Victor Ugochukwu · Dec 14, 2020 . 5min read
A Medium post suggests Filecoin Network is vulnerable
The post claims Filecoin blockchain design did not follow the usual P2P communication of nodes in a blockchain network hence putting nodes at risk as well as the entire network
By Victor Ugochukwu · Aug 26, 2020 . 5min read
Medium post by a Chinese fellow with the name Song Jiang suggests decentralized storage Filecoin network may be vulnerable.
The post with the title “Why the Filecoin network is vulnerable” was published on August 25 and basically has the TL;DR
I didn’t do the attack, since attack on the first day is not profitable. But I know what happened
Whatever that means, Song Jiang goes to further to explain his assertions in the post. Song goes forward to explain the root design of any blockchain network.
According to the post, proper decentralized network design has nodes sending and receiving messages through a P2P. And nodes do this without revealing their real network addresses. This firmly ensures that the safety and privacy of participating nodes are intact.
However, Song Jiang says Filecoin network didn’t follow this path hence nodes, and the entire network may be vulnerable to attack. Song says The Filecoin and its Market did not follow this principle. According to Song,
All miners must make their addresses public, and the Distributed Hash Table is used to make the address easy to search.
This method dramatically reduces the difficulty of attacking a node. The IP, port, and even geographic location of each miner are easy to locate. So the entire network is very insecure.
Recommendations for Filecoin network to make it less vulnerable
Song Jiang after spotting and explaining the root vulnerability went further to offer suggestions to remove this vulnerability constructively. His recommendations are thus:
- nodes/validators should communicate on-chain but have their addresses encrypted
- Nodes should stop making deals using a Client-Server route. Instead, everything should also be done on-chain
- The system should use the variability or randomness of the blockchain to assign deals to miners randomly. This helps to make it difficult for miners to collude with themselves by sending deals back and forth.
It remains whether Filecoin would give attention to Song Jiang’s finding and possibly issue a statement on his claims.