Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/jmank88/libocr
- Version published
- Created
libocr
libocr consists of a Go library and a set of Solidity smart contracts that implement the Chainlink Offchain Reporting Protocol, a Byzantine fault tolerant protocol that allows a set of oracles to generate offchain an aggregate report of the oracles' observations of some underlying data source. This report is then transmitted to an onchain contract in a single transaction.
You may also be interested in libocr's integration into the actual Chainlink node.
Protocol Description
Protocol execution mostly happens offchain over a peer to peer network between Chainlink nodes. The nodes regularly elect a new leader node who drives the rest of the protocol. The protocol is designed to choose each leader fairly and quickly rotate away from leaders that aren’t making progress towards timely onchain reports.
The leader regularly requests followers to provide freshly signed observations and aggregates them into a report. It then sends the aggregate report back to the followers and asks them to attest to the report's validity by signing it. If a quorum of followers approves the report, the leader assembles a final report with the quorum's signatures and broadcasts it to all followers.
The nodes then attempt to transmit the final report to the smart contract according to a randomized schedule. Finally, the smart contract verifies that a quorum of nodes signed the report and exposes the median value to consumers.
Organization
.
├── contract: Ethereum smart contracts
├── gethwrappers: go-ethereum bindings for the OCR1 contracts, generated with abigen
├── gethwrappers2: go-ethereum bindings for the OCR2 contracts, generated with abigen
├── networking: p2p networking layer
├── offchainreporting: offchain reporting protocol version 1
├── offchainreporting2: offchain reporting protocol version 2 specific packages, not much here
├── offchainreporting2plus: offchain reporting protocol version 2 and beyond
├── permutation: helper package for generating permutations
└── subprocesses: helper package for managing go routines
FAQs
Unknown package
Package last updated on 30 Jul 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024