Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for client-submitted transactions with ReCaptcha and allow-all validations #24

Merged
merged 1 commit into from Sep 20, 2022
Merged

Support for client-submitted transactions with ReCaptcha and allow-all validations #24

merged 1 commit into from Sep 20, 2022

Conversation

sevazhidkov
Copy link
Collaborator

Currently, Octane doesn't support transaction that are submitted from client. Such transactions could be used to drain fee payer by requesting many transactions, breaking the state for them (for example, by withdrawing all of the tokens), then submitting them to the network with skip-preflight options. Fee payers get charged, but transaction fails.

For some fee payers, spending these fees could be tolerable and, basically, "cost of doing business". This PR introduces a non-default config option. When enabled, transfer and createAssociatedTokenAccount endpoints return signatures, instead of submitting transactions. buildWhirlpoolsSwap in this case will return pre-signed transaction, so sendWhirlpoolsSwap can be omitted.

The config option could be:

"returnSignature": {
    "type": "allowAll"
}

This way, all transactions will be allowed.

Alternatively, this config option will only pre-sign transactions if user passed reCaptcha validation:

"returnSignature": {
    "type": "reCaptcha",
    "reCaptchaProjectId": "",
    "reCaptchaSiteKey": "",
    "reCaptchaMinScore": 0.5
},

In this case, node operator has to set RECAPTCHA_API_KEY variable and pass reCaptchaToken with request.

@sevazhidkov sevazhidkov merged commit 589818b into anza-xyz:master Sep 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sevazhidkov