Fuchen Ma (Tsinghua University), Yuanliang Chen (Tsinghua University), Meng Ren (Tsinghua University), Yuanhang Zhou (Tsinghua University), Yu Jiang (Tsinghua University), Ting Chen (University of Electronic Science and Technology of China), Huizhong Li (WeBank), Jiaguang Sun (School of Software, Tsinghua University)

Blockchain consensus protocols are responsible for coordinating the nodes to make agreements on the transaction results. Their implementation bugs, including memory-related and consensus logic vulnerabilities, may pose serious threats. Fuzzing is a promising technique for protocol vulnerability detection. However, existing fuzzers cannot deal with complex consensus states of distributed nodes, thus generating a large number of useless packets, inhibiting their effectiveness in reaching the deep logic of consensus protocols.

In this work, we propose LOKI, a blockchain consensus protocol fuzzing framework that detects the consensus memory-related and logic bugs. LOKI senses consensus states in real-time by masquerading as a node. First, LOKI dynamically builds a state model that records the state transition of each node. After that, LOKI adaptively generates the input targets, types, and contents according to the state model. With a bug analyzer, LOKI detects the consensus protocol implementation bugs with well-defined oracles. We implemented and evaluated LOKI on four widely used commercial blockchain systems, including Go-Ethereum, Facebook Diem, IBM Fabric, and WeBank FISCO-BCOS. LOKI has detected 20 serious previously unknown vulnerabilities with 9 CVEs assigned. 14 of them are memory-related bugs, and 6 are consensus logic bugs. Compared with state-of-the-art tools such as Peach, Fluffy, and Twins, LOKI improves the branch coverage by an average of 43.21%, 182.05%, and 291.58%.

View More Papers

QPEP in the Real World: A Testbed for Secure...

Julian Huwyler (ETH Zurich), James Pavur (University of Oxford), Giorgio Tresoldi and Martin Strohmeier (Cyber-Defence Campus) Presenter: Martin Strohmeier

Read More

OptRand: Optimistically Responsive Reconfigurable Distributed Randomness

Adithya Bhat (Purdue University), Nibesh Shrestha (Rochester Institute of Technology), Aniket Kate (Purdue University), Kartik Nayak (Duke University)

Read More

Unlocking the Potential of Domain Aware Binary Analysis in...

Dr. Zhiqiang Lin (Distinguished Professor of Engineering at The Ohio State University)

Read More

FCGAT: Interpretable Malware Classification Method using Function Call Graph...

Minami Someya (Institute of Information Security), Yuhei Otsubo (National Police Academy), Akira Otsuka (Institute of Information Security)

Read More