Is the levelDB database an attack vector when using streams?

+5 votes

In your response to this question, https://www.multichain.com/qa/9635/how-do-streams-work-under-the-hood, you stated that: 

LevelDB stores indexes and transactions. But if the stream item data size is larger than 256 bytes, it is omitted from the LevelDB index, and replaced with a pointer to the data on disk (within the block). So large items are only stored once.

Does this mean that if someone were to find a way to edit data directly in levelDB, they could maliciously change the  data that was stored in the database without having to change the blockchain, and mulitchain rpc calls would return this errant data?  

For example, lets say I have a stream "myStream", and I publish to the key "foo" with the value "bar". An attacker decides the blockchain itself is too hard to attack, but they gain access to the levelDB instance, and replace the value for "foo" to be "attacker was here" instead of "bar". If I called "liststreamkeyitems foo". Would I get "bar", "attacker was here", or would there be some sort of error?

Thanks.

asked May 22, 2018 by Tyler

1 Answer

+1 vote
If someone can compromise the system on which an instance of MultiChain is running, they can do anything to that instance, even if they cannot corrupt the blockchain itself. This is a general issue with computer security that cannot be solved. They can also delete all your files, install their own corrupted version of MultiChain, etc...
answered May 23, 2018 by MultiChain
That is a valid point, but it doesn’t mean that I shouldn’t understand how MultiChain uses LevelDB and what possible weakness that provides. Putting a custom version of MultiChain on a machine, without alerting every other node connected to the chain, and having it return the desired erroneous data is a much more complex task then modifying a single entry in a database. It is still important for us to understand exactly how MultiChain interacts and reads from LevelDB.
Well, MultiChain uses LevelDB to manage many aspects of its state. We don't have extensive pre-prepared documentation on this, but it's all there is the source code. I'm afraid we can't provide assistance at the source code level outside of a commercial support relationship.
...