Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Normalize allowlist lookups to use lowercase non-checksummed authenticated address #838

Merged
merged 4 commits into from
Oct 28, 2024
Merged

Normalize allowlist lookups to use lowercase non-checksummed authenticated address #838

merged 4 commits into from
Oct 28, 2024

Conversation

pschork
Copy link
Contributor

@pschork pschork commented Oct 25, 2024
edited
Loading

Why are these changes needed?

This mitigates a recent incident where the allowlist contained a non-checksummed address for LayerN, but LayerN requests contained a checksummed address resulting in failed rateConfig lookup.

This change normalizes the addresses to lowercase when loading the allowlist rateConfig, and always lowers the authenticatedAccount when doing rate bucket lookup.

This approach allows the allowList to be specified as checksummed or non-checksummed address, as well as the dispersalRequest account to be specified as checksummed or non-checksummed address.

Checks

  • I've made sure the lint is passing in this PR.
  • I've made sure the tests are passing. Note that there might be a few flaky tests, in that case, please comment that they are not relevant.
  • I've checked the new test coverage and the coverage percentage didn't drop.
  • Testing Strategy
    • Unit tests
    • Integration tests
    • This PR is not tested :(

@pschork
Adds fallback allowlist lookup of authenticated address
4b53e54 
This mitigates a recent incident where allowlist contained a
non-checksummed address for LayerN, but LayerN requests contained a checksummed
address resulting in failed rateConfig lookup.
@pschork pschork force-pushed the pschork/checksum_ratelimit_fallback branch from ab4db13 to 4b53e54 Compare October 25, 2024 20:56
@pschork pschork force-pushed the pschork/checksum_ratelimit_fallback branch from 14dd7db to bef16d6 Compare October 28, 2024 17:46
@pschork pschork force-pushed the pschork/checksum_ratelimit_fallback branch from bef16d6 to 36ca4b5 Compare October 28, 2024 17:47
@pschork pschork marked this pull request as ready for review October 28, 2024 17:48
@pschork pschork changed the title Adds fallback allowlist lookup of authenticated address Normalize allowlist lookups to use lowercase non-checksummed lookups of authenticated address Oct 28, 2024
@pschork pschork changed the title Normalize allowlist lookups to use lowercase non-checksummed lookups of authenticated address Normalize allowlist lookups to use lowercase non-checksummed authenticated address Oct 28, 2024
@pschork pschork requested a review from ian-shim October 28, 2024 19:30
ian-shim
ian-shim approved these changes Oct 28, 2024
View reviewed changes
Copy link
Contributor

@ian-shim ian-shim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this!

disperser/apiserver/config.go Outdated Show resolved Hide resolved
disperser/apiserver/server.go Outdated Show resolved Hide resolved
@pschork pschork merged commit bee55ed into master Oct 28, 2024
9 checks passed
ian-shim pushed a commit to ian-shim/eigenda that referenced this pull request Oct 29, 2024
@pschork @ian-shim
Normalize allowlist lookups to use lowercase non-checksummed authenti…
89fbb05 
…cated address (Layr-Labs#838)
@pschork pschork deleted the pschork/checksum_ratelimit_fallback branch November 5, 2024 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ian-shim ian-shim ian-shim approved these changes

@bxue-l2 bxue-l2 bxue-l2 approved these changes

@mooselumph mooselumph Awaiting requested review from mooselumph

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pschork @bxue-l2 @ian-shim