Title : Relay Nodes Stats and Analysis
Following this post : https://www.reddit.com/r/AlgorandOfficial/comments/s73woc/there_are_only_120_relay_nodes_arent_we_vulnerable/
I figured I'd take a look at how feasible it'd be to attack Algorand's relay nodes. This is all done as an analysis and I will never actually attempt anything like this. Sending a bunch of valid transactions to the "test network" to test congestion is one thing, but DDOSing is completely illegal and is a considered by most a dick move.
Let's start by getting a list of Algorand's relay nodes, with the "dig" command.
dig _algobootstrap._tcp.mainnet.algorand.network SRV +short | awk '{print $4}' > list.txt while IFS= read -r line; do dig $line >> results.txt done < list.txt These are the 106 relay nodes I found on mainnet with some stats. So a bit lower than the 120 from the November 2021 faq answer (https://algorand.foundation/faq Question 22), kinda weird and I'd love an answer about this from the foundation. It might also be a mistake in the way I gathered the info.
Institutions/locations :
51 in AWS Datacenters
14 in Google Datacenters
8 in Universities
2 in DigitalOcean Datacenters
1 at Oracle Corporation for some reason.
1 in a Microsoft Datacenter
29 other/unknown
Countries :
33 United States
13 Ireland
13 Japan
11 Singapore
8 Canada
6 Germany
5 Netherlands
3 India
3 China
2 South Africa
2 Italy
1 Australia
1 Ukraine
1 Brazil
1 Belgium
1 Israel
1 Bulgaria
1 UK
So to cripple Algorand's network, we'd need to attack a place with few relay nodes and which is pretty isolated. Australia would seem like a good choice, there are only a few underwater cables coming out of the continent. (https://www.submarinecablemap.com/)
So let's assume we can cut off Australia's internet access to the world, what would happen? The 1 relay node would go in "Partition Recovery Mode" until it hears from other nodes in the network and all transactions coming from Australia would fail. Most importantly, the network would keep working for the rest of the world and it wouldn't fork because of double spend or block resolution. If we were to create the same scenario with bitcoin or ethereum, there would be 2 versions of the blockchains running in parallel. One in Australia, and one in the rest of the world and the community would need to come to a conscensus as to which one is the main one after the event. Or in this case, most likely the 5 big pools, showing centralization. Let's ignore whatever transactions Australia made and keep going on our side, which would most likely fork into bitcoin-aus or something like that, not a good system.
Let's assume something easier than blocking a whole continent's internet. Let's attack and shut off the relay node? Transactions from Australia will simply need to get to another Relay Node, I'd assume Singapore, and Australia's transactions would be slightly slower on the network by a few milliseconds. So nothing much really... To really throw down Algorand's network, we'd need a basically total world internet blackout, in which case Algorand's existence would be pretty damn far down the list of important things to get back up in terms of infrastructure.
Let's also not forget that we have a lot of different setups. Google Datacenters, AWS datacenters, Universities, a bunch of third party datacenters. Even if something was to throw AWS completely down all over the world, which isn't impossible but would be a huge feat in itself, Algorand would survive through the other 55 relay nodes, albeit maybe a bit slower for parts of the world. But most importantly, slower doesn't mean broken.
And then there's the actual centralized part of the relay nodes, the fact that they are curated by the foundation. What would happen if this list was corrupted by a bad actor and started pointing to rogue relay nodes relaying wrong information? Nothing. These messages would be ignored by the other relay nodes and by the protocol because they're invalid.
Alright, so what happens if we corrupt all relay nodes but one? Well they'll transmit messages but they'd be wrong so the only actual relay node would start to receive all traffic. Although it's most likely it'd go in partition recovery mode until we could bootstrap a bunch of legitimate relay nodes.
What happens if all relay nodes are rogue. The protocol stops since no valid transactions are being sent. This is an intersting idea though, does the protocol keep going at 0 tx per block or does it completely stop, I don't know. Because relay nodes are basically transaction aggregator, they gather all the transactions in the area and send them to the network. If transactions are invalid, the network will refuse them. I'm guessing the blockchain would stop, but I'm not quite sure. Quoting the FAQ here, but it doesn't exactly explain how : "the security of the protocol holds even if all the relays behave in a malicious way. As long as sufficiently many participation nodes (in terms of stake) are behaving honestly, the blockchain cannot fork"
Another scenario. Let's assuming Algorand calls it a day, they say "Oh well, we're done. It was a mistake" which is highly unlikely, but let's imagine this. Not a lot of people know this, but when setting up a node we can manually add relay nodes, so the community could simply continue without the foundation. https://developer.algorand.org/docs/run-a-node/reference/artifacts/#phonebookjson "You can create a relay node that is not in a SRV record." We could start up relay nodes by ourselves and keep going forward, or create our own SRV record. And don't forget Algorand's blockchain is open source, so we could start our own Algorand, with blackjack and hookers. There's also a model coming for relay nodes to become permisionless, meaning the current infrastructure we have of permissioned relay nodes only exists to bootstrap the network and show how great it is.
TLDR: It's almost impossible to attack all relay nodes on Algorand's blockchain, and even if miraculously you could, it'd only stop the protocol, not break it. GG I guess.
Raw Results for anybody who wants them.
| DNS name | IP | Country | Institution |
|---|---|---|---|
| r-i0.algorand-mainnet.network. | 31.13.239.148 | Bulgaria Sofiya | Unknown |
| r-k4.algorand-mainnet.network. | 46.37.7.68 | Italy Santa Mama | Unknown |
| r-md.algorand-mainnet.network. | 35.198.176.23 | Germany Frankfurt | Unknown. Google Datacenter |
| r-ru.algorand-mainnet.network. | 54.238.236.91 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-au.algorand-mainnet.network. | 128.31.0.83 | United States, Boston | Massachusetts Institute Of Technology |
| r-ce.algorand-mainnet.network. | 18.139.114.21 | Singapore | Unknown, AWS Datacenter |
| r-po.algorand-mainnet.network. | 18.223.196.121 | United States, Columbus | Unknown, AWS Datacenter |
| r-si.algorand-mainnet.network. | 54.248.214.78 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-cs.algorand-mainnet.network. | 35.197.74.241 | United States, Dallas | Unknown, Google Datacenter |
| r-es.algorand-mainnet.network. | 13.245.130.220 | South Africa, Cape Town | Unknown, AWS Datacenter |
| r-es.algorand-mainnet.network. | 13.244.181.191 | South Africa, Cape Town | Unknown, AWS Datacenter |
| r-f1.algorand-mainnet.network. | 31.129.255.7 | Ukraine | Unknown |
| r7.algorand-mainnet.network. | 104.16.241.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r7.algorand-mainnet.network. | 104.16.220.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r-co.algorand-mainnet.network. | 18.139.92.5 | Singapore | Unknown, AWS Datacenter |
| r-v2.algorand-mainnet.network. | 150.230.27.14 | United States, Redwood City | Oracle Corporation |
| r-ca.algorand-mainnet.network. | 35.204.11.183 | Netherlands, Groningen | Unknown, Google Datacenter |
| r-db.algorand-mainnet.network. | 34.95.43.252 | Canada, Montreal | Unknown, Google Datacenter |
| r-v5.algorand-mainnet.network. | 139.59.78.227 | India, Bengaluru | Unknown, Digital Ocean Datacenter |
| r-he.algorand-mainnet.network. | 13.211.197.107 | Australia, Sydney | Unknown, AWS Datacenter |
| r-pd.algorand-mainnet.network. | 34.245.75.86 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-cf.algorand-mainnet.network. | 3.209.114.160 | United States, Ashburn | Unknown, AWS Datacenter |
| r-pm.algorand-mainnet.network. | 112.80.39.155 | China, Nanjing | Unknown |
| r10.algorand-mainnet.network. | 104.16.241.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r10.algorand-mainnet.network. | 104.16.220.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r-no.algorand-mainnet.network. | 34.244.171.45 | Ireland, Dublin | Unknown, AWS Datacenter |
| r13.algorand-mainnet.network. | 104.16.241.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r13.algorand-mainnet.network. | 104.16.220.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r-te.algorand-mainnet.network. | 206.124.132.3 | United States, Bellevue | Blarg! Online Services |
| r-np.algorand-mainnet.network. | 3.234.215.38 | United States, Ashburn | Unknown, AWS Datacenter |
| r-sb.algorand-mainnet.network. | 92.51.244.251 | Ireland, Dublin | Unknown, Digiweb datacenter |
| r-fe.algorand-mainnet.network. | 151.100.181.25 | Italy, Roma | Universita Degli Studi Di Roma La Sapienza |
| r-gd.algorand-mainnet.network. | 35.189.197.221 | Belgium, Brussels | Unknown, Google Datacenter |
| r-ge.algorand-mainnet.network. | 129.97.74.19 | Canada, Waterloo | University Of Waterloo |
| r-pu.algorand-mainnet.network. | 34.90.2.247 | Netherlands Groningen | Unknown, Google Datacenter |
| r-os.algorand-mainnet.network. | 64.127.128.142 | United States, Boca Raton | Unknown, Brodbandone Llc |
| r-tc.algorand-mainnet.network. | 132.67.252.201 | Israel, Tel Aviv-yafo | Tel Aviv University |
| r-cd.algorand-mainnet.network. | 52.199.96.186 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-sn.algorand-mainnet.network. | 165.227.42.250 | Canada, Toronto | Unknown, DigitalOcean Datacenter |
| r-ac.algorand-mainnet.network. | 222.29.136.13 | China, Beijing | China Education And Research Network |
| r-as.algorand-mainnet.network. | 34.251.214.42 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-lr.algorand-mainnet.network. | 18.179.61.53 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-rh.algorand-mainnet.network. | 128.32.157.58 | United States, Berkeley | University Of California |
| r-o0.algorand-mainnet.network. | 66.135.2.28 | United States Piscataway | Township Vultr Holdings Llc |
| r-kr.algorand-mainnet.network. | 130.245.173.82 | United States Stony Brook | University Of New York At Stony Brook |
| r-b2.algorand-mainnet.network. | 89.39.110.254 | Romania Bucuresti | Unknown, Lansoft-data-srl Datacenter |
| r-ga.algorand-mainnet.network. | 18.208.255.55 | United States, Ashburn | Unkown, AWS Datacenter |
| r-f6.algorand-mainnet.network. | 45.76.54.30 | Japan, Ota-ku | Vultr Holdings Llc |
| r-h4.algorand-mainnet.network. | 52.69.255.207 | Japan, Tokyo | Unknown, AWS Datacenter |
| relay-montreal-mainnet-algorand.algorand-mainnet.network. | 52.60.87.11 | Canada, Montreal | Unknown, AWS Datacenter |
| relay-montreal-mainnet-algorand.algorand-mainnet.network. | 15.223.107.199 | Canada, Montreal | Unknown, AWS Datacenter |
| r-mg.algorand-mainnet.network. | 13.113.116.204 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-rg.algorand-mainnet.network. | 54.154.156.108 | Ireland, Dublin | Unknown, AWS Datacenter |
| relay-singapore-mainnet-algorand.algorand-mainnet.network. | 20.43.181.97 | Singapore, Singapore | Unknown, Microsoft Datacenter |
| r-xe.algorand-mainnet.network. | 54.169.15.5 | Singapore, Singapore | Unknown, AWS Datacenter |
| r-dy.algorand-mainnet.network. | 52.208.22.55 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-ag.algorand-mainnet.network. | 34.225.133.123 | United States, Ashburn | Unknown, AWS Datacenter |
| r-mt.algorand-mainnet.network. | 35.222.60.105 | United States, Council Bluffs | Unknown, Google Datacenter |
| r-ne.algorand-mainnet.network. | 3.68.83.134 | Germany, Frankfurt | Unknown, AWS Datacenter |
| r-h7.algorand-mainnet.network. | 209.212.146.235 | United States, Arlington Heights | Unknown, Gigenet Datacenter |
| relay-mumbai-mainnet-algorand.algorand-mainnet.network. | 3.7.171.204 | India, Mumbai | Unknown, AWS Datacenter |
| relay-mumbai-mainnet-algorand.algorand-mainnet.network. | 13.127.250.173 | India, Mumbai | Unknown, AWS Datacenter |
| r-tb.algorand-mainnet.network. | 35.204.42.115 | Netherlands, Groningen | Unknown, Google Datacenter |
| r-th.algorand-mainnet.network. | 3.249.40.1 | Ireland, Dublin | Unknown, AWS Datacenter |
| relay-singaporea-mainnet-algorand.algorand-mainnet.network. | 52.76.171.86 | Singapore, Singapore | Unknown, AWS Datacenter |
| relay-singaporea-mainnet-algorand.algorand-mainnet.network. | 18.136.167.136 | Singapore, Singapore | Unknown, AWS Datacenter |
| r-c9.algorand-mainnet.network. | 69.174.103.109 | United States, Mclean | Unknown, Packetexchange |
| r-v4.algorand-mainnet.network. | 69.160.65.233 | United States, Midway | Unknown, Prohosting |
| r-cm.algorand-mainnet.network. | 70.164.1.120 | United States, Irvine | Unknown, Millenium Systems |
| r-be.algorand-mainnet.network. | 52.51.66.201 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-rn.algorand-mainnet.network. | 18.139.50.34 | Singapore, Singapore | Unknown, AWS Datacenter |
| r-na.algorand-mainnet.network. | 52.50.33.159 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-ni.algorand-mainnet.network. | 3.250.29.253 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-zn.algorand-mainnet.network. | 162.217.71.226 | United States, Miami | Unknown, Comintech Corp. |
| r-al.algorand-mainnet.network. | 199.73.49.40 | United States, San Diego | Unknown, Scalematrix |
| r-y2.algorand-mainnet.network. | 139.162.92.215 | Japan, Tokyo | Unknown, Linode Llc |
| r-mn.algorand-mainnet.network. | 35.203.61.15 | Canada, Montreal | Unknown, Google Datacenter |
| r-eu.algorand-mainnet.network. | 35.158.118.168 | Germany, Frankfurt | Unknown, AWS Datacenter |
| r-pt.algorand-mainnet.network. | 18.185.83.202 | Germany, Frankfurt | Unknown, AWS Datacenter |
| r-sg.algorand-mainnet.network. | 35.246.140.92 | Germany, Frankfurt | Unknown, Google Datacenter |
| r-s6.algorand-mainnet.network. | 138.199.4.152 | Brazil, Sao Paulo | Unknown |
| r-br.algorand-mainnet.network. | 3.80.84.186 | United States, Ashburn | Unknown, AWS Datacenter |
| r-cu.algorand-mainnet.network. | 54.254.44.3 | Singapore, Singapore | Unknown, AWS Datacenter |
| r-k0.algorand-mainnet.network. | 69.160.65.232 | United States, Midway | Unknown, Prohosting |
| r12.algorand-mainnet.network. | 104.16.220.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r12.algorand-mainnet.network. | 104.16.241.21 | United States, San Jose | Unknown, Cloudfare DNS |
| r-rb.algorand-mainnet.network. | 54.168.120.211 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-nd.algorand-mainnet.network. | 13.230.40.50 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-fm.algorand-mainnet.network. | 54.150.219.87 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-c3.algorand-mainnet.network. | 54.73.210.74 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-sc.algorand-mainnet.network. | 13.250.172.3 | Singapore, Singapore | Unknown, AWS Datacenter |
| r-sm.algorand-mainnet.network. | 18.138.243.26 | Singapore, Singapore | Unknown, AWS Datacenter |
| r-se.algorand-mainnet.network. | 44.234.136.39 | United States, Boardman | Unknown, AWS Datacenter |
| r-am.algorand-mainnet.network. | 35.203.75.131 | Canada, Montreal | Unknown, Google Datacenter |
| r-bi.algorand-mainnet.network. | 54.179.83.93 | Singapore, Singapore | Unknown, AWS Datacenter |
| r-hf.algorand-mainnet.network. | 54.217.136.29 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-s8.algorand-mainnet.network. | 152.78.136.82 | United Kingdom Southampton | University Of Southampton |
| r-ds.algorand-mainnet.network. | 34.91.27.165 | Netherlands Groningen | Unknown, Google Datacenter |
| r-er.algorand-mainnet.network. | 52.40.177.179 | United States, Boardman | Unknown, AWS Datacenter |
| relay-tokyo-mainnet-algorand.algorand-mainnet.network. | 35.221.100.18 | Japan, Tokyo | Unknown, Google Datacenter |
| r-p2.algorand-mainnet.network. | 51.161.87.231 | Japan, Tokyo | Unknown, AWS Datacenter |
| r-pa.algorand-mainnet.network. | 3.90.158.139 | United States, Ashburn | Unknown, AWS Datacenter |
| r-ho.algorand-mainnet.network. | 34.249.158.191 | Ireland, Dublin | Unknown, AWS Datacenter |
| r-bh.algorand-mainnet.network. | 34.95.50.136 | Canada, Montreal | Unknown, Google Datacenter |
| r-b7.algorand-mainnet.network. | 95.179.148.133 | Netherlands, Haarlem | Unknown, Vultr Holdings Llc Amsterdam |
| r-rf.algorand-mainnet.network. | 35.246.238.112 | Germany, Frankfurt | Unknown, Google Datacenter |
No comments:
Post a Comment