Holochain Forum

Thinking about attacks on HoloHost/HoloFuel

I was thinking about attacks on Holo Host, that aim to fraudulently generate holo fuel. Feel free to add your own imaginary attacks…

Can someone explain to me again, the validation rules of fuel transactions?

Say a transaction A to B.
If everyone is honest, the transaction is stored in its neighbourhood in the DHT, plus the updated headers are stored in the neighbourhoods of A and B respectively, correct?
From where to where are links added?
I would expect at least the following things to happen:
-A checks the integrity of B’s chain.
-A checks with B’s neighbourhood whether B’s header is up to date.
-B does the same for A.
-B additionally audits all transactions A received, checking whether they are stored correctly in their neighbourhoods.
-The neighbourhood of the transaction does the same as B.
-The neighbourhood of A checks the integrity of A, when it updates its header
-The neighbourhood of B checks the integrity of B, when it updates its header

What happens if some of the information cannot be found?
Especially in the audit step, say there is a past transaction C to A, that you do not find in the DHT. Who do you blame? :wink:

Especially in the audit step, say there is a past transaction C to A, that you do not find in the DHT.

If a previous transaction could not be found that means it didn’t exist or was invalid.

So it would never be the case that data can’t be found because if it’s not there it never happened.

Data is rejected if it breaks the validation rules.

thanks for picking that up :slight_smile:
In the devcamp we talked about, how get_entry is (only) relatively ok and get_links is pretty unsafe (cause it returns a set and the likelyhood of different validators getting different answers there is pretty high).

So what if
a) the data of the entry that was pushed to the DHT did not yet propagate to the nodes that you ask, cause you expect them to hold it?
b) the Nodes are currently all offline because the redundance factor was chosen too low
c) there was a network partition and the data was lost, or not yet repropagated properly, so that you do not find it in the fraction of the DHT that is available to you.

I see how all of these cases are not the norm, but would not they contradict the certainty of “not being found means not existing or being invalid”? And it can get problematic, if people create warrants cause of this?
(Furthermore, if the possibility exists, that you did not receive all the data and legitly create a warrant because of that, then people could just pretend not having received everything and cast an attack by excessive warrant placement. The plausible deniability of doing wrong is problematic…)