Reputation: 555
Expose securely your network to make possible anyone can hit your smart contract
Im implementing a ethereum PoA network using go-ethereum
I have deployed a ERC20 Token on the network, and the idea is that the network must be accessed from any wallet on the internet (i.e metamask, myetherwallet, etc)
The idea for this network is:
- Having N full nodes that are able to seal blocks (the nodes has the unlocked accounts)
- Deploy a smart contract that is a ERC20 Token
- Having one node that expose the network in order to be accessed from any origin, for example, Metamask, MyEtherWallet, a mobile app with a wallet, etc. The idea is that anybody can hit the ERC20 Token if they have the appropiate client.
In order to achive that, i create 2 full nodes that are in charge of sealing the blocks.
I run those nodes like this:
geth --datadir sealer1/ --syncmode 'full' --port 30351 --rpc --rpcaddr 'localhost' --rpcport 8502 --rpcapi='admin,personal,db,eth,net,web3,txpool,miner' --networkid 20 --gasprice '1' -unlock 'someaccount' --password s2/password.txt --mine
As you can see, there are some important things about those nodes:
- Unlocks the accounts
- Are only accessed from localhost (note the rpcaddres)
- Those nodes are miners
If i expose a node like that to the internet (enabling RPC access from any origin) any hacker could send the ether to another account, so, i create a third node, a standard node, that doesnt expose rpc apis but allows connections on port 8545 (in order to be hitted from metamask, myetherwallet, etc)
I run the node with this command:
geth --datadir standard1/ --syncmode 'full' --port 30352 --rpc --rpcport 8545--rpccorsdomain '*' --rpcaddr 'SERVER_PUBLIC_IP' --networkid 20 --gasprice '1'
as you can see this node:
- Doesnt unlock account
- Allow rpc accesing from any origin
- Doesnt expose rpc apis like personal, admin, etc
My questions are:
- is this aproach secure?
- Is there another way to allow anyone in the world to use Metamask to hit my smartcontract without open the RPC access on the standard node?
Why i have those questions?
Because there are a lot of places that doesnt recommend open RPC ports, so im not secure if:
- Dont have a node exposed with unlocked accounts
- Dont expose critical rpc apis like admin and personal
is enough to expose securely my node.
Here are some issues related with opening RPC access:
https://blog.blockdaemon.com/ethereum-geth-configuration-made-in-ireland-7ba2e876c6e3 https://www.reddit.com/r/ethereum/comments/4z0mvi/ethereum_nodes_with_insecure_rpc_settings_are/
https://www.reddit.com/r/ethereum/comments/3ird55/holy_shit_my_eth_accounts_been_hacked/
https://www.reddit.com/r/ethereum/comments/4jav5u/mist_wallet_has_2_sec_vulnerability_for_rpc/
https://blog.3or.de/internet-wide-ethereum-json-rpc-scans.html
https://www.bokconsulting.com.au/blog/7218-ethers-stolen-from-miner-with-rpc-port-open/
Here the team lead of ethereum recomendation:
Ok, your setup seems insanely dangerous. --rpcaddr=external_address essentially opens up the node to anyone in the world to access it. Forthermore, --rpcapi 'admin,personal,db,eth,net,web3,txpool,miner' permits anyone with access to do absolutely anything. I can imagine someone from the internet is brute forcing the passwords.
https://github.com/ethereum/go-ethereum/issues/17417#issuecomment-413877558
Upvotes: 2
Views: 471
Answers (1)
Reputation: 11834
is this approach secure?
You get the general idea, yes, but there is room for improvement.
- First of all, I would never run a node that enables the
personalAPI at the same time using-unlockwhich permanently makes the account accessible by anyone with access to your node. So imagine, someone has gained access to your node through some other doors, they would be able to immediately spend your funds from that account spawning transactions from localhost. Please, consider either only exposing safe APIs on that node or completely removing the unlock statement. - If you insist having the sealing nodes configurated as stated above, add some hardening. There are multiple options, you can use strong firewall rule sets to block basically everything from the outside network except for the node communications on port 30351. Or, what I would do, is hiding disconnecting this node completely from the public Internet and only wire through the p2p traffic from this node to some other proxy node which is connected to both, your node and the other nodes on the Internet. This could come with drawbacks in network stability though.
Is there another way to allow anyone in the world to use Metamask to hit my smartcontract without open the RPC access on the standard node?
Have you considered looking into public PoA networks such as poa.net? This basically allows your users to connect metamask or mycrypto to the already existing infrastructure of POA.
Upvotes: 1
Related Questions
- Is it secure to run public ethereum node?
- Secure way to host a minecraft server on dynamic ip
- Decentralized Application over NAT
- Secure MongoDB Over Public Internet
- Securing a MEAN/NodeJS App without view
- Protect outbound IP
- How can I protect my GO REST services in product environment?
- Restrict access to GO webservice to clients from local subnets
- Easy secure connection over unsafe network (both endpoints fully controlled)
- Is it possible to register a public server, and protect the orgin of the actual processing server?