Update call, just return, 35M cycle consume!

machenjie · July 20, 2021, 10:10am

How to avoid DDOS attack of cycle consume!

How to avoid cycle consume with no sense?

dpdp · July 20, 2021, 11:45am

As far as I understood; if you trap the execution of an update call ( throw it would not decrease the cycles;

Example:

public shared (msg) func updateSomething(): async () {
    if(msg.caller != admin) { // throw and won't spend }
    // update state and will spend
}

machenjie · July 20, 2021, 12:00pm

I just use assert and throw, not work, cycle will be used.

nomeata · July 20, 2021, 12:26pm

35M cycles is 0.000035 $, isn’t it? Someone needs to send a lot of requests to your canister to make that noticable.

For update calls (but not inter-canister calls), you can use the canister_inspect_message feature to prevent calls from event entering the Internet Computer. This way you would not be charged at all. This is not available in Motoko, though.

For inter-canister calls you can find solace in the fact that the call costs the caller much more than what you pay for a quick rejection. To plug even that I expect that the cycle accounting will charge the first few million cycles not to the canister (but rather consider them paid by the caller’s fee for sending a message). Then your swift rejection will be free.

machenjie · July 20, 2021, 12:35pm

Thank you, canister_inspect_message is a good choose, but code is written by motoko, so sad!

nomeata · July 20, 2021, 12:42pm

It’s not as bad. Most canisters have some public method that anyone can call (e.g. registration). Once you have a single such message, and attacker can make you spend cycles, and you just have to live with that (and can stop worrying about counter measures). So as long as rejecting quickly is cheap enough to make the attacks practically too expensive, it’s kinda fine.

machenjie · July 20, 2021, 12:50pm

Maybe so. just go ahead and look.

mparikh · July 20, 2021, 7:31pm

IMO It is bad. I think that when ANY amount of $ can be lost by serving malafide requests, it totally exposes up a surface vector for attack. This should be prevented at the IC level in partnership with canisters.

senior.joinu · July 21, 2021, 12:17am

Every attack has a cost. It is not feasible for an attacker to drain any canister out of cycles if it will require more cycles to execute.

Siliev545 · July 21, 2021, 4:15pm

Are there any examples of how to use canister_inspect_message?

Topic		Replies	Views
Throwing during a cycle transfer Language Support Motoko	3	299	September 23, 2021
How does dfinity protect against using many update calls to make canister run out of cycles? DFINITY	7	843	July 18, 2023
Cannot delete canisters anymore Developers	55	2811	February 27, 2023
Canister gas/cycle cost Developers Discussing	3	543	August 19, 2023
Calculate an estimate of cycles consumption: a universal example Developers	28	2011	May 25, 2022

Update call, just return, 35M cycle consume!

Related Topics