Online vs offline Block Producer voting
We have recently been debating the risks of voting for block producers online. Since private keys can get compromised in the process, through phishing attacks and malware, we figured it might hamper the voting process, deter the users from voting, and indirectly affect EOS's integrity.
Less votes translate into a weaker, more random Block Producer election, and easier replacing of good BP’s with dubious ones - it takes less to vote good people out. Also, since votes decay over time, the process needs to be repeated every couple of months, increasing the risk accordingly.
We concluded it would be beneficial to be able to cast your vote offline, without ever exposing your private key on an online machine. This applies especially to people holding slightly larger wallets, as their loss from phishing and other attacks could be very painful, but can be beneficial for smaller holders as well.
Proposed solution
Tokenika has developed a tool for a completely air-gapped, offline Block Producer voting. The main idea is to generate a voting transaction while being completely offline and make sure the private key is used only for signing the transaction and is never exposed afterwards. The actual signing and key handling process uses only official EOSIO unmodified codebase. Thus the eosjs library is the only external dependency, while the rest of the code is pretty short and simple.
Audit is welcome
We would like to hand over this solution to the community for code-review and use. We have checked with several coders who have examined the code for errors, and the checks came back clear. To our best knowledge and effort, everything in it works as it should, but we need your help to make sure it is so, as the code deals with private keys. The source code is quite concise, so for anyone qualified it should not pose a problem to go through it. We would appreciate your comments below or on GitHub if you find anything that needs our attention.
Legal disclaimer (sorry, we have to do this)
The code linked in this article is offered to the EOS community for peer review. Tokenika takes no responsibility for the execution and the results of the execution of this code, it is provided as is, under MIT license.
Most important: the URL
The repository and the instructions can be found here:
https://github.com/tokenika/secure-bp-voting
Or if you prefer pure HTML version:
https://tokenika.github.io/secure-bp-voting
In use
If you decide to use this voting method, (we ourselves will), make sure your address bar looks like this (this is from Google Chrome browser, others may vary in appearance, but the URL must be the same) :
Click on the https
certificate to make sure it is valid. You should see something like this:
Click Certificate
.
If you see this, you are definitely on our GitHub, and are not being phished:
Close it and follow the instructions.
Explainer video
Here's an explainer video shot by @noisy, the lead developer of this tool:
any way to just proxy my stake to a hotwallet?
You definitely could do this @ash, but this requires additional steps (such as creating new account), and because we aimed for safe & simple solution for most of the users, we decided to not implement that into our voting tool.
If you are technical enough, I wrote some instructions how to achieve that via
cleos
running underdocker
for simplicity.BEWARE, AS THIS IS NOT AN OFFLINE SOLUTION IF THERE IS MALICIOUS SOFTWARE ON YOUR COMPUTER YOUR PRIVATE KEYS COULD BE THEORETICALLY STOLEN.
If you desire to take your own risk, do as it follows:
cleos <endpoint_adress>
prefix. You can throw container away when you're done.docker run -it eosio/eos:v1.0.1
wallet create
wallet open
wallet unlock
wallet import <your_cold_wallet_account_private_key>
create key
system newaccount <your_cold_wallet_account_name> <your_hot_wallet_account_name> <hot_wallet_owner_key> <hot_wallet_active_key> --stake-net '0.25 EOS' --stake-cpu '0.25 EOS' --buy-ram-kbytes 8
system regproxy <your_hot_wallet_account_name>
system voteproducer proxy <your_cold_wallet_account_name> <your_hot_wallet_account_name>
As I said before, it requires additional steps. We might consider making it safer and simpler in future, but I don't want to make any promises just now.
thanks, too technical, but may help other projects to add it :)
Hi, What will be the actual api address for voting purpose?