|
Blockchain security and Corda Smart Contract-related Vulnerabilities
Matt Zand
Hi there, I am putting together a course for blockchain security. For the Smart Contract-related Vulnerabilities chapter, we covered Ethereum and Hyperledger, yet we have nothing on Corda. So I was hoping to get more info on it. For instance, some subtopics covered are as below:
Any help would be appreciated. -- Cheers, Matt Zand Cell: 202-420-9192 Work: 240-200-6131
|
|
|
|
|
|
Re: New PyCorda Ver. Released
very cool!
Looking forward to seeing where the project goes!
|
|
|
|
|
|
Re: New PyCorda Ver. Released
Jamiel Sheikh
Thank you for sharing, team and I will dig through it!
On Fri, Nov 27, 2020 at 6:56 AM jonathan.scialpi via groups.io <jonathan.scialpi=r3.com@groups.io> wrote:
--
Jamiel Sheikh CEO, Chainhaus 54 W 40th Street New York, NY 10018
|
|
|
|
|
|
Re: New PyCorda Ver. Released
jonathan.scialpi@...
Hi Jamiel,
|
|
|
|
|
|
Re: New PyCorda Ver. Released
Jamiel Sheikh
Fantastic, thanks Manos
On Wed, Nov 25, 2020 at 7:42 AM Manos Batsis <manosbatsis@...> wrote:
--
Jamiel Sheikh CEO, Chainhaus 54 W 40th Street New York, NY 10018
|
|
|
|
|
|
Re: New PyCorda Ver. Released
Manos Batsis
Hi Jamiel, Very interesting, thanks for sharing. We have a PoC using scikit-learn on state data, a colleague will get in touch. Kindest regards, Manos
On Wed, Nov 25, 2020 at 12:53 AM Jamiel Sheikh <jamiel@...> wrote:
|
|
|
|
|
|
New PyCorda Ver. Released
Jamiel Sheikh
Hi folks, I've released PyCorda .61 which is a Python framework for accessing Corda data. The framework is in a nebulous position somewhere between alpha and beta. I'm looking for [a] Anyone that would like to help on the project that has a Python and/or machine learning background [b] Anyone with additional ideas and suggestions to improve the framework - how can we do analytics better on DLTs? [c] Any specific production use cases this could be applied, i.e. if you're a business and would like to receive some free implementation hours on us
(i.e. we work for you for free)
to see how PyCorda may work for you, what we get in return is real-world experience The latest version overhauls some internals and addresses some bugs and we'll be adding machine learning stuff Q1 2021 You can access the PyCorda repo at http://PyCorda.com Jamiel Sheikh CEO, Chainhaus 54 W 40th Street New York, NY 10018
|
|
|
|
|
|
Have you already used DAML for Corda?
Alex Albano
Hi everyone,
How's your experience with DAML for Corda been so far? What have you built on it to date? Would you like to see DAML for Corda in action using
Chainstack?
Don't miss out on the opportunity to attend the very first demo tomorrow Tuesday 27 October at 10am EDT. It's free and it promises to be a
one-of-a-kind event. Leading the session:
Register here: https://www.eventbrite.sg/e/daml-for-corda-on-chainstack-simplifying-enterprise-blockchain-tickets-124527512141
Hope this is of genuine interest to you all! We will leave plenty of time of Q&A with the entire panel during and at the end of the session.
Best Wishes,
Alex
____
Alex Albano
Director of Sales and Marketing | Chainstack
chainstack.com | +65
8798 7457 | alex.albano@...
|
|
|
|
|
|
Re: RES: [corda-dev] #Corda Unable to process a transaction containing big amount of states due to exceeded message size limit
#Corda
oleksandra@...
On Fri, Oct 23, 2020 at 12:02 AM, GEORGE MARCEL MONTEIRO ARCURI SMETANA wrote:
are all these states and obligations from the same Parties in this big transaction? Hi George, thank you for your answer, yes all the states correspond to the same parties. That's just such a requirement of the use case, cover transactionally in one payment many obligations.
The default values are:
const val DEFAULT_MAX_MESSAGE_SIZE: Int = 10485760 // ~10mb
const val DEFAULT_MAX_TRANSACTION_SIZE: Int = 524288000 // ~50mb
I guess that's not recommended to increase these values, plus later it won't be a private network, but cordite. That's why in this topic I'm trying to find help to understand is it possible in Corda to divide data but still do it transactionally. Thanks, Alex
|
|
|
|
|
|
RES: [corda-dev] #Corda Unable to process a transaction containing big amount of states due to exceeded message size limit
#Corda
GEORGE MARCEL MONTEIRO ARCURI SMETANA
Hi, Oleksandra,
Hope you are doing fine? If you are the owner of the network, maybe you can raise the maxMessageSize and the maxTransactionSize network parameters:
https://docs.corda.net/docs/cenm/1.3/config-network-parameters.html
Anyway, are all these states and obligations from the same Parties in this big transaction? If they are not, you might be leaking some confidential information, since in order to validate the transaction, the receiving partner will have to check de dependency chain of thousands of states.
Best regards,
BANCO BRADESCO S.A. 4251 / Departamento de Pesquisa e Inovação Pesquisas Especiais George Marcel M. A. Smetana Tel.: 11 3684-8460, ramal: (2)48460 – Fax: 11 3684-8351 mailto: george.smetana@...
Attachments are limited to 2MB
De: corda-dev@groups.io <corda-dev@groups.io>
Em nome de oleksandra@...
Hi guys, Message exceeds maxMessageSize network parameter, maxMessageSize: [10485760] when the number of the states in one transaction is big. I understand that this is a logical/robust check on the ArtemisMQ side since as more bytes 1 message contains - more chances to fail during the network transmission.
I'll try to describe the details with code examples of the issue: Use case: we have the states which represents obligations (Obligation State), and the state that represents a payment. One payment state can cover multiple obligations and settle them. So the structure of the Payment is:
data class PaymentState( val paymentItems: List<PaymentItem>, override val linearId: UniqueIdentifier = UniqueIdentifier() ) : LinearState, QueryableState { ... }
data class PaymentItem( val id: UUID = UUID.randomUUID(), val obligationId: UUID, val amount: Amount ) // not a state just a child
data class ObligationState( val amount: Amount, // initial obligation amount val availableAmount, // initially = remaining/settled/paid amount, and will be reduced when be payed/settled override val linearId: UniqueIdentifier = UniqueIdentifier() ) : LinearState, QueryableState { ... }
The user1 creates 1000 obligations during the month (not a single operation) One corda transaction can be described like this: - Input State and Refs - 1000 obligation state&refs (prev versions) - Output States - 1000 obligation states with updated money (states that have to be updated), 1 Payment State (state that has to be created)
So the described example contains a lot of states in the same transaction which leads us to have a huge message to be sent to another party. And potentially have a situation when the message will exceed its limit (for example if the Payment was raised to cover more states ~1300 will exceed the limit).
So we've tried to think about diving this transaction into multiple small parts. But faced that if we do it separately it will lead to the situation when one of them possibly can fail, since the others were Finalized they can't be rollbacked, since it's no more than 1 transaction that can be rollbacked if smth happened.
Please find the code in the attachment PaymentCreateDemo.kts (not actual, simplified one, in order to reflect the work with states, flows, subflows). The first attempt of resolving msg limits error.
The dividing into pieces we've done in two approaches, firstly we've tried to update the ObligationStates chunked them by 500 in one tx (each tx processing in the subflow separately), and when all txs completed it's ready to create a PaymentState in another tx. This has two drawbacks, 1st it's no more than 1 transaction and the rollback of prev txs is impossible, the 2nd - PaymentState can have any number of PaymentItems and if it's approximately 86.000 it will exceed the limit of message size too.
The second approach was to have an additional state to aggregate the PaymentItems in groups. Each group has a max size=500 of items. So if it's 1000 items it will be divided into 2 groups for 1 payment. This resolved the issue of the second drawback described in a prev paragraph.
data class PaymentState( override val linearId: UniqueIdentifier = UniqueIdentifier(), val version: Int // no more contains items ) : LinearState, QueryableState { ... }
data class PaymentItemGroup( val paymentStateId: UUID, // check always the head state val paymentItems: List<PaymentItem>, override val linearId: UniqueIdentifier = UniqueIdentifier() ) : LinearState, QueryableState { ... }
I've attached schemas describing the sequential processing of the subflows and parallel one - to speed up the sharing process. But still, we have a situation when one of the transactions will fail and only part of the actual payment was reflected as paid/settled on obligations.
Thanks 
|
|
|
|
|
|
#Corda Unable to process a transaction containing big amount of states due to exceeded message size limit
#Corda
oleksandra@...
Hi guys,
we've faced an issue that during the CollectionSignatures and Finalization of the transaction the net.corda.nodeapi.internal.ArtemisUtils will throw an error: Message exceeds maxMessageSize network parameter, maxMessageSize: [10485760] when the number of the states in one transaction is big.
I understand that this is a logical/robust check on the ArtemisMQ side since as more bytes 1 message contains - more chances to fail during the network transmission.
The questions and details of this topic are more related to:
I'll try to describe the details with code examples of the issue:
Use case: we have the states which represents obligations (Obligation State), and the state that represents a payment. One payment state can cover multiple obligations and settle them. So the structure of the Payment is:
data class PaymentState(
val paymentItems: List<PaymentItem>,
override val linearId: UniqueIdentifier = UniqueIdentifier()
) : LinearState, QueryableState { ... }
data class PaymentItem(
val id: UUID = UUID.randomUUID(),
val obligationId: UUID,
val amount: Amount
) // not a state just a child
data class ObligationState(
val amount: Amount, // initial obligation amount
val availableAmount, // initially = remaining/settled/paid amount, and will be reduced when be payed/settled
override val linearId: UniqueIdentifier = UniqueIdentifier()
) : LinearState, QueryableState { ... }
The user1 creates 1000 obligations during the month (not a single operation)
The user2 pays for 1000 obligations and wants to do it in one transaction. One corda transaction can be described like this:
- Input State and Refs - 1000 obligation state&refs (prev versions)
- Output States - 1000 obligation states with updated money (states that have to be updated), 1 Payment State (state that has to be created)
So the described example contains a lot of states in the same transaction which leads us to have a huge message to be sent to another party. And potentially have a situation when the message will exceed its limit (for example if the Payment was raised to cover more states ~1300 will exceed the limit).
So we've tried to think about diving this transaction into multiple small parts. But faced that if we do it separately it will lead to the situation when one of them possibly can fail, since the others were Finalized they can't be rollbacked, since it's no more than 1 transaction that can be rollbacked if smth happened.
Please find the code in the attachment PaymentCreateDemo.kts (not actual, simplified one, in order to reflect the work with states, flows, subflows). The first attempt of resolving msg limits error.
The dividing into pieces we've done in two approaches, firstly we've tried to update the ObligationStates chunked them by 500 in one tx (each tx processing in the subflow separately), and when all txs completed it's ready to create a PaymentState in another tx. This has two drawbacks, 1st it's no more than 1 transaction and the rollback of prev txs is impossible, the 2nd - PaymentState can have any number of PaymentItems and if it's approximately 86.000 it will exceed the limit of message size too.
The second approach was to have an additional state to aggregate the PaymentItems in groups. Each group has a max size=500 of items. So if it's 1000 items it will be divided into 2 groups for 1 payment. This resolved the issue of the second drawback described in a prev paragraph.
data class PaymentState(
override val linearId: UniqueIdentifier = UniqueIdentifier(),
val version: Int
// no more contains items
) : LinearState, QueryableState { ... }
data class PaymentItemGroup(
val paymentStateId: UUID, // check always the head state
val paymentItems: List<PaymentItem>,
override val linearId: UniqueIdentifier = UniqueIdentifier()
) : LinearState, QueryableState { ... }
I've attached schemas describing the sequential processing of the subflows and parallel one - to speed up the sharing process.
But still, we have a situation when one of the transactions will fail and only part of the actual payment was reflected as paid/settled on obligations.
  Thanks
|
|
|
|
|
|
Re: Stateset: B2B Network for Digital Commerce
Manos Batsis
Congrats Dom, this looks very cool. Will have a look and try to provide more useful feedback. Thanks for sharing! Manos
On Wed, Oct 21, 2020 at 2:57 PM Dom Steil <dom@...> wrote: We have open-sourced a new CorDapp called Stateset!
|
|
|
|
|
|
Stateset: B2B Network for Digital Commerce
We have open-sourced a new CorDapp called Stateset!
https://github.com/stateset/stateset-network Stateset provides a consistent b2b workflow for sales and finance automation between organizations that use Shopify, WooCommerce, Salesforce and other digital commerce platforms. You can think of Stateset like a networked middle office platform built on Corda that enables organizations to manage the lifecycle of proposals, agreements, purchase orders and invoices between organisations. We look forward to adopting the latest Corda developments and welcome any feedback on how to improve the Stateset Network. Best, Dom
|
|
|
|
|
|
Re: Mastering Corda is now shipping
Great! Just got my Kindle version!
From: corda-dev@groups.io <corda-dev@groups.io>
On Behalf Of Jamiel Sheikh via groups.io
Sent: venerdì 16 ottobre 2020 20:40 To: corda-dev@groups.io Subject: [corda-dev] Mastering Corda is now shipping
Hi all,
Mastering Corda has been released and is available here on Amazon, here are some of the reviews:
David Rutter, CEO, R3: "An impressive study on how blockchain is supporting digital transformation across entire industries and why Corda is well placed to enable it. An invaluable resource for developers and the wider Corda community examining R3's platform: how it came to be, and where it is going."
Mike Hearn, R3: "Mastering Corda covers everything you need to know about Corda and its ecosystem, from the basics of programming it to the context in which CorDapps are deployed. The Corda API and concepts have been stable since the first release, so
the knowledge you'll gain from curling up with this book will last a long time" Keerthana Chandrashekar, Founder and CEO of Carbon Sphere, Blockchain, World Bank: "Jamiel distills his deep command of data science through clear and fluid prose, while keeping it relevant to the current problems that can be solved using decentralized systems. He successfully equips the reader with working knowledge of business systems, decentralized applications, and even the mechanics of leveraging data stored in Corda blocks, making this book an invaluable resource for any aspiring blockchain entrepreneur. " Shaul Kfir, CTO and Co-Founder, Digital Asset: "Jamiel's book should do a great service to businesses looking to adopt Distributed Ledger technology and deploy Corda in production. It promises to be an educational trove for developers writing interoperable CorDapps in DAML, Kotlin, and Java"
Clemens Wans, ConsenSys: "A thorough walk through of Corda and DLT components from concepts to code. It's an excellent companion to the already in depth online documentation while walking through a standard Java to do list cordapp example. Jamiel's structure of the book is another take of the 3 day corda developer training course with a number of tidbits that provide the proper context to the dev decisions. Highly recommended for beginners to intermediate who want to learn about the deliberate design decisions that went into the corda origin story"
Tom Menner, Solution Architect, SIX Digital: In Mastering Corda Jamiel Sheikh not only introduces the reader to Corda, the premier distributed ledger technology for the enterprise, but he also places it in context of the overall blockchain landscape and as it pertains to business use cases. This is an excellent primer for both the CTO who wants to understand how to use this technology and the developer writing their first Corda application. You’ll laugh, you’ll cry, you’ll never look at life the same way!
-- Jamiel Sheikh CEO, Chainhaus | Fidecent
|
|
|
|
|
|
Re: Mastering Corda is now shipping
Charles Monteiro
Congrats on its publication , just got my copy
On Oct 16, 2020, 2:39 PM -0400, Jamiel Sheikh <jamiel@...>, wrote:
|
|
|
|
|
|
Mastering Corda is now shipping
Jamiel Sheikh
Hi all, Mastering Corda has been released and is available here on Amazon, here are some of the reviews: David Rutter, CEO, R3: "An impressive study on how blockchain is supporting digital transformation across entire industries and why Corda is well placed to enable it. An invaluable resource for developers and the wider Corda community examining R3's platform: how it came to be, and where it is going." Mike Hearn, R3: "Mastering Corda covers everything you need to know about Corda and its ecosystem, from the basics of programming it to the context in which CorDapps are deployed. The Corda API and concepts have been stable since the first release, so the knowledge you'll gain from curling up with this book will last a long time" Keerthana Chandrashekar, Founder and CEO of Carbon Sphere, Blockchain, World Bank: "Jamiel distills his deep command of data science through clear and fluid prose, while keeping it relevant to the current problems that can be solved using decentralized systems. He successfully equips the reader with working knowledge of business systems, decentralized applications, and even the mechanics of leveraging data stored in Corda blocks, making this book an invaluable resource for any aspiring blockchain entrepreneur. " Shaul Kfir, CTO and Co-Founder, Digital Asset: "Jamiel's book should do a great service to businesses looking to adopt Distributed Ledger technology and deploy Corda in production. It promises to be an educational trove for developers writing interoperable CorDapps in DAML, Kotlin, and Java" Clemens Wans, ConsenSys: "A thorough walk through of Corda and DLT components from concepts to code. It's an excellent companion to the already in depth online documentation while walking through a standard Java to do list cordapp example. Jamiel's structure of the book is another take of the 3 day corda developer training course with a number of tidbits that provide the proper context to the dev decisions. Highly recommended for beginners to intermediate who want to learn about the deliberate design decisions that went into the corda origin story" Tom Menner, Solution Architect, SIX Digital: In Mastering Corda Jamiel Sheikh not only introduces the reader to Corda, the premier distributed ledger technology for the enterprise, but he also places it in context of the overall blockchain landscape and as it pertains to business use cases. This is an excellent primer for both the CTO who wants to understand how to use this technology and the developer writing their first Corda application. You’ll laugh, you’ll cry, you’ll never look at life the same way!  Jamiel Sheikh CEO, Chainhaus | Fidecent
|
|
|
|
|
|
Document signing with Corda
#Corda
Suhas Chatekar
We are creating a state to represent an agreed contract between two parties. There is certain information that goes in the state and used to initiate/execute flows at a later time. However, at the time of contracting, traditionally, the two parties would have signed a number of different paper contracts. We would like to retain some part of that but turn it into a digital experience. So we were thinking of uploading the contract text in a file as an attachment to one of the nodes and include the file as an attachment to the transaction that creates the state. Since the transactions are signed by both parties using their keys, can this ideally replace traditional digital signatures e.g. one offered by docusign?
|
|
|
|
|
|
Re: Can Corda do parallel transactions from the same node?
Dimos Raptis
Hi Avery,
Following on the conversation from earlier on, there are two main approaches to follow with different trade-offs:
Dimos
|
|
|
|
|
|
Re: Can Corda do parallel transactions from the same node?
Avery Starr
Further on this:
It’s ok we will have to do the deduction sequentially and we will have to do that no matter what.
Initial balance = 10,000, after initiating the giving process to give 10 to node1, balance =9,990 after initiating the giving process to give 10 to node 2, balance=9,9980
But the point is that we do not want to wait sequentially to receive the signoff from the receiving end. If node3 is down, only that 10 token transaction to node3 will be pending and we will have successful transactions for all other 999 receiving nodes.
From: avery.starr@... <avery.starr@...>
Sent: Friday, October 9, 2020 12:31 PM To: corda-dev@groups.io Subject: RE: [corda-dev] Can Corda do parallel transactions from the same node?
Stefano,
To answer your question specifically, we will need to invoke the same transaction function to move tokens from one node to multiple other nodes.
We did not use Token SDK. We implemented our own token definition (flows, states, contracts).
Thanks, Avery
From: corda-dev@groups.io <corda-dev@groups.io> On Behalf Of Stefano Franz via groups.io
Hi Avery,
Is your cordapp performing multiple "moves" in a single TX? If so, yes the transaction will be sent to the new owners sequentially.
If the move to new owner is done using an isolated TX, Corda will allow multiple flows to be inprogress at the same time, allowing much higher throughput.
Are you using the tokens sdk?
From: corda-dev@groups.io <corda-dev@groups.io> on behalf of Avery Starr via groups.io <avery.starr@...>
Hi
We encountered a problem where one node needs to transact to hundreds or thousands of nodes, for example, when the government node needs to send money to thousands of citizen nodes. Can we use any multi-threading to perform the transactions out from this same node?
We tried with multi-threading but we encountered double spend problem. We also tried sequential processing, but first of all it is very slow to process thousands of transactions one after another, and secondly, if there is one citizen node down or having any problem, all the nodes after this node will be pending forever.
Anyone has any good suggestions?
Thanks a lot!
Avery Starr | Managing Director 32 Broadway, Suite 1701, New York, NY 10004 Toll-Free: 1888-665-3066 Work: (914) 979-1888 | Cell: (914) 584-0979 | Fax: (914) 941-1315 avery.starr@... | www.seatig.com Important Notice to Recipients: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient(s) of this communication please contact the sender and delete all copies immediately. You are not authorized to copy, distribute, or otherwise use this message or its attachments. Seatig Inc. is a global IT services company. We help our clients to develop and maintain software applications. Seatig Inc. makes no warranty that this e-mail is error or virus free.
|
|
|
|
|
|
Re: Can Corda do parallel transactions from the same node?
Avery Starr
Stefano,
To answer your question specifically, we will need to invoke the same transaction function to move tokens from one node to multiple other nodes.
We did not use Token SDK. We implemented our own token definition (flows, states, contracts).
Thanks, Avery
From: corda-dev@groups.io <corda-dev@groups.io> On Behalf Of Stefano Franz via groups.io
Sent: Friday, October 9, 2020 3:39 AM To: Avery Starr via groups.io <avery.starr@...>; corda-dev@groups.io Subject: Re: [corda-dev] Can Corda do parallel transactions from the same node?
Hi Avery,
Is your cordapp performing multiple "moves" in a single TX? If so, yes the transaction will be sent to the new owners sequentially.
If the move to new owner is done using an isolated TX, Corda will allow multiple flows to be inprogress at the same time, allowing much higher throughput.
Are you using the tokens sdk?
From: corda-dev@groups.io <corda-dev@groups.io> on behalf of Avery Starr via groups.io <avery.starr@...>
Hi
We encountered a problem where one node needs to transact to hundreds or thousands of nodes, for example, when the government node needs to send money to thousands of citizen nodes. Can we use any multi-threading to perform the transactions out from this same node?
We tried with multi-threading but we encountered double spend problem. We also tried sequential processing, but first of all it is very slow to process thousands of transactions one after another, and secondly, if there is one citizen node down or having any problem, all the nodes after this node will be pending forever.
Anyone has any good suggestions?
Thanks a lot!
Avery Starr | Managing Director 32 Broadway, Suite 1701, New York, NY 10004 Toll-Free: 1888-665-3066 Work: (914) 979-1888 | Cell: (914) 584-0979 | Fax: (914) 941-1315 avery.starr@... | www.seatig.com Important Notice to Recipients: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient(s) of this communication please contact the sender and delete all copies immediately. You are not authorized to copy, distribute, or otherwise use this message or its attachments. Seatig Inc. is a global IT services company. We help our clients to develop and maintain software applications. Seatig Inc. makes no warranty that this e-mail is error or virus free.
|
|
|
|
