Finding Consensus Bugs in Ethereum via Multi-transaction Differential Fuzzing

Explore a 15-minute conference talk from USENIX OSDI '21 that delves into finding consensus bugs in Ethereum through multi-transaction differential fuzzing. Learn about Fluffy, a novel fuzzing tool designed to uncover rare but critical consensus bugs in Ethereum clients. Discover how Fluffy improves upon existing fuzzers with its multi-transaction approach, cross-referencing oracles, and optimizations like in-process fuzzing and semantic-aware mutation. Understand the impact of Fluffy's findings, including two new consensus bugs in the popular Geth client that led to a significant hard fork in the Ethereum blockchain. Gain insights into the challenges of Ethereum security, the importance of consensus in blockchain networks, and the potential of advanced fuzzing techniques in identifying vulnerabilities.

Intro
Nov 11th, 2020 hard-fork
Ethereum
Consensus bugs
Existing fuzzers
Key idea
Bugs we found
Transfer-after-destruct bug
Our goal
Design challenges
Fluffy (Our fuzzer)
Fluffy overview
Implementation
Evaluation
Code coverage (Higher is better)
Throughput (Higher is better)