/routing/v1/providers should deduplicate results
lidel opened this issue · comments
Filling issue in this repo as @ischasny suggested on Slack here
Problem
cid.contact returns 15 copies of the same /dns4/elastic.dag.house/..
provider in
https://cid.contact/routing/v1/providers/bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi
This looks like a bug.
The /routing/v1
API (IPIP-337) returns no information about ContextIDs, returning the same provider multiple times serves no purpose, only degrades lookup perf.
DoS attack vector
What happens when there is 100 of them, and client is unable to connect to this specific spammy provider, and unable to learn about others because it limited response to max 20 or 100 providers and all are copies of the same one?
Simple misconfiguration like this could make specific CIDs unreachable due to no useful providers.
Thank you for pointing this out. The fix will be in indexstar