Closed josibake closed 2 weeks ago
Signet was introduced in 0.21.0 meaning wargames including nodes prior to this version will not support signet at all. I think that is an issue since many exciting vulnerabilities were present before signet.
So, options?
Keep regtest
generatetoaddress
removedUse Testnet 3
ðŸ˜
Agree we should keep the older images. Keep regtest seems like the easiest path forward in the short term. Instead of modifying the images themselves, can't we just use -rpcwhitelist
to allow everything but generatetoaddress? Sure, this looks ugly, but it's a config change which means we can do it just for Tabconf and not need to modify our images.
Using testnet 3 seems cool, but this seems really hard to get ready in the next month.
A third (unholy) option: we back port https://github.com/bitcoin/bitcoin/pull/18267/ to the pre-0.21 images 😬 I took a look at the PR and the bulk of the logic is adding signet.{cpp,h}
and then lots of test files. I think this is the best approach long-term and would be happy to take a stab at it. Essentially, we just add the signet files and the necessary consensus changes and leave out the tests to keep the patches small. These old images will never change, so there isn't any risk of needing to maintain the patch (unlike our addrman patch that is applied to new images).
TLDR; try to back port signet to the old images, and if that doesn't work we use the rpc whitelist method with regtest?
This is only needed for this single tabconf exercise. IMO it doesn't seem worth much effort. Just ask folks not to do it.
Another option is to rebuild (all images ZZZZZ) with an additional (bypassable) prohibition of bitcoin-cli *generate*
commands, like this: https://github.com/bitcoin-dev-project/warnet/compare/main...willcl-ark:warnet:no-generate
rpcwhitelist was added in 20 or 21 I think.
In that case, seems like our list of "we'll just ask them not to do it" is getting pretty large. If we are going to rebuild old images, I'd prefer just adding signet to the older vulnerable images. @pinheadmz can you keep working on adding a signet miner and only test with images that support signet? I'll work on back porting signet to the vulnerable images since I've already got some other work related to old patched images I'd like to do (e.g., #508 ).
I'm fairly certain backporting signet for the old images is possible, but if you're concerned about it not being possible before Tabconf, I can time box this work to this week and you can start on the signet miner next week after I've patched the images. If I can't get it done this week, we can always go with the "can you guys please not mine" approach.
we can always go with the "can you guys please not mine" approach.
It's a bona fide strategy!
Another option is to wrap all the player tanks in a proxy: https://github.com/pinheadmz/rpc-auth-proxy
This proxy has a rpc blocklist. Maybe we can set it up as a service, then it can be applied in wargames but not in other simulations.
or we could block any mining RPCs in the scenario framework?
I'm not opposed to looking at other solutions so long as:
So far, enabling signet in warnet has seemed like the most generally useful approach, with the only blocker being a one-time fix for old CVE images. But if something like the proxy player is a better long term solution, happy to consider arguments as to why.
For war-games, we don't want teams to be able to mine their own blocks, which means we need an admin controlled miner. Signet is likely the easiest way to do this, so we will need to:
The idea of randomly mining into each teams namespace is to ensure blocks will come from enemy teams, thus each teams need to maintain connections to malicious peers to hear about new blocks. Otherwise, you could just firewall your nodes from any attacker.