We made Fluffy publicly available at https://github.com/snuspl/fluffy. Fluffy is a multi-transaction differential fuzzer for finding consensus bugs in Ethereum. Fluffy mutates and executes multi-transaction test cases to find consensus bugs which cannot be found using existing fuzzers for Ethereum. Fluffy found two new consensus bugs, the shallow copy bug (CVE-2020-26241) and the tranfer-after-destruct bug, in the most popular Geth Ethereum client which were exploitable on the live Ethereum mainnet. Four months after we reported the bugs to Geth developers, one of the bugs was triggered on the mainnet, and caused nodes using a stale version of Geth to hard fork the Ethereum blockchain. The blockchain community considers this hard fork the greatest challenge since the infamous 2016 DAO hack. For details, please refer to our OSDI 2021 paper.
Share This Story, Choose Your Platform!
About the Author: firstname.lastname@example.org
Comments are closed.