Is it unsafe to give away your node access key to users?

[ghost]

I now have a private Quorum Blockchain deployed on Azure following this tutorial. I deployed a private ERC20 OpenZeppelin smart contract via truffle. In my migrations script, I used:

deployer.deploy(contract, {privateFor: ["<alpha node access key>"], from:"<my member account"}).

I've been minting test tokens the same way, privateFor alpha node, from my account. When I add the alpha node access key to my metamask "custom RPC", tokens show correctly with no issues.

My question is: if I give this access key to another user (that I may not know), can this user use the access key to hack in some way my node/contract?

I know this: whoever has the access key CANNOT see the private contract deployed, but they CAN for example use web3js to create a new account on the node level using "web3.eth.personal.newAccount('myStrongPassword')".

This DOESN'T allow this user to interact with the private contract but I don't know if any other web3js can be used to affect the security of the whole network somehow.

Even before any private contract is deployed this way, if anyone has the defaultnode access key, they can read the accounts from the node using "web3.eth.getAccounts", so I'm guessing that if someone wants to have a completely private network they should only stay within the azure blockchain service consortium they are. and don't share any access key

For the purposes of this project, I really need to use an external wallet (users have), so I need to give away the access key of my alpha node and users can use it in their metamask to see their tokens. I just want to make sure that this is not a really bad idea.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 467739c0-98e0-50fb-cdf1-fd0733be9267
• Version Independent ID: 3f70ed58-ff71-4e95-7e90-4d1fe08846d2
• Content: Azure Blockchain Service security
• Content Source: articles/blockchain/service/data-security.md
• Service: azure-blockchain
• GitHub Login: @PatAltimore
• Microsoft Alias: patricka

[Alberto-Vega]

@ethzeus Thanks for the feedback! We are currently investigating and will update you shortly.

[Alberto-Vega]

Hi @ethzeus

Any user with access to the URL with access key will be able to see both the public as well as private transactions on that node.

It is thus strongly recommended you create a second transcation node and share its URL with the users (and send the private transactions only to the first transaction node). Furthermore, the first transaction node also contains the private key for consortium management operations, so there's a small chance that an adminsitrative misstep can unlock the account used for consortium operations for a little while allowing external users to potentially abuse that account.

Sharing the second transaction node will also solve this problem and is the recommended approach.

[asergaz]

We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

[ghost]

Thanks a lot @Alberto-Vega-MSFT & @sergaz-msft, this is really good info, I'm sure someone else will find it helpful. For now we are covered with this, now we have a big challenge with wallets, there's is no Ethereum wallet out there that supports private transactions. Metamask connected to the custom RPC URL and contract address reads the balance perfectly, but if you intend to transfer tokens yourself you can't because you can't specify the privateFor parameter. We are working to see what we can do with this, I will probably open a new issue related to this in a future. Great job by the way, I really like what you guys are doing here. Cheers

[ghost]

I was actually trying it this way and now I can't see the tokens on metamask @Alberto-Vega-MSFT @sergaz-msft. Here is what I did:

• I created a second node so now I have 'nodeA' and 'node B'.

• Deployed the contract from nodeA to nodeA using:

  truffle migrate --network nodeA

  deployer.deploy(contract, {privateFor: [nodeA], from: ownerAddress})  

• Minted tokens from nodeA privateFor nodeA using:

truffle exec mint.js --network nodeA

let mintTokens = await contract.mint( userAddress, tokenAmount, {
    privateFor: [nodeA], 
    from: minterAddress
})

userAddress is the metamask wallet address connected to the custom RPC URL of nodeB, where I added the custom token address of the deployed contract, but now I can't see the tokens. If I deploy the contract from nodeA to nodeA and also mint tokens private for nodeA of course I can't see the tokens from nodeB, but this is what I understood I had to do. What should I do to maintain the privacy and security but also provide the users the possibility to see the tokens in their wallet? Maybe contract had to be deployed from nodeA to nodeB but transactions happen from nodeA to nodeA?

Update: In any case, when I read the transaction from the txhash, It shows that the ownerAddress sent a transaction to the contract address. That's not really a problem, what we did is mint tokens from the function mint() inside the ERC20 contract, what we want to keep private is the addresses where those tokens were minted. Is this information also available in the tx hash or somewhere else?

I've been trying everything again and again and the only way that I can see the tokens on metamask is if I deploy the contract from nodeA to nodeB and then mint tokens from nodeA to nodeB, to wallet address connected to custom RPC URL of nodeB.

[ghost]

[Alberto-Vega]

@ghost I'm sorry I missed your comments. Please post on MSDN the Azure Block-chain engineering team is very active there. https://social.msdn.microsoft.com/Forums/en-US/home?forum=azureblockchain