Fuzzing blogpost focused on fuzzing, vulnerability research, WebAssembly and Rustlang | Fuzzing Labs.
Grehack ctf WRITEUP Casting reverse challenge into cryptanalysis challenge In mid-November, I participated in the GreHack CTF with my team (Phreaks 2600), and the challenge I will present was one of the problems featured in the competition. Interestingly, only two other teams managed to solve it, this makes it a particularly intriguing challenge, categorized under…
Poseidon Sponge Bugs in ArkWorks Avoiding Cryptographic Failures in Hashing We found two subtle yet impactful bugs in the ArkWorks library’s implementation of the Poseidon Sponge. This discovery highlights the complexity and precision required in cryptographic implementations. In this article, we’ll first explain what Poseidon Sponge is, how it works, and then delve into the…
Uncovering a Subtle Bug in Ethereum Virtual Machine (EVM) The Case of Arithmetic Negating Zero Our team at FuzzingLabs has been auditing the Ethereum Virtual Machine (EVM) implementation by LambdaClass. Throughout the audit, we’ve identified several vulnerabilities, but in this post, we’ll focus on one particularly interesting issue involving the SDIV operation and its handling…
Top 4 Vulnerabilities in Cairo/Starknet Smart Contracts Detection and Remediation What is Cairo ? In 2021, StarkWare introduced Cairo, a programming language designed for creating provable programs using zero-knowledge proofs. It serves as the smart contract language for Starknet, a layer-2 blockchain built on top of Ethereum. This article explores some of the most common…
Solana Vulnerability Explained Revival attacks on Solana programs As the blockchain world expands, Solana has stepped into the spotlight as a compelling alternative to Ethereum. But behind its lightning-fast transactions and low fees lies a hidden world of unique security challenges. One such vulnerability that we frequently encounter during our security audits on the Solana…
Uncovering an Out of Memory Vulnerability in Gnark How We Discovered CVE-2024-50354 Last month (october 2024), LambdaClass and Fuzzinglabs teams discovered an Out of Memory (OOM) vulnerability within the Gnark library, one of the most popular Go library for zk-SNARKS. During the deserialization of Verifying Keys, we can trigger a fatal error that can lead…
SECURING THE FUTURE OF ZK PROOFS & ETHEREUM SCALABILITY In-Depth Audit of Aligned Layer’s Smart Contracts and Batch Processing At FuzzingLabs, we recently completed a comprehensive security audit of Aligned Layer, a decentralized network designed to provide fast, efficient, and low-cost verification of zero-knowledge (ZK) and validity proofs on the Ethereum blockchain. This post summarizes the key…
When Debug Logs Go Wrong & Crash Your gRPC Node Deep Dive into Astria-Geth GRPC Logging Bug In blockchain technology, even small mistakes can cause big problems. Imagine if sending an empty request to a node’s API could crash the entire node. Hard to believe? That’s exactly what we found in the Astria-geth node. In…
Fuzzing Newsletter August & September 2024 📺 Videos/Podcasts Fuzzing for Bugs 🎸🤘 AI-generated Rock Song for Security Researcher 😎 – 📝 Blogposts/Papers/Slides SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing – https://www.mlsec.org/docs/2024c-asiaccs.pdf Expand the reach of Fuzzing – https://thuanpv.github.io/publications/NUS_Summer_School_Thuan_Pham_Final_Public.pdf On Understanding and Forecasting Fuzzers Performance with Static Analysis – https://s3.eurecom.fr/docs/ccs24_zhang.pdf Ring Around The Regex: Lessons…
Lambdaclass Acquires Strategic Stake in FuzzingLabs
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |