-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fuzzing page #282
base: main
Are you sure you want to change the base?
Add fuzzing page #282
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# Fuzzing Ethereum's devp2p Protocol | ||
|
||
|
||
|
||
The Ethereum network, a cornerstone of decentralized applications, is a prime target for potential security breaches due to its widespread adoption. Ensuring the maximum security of the network and node interactions is crucial to prevent significant problems. The devp2p protocols, responsible for facilitating communication between Ethereum nodes, are a critical area of focus to enhance network security. Fuzzing, a robust testing technique, can be employed to identify vulnerabilities and potential issues in the Ethereum network's devp2p protocols using the Go programming language. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Intro to Ethereum is not necessary here, you should just get to the point about testing and how fuzzing benefits the testing/security infrastructure |
||
|
||
Securing the Ethereum network is paramount to maintain its integrity and protect against potential attacks. Vulnerabilities or bugs in the devp2p protocols could lead to disruptive issues or even compromise the entire network. To mitigate this, Ethereum contributors have developed various tools, including fuzzers. | ||
|
||
|
||
Fuzzer programs provide invalid, unexpected, or random data as inputs to a computer program, monitoring for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. By leveraging fuzzers, we can simulate diverse scenarios, identify unexpected behaviors, and uncover vulnerabilities that may not be apparent through traditional testing. | ||
|
||
By harnessing the power of fuzzing and developing fuzzers in Golang to interact with Geth's devp2p protocols, we can bolster the security of the Ethereum network. Targeted fuzzing enables the Ethereum community to proactively address potential threats, ensuring the robustness and longevity of the Ethereum ecosystem. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the whole body should be changed to more approachable structure, e.g. paragraphs like Intro to fuzzing |
||
|
||
|
||
### Here is a list of different fuzzers made by Ethereum contributors: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. List of fuzzer tech is good but the title should be simplified to just a 'List of fuzzing tools' or so. Ideally, this paragraph should provide a context about each fuzzer |
||
|
||
https://github.com/MariusVanDerWijden/tx-fuzz | ||
|
||
https://github.com/MariusVanDerWijden/FuzzyVM | ||
|
||
https://github.com/holiman/goevmlab/ | ||
|
||
https://github.com/infosecual/nosy | ||
|
||
https://github.com/ethereum/c-kzg-4844/tree/main/fuzz | ||
|
||
https://github.com/jtraglia/kzg-fuzz | ||
|
||
https://github.com/sigp/beacon-fuzz | ||
|
||
https://github.com/infosecual/wormtongue | ||
|
||
|
||
### Resources | ||
|
||
* [Devp2p Specification](https://github.com/ethereum/devp2p) | ||
* [Official Go implementation of the Ethereum protocol](https://github.com/ethereum/go-ethereum) | ||
* https://github.com/MariusVanDerWijden/FuzzyVM | ||
* https://github.com/MariusVanDerWijden/tx-fuzz | ||
* https://github.com/MariusVanDerWijden/merge-fuzz |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the title shouldn't be only focused on devp2p but take a general approach of explaining fuzzing testing