not rate limit egress traffic #8862

Closed

mvines modified the milestones: v1.1.0, v1.2.0 Mar 16, 2020

everstake mentioned this issue Apr 13, 2020

Teach our validators how to protect themselves #6291

Closed

mvines modified the milestones: v1.2.0, The Future! Apr 19, 2020

leoluk mentioned this issue Aug 29, 2020

TdS incident 2020-08-28 #11882

Closed

leoluk added the security Pull requests that address a security vulnerability label Feb 15, 2021

mvines closed this as completed Feb 14, 2023

Provide feedback