Transaction load generation client #750
Comments
|
I think this is a GREAT idea. Could some of the code we use for test transaction generation be repurposed for the attack client? This is also a good project we could get third party developers to help with! |
Yes, this is an ideal case for third-party work as we'd prefer someone look for the best way to attack the code from an outside perspective. |
jackzampolin
changed the title
|
I think @thanethomson is working on something like this for tendermint. Maybe the work would be generalizable for the SDK? |
|
Yeah! I've been working on a distributed load testing tool called tm-load-test. The idea's that one would eventually be able to write a relatively generic load testing client, define some configuration, and work out one's deployment strategy and then have the load testing framework manage the interaction between clients and nodes. I'd consider it alpha-quality software right now, but I'm actively working on it. More eyes on it would also help make it better 😁 |
|
@thanethomson Do you think you could implement the SDK state machine as well as just the KV store one? That would be huge! |
If I've got time in the coming week or two I can look into it and see what it'll take to build one for the SDK 👍 |
jackzampolin
added
T: Performance
An underappreciated requirement of peer-to-peer blockchain client implementations is high resistance to DoS attacks. These are not exploits targeting the consensus ruleset, just malicious nodes spamming expensive-to-reject transactions to slow other clients down, and possibly to attempt network partition attacks (which may be of particular concern due to Tendermint's requirement of a 2/3 stake-weighted quorum for liveness). See e.g. this Bitcoin wiki page for a list of the DoS mitigation techniques used by Bitcoin Core.
Any user of the Cosmos SDK will need to ensure that their application does not perform expensive transaction validations that can be repeatedly invoked by another node. The SDK will need to work in cooperation with Tendermint to detect peers spamming invalid transactions (which may or may not be intentional - could be an automated script gone awry) and ban them after appropriate thresholds.
One way to make this an easier property for SDK users to ensure would be to implement a simple "attack client" - a Cosmos SDK application with methods to construct and repeatedly send transactions, which SDK users can fork, add details for their application's additional transaction types, then use to simulate a malicious node and ensure their application handles the attacks gracefully.
The text was updated successfully, but these errors were encountered: