EOS Blockchain discussion #1 - 21 BPs prone to attack? EOS Blockchain Hackable?
Hello EOSians,
My Background
I am a developer. I was involved in a DApp development over Steem Blockchain for last 2 months. Anyways, I will be releasing it soon.
In the meanwhile, I was exploring EOS blockchain theoretically. And suddenly today, a doubt occurred to me.
Question
It is related to EOS Block Producer (BP) - What if 21 BPs are attacked simultaneously? EOS blockchain HACKED!!!..
Answers
everyone with a full node can monitor what the block producers are doing. If they get hacked and produce invalid blocks everyone will see that and instantly vote the block producers out. yielding new 21 producers which are not hacked.
My opinion: OK. But, then rest of the other nodes should always be incentivized in order to take-up as and when the 1st 21 nodes is hacked. Otherwise, they won't remain as full-node.
There are 100 back up producers who can take over in the event of (for example) a DDOS attack that took down all of the top 21. The next 21 would step in immediately to produce blocks in their place.
My opinion: If this is the case, then what if 121 BPs get hacked simultaneously? Then again we have to incentivize other 100 nodes in queue, so that they can take-up as and when the (21 BPs + 100 Back-up nodes) are attacked.
There is a concept called “Rate Limiting“
In the whitepaper, will signifiantly prevent the Sillby Attack
My opinion: Rate limiting- tracks bandwidth, database storage, and computational usage. But how does it protect the EOS BPs?
Current thinking is 50% of token inflation is split among the 100 standby BPs in proportion to their votes gained.
My opinion: I am not sure about this information whether it is correct. But then my Q. is What if 121 nodes get DDOS attacked then?
each BP requires 4TB ram, 1-10gps net connections
each bp is not a static web-site
My opinion: No matter it is not a static website. But still there are ways to hack any form of IP (centralised).
The producing node of each BP would not be exposed
And DDOSing all 121 all over the world with various configurations at exactly the same time would be next to impossible
My opinion: I don't think so. Because, in Steemit top 50 is exposed. If it is correct, then possibly the attack might not be possible. But again, where the information about the hidden nodes is stored. Is the information stored in Blockchain? But EOS blockchain is not private.
It will be prevented by
- rate-limiting
- high network gps
My opinion: I don't think it will be difficult with quantum computers , super-computers.
based on current knowledge of computer science, we can say that the possibility is extremely tiny, but even if it happen, we can handle
but EOS’s hard-fork will be much smoothier than BTC/ETH
My opinion: I agree with this. The retrieval from attack is possible through Hard-fork which is not difficult as compared to BTC/ ETH because of the fact that less nodes involved in EOS.
Telegram Screenshots
Conclusion
Well, the answer to this question is not found so far from the discussion. If anyone has, can participate in the comment section.
I will be taking further topics in this discussion forum.
Stay tuned for more such detailed discussion.
Thank you for writing this. The security and integrity of the EOS ecosystem will best be served by many creative people looking for flaws and vulnerabilities, and discussing them openly, and testing them and testing the countermeasures.
For example, today I learned that core developer Jonathan recently created and tested a malicious script (there are many of these) to attempt to spam a producing node with massive amounts of spurious requests. In his test, the node hardware needed about a second to deal with the sheer volume of incoming requests. The node then shrugged off the requests, ignoring them and continuing to produce blocks.
We will certainly need more such tests, and more people like you looking for vulnerabilities, asking hard questions, and having candid discussions. Welcome.
Thanks a ton!! :) @thomasbcox
Btw, I am a fan of your opinion on EOS constitution. saw your video on @eosgo
This post makes certain assumptions based on information taken from Telegram chats. However the conclusions are based on assumptions that are not substantiated by facts are often false.
Yes there are 21 Block Producing nodes, however there are many other nodes that have a full snapshot of the Blockchain that are not producing blocks. You would have to hack 51% of all full nodes on network to compromised Blockchain that is way more then 121 mentioned.
Next: statement that any computer running on IP address can theoretically be hacked is just a theoretical assumption that has little practical utility.
Same goes to quantum computing. If invented - it will compromise all existing encryption standards. However we are a long way from any practical implementation.
I will not address every point in this post but will let community respond.
If the no. of nodes storing the blockchain > 121, then they should also be incentivized. HOW? What is the incentive model?
Coins mentioned in post:
seems you're kind of grasping at straws especially when you talk quantum computers being a threat.
NOTHING is everything proof.
Yess!!.. Quantum computers are yet to come.
But DDOS attacks are possible (very tough although) on EOS nodes (due to less no.).
Please, answer this if you know.
Probable Answer #1
It is covered in following points -
NOTE:
Chats on Telegram EOS group