Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(dashmate): core RPC platform services authentication #1883

Merged
merged 16 commits into from
Jul 9, 2024
Merged

chore(dashmate): core RPC platform services authentication #1883

merged 16 commits into from
Jul 9, 2024

Conversation

shumkov
Copy link
Member

@shumkov shumkov commented Jun 12, 2024
edited
Loading

Issue being fixed or feature implemented

Currently, all platform services are using the same RPC user and work queue to process commands. This approach has many downsides:

  • If one of the services is compromised, an attacker can perform any RPC command including quorum sign (signing arbitrary data with quorum member key)
  • An attacker can perform a pretty simple DoS attack, calling slow RPC with DAPI or Drive and pause the chain (or even worse).

What was done?

  • Updated to Core 21 that supports two RPC queues
  • Define Core RPC users per service and priority
  • Define whilelists of commands for RPC users. Core doesn't support it so it will be activated in an upcoming PR.
  • Updated Dashd RPC client to support new the createWallet command.
  • Introduce a low priority Core RPC client to Drive ABCI for check tx calls

How Has This Been Tested?

With tests

Breaking Changes

None

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
  • I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

  • I have assigned this pull request to a milestone

@shumkov shumkov changed the title chore(dashmate): platform services authentication for Core RPC chore(dashmate): core RPC platform services authentication Jun 12, 2024
shumkov added a commit to dashpay/dash-network-deploy that referenced this pull request Jun 23, 2024
@shumkov
chore: update dashmate config for dashpay/platform#1883
2e343a8
@shumkov shumkov mentioned this pull request Jun 23, 2024
Merged
5 tasks
shumkov added 8 commits June 23, 2024 20:52
@shumkov
chore: bump version to 1.0.0-pr.1883.1
bf61ed5
@shumkov
chore: update lock file
9ee0c61
@shumkov
chore: bump version to 1.0.0-pr.1883.2
2976d9d
@shumkov
chore(dashmate): activate SPORK_24_TEST_EHF
8002e48
@shumkov
chore: adjust logging
9c31a83
@shumkov
chore: update to Core 21.0.0-rc.1
10a4036
@shumkov
Merge branch 'refs/heads/v1.0-dev' into chore/secure-core-rpc
a9a7bae 
# Conflicts:
#	.pnp.cjs
#	Cargo.lock
#	package.json
#	packages/bench-suite/package.json
#	packages/dapi-grpc/Cargo.toml
#	packages/dapi-grpc/package.json
#	packages/dapi/package.json
#	packages/dash-spv/package.json
#	packages/dashmate/configs/getConfigFileMigrationsFactory.js
#	packages/dashmate/package.json
#	packages/dashpay-contract/Cargo.toml
#	packages/dashpay-contract/package.json
#	packages/data-contracts/Cargo.toml
#	packages/dpns-contract/Cargo.toml
#	packages/dpns-contract/package.json
#	packages/feature-flags-contract/Cargo.toml
#	packages/feature-flags-contract/package.json
#	packages/js-dapi-client/package.json
#	packages/js-dash-sdk/package.json
#	packages/js-grpc-common/package.json
#	packages/masternode-reward-shares-contract/Cargo.toml
#	packages/masternode-reward-shares-contract/package.json
#	packages/platform-test-suite/package.json
#	packages/rs-dapi-client/Cargo.toml
#	packages/rs-dapi-grpc-macros/Cargo.toml
#	packages/rs-dpp/Cargo.toml
#	packages/rs-drive-abci/Cargo.toml
#	packages/rs-drive-proof-verifier/Cargo.toml
#	packages/rs-drive/Cargo.toml
#	packages/rs-platform-serialization-derive/Cargo.toml
#	packages/rs-platform-serialization/Cargo.toml
#	packages/rs-platform-value-convertible/Cargo.toml
#	packages/rs-platform-value/Cargo.toml
#	packages/rs-platform-version/Cargo.toml
#	packages/rs-platform-versioning/Cargo.toml
#	packages/rs-sdk/Cargo.toml
#	packages/simple-signer/Cargo.toml
#	packages/strategy-tests/Cargo.toml
#	packages/wallet-lib/package.json
#	packages/wasm-dpp/Cargo.toml
#	packages/wasm-dpp/package.json
#	packages/withdrawals-contract/Cargo.toml
#	packages/withdrawals-contract/package.json
#	yarn.lock
@shumkov
chore: update packages after merge
63e0a27
@shumkov shumkov marked this pull request as ready for review July 9, 2024 05:34
@shumkov shumkov requested a review from QuantumExplorer as a code owner July 9, 2024 05:34
@shumkov shumkov added this to the v1.0.0 milestone Jul 9, 2024
@shumkov shumkov merged commit 11645a6 into v1.0-dev Jul 9, 2024
29 checks passed
@shumkov shumkov deleted the chore/secure-core-rpc branch July 9, 2024 17:20
@shumkov shumkov mentioned this pull request Jul 16, 2024
Merged
6 tasks
shumkov added a commit to dashpay/dash-network-deploy that referenced this pull request Jul 19, 2024
@shumkov
chore!: update to Platform v1.0.0-beta.3 and Core v21 (#646)
52b35cd 
* chore: update to Platform 1.0.0-dev.16

* chore: update dashmate config for dashpay/platform#1883

* fix: invalid dashmate template json

* chore: support recent dashmate version

* chore: active EHF

* style: move variable at the end of the task name

* fix: fail if vars are not set properly

* chore: use private interface for grovedb visualiser

* chore: disable EHF activation

* chore: enable EHF activation
ktechmidas pushed a commit to dashpay/dash-network-deploy that referenced this pull request Jul 21, 2024
@shumkov
feat: configure dashd devnet quorums (#647)
9bb4085 
* chore: update to Platform 1.0.0-dev.16

* chore: update dashmate config for dashpay/platform#1883

* fix: invalid dashmate template json

* chore: support recent dashmate version

* chore: active EHF

* style: move variable at the end of the task name

* fix: fail if vars are not set properly

* chore: use private interface for grovedb visualiser

* chore: disable EHF activation

* chore: enable EHF activation

* feat: configure dashd devnet quorums

* fix: incorrect variables

* fix: more incorrect variables :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@QuantumExplorer QuantumExplorer QuantumExplorer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@shumkov @QuantumExplorer