[stateless validation] red team - blue team exercise

near / nearcore

Reference client for NEAR Protocol

https://near.org

GNU General Public License v3.0

2.3k stars 600 forks source link

[stateless validation] red team - blue team exercise #11142

Open wacban opened 2 months ago

wacban commented 2 months ago

Create a dedicated network running stateless validation and schedule a week long session where the red team tries to hack and break it while the blue team tries to defend it.

The goals of this exercise are to find and later fix any vulnerabilites and bugs in stateless validation (red team) and to test detection and prevention systems (blue team). This can be considered a gamified internal security audit that gives developers the time and incentives to focus on the security aspects of the system.

Ekleog-NEAR commented 2 months ago

This is similar to the drill we had... last year? Two years ago?

I definitely think it's a good idea to have these with some regularity, the main questions being:

are we actually ready enough for it to have meaning?
do we have enough time on hand for this to make sense? (At least the red team will need to prepare before the drill, to have some attack ideas ready at least)

wacban commented 2 months ago

are we actually ready enough for it to have meaning?

Currently no, I created the issue in advance just to keep track of it. It's something that I'd love to see before mainnet release.

do we have enough time on hand for this to make sense?

That is yet to be seen :) Personally I think it's worth it both for the security insights and for the fun of it.