Beaconfuzz - A Journey into Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery @ OffensiveCon 2022

Abstract

This talk is about our journey and step-by-step process into fuzzing Ethereum 2.0 implementations software. We will start with a brief introduction to Ethereum 2.0 specification and ecosystem. Then, we will explain the architecture of this type of software and the kind of bugs we were looking for (DoS, logic/consensus bugs). We will also detail the complexity behind fuzzing 5 differents under-development software written in 5 different languages (Rust, Go, Java, Nim, JS) by 5 different teams. Finally, we will go chronologically through all the different fuzzing frameworks and techniques (dumb, coverage-guided, differential,  structural) we used and why we choose them in the first place. In the end, this project leads us to find more than 30 critical bugs across all implementations.

beaconfuzz eth eth2.0 ethereum 2 beaconchain beacon node fuzzing nimbus prysm lighthouse lodestar offensive con offensivecon 2022

Slides

Direct download: link

Video

FREE Courses & Training

Enter your email and we'll send you a bundle of awesome resources. 100% free - 100% awesome.

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.