You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Monitor token claims closely. Assuming we do implement check on user_id : amount ratio we will shrink attack vector on fraudulent/malicious token claims down to a valid user_id : amount ratio. Thus, we should monitor claims from the same address closely. Also, from the same source IP web2/quad-lands side fwiw.
In the event that we spot suspicious claims (successful claim source address > 3?) or some other suspicious condition is observed we will want to have a clean/easy/efficient way to pause the signed message server.
On pause we will want/need to make sure that quadlands is informed and behaves in a predictable user friendly way. "The airdrop is currently paused. After maintenance is complete, the drop will taken live again" or whatever.
Should pause kill whole app or just prevent signed claims? This depends on if we think the signing server itself is compromised I guess.
Monitor token claims closely. Assuming we do implement check on user_id : amount ratio we will shrink attack vector on fraudulent/malicious token claims down to a valid user_id : amount ratio. Thus, we should monitor claims from the same address closely. Also, from the same source IP web2/quad-lands side fwiw.
In the event that we spot suspicious claims (successful claim source address > 3?) or some other suspicious condition is observed we will want to have a clean/easy/efficient way to pause the signed message server.
On pause we will want/need to make sure that quadlands is informed and behaves in a predictable user friendly way. "The airdrop is currently paused. After maintenance is complete, the drop will taken live again" or whatever.
Should pause kill whole app or just prevent signed claims? This depends on if we think the signing server itself is compromised I guess.
https://github.com/nopslip/gitcoin-web-ql/issues/149
The text was updated successfully, but these errors were encountered: