-
Notifications
You must be signed in to change notification settings - Fork 728
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EPIC: Add IBC rate limiting mechanism #1945
Comments
Our golang solution (mostly implemented using the Osmosis spec) will be done in a few weeks. I think it might make sense to upstream it into ibc-go, because 1) it's an ibc middleware 2) I imagine lots of teams might want to use this. Thoughts @crodriguezvega ? |
Theres also an axelar implementation of ours (or a similar) rate limiter in golang as well. |
@ValarDragon can you point me to the code? |
@adizere our rate limiter is probably going to be merged in the next week or so. Please feel free to review |
Thanks Aidan! Note the Informal team also reviewed the Osmosis solution and wrote an English spec for it (informalsystems/interchain#4).
This is a good idea. Will also discuss this with the IBC-go team. |
As soon as it gets merged we can add a link to it in ibc-go's registry. |
We should first put out a signaling proposal. |
Doc in review, after ok, will put on forum. |
Closing this as completed. Stride's implementation of the IBC rate limit module will be part of Gaia v16. |
Summary
A rate limiting mechanism ensures that, intuitively, only a limited amount of value can flow between an IBC channel on the Hub and a counterparty network. By value we can mean different things: token value, number of transfers, number of transfers per signer, number of transfers or value per destination, for example.
Problem Definition
Why do we need this feature? What problems may be addressed by introducing this feature?
In conjunction with a circuit breaker mechanism (SDK feature), rate limiting can help temper the impact of certain security problems by preventing anomalous transfers of funds across networks. The BNB hack is an example of a problem that could have been alleviated by a rate limiter.
Are there any disadvantages of including this feature?
Development time, testing, configuration, and maintenance of the rate limiter module is not for free. Another disadvantage is that a misconfiguring a rate limiter can mean that legitimate user transfers might be prevented (i.e., the rate limiter could have false positives) and also means that not all types of attacks will be addressed (can have false negatives).
Context
Osmosis team already adopted a rate limiter implemented as a wasm contract and had a few iterations on refining/bug fixes (here, here for example) their solution.
I think the Hub team has 2 options:
Adopt the Osmosis solution, either partly or entirely.
Re-implement the Osmosis solution as a Go module.
ratelimit
module IBC Rate Limiting Stride-Labs/stride#556Resources
This issue is merely a signal. Most likely, it will need to be broken down into multiple sub-issues and tracked accordingly.
Task list
Must have
Nice to have
The text was updated successfully, but these errors were encountered: