Closed PaulMakinMojaloop closed 1 week ago
Thanks @PaulMakinMojaloop , this is critical. I've observed the same as well.
Dear @PaulMakinMojaloop ,
We have already tested the auditing service and discovered that once the auditing service has been restored, the actions that were performed during the downtime are recorded in the audit log.
Scenario 1 Step 1 : Terminate the auditing service
Step 2 : Deposit 1000 MXN to demoWalletLcc
Step 3 : Approve that fund deposit by user account
Result 1 : Any audit log is available since auditing service is down
Step 5 : Auditing service is up
Result 2 : Fund deposit and approval actions appear after the service has been up
Result 3 : Log details in kibana search
Scenario 2 Step 1 : Terminate the auditing service Step 2 : Make transactions
Step 3 : Auditing service is up Result : These transactions appears in kibana after the service has been up
State 1: Kafka service is up.
result 1: transaction is successful with 0 error.
State 2: Kakfa service is terminated.
Result 2: transaction is failed with 100% error rate.
Result 3: No participant data available and no deposit activity available after Kafka service termination.
Result 4: All the related services that need to communicate with Kafka that included settlement, participant, quote, transfer, account lookup and such are down.
test momo
Confirmed by @PaulMakinMojaloop that we can closed this comment.
Summary: When running vNext, I found that if the audit BC process failed to start, or was directly terminated, I was able to carry out auditable activities (liquidity changes etc) with no entries being made in the audit log. This is a clear security/integrity risk; if an attacker is able to kill the audit process, they could (for example) allow a DFSP to continue transaction even if there is no liquidity available; come settlement time, this presents an existential risk to the scheme operator.
Severity: High
Priority: Critical
Expected Behavior If it is not possible to add an audit log entry, then the associated activity should not be allowed.
Acceptance Criteria