Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write a comprehensive set of auditing tools #1633

Open
3 tasks
Yawning opened this issue Apr 22, 2019 · 1 comment
Open
3 tasks

Write a comprehensive set of auditing tools #1633

Yawning opened this issue Apr 22, 2019 · 1 comment
Labels
c:security Category: security sensitive epic Epic (costed tracking issue) s:needs adr Needs a design document, discussion and decision (ADR)

Comments

@Yawning
Copy link
Contributor

Yawning commented Apr 22, 2019
edited by kostko
Loading

We should have as much automated tooling to monitor the state of our blockchain as possible to detect misbehavior.

  • Audit log for entity, node, runtime registration, and staking.
  • Automated anomaly detection (eg: Something should flip out if invariants are violated, one entity ends up with all the stake, someone is mounting a sybil attack, etc).
  • A sanity checking tool for the genesis block (this should be reusable so that it can be called from both each backend's InitChain and various stand-alone tools).

More ideas welcome. This probably will require spinning up a node that keeps all history, and tracks state changes. How to best present this information is still an open question (should we have an at-a-glance overview of blockchain health as a webpage a la the Tor Consensus Health?)

Estimated cost: ~2 sprints
@Yawning Yawning added s:needs adr Needs a design document, discussion and decision (ADR) epic Epic (costed tracking issue) labels Apr 22, 2019
@Yawning Yawning mentioned this issue Jul 1, 2019
Merged
11 tasks
@Yawning
Copy link
Contributor Author

Yawning commented Aug 21, 2019

Per a meeting:

  • Detecting when duplicate keys appear on the network (to detect key compromise and or misconfiguration).

@kostko kostko mentioned this issue Oct 18, 2019
Closed
@kostko kostko mentioned this issue Oct 30, 2019
Merged
5 tasks
@kostko kostko added the c:security Category: security sensitive label Oct 30, 2019
This was referenced Oct 31, 2019
Open
Merged
@kostko kostko mentioned this issue Nov 8, 2019
Closed
@abukosek abukosek mentioned this issue Nov 11, 2019
Merged
@abukosek abukosek mentioned this issue Nov 25, 2019
Merged
@abukosek abukosek removed their assignment Sep 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c:security Category: security sensitive epic Epic (costed tracking issue) s:needs adr Needs a design document, discussion and decision (ADR)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kostko @abukosek @Yawning