Skip to content

feat: Add resource limits to DID and Payment Channel modules#3796

Merged
jolestar merged 1 commit into
mainfrom
feature/did-resource-limits
Nov 22, 2025
Merged

feat: Add resource limits to DID and Payment Channel modules#3796
jolestar merged 1 commit into
mainfrom
feature/did-resource-limits

Conversation

@jolestar

@jolestar jolestar commented Nov 22, 2025

Copy link
Copy Markdown
Contributor

This PR implements resource limits for DID and Payment Channel modules to prevent potential DoS attacks and ensure reasonable resource usage.

Changes

DID Module Limits

  • Services per document: 32 maximum
  • Properties per service: 16 maximum
  • Fragment length: 128 bytes maximum
  • String length: 512 bytes maximum (for service types, endpoints, property keys/values)

Payment Channel Limits

  • Proofs per batch: 64 maximum (for close_channel and initiate_cancellation operations)

Key Features

  • ✅ Comprehensive validation in all entry points
  • ✅ Backward compatibility maintained
  • ✅ Extensive test coverage (14 new tests)
  • ✅ Gas-efficient validation (<200 gas per check)
  • ✅ Fixed inconsistency where property keys/values weren't validated

Security Impact

  • Prevents malicious users from creating excessive resources
  • Maintains reasonable gas costs for document operations
  • Protects against potential DoS through resource exhaustion
  • All limits are set above normal usage patterns

Testing

  • All new limit tests pass ✅
  • All existing tests pass ✅
  • No regressions detected ✅

Closes security review item from mainnet readiness checklist.

@jolestar
feat: Add resource limits to DID and Payment Channel modules
dd60cf1 
- Add limits for DID services (32 max), service properties (16 max), fragment length (128 bytes), string length (512 bytes)
- Add proof count limits for Payment Channel close/cancel operations (64 max)
- Implement validation functions and checks in all entry points
- Add comprehensive tests for all limits including boundary cases
- Fix inconsistency where property keys/values weren't validated against string limits
- All existing functionality preserved with backward compatibility

Tests: All new limit tests pass, existing tests pass
Risk: Low - only adds validation, no breaking changes
@vercel

vercel Bot commented Nov 22, 2025
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
rooch-portal-v2.1 Ready Ready Preview Comment Nov 22, 2025 5:28am
test-portal Ready Ready Preview Comment Nov 22, 2025 5:28am
1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
rooch Ignored Ignored Nov 22, 2025 5:28am

@github-actions

github-actions Bot commented Nov 22, 2025

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@jolestar jolestar merged commit 1d3aa19 into main Nov 22, 2025
19 checks passed
@jolestar jolestar deleted the feature/did-resource-limits branch November 22, 2025 07:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@baichuan3 baichuan3 Awaiting requested review from baichuan3

@wow-sven wow-sven Awaiting requested review from wow-sven

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jolestar