Open phroi opened 3 months ago
@msjyryxdzzj @jlguochn when you fully understand the iCKB proposal and Scripts, feel free to evaluate this hypothetical attack vector
@msjyryxdzzj moving our discussion from #18 to this issue:
my initial attack would have been resisted by the nervos DAO, but the one you've revised for me since then bypasses this check and can achieve similar attacks
What do you think about the BusyWork Attack?
I think the possible impact of a busy work attack is much lower with enough money.
Hey @msjyryxdzzj, thank you for publicly expressing your interest in iCKB by auditing the proposal and L1 scripts source code as part of the Scalebit external audit, I personally appreciate a lot!! 🙏
I think the possible impact of a busy work attack is much lower with enough money.
Yeah, that's my take too: the impact is limited when the iCKB Pool is big enough :thinking:
I'll keep this issue open as a form of documentation!
iCKB is now approaching its final stage before launch: iCKB is undergoing an internal audit, later a formal external audit, then shortly after iCKB will finally launch on mainnet.
Given all this, I'd like to once again document the Busywork Attack and ask for more eyes on it.
This attack works very similarly to the one described in the Standard Deposit section, but it's even simpler.
An attacker who can borrow a big enough capital can simply attack by repeating the following two steps:
Depending on the amount of capital used for the attack, this could reduce the quality of the service for everyone, as the only remaining deposits would be those whose maturity date is a bit more far away, so this could hamper the protocol fruition.
When I first analyzed this attack, the project was still named CKB++, I ask forgiveness for quoting my old analys:
Quoting @jordanmack:
@XuJiandong does all this sound reasonable?