EPF Week1 Update

Spent this week trying to pick what to work on 2 project ideas(proposed by mentors) got me most interested * auditing `or/and` fuzzing solidity compiler * auditing `or/and` fuzzing grandine So I started researching on both to see which will be more fun to work on. Started the week by digging in solidity compiler * Looked into source code of [afl-compiler-fuzzer](https://github.com/agroce/afl-compiler-fuzzer) & tried to understand how it works * This one already has a great track record of [being used to find bugs in solc](https://github.com/ethereum/solidity/issues?q=is%3Aissue+author%3Aagroce+label%3A%22bug+%3Abug%3A%22+created%3A%3E%3D2020+). * Related articles: * [Breaking the Solidity Compiler with a Fuzzer](https://blog.trailofbits.com/2020/06/05/breaking-the-solidity-compiler-with-a-fuzzer/) * [A Year in the Life of a Compiler Fuzzing Campaign](https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/) * Started reading [Fuzzing section of TrailOfBits's Testing Handbook](https://appsec.guide/docs/fuzzing/) Did some reading on bugs found in compilers * [Libra’s Move IR Compiler Vulnerability](https://blog.openzeppelin.com/libra-vulnerability-summary) * [video explanation by tincho](https://www.youtube.com/watch?v=Q7IQJSwrU5o) * [vyper compiler audit](https://www.codehawks.com/report/cll5rujmw0001js08menkj7hc) * [vyper's Nonreentrancy Lock Vulnerability](https://hackmd.io/@vyperlang/HJUgNMhs2) Next,I started looking into Grandine from Wednesday. - Started learning more on Consensus Layer from [epf.wiki](https://epf.wiki/) - Finished watching [Alex Stoke's lecture on CL](https://www.youtube.com/live/FqKjWYt6yWk?si=A0QPskrZTtQ5GU55) & [Lecture on Consensus Client Architecture by Paul Harris](https://www.youtube.com/watch?v=cZ33bfGXzOc&list=PLvu3JfoGPg5nt45MNYEuExw17pbH9MB3p) - Did a light manual review of Grandine's codebase - Went through [lighthouse](https://github.com/sigp/lighthouse) 's fuzz tests - Looked into [beacon-fuzz](https://github.com/sigp/beacon-fuzz) , [afl-rs](https://github.com/rust-fuzz/afl.rs) (yet to understand how these work under the hood) - Read audit reports of some other CL clients to get an idea of possible attack vectors - Prysm's audit reports - [by Quantstamp](https://docs.prylabs.network/assets/files/Quantstamp_Prysm_Phase_0_Final_Report-d70b22fbd999b05e34346a2505782619.pdf) - [by TrailOfBits](https://docs.prylabs.network/assets/files/Trail_of_Bits_Prysm_Phase_0_Final_Report-ff2b2307a648f6b23dea9ed119b1516f.pdf) - [Nimbus's issues](https://github.com/status-im/nimbus-eth2/labels?q=audit) ## Goals for next week - Finalize what to work on - Get a better understanding of differential fuzzing in general