eth.coinbase的eth.sendTransaction进行多次交易并减少eth.coinbase余额

Question

Im working on a distributed application using Ethereum, the go-ethereum implementation (Geth).

On a Digital Ocean droplet (Ubuntu 16.04) i have installed geth.

I have created a structure like this:

devnet$ tree -L 2
.
├── accounts.txt
├── boot.key
├── genesis.json
├── node1
│   ├── geth
│   ├── keystore
│   └── password.txt

I have:

• One bootnode/discovery node
• One Seal/full node

The seal node is initialized this way:

geth --datadir node1/ init genesis.json

Then the bootnode:

devnet$ bootnode -nodekey boot.key -verbosity 9 -addr :30310
INFO [02-07|22:44:09] UDP listener up                          self=enode://3ec4fef2d726c2c01f16f0a0030f15dd5a81e274067af2b2157cafbf76aa79fa9c0be52c6664e80cc5b08162ede53279bd70ee10d024fe86613b0b09e1106c40@[::]:30310

And after the bootnode is listening, i run geth on the node1:

geth --datadir node1/ --syncmode 'full' --port 30311 --rpc --rpcaddr 'localhost' --rpcport 8501 --rpcapi 'personal,db,eth,net,web3,txpool,miner' --bootnodes 'enode://3ec4fef2d726c2c01f16f0a0030f15dd5a81e274067af2b2157cafbf76aa79fa9c0be52c6664e80cc5b08162ede53279bd70ee10d024fe86613b0b09e1106c40@127.0.0.1:30310' --networkid 1515 --gasprice '1' -unlock '0x87366ef81db496edd0ea2055ca605e8686eec1e6' --password node1/password.txt --mine

Note: this are examples, the real ip, bootnode "enode" value and account arent those.

On this private ethereum network i have deployed a ERC20 contract, with a basic Transfer function, so, i wanted to invoke that function from Metamask, using some random address.

For that, i needed to get some ETH in my account, so i have connected to the geth console and transfer some ether from the eth.coinbase to that addres:

eth.sendTransaction({from:eth.coinbase, to:"0xf17f52151ebef6c7334fad080c5704d77216b732", value: web3.toWei(10, "ether")})

After that, I discovered that some transactions that I had no way to identify, i mean, it was only a transaction to send ether from one account to another, why that result in multiple transactions submitted?

Here is a screenshot of the situation:

Also, every one of those transactions is decreasing the eth.coinbase balance (eth.coinbase == the address that deploys the contract), so i started with a huge amount of Ether on that account and after some of those "ghost" transactions the balance of eth.coinbase was like 0.0026 Ether..

So, i have 2 questions

1. Is there any scenario that could decrease the contract owner address/coinbase balance?
2. Any ideas of why those transactions appear?

EDIT:

This is the problem ... https://github.com/ethereum/go-ethereum/issues/16691

Answer 1

[cross-posting here from Ethereum.SE for completeness]

Digital Ocean does not block any ports by default, to my knowledge.

In all probability, your node's RPC is publicly accessible, and when you unlock the account to send your transaction, a bot tries to sweep the rest to its own address (potentially more than one, since there seem to be multiple recipients).

Try blocking access to the RPC ports from outside the machine using ufw, or simply turn off RPC, since the console works over IPC.

Indeed, if you look at 0x6e4cc3e76765bdc711cc7b5cbfc5bbfe473b192e and 0x7097f41f1c1847d52407c629d0e0ae0fdd24fd58 on the mainnet, you can see that they have swept close to 15 ETH, and the pending transactions reflect a common tactic of such bots, which is to presign transactions of varying value with higher nonces while the rpc is unlocked.