Matching in the Tuplespace- The Core issue:
...
* Put in a bunch of filters for someone that wants data that are nonsense, and if it is on a channel where you are allowing people to write whatever kinds of filter they want.
* Make the cost of failure constant (may not work)* Because of the current relation rholang <-> rpsace, and how the match is done inside RSpace, we have to use available phloLimit
for each and every (bind pattern, data candidate) pair. Meaning that if I have 100
phlos left and I need to do a consume
on join
then each pattern will get all 100
phlos. This means that it's possible to construct a rholang program that would go into the rspace
with n
phlos left and each match
cost n-1
phlos. In the end, once we leave RSpace we will fail this deploy but the attacker might have just expolited the node
Solutions:
- Order the matches by complexity. Sort the potential productions, sort the potential consumptions.
Sort the input data at the time of insertion. Data in a channel is in an order at insertion.
Construct the smallest piece of Rholang that demonstrates the problem
...