A question was asked about basilisk: "

just listening to your Core Radio interview. When running in Basilisk mode, you're relying on full Iguana nodes to answer queries. How does that affect security -- are you completely vulnerable to those nodes giving you wrong answers?

Also, what stops an attacker from charging zero fees for a query and always being selected?"



multiple nodes are queried and unless there is an attack, they will all return the same rawtx as a determistic vin selection algo is used. The basilisk node can verify that the returned transaction is valid, except for the details about the spends. However, these all must be unspents previously received by that basilisk node, so it can simply verify that it is one of these. In a restart from scratch mode, the basilisk node would have to query random peers about the details of each unspent that is being spent, making sure it is not from the same node that returned the rawtx.



in fact, I recently improved things so that each basilisk node starts each session by getting a list of all its unspents and it can then construct the rawtx out of that. this shifts the fee collection to need a different model, but I am thinking of allocating block rewards to iguana nodes that fulfill basilisk requests. having all the unspents local reduces the time needed to construct a new tx as once there are in the local cache, no external request is needed at all



in the event wrong answers are given, then it wont be able to be signed or will be rejected on submission to the blockchain



the only wrong answer that would pass these tests would be unspents to the address in a basilisk node's wallet that is of greater value, thus making the basilisk node spent a lot more in network txfee, so this attack is only profitable for the miner of the block the tx will be included in. However, by verifying each input against the local cache, avoids this bad data also.



if you can think of any other attack, please let me know. all the data being used by the iguana nodes are publicly available blockchain data, so there doesnt seem to be any issues on that side. preventing an overspend on txfee was the only attack I found so far and going to the validated local unspent cache avoids this

[doublepost=1468254325][/doublepost]followup Q:

the attacker can still present themself as multiple nodes all of which charge zero fees, no? (I understand that transactions based on wrong answers might be rejected, but the wrong answers could be used to mislead the user in the meantime)



###

If the attacker controlled all nodes a basilisk connects to, then of course it could mislead it to an extent. However, if there is only one honest node, then the basilisk node will be able to detect that it is under attack. Also, by keeping track of its own unspents locally in long term storage, the attacker would need to control all the nodes all the time for a particular basilisk node....

Under such assumptions, any p2p network can be fooled. There will be reference SuperNET nodes that people can add to their peer list which will at least allow attacks to be detected.

Your zero fee attack makes me that much more inclined to go to aggregated fee sharing via basilisk voting, ie basilisk nodes reward the fastest iguana nodes that respond and also track nodes that are giving conflicting data