near / nearcore

Reference client for NEAR Protocol

Home Page:https://near.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[stateless validation] red team - blue team exercise

wacban opened this issue · comments

Create a dedicated network running stateless validation and schedule a week long session where the red team tries to hack and break it while the blue team tries to defend it.

The goals of this exercise are to find and later fix any vulnerabilites and bugs in stateless validation (red team) and to test detection and prevention systems (blue team). This can be considered a gamified internal security audit that gives developers the time and incentives to focus on the security aspects of the system.

This is similar to the drill we had... last year? Two years ago?

I definitely think it's a good idea to have these with some regularity, the main questions being:

  • are we actually ready enough for it to have meaning?
  • do we have enough time on hand for this to make sense? (At least the red team will need to prepare before the drill, to have some attack ideas ready at least)

are we actually ready enough for it to have meaning?

Currently no, I created the issue in advance just to keep track of it. It's something that I'd love to see before mainnet release.

do we have enough time on hand for this to make sense?

That is yet to be seen :) Personally I think it's worth it both for the security insights and for the fun of it.