How does the responder in the oracle know if he has already responded？

Baixin.chain · January 20, 2021, 1:45am

How does the responder in the oracle know if he has already responded？
After the query is made, the responder responds, but when the responder gets the data from the node, it has no way of knowing whether the question has been answered
I also looked for the API of the node and did not find this field

philipp.chain · January 20, 2021, 8:34am

Per query there can only be one response, so the responder can check if a query already has a response. The queries endpoint also includes the responses.

Baixin.chain · January 20, 2021, 8:45am

So how does the responder check if it has been matched? By what?
The responder retrieves unresponded queries with /oracles/{pubkey}queries, but the interface continues to return data after the response

philipp.chain · January 20, 2021, 9:09am

it continues to return data, but also returns the already answered query, so you can filter out those that already have an response attached

Baixin.chain · January 20, 2021, 9:12am

There may be a problem
The interface has no paging data, and the data retention is dependent on the height of the setting. A persistent query attack against an existing oracle (polling requests all the time) can generate a lot of junk

Baixin.chain · January 20, 2021, 9:18am

Imagine if an attacker made 10W requests to the data provider. It would be difficult for the data provider to retrieve the data, and it would be difficult for the data provider to find out which one had been answered

Baixin.chain · January 20, 2021, 9:23am

I think it would be better to make a distinction, add an answered and unanswered interface to the node, and add pagination

philipp.chain · January 20, 2021, 9:24am

is this an actual issue you see? the chain prunes oracle data after the ttl has timed out, so I guess this will never be an issue.

philipp.chain · January 20, 2021, 9:24am

lets not get stuck in change requests that are not an actual problem

Baixin.chain · January 20, 2021, 9:25am

The TTL can be set very high and is also set by the querier. If set to 999999, this data will exist for more than a year. What if it’s higher?
Very few people use oracles these days, and if someone is already using them, it’s definitely an attack

philipp.chain · January 20, 2021, 9:28am

fees rise with the ttl, so its draining the attackers funds, making it a non-viable attack

philipp.chain · January 20, 2021, 9:29am

as an oracle operator and user you don’t have to use that endpoint, you can also listen to the chain and find queries that way

Baixin.chain · January 20, 2021, 9:31am

I will try the attack, if successful, I will reply to the post, see how much the attack cost should be, if the attack cost is very large, then this problem will not exist, thank you for your answer

philipp.chain · January 20, 2021, 9:32am

please also check if listening to the chain mitigates potential issues using that endpoint

Baixin.chain · January 20, 2021, 9:33am

Okay, thank you