Corda Data Tampering Issue

南楼画角 提交于 2019-12-18 02:58:06

问题


Background: We learned that corda is not tamper-proof but tamper-evident. So, if one of the node manipulated a state directly in the database, other nodes will be able to detect and flag it if that state was used in subsequent transactions. However, our test results were not as per our expectation. Corda did not flag the state that was tampered and in fact it recorded the new state with tampered data in all participant nodes.

Prerequisites: Comment Out Contract Validations: We commented contract code to check if the data tampering is detected in Corda without the check being explicitly done at command level.

Steps to replicate:

  1. Start obligation Cordapp.
  2. Create 3 obligations between Party A and Party B (100 THB, 256 THB and 100 THB)

  3. Edit the VAULT_STATES table in the database of Party B, by looking at the differences between the hexs. Obligations with different amount is on the left and the two obligations with the same amount is on the right. From the editor when they are at same amount there are 2 differences (presumably linear-id & timestamp related) and when they are at different amount the 3rd discrepancy is showed on the left.

  4. Overwrite the specific portion with the lower value amount, update vault using SQL on Party B’s vault:

  1. After this update, check Party B’s vault and the amounts are changed to 100 THB on all 3 obligations.

  2. However, Party A’s vault will show original amounts (100, 256, 100) as the data was not tampered in Party A’s vault.

  3. Transfer ALL obligations from Party B to Party C

  4. Transfer obligations result: Party B have no more obligations

  5. Transfer obligations result: Party C will get all Party B’s Obligations (100 THB for all, i.e. tampered data was passed on to the new party)

  6. Transfer obligations result: Party A’s vault will also be updated with tampered data. It couldn’t identify or flag tampered data.

How to get Corda participant nodes to detect tampered states? have i missed some config while setting up the node?


回答1:


I'm afraid this discussion may take a while because most of us are off on holiday from this afternoon.

We'll have a go at replicating what you did here. However it's not clear to me that this is a bug.

You say you commented out the contract validation logic. It sounds like what may have happened is this:

  1. Edit the states table to hold a corrupted state.
  2. Build a transaction with INPUT=pointer to previous correct state. OUTPUT=(corrupted state)+edit to hold new owner field.
  3. This transaction is now signed and transferred.

This transaction would have been considered invalid and rejected when the transfer to Party C is attempted, because it'd be an illegal state transition: the numbers do not balance. But you commented out the code that checks for that! So nothing anywhere is saying you aren't allowed to simply change the size of an obligation whenever you like ... Corda doesn't know that implicitly if you comment out the code that contains this knowledge. Thus from the IOU app's perspective changing the size as you transfer it is now a perfectly legitimate thing to do.

Here's the question - if you leave the app alone and don't modify its source code, is the tampering detected? If the answer is still "no" then we have some more investigation to do.



来源:https://stackoverflow.com/questions/47918053/corda-data-tampering-issue

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!