YoVDO

Finding Consensus Bugs in Ethereum via Multi-transaction Differential Fuzzing

Offered By: USENIX via YouTube

Tags

OSDI (Operating Systems Design and Implementation) Courses Software Testing Courses Ethereum Courses Blockchain Security Courses

Course Description

Overview

Explore a 15-minute conference talk from USENIX OSDI '21 that delves into finding consensus bugs in Ethereum through multi-transaction differential fuzzing. Learn about Fluffy, a novel fuzzing tool designed to uncover rare but critical consensus bugs in Ethereum clients. Discover how Fluffy improves upon existing fuzzers with its multi-transaction approach, cross-referencing oracles, and optimizations like in-process fuzzing and semantic-aware mutation. Understand the impact of Fluffy's findings, including two new consensus bugs in the popular Geth client that led to a significant hard fork in the Ethereum blockchain. Gain insights into the challenges of Ethereum security, the importance of consensus in blockchain networks, and the potential of advanced fuzzing techniques in identifying vulnerabilities.

Syllabus

Intro
Nov 11th, 2020 hard-fork
Ethereum
Consensus bugs
Existing fuzzers
Key idea
Bugs we found
Transfer-after-destruct bug
Our goal
Design challenges
Fluffy (Our fuzzer)
Fluffy overview
Implementation
Evaluation
Code coverage (Higher is better)
Throughput (Higher is better)


Taught by

USENIX

Related Courses

Enterprise and Infrastructure Security
New York University (NYU) via Coursera Blockchain Architecture Design and Use Cases
NPTEL via Swayam Applications of Blockchain
Monash University via FutureLearn Advance Your Skills in the Blockchain
LinkedIn Learning Blockchain and Smart Contracts Security
LinkedIn Learning