-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fuzzing and Auditing roadmap #486
Comments
Fuzzing of the spec parts will be part of a generalized client fuzzing framework being developed by sigma prime - in general the idea is that each client provides a client library with a set of |
|
https://github.com/sigp/eth2.0-fuzzing is where the tool is being developed |
One of our goals for June would be to formulate a specific audit plan and then document it here. |
I think https://github.com/status-im/nim-testutils and the ongoing audit closes this issue. |
Our fuzzing efforts have to take into consideration the possible target dates for shipping a production-ready ETH2 phase 0 client and an ETH1 client. All components must first go through continuous fuzzing and later, shortly before shipping, through a security audit by an external agency.
Since the external security audit will limit our ability to refactor the code significantly and to pursue further optimizations, we must strive to create a pipeline where we'll be able to test, optimize, fuzz and audit the individual smaller components, gradually combining them into larger and larger pieces.
This document aims to provide a suitable order for carrying out the optimization and fuzzing efforts. To determine the best order, we must first profile the code to determine which components will need to go through significant optimization.
WIP Order:
The Sigma Prime team has a significant fuzzing expertise and they've spent time refactoring their beacon node implementation to make it more suitable for fuzzing. It may be worthwhile to study their approaches and to optimize our codebase for these purposes as well.
The text was updated successfully, but these errors were encountered: