The Honeypot DApp is a secure vault that accumulates ERC-20 token deposits from any source while restricting withdrawals to a single pre-configured address.
Operating like a digital honeypot, it accepts deposits freely but enforces strict withdrawal controls, ensuring only the designated withdrawal address can retrieve the accumulated funds. The application maintains a persistent balance state, generates reports for all operations, and creates vouchers exclusively when authorized withdrawal requests are processed.
It demonstrates the security of an ERC-20 token deposit and withdrawal application built on the Cartesi Rollups framework. It's written in C++20 using Cartesi Machine low level API with several safety and security measures, including comprehensive unit tests and stress tests. It runs inside a RISC-V Cartesi Machine environment.
The application maintains a persistent state on a dedicated flash drive, storing the current token balance as a big-endian 256-bit integer.
When triggered by a valid ERC-20 deposit request from any address, the application:
- Validates the correct token address is used
- Validates no arithmetic overflow occurs when adding to the balance
- Adds the deposited amount to the balance
When triggered by a valid advance state request from the withdrawal address, the application:
- Validates that funds are available
- Issues a voucher to transfer the entire balance
- Resets the internal balance to zero
At any time, users can query the current balance of the honeypot through an inspect state.
The application is designed to be secure with the following features:
- Thorough input validation
- Arithmetic overflow protection for balance operations
- Error handling and reporting for every function call
- Implemented in modern and idiomatic C++20
- No use of dynamic memory allocation
- No use of exceptions or RTTI
- Compiled with strict C++ hardening flags
- Includes comprehensive Lua unit tests
- Includes stress tests with simulating thousands of random advance requests
- Docker
- GNU Make
- Lua 5.4
- cartesi/machine-emulator 0.19.x
- cartesi/xgenext2fs
To build the application and create a machine snapshot:
make HONEYPOT_CONFIG=localhostThis will:
- Compile the C++ application
- Build the root filesystem
- Create a machine snapshot
NOTE: Make sure to use the appropriate configuration in HONEYPOT_CONFIG, available options are listed in config sub-directory. When changing the configuration, perform make clean before building again.
To run the basic test suite:
make test HONEYPOT_CONFIG=localhostFor stress testing (runs thousands of random operations):
make test-stress HONEYPOT_CONFIG=localhostNOTE: Make sure to use the appropriate configuration in HONEYPOT_CONFIG used during build time.
honeypot.cpp: Main application code implementing the core logichoneypot-config.hpp: Configuration constants including addressesrootfs.Dockerfile: Docker configuration for building the DApp root filesystemtests/: Test suite made in Lua including unit and stress tests
The application uses the following configured addresses:
ERC20_PORTAL_ADDRESS: The address of the Cartesi ERC-20 PortalERC20_WITHDRAWAL_ADDRESS: The fixed address where tokens are withdrawn toERC20_TOKEN_ADDRESS: The address of the accepted ERC-20 token
These values can be modified in honeypot-config.hpp.
You can check various development tasks in the help:
make helpApache-2.0 License - See the LICENSE file for details
See the AUTHORS file for a list of contributors.