Attacks
Attack: Bust captcha by sending nonexistent datapoint answers if communicating directly with recording oracle.
Mitigation: Recording oracle checks existence of job ID on blockchain, datapoint signature validates for job ID. MVP Mitigation: Recording oracle checks existence of datapoint in cached job ID dataset manifest. Attack: Nuke mining server reputation by providing wrong answers. Mitigation: Client reputation score used to limit effect of bots.
MVP Mitigation: Mix-in standard CAPTCHA scoring to screen for bots.
Attack: Fabricate garbage captcha requests/answers. Mitigation: Reputation oracle runs periodic validation on results, sends mining server reputation to zero if accuracy threshold is not met. Mining server payout is a function of volume and score.
MVP Mitigation: Blacklist or whitelist of mining servers checked by exchange. Recording oracle can submit provisional entries to blacklist during job for obvious abusers.
Attack: Steal HMTs by mining only known validation set answers. Mitigation: Only reputation oracle can read validation set answers.
MVP Mitigation: Exchanges have high trust, are whitelisted.
Attack: Steal mining server HMTs by forging recording oracle, proxy mining client answers. Mitigation: Recording oracle address is signed by requester, mining client checks signature. Recording oracle address may also be hashed into individual URLs of dataset.
MVP Mitigation: Exchanges have high trust, are whitelisted.
Attack: Nuke mining server reputation by fabricating garbage requests/answers. Mitigation: This one is a bit tricky without letting the mining server sign answers. Recording oracle sees refer headers, but those can easily be forged.
MVP Mitigation: Exchanges have high trust, are whitelisted.
Attack: upload validation set guaranteed to be wrong to avoid paying full fee. Mitigation: charge a fee for all requests high enough to discourage this, do not release results from recording oracle if accuracy target not met.
MVP Mitigation: pay-as-you-go streaming is not vulnerable to this attack.
Attack: upload dataset with some percentage of pornographic images marked as safe. Mitigation: reputation agent runs images through IM’s existing adult content detectors before signing job.
Attack: attempt to use control of plaintext to break keys of reputation agent (partial but not full control over signing of arbitrary plaintext), recording oracle (partial control over encryption of arbitrary plaintext), or reputation oracle (partial control over encryption of arbitrary plaintext).
Mitigation: generate, publish secondary keys for encryption to avoid any key reuse, use strong signing algorithms.
Attack: hack reputation oracle, steal keys, declare jobs in progress complete and transfer tokens from smart bounty.
Mitigation: reputation oracle is strongly isolated, has minimal attack surface. Additional mitigations private.
Attack: hack reputation oracle, steal keys, transfer sweeps funds to attacker.
Mitigation: reputation oracle is strongly isolated, has minimal attack surface. Distribution occurs frequently to minimize size of sweeps, job earnings verification data is stored on blockchain for real-time analysis and anomaly detection. Additional mitigations private.
Last modified 4mo ago