Try   HackMD

Ethereum Protocol Fellowship 8th week update

Self Introduction

I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol.

Process

As I just recovered from Covid-19, I didn’t do much work last week. But this week I'm getting better, so I keep on doing the test of the previous deter attack defense.

How do we test the success of our defense on the net?

Start private node

We start a private node and start an interactive session using Geth console connected to the node we established.

node1="enode://cb294d2aea6a8182ca11a7073a77526a5d80083859ba02b8478707d860b89403539eda1bd72ad20f3c44db01adb180359503a326f0d653bb7d8e748905bfbc3e@127.0.0.1:10001?discport=0"
victim="enode://38391d874c61a044c05456330295109abcb53fd00d5523fca87c4ade178361463683bd9b49db1f24a4251ddf9cfa6d8f16f5c8df7e8d7c0ebd7766a037aeee55@127.0.0.1:10002?discport=0"

GETH1925="/home/yuxuan/Downloads/test-priv-geth/build/bin/geth"
ETH_DATA=./data

# ./stop_ethereum.sh
mkdir -p $ETH_DATA/keystore
cp key_new/* $ETH_DATA/keystore/
rm -rf data/geth/chaindata/ data/geth/lightchaindata/ data/geth/transactions.rlp

# miner threads
NM=1
if [ $# -gt 0 ]; then
NM=$1
fi
echo "Starting geth with $NM miner threads"

GETH=$GETH1925
$GETH datadir=$ETH_DATA init genesis.json
$GETH datadir=$ETH_DATA nodiscover port 10003 http http.port 18545 http.api "eth,net,web3,personal,txpool" txpool.pricelimit 0 maxpeers 32 networkid 20191003 authrpc.port 8552 verbosity 5 allow-insecure-unlock allow-insecure-unlock console

Trace generate

For the test cases, here are two adequate trace generation cases in detail.

def resetAndinitial():

global original_nonces
global original_future_nonces
global original_nonce2
global nonces
global future_nonces
global nonces2
s_a = 0
e_a = 384
ClearPool(target_URL)
nonces = copy.deepcopy(original_nonces)
future_nonces = copy.deepcopy(original_future_nonces)
nonces2 = copy.deepcopy(original_nonce2)
for i in range(6144):

index = s_a + i%(e_a-s_a)
price=20
send(target_accounts2[index],target_accounts[index], nonces2[index], price,0, key_dict[target_accounts2[index]])
sentList.append([target_accounts2[index],target_accounts[index], nonces2[index], price, 0, key_dict[target_accounts2[index]]])
nonces2[index] +=1

For every test case, we need to reset the txpool, and here is the function we wrote to reset and initialize the txpool:
First, we clear the pool.

ClearPool(target_URL)

Then, we sent 6144 transactions with a price of 20 to fill out the txpool.

send(target_accounts2[index],target_accounts[index], nonces2[index], price,0, key_dict[target_accounts2[index]])

Attack txs

After the resetting, we start to send our attack transaction sequence.

For attack ED1: Discard Future tx when txpool is full.
So we sent a future tx with an index of 392>384+1 with a price of 30 which is higher than the 20 we sent before.

addrIndex = 392
tx_hash = send(target_accounts2[addrIndex],target_accounts[addrIndex], nonces2[addrIndex]+1, 30, 200000000000000, key_dict[target_accounts2[addrIndex]])
print(tx_hash)

For attack ED2: txpool is full, discard this tx because it will evict other valid tx(s) and it will cause an overdraft.
So we sent 3 txs from one sender whose addrIndex is 390 and then set the value of these txs 200000000000000,200000000000000,900000000000000, which will cause the sum of the value to exceed the balance of the account balance = 1000000000000000 which is called overdraft.

1st tx:

addrIndex = 390
tx_hash = send(target_accounts2[addrIndex],target_accounts[addrIndex], nonces2[addrIndex], 10,200000000000000, key_dict[target_accounts2[addrIndex]])
nonces2[addrIndex] +=1
print(tx_hash)

2nd tx:

tx_hash1= send(target_accounts2[addrIndex],target_accounts[addrIndex], nonces2[addrIndex], 20,200000000000000, key_dict[target_accounts2[addrIndex]])
print(tx_hash1)

3rd tx:

nonces2[addrIndex] -= 1
tx_hash2= send(target_accounts2[addrIndex],target_accounts[addrIndex], nonces2[addrIndex], 40,900000000000000, key_dict[target_accounts2[addrIndex]])
print(tx_hash2)

After we sent all the txs before, we find that the txpool didn't include the trading against the rules, so that means we have a successful attack defense.

Last changed by 
wanningD
0
121

Read more

Ethereum Protocol Fellowship 14th week update

Here is my mentor's (@https://github.com/MariusVanDerWijden) implementation based on the version I pushed before. https://github.com/ethereum/go-ethereum/compare/master...MariusVanDerWijden:txpool-attacks?expand=1 The previous attack defenses are being tested on the real network and the refactor and benchmarking results are not significantly worse than the current version: name old time/op new time/op delta ListAdd-24 83.5ms ± 2% 128.5ms ± 0% ~ (p=0.333 n=2+2) PendingDemotion100-24 85.8ns ± 0% 84.9ns ± 1% ~ (p=0.667 n=2+2) PendingDemotion1000-24 82.2ns ± 2% 84.1ns ± 2% ~ (p=0.667 n=2+2)

Feb 9, 2023
Ethereum Protocol Fellowship 15th week update

After the discussion with mentor Marius, we agree that the modified version is working well on the ED1,2,4, but may cause the txpool to be flooded with underpriced transactions as they can not be replaced if a future transaction exists. So the new version contains the defense of two attacks: future transaction evicting a pending transaction a transaction overspending the funds of a sender Here is the merge request on go-ethereum mempool we just pushed. https://github.com/ethereum/go-ethereum/pull/26648

Feb 9, 2023
Ethereum Protocol Fellowship 10th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress As I finished the first part of the defense and test it successfully on the mainnet, I started to dive into the more general way of Dos Attack defense which can make the codes more ellegent and easy to read and can save time and space cost. For now, here is the strategy to mitigate ADAMS attacks. The idea is to enforce that a valid transaction always has a higher priority in admission than an invalid transaction, despite their prices. Figure belw depicts the priority among transactions of different types, that is, parent valid transactions, child valid transactions and invalid transactions (including future and latent-overdraft transactions). Only among transactions of the same type, price-based priority is enforced. We call it validity-first admission priority. We enforce validity-first priority by two proposed admission policies:

Jan 20, 2023
Ethereum Protocol Fellowship 12th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress Attacks For precvious attacks, we introduced four patterns ED1-4 to defence, here are other patterns. Pattern LD1: It locks the mempool by directly crafting future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED1.

Jan 19, 2023
Read more from wanningD
Published on HackMD