PLC/vPLC>> damn-vuln-blockchain>> 返回
项目作者: realaravinth

项目描述 :
A bloody vulnerable Proof-of-Stake based blockchain that I'm building for fun
高级语言: Rust
项目地址: git://github.com/realaravinth/damn-vuln-blockchain.git
创建时间: 2021-01-01T13:38:42Z
项目社区:https://github.com/realaravinth/damn-vuln-blockchain
开源协议:GNU Affero General Public License v3.0
下载



Wagon

# Damn Vulnerable Blockchain

CI (Linux)/badge.svg>)
Documentation
codecov
AGPL License
dependency status

This is a test blockchain that I build for fun and as the name
suggests, it is bloody vulnerable.

How to build

  • Install Cargo using rustup with:
  1. $ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • Clone the repository with:
  1. $ git clone https://github.com/realaravinth/damn-vuln-blockchain
  • Build with Cargo:
  1. $ cd damn-vuln-blockchain && cargo build

Usage:

Damn Vulnerable Blockchain comes with a peer implementation called
dwb. dwb supports three modes:

Mode Function
Attacker Configured to fork the blockchain and perform a double spend. See
Auditor This is a special peer that acts as the discovery node and mint. It should be spawned first.
Victim This peer will be configured to take itself down when an attack command is issued.
Normal No special abilities, just an other node in the network

dwb usage:

  1. Damn Vulnerable Blockchain 0.1
  2. Aravinth Manivannan <realaravinth@batsense.net>
  3. A bloody vulnerable blockchain implementation
  5. USAGE:
  6.     dwb --auditor <auditor> --mode <mode> --network-size <network_size> --name <peer_id> --public-ip <public_ip>
  8. FLAGS:
  9.     -h, --help       Prints help information
  10.     -V, --version    Prints version information
  12. OPTIONS:
  13.     -a, --auditor <auditor>              address of auditor node
  14.     -m, --mode <mode>                    available modes:
  15.                                              auditor
  16.                                              normal
  17.                                              attacker
  18.                                              victim
  19.     -s, --network-size <network_size>    set intial network size
  20.     -n, --name <peer_id>                 set peer name
  21.     -i, --public-ip <public_ip>          set public IP

Spinning up a cluster:

The easiest way to spin up a cluster locally is using ./network.sh.

  1. USAGE:
  2. USAGE:
  3.   ./network.sh
  4.   launch         launches test network
  5.         release  launches network in production setup(seperate auditor launch)
  6.         auditor  launches auditor
  7.   kill             kills test network
  8.         release  kills network in production setup(seperate auditor launch)
  9.         auditor  kills auditor

Web interface:

A read-only web interface is available at the root of every peer. It is
capable of aggregating state from all peers in network and displaying it.


dwb-network-topology

Transaction Wrokflow:


dwb-network-topology

Attack Scenario:

Network Topology


dwb-network-topology
  1. Fork chain on attacker:
    This makes a copy of AssetLedger and Chain state which can be
    exposed to victim later in the attack
  1. $ curl -X POST localhost:7001/fork
  1. Set attack on victim:
    This simulates DoS on the victim and effectively blacking itself out.
  1. $ curl -X POST localhost:7002
  1. Sell asset from attacker to normal:
  1. $ curl -X POST 'localhost:7001/assets/sell' \
  2. --header 'Content-Type: application/json' \
  3. --data-raw '{
  4.     "asset_id": "4D2DF03943EA557997577CD2F52AB707A10D75D59A2B5C3682CDFA9816CD120F",
  5.     "buyer_peer_id": "normal.batsense.net" }'
  6. # replace peer ID and asset ID

  1. Set attack on attacker

  2. Sell same asset from step 3 to victim:

  1. $ curl -X POST 'localhost:7001/assets/sell' \
  2. --header 'Content-Type: application/json' \
  3. --data-raw '{
  4.     "asset_id": "4D2DF03943EA557997577CD2F52AB707A10D75D59A2B5C3682CDFA9816CD120F",
  5.     "buyer_peer_id": "victim.batsense.net" }'
  6. # replace peer ID and asset ID

Credits:

Logo made by Freepik from
Flaticon. Do check them out!