Open jacksteroo opened 3 years ago
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 5139.4396 ONE (753.99 USD @ $0.15/ONE) attached to it.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 265 years, 1 month from now. Please review their action plans below:
1) yahtoo has started work.
This is an interesting question, I will study the code carefully and test it。
Learn more on the Gitcoin Issue Details page.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work for 5139.4396 ONE (1131.93 USD @ $0.23/ONE) has been submitted by:
Description
libp2p peer ID is based only on RSA public key. This allows an attacker to create unlimited number of nodes on a single machine (same IP address) and use these nodes to monopolize the incoming/outgoing connections of victim nodes.
Context
The current design allows incoming connections without checking against IP-based for duplicity. An attacker controlling a host may create a large number of libp2p peer IDs and create connection to a victim host under those peer IDs. This leads to a few problems:
Use case
If this is solved, this may lead to a use case where multiple nodes NAT'ed behind a gateway (using the same public/external IP address) may be affected. This will be out of the scope of this resolution. Support for NAT whitelisting as a configuration policy can be planned to mitigate this if we receive reports from validators regarding this issue.
See GitHub issue
Acceptance Criteria
Reward
USD $750 (in ONEs)