I've developed a case study based on Hyperledger Fabric using the fabric-chaincode-evm in order to develop Solidity smart contract.
Using chaincode-evm there's the Fab3 proxy in the middle between Application and Fabric Network that map the Fabric User with an ethereum address generated on the fly.
There's a way to run transaction of an ERC20 token over a public Blockchain(Ethereum) starting from my private fabric chaincode(smart contract) ?
There's some way to change the eth address generated by Fab3 proxy with my own eth address, or linking Metamask for example.
Related
Hyperledger has this wallet thing where a set of user identities are stored. I am trying to understand if this concept of wallet in Hyperledger is the same as the one used in Metamask. For example, when you want to use a dApp, you need to have Metamask extension installed in a chrome browser. Then the dApp use your Metamask address to identify you. How does that relate to Hyperledger wallet?
In case Hyperledger Fabric, the user/client application have to do two steps to commit a transaction to the blockchain ledger.
Get transaction endorsements from enough number of peers
Send the endorsed transaction to orderer to get the transaction included in a block.
The user has to sign these transaction endorsement and ordering proposal before sending to peers/orderer. The wallet stores the private key and certificate of the user for this signing purpose. This way, client authenticates the requests to peers/orderers. Usually, wallet is managed using the application SDKs. Refer HLF Node SDK wallet documentation for more details.
HLF official documentation of wallet.
I am looking for the address of the Chainlink FeedRegistry on the Binance Smart Chain similar to the one deployed for Ethereum https://etherscan.io/address/0x47Fb2585D2C56Fe188D0E6ec628a38b74fCeeeDf#code
The Chainlink FeedRegistry is only available for ETH Mainnet and Kovan right now.
You can find the address for all networks in reference-contracts
How is an end user client registered on the hyperledger Fabric network? does he need to call a smart contract for this or is the registration process done by some other procedure?
In order for end-users or clients to interact with the network, it is necessary to register them in the network.
First of all, you will need to implement Fabric Node/Java SDK to connect the blockchain network. Then You have to follow the below steps:
Create a connection profile for each organization.
Register the administrator user of each of the organizations.
After registering the admin, you can use these identities to generate the other users.
Kindly check the fabric-samples/fabcar/javascript folder where you will get all the sample code that you can study.
There is one more way to do this. You can use fabric ca client CLI commands too. See link below.
https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/clientcli.html#fabric-ca-client-s-cli
I want to know whether Hyperledger composer SDKs (Node JS) out of the box provides any encryption over transaction data.
Let's assume that if I am writing following transaction to the Hyperledger Fabric through a following composer terminal command,
composer transaction submit -c admin#tutorial-network -d '{"$class":"net.biz.digitalPropertyNetwork.RegisterPropertyForSale","transactionId":"TRANSACTION_001","seller":"mae#biznet.org","title":"TITLE_001"}'
or submitting trasaction through hyperledger composer SDK as in following code snippet (extracted from : https://hyperledger.github.io/composer/v0.19/reference/composer.transaction.submit.html)
const TransactionSubmit = require('composer-cli').Transaction.Submit;
let options = {
card: 'admin#tutorial-network',
data: '{"$class":"net.biz.digitalPropertyNetwork.RegisterPropertyForSale","transactionId":"TRANSACTION_001","seller":"mae#biznet.org","title":"TITLE_001"}'
};
TransactionSubmit.handler(options);
I can see that card value (admin#tutorial-network) is provided in both of above cases. And I can also understand that card contains necessary details to properly authorize access to the smart contract (in this case, RegisterPropertyForSale) too.
The problem is, when we send transactions to hyperledger fabric (fabric peers) for processing, do they send in an encrypted form and signed by the card? or are they just sent in plain text format?
Fabric transactions are not encrypted; they are of course signed.
All of the SDKs sign the message using the private key associated with the client identity (including the identity cards used by Composer).
Encrypting the data in the transaction is left to the user. Note that if you do encrypt the data, then every peer which will endorse the chaincode / smart contract must have access to the encryption/decryption key. It's also possible to pass this in via the transient data field in the transaction message. You'd need to do this directly via the SDK as this is not built-in to the Composer client.
I'm creating my first Ethereum contract with truffle. I want the web application to be usable without MetaMask so I was wondering if it is a good idea to run my own private node and to
connect from the frontend like this:
this.web3 = new Web3(new Web3.providers.HttpProvider('http://my-public-ip:8545'));
Are there any security risks with this approach?
Here is how I did it, but it allows bots to steal the ether from these accounts:
I did setup publicly accessible node like this:
geth --mine --nodiscover --maxpeers 0 --networkid 1 --rpc --rpccorsdomain "*" --rpcaddr "my-public-ip" --rpcapi="db,eth,net,web3,personal,web3"
I created a new Ethereum account that is going to be my "contract owner" account
I transferred a small amount of ether into the "contract owner" account so I would have enough gas to deploy my new contract
I did setup truffle to connect to my Ethereum node
I used truffle console to unlock my account
I got the error "Error: exceeds block gas limit"
At this point I was confused, because I saw that on etherscan I have about 10USD worth of ether in my account. That should be enough to deploy my contract.
I checked etherscan again, and I saw "outgoing" transactions draining all my money from the Ethereum address. This is how the money was stolen:
A bot found out about my public Ethereum node
It connected to it and requested the account list + account balances
It started sending sendTransaction requests non stop
When I unlocked my account on the public node to deploy my contract - the bot that was using the same node also got access to my account and it transferred the funds from my account