Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Label sync issues #176

Open
PiRK opened this issue Jan 3, 2022 · 1 comment
Open

Label sync issues #176

PiRK opened this issue Jan 3, 2022 · 1 comment

Comments

@PiRK
Copy link
Collaborator

PiRK commented Jan 3, 2022

#166 is an attempt to re-enable the LabelSync plugin that has been disabled ever since the fork from Electron Cash.
This is a very requested feature, but it's current design has some major flaws.

To summarize the way the plugin works, there is a server running that stores the encrypted labels in a database. A wallet is identified by a hash of it's master public key. Encrypted labels associated with a given wallet are indexed by their encrypted txid. The servers also stores a nonce for each label. This helps the client figure out if his version of a label is outdated. The server and the client store the highest nonce as a "wallet nonce", which is used to determine whether the wallet needs to be synced and which of the client or server is most up to date.

There are 3 basic things the servers does:

  • register a new label or update an existing label
    Client plugin:

          bundle = {"walletId": wallet_id,
                    "walletNonce": nonce,
                    "externalId": self.encode(wallet, item),
                    "encryptedLabel": self.encode(wallet, label if label else '')}
          self.do_request("POST", "/label", False, bundle, True)
          # Caller will write the wallet
          self.set_nonce(wallet, nonce + 1)
    

    Server: https://github.com/maran/electrum-sync-server/blob/master/sync_master.go#L56

  • register multiple new labels (initial upload)
    Client:

          bundle = {"labels": [],
                    "walletId": wallet_id,
                    "walletNonce": self.get_nonce(wallet)}
          for key, value in wallet.labels.items():
              try:
                  encoded_key = self.encode(wallet, key)
                  encoded_value = self.encode(wallet, value)
              except:
                  self.print_error('cannot encode', repr(key), repr(value))
                  continue
              bundle["labels"].append({'encryptedLabel': encoded_value,
                                       'externalId': encoded_key})
    
          self.do_request("POST", "/labels", True, bundle)
    

    Server: https://github.com/maran/electrum-sync-server/blob/master/sync_master.go#L75

  • serve all labels for a wallet since a nonce (used for sync or initial download):

    Client:

    response = self.do_request("GET", ("/labels/since/%d/for/%s" % (nonce, wallet_id)))
    

    Server: https://github.com/maran/electrum-sync-server/blob/master/sync_master.go#L116

This design has the benefit of offering privacy. The xpub is hashed. The txid and label are encrypted.
The drawback is that the server cannot determine whether the data is a genuine txid and label. It could be random spam filling up progressively the disk space. As far as I can tell, there is not DoS mitigation at all in the server code. It seems to only have some timeout preventing downloading or uploading too much data by a client. I can't find this timeout anywhere in the code, so I'm assuming it is the default for whatever framework the server uses.

BCH and eCash users run into timeout, when attempting to synchronize large wallets with a lot of labels.
One of the issue that has been identified is that uploading multiple labels causes multiple database accesses: maran/electrum-sync-server#3

Improvement ideas:

  • optimize the server to batch database updates for force upload0
  • implement spam mitigation on the server side to avoid disk overflow attacks
  • don't hardcode a default sync server, let the user specify a server url
  • figure out an economic incentive model for running a sync server, and/or update the plugin and server to support user registration; a user would need to register their wallet id (hash of the xpub) and specify a password for it. Requests for unregistered wallets could simply be ignored by the server.
@PiRK
Copy link
Collaborator Author

PiRK commented May 12, 2023

There are users interested in the feature, but no one seems to be able to come up with a scalable solution, and cloud storage solutions are not easy for users to enable (need to jump through hoops for an API key)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants
@PiRK and others