-
-
Notifications
You must be signed in to change notification settings - Fork 287
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate running lodestar on Nimbus's insecura - the "long ranged attacked" pyrmont fork #3658
Comments
UPDATE: Nimbus's wss endpoint seems to be loaded/stuck, not moving past fetching the state from their provided sync url :
|
UPDATE: synced on the attacking/alternate/invalid chain using compromised wss checkpoint and compromised bootnodes serving invalid chain
|
UPDATE: Error while trying to sync from a finalized checkpoint < epoch 60,000 (a correct checkpoint) but from the attacking chain as the checkpoint way behind the current clock epoch
|
Wss sync using a checkpoint from correct pyrmont chain but syncing via attacking chain failed because it seems that the pyrmont chain isn't finalizing, as it has been abandoned
lodestar:
|
lodestar started syncing on from blank db without using checkpoint sync...
UPDATE: still syncing :
############################### UPDATE: sync stalled near epoch at which pyrmont was abandoned (~60,000)
However on cleaning peer and restarting, it started syncing syncing on the
UPDATE: sucessfull synced to the
|
CLOSING issue as Scenario 4,5 not possible to check, see description for the reasons. |
Thank you so much for doing this tests! Love to see the security protections in action |
@dapplion Should we apply weak subjectivity timeperiod checks on start from blank DB as well (Scenario 3 in the description)? which we don't do right now. This means one would not be able to start from a blank DB without providing a checkpoint. |
What do other clients do? In that case you would do the WS math on the genesis state? |
Nimbus team created a long range attack scenario on Pyrmont network as described here: https://notes.status.im/nimbus-insecura-network?view
tl-dr: They rewrote pyrnmont chain from epoch 60000 for 12k validators way back by using these validators (leaking the other 100k something validators on this alternate chain) so that this alternate chain finally finalized after exiting the majority "non attacking validators".
Now these node/validators are serving alternate chain. We want to test out the wss sync related issues using lodestar.
Check test following scenarios:
UPDATE: following two scenarios can't be tested because insecura is (invalid) continuation of the abondoned pyrmont chain, so no checkpoint exists on pyrmont which is not part of insecura to test the following two points:
- [ ] Scenario 4: invalidate the sync on the attacking chain with compromised bootnodes but using a valid forward checkpoint (using the forward checkpoint PR) #3589- [ ] Scenario 5: Invalidate the backfill sync on the attacking chain with a wss sync but a valid checkpoint in past from the normal chainThe text was updated successfully, but these errors were encountered: