Try   HackMD

Ethereum Protocol Fellowship 3rd week update

Self Introduction

I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol.

Process

Mempool reconstruction

After analyzing the code from go-ethereum, we add two instructions in the txpool part which let us log the transactions when they just arrived in the mempool and when they are admitted by the pending pool/queued pool.

For the mempool, when adding transactions who just arrived in the mempool, the func (pool *TxPool) add(tx *types.Transaction, local bool) will be called. This func add validates a transaction and inserts it into the non-executable queue for later pending promotion and execution. If the transaction is a replacement for an already pending or queued one, it overwrites the previous transaction if its price is higher.

when the transactions are admitted by the pending pool, the func (pool *TxPool) promoteTx(addr common.Address, hash common.Hash, tx *types.Transaction) will be called. This func promoteTx adds a transaction to the pending (processable) list of transactions and returns whether it was inserted or an older was better.
Note, this method assumes the pool lock is held!

Evaluation

To test whether or not those instructions work well, we run the make geth and run it on the mainnet and testnet goerli.
We successfully catch the transactions when we send some valid transactions to the mempool after using the modifying go-ethereum code.

Result

As for now, the part of the detection is complete, we will refine the code a little bit. We reconstructed a close to complete mempool before the transactions are mined to the chain.
After a while, we will ask the Geth team regarding the mempool tx handling for advice if it is an production code and try to push it on to real world mainnet.

Next step

After discussing with my labmates, we want to make some defense on the DETER Attack which we discovered before happening in the mempool transaction admission rules.
There are four situations here that resulted from the bad transaction adding in or replacement:

Simple Explanation>>

  • First, there are some valid txs already in the mempool, then some latent overdraft tx(s) replace some of the valid tx(s).
  • Second, there are full of valid txs in the mempool, the coming tx(s) make some valid tx(s) turning into future tx(s).
  • Third, there are full of valid txs in the mempool, then after some future tx(s) which is tx(s) in the queue pool replace the valid tx(s) before.
  • Forth, similar to the second situation, but it is latent overdraft tx(s) instead of the future tx(s).

By making the rules more strict(Add-on defense), we want to build a better geth environment that can avoid these situations.

Last changed by 
wanningD
0
146

Read more

Ethereum Protocol Fellowship 14th week update

Here is my mentor's (@https://github.com/MariusVanDerWijden) implementation based on the version I pushed before. https://github.com/ethereum/go-ethereum/compare/master...MariusVanDerWijden:txpool-attacks?expand=1 The previous attack defenses are being tested on the real network and the refactor and benchmarking results are not significantly worse than the current version: name old time/op new time/op delta ListAdd-24 83.5ms ± 2% 128.5ms ± 0% ~ (p=0.333 n=2+2) PendingDemotion100-24 85.8ns ± 0% 84.9ns ± 1% ~ (p=0.667 n=2+2) PendingDemotion1000-24 82.2ns ± 2% 84.1ns ± 2% ~ (p=0.667 n=2+2)

Feb 9, 2023
Ethereum Protocol Fellowship 15th week update

After the discussion with mentor Marius, we agree that the modified version is working well on the ED1,2,4, but may cause the txpool to be flooded with underpriced transactions as they can not be replaced if a future transaction exists. So the new version contains the defense of two attacks: future transaction evicting a pending transaction a transaction overspending the funds of a sender Here is the merge request on go-ethereum mempool we just pushed. https://github.com/ethereum/go-ethereum/pull/26648

Feb 9, 2023
Ethereum Protocol Fellowship 10th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress As I finished the first part of the defense and test it successfully on the mainnet, I started to dive into the more general way of Dos Attack defense which can make the codes more ellegent and easy to read and can save time and space cost. For now, here is the strategy to mitigate ADAMS attacks. The idea is to enforce that a valid transaction always has a higher priority in admission than an invalid transaction, despite their prices. Figure belw depicts the priority among transactions of different types, that is, parent valid transactions, child valid transactions and invalid transactions (including future and latent-overdraft transactions). Only among transactions of the same type, price-based priority is enforced. We call it validity-first admission priority. We enforce validity-first priority by two proposed admission policies:

Jan 20, 2023
Ethereum Protocol Fellowship 12th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress Attacks For precvious attacks, we introduced four patterns ED1-4 to defence, here are other patterns. Pattern LD1: It locks the mempool by directly crafting future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED1.

Jan 19, 2023
Read more from wanningD
Published on HackMD