Try   HackMD

Ethereum Protocol Fellowship 5th week update

Self Introduction

I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol.

After Thanksgiving holiday, we started our work again!

Process

Deter attack detection and mitigation

In this work, We designed a system module on top of the geth mempool implementation, further more, there will be extension on OpenEthereum etc.
For the Defence, we have the first type of the

How?

We add restriction to transaction admission and eviction policies.

Mitigation schemes: We add Four transaction-eviction rules over the underlying txpool:
ED1) Discard Future tx when txpool is full.

For instance, Here is the initial state, the pending pool is full with the existing txs with nonce n~n+m. Then, a new tx comes and wants to be added to the pending pool. So the rule is that if the new tx's nonce is not in the range of [n,n+m+1], the adding action will be denied.

ED2) txpool is full, discard this tx because it will evict other valid tx(s) and it will cause an overdraft.

For instance, the initial state is that the pending pool is full with the valid txs, and for Alice, who owned 40 Gwei has already sent three valid txs:
<tx1> Nonce 0, gas price 10 Gwei,
<tx2> Nonce 1, gas price 10 Gwei,
<tx3> Nonce 2, gas price 10 Gwei,
and they were successfully included in the pending pool. Now Alice wants to send a new tx: Nonce 2, gas price 30 Gwei. That will cause the eviction of the previous tx with nonce 2 sent from Alice. And now we find that after the eviction, the total of gas price is 10+10+30 = 50 Gwei > 40 Gwei which she owned. This situation is called overdraft, and the rules we added will discard this.

ED3) txpool is full, discard this tx that will change other vaild tx(s) to future.

For instance, consider two pending transaction tx1 of nonce n+1 and tx2 of nonce n+2. If tx1 is evicted, it makes tx2 a future transaction. Such an eviction is prohibited by ED3.

Furthermore, how to make a valid previous tx become a future tx?
There are two people, Alice and Bob. They both sent two txs to the pending pool before:
<tx1> Nonce 0, sent by Alice, gas price 10 Gwei,
<tx2> Nonce 1, sent by Alice, gas price 10 Gwei,
<tx3> Nonce 0, sent by Bob, gas price 10 Gwei,
<tx4> Nonce 1, sent by Bob, gas price 10 Gwei,
And the pool is full, now Bob sends a tx with Nonce 2, gas price 20 Gwei. So, if his arriving tx will evict <tx1> before, this will cause the tx2 to become a future tx.

ED4) discard this tx becuase it will replace itself and then cause overdraft.

It's a much similar situation with ED2, the only difference is that when the new transaction come in, the pending pool is not full, so that, the new tx doesn’t need to evict any previous valid txs.

Future Work

  1. We need to evaluate the rules by sending the tx sequence according to previous ED1-4 and check if the rules work well on geth.
  2. For the attack defence, there are some other situation we still work on, the defence will be extended in the future.
Last changed by 
wanningD
0
179

Read more

Ethereum Protocol Fellowship 14th week update

Here is my mentor&apos;s (@https://github.com/MariusVanDerWijden) implementation based on the version I pushed before. https://github.com/ethereum/go-ethereum/compare/master...MariusVanDerWijden:txpool-attacks?expand=1 The previous attack defenses are being tested on the real network and the refactor and benchmarking results are not significantly worse than the current version: name old time/op new time/op delta ListAdd-24 83.5ms ± 2% 128.5ms ± 0% ~ (p=0.333 n=2+2) PendingDemotion100-24 85.8ns ± 0% 84.9ns ± 1% ~ (p=0.667 n=2+2) PendingDemotion1000-24 82.2ns ± 2% 84.1ns ± 2% ~ (p=0.667 n=2+2)

Feb 9, 2023
Ethereum Protocol Fellowship 15th week update

After the discussion with mentor Marius, we agree that the modified version is working well on the ED1,2,4, but may cause the txpool to be flooded with underpriced transactions as they can not be replaced if a future transaction exists. So the new version contains the defense of two attacks: future transaction evicting a pending transaction a transaction overspending the funds of a sender Here is the merge request on go-ethereum mempool we just pushed. https://github.com/ethereum/go-ethereum/pull/26648

Feb 9, 2023
Ethereum Protocol Fellowship 10th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&amp;Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress As I finished the first part of the defense and test it successfully on the mainnet, I started to dive into the more general way of Dos Attack defense which can make the codes more ellegent and easy to read and can save time and space cost. For now, here is the strategy to mitigate ADAMS attacks. The idea is to enforce that a valid transaction always has a higher priority in admission than an invalid transaction, despite their prices. Figure belw depicts the priority among transactions of different types, that is, parent valid transactions, child valid transactions and invalid transactions (including future and latent-overdraft transactions). Only among transactions of the same type, price-based priority is enforced. We call it validity-first admission priority. We enforce validity-first priority by two proposed admission policies:

Jan 20, 2023
Ethereum Protocol Fellowship 12th week update

Self Introduction I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&amp;Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol. Progress Attacks For precvious attacks, we introduced four patterns ED1-4 to defence, here are other patterns. Pattern LD1: It locks the mempool by directly crafting future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED1.

Jan 19, 2023
Read more from wanningD
Published on HackMD