Try   HackMD

Ethereum Protocol Fellowship 1st week update

This is Wanning Ding.

Selected Project:

I would like to concentrate on the Ethereum Mempool Attack Detection project. And be willing to be mentored by Felix (fjl), Lukasz Rozmej or Mario Vega who is familiar with mainnet and client testing.

Description of project

Protecting mempool against DoS.

DETER vulnerabilities, as listed in the following paper (published by my group), were discovered in May 2021. As we tested the latest Geth client, they are not properly fixed. As a starting point, I would like to implement the defense scheme proposed in the DETER paper, the following research paper published by my group: Kai Li, Yibo Wang, Yuzhe Tang, DETER: Denial of Ethereum Txpool Services”, ACM CCS 2021.

https://cve.report/CVE-2022-23327/32c14097.pdf

https://dl.acm.org/doi/abs/10.1145/3460120.3485369

This requires changing Geth’s mempool implementation with added transaction admission rules. There is a more advanced defense that my group is working on to ensure both security and minimal loss of utility.

Last changed by 
wanningD
0
238

Read more

Ethereum Protocol Fellowship 14th week update

Here is my mentor's (@https://github.com/MariusVanDerWijden) implementation based on the version I pushed before. https://github.com/ethereum/go-ethereum/compare/master...MariusVanDerWijden:txpool-attacks?expand=1 The previous attack defenses are being tested on the real network and the refactor and benchmarking results are not significantly worse than the current version: name old time/op new time/op delta ListAdd-24 83.5ms ± 2% 128.5ms ± 0% ~ (p=0.333 n=2+2) PendingDemotion100-24 85.8ns ± 0% 84.9ns ± 1% ~ (p=0.667 n=2+2) PendingDemotion1000-24 82.2ns ± 2% 84.1ns ± 2% ~ (p=0.667 n=2+2)

Feb 9, 2023
Ethereum Protocol Fellowship 15th week update

After the discussion with mentor Marius, we agree that the modified version is working well on the ED1,2,4, but may cause the txpool to be flooded with underpriced transactions as they can not be replaced if a future transaction exists. So the new version contains the defense of two attacks: future transaction evicting a pending transaction a transaction overspending the funds of a sender Here is the merge request on go-ethereum mempool we just pushed. https://github.com/ethereum/go-ethereum/pull/26648

Feb 9, 2023
Ethereum Protocol Fellowship 10th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress As I finished the first part of the defense and test it successfully on the mainnet, I started to dive into the more general way of Dos Attack defense which can make the codes more ellegent and easy to read and can save time and space cost. For now, here is the strategy to mitigate ADAMS attacks. The idea is to enforce that a valid transaction always has a higher priority in admission than an invalid transaction, despite their prices. Figure belw depicts the priority among transactions of different types, that is, parent valid transactions, child valid transactions and invalid transactions (including future and latent-overdraft transactions). Only among transactions of the same type, price-based priority is enforced. We call it validity-first admission priority. We enforce validity-first priority by two proposed admission policies:

Jan 20, 2023
Ethereum Protocol Fellowship 12th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress Attacks For precvious attacks, we introduced four patterns ED1-4 to defence, here are other patterns. Pattern LD1: It locks the mempool by directly crafting future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED1.

Jan 19, 2023
Read more from wanningD
Published on HackMD