I’ve built lot of stuff on ICP last year, mainly games and fun stuffs, but recently with Europe trying to censure and control everything I was wondering if I could build something more useful.
And obviously the answer was yes and it’s probably why big tech companies don’t want to build on ICP, because it can give real privacy to users.
So I’ve built a platform that offer onchain streaming + a place to share informations directly onchain from several canisters after people log in with Internet Identity. There is a gating for prevent from bots attack on all the canisters cycles and be sure that people will not abuse from the free streaming feature.
I don’t know if anyone will really use my website except me, but I’m proud to did it. some feature are still in beta but I would appreciate some feedbacks from the ICP community !
frontend canister : rqzlv-aqaaa-aaaap-qqsaq-cai.icp0
or your bot attacks, I would definitely put it somewhere in the structural, not as a gate, something in terms of the, as an encoding value where it can’t be broken and you can detect and deter. It’s, I have some systems in place like that as well already.
Thanks for the feedback. I’ve tried the system you describe, but here are the 2 problem I’ve faced with your approached :
- a value in the backend even crypted can be find and decrypted by an attacker
- a value in the wasm can’t be decrypted or read by the attacker but each call to the check is consumming cycles, so if 1000 bots attack, they will successfully be rejected but they will all consume cycles.
if you found a way to make the verification/rejection not sucking the cycles on the canisters I would be very interested if you can share it with me 
Don’t put the gate at the canister. Put it at the edge. Cloudflare Workers are free tier up to 100K requests/day. Your ICP canister sees only coherent, pre-validated traffic. Bots burn Cloudflare’s CPU, not your cycles.
A 3-layer architecture means bots never reach the canister. VIGILIA ( Innerweb Model) and UMBRA (Sovereign model) reject at Cloudflare edge (free Cloudflare absorbs the compute). Only signals that pass edge + browser shields reach the canister, where a coherence check costs effectively zero cycles.
edge doctrine: DDoS IS a cascade attack — treat it as one. |
// A bot flood against ICP canisters is mathematically equivalent to a |
// power-grid cascade: one overloaded node triggers the next. VIGILIA |
// (AIS-006) and UMBRA (AIS-022) act as IRONVEIL circuit breakers at the |
// Cloudflare edge — cutting the cascade before it reaches the substrate. |
Threat types: injection, exfiltration, manipulation, deception, denial, escalation, persistence, lateral_movement. Regex pattern matching on every request body. DDoS/flood patterns hit the denial classifier and are rejected at edge with a JSON severity: ‘criticum’ response. Zero cycles consumed.
Thanks for sharing ! I’ll explore this solution, big thanks !