Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 436C51272 for ; Tue, 1 Sep 2015 18:23:12 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f51.google.com (mail-vk0-f51.google.com [209.85.213.51]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8C97511F for ; Tue, 1 Sep 2015 18:23:11 +0000 (UTC) Received: by vkbf67 with SMTP id f67so56470920vkb.0 for ; Tue, 01 Sep 2015 11:23:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=trxhHddfARriA3U6ahSJtINfnCDpOSExMdXsmKZ6sMU=; b=OQPhEIgf/FgSqhnQD2XYLrin2cUruDNnNv9xJ8k9/8P2qf/5Pnenkj0DF8JtWHzNcs nCb4/GPO7NOzxBOzPHxnTJvIT1YRa8kIOM8Qc8YqH+Pi292EZ4xUYYwULMHWmelauBJo q+4TAFxh4Rqmp1O1EPPnwcV8NgTBEKZzAGqzV8zbhLcXypjZM/YoyI5PNMx0Kq8XtduL bi1F6Oy8DGfz6rr57G3onq9jNFEryJLGUgGVFhvlOjFc3P3ucZ5nUy1RKnEqPimLFFHW oPf5tze/dnx6DxBT1BVSUKK1+eWN8hZ5Yk8Id0Vmr7xSukvZT4OoFEnEzsU3PCwbU/98 KXaQ== X-Received: by 10.52.169.1 with SMTP id aa1mr17912712vdc.5.1441131790672; Tue, 01 Sep 2015 11:23:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.5.195 with HTTP; Tue, 1 Sep 2015 11:22:51 -0700 (PDT) In-Reply-To: <20150901180333.GA3914@amethyst.visucore.com> References: <20150901180333.GA3914@amethyst.visucore.com> From: =?UTF-8?Q?Manuel_Ar=C3=A1oz?= Date: Tue, 1 Sep 2015 15:22:51 -0300 Message-ID: To: "Wladimir J. van der Laan" Content-Type: multipart/alternative; boundary=089e01633a90752969051eb3a49f X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] push tx fuzzing X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2015 18:23:12 -0000 --089e01633a90752969051eb3a49f Content-Type: text/plain; charset=UTF-8 Interesting project, Kristov. Two more ideas for fuzzing bitcoin txs: - random bit flipping from valid txs - random tx script generators: - from a grammar - from a stochastic grammar - from a random sequence of opcodes I've made some really small experiments on fuzzing in the past [1][2], and I'm interested in helping out. Best, Manuel [1] https://github.com/maraoz/json-fuzzer [2] https://github.com/maraoz/bitcoin-fuzzer On Tue, Sep 1, 2015 at 3:03 PM, Wladimir J. van der Laan via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Tue, Sep 01, 2015 at 04:59:15PM +0000, Monarch via bitcoin-dev wrote: > > > which uses Bitcoin Core for validation. If they aren't validating > > transactions before broadcast they won't make it more than a single > > hop through the P2P the network so they are of minimum concern. > > blockchain.info had some problems here for a while. They were not using a > full validating node underneath: > > - Signatures were not verified properly. This resulted in some panic when > it looked like (on their site) a massive number of very old coins were > being spent. > > - They were relaying loose coinbase transactions. This caused them to be > instantly banned from nodes they were connected to. > > So there's certainly some scope for fun with fuzzing those APIs. > > Wladimir > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --089e01633a90752969051eb3a49f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Interesting project, Kristov. Two more ideas for fuzzing b= itcoin txs:=C2=A0
- random bit flipping from valid txs=C2=A0
=
- random tx script generators:
=C2=A0 - from a grammar
= =C2=A0 - from a stochastic grammar
=C2=A0 - from a random sequenc= e of opcodes

I've made some really small exper= iments on fuzzing in the past [1][2], and I'm interested in helping out= .

Best,
Manuel


On Tue,= Sep 1, 2015 at 3:03 PM, Wladimir J. van der Laan via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
On Tue, Sep 01, 2015 at 04= :59:15PM +0000, Monarch via bitcoin-dev wrote:

> which uses Bitcoin Core for validation.=C2=A0 If they aren't valid= ating
> transactions before broadcast they won't make it more than a singl= e
> hop through the P2P the network so they are of minimum concern.

blockchain.info had some problems here for a while. They were not u= sing a full validating node underneath:

- Signatures were not verified properly. This resulted in some panic when i= t looked like (on their site) a massive number of very old coins were being= spent.

- They were relaying loose coinbase transactions. This caused them to be in= stantly banned from nodes they were connected to.

So there's certainly some scope for fun with fuzzing those APIs.

Wladimir

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev

--089e01633a90752969051eb3a49f--