Securing your token sale’s whitelist
The Snip token sale concluded 2 weeks ago, so it’s a good time to share with you a more technical side of the sale — how to securely build a dynamic token sale whitelist.
A bit of background first. Like some other sales, Snip token sale was conducted using an Ethereum smart contract we wrote. The contract receives Ether and sends back to the sender’s address the right amount of SnipCoins, on one condition — that the sender is on the whitelist. What’s a whitelist? A list of Ethereum addresses that were approved by us (the legal reasons for that are a matter for another post). The list can be hard-coded in the contract or be dynamic by sending “new address” commands to the contract. We chose the latter in order to allow more people to join the sale after it has already started. A very smart decision!
Creating a dynamic whitelist means that you need send a lot of “add to whitelist” transactions (over a thousand) signed by the contract creator address. Those transactions have to be sent immediately after the user signs up in order to allow him to purchase SnipCoins at the same visit. At the same time, it has to be secure in order to make sure our private key is safe. Our experience in cybersecurity appeared to be handy, and we created a setup that answered those requirements.
During the signup the user enters his Ethereum address and it’s stored on our web servers. A dedicated bare Linux server is constantly querying the web server for new addresses. This Linux server isn’t running anything else except for that script in order to reduce the risk and its vulnerable interfaces. This Linux is connected to the internet so of course it can’t store any sensitive data.
Once a new address is found, our Linux sends a request to an offline Mac to generate a signed “add to whitelist” command (the command itself is a simple web3js script). This Mac is connected to the Linux with an Ethernet cable, without any internet connection, and with all other interfaces blocked. Its only duty is receiving address and returning a signed command. The private key is stored on that Mac so it’s important to secure it. For that reason we decided to use bare Linux and Mac connected with Ethernet between them — finding, understanding and attacking that kind of setup within a 4 weeks period is almost impossible.
Once our Linux receives the signed command, it broadcasts it on the Ethereum Blockchain (with our own node or, even easier, with Etherscan API). In less than 30 seconds the entire process is completed and the new address is on the whitelist. Our web server can now notify the user that his address is on the whitelist and he’s good to go and buy SnipCoins!
Designing and building the setup took us about 3 days. It allowed us to completely automate the whitelisting process while keep it secured. And it’s also pretty cool :)
Of Course, all the code can be found on our github.
Have a secure day!
