Ahoy ICP devs,
As most of you know, there has been los of talk about cycles being burned as well as best practices for cycle manegament. We noticed that many folks were not aware of some best practices so we updated the developer documentation: Security Best Practices: Denial of Service. This guide is part of our ongoing commitment to provide comprehensive resources to help people build secure and robust dapps on the Internet Computer.
The new updates focuses on a critical aspect of security: protecting against Denial of Service (DoS) attacks. As you may know, canisters pay for their cycles, which makes them inherently vulnerable to attacks that consume all their cycles. This guide provides insights and recommendations on how to mitigate such threats.
Here are some key takeaways from the guide:
- Monitoring, early authentication, and rate limiting on the canister level can help mitigate potential DoS attacks.
- For query calls that cause significant computation and don’t modify the state, it’s advisable to not execute the expensive computation if the method is called as an update.
- Expensive calls that only need to be called from other canisters can require some amount of cycles to be sent along with the call to compensate for the cycles consumed by the execution.
Remember, these are just a few highlights. I strongly encourage you to read the full guide to get a comprehensive understanding of the best practices to protect against DoS attacks.
Please let me know if you see any mistakes or have any feedback.
