In order to guarantee good performances of the aggregator, we need to bound the input of the prover (in particular, the number of transactions to be certified).
What
Implement a limit on the number of transactions that can be certified at once, and provide sanitation of the given input.
How
[x] Handle invalid hashes (return a 400 Bad request):
[x] empty string
[x] length != 64
[x] ascii hexadecimal digit character only
[x] add a maximum number of transactions to be certified at once in the prover route
[x] Deduplicate list of transactions
[x] Update the proof message returned by the route with "out of bounds" transactions (which need to be certified in a separate call, add a reason for all the non certified messages).
[x] Make this value a parameter of the aggregator (display it in the root route of the REST API)
Why
In order to guarantee good performances of the aggregator, we need to bound the input of the prover (in particular, the number of transactions to be certified).
What
Implement a limit on the number of transactions that can be certified at once, and provide sanitation of the given input.
How
Update the proof message returned by the route with "out of bounds" transactions (which need to be certified in a separate call, add a reason for all the non certified messages).