Logo

Core Chameleon: A plugin for ARK Core

Wed, May 13, 2020 10:49 PM | 0 Development - Software Submitted by Alessio DF
Estimated Work Hours
40
Funding
1000 USD
Status
Completed

This proposal is for the creation of an ARK Core plugin that will enable forging node operators to externally close their peer-to-peer port, which is vulnerable to denial-of-service and other attacks. It will also optionally hide the IP address of the node by routing all traffic via Tor, ensuring total anonymity which prevents the identification of the node or its hosting provider. It will achieve this while also ensuring that no features of ARK Core are compromised, which makes this plugin also useful for relay operators who are stuck behind a firewall or other configuration that means they cannot use the peer-to-peer port. It also has other benefits which transcend beyond security, such as being able to run multiple conflicting networks on the same server, as outlined in the cost-benefit analysis section below.

Prerequisites

Requirements

None

Cost-benefit analysis

The only cost is my development rate. Ordinarily this rate is $75/hour (which would be $3000 based on the number of hours needed for this plugin), but in recognition of the fact I have two delegates on the ARK Public Network for passive income, I am willing to significantly subsidise this by requesting $1000 only. For more information regarding why my delegates cannot cover the entire cost of development, please see the Miscellaneous section.

As for benefits, there are several:

1) It could optionally completely conceal the IP address of any node using the plugin, so they cannot be identified. The true IP would never be revealed to any other node, nor would it appear in peer lists. This means nodes could not be identified to be targeted in a cyber-attack against the ARK (or bridgechain) network, but potentially more importantly (and unrelated to security), node operators can enjoy peace of mind as they can be reassured that they would not be subjected to vexatious abuse complaints – with potential legal consequences – from their hosting providers.

2) It allows relay operators who are stuck behind a restrictive corporate firewall – such as some exchange nodes – to run a full node properly which is currently impossible with stock ARK Core. As it stands now, any node behind a corporate firewall or NAT cannot sync with the network in real time, nor can they receive transactions sent into the network from other nodes; instead they can only download new blocks every minute which means they continually fall out of sync and cannot be used for any time-critical purposes. This plugin would change that, as these nodes would instead look and feel like normal nodes, since they would immediately receive blocks as and when they are produced by delegates and would also process incoming transactions as they propagate across the network.

3) As things stand currently, each network powered by ARK Core uses a hardcoded port for peer-to-peer traffic which cannot be changed. For example the ARK Mainnet is 4001, ARK Devnet is 4002 and the Qredit Mainnet is 4101. All fine, because each port is different. But, for example, at the time of writing, the nOS Devnet also uses port 4002, which clashes with the ARK Devnet. This means that it is impossible for the same IP address to run a node for both ARK Devnet and the nOS Devnet at the same time, so an operator wanting to run both concurrently would need to use a separate IP address, which normally means paying for a second separate server. There could be other clashes too, especially if ARK Core gains popularity in future with numerous bridgechains as there are only a finite number of ports available. This plugin would eliminate this barrier, allowing the same server with the same IP address to run multiple clashing networks all at the same time, with no loss of functionality, even if they use the same peer-to-peer port. This has a potential cost saving for operators as they could run many networks on the same server, up to a theoretical maximum of over 65,000 networks per IP address.

Milestones

Design

It will be written in JavaScript (possibly ported to TypeScript later).

Testing

There will be extensive testing on ARK Devnet and nOS Devnet before general availability to make sure that everything works as expected and does not interfere with the correct operation of ARK Core.

Launch Plan

The plugin, when ready, will be available on the NPM registry for easy installation for any networks and bridgechains powered by ARK Core 2.6+.

Support & Maintenance

The plugin will be maintained and supported to ensure that it continues to work when ARK Core 3.0 is released. It will be open source on GitHub so anyone can contribute, and if any users have difficulties with it, they can contact me for assistance through Discord.

Additional Information

Community Feedback

I first mentioned this plugin in Slack and quite a lot of people showed an interest in it publicly and privately.

Miscellaneous

Although I run a couple of delegates on the ARK Public Network, they serve a specific purpose which do not cover funding to create this plugin. For instance, delegate fun’s exclusive remit is to launch games with a daily prize to encourage ARK adoption in a fun way. Delegate alessio’s purpose is to audit existing code in the stock ARK Core product to seek out vulnerabilities and report them to the ARK team for a resolution. While the latter delegate no longer engages in profit sharing, this was in response to unfavourable changes to the ARK.io security program which mean that I had to do that to recoup the losses arising from those changes, otherwise my entire auditing work would have had to stop – and even including irregular bounties, this still falls short of the salary of a professional penetration tester doing that type of work full time. It does not mean I have unlocked a fresh or new revenue stream that would otherwise permit me to engage in this development as part of that delegate.

I also acknowledge that some people might associate the alessio delegate with all aspects of security, but that is not true; the delegate proposal has a clearly defined scope which does not include writing new code, nor does it include adding new features to ARK Core or producing new software plugins, so it is not appropriate for the funding of this project (which is more than just security related) to be covered by my existing delegates’ revenue streams. That said, I am subsidising the cost of the plugin in part by drastically reducing the amount of funding that I am requesting from the ARK Community Fund versus my normal rate. I also hope that a product like this, with a serious and tangible use case for most node operators, could showcase the ACF and attract new serious development proposals from other developers going forward.

Votes

Approval

There have been 3 votes for approval by Espresso, Drakeler, kaos.
Espresso Thu, May 14, 2020 11:18 PM

Hi Alessio,


Thank you for submitting your proposal. Technically speaking, I have to say that I am very impressed. For me this is without any doubt an approval. I'm looking forward to test your plugin and feel free to reach out if I can be helpful in anyway with the development.


You are a well respected member of the ARK project and this for sure makes me believe that your plugin will be top notch quality. Thank you again for sharing your proposal with us!


Cheers,
espresso!


P.s. go Typescript! Or let me help you to refactor the module in TS :D

Drakeler Fri, May 15, 2020 6:44 PM

Looks very useful and very interesting for every delegate. Go for typescript!
I also know the projects you start are maintained, so you have my support in this.

kaos Sat, May 16, 2020 3:47 AM

A plugin that can bring more security and new features to the ARK ecosystem and its operators is a project that I am happy to see proposed here at ACF.
As for the necessary skills, you have demonstrated them several times with your work. I am pleased to see that you will ensure compatibility with ARK core 3.0 and that you will also provide user assistance.


Your proposal is approved. I am confident that the plugin will become available very soon.

Rejection

There have been no votes for rejection yet.

Leave a Comment

Comments

There are no comments. Be the first to leave a meaningful comment and everybody who comes to read it will see your take on the matter.