Dodging bullets: Ethereum state issues

The purpose of this article is to formally disclose a serious threat to the Ethereum platform, the danger of which is clear and unequivocal until the "Berlin" hard fork. Let's start with some background on Ethereum and "state". The Ethereum state is a Patricia-Merkle trie (a Merkle tree with prefix tree rules). This article will not go into too much detail, you just need to know that as the number of states grows, the branches of this tree structure will become denser and denser. Every time there is an additional account on the Ethereum blockchain, the tree will have an additional leaf node. At the root and leaf nodes of the tree, are many so-called "intermediate" nodes. In order to find an account, or to find a certain "leaf" on this huge tree, it is necessary to parse 6 to 9 hash values, starting from the root node, passing through intermediate nodes, and finally parsing to a hash value that can give us what we need. The hash value of the data. To put it in plain English: Whenever you want to find an account on this tree, you have to go through 8 to 9 parsing operations. Each parsing operation is a database query, and each database query means an indeterminate number of multiple hard disk operations. The number of hard disk operations is difficult to estimate, but because the "keys" of the state tree are cryptographic hashes (collision-resistant), these keys are random, which is worst for all databases Condition. As the state of Ethereum increases, it is necessary to increase the gas consumption of operations that access the state tree. We did this back in October 2016 with the "Tangerine Whistle" fork (included in EIP 150, activated at block 246 3000). EIP 150 drastically increases gas consumption for specific operations and introduces a series of measures to protect the network from DoS attacks; this was introduced after the so-called "Shanghai attack". Do Kwon: I hope that more facts will be exposed, and I feel sorry for those who suffered losses in the UST incident: On November 16th, Do Kwon, the founder of Terra, posted on social media: I am sorry for investors who suffered losses on UST , I still think the most important use case of crypto is to be a decentralized currency above and beyond. Regarding the current discussion in the market that the person who is currently in trouble caused the collapse of UST, I hope that more truths will be exposed in the next few months. While I was certainly at fault, I maintain that I did not commit fraud. Jinse Finance previously reported that Luna Foundation Guard (LFG) released its technical report audited by the third-party audit company JS Held on social media today. According to the report, LFG spent $2.8 billion (80,081 bitcoins and $49.8 million in stablecoins) to prevent UST from unpegging, and Terraform Labs (TFL) also spent $613 million of its own funds to prevent UST from unpegging. LFG has used almost all of its funds to prevent UST from decoupling. [2022/11/16 13:13:48] Another such gas consumption increase was during the "Istanbul" fork, activated at block height 906 9000 (December 2019), introducing EIP 1884. 1884 The content-zce includes: SLOAD opcode gas consumption increased from 200 to 800 gasBALANCE consumption increased from 400 to 700 gas (also added a cheaper SELFBALANCE opcode) EXTCODEHASH consumption increased from 400 to 700 gas The number of addresses above 1BTC increased by 8641 in August: Golden Finance News, data shows that there are 806.520 addresses currently holding at least 1BTC, and the number of addresses has increased by 8641 in the past month, a decrease of 45.36% from July. Among them, addresses holding 1-10 BTC increased by 7679 addresses, and addresses holding 10-100 BTC increased by 886. [2022/9/1 13:02:11] In March 2019, Martin Swende measured the performance of EVM opcodes. This research later led to the creation of EIP-1884. The paper titled "Broken Metre" was published (September 2019) a few months before the 1884 activation. Two ethereum security researchers — Hubert Ritzdorf and Matthias Egli — teamed up with Daniel Perez, one of the authors of the paper, to “weaponize” a vulnerability and submit it to ethereum’s bug bounty program. That was on October 4, 2019. We recommend that you read their submissions in their entirety, they are very well written. In a channel dedicated to cross-client security, developers from the Geth client, the Parity client, and the Aleth client were told about the report, all on the same day. The essence of the vulnerability is to trigger random tree lookups. A very simple variant is: Metaverse app Tripp completed $11.2 million in financing, Qualcomm and others participated in the investment: On June 2, Meditation Metaverse app Tripp announced the completion of $11.2 million in financing, this round of financing Bitkraft Ventures, Amazon Alexa Fund , Qualcomm (Qualcomm), HTC, Niantic and Mayfield participated in the investment. The financing will develop Augmented Reality (AR), Virtual Reality (VR) and mobile applications in Tripp to meet users' mental health care needs. It is reported that Tripp recently announced the acquisition of BeardedEye's virtual world construction platform Eden, which aims to build a safe and community-driven experience in the meditation metaverse. (VentureBeat) [2022/6/2 3:57:51] In their report, the researchers performed this load on nodes synced to the mainnet via the eth_call RPC endpoint, and here is the time it took them to consume 10 million gas . Using EXTCOEHASH (nominal gas consumption is 400) to consume 10 million gasParity: about 90 seconds Geth: about 70 seconds Using EXTCODESIZE (nominal gas consumption is 700) to consume 10 million gasParity: about 50 seconds Geth: about 38 seconds (Translator Note: The meaning here is that if a 10 million gas block is filled with these two opcodes, it will take so long for the node to process the block) It is obvious that EIP-1884 does reduce the attack effect, but it is still not enough. The American "Vanity Fair" magazine and the NFT project Valuart jointly launched a new metaverse project: April 22 news, during the Venice Biennale that lasts from this Saturday to November 27, the American "Vanity Fair" magazine cooperated with the NFT project Valuart , will launch a metaverse project called "MetaVanity" in Italy. The project features 12 virtual exhibits based on the Roman Pantheon, which visitors can participate in through the Hadem app. Previously, in December last year, the American "Vanity Fair" magazine launched the first NFT cover and auctioned it on the APENFT Marketplace. (wwd)[2022/4/22 14:41:12] At that time, it was very close to Devcon Osaka. During Devcon, knowledge about this issue spread among mainnet client developers. We also met with Hubert and Mathias, and Greg Markou (who is from the Chainsafe team and has been working on ETC). The developers of the ETC blockchain also received the report. As 2019 drew to a close, we found that the problem was even trickier than we thought, with malicious transactions that could cause block times to extend into the minutes. What's more difficult is that the developer community is already dissatisfied with EIP-1884, which breaks some contracts, and both users and miners want to increase the gas limit of the block. Furthermore, just two months later, in December 2019, Partiy Ethereum announced that it was exiting, and the OpenEthereum project took over code maintenance for the Parity client. So a new client collaboration channel was created, and the developers of Geth, Netheremind, OpenEthereum, and Besu continued to collaborate. Bank of New York Mellon plans to launch a digital asset custody platform within this year: According to news on February 25, large investment bank New York Mellon (BNY Mellon) is developing a digital asset custody platform that allows institutional clients to gain exposure to cryptocurrencies. Customers will be able to store Bitcoin and Ethereum in BNY Mellon’s encrypted wallet powered by Fireblocks technology. However, once regulatory approval is obtained, the service will gradually add and integrate various tokenized traditional and digital assets. The new service is expected to launch later this year, the investment bank said. BNY Mellon also said it would be the "first to enter" the global digital custody market. According to reports, Bank of New York Mellon intends to start its business in the United States first, and then expand globally according to demand. Talia Klein of BNY Mellon predicts that the service may expand to the UK, after the US. It is reported that in February 2021, Bank of New York Mellon announced that the company is building the industry's first multi-asset digital custody and management platform for traditional and digital assets. (Cointelegraph) [2022/2/25 10:16:33] We realized that only a two-pronged approach could solve this problem. On the one hand, we need to improve the Ethereum protocol, that is, to solve this problem at the protocol layer; it is best not to break the contract, nor to punish "good faith" behavior, but to prevent attacks. On the other hand, we can rely on software engineering to change the data schema and structure within the client. The first line of thought to deal with this type of attack is this. In February 2020, its official version was published as EIP 2583. The idea behind this proposal is to add a penalty that is triggered every time a tree lookup results in a miss ("not found"). However, Peter figured out a way around it - a "shielded relay" attack - that essentially capped the penalty (around 800). The problem with the penalty miss method is that there must be a search-zce process before it can be determined whether to impose penalties. But if the remaining gas is no longer enough to impose the penalty, then (from the protocol's point of view) an underpaid consumption process has already been executed. Even though this would cause an error to be thrown, these state reads can be encapsulated into nested calls, allowing external callers to repeat the attack without paying the (full) penalty. Therefore, this EIP has also been abandoned, and we are looking for better alternatives. Alexey Akhunov researched the concept of Oil - a secondary "Gas", but unlike Gas, it is invisible to the execution layer and can cause a transaction-global revert. Martin made a similar proposal, called "Karma", in May 2020. While many of these proposals are progressing, Vitalik Buterin proposes simply increasing gas consumption and maintaining an "access list". In August 2020, Martin and Vitalik began iterating on what would become EIP-2929 and its companion, EIP-2930. EIP-2929 fundamentally solves many of the problems mentioned above. Contrary to EIP-1884; 1884 unconditionally increases Gas consumption, but 2929 only increases Gas consumption for accessing new objects. That adds less than a percentage point to net costs. Likewise, when paired with the EIP-2930, no contracts will be broken. It can also be adjusted further (without breaking the contract) by increasing the gas consumption. On April 14, 2021, both EIPs will be activated during the "Berlin" fork. Peter tried to solve this problem with a dynamic state snapshot, which was October 2019. A snapshot is a secondary data structure used to store Ethereum state in a flat format. Snapshots can be created during the normal operation of the Geth node and do not need to be offline for execution. The advantage of snapshots is that they can be used as an accelerated structure for state access: Instead of performing O(log N) disk reads (multiplied by the overhead of LevelDB) to access an account/storage item, snapshots can provide direct , O(1) level access time (multiplied by the overhead of LevelDB). Snapshots also support iteration over account and storage items at O(1) complexity per entry, which enables remote nodes to retrieve continuous state data much cheaper than before. The presence of snapshots also supports other, more exotic uses, such as offline pruning of the state tree, and migration to another data format. The downside is that a snapshot is equivalent to a full copy of the raw data of the account and storage items. If used in a mainnet environment, this means an additional 25 GB of SSD space is required. The idea of dynamic snapshots has been around since mid-2019, when the main goal was to enable "snapshot sync".

Tags：

SOL