search

poanetwork / poa-popa

DApp for proof of physical address (PoPA) attestation for validators of POA Network
https://popa.poa.network
GNU General Public License v3.0
24 stars 18 forks source link

(Bug) Postcard limit can be exceeded in some cases #169

Closed phahulin closed 6 years ago

phahulin commented 6 years ago

https://github.com/poanetwork/poa-popa/blob/e259cec1fcfcfdff30a52bffb395d845c774855b/web-dapp/controllers/notifyRegTx.js#L112-L120

There can be a race condition here if multiple requests are sent in short time period. Each requests will result in calling postcardLimiter.canSend which leads to calling postcardLimiter.get. If there are too many requests, they all get the same value from .get() and thus .canSend() is true for all of them, so they can exceed the limit.

phahulin commented 6 years ago

Probably use something like https://www.npmjs.com/package/semaphore