Skip to content

Latest commit

 

History

History
124 lines (93 loc) · 7.77 KB

mitigations.md

File metadata and controls

124 lines (93 loc) · 7.77 KB

Mitigation Strategies Analysis for ethereum/go-ethereum

Mitigation Strategy: Trusted Peer List/Bootnodes

  1. Identify Trusted Nodes: Research and identify reliable Ethereum nodes (e.g., run by reputable organizations).
  2. Obtain Node ENR/enode URLs: Get the enode URLs (or ENR records) of these trusted nodes.
  3. Configure Geth:
    • Static Peers (static-nodes.json): Create a static-nodes.json file in Geth's data directory. Add the enode URLs. Geth will always connect to these.
    • Bootnodes (--bootnodes flag): When starting Geth, use the --bootnodes flag with a comma-separated list of enode URLs. This aids initial peer discovery.
    • admin.addTrustedPeer() (Runtime): Dynamically add trusted peers while Geth is running using the admin.addTrustedPeer() RPC method (requires enabling the admin RPC API securely).
  4. Regular Review: Periodically review and update the list of trusted nodes.
  5. Monitor Connections: Use the admin.peers RPC method to monitor Geth's peer connections.

Mitigation Strategy: Light Client Verification (where applicable)

  1. Assess Applicability: Determine if the application can use a light client (only downloads block headers).
  2. Configure Geth: Start Geth with the --syncmode light flag.
  3. Adapt Application Logic: Modify application code to work with light client limitations.
  4. Monitor Header Sync: Use the eth.syncing RPC method to monitor synchronization.

Mitigation Strategy: Checkpoint Syncing

  1. Obtain Checkpoint: Find a recent, trusted checkpoint (block hash and number).
  2. Start Geth: Start Geth with --syncmode snap. Provide additional flags if needed for the checkpoint format.
  3. Monitor Sync: Use eth.syncing to monitor progress.
  4. Verify Checkpoint (Optional): After sync, verify the final block hash.

Mitigation Strategy: Monitor Sync Status

  1. Regular Polling: Application periodically calls eth.syncing.
  2. Data Extraction: Extract currentBlock, highestBlock, startingBlock.
  3. Analysis:
    • Check for syncing (eth.syncing returns false if synced).
    • Check for stalling (if currentBlock isn't increasing).
    • Check for discrepancies (large difference between highestBlock and currentBlock).
    • Check against external sources (compare highestBlock with block explorers).
  4. Alerting: Configure alerts based on thresholds.

Mitigation Strategy: Disable Unnecessary RPC Modules

  1. Identify Required Modules: Determine essential RPC modules (e.g., eth, net, web3).
  2. Configure Geth: Use --rpcapi to specify only required modules (e.g., --rpcapi eth,net,web3). Avoid admin, debug, personal, txpool unless essential.
  3. Test Functionality: Thoroughly test the application.

Mitigation Strategy: Restrict RPC Access (IP Whitelisting)

  1. Identify Allowed IPs: Determine allowed IP addresses (ideally, localhost or a private network).
  2. Configure Geth:
    • --rpcaddr: Specify the IP Geth listens on (e.g., --rpcaddr "127.0.0.1" for localhost).
    • --rpccorsdomain: For browser access, specify allowed origins (e.g., --rpccorsdomain "your-app.com"). Use "*" with extreme caution.

Mitigation Strategy: Authentication (JWT)

  1. Generate JWT Secret: Create a strong, random secret key.
  2. Configure Geth: Use --authrpc.jwtsecret /path/to/jwt.secret.
  3. Application Logic:
    • Token Generation: Application generates JWTs for clients (including claims like identity and allowed methods).
    • Token Inclusion: Include JWT in Authorization: Bearer <jwt> header for RPC requests.
  4. Token Validation: Geth validates JWT. Configure claim validation with --authrpc.addr and --authrpc.vhosts.

Mitigation Strategy: TLS Encryption (HTTPS/WSS)

  1. Obtain TLS Certificates: Get TLS certificates from a CA or generate self-signed ones (testing only).
  2. Configure Geth:
    • HTTP RPC: Use --rpc.tls.cert and --rpc.tls.key.
    • WebSocket RPC: Use --ws.tls.cert and --ws.tls.key.
  3. Application Logic: Connect using HTTPS/WSS URLs (e.g., https://localhost:8545).
  4. Certificate Verification: Application must verify the certificate.

Mitigation Strategy: Avoid personal API in Production

  1. Disable the Module: Ensure personal is not included in --rpcapi.
  2. Application Logic: Ensure application code does not use personal API methods.
  3. Use Clef: Use Clef as external signer.

Mitigation Strategy: Resource Limits

  1. Assess Resource Needs: Determine expected Geth resource usage.
  2. Configure Geth:
    • --maxpeers: Limit peer connections.
    • --cache: Adjust database cache size.
    • --txpool.globalslots and --txpool.globalqueue: Limit transaction pool size.
    • Other Flags: Explore other Geth flags for resource limits.
  3. Monitor and Adjust: Continuously monitor and adjust.

Mitigation Strategy: Monitor Node Performance (Geth Metrics)

  1. Choose Monitoring Tools: Select tools (e.g., Prometheus, Grafana).
  2. Configure Geth Metrics: Enable metrics with --metrics and related flags.
  3. Set Up Monitoring: Configure tools to collect Geth metrics.
  4. Create Dashboards: Visualize KPIs (CPU, memory, network, peers, block height, RPC rates).
  5. Configure Alerts: Set alerts for threshold breaches.

Mitigation Strategy: Stay Updated

  1. Subscribe to Announcements: Subscribe to Geth release announcements and security advisories.
  2. Regular Checks: Regularly check for new releases.
  3. Update Procedure: Establish a procedure:
    • Testing: Test in a non-production environment.
    • Rollback Plan: Have a plan to revert.
    • Downtime: Schedule updates during low activity.

Mitigation Strategy: Gas Limit Estimation

  1. Use eth_estimateGas: Before sending, use eth_estimateGas to estimate gas.
  2. Add Buffer: Add a buffer (e.g., 10-20%) to the estimate.
  3. Error Handling: Handle eth_estimateGas failures.
  4. Avoid Hardcoding: Don't hardcode gas limits.

Mitigation Strategy: Nonce Management

  1. Track Nonce: Maintain a local nonce counter.
  2. eth_getTransactionCount: Use eth_getTransactionCount with "pending" tag before sending.
  3. Increment Nonce: Increment counter after successful send.
  4. Error Handling: Handle eth_getTransactionCount failures and nonce errors.
  5. Resend Logic (Careful): Implement careful resend logic for nonce errors.

Mitigation Strategy: Transaction Confirmation Monitoring

  1. eth_getTransactionReceipt: After sending, use eth_getTransactionReceipt to get the receipt.
  2. Check Status: Check blockNumber and status fields.
  3. Wait for Confirmations: Wait for a sufficient number of confirmations before considering finality.
  4. Error Handling: Handle cases where the receipt is not found or the transaction is reverted.