8000 Problem: keyring-backend `test` leading to accounts to be drained when 8545 exposed public · Issue #1657 · evmos/evmos · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Problem: keyring-backend test leading to accounts to be drained when 8545 exposed public #1657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
8000
VictorTrustyDev opened this issue Jul 17, 2023 · 8 comments · Fixed by #2375
Closed

Problem: keyring-backend test leading to accounts to be drained when 8545 exposed public #1657

VictorTrustyDev opened this issue Jul 17, 2023 · 8 comments · Fixed by #2375
Labels
feature request Add functionality to the code good first issue Good for newcomers Status: Stale

Comments

@VictorTrustyDev
Copy link
Contributor
VictorTrustyDev commented Jul 17, 2023
edited by 0xstepit
Loading

Context

https://github.com/evmos/evmos/blob/main/rpc/backend/sign_tx.go L26:29

It is implementation of eth_sendTransaction

With keyring-backend test, which is not protected by password, everyone able to drain all balance of all accounts managed under keyring-backend test of the node just by sending a transfer command like this:

await web3.eth.sendTransaction({
        from: validator,
        gasPrice: "20000000000",
        gas: "21000",
        to: drainer,
        value: "100000000000000000",
        data: ""
});

And list of accounts managed by node can be retrievable by calling: eth_accounts

Fact is I got drained 10+ times but I didn't mind about that because most of the time I just set it up testing smt and eraser so got drained is not any problem.

10/10 times I got drained by this wallet 0x071aad74a52f76aec4a4b4fecfc910dbc8fe03f4 (it is well-known)

In this github ticket I see they mentioned about the allow-insecure-unlock flag (which I believe not exists in current implementation of evmos/ethermint).

So why don't we implement that flag?
So balance of test chains still safe unless that flag --allow-insecure-unlock supplied within start command.
With --allow-insecure-unlock supplied, the un-safe methods like that can be accessible.
@VictorTrustyDev
Copy link
Contributor Author

Referral ticket from geth repo
ethereum/go-ethereum#17013
ethereum/go-ethereum#17023
➡➡ https://github.com/ethereum/go-ethereum/pull/17037/files

@github-actions
Copy link
github-actions bot commented Sep 1, 2023

This issue is stale because it has been open 45 days with no activity. Remove Status: Stale label or comment or this will be closed in 7 days.

@github-actions
Copy link

This issue is stale because it has been open 45 days with no activity. Remove Status: Stale label or comment or this will be closed in 7 days.

@github-actions GitHub Actions
Copy link
github-actions bot commented Dec 3, 2023

This issue is stale because it has been open 45 days with no activity. Remove Status: Stale label or comment or this will be closed in 7 days.

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 45 days with no activity. Remove Status: Stale label or comment or this will be closed in 7 days.

@linear Linear
Copy link
linear bot commented Jan 23, 2024

ENG-2477 Problem: keyring-backend test leading to accounts to be drained when 8545 exposed public

@ramacarlucho ramacarlucho added good first issue Good for newcomers feature request Add functionality to the code labels Jan 24, 2024
@ramacarlucho
Copy link
Contributor

This is a valid feature request. But currently we cannot add it to our priority development queue.
Any external contributors feel free to tackle this one.

This was referenced Feb 23, 2024
Closed
Merged
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 45 days with no activity. Remove Status: Stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 20, 2024
@mergify mergify bot mentioned this issue May 27, 2024
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request Add functionality to the code good first issue Good for newcomers Status: Stale
Projects
None yet
Milestone
No milestone
2 participants
@ramacarlucho @VictorTrustyDev
0