From 55d8d8f06c26b466043930ab6f4866ee1434d8f4 Mon Sep 17 00:00:00 2001 From: aldousalvarez Date: Mon, 23 May 2022 11:24:53 +0800 Subject: [PATCH] fix(security): close DDoS vulnerability in eth tx consistenty strategy Fixes #2001 Signed-off-by: aldousalvarez --- .../src/main/json/openapi.json | 1 + .../src/main/json/openapi.json | 1 + 2 files changed, 2 insertions(+) diff --git a/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json b/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json index 706be9574a2..c675259cf81 100644 --- a/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json +++ b/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json @@ -369,6 +369,7 @@ "blockConfirmations": { "type": "integer", "minimum": 0, + "maximum": 20000, "description": "The number of blocks to wait to be confirmed in addition to the block containing the transaction in question. Note that if the receipt type is set to only wait for node transaction pool ACK and this parameter is set to anything, but zero then the API will not accept the request due to conflicting parameters." } } diff --git a/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json b/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json index 0b11c461e63..431087ec1b6 100644 --- a/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json +++ b/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json @@ -34,6 +34,7 @@ "blockConfirmations": { "type": "integer", "minimum": 0, + "maximum": 20000, "description": "The number of blocks to wait to be confirmed in addition to the block containing the transaction in question. Note that if the receipt type is set to only wait for node transaction pool ACK and this parameter is set to anything, but zero then the API will not accept the request due to conflicting parameters." }, "pollIntervalMs" : {