README
¶
DolphinChain
DolphinChain is the first Vulnerable Blockchain Application in the world! dolphinchain.org
Version : 1.0.0
Table of Contents
Overview
DolphinChain is a deliberately insecure blockchain application maintained by XuanMao Secure Lab designed to teach blockchain application security lessons. You can install and practice with DolphinChain.
DolphinChain was developed based on tendermint v0.31.2 (WARNING: ALPHA SOFTWARE), which is the latest version of tendermint at that time.
In this release (v1.0.0), there are about 10 bugs in DolphinChain. Any whilehat and developer of blockhain can try to exploit the vulnerabilities. It's main goals are to be an aid for security professionals improving skills and help blockchain developers better understand the processes of securing blockchain applications.
Installation
-
Download and install golang
-
Download and install DolphinChain.
-
Get all dependencies of DolphinChain.
All you need is ready !
You can look for Installation for more details.
Usage
Deploy DolphinChain -> Find defect code -> Write verification script -> Verify vulnerability exists
- Finding Vulnerabilities: Blockchain vulnerabilities are mainly caused by code issues and logic problems.
- Write a verification script: There are two ways to test a script with PoC or Go test.
Of course we will expose all the Writeup. You can view it through our another Repository.
At the same time, we also summarized the historical vulnerability of tendermint, see Tendermint Bugs History
Tendermint Bugs History
Tendermint is a core component of the Cosmos network ecosystem and is primarily responsible for consensus and P2P. Since its development in 2014, the community has been active, code iterations are fast, and most importantly, security is highly valued. Therefore, by learning the security vulnerabilities and fixes of this chain, we can let other developers learn their ideas and avoid stepping on the pits that the predecessors have already stepped on.
Here is the bugs history of tendermint we collected. We spent almost a month finishing.
| P2P | consensus | node | RPC | marshal | message queue | database | message | logic | seed list | mempool | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| null pointer | X | X | X | X | X | X | X | X | X | ||
| null config | X | X | X | X | X | X | X | X | |||
| lack of err handle | X | X | X | X | X | X | X | X | X | X | |
| server hang on | X | ||||||||||
| Concurrent quantity limit | X | X | X | X | X | X | |||||
| Abnormal value | X | X | X | X | X | X | X | ||||
| component logic | X | X | X | X | |||||||
| overflow | X | X | |||||||||
| lock | X | X | |||||||||
| DOS | X | X | X | X | |||||||
| memory leak | X | X | X | ||||||||
| initing | X | X | X | X | X | X | X | ||||
| dependencies | X | X | |||||||||
| resource control | X | X | X | X | X |
Contribution
Welcome to submit any question via issue. Moreover, you can also develop more vulnerabilities with us.
Contributors :
Tri0nes、Javierlev
Backer
Connection
TODO
- There may be some bugs and we are fixing.
- Write
Writeupfor vulnerabilities existed - Sort out new vulnerabilities as follow-up development
- Some particularly interesting ideas
License
DolphinChain is licensed under the MIT License. See LICENSE for the full license text.
Directories
¶
| Path | Synopsis |
|---|---|
|
abci
|
|
|
proto
Package test is a generated protocol buffer package.
|
Package test is a generated protocol buffer package. |
|
cmd
|
|
|
merkle
Package merkle computes a deterministic minimal height Merkle tree hash.
|
Package merkle computes a deterministic minimal height Merkle tree hash. |
|
secp256k1/internal/secp256k1
Package secp256k1 wraps the bitcoin secp256k1 C library.
|
Package secp256k1 wraps the bitcoin secp256k1 C library. |
|
xchacha20poly1305
Package xchacha20poly1305 creates an AEAD using hchacha, chacha, and poly1305 This allows for randomized nonces to be used in conjunction with chacha.
|
Package xchacha20poly1305 creates an AEAD using hchacha, chacha, and poly1305 This allows for randomized nonces to be used in conjunction with chacha. |
|
libs
|
|
|
db/remotedb
remotedb is a package for connecting to distributed Tendermint db.DB instances.
|
remotedb is a package for connecting to distributed Tendermint db.DB instances. |
|
db/remotedb/grpcdb
grpcdb is the distribution of Tendermint's db.DB instances using the gRPC transport to decouple local db.DB usages from applications, to using them over a network in a highly performant manner.
|
grpcdb is the distribution of Tendermint's db.DB instances using the gRPC transport to decouple local db.DB usages from applications, to using them over a network in a highly performant manner. |
|
db/remotedb/proto
Package protodb is a generated protocol buffer package.
|
Package protodb is a generated protocol buffer package. |
|
errors
Package errors contains errors that are thrown across packages.
|
Package errors contains errors that are thrown across packages. |
|
events
Package events - Pub-Sub in go with event caching
|
Package events - Pub-Sub in go with event caching |
|
flowrate
Package flowrate provides the tools for monitoring and limiting the flow rate of an arbitrary data stream.
|
Package flowrate provides the tools for monitoring and limiting the flow rate of an arbitrary data stream. |
|
pubsub
Package pubsub implements a pub-sub model with a single publisher (Server) and multiple subscribers (clients).
|
Package pubsub implements a pub-sub model with a single publisher (Server) and multiple subscribers (clients). |
|
pubsub/query
Package query provides a parser for a custom query format: abci.invoice.number=22 AND abci.invoice.owner=Ivan See query.peg for the grammar, which is a https://en.wikipedia.org/wiki/Parsing_expression_grammar.
|
Package query provides a parser for a custom query format: abci.invoice.number=22 AND abci.invoice.owner=Ivan See query.peg for the grammar, which is a https://en.wikipedia.org/wiki/Parsing_expression_grammar. |
|
Package lite allows you to securely validate headers without a full node.
|
Package lite allows you to securely validate headers without a full node. |
|
client
Package client defines a provider that uses a rpcclient to get information, which is used to get new headers and validators directly from a Tendermint client.
|
Package client defines a provider that uses a rpcclient to get information, which is used to get new headers and validators directly from a Tendermint client. |
|
upnp
Taken from taipei-torrent.
|
Taken from taipei-torrent. |
|
Package privval provides different implementations of the types.PrivValidator.
|
Package privval provides different implementations of the types.PrivValidator. |
|
rpc
|
|
|
core
# Introduction Tendermint supports the following RPC protocols: * URI over HTTP * JSONRPC over HTTP * JSONRPC over websockets Tendermint RPC is built using our own RPC library which contains its own set of documentation and tests.
|
# Introduction Tendermint supports the following RPC protocols: * URI over HTTP * JSONRPC over HTTP * JSONRPC over websockets Tendermint RPC is built using our own RPC library which contains its own set of documentation and tests. |
|
lib
HTTP RPC server supporting calls via uri params, jsonrpc, and jsonrpc over websockets Client Requests Suppose we want to expose the rpc function `HelloWorld(name string, num int)`.
|
HTTP RPC server supporting calls via uri params, jsonrpc, and jsonrpc over websockets Client Requests Suppose we want to expose the rpc function `HelloWorld(name string, num int)`. |
|
lib/server
Commons for HTTP handling
|
Commons for HTTP handling |
|
tools
|
|
|
tm-monitor/eventmeter
eventmeter - generic system to subscribe to events and record their frequency.
|
eventmeter - generic system to subscribe to events and record their frequency. |