-
Notifications
You must be signed in to change notification settings - Fork 109
Private transactions with potential bad actors #107
Comments
Hi @steveruckdashel. As of the versions you are citing the scenario you are proposing is possible since the private contract addresses are written in the chain. Our basic advice to counter this is that even private contracts must validate sender addresses as an authorized users allowed to interact with smart contracts. In the future releases of Tessera and Quorum this is going to be addresses as well through enforcing the party participation at contract creation step. |
@fixanoid, I reproduced the issue again both Tessera and Constellation using 7nodes. Here's the first modified
Node 4 is able to successfully update the state of Node 1 to Things go sideways when node 4 doesn't use the correct ABI for the smart contract. Here's my modified
This causes node 1 to not sync past the block that contains the transaction. Node 7 (party to the contract) is fine. Will the party participation enforcement prevent this? |
Hey @steveruckdashel there are several methods we are looking into here. One is to hide the address of the private contract from non-participants and the other approach is to enforce access to the private address only to the original participants. Both are being looked at and we should have some implementation by the end of the year. As far as conditions described above, this seems like a bug, so we're gonna investigate it a little to see where its coming from. |
So looks like the error caused by wrong ABI should actually have been addressed on master with a recent pull. Could you retest with Quorum built off master? Thanks! |
We are attempting to understand how the Constellation network deals with possible bad actors that attempt to interact with private contracts they were not made a party to. In our testing, this can allow a bad actor to put a target peer in a bad state.
The 7node demo shows these step with a constellation private contract:
But what happens when Charlie sends an update transaction to Alice?
This scenario is not explicitly disallowed and results in a bad block from Alice's perspective being sealed. The rest of the network believes this is a valid block. Alice will drop any peer connections to nodes that send this "bad block" to her. She is effectively disconnected from the network.
Shouldn't this scenario be disallowed?
Network Details:
Quorum v2.1.0
Constellation 0.3.2
IBFT Consensus
Alice, Bob and Charle are not validators.
The text was updated successfully, but these errors were encountered: