Skip to content

initc3/SecretNetwork-Sandbox

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SGXonerated Artifacts for Secret Network Attacks

PoPETS 2024 Artifacts Submission for SGX

Prerequisites

These prerequisites assume a linux operating system and have been tested on Ubuntu 22.04.

Get the code

Clone the repository, making sure you fetch the submodules, e.g.:

git clone --recurse-submodules https://github.com/initc3/sgxonerated-secretnetwork.git

If you are missing the submodules after having cloned, run:

git submodule update --init --recursive --remote

Install Docker

Docker Engine: https://docs.docker.com/engine/install/

The Attacks

MEV Sandwich Attack

Go into the hacking directory:

cd hacking/

Setup and start the local network with:

./scripts/start_node.sh
What does the above command do? 1) Start a validator node (node-1) and a non-validator node (node-2)
  1. Store and instantiate demo contracts and set up the initial states. The pool sizes are 1000 for token_a and 2000 for token_b. The victim and adversary account in the toy-swap contract each have a balance of 100 token_a and token_b.

  2. Shut down node-1 to launch the attack in simulation mode without broadcasting any transactions to the network.

Launch the sandwich attack

make sandwich-attack
What does the above command do? The above command simulates an adversary executing the following steps:
  1. Generate a victim swap transaction to swap 10 token_a for at least 20 token_b.

  2. Find a front-run transaction by bisection search that, when executed before the victim's transaction, won't fail the victim's transaction. The front-run transaction found swaps 20 token_a with a slippage limit of 0, resulting in obtaining 40 token_b.

  3. After the victim's transaction, the adversary executes a back-run transaction to sell the 40 token_b, increasing their balance of token_a by 1 and maintaining their balance of token_b.

Receiver Privacy Breaking


Secret Network

Secret Network offers scalable permissionless smart contracts with a private by default design— bringing novel use cases to blockchain not feasible on public systems. Secret Network enables users to take back ownership over their private (financial) information and for them to share this information with whom they trust. Secret Network was the first protocol to provide private smart contracts on mainnet, live since September 2020. Secret Network is Built with the Cosmos Software Development Kit (SDK) bringing Interoperable privacy to the entire Cosmos ecosystem. Secret Network uses a combination of the Intel SGX (Software Guard Extension) Trusted Execution Environment technology, several encryption schemes and key management to bring privacy by default to blockchain users. Secret Contracts are an implementation of the Rust based smart contract compiling toolkit CosmWasm, adding private metadata possibilities. Secret Network is powered by the Native public coin SCRT which is used for fees, Proof Of Stake security and Governance. With more than 20+ Dapps, 100+ full time builders and a strong grassroots community Secret Network aims to bring privacy to the masses.

Setting up Environment

Prebuilt Environment

Gitpod

Click the button below to start a new development environment:

Open in Gitpod

VSCode Docker Environment

  1. Install extension

  2. Clone this repository into a new dev container

Docker Dev Environments

  1. From Docker Desktop, create a new Dev Environment from the prebuilt image - ghcr.io/scrtlabs/secretnetwork-dev:latest
  2. Connect with VSCode, or use the container directly
  3. Make sure the code is updated by using get fetch and git pull

Manual Set up

Install prerequisite packages

apt-get install -y --no-install-recommends g++ libtool autoconf clang

Clone Repo

Clone this repo to your favorite working directory

Install Rust

Install rust from https://rustup.rs/.

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Then, add the rust-src component. This will also install the version of rust that is defined by the workspace (in rust-toolchain) -

rustup component add rust-src

To run tests you'll need to add the wasm32 target -

rustup target add wasm32-unknown-unknown

Install Go (v1.18+)

Install go from https://go.dev/doc/install

Install gobindata

sudo apt install go-bindata

Install SGX

To compile the code and run tests, you'll need to install the SGX SDK and PSW. To run in simulation (or software) modes of SGX you do not need to install the SGX driver. For a simple install, run the install-sgx.sh script in the following way:

chmod +x ./scripts/install-sgx.sh
sudo ./scripts/install-sgx.sh true true true false

Note: If you are using WSL you'll need to use the 5.15 kernel which you can find how to do here, otherwise you'll have to run anything SGX related only in docker

Install Xargo

We need a very specific version of xargo for everything to compile happily together

cargo install xargo --version 0.3.25

Build from Source

Use make build-linux to build the entire codebase. This will build both the Rust (enclave & contract engine) and the Go (blockchain) code.

To build just the rust code, you can use make build-linux, while to build just the Go code, there is the aptly named make build_local_no_rust.

Tip:

For a production build the enclave must be copied from the most recent release. 

This is due to non-reproducible builds, and the fact that enclaves must be signed with a specific key to be accepted on mainnet. 

Still, the non-enclave code can be modified and ran on mainnet as long as there are no consensus-breaking changes

Running Something

Run tests

To build run all tests, use make go-tests

Start local network

Run ./scripts/start-node.sh

Documentation

For the latest documentation, check out https://docs.scrt.network

Community

License

SecretNetwork is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. The GNU Affero General Public License is based on the GNU GPL, but has an additional term to allow users who interact with the licensed software over a network to receive the source for that program.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •