POSTER: As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service
conduct a systematic measurement study on nine real-world RPC services which control most DApp clients’ connection to the Ethereum main net.
进行系统测量研究,在九个RPC服务上,RPC服务控制了绝大部分的分布式app的对主网连接
propose a novel measurement technique
提出了一种新型测量技术
based on orphan transactions
基于 orphan transaction // 区块链术语
to discover the previously unknown behaviors inside the BlackBox RPC services
来发现黑匣子RPC服务中以前未知的行为
all the nine services tested (as of Apr. 2020) are vulnerable to DoERS attacks
所有九种服务对DoERS攻击都很脆弱
result in the service latency increased by 2.1X ∼ 50X
可能导致服务延迟2.1到50倍
Some of these attacks require only a single request.
有些这样的攻击仅需要一次请求
propose mitigation techniques against DoERS without dropping service usability,
提出了缓解DoERS攻击而不损伤服务可用性的技术
DApp clients running inside web browsers send requests to a Remote Procedure Call (RPC) service that translates the clients’ requests to cryptocurrency transactions or queries to a blockchain P2P network.
运行在web浏览器中的DApp客户端向远程过程调用(Remote Procedure Call, RPC)服务发送请求,该服务将客户端的请求转换为加密货币交易或查询到区块链P2P网络。
at least 63% of Ethereum based DApps use one RPC service [5].
It is important to note that DoS is known to pose a significant threat to the blockchain ecosystem
DoS攻击是对区块链生态的巨大威胁, RPC服务的去中心化程度没有区块链网络高,如果发生DoS攻击它可能成为一个单点故障,可能导致DApp系统崩溃
DoERS is different from other DoS attacks
First, it aims at disrupting the communication channel between a blockchain and its DApps by blocking third-party RPC services, not taking down the blockchain itself as the other attacks do. Second, our attack exploits a unique weakness – Gas-free contract execution on RPC-enabled Ethereum nodes, while existing DoS attacks seek under- priced instructions for attacking replicated smart-contract ex- ecution [24], [15], [9] or misusing mining mechanisms [23]
DoERS只扰乱区块链和DApp之间的信道,通过阻塞RPC服务达到,而不是关闭区块本身
攻击利用了一个独特的弱点——在启用rpc的以太坊节点上执行无气体合约,而现有的DoS攻击寻求低价指令来攻击复制的智能合约执行或滥用挖掘机制
POSTER: As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service
conduct a systematic measurement study on nine real-world RPC services which control most DApp clients’ connection to the Ethereum main net.
propose a novel measurement technique
based on orphan transactions
to discover the previously unknown behaviors inside the BlackBox RPC services
all the nine services tested (as of Apr. 2020) are vulnerable to DoERS attacks
result in the service latency increased by 2.1X ∼ 50X
Some of these attacks require only a single request.
propose mitigation techniques against DoERS without dropping service usability,
DoERS is different from other DoS attacks
New Attack, New Understanding, Metigation