You are viewing a single comment's thread from:

RE: [Steemplus API] [v1.0] [Bug-Report] DOS Vulnerability in the API caused by the SPP-Job

in #utopian-io6 years ago

Hi @mwfiae, thanks for your report. I worked on that part of Steem-plus and I apparently did a smaaaaall mistake haha.
I just want to clarify a point. When you say It is also possible (by creating a few requests in parallel) that some of the points are missing or doubled in the database, depending on the exact moment this is attempted., it is actually not possible to double your points because we only proceed data created after the last entry of our database. We decided to execute the job once every hour at first not to overload our server, but we could have done it every 5 minutes. :)

6 years ago in #utopian-io by
$0.00
    Reply 1
    Sort:  
  • Trending
    • [-]
     6 years ago  

    Hi Cedric,

    Mistakes can happen that's why it's open source, so that mistakes can be spotted easily and fixed before harm is done :)

    After some consideration I think you are right, it shouldn't be possible to double the points, but it's very easily possible to miss points entirely.
    But anyhow, that's resolved now by securing the function :)

    Also can you please contact me on discord? I think I found a few other points that need consideration :)
    MWFIAE#7029

    Greeting,
    MW