I was interested in a first project for getting familiar with TLA+, “a high-level language for modelling programs and systems.” TLA+ has been used to find errors in the design of real-world distributed systems, so I was curious how it compared to model checkers I have previously used such as…

Two smart contract fragments were identified that cause panics in the NeoVM implementation in the Ontology blockchain code. Introduction Ontology is a “distributed trust collaboration platform”, a blockchain that supports identity management and smart contracts. Ontology smart contracts can be written in a variety of languages using an online IDE. …

Even quality code with good test coverage can benefit from fuzz testing! The Ripple blockchain server (rippled) did not exhibit any security holes in its JSON implementation, or any invariant violations in its LedgerTrie class However, the “stress” unit test of LedgerTrie omits a couple branches that were exercised by…

Using American Fuzzy Lop on the Snappy compression library found no new bugs, and reported only high memory usage related to preallocation of an output buffer. Users of Snappy should be aware of this preallocation and check the uncompressed size before calling snappy::Uncompress Non-C++ implementation of Snappy have had bugs…

Using American Fuzzy Lop on a message parsing library contained in the Steem blockchain implementation found unexpectedly large memory usage. The memory allocation point identified by AFL can be successfully turned into an exploitable denial-of-service attack, on Steem and other Graphene-based blockchains. Introduction In a previous article, we introduced fuzz testing…

Using American Fuzzy Lop on the JSON parsing library contained in the Steem blockchain implementation found a latent bug. Fortunately, this bug is not exploitable in practice, though it may cause Steem to incorrectly report end-of-file on nonconforming JSON input, or crash on a malformed configuration file. What is Fuzz Testing? Fuzz testing applies…