EPF5 Dev Updates - Week 2

# EPF5 Dev Updates - Week 2 ## Weekly Highlights This week, I made significant progress in resolving technical issues, attending meetings, and diving deeper into protocol security and testing. Here's a detailed overview of my activities and achievements. ### Resolving Environment Setup Issues #### Error Resolution in ethereum/execution-test-spec Setup: I encountered errors while setting up the environment for ethereum/execution-test-spec. The main issue was building the wheel for coincurve. Here’s how I resolved it: - Ensure Python 3.10 or Higher is Installed: - Created and activated a virtual environment: ``` shell python3.10 -m venv newenv source newenv/bin/activate ``` - Install Dependencies Manually: - Installed common dependencies: ``` shell pip install numpy pytz cryptography ``` - Use Different Installation Commands: - Instead of using `-e.[docs,lint,test]`, installed dependencies separately: ``` shell pip install coincurve[docs] pip install coincurve[lint] pip install coincurve[test] ``` With these steps, I successfully set up my environment. ![Screenshot 2024-06-17 at 15.51.02_Nero AI_Compress](https://hackmd.io/_uploads/ByKR-m8UR.jpg) ### Meetings and Workshops #### Weekly Stand-Up and Office Hours - **Weekly Stand-Up:** Attended the weekly stand-up meeting. - **Meeting with Saulius:** Had a productive meeting on Thursday. - **Office Hours:** Attended office hours eagerly because Fredrik Svantes presented on Protocol Security. He also answered some pending questions I had. ### Working on Grandine Client Having an interest in protocol security, I chose to engage with Grandine as a client after thoroughly examining their codebase and the comprehensive security measures and tests they have implemented. Here’s an overview: #### Building Grandine on macOS Initially, I had to test Grandine on my system since I use macOS, but the software is primarily tested on Linux by its developers. Despite the lack of native support, I had to figure out how to build Grandine on my macOS system. Here’s my approach to getting Grandine up and running on my PC. - Instead of running `apt-get install` commands, I used brew to install necessary packages individually: ``` bash brew install openssl brew install llvm brew install cmake brew install unzip brew install protobuf brew install zlib ``` - **Breakdown of the Packages:** - `ca-certificates:` Homebrew doesn't explicitly install this as a package because macOS handles SSL certificates natively. - `libssl-dev:` The openssl package in Homebrew includes SSL libraries. - `clang:` Installed with the llvm package, which includes clang. - `cmake:` Installed as cmake. - `unzip:` Installed as unzip. - `protobuf-compiler:` Installed as protobuf. - `libz-dev:` Installed as zlib. - **Additional Configuration:** - Exported paths to ensure the build process could locate necessary libraries: ``` bash export PATH="/usr/local/opt/openssl/bin:$PATH" export LDFLAGS="-L/usr/local/opt/openssl/lib" export CPPFLAGS="-I/usr/local/opt/openssl/include" export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig" ``` #### Handling Build Errors I encountered an error related to downloading the `rust-std-aarch64-unknown-linux-gnu` component due to a timeout. To resolve this, I: - **Retry the Build:** Network issues are often temporary, so I retried the build command. - **Increase Timeout:** Set a higher timeout value: ``` sh export CARGO_HTTP_TIMEOUT=600 ``` - **Increase Docker Memory:** - Increased the memory allocated to Docker, which led to a successful build. ![Screenshot 2024-06-20 at 16.26.49](https://hackmd.io/_uploads/SyF_PX8IC.jpg) ``` bash docker build . --tag grandine:local ``` ![Screenshot 2024-06-23 at 23.49.49](https://hackmd.io/_uploads/HkMedXLUR.jpg) Next, I plan to join a validator on Holesky and see if anything breaks. This will help determine the success of building Grandine macOS support. ### Observations from Office Hours Reflecting on the office hours held on Tuesday, I gained valuable insights and answers to my questions. Here's a detailed breakdown: #### Three Types of Tests in Grandine - **Type 1 Tests:** Ethereum Foundation Tests (`consensus-spec-test`): Standardized tests provided by the Ethereum Foundation to ensure consensus and compatibility across different clients. - **Type 2 Tests:** Unit Tests Written in Rust. These cover a broader range of cases than the Ethereum Foundation tests and are written in Rust. - **Type 3 Tests:** Hive Tests are thorough yet occasionally unreliable for continuous integration due to their complexity, which sometimes causes issues when running on Grandine. # Fuzzing Grandine ## Previous Fuzzing Efforts - I noticed that the last time Grandine was fuzzed was two years ago. ## Plan to Update Fuzzing Tools - I intend to speak with Fredrik Svantes to gain access to the latest fuzzer, which is not publicly available. The folder I found on GitHub is outdated and pertains to a previous hard fork, making it less relevant for current needs. ## Research on Fuzzers - I have explored various fuzzers and their methodologies, including: - **AFL/AFL++ Fuzzer:** Known for its effectiveness and wide adoption in the community. - **Peach Fuzz and Sulley Fuzz:** Targeted fuzzers designed for specific use cases. - **Feedback-Driven Fuzzers:** Honggfuzz and AFL, which use feedback to improve the fuzzing process. ## Plans for Week 3 - **Complete macOS Support:** - My immediate goal is to finish the support for running the Grandine client on macOS. The time required for this task will determine how soon I can start fuzzing Grandine. - **Start Fuzzing Gradine:** - Once macOS support is in place, I will begin fuzzing Grandine. This involves: - Gaining access to the latest fuzzer through discussions with Fredrik Svantes. - Learning how to effectively utilize the fuzzing tool to test Grandine to ensure robustness and security. # Final Thoughts This week has been a significant step forward in my journey with the Ethereum Protocol Fellowship (EPF5). I've made substantial progress in resolving technical issues, attending meetings, and delving deeper into protocol security and testing. # References [Trail of Bits opensource fuzzing](https://www.trailofbits.com/opensource/#fuzzing) [AppSec Docs on Fuzzing](https://appsec.guide/docs/fuzzing/) [Learn how to Fuzz like a Pro](https://www.youtube.com/watch?v=QofNQxW_K08) [AFL/AFL++](https://www.youtube.com/watch?v=A8ex1hqaQ7E) Looking forward to another productive week!