You are viewing a single comment's thread from:
RE: A Memory Exhaustion Attack Against the Steem Blockchain
Great work! I never found the time to try AFL myself, unfortunately. How far did you get with the Steem code, did you fuzz other parts as well and will we see more great finds from you? ;)
I haven't identified other good entry points for fuzzing yet; one of the things I'm building is tooling that will make it easier to do so and construct the harness automatically. There are also fuzzing tools specifically designed for testing network services which could be used, but whitebox testing is usually more efficient.
I hope to demonstrate other sorts of tools as well, so I might to a TLA+ model on part of the Steem design.
I've been looking at other software, including another blockchain in which I found bugs, but I haven't heard back from their bug bounty program yet so I'm giving them more time before publishing.