How is spam prevented on Eos for single dapps?


Yes, I understand that spammers cannot take down the entire Eos platform.

But if I develop a dapp on Eos, what’s to prevent a spammer from shutting down my dapp?

Let’s say I hold 1% of Eos tokens and so have 1% of the bandwidth on Eos.

A spammer could jam my dapp with transactions thereby using my 1% bandwidth and preventing my legit users from using my dapp. Eos the platform would be fine, but my dapp would be unusable.

What’s to prevent this? Does every developer need to build spam protection into their dapp? What if I release a token on Eos? Do I need to build transaction fees for my token to prevent people from spamming my 1% of allocated bandwidth?


First of all… You are the dApp and you connect to a Block Producer and therefore the EOS-network. So you can block a spammer like this:

Spammer > lot of trandactions > block > won’t make it to the blockchain.

Normal users > normal transactions > you pass their transactions to the blockchain.

As far as I know this is how it works. What you describe is a sort of ddos-attack. But if people use your dApp and your website/ App than you are the one passing the transactions to some Block Producer.
If you have a contract somewhere which a spammer could use to connect to directly things are different I guess. But they have to stake more and more EOS-tokens to be allowed more transactions on the system. Maybe after staking 20 EOS in a contract you’re allowed 1000 transactions per day. But for more you need to stake more.

Overall it still will be a problem I guess. Almost all crypto exchanges and websites are ddossed over and over again. Will not be that different when EOS is live. We’ll have to see how developers prevent these sort of attacks.


If I have all the power on the dapp, then how is the dapp still decentralized? Aren’t you describing an app?


The dApp runs locally on your computer/smartphone… But you need to get the dApp from some place. So the folks that offer your the dApp probably also offer you the link into the EOS network. Maybe this forum could run on EOS for example. We would offer the url and the interface while every post could be a blockchain interaction.

Nou you could say, what if you take your forum offline?? Well the idea is that the code is open and published. So in case of a forum you could have a website/webapp stored locally which could always connect you to the EOS-contract. So even if we took down this forum you could run a local version of it. And probably someone else would say: “Hey, that is taken offline… I just registered so you can easily interact with the contract again without loading it locally”.

I guess it will be something like that. That’s how I have understood it. I asked Dan Larimer about devs taking a popular contract offline for some reason. And he replied that you can make contracts that are “un-owned” so think of a “twitter” contract that no one can take offline.