You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
First, as far as we are aware, this was the first time a professional services firm reviewed the security of a Bitcoin client. We began with a comprehensive review of the bitcoind attack surface and surveyed previous attempts to fuzz it.
Prior fuzzing efforts appeared ad-hoc, did not share their input sets or report code coverage, and referred to outdated, unworking instructions. We identified surprising gaps in coverage when compared to our attack surface modeling and set about to remedy the situation.pic.twitter.com/YTwvGQ3RLI
In our first week, we developed libFuzzer and AFL drivers targeted to specific areas of high-priority attack surface and modified build scripts to support a “fuzzer mode.” This vastly enhances fuzzing effectiveness, e.g.: https://github.com/google/boringssl/blob/master/FUZZING.md …
These fuzzer drivers and build enhancements were integrated directly into the BitcoinSV codebase, improving its SDLC. Fuzz test corpora are saved after each campaign and milestones are re-fuzzed with these continuously refined test cases. (these are not yet public)
After building fuzzers driven by attack surface modeling and using best practices, we identified a number of security issues over the course of the engagement. This included some of the medium-severity issues that BitcoinSV obtained CVEs to track. https://bitcoinsv.io/2019/03/01/denial-of-service-vulnerabilities-repaired-in-bitcoin-sv-version-0-1-1/ …
These issues detail ways for messages to waste a victim’s CPU and network resources without triggering any of the denial-of-service mitigations that normally detect and ban misbehaving peers.
This concluded the 1st week of a 6 week project. I’ll save further details for when the full report comes out. Suffice to say, please get in touch if you want a similarly comprehensive security review, driven by engineering goals and fuzz test development.https://www.trailofbits.com/contact/
I’d like to thank the folks at @BitcoinSVNode for giving us the freedom to work the engagement the way we felt was best, letting us invest significant effort into foundational and long-term engineering efforts rather than simple manual bug hunting.
Finally, I’d like to note that @trailofbits has no stake in which blockchains are successful. We’re here to help everyone build more secure and trustworthy code. We were glad to work on this project, which we saw as helping the entire blockchain community.
Nice! Any plans to integrate it with OSS-Fuzz? That would provide 24/7 fuzzing with automated crash management, code coverage reports, and other awesome stuff including integration rewards :)
Here's what we said in the report about oss-fuzz. There are downsides to using oss-fuzz and I think it makes more sense to run your own fuzz tests in this particular case. I don't think use of oss-fuzz is planned.pic.twitter.com/Hya9NDvXMF
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
