Project Summary During the EPF, I built a project for fuzzing the Ethereum network. This idea was suggested by Fredrik, and being passionate about security and blockchain, it immediately captured my interest. Create new fuzzers for software in order to find potential vulnerabilities, or improve on existing fuzzing frameworks. Networking in particular is an area where this could see some improvements on, but clients on the execution layer and consensus layer could also benefit from additional fuzzing. Fredrik pointed the importance of fuzzing the Ethereum network. Fuzzing is a technique used to test the robustness of a computer program by sending it incorrect and valid data in order to trigger unusual behaviour. I have chosen to focus on fuzzing the Ethereum network, and more specifically on the devp2p protocols implemented by Ethereum execution clients. To be able the fuzzing of the Ethereum network, I had to deepen my knowledge in two specific areas:

Hello everyone! Here’s my development update for Week 13 & 14 of Ethereum Protocol Fellowship Cohort 4! Here's my progress for the week: First of all, I'm happy to announce that the security vulnerability I found has been validated by the ethereum bug bounty program and is already fixed! However, I'm going to avoid giving any details as it's still new at the moment. I've also been accepted as an official fellow for the EPF! Many thanks to Mario Havel and JoshD! I've been doing a lot of research and testing on a potential new security vulnerability, again I can't talk too much about it but I've had a few leads so far that haven't worked out and I've decided to put them aside for the time being because I've spent a lot of time on them.

Hello everyone! Here's my development update for Week 12 of Ethereum Protocol Fellowship Cohort 4! Here's my progress for the week: I've added 3 new messages about the ethereum wire protocol and a new fuzzer. I added a new way to launch the fuzz test automatically via a configuration file, the new messages will use this one instead of the cli. I've updated the project documentation I've done more research into security vulnerabilities in tcp protocols and fuzzing techniques. I'm still discussing for the security vulnerability I mentioned last week. Next Steps

Hello everyone! Here's my development update for Week 11 of Ethereum Protocol Fellowship Cohort 4! Here's my progress for the week: I've found a bug that cause a security vulnerability, I've spent the week researching and testing the vulns I could provoke from this bug. I measured the impact and sent a report to the ethereum security bounty program and did a POC.Unfortunately, I can't give any details until the potential vulnerability has been corrected.All I can say is that I've spoken to Fredrik about it and it seems to be a good find! Having spent most of the week on the bug I mentioned earlier, I haven't been able to spend much time adding functionality to my fuzzer but I have still been able to add two new fuzzed messages and their commands! I've also found 3 new bugs that are spec non compliance issues that I've added to the issues I've already opened! Next Steps The vulnerability I reported should probably be dealt with this week. I intend to continue adding messages and commands to my fuzzer.

Hello everyone! Here's my development update for Week 10 of Ethereum Protocol Fellowship Cohort 4! Here's my progress for the week: I started the week by continuing my research into possible security vulnerabilities that could result from the bugs I found. I grouped together all the bugs I found and did tests, research and carefully observed the behaviour of each implementation for each bug I found. Unfortunately (or fortunately) I didn't find anything that concern the security aspect of the clients, the bugs being only spec non compliance issues. As there were no bugs involving security, I decided to report them publicly on the repos of each implementation. First I reconfirmed each bug, then I got in touch with core contributors from different client teams, I presented the bugs to them to see what they think about it, explained how to reproduce the bug, talked about devp2p... I got good feedback and the developers were very happy that I had discovered some issues :) . In the meantime, I was able to find a few other small issues on a few clients (for example, Erigon displaying the wrong port for the enode address in the logs, or rlpx not being correctly implemented on Besu and others little issues...). In the end, I reported 25 bugs in total, divided into 13 issues and concerning 5 different implementations: Geth, Besu, Erigon, Nethermind and Reth . I'd particularly like to thank Matthias Seitz from Reth for his explanations and help on how Reth works, and Stefan from Besu who was very friendly and efficient, having already corrected the problem I found with Rlpx in this merged pr:

Hello everyone! Here's my development update for Week 9 of Ethereum Protocol Fellowship Cohort 4! Here's my progress for the week: I continued to add fuzzers and messages to my fuzzing project: 1 new fuzzer was added as well as 1 message for the Rlpx. I continued to study the devp2p specifications and fuzzing techniques. I updated the project documentation to include the new fuzzers, messages and commands. I've had a chance to talk to Felix about the issues I've found, we've discussed them and concluded that the behaviours observed are indeed unexpected behaviours, but they need to be checked to make sure they're due to a bug in the implementations. Felix is on it and I've provided him with all the information and data he needs to do the checks, so I'm now waiting. I've been exploring the possible security vulnerabilities that the bugs found could cause by researching and testing things, but it doesn't seem to be anything too serious.

Hello everyone! Here's my development update for Week 8 of Ethereum Protocol Fellowship Cohort 4! Here's my progress for the week: 2 new fuzzers have been added as well as 2 new messages: 1 message on the discv4 and 1 message on the rlpx. With these new additions the project now has 24 different fuzz tests! I discovered 3 new potential issues on various implementations thanks to my fuzzers, I contacted Felix to tell him about them before making them public or sending them to the ethereum bounty program. I continued to study the devp2p specifications and fuzzing techniques. I sent a pr to update the rpctestgen project in order to add tests to the pr: https://github.com/ethereum/execution-apis/pull/398 . I've also written some code to update the chain generated by rpctestgen by adding blob tx, I've sent the code to lightclient and I'm waiting for a response from him to move on. I'm still waiting for the review of my vulnerability report that I sent last week to the ethereum bounty program.

Hello everyone! Here's my development update for Week 7 of Ethereum Protocol Fellowship Cohort 4! This week I was able to make good progress on my project and continued my research into fuzzing and devp2p : I updated the cli of the project and added four commands to make it possible to launch a fuzz test with options like selecting the fuzzer, the number of runs, and an optional string to mutate. I added one new fuzzer that applies mutations to a string. I opened one issue on the Geth project because I found that one of my fuzz test is not available as a unit test in Hive. I proposed to add this feature to Hive tests. I found one possible issue in implementations with my fuzzer. I sent a vulnerability report to the Ethereum bounty program, and they confirmed that they are reviewing the report and will get back to me as soon as possible. I continued my readings of fuzzing techniques and devp2p specifications and watched videos about fuzzing. I wrote documentation on how to use my project, set up a private network, and provided information about the commands and fuzzers.

Hello everyone :wave:, here’s my development updates for the Week 6 of ethereum protocol fellowship cohort 4 ! This week I was able to make good progress on my project: I started by learning about geth with the official documentation, and I studied in depth the codebase of geth, mainly the implementation of devp2p. I have set up a private network of two geth nodes, one with the original version of geth and one with my modified version of geth. So I modified geth and started with the ping message of the discv4: Ping Packet (0x01). The message contains the following information:

Fuzzing the Ethereum network (devp2p) Create fuzzers for the devp2p protocols in order to find potential vulnerabilities. Motivation In order to ensure the good running of Ethereum, it is imperative that it remain highly secure. As a large blockchain, Ethereum represents a target for potential hackers. The Ethereum network and the different protocols of the devp2p play an essential role in enabling communication between nodes, which is an essential element for the operation of the protocol. Vulnerabilities or errors in this network could cause significant problems. It is therefore crucial to guarantee the maximum security of the network and exchanges between nodes.

Hello everyone :wave:, here’s my development updates for the Week 5 of ethereum protocol fellowship cohort 4 ! To start this week, I couldn't work as much as I wanted, I had 2 days off because I was very sick. but I'm starting to get better, so I'm back to work :smiley: So I started the week by reviewing my project proposal indeed, I received feedback from Mario, which left me with a lot of comments. I was able to apply most of the comments, except for some that required me to do more research on the testing ecosystem of ethereum because I did not know enough about the subject. So I did my research on Ethereum testing to see how my fuzzing project could contribute to the ecosystem, and then I updated my proposal.

Hello everyone :wave:, here’s my development updates for the Week 4 of ethereum protocol fellowship cohort 4 ! Continuation of research and writing of my proposal This week I continued my research on fuzzing and I progressed on the fuzzing book. Then I continued my research on the devp2p specifications and decided that I was going to reuse and modify the code of an existing implementation rather than redoing something from scratch myself. I opted for Reth, it's a very good option because: reth is an implementation of ethereum in rust , the same language I chose to use for the development of fuzzers this will allow me to use a single language.

Hello everyone :wave:, here’s my development updates for the Week 3 of ethereum protocol fellowship cohort 4 ! Research on fuzzing This week I was able to deepen my research on the subject of the project I choose : fuzzing . The project was suggested by the mentor Fredrik: Create new fuzzers for software in order to find potential vulnerabilities, or improve on existing fuzzing frameworks. Networking in particular is an area where this could see some improvements on, but clients on the execution layer and consensus layer could also benefit from additional fuzzing. I started the week by learning more about fuzzing, reading and watching resources on the subject and started practicing.

Hello everyone :wave:, here’s my development updates for the Week 2 of ethereum protocol fellowship cohort 4 ! "Finishing" my learning of rust : I spent the week continuing my learning of rust, I've been on it for several weeks now, I learned a lot about this language. I kept bringing new features to the project I had created to practice rust. I was able to finish the rust book and almost finished the rustlings exercises. The first step of my plan for the epf : learning rust and ethereum, is complete. However, I intend to continue learning the rust language and deepen my knowledge of ethereum through the epf, it will just be less frequent than these first 3 weeks.

Hello everyone :wave:, here's my development updates for the Week 1 of ethereum protocol fellowship cohort 4 ! Rust & Ethereum This week i continued the learning of rust and ethereum that i started previous week . So i continued to progress on the rust book, but i did more practice this time. For this, in addition to the ressources i mentionned last week, i used the project rustlings. Rustlings is a set of exercices that goes through the rust book, which allowed me to practice more while reading the book.

Hi everyone :wave: i'm Mohas here's the Week 0 of my development updates for the ethereum protocol fellowship cohort 4 ! Familiarization with the EPF program I started by finding out how the epf work, by consulting the cohort 4 repo and previous cohort repos. I also joined the ethereum R&D discord server. I'm interesseted about web3 security and i found the project idea proposed by Frederik very interesting . Then I had questions about epf, so I attended the first call and got my questions answered. I had a discussion with the mentor Frederik in order to have more information on the project idea he submitted and he sent me some useful resources.