The Two Sides of the Private Tx Service (on Binance Smart Chain)

Background of the private tx service

Private tx has been abused by attackers

  • According to BNB48’s doc, to use the enhanced RPC, the transaction sender needs to set the gas privce to 15Gwei. Of course, there still exists a minor chance that the attacker did not use the BNB48 private tx service but happened to use a normal RPC endpoint for the transaction and set the gas price to 15Gwei.
  • Besides, the attacker’s contract has a code to limit that the attack transaction can only be executed on BNB48 validator (See the following figure).

The attacker’s IP has been revealed

Security/privacy concerns of private tx service

  • How to prevent the private tx service from being abused by attackers is an open question. Whether a filtering service is needed in the private tx service is (still) debatable in the community. We are currently developing a system that can help the private tx service provider to monitor the attack service (awareness of the attack is valuable.)
  • How to protect the privacy of the users who leverage the private tx service? For instance, the endpoint which accepts the private tx can log the sender’s information, such as the IP address and the time. Whether this information is in good protection is unknown.

About BlockSec

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

The BlockSec Team focuses on the security of the blockchain ecosystem and the research of crypto hack monitoring and blocking, smart contract auditing.