Here is my mentor's (@https://github.com/MariusVanDerWijden) implementation based on the version I pushed before. https://github.com/ethereum/go-ethereum/compare/master...MariusVanDerWijden:txpool-attacks?expand=1 The previous attack defenses are being tested on the real network and the refactor and benchmarking results are not significantly worse than the current version: name old time/op new time/op delta ListAdd-24 83.5ms ± 2% 128.5ms ± 0% ~ (p=0.333 n=2+2) PendingDemotion100-24 85.8ns ± 0% 84.9ns ± 1% ~ (p=0.667 n=2+2) PendingDemotion1000-24 82.2ns ± 2% 84.1ns ± 2% ~ (p=0.667 n=2+2)

After the discussion with mentor Marius, we agree that the modified version is working well on the ED1,2,4, but may cause the txpool to be flooded with underpriced transactions as they can not be replaced if a future transaction exists. So the new version contains the defense of two attacks: future transaction evicting a pending transaction a transaction overspending the funds of a sender Here is the merge request on go-ethereum mempool we just pushed. https://github.com/ethereum/go-ethereum/pull/26648

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress As I finished the first part of the defense and test it successfully on the mainnet, I started to dive into the more general way of Dos Attack defense which can make the codes more ellegent and easy to read and can save time and space cost. For now, here is the strategy to mitigate ADAMS attacks. The idea is to enforce that a valid transaction always has a higher priority in admission than an invalid transaction, despite their prices. Figure belw depicts the priority among transactions of different types, that is, parent valid transactions, child valid transactions and invalid transactions (including future and latent-overdraft transactions). Only among transactions of the same type, price-based priority is enforced. We call it validity-first admission priority. We enforce validity-first priority by two proposed admission policies:

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress Attacks For precvious attacks, we introduced four patterns ED1-4 to defence, here are other patterns. Pattern LD1: It locks the mempool by directly crafting future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED1.

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Process As I just recovered from Covid-19, I didn’t do much work last week. But this week I'm getting better, so I keep on doing the test of the previous deter attack defense. How do we test the success of our defense on the net? Start private node We start a private node and start an interactive session using Geth console connected to the node we established.

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. I have implemented DoS defense schemes on the latest Geth client (version 1.10.26), The defenses are extensively tested in our lab (controlled environment) and are secure against known DETER attacks. Here is the link for the update: https://github.com/ethereum/go-ethereum/pull/26311/files. For now, I am under Marius's mentorship, Marius is one of the contributors of Geth client. His modification is based on the code I updated: https://github.com/MariusVanDerWijden/go-ethereum/tree/txpool-attacks

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Process Mempool reconstruction After analyzing the code from go-ethereum, we add two instructions in the txpool part which let us log the transactions when they just arrived in the mempool and when they are admitted by the pending pool/queued pool. For the mempool, when adding transactions who just arrived in the mempool, the func (pool *TxPool) add(tx *types.Transaction, local bool) will be called. This func add validates a transaction and inserts it into the non-executable queue for later pending promotion and execution. If the transaction is a replacement for an already pending or queued one, it overwrites the previous transaction if its price is higher. when the transactions are admitted by the pending pool, the func (pool *TxPool) promoteTx(addr common.Address, hash common.Hash, tx *types.Transaction) will be called. This func promoteTx adds a transaction to the pending (processable) list of transactions and returns whether it was inserted or an older was better.

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. After Thanksgiving holiday, we started our work again! Process Deter attack detection and mitigation In this work, We designed a system module on top of the geth mempool implementation, further more, there will be extension on OpenEthereum etc. For the Defence, we have the first type of the

Self Introduction I'm a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Process I analyse the code in https://github.com/ethereum/go-ethereum/tree/master/core. And I settle down on the txpool part and concentrate on the mempool workflow. After reviewing my labmate's paper on Deter Attacks happening in Mempool, I understand I need to know precisely where should I dig to find all these attacks happening. So that, I can add some instrumentation in these parts to log the transactions getting into the mempool which may cause the attack. Here is one of the transaction information appearing in the pending pool of Ethereum I got recently:

This is Wanning Ding. Selected Project: I would like to concentrate on the Ethereum Mempool Attack Detection project. And be willing to be mentored by Felix (fjl), Lukasz Rozmej or Mario Vega who is familiar with mainnet and client testing. Description of project Protecting mempool against DoS. DETER vulnerabilities, as listed in the following paper (published by my group), were discovered in May 2021. As we tested the latest Geth client, they are not properly fixed. As a starting point, I would like to implement the defense scheme proposed in the DETER paper, the following research paper published by my group: Kai Li, Yibo Wang, Yuzhe Tang, DETER: Denial of Ethereum Txpool Services”, ACM CCS 2021.