Here is a Development update for my following:
- I'm "nearly done" (have you ever heard a dev saying otherwise XD) with the development of the scanner bot's core features.
The Live scanner has now been running for about 3 days, scanning all new blocks published into the STEEM blockchain.
I tested the detection of leaked private keys end to end. The time elapsed between when the block containing a test account private posting key is published and my bot's detection is currently around 200 ms.
So far it detected one new private posting key leaked into the blockchain (I got a few false positives / duplicates before that).
I sent this key to @guiltyparties (as usual) but despite the fact that they have ~600 STEEM in their wallet I won't send this user a transfer memo as their reputation is
-5and they are on a couple of big blacklists.
- The bot at the moment of writing also supports the recovery of leaked MASTER keys. Testing is in progress with test accounts so hold your horses, don't start putting in comments your master keys just yet! 😅
Resetting the master key revealed itself as a harder task than I anticipated due to a steem api method not working as I expected. I eventually figured out how to programmatically change all private keys reverse engineering https://steemitwallet.com (not the most readable code TBH but maybe it was intentionally so on their side.. 😅).
I was then given a solution for the steem api method. It would lead to the use of much less and neater code so I'll give it a try soon.
At the moment I'm currently working on auto-transferring funds to the Wallet Savings when a leaked ACTIVE key is detected. (I'm dealing with some testing account creation issues first 🙈)
I also have in the works the auto-publishing of a Post on the new bot's (@keys-defender??) blog every time a MASTER or ACTIVE key is detected.
After those, the next feature I will work on is auto-replying as soon as possible to the comment/post in which any private key was leaked.
In case the key is compromised in other operation types (eg. account_update), a transfer memo will be sent instead (max 1 a day per user in order to prevent abuse) or I will reply to their last post (or both, still have to decide).
Here is a (not too accurate) history of the activities performed for this bot development so far and some future plans:
Feasibility study (Sprint 0):
✔️ Initial analysis (lots of reading and sketching)
✔️ Proof of Concept (POC) development
Feasibility test with 1000 blocks to estimate how long it would take to scan the whole blockchain
Total mining time: 39 000 000 blocks / (60 * 60 * 24) days / 30 req per s = ~15 days.
✔️ Further analysis, planning.
Development (Sprint 1):
✔️ Split the load across multiple instances of the blockchain scanner
✔️ Improved parallelism
✔️ Improved unhappy paths handling
✔️ Manual testing, bug fixes
✔️ Refactoring, Unit Testing for basic coverage
✔️ Stats collection (counters, blocks explored / h, avg time, ..)
✔️ Added support for additional runtime parameters
Development (Sprint 2):
✔️ Removed browser support
✔️ Results storage and backup
✔️ Refactoring, Unit Testing
✔️ Bugs fixes: Eg. why can't detect key if given only 3 blocks. It was able to, it was just a race condition for the block counter telling me the key was in some other block id.
✔️ End 2 end timer for private key detection
✔️ Last block poller and integration with existing scanner
✔️ Added retry mechanism for block failed reads
✔️ Automatically reset master keys
✔️ RELEASE 1: STEEM Blockchain history scanner - part 1
✔️ RELEASE 1.1: history scanner - part 2 (remaining 30 million blocks)
✔️ RELASE 2.0a: Live scanner for detection of all private keys + recovery of MASTER keys
[...] Automatically move funds to savings for Active keys
[...] Auto-publish disclosures posts
 Improve logging
 Beta testing
 Monitor dead accounts and burn their RC if abused - checked though daily scheduler
 Auto-publish weekly report with live scanning stats
 Re-execute partial scans for failed block reads during full chain scan
 Investigate valid keys without author in old generated reports
 Improve monitoring of the bot activities
 AWS Lambda as sanity check publishing testing account private posting key daily. Email/SMS if fails.
 Automated Unit and Integration Tests
 Basic UI?
 Charts about steem blockchain usage (re-using RabbitMQ charts)
 Additional abuse checks: eg. savings withdrawal with same leaked active key, pending power down checks, ..
 Additional wallet transfer as reminders?
 ... lots more !!
Next Post Candidates:
- How many times in the STEEM blockchain history users accidentally leaked their keys and then reset them
- Testing results (with KPI metrics)
- Development update + # of new keys detected
That's all for today folks! Take care! =]