Observability and monitoring
Expose metrics from your canister
Section titled “Expose metrics from your canister”Security concern
Section titled “Security concern”In case of attacks, it is great to be able to obtain relevant metrics from canisters, such as the number of accounts, size of internal data structures, stable memory, etc.
Recommendation
Section titled “Recommendation”Expose metrics from your canister (from effective Rust canisters).
Do not publicly reveal a canister’s cycles balance
Section titled “Do not publicly reveal a canister’s cycles balance”Security concern
Section titled “Security concern”Publicly revealing the canister’s cycles balance allows an attacker to measure the number of instructions spent by executing the canister methods on the attacker’s input. Then the attacker might be able to learn which code paths were taken during execution and derive secret information based on that. Moreover, the attacker can learn which methods and their inputs consume a lot of cycles to mount a cycles-draining attack (see also protect against draining the cycles balance).
Recommendation
Section titled “Recommendation”Your canisters should not publicly expose their cycles balance (available through the system API), i.e., they should only expose their cycles balance to their controllers or other trusted principals.