Recently I introduced in this and in this posts my new STEEM blockchain defender bot.
Here is a Development update for my following:
- I'm "nearly done" (have you ever heard a dev saying otherwise š š š š š š XD) with the development of the scanner bot's core features.
The Live scanner has now been running for about 3 days, scanning all new blocks published into the STEEM blockchain.
I tested the detection of leaked private keys end to end. The time elapsed between when the block containing a test account private posting key is published and my bot's detection is currently around 200 ms.
So far it detected one new private posting key leaked into the blockchain (I got a few false positives / duplicates before that).
I sent this key to @guiltyparties (as usual) but despite the fact that they have ~600 STEEM in their wallet I won't send this user a transfer memo as their reputation is-5and they are on a couple of big blacklists.
- The bot at the moment of writing also supports the recovery of leaked MASTER keys. Testing is in progress with test accounts so hold your horses, don't start putting in comments your master keys just yet! š
Resetting the master key revealed itself as a harder task than I anticipated due to a steem api method not working as I expected. I eventually figured out how to programmatically change all private keys reverse engineering https://steemitwallet.com (not the most readable code TBH but maybe it was intentionally so on their side.. š ).
I was then given a solution for the steem api method. It would lead to the use of much less and neater code so I'll give it a try soon.
At the moment I'm currently working on auto-transferring funds to the Wallet Savings when a leaked ACTIVE key is detected. (I'm dealing with some testing account creation issues first š)
I also have in the works the auto-publishing of a Post on the new bot's (@keys-defender??) blog every time a MASTER or ACTIVE key is detected.
After those, the next feature I will work on is auto-replying as soon as possible to the comment/post in which any private key was leaked.
In case the key is compromised in other operation types (eg. account_update), a transfer memo will be sent instead (max 1 a day per user in order to prevent abuse) or I will reply to their last post (or both, still have to decide).
Here is a (not too accurate) history of the activities performed for this bot development so far and some future plans:
Feasibility study (Sprint 0):
āļø Initial analysis (lots of reading and sketching)
āļø Proof of Concept (POC) development
Feasibility test with 1000 blocks to estimate how long it would take to scan the whole blockchain
Total mining time: 39 000 000 blocks / (60 * 60 * 24) days / 30 req per s = ~15 days.
āļø Further analysis, planning.
Development (Sprint 1):
āļø Split the load across multiple instances of the blockchain scanner
āļø Improved parallelism
āļø Improved unhappy paths handling
āļø Manual testing, bug fixes
āļø Refactoring, Unit Testing for basic coverage
āļø Stats collection (counters, blocks explored / h, avg time, ..)
āļø Added support for additional runtime parameters
Development (Sprint 2):
āļø Removed browser support
āļø Results storage and backup
āļø Refactoring, Unit Testing
āļø Bugs fixes: Eg. why can't detect key if given only 3 blocks. It was able to, it was just a race condition for the block counter telling me the key was in some other block id.
āļø End 2 end timer for private key detection
āļø Last block poller and integration with existing scanner
āļø Added retry mechanism for block failed reads
āļø Automatically reset master keys
Successful Releases:
āļø RELEASE 1: STEEM Blockchain history scanner - part 1
āļø RELEASE 1.1: history scanner - part 2 (remaining 30 million blocks)
āļø RELASE 2.0a: Live scanner for detection of all private keys + recovery of MASTER keys
- ...
BACKLOG:
[...] Automatically move funds to savings for Active keys
[...] Auto-publish disclosures posts
[] Auto-reply/transfers
[] Improve logging
[] Beta testing
[] Monitor dead accounts and burn their RC if abused - checked though daily scheduler
[] Auto-publish weekly report with live scanning stats
[] Re-execute partial scans for failed block reads during full chain scan
[] Investigate valid keys without author in old generated reports
[] Improve monitoring of the bot activities
[] AWS Lambda as sanity check publishing testing account private posting key daily. Email/SMS if fails.
[] Automated Unit and Integration Tests
[] Basic UI?
[] Charts about steem blockchain usage (re-using RabbitMQ charts)
[] Additional abuse checks: eg. savings withdrawal with same leaked active key, pending power down checks, ..
[] Additional wallet transfer as reminders?
[] ... lots more !!
Next Post Candidates:
- How many times in the STEEM blockchain history users accidentally leaked their keys and then reset them
(spoiler: many!!) - Testing results (with KPI metrics)
- Development update + # of new keys detected
That's all for today folks! Take care! Ā =]