From d8b31ff22d830293d929521640ee86fdb0b29ca4 Mon Sep 17 00:00:00 2001 From: aldousalvarez Date: Mon, 23 May 2022 11:24:53 +0800 Subject: [PATCH] fix(security): close DDoS vulnerability in eth tx consistenty strategy Fixes #2001 Signed-off-by: aldousalvarez --- .../src/main/json/openapi.json | 1 + .../src/main/json/openapi.json | 1 + 2 files changed, 2 insertions(+) diff --git a/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json b/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json index 706be9574a..c675259cf8 100644 --- a/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json +++ b/packages/cactus-plugin-ledger-connector-besu/src/main/json/openapi.json @@ -369,6 +369,7 @@ "blockConfirmations": { "type": "integer", "minimum": 0, + "maximum": 20000, "description": "The number of blocks to wait to be confirmed in addition to the block containing the transaction in question. Note that if the receipt type is set to only wait for node transaction pool ACK and this parameter is set to anything, but zero then the API will not accept the request due to conflicting parameters." } } diff --git a/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json b/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json index 0b11c461e6..431087ec1b 100644 --- a/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json +++ b/packages/cactus-plugin-ledger-connector-xdai/src/main/json/openapi.json @@ -34,6 +34,7 @@ "blockConfirmations": { "type": "integer", "minimum": 0, + "maximum": 20000, "description": "The number of blocks to wait to be confirmed in addition to the block containing the transaction in question. Note that if the receipt type is set to only wait for node transaction pool ACK and this parameter is set to anything, but zero then the API will not accept the request due to conflicting parameters." }, "pollIntervalMs" : {