npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

rate-limiting

v1.0.1

Published

This repo provides an on-chain rate-limiting contract. If the frequency of some operations exceeds the pre-defined limit, the subsequent operations will be halted until - the owner of the contract manually resets the rate; or - the users have to wait unt

Downloads

7

Readme

On-Chain Rate-Limiting Contract

This repo provides an on-chain rate-limiting contract. If the frequency of some operations exceeds the pre-defined limit, the subsequent operations will be halted until

  • the owner of the contract manually resets the rate; or
  • the users have to wait until the rate is lower enough.

An example of the application is in bridge, where a rate limiter is employed to limit the withdrawal/unlock amount to a specific value (e.g., $20M per day). If the amount withdrawal in recent 24 hours exceeds the limit, the withdrawal will be suspended. This will leave a time room for the operator to check the healthy status of the bridge and reset the rate if everything is fine. With the rate limit, we could significantly reduce the loss of the one-time-withdraw-all bridge attacks that are found in Wormhole/Ronin bridges.

Comparison With Existing Implementation

Consensys has implemented a simple rate-limiting contract https://consensys.github.io/smart-contract-best-practices/development-recommendations/precautions/rate-limiting/. However, the time granularity of rate calculation is the same as rate duartion (e.g., 24 hours), this means that the actual limit may be twice of the limit specified by the contract. For example, an attacker can

  • withdraw the limit amount at the end of a limiting period (suppose the pre-withdrawal amount is low in the period); and
  • withdraw the limit amount at the beginning of the next period.

This repo implements a fine-time-granularity rate limiter with sliding window:

  • A bin is the minimum aggregate unit to sum the rate;
  • Bin duration is duration of the bin (e.g., 1 hour)
  • # of bins (e.g., 24, and thus 24 hours to calculate rate)

As a result, if the same attack strategy is employed, the attacker has to wait 23 hours to withdraw the next limit amount.

Methods Provided by the Contract

The contract provides a constructor to specify

  • # of bins;
  • bin duration;
  • # of bytes in a bin (maximum value of the bin); and
  • the limit.

It further provides the following internal methods:

  • _checkRateLimit(amount). Revert if the rate exceeds the limit, otherwise, update the rate accordingly.
  • _resetRate(). Reset the rate to zero.
  • _setRateLimit(limit). Set the new limit.

Gas Cost

The average gas cost is about 20000. May be higher if the contract is not called for a while.

Audit

The code is not audited. USE AT YOUR OWN RISK!