Objective: To steal cryptocurrency (Ether or tokens) from accounts managed by the application or to disrupt the application's interaction with the Ethereum network, causing financial loss or reputational damage.
[Attacker Goal: Steal Cryptocurrency or Disrupt Network Interaction]
----------------------------------------------------- -----------------------------------------
| 1. Compromise Node's RPC/IPC/WebSockets Interface | | 3. Attack Smart Contracts via Node |
----------------------------------------------------- -----------------------------------------
/ | |
/ | |
[1.1] Auth [1.3]DoS [3.3] Reentrancy !!!
Bypass !!! on RPC/IPC (via geth's
Interface transaction
pool/handling)
/ \ / \
/ \ / \
[1.1.1] Weak [1.1.2] [1.3.1] [1.3.2] [3.3.1] Exploit [3.3.2] Exploit
Credentials No Auth !!! Slowloris Resource geth's handling geth's handling
(Default) (Slow Starvation of reentrant of gas limits
HTTP) (CPU/Mem) calls during reentrancy
Attack Tree Path: 1. Compromise Node's RPC/IPC/WebSockets Interface
- Description: This is a primary attack vector focusing on gaining unauthorized access to the geth node's control interfaces.
- Impact: High (Full control of the node, ability to steal funds, manipulate transactions, disrupt service)
Attack Tree Path: 1.1 Authentication Bypass (!!! Critical Node)
- Description: Circumventing the authentication mechanisms protecting the RPC/IPC/WebSockets interfaces.
- Impact: High (Direct access to node's functionalities)
Attack Tree Path: 1.1.1 Weak Credentials
- Description: Exploiting weak, default, or easily guessable passwords/API keys used for authentication.
- Likelihood: Medium-High
- Impact: High
- Effort: Very Low
- Skill Level: Novice
- Detection Difficulty: Easy
- Mitigation:
- Enforce strong, unique passwords.
- Use API keys instead of passwords.
- Implement multi-factor authentication.
- Regularly rotate credentials.
- Use a secrets management solution.
Attack Tree Path: 1.1.2 No Authentication (Default) (!!! Critical Node)
- Description: Exploiting the lack of authentication on the RPC/IPC interface, often due to misconfiguration or unintentional exposure.
- Likelihood: High (if exposed)
- Impact: High
- Effort: Very Low
- Skill Level: Novice
- Detection Difficulty: Very Easy
- Mitigation:
- Always explicitly configure authentication for all interfaces.
- Use
--authrpc.jwtsecretfor JWT-based authentication on the RPC. - Restrict IPC access to localhost or a trusted network using firewall rules.
- Regularly audit network configurations.
Attack Tree Path: 1.3 Denial of Service (DoS) on RPC/IPC Interface
- Description: Attack that aims to make RPC/IPC interface unavailable.
- Impact: Medium-High
Attack Tree Path: 1.3.1 Slowloris (Slow HTTP)
- Description: Exhausting server resources by opening many connections and sending data very slowly.
- Likelihood: Medium
- Impact: Medium-High
- Effort: Low
- Skill Level: Intermediate
- Detection Difficulty: Medium
- Mitigation:
- Configure appropriate timeouts and connection limits.
- Use a reverse proxy (e.g., Nginx) with rate limiting.
Attack Tree Path: 1.3.2 Resource Starvation (CPU/Mem)
- Description: Sending computationally expensive requests to exhaust CPU or memory.
- Likelihood: Medium
- Impact: Medium-High
- Effort: Medium
- Skill Level: Intermediate
- Detection Difficulty: Medium
- Mitigation:
- Implement rate limiting and resource quotas.
- Monitor resource usage and set alerts.
Attack Tree Path: 3. Attack Smart Contracts via Node
- Description: This category focuses on attacks that leverage the geth node as a conduit to exploit vulnerabilities in smart contracts.
Attack Tree Path: 3.3 Reentrancy (!!! Critical Node)
- Description: Exploiting vulnerabilities in smart contracts where a malicious contract can repeatedly call back into the calling contract before the first invocation completes, potentially leading to unexpected state changes and theft of funds. While primarily a smart contract issue, geth's transaction handling can influence the attack's success.
- Impact: High (Potential for significant financial loss)
Attack Tree Path: 3.3.1 Exploit geth's handling of reentrant calls
- Description: Leveraging potential subtle flaws in how geth processes transactions in its pool, specifically related to the order and handling of reentrant calls.
- Likelihood: Low-Medium
- Impact: High
- Effort: Medium
- Skill Level: Advanced
- Detection Difficulty: Hard
- Mitigation:
- Keep geth up-to-date.
- Thoroughly audit smart contracts for reentrancy vulnerabilities.
- Use established patterns to prevent reentrancy (e.g., Checks-Effects-Interactions).
Attack Tree Path: 3.3.2 Exploit geth's handling of gas limits during reentrancy
- Description: Similar to 3.3.1, but focusing on potential issues with how geth enforces gas limits within the context of reentrant calls.
- Likelihood: Low-Medium
- Impact: High
- Effort: Medium
- Skill Level: Advanced
- Detection Difficulty: Hard
- Mitigation:
- Keep geth up-to-date.
- Thoroughly test smart contracts for reentrancy and gas limit issues.
- Use
eth_estimateGascarefully and with safety margins.