Beaconfuzz - A Journey into Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery @ OffensiveCon 2022

beaconfuzz eth eth2.0 ethereum 2 beaconchain beacon node fuzzing nimbus prysm lighthouse lodestar offensive con offensivecon 2022

Abstract

This talk is about our journey and step-by-step process into fuzzing Ethereum 2.0 implementations software. We will start with a brief introduction to Ethereum 2.0 specification and ecosystem. Then, we will explain the architecture of this type of software and the kind of bugs we were looking for (DoS, logic/consensus bugs). We will also detail the complexity behind fuzzing 5 differents under-development software written in 5 different languages (Rust, Go, Java, Nim, JS) by 5 different teams. Finally, we will go chronologically through all the different fuzzing frameworks and techniques (dumb, coverage-guided, differential,  structural) we used and why we choose them in the first place. In the end, this project leads us to find more than 30 critical bugs across all implementations.

Website / Slides

Slides

beaconfuzz eth eth2.0 ethereum 2 beaconchain beacon node fuzzing nimbus prysm lighthouse lodestar

Direct download: link

FREE Courses & Training

Enter your email and we'll send you a bundle of awesome resources. 100% free - 100% awesome.

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.

Contact us