HackMD
Hello everyone! Here's my development update for Week 10 of Ethereum Protocol Fellowship Cohort 4!
Here's my progress for the week:
-
I started the week by continuing my research into possible security vulnerabilities that could result from the bugs I found. I grouped together all the bugs I found and did tests, research and carefully observed the behaviour of each implementation for each bug I found. Unfortunately (or fortunately) I didn't find anything that concern the security aspect of the clients, the bugs being only spec non compliance issues.
-
As there were no bugs involving security, I decided to report them publicly on the repos of each implementation. First I reconfirmed each bug, then I got in touch with core contributors from different client teams, I presented the bugs to them to see what they think about it, explained how to reproduce the bug, talked about devp2p… I got good feedback and the developers were very happy that I had discovered some issues :) .
-
In the meantime, I was able to find a few other small issues on a few clients (for example, Erigon displaying the wrong port for the enode address in the logs, or rlpx not being correctly implemented on Besu and others little issues…).
In the end, I reported 25 bugs in total, divided into 13 issues and concerning 5 different implementations: Geth, Besu, Erigon, Nethermind and Reth .
I'd particularly like to thank Matthias Seitz from Reth for his explanations and help on how Reth works, and Stefan from Besu who was very friendly and efficient, having already corrected the problem I found with Rlpx in this merged pr:
