EOS Blockchain discussion #1 - 21 BPs prone to attack? EOS Blockchain Hackable?

in #eos7 years ago (edited)

eos_wallpaper.png

Hello EOSians,

My Background

I am a developer. I was involved in a DApp development over Steem Blockchain for last 2 months. Anyways, I will be releasing it soon.

In the meanwhile, I was exploring EOS blockchain theoretically. And suddenly today, a doubt occurred to me.

Question

It is related to EOS Block Producer (BP) - What if 21 BPs are attacked simultaneously? EOS blockchain HACKED!!!..

Answers


everyone with a full node can monitor what the block producers are doing. If they get hacked and produce invalid blocks everyone will see that and instantly vote the block producers out. yielding new 21 producers which are not hacked.

My opinion: OK. But, then rest of the other nodes should always be incentivized in order to take-up as and when the 1st 21 nodes is hacked. Otherwise, they won't remain as full-node.



There are 100 back up producers who can take over in the event of (for example) a DDOS attack that took down all of the top 21. The next 21 would step in immediately to produce blocks in their place.

My opinion: If this is the case, then what if 121 BPs get hacked simultaneously? Then again we have to incentivize other 100 nodes in queue, so that they can take-up as and when the (21 BPs + 100 Back-up nodes) are attacked.



There is a concept called “Rate Limiting“

In the whitepaper, will signifiantly prevent the Sillby Attack

My opinion: Rate limiting- tracks bandwidth, database storage, and computational usage. But how does it protect the EOS BPs?



Current thinking is 50% of token inflation is split among the 100 standby BPs in proportion to their votes gained.

My opinion: I am not sure about this information whether it is correct. But then my Q. is What if 121 nodes get DDOS attacked then?



each BP requires 4TB ram, 1-10gps net connections
each bp is not a static web-site

My opinion: No matter it is not a static website. But still there are ways to hack any form of IP (centralised).



The producing node of each BP would not be exposed
And DDOSing all 121 all over the world with various configurations at exactly the same time would be next to impossible

My opinion: I don't think so. Because, in Steemit top 50 is exposed. If it is correct, then possibly the attack might not be possible. But again, where the information about the hidden nodes is stored. Is the information stored in Blockchain? But EOS blockchain is not private.



It will be prevented by

  1. rate-limiting
  2. high network gps

My opinion: I don't think it will be difficult with quantum computers , super-computers.



based on current knowledge of computer science, we can say that the possibility is extremely tiny, but even if it happen, we can handle
but EOS’s hard-fork will be much smoothier than BTC/ETH

My opinion: I agree with this. The retrieval from attack is possible through Hard-fork which is not difficult as compared to BTC/ ETH because of the fact that less nodes involved in EOS.


Telegram Screenshots

#EOS developer Telegram chat
eos_blockchain_discussion_telegram_1.png

#EOS Hong Kong Telegram chat
eos_blockchain_discussion_telegram_2.png

eos_blockchain_discussion_telegram_3.png

eos_blockchain_discussion_telegram_4.png

eos_blockchain_discussion_telegram_5.png

eos_blockchain_discussion_telegram_6.png

eos_blockchain_discussion_telegram_7.png

eos_blockchain_discussion_telegram_8.png

eos_blockchain_discussion_telegram_9.png

eos_blockchain_discussion_telegram_10.png

eos_blockchain_discussion_telegram_11.png

Conclusion

Well, the answer to this question is not found so far from the discussion. If anyone has, can participate in the comment section.

I will be taking further topics in this discussion forum.

Stay tuned for more such detailed discussion.

Sort:  

Thank you for writing this. The security and integrity of the EOS ecosystem will best be served by many creative people looking for flaws and vulnerabilities, and discussing them openly, and testing them and testing the countermeasures.

For example, today I learned that core developer Jonathan recently created and tested a malicious script (there are many of these) to attempt to spam a producing node with massive amounts of spurious requests. In his test, the node hardware needed about a second to deal with the sheer volume of incoming requests. The node then shrugged off the requests, ignoring them and continuing to produce blocks.

We will certainly need more such tests, and more people like you looking for vulnerabilities, asking hard questions, and having candid discussions. Welcome.

Thanks a ton!! 😊😊:) @thomasbcox
Btw, I am a fan of your opinion on EOS constitution. saw your video on @eosgo

This post makes certain assumptions based on information taken from Telegram chats. However the conclusions are based on assumptions that are not substantiated by facts are often false.
Yes there are 21 Block Producing nodes, however there are many other nodes that have a full snapshot of the Blockchain that are not producing blocks. You would have to hack 51% of all full nodes on network to compromised Blockchain that is way more then 121 mentioned.
Next: statement that any computer running on IP address can theoretically be hacked is just a theoretical assumption that has little practical utility.
Same goes to quantum computing. If invented - it will compromise all existing encryption standards. However we are a long way from any practical implementation.
I will not address every point in this post but will let community respond.

If the no. of nodes storing the blockchain > 121, then they should also be incentivized. HOW? What is the incentive model?

Coins mentioned in post:

CoinPrice (USD)📈 24h📉 7d
BTCBitcoin8284.940$7.61%-13.82%
EOSEOS4.704$7.48%-23.24%
ETHEthereum538.732$3.05%-25.75%
STEEMSteem1.881$13.28%-26.61%

seems you're kind of grasping at straws especially when you talk quantum computers being a threat.

NOTHING is everything proof.

Yess!!.. Quantum computers are yet to come.
But DDOS attacks are possible (very tough although) on EOS nodes (due to less no.).

Please, answer this if you know.

Probable Answer #1

It is covered in following points -

  • Active BPs - They are incentivized to have uptime and to have redundant nodes.
  • Standby nodes - They are incentivized in rewards proportional to their staked votes.
  • Additionally, a BPs block producing node's IP should be kept private to the best of their ability. Their RPC nodes (if available) would be exposed, but there are likely to be many many many RPC nodes as they have an incredibly low overhead.

NOTE:

In practice, lots of chains use DPoS, all of them are attacked reguarly, most (if not all of them) are still running right now.

Chats on Telegram EOS group

1.png

2.png

3.png

4.png

5.png

6.png

7.png