Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fuzzing and Auditing roadmap #486

Closed
5 of 13 tasks
zah opened this issue Oct 14, 2019 · 5 comments
Closed
5 of 13 tasks

Fuzzing and Auditing roadmap #486

zah opened this issue Oct 14, 2019 · 5 comments
Labels

Comments

@zah
Copy link
Member

zah commented Oct 14, 2019

Our fuzzing efforts have to take into consideration the possible target dates for shipping a production-ready ETH2 phase 0 client and an ETH1 client. All components must first go through continuous fuzzing and later, shortly before shipping, through a security audit by an external agency.

Since the external security audit will limit our ability to refactor the code significantly and to pursue further optimizations, we must strive to create a pipeline where we'll be able to test, optimize, fuzz and audit the individual smaller components, gradually combining them into larger and larger pieces.

This document aims to provide a suitable order for carrying out the optimization and fuzzing efforts. To determine the best order, we must first profile the code to determine which components will need to go through significant optimization.

WIP Order:

  • Nimcrypto (select components)
  • Faststreams
  • SSZ
  • BLS
  • Shuffling
  • State transition
  • Attestation pool
  • Block pool
  • Fork-choice

The Sigma Prime team has a significant fuzzing expertise and they've spent time refactoring their beacon node implementation to make it more suitable for fuzzing. It may be worthwhile to study their approaches and to optimize our codebase for these purposes as well.

@zah zah pinned this issue Oct 14, 2019
@arnetheduck
Copy link
Member

arnetheduck commented Oct 22, 2019

Fuzzing of the spec parts will be part of a generalized client fuzzing framework being developed by sigma prime - in general the idea is that each client provides a client library with a set of C functions exported for the fuzzer to call - before developing a nim-fuzzer library we should probably evaluate what we can reuse from their approach.

@zah
Copy link
Member Author

zah commented Oct 22, 2019

nim-fuzzer is a very specific tool that takes care of calling Nim in the right way in order to compile and run the fuzzing tests written in the framework prepared by @kdeme. Currently, it exists as a set of nims scripts in the nim-eth repo, but this leaves some open questions regarding reusing it in other projects. Nevertheless, we might still postpone creating a separate tool and instead we can rely on imports featuring paths such as "vendor/nim-eth".

@arnetheduck
Copy link
Member

arnetheduck commented Oct 23, 2019

https://github.com/sigp/eth2.0-fuzzing is where the tool is being developed

@tersec tersec unpinned this issue Dec 18, 2019
@mratsim mratsim added this to the ETH1-bridged multi-client testnet milestone Feb 5, 2020
@zah
Copy link
Member Author

zah commented Jun 8, 2020

One of our goals for June would be to formulate a specific audit plan and then document it here.

@zah zah modified the milestones: ETH1-bridged multi-client testnet, June 2020 Jun 8, 2020
@zah zah removed this from the June 2020 milestone Jul 8, 2020
@mratsim
Copy link
Member

mratsim commented Sep 9, 2020

I think https://github.com/status-im/nim-testutils and the ongoing audit closes this issue.

@mratsim mratsim closed this as completed Sep 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants