Merge pull request #78 from crytic/bump-images

Add contribution info and bump images
crytic · Mar 7, 2024 · 919d8c1 · 919d8c1
2 parents 021cb9b + 3153bf4
commit 919d8c1
Show file tree

Hide file tree

Showing 14 changed files with 176 additions and 153 deletions.
diff --git a/README.md b/README.md
@@ -28,20 +28,15 @@ The faults supported by Attacknet include:
 - (WIP) Kernel based: Kernel faults
 
 ## Getting started
-
-Ahead of public release, please add _any_ issues discovered with Attacknet to this Github tracker: https://github.com/crytic/attacknet/issues/59
-Adding issues there will help guide the development of the tool and avoid time wasted on features that don't find good bugs.
-
 ### Installation/Building
 
 1. Install Go 1.21 or newer
 2. In the project root, run `go build ./cmd/attacknet`
-3. Copy the "attacknet" binary to your PATH or directly invoke it.
+3. Copy the "attacknet" binary path to your PATH variable or directly invoke it
 
 ### Setting up the other bits
 
-1. Set up a containerd k8s cluster. (1.27 or older) (todo: recommended resourcing. Also note that auto-scaling can 
-   sometimes be too slow, and kurtosis will time out before the nodes for its workload can be provisioned.)
+1. Set up a containerd k8s cluster. (1.27 or older), ideally without auto-scaling (as high provisioning time leads to timeouts on kurtosis) 
 2. Authenticate to the cluster for kubectl
 3. Install chaos-mesh
    1. `kubectl create ns chaos-mesh`
@@ -75,15 +70,15 @@ attacknetConfig:
   waitBeforeInjectionSeconds: 10 
   # the number of seconds to wait between the genesis of the network and the injection of faults. To wait for finality, use 25 mins (1500 secs)
   reuseDevnetBetweenRuns: true # Whether attacknet should skip enclave deletion after the fault concludes. Defaults to false.
-  existingDevnetNamespace: kt-ethereum # If you don't want to genesis a new network, you can specify an existing namespace that contains a Kurtosis enclave and run tests against it instead. I'm expecting this to only be useful for dev/tool testing. Exclude this parameter for normal operation.
+  existingDevnetNamespace: kt-ethereum # Omit field for random namespace geneartion. If you want to reuse a running network, you can specify an existing namespace that contains a Kurtosis enclave and run tests against it.
   allowPostFaultInspection: true # When set to true, Attacknet will maintain the port-forward connection to Grafana once the fault has concluded to allow the operator to inspect metrics. Default: true
 
 harnessConfig:
   networkPackage: github.com/crytic/ethereum-package # The Kurtosis package to deploy to instrument the devnet.
   networkConfig: default.yaml # The configuration to use for the Kurtosis package. These live in ./network-configs and are referenced by their filename. 
   networkType: ethereum # no touchy
 
-# The list of tests to be run. As of right now, the first test is run and the tool terminates. In the future, we will genesis single-use devnets for each test, run the test, and terminate once all the tests are completed and all the enclaves are cleaned up.
+# The list of tests to be run before termination
 testConfig:
    tests:
    - testName: packetdrop-1 # Name of the test. Used for logging/artifacts.
@@ -93,7 +88,7 @@ testConfig:
      planSteps: # the list of steps to facilitate the test, executed in order
       - stepType: injectFault # this step injects a fault, the continues to the next step without waiting for the fault to terminate
         description: "inject fault"
-        chaosFaultSpec: # The chaosFaultSpec is basically a pass-thru object for Chaos Mesh fault resources. This means we can support every possible fault out-of-the-box, but slightly complicates generating the configuration. To determine the schema for each fault type, check the Chaos Mesh docs: https://chaos-mesh.org/docs/simulate-network-chaos-on-kubernetes/. One issue with this method is that Attacknet can't verify whether your faultSpec is valid until it tries to create the resource in Kubernetes, and that comes after genesis which takes a long time on its own. If you run into schema validation issues, try creating these objects directly in Kubernetes to hasten the debug cycle. 
+        chaosFaultSpec: # The chaosFaultSpec is basically a pass-thru object for Chaos Mesh fault resources. This means we can support every possible fault out-of-the-box. To determine the schema for each fault type, check the Chaos Mesh docs: https://chaos-mesh.org/docs/simulate-network-chaos-on-kubernetes/. One issue with this method is that Attacknet can't verify whether your faultSpec is valid until it tries to create the resource in Kubernetes, and that comes after genesis which takes a long time on its own. If you run into schema validation issues, try creating these objects directly in Kubernetes to hasten the debug cycle. 
           kind: NetworkChaos
           apiVersion: chaos-mesh.org/v1alpha1
           spec:
@@ -111,7 +106,8 @@ testConfig:
         description: wait for faults to terminate
 ```
 
-Over the long term, expect manual fault configuration to be deprecated in favor of the fault planner.
+Over the long term, expect manual fault configuration to be deprecated in favor of the fault planner and other automatic test
+generation tools.
 
 ## Automatically creating test suites/network configs using the planner
 
@@ -125,7 +121,7 @@ execution: # list of execution clients that will be used in the network topology
   - name: geth
     image: ethereum/client-go:latest
   - name: reth
-    image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.13
+    image: ghcr.io/paradigmxyz/reth:latest
 consensus: # list of consensus clients that will be used in the network topology
   - name: lighthouse
     image: sigp/lighthouse:latest
@@ -210,6 +206,14 @@ probably be changed.
 Depending on the state of the Kurtosis package and tons of other variables, a lot of the example test suites/networks might not work out of the box.
 If you're just trying to test things out, use `attacknet start suite`. This refers to a demo test suite that was tested on Jan 30.
 
+## Contribution
+This tool was developed as a collaboration between [Trail of Bits](https://www.trailofbits.com/) and the [Ethereum Foundation](https://github.com/ethereum/).
+Thank you for considering helping out with the source code! We welcome contributions from anyone on the internet, and are grateful for even the smallest of fixes!
+
+If this tool was used for finding bugs, please do ensure that the bug is reported to the relevant project maintainers or to the 
+[Ethereum foundation Bug bounty program](https://ethereum.org/en/bug-bounty/). Please feel free to reach out to the tool
+maintainers on Discord, Email or Twitter for any feature requests. 
+
 ## Changelog
 
 **Dec 15, 2023 version v0.1 (internal)**

diff --git a/network-configs/devnet-12.yaml b/network-configs/devnet-12.yaml
@@ -1,9 +1,9 @@
 participants:
-  - el_client_type: nethermind
-    el_client_image: nethermindeth/nethermind:release-1.25.0
+  - el_client_type: geth
+    el_client_image: ethereum/client-go:v1.13.13
     el_extra_labels: {"ethereum-package.partition": "partA"}
     cl_client_type: lighthouse
-    cl_client_image: ethpandaops/lighthouse:unstable-c55608b
+    cl_client_image: sigp/lighthouse:v5.0.0
     beacon_extra_labels: {"ethereum-package.partition": "partA"}
     validator_extra_labels: {"ethereum-package.partition": "partA"}
     el_min_cpu: 1000
@@ -20,10 +20,10 @@ participants:
     v_max_mem: 1028
     count: 1
   - el_client_type: nethermind
-    el_client_image: nethermindeth/nethermind:release-1.25.0
+    el_client_image: nethermind/nethermind:1.25.4
     el_extra_labels: {"ethereum-package.partition": "partA"}
-    cl_client_type: lighthouse
-    cl_client_image: ethpandaops/lighthouse:unstable-c55608b
+    cl_client_type: teku
+    cl_client_image: consensys/teku:24.2.0-amd64
     beacon_extra_labels: {"ethereum-package.partition": "partA"}
     validator_extra_labels: {"ethereum-package.partition": "partA"}
     el_min_cpu: 1000
@@ -40,10 +40,10 @@ participants:
     v_max_mem: 1028
     count: 1
   - el_client_type: reth
-    el_client_image: ethpandaops/reth:main-471c28e
+    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.19
     el_extra_labels: {"ethereum-package.partition": "partB"}
     cl_client_type: prysm
-    cl_client_image: gcr.io/prysmaticlabs/prysm/beacon-chain:HEAD-929e9d,gcr.io/prysmaticlabs/prysm/validator:HEAD-929e9d
+    cl_client_image: gcr.io/prysmaticlabs/prysm/beacon-chain:v5.0.0,gcr.io/prysmaticlabs/prysm/validator:v5.0.0
     beacon_extra_labels: {"ethereum-package.partition": "partB"}
     validator_extra_labels: {"ethereum-package.partition": "partB"}
     el_min_cpu: 1000
@@ -63,6 +63,9 @@ network_params:
   deneb_fork_epoch: 1
   genesis_delay: 120
 additional_services:
-  - beacon_metrics_gazer
   - dora
-persistent: true
+  - goomy_blob
+  - tx_spammer
+  - blob_spammer
+persistent: true
+global_client_log_level: info
diff --git a/network-configs/lighthouse-stale-safe-issue.yaml b/network-configs/lighthouse-stale-safe-issue.yaml
diff --git a/network-configs/reth.yaml b/network-configs/reth.yaml
@@ -36,7 +36,7 @@ participants:
   - el_client_type: geth
     el_client_image: ethereum/client-go:latest
     cl_client_type: teku
-    cl_client_image: consensys/teku:23.12.0
+    cl_client_image: consensys/teku:24.2.0
     el_min_cpu: 1000
     el_max_cpu: 1000
     el_min_mem: 1024
@@ -51,7 +51,7 @@ participants:
     v_max_mem: 1028
     count: 1
   - el_client_type: reth
-    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.13
+    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.19
     cl_client_type: prysm
     cl_client_image: prysmaticlabs/prysm-beacon-chain:latest,prysmaticlabs/prysm-validator:latest
     el_min_cpu: 1000
@@ -68,7 +68,7 @@ participants:
     v_max_mem: 1028
     count: 1
   - el_client_type: reth
-    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.13
+    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.19
     cl_client_type: lighthouse
     cl_client_image: sigp/lighthouse:latest
     el_min_cpu: 1000
@@ -85,9 +85,9 @@ participants:
     v_max_mem: 1028
     count: 1
   - el_client_type: reth
-    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.13
+    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.19
     cl_client_type: teku
-    cl_client_image: consensys/teku:23.12.0
+    cl_client_image: consensys/teku:24.2.0
     el_min_cpu: 1000
     el_max_cpu: 1000
     el_min_mem: 1024
@@ -102,9 +102,9 @@ participants:
     v_max_mem: 1028
     count: 1
   - el_client_type: reth
-    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.13
+    el_client_image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.19
     cl_client_type: lodestar
-    cl_client_image: chainsafe/lodestar:v1.12.1
+    cl_client_image: chainsafe/lodestar:v1.16.0
     el_min_cpu: 1000
     el_max_cpu: 1000
     el_min_mem: 1024

diff --git a/planner-configs/clock-skew.yaml b/planner-configs/clock-skew.yaml
@@ -0,0 +1,63 @@
+execution:
+  - name: geth
+    image: ethereum/client-go:v1.13.13
+  - name: reth
+    image: ghcr.io/paradigmxyz/reth:v0.1.0-alpha.19
+  - name: erigon
+    image: thorax/erigon:v2.58.1
+  - name: nethermind
+    image: nethermindeth/nethermind:1.25.4
+  - name: besu
+    image: hyperledger/besu:24.1.2
+consensus:
+  - name: lighthouse
+    image: sigp/lighthouse:v5.0.0
+    has_sidecar: true
+  - name: prysm
+    image: gcr.io/prysmaticlabs/prysm/beacon-chain:v5.0.0,gcr.io/prysmaticlabs/prysm/validator:v5.0.0
+    has_sidecar: true
+  - name: teku
+    image: consensys/teku:24.2.0-amd64
+    has_sidecar: false
+  - name: lodestar
+    image: chainsafe/lodestar:v1.16.0
+    has_sidecar: true
+  - name: nimbus
+    image: statusim/nimbus-eth2:multiarch-v24.2.2
+    has_sidecar: false
+network_params:
+  num_validator_keys_per_node: 32
+kurtosis_package: "github.com/kurtosis-tech/ethereum-package"
+kubernetes_namespace: kt-ethereum
+topology:
+  bootnode_el: geth
+  bootnode_cl: lighthouse
+fault_config:
+  fault_type: ClockSkew
+  target_client: geth
+  bootnode_el: geth
+  bootnode_cl: lighthouse
+  wait_before_first_test: 1000s
+  fault_config_dimensions:
+    - skew: -1m
+      duration: 1m
+      grace_period: 600s
+    - skew: 1m
+      duration: 1m
+      grace_period: 600s
+    - skew: -7m
+      duration: 1m
+      grace_period: 600s
+    - skew: 7m
+      duration: 1m
+      grace_period: 600s
+  fault_targeting_dimensions:
+    - MatchingNode
+    - MatchingClient
+  fault_attack_size_dimensions:
+    - AttackOneMatching
+    - AttackMinorityMatching
+    - AttackSuperminorityMatching
+    - AttackMajorityMatching
+    - AttackSupermajorityMatching
+    - AttackAllMatching
diff --git a/test-suites/cpu-stress.yaml b/test-suites/cpu-stress.yaml
@@ -34,7 +34,7 @@ testConfig:
               # kurtosistech.com.custom/ethereum-package.client-type: beacon
               # kurtosistech.com.custom/ethereum-package.client-type: execution
               #kurtosistech.com/id: cl-3-prysm-geth
-              kurtosistech.com/id: cl-2-prysm-geth
+              kurtosistech.com/id: cl-3-prysm-reth
           stressors:
             cpu:
               workers: 30 # number of threads that apply stress defined by `load`. workers * load may exceed 100.

diff --git a/test-suites/io-latency.yaml b/test-suites/io-latency.yaml
@@ -8,7 +8,7 @@ attacknetConfig:
 
 harnessConfig:
   networkPackage: github.com/kurtosis-tech/ethereum-package
-  networkConfig: default.yaml
+  networkConfig: devnet-12.yaml
   networkType: ethereum
 
 testConfig:
@@ -36,13 +36,13 @@ testConfig:
               kurtosistech.com/id: el-1-geth-lighthouse
 
           # for CL nodes
-          #path: '/consensus-data/**/*'
+          #path: '/data/*/beacon-data'
           #volumePath: /consensus-data
           # for EL nodes
-          path: '/execution-data/**/*'
-          volumePath: /execution-data
-          delay: '2000ms'
-          percent: 100
+          path: '/data/*/execution-data'
+          volumePath: /data/geth/execution-data
+          delay: '5000ms'
+          percent: 50
           duration: 120s
     - stepType: waitForFaultCompletion
       description: wait for faults to terminate