1. 信息系统及安全对抗实验中心首页
  2. ISCC竞赛

ISCC2019线上赛特殊题 – 渗透物联网区块链(测试网)

Penetrate IoTeX Blockchain (Testnet)

背景(Background)

IoTeX于2017年开始我们的旅程,建立可信物联网,所有物理和虚拟“事物” – 人类,机器,企业和dApp–可以在全球范围内有效地交换信息和价值。 在过去两年中,我们从头开始构建IoTeX,致力于为区块链行业提供新的创新。 这体现在Mainnet Alpha中,它提供了最先进的Root Chain,将在其上启动新的第2层链,令牌,dApp和企业。

IoTeX Mainnet Alpha引入了Root Chain,它是未来第2层(L2)链和dApp的坚实基础。 作为所有L2链的管理者,Root Chain利用Roll-DPoS共识来保证安全性,可靠性和透明性。 根链提供P2P网络和共识资源,IoTeX网络中的所有L2链都利用这些资源。 Root Chain将允许开发人员像在云上的新实例一样启动自定义L2链! Root Chain也支持跨链通信,允许L2链进行互操作。

以下是有关IoTeX和MainNet Alpha的更多详细信息:
https://medium.com/@iotex/everything-you-need-to-know-about-iotex-mainnet-alpha-b8d790e0bd55.

IoTeX began our journey in 2017 to build the Internet of Trusted Things, where all physical and virtual “things” — humans, machines, businesses, and dApps — can efficiently exchange information and value at global scale. Throughout the past two years, we built IoTeX from scratch and devoted ourselves to delivering new innovations to the blockchain industry. This is manifested in Mainnet Alpha, which delivers a state-of-the-art Root Chain on which new Layer 2 chains, tokens, dApps, and businesses will be launched.

IoTeX Mainnet Alpha introduces the Root Chain, which is a robust foundation for future Layer 2 (L2) chains and dApps. As the manager of all L2 chains, the Root Chain utilizes Roll-DPoS consensus to guarantee security, reliability and transparency. The Root Chain provides P2P networking and consensus resources, which are leveraged by all L2 chains in the IoTeX Network. The Root Chain will allow developers to spin up custom L2 chains just as they would a new instance on Cloud! Cross-chain communication is also enabled by the Root Chain, which allows L2 chains to interoperate.

Here are more details about IoTeX and MainNet Alpha:
https://medium.com/@iotex/everything-you-need-to-know-about-iotex-mainnet-alpha-b8d790e0bd55.

挑战(challenges)

安全性和稳定性是我们的第一要务。 我们都知道没有技术是完美的,IoTeX认为与全球的研究人员,开发人员,工程师和技术人员合作对于确定我们正在建设的区块链基础设施的弱点至关重要。

Security and stableness is our №1 priority. We all know that no technology is perfect, and IoTeX believes that working with researchers, developers, engineers and technologists across the globe is crucial in identifying weaknesses in our blockchain infrastructure while we are building.

范围(Scope)

除了MainNet之外,IoTeX还有一个TestNet,其中部署了与MainNet几乎相同的区块链软件,并且它被用作协议和dapp开发人员的测试平台。 挑战是渗透TestNet。 人们可以尝试破解多个维度:

  • 1.攻击网络中的一个节点使其无法正常运行,例如崩溃,停止服务,被网络其他部分分区等。
  • 2.泛洪P2P网络具有大量流量,使得计算机资源(例如,带宽,CPU)从网络中的许多节点浪费或耗尽。
  • 3.攻击共识过程以影响共识可达性,从而阻止事务过程。
  • 4.从正在处理的周期或永久阻止某个事务。

参与者可以自由地提出其他类型的攻击,只要它可能导致网络中部分或全部节点的数据污染,性能降级或中断。

In addition to MainNet, IoTeX also has a TestNet where almost the same blockchain software as MainNet uses is deployed, and it is used as the testbed for the protocol and dapp developers. The challenges are to penetrate the TestNet. There are multiple dimensions people could try to hack:

  • 1. Attack one node in the network to make it be unable to function normally, such as crash,out of service, being partitioned by the rest of the network, etc.
  • 2. Flood P2P network with high volume traffic, so that the computer resources (e.g.,bandwidth, CPU) are wasted or exhausted from many of nodes in the network.
  • 3. Attack the consensus process to affect the consensus reachability, thus blocking transaction process.
  • 4. Prevent a certain transaction from being processed for a period or permanently.

Participants are free to come up with other kinds of attack, as long as it could result into data pollution, performance downgrade or outage for part of or all the nodes in the network.

提交报告(Reporting)

为证明攻击成功,请提交以下信息到邮箱iotex_iscc@163.com

  • 1.攻击类别
  • 2.目标
  • 3.重现步骤
  • 4.支持材料/参考,例如源代码,脚本
  • 5.修补建议
  • 6.您的姓名和国家/地区等,身份不明的提交者将无法获得奖励

To claim that the attack was successful, please submit the following information to iotex_iscc@163.com:

  • 1.Category of the attack
  • 2.Targets
  • 3.Steps to reproduce
  • 4.Supporting Material/References, e.g., source code, scripts
  • 5.Mitigate recommendation
  • 6.Your name and country, e.g., unidentified submitters will not be eligible for reward

奖励规则(Award rules)

对每个成功的exploit, IoTeX基金会拿出250美元奖励到每人/团队;对影响极大的expoit(比如双花) , IoTeX基金会拿出1000美元奖励到每人/团队

For every successful exploit, the IoTeX Foundation awards $250 to each person/team; for expoit (such as double spend), the IoTeX Foundation awards $1000 to each person/team.

更多信息(More Information)

原创文章,作者:BFS,如若转载,请注明出处:https://www.isclab.org.cn/2019/05/28/%e6%b8%97%e9%80%8f%e7%89%a9%e8%81%94%e7%bd%91%e5%8c%ba%e5%9d%97%e9%93%be%ef%bc%88%e6%b5%8b%e8%af%95%e7%bd%91%ef%bc%89penetrate-iotex-blockchain-testnet/