Try   HackMD

Ethereum Protocol Fellowship 2nd week update

Self Introduction

I'm a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol.

Process

I analyse the code in https://github.com/ethereum/go-ethereum/tree/master/core.
And I settle down on the txpool part and concentrate on the mempool workflow.

After reviewing my labmate's paper on Deter Attacks happening in Mempool, I understand I need to know precisely where should I dig to find all these attacks happening. So that, I can add some instrumentation in these parts to log the transactions getting into the mempool which may cause the attack.

Here is one of the transaction information appearing in the pending pool of Ethereum I got recently:

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Problem I got:

I can't get the exact mempool data in Ethereum to validate the instrumentation I added in the core code of go-ethereum.
The log data set I got for now is not complete.
From github comment, I can get help from someone on Geth team regarding the mempool tx handling.

Future work

Dive into the code of go-ethereum/core/txpool about the workflow of how the transactions add to the mempool and how the transaction remove from the mempool after they get involved by the miner to the blockchain.

After finding the exact part of how they get into mempool and are chosen by the miner to the blockchain, I can add some conditions to not only keep the original basic admission rules but also can protect the insecure attack not happen in the pool again.

Last changed by 
wanningD
0
170

Read more

Ethereum Protocol Fellowship 14th week update

Here is my mentor's (@https://github.com/MariusVanDerWijden) implementation based on the version I pushed before. https://github.com/ethereum/go-ethereum/compare/master...MariusVanDerWijden:txpool-attacks?expand=1 The previous attack defenses are being tested on the real network and the refactor and benchmarking results are not significantly worse than the current version: name old time/op new time/op delta ListAdd-24 83.5ms ± 2% 128.5ms ± 0% ~ (p=0.333 n=2+2) PendingDemotion100-24 85.8ns ± 0% 84.9ns ± 1% ~ (p=0.667 n=2+2) PendingDemotion1000-24 82.2ns ± 2% 84.1ns ± 2% ~ (p=0.667 n=2+2)

Feb 9, 2023
Ethereum Protocol Fellowship 15th week update

After the discussion with mentor Marius, we agree that the modified version is working well on the ED1,2,4, but may cause the txpool to be flooded with underpriced transactions as they can not be replaced if a future transaction exists. So the new version contains the defense of two attacks: future transaction evicting a pending transaction a transaction overspending the funds of a sender Here is the merge request on go-ethereum mempool we just pushed. https://github.com/ethereum/go-ethereum/pull/26648

Feb 9, 2023
Ethereum Protocol Fellowship 10th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress As I finished the first part of the defense and test it successfully on the mainnet, I started to dive into the more general way of Dos Attack defense which can make the codes more ellegent and easy to read and can save time and space cost. For now, here is the strategy to mitigate ADAMS attacks. The idea is to enforce that a valid transaction always has a higher priority in admission than an invalid transaction, despite their prices. Figure belw depicts the priority among transactions of different types, that is, parent valid transactions, child valid transactions and invalid transactions (including future and latent-overdraft transactions). Only among transactions of the same type, price-based priority is enforced. We call it validity-first admission priority. We enforce validity-first priority by two proposed admission policies:

Jan 20, 2023
Ethereum Protocol Fellowship 12th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress Attacks For precvious attacks, we introduced four patterns ED1-4 to defence, here are other patterns. Pattern LD1: It locks the mempool by directly crafting future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED1.

Jan 19, 2023
Read more from wanningD
Published on HackMD