51 large

硬分叉如果出现两个并行链可能会导致重放攻击,建议大家紧跟 winning chain!!

rubyu2 · 于 发布 · 最后由 rubyu2回复 · 2164 次阅读

两位安全专家都在blog里发表如果存在两个chain可能导致的重放攻击的可能:

http://vessenes.com/hard-fork-and-replay-concerns/

I'd urge the Ethereum community as a whole to drop the losing fork, especially exchanges or other groups that could give financial incentive to keep up with the losing chain.

http://hackingdistributed.com/2016/07/17/cross-chain-replay/

Short answer: Don't. Not everything is undoable in life, and undoing The DAO hack is hard enough without having to also provide infinitely many options for all time to all users. And there's great value in making the fork choice sticky. Let's converge quickly to the outcome where we are all on one major winning chain.

包括reddit上也有相关讨论:

https://www.reddit.com/r/ethereum/comments/4t82uq/replay_attack_redux_ef_devs_confirm_the_issue_is/

核心部分翻译:
首先在一个chain上做一个有效交易,然后把它放到另外一个链上。因为没有办法区别交易来自于哪个chain,简单来讲,他们会做同样的事情。

如果交易所已经在一个chain上支付了某个人,然后在另外一个chain上重新withdrawal会导致相同的花费。同样的任何一个fanction call都可以用这种方式来复制。

我急切的希望以太坊社区整体放弃掉废弃的分支,尤其是交易所或者其他团体可以提供经济激励来跟进废弃chain。

  • 51 large
    rubyu2

    攻击的方式:
    A Working Cross-Chain Attack With Nonces
    So, to get this working, we need

    A participant on both chains
    A way to iterate the attack victims nonce
    Good timing
    Note that we don't even need an exchange participating on the 'old' chain -- Only the attacker need use both chains. Let's imagine the following participants

    "Modern" Exchange only working on the main chain
    "Principled" Exchange only working on the old chain
    "Attacker" on both chains
    Now, how do we proceed?

    Attacker withdraws from the "Modern" exchange to an address they control on the main chain.
    Attacker replays the withdrawal, and any withdrawals needed to get the nonce up to the correct number on the "Principled" chain.
    The attacker now has the same coins on both chains.
    Attacker sends coins to the "Principled" exchange, sells, and turns those into Bitcoin.
    The universes have been merged, and the attacker has gotten extra value.

    Note that the nonce management is tricky; if the attacker can't get up to the proper nonce, the transaction will be held in the pool. If the "Modern" exchange participates on the "Principled" chain, they can increase the nonces past the withdrawal.

  • 51 large
    rubyu2

    Cross-chain replay attacks will force people to either defend themselves against such attacks (as outlined in the next paragraph), or to select one of the chains and stick with that selection. If you don't employ any defenses, you should interact with smart contracts only on the chain where you think the economic majority will be. The fact that the minority chain can be abused via chain hopping provides an incentive to quickly converge to a single unified chain. This is not a bad thing -- it's known as a Schelling point and we should all converge to it.

    非常有意思的一点,少数派的chain会被自然淘汰,因为chain hopping。

  • 51 large
  • 51 large
    rubyu2

    更多关于重放攻击的方式:https://ethereum.stackexchange.com/questions/26/what-is-a-replay-attack

    在testnet如果有AccountA发送到AccountTest,有人获得了tx之后,如果在public chain上AccountA确实存在funds,就可以使用重放攻击。

    所以开发者在测试网络测试的时候,要使用不同的地址和密码。