Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing

Yibo Wang; Yuzhe Tang; Kai Li; Wanning Ding; Zhihua Yang

Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing

Yibo Wang
, Yuzhe Tang
, Kai Li
, Wanning Ding
, Zhihua Yang

Department of Computer Science

Syracuse University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

In blockchains, mempool controls transaction flow before consensus, denial of whose service hurts the health and security of blockchain networks. This paper presents MPFUZZ, the first mempool fuzzer to find asymmetric DoS bugs by exploring the space of symbolized mempool states and optimistically estimating the promisingness of an intermediate state in reaching bug oracles. Compared to the baseline blockchain fuzzers, MPFUZZ achieves a > 100× speedup in finding known DETER exploits. Running MPFUZZ on major Ethereum clients leads to discovering new mempool vulnerabilities, which exhibit a wide variety of sophisticated patterns, including stealthy mempool eviction and mempool locking. Rule-based mitigation schemes are proposed against all newly discovered vulnerabilities.

Original language	English
Title of host publication	Proceedings of the 33rd USENIX Security Symposium
Pages	4747-4764
Number of pages	18
ISBN (Electronic)	9781939133441
State	Published - 2024
Event	33rd USENIX Security Symposium, USENIX Security 2024 - Philadelphia, United States Duration: 14 Aug 2024 → 16 Aug 2024

Publication series

Name	Proceedings of the 33rd USENIX Security Symposium

Conference

Conference	33rd USENIX Security Symposium, USENIX Security 2024
Country/Territory	United States
City	Philadelphia
Period	14/08/24 → 16/08/24

Cite this

@inproceedings{c6069f9bbf6341ed9a4a80f974ddb8ac,

title = "Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing",

abstract = "In blockchains, mempool controls transaction flow before consensus, denial of whose service hurts the health and security of blockchain networks. This paper presents MPFUZZ, the first mempool fuzzer to find asymmetric DoS bugs by exploring the space of symbolized mempool states and optimistically estimating the promisingness of an intermediate state in reaching bug oracles. Compared to the baseline blockchain fuzzers, MPFUZZ achieves a > 100× speedup in finding known DETER exploits. Running MPFUZZ on major Ethereum clients leads to discovering new mempool vulnerabilities, which exhibit a wide variety of sophisticated patterns, including stealthy mempool eviction and mempool locking. Rule-based mitigation schemes are proposed against all newly discovered vulnerabilities.",

author = "Yibo Wang and Yuzhe Tang and Kai Li and Wanning Ding and Zhihua Yang",

note = "Publisher Copyright: {\textcopyright} USENIX Security Symposium 2024.All rights reserved.; 33rd USENIX Security Symposium, USENIX Security 2024 ; Conference date: 14-08-2024 Through 16-08-2024",

year = "2024",

language = "English",

series = "Proceedings of the 33rd USENIX Security Symposium",

pages = "4747--4764",

booktitle = "Proceedings of the 33rd USENIX Security Symposium",

}

TY - GEN

T1 - Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing

AU - Wang, Yibo

AU - Tang, Yuzhe

AU - Li, Kai

AU - Ding, Wanning

AU - Yang, Zhihua

PY - 2024

Y1 - 2024

N2 - In blockchains, mempool controls transaction flow before consensus, denial of whose service hurts the health and security of blockchain networks. This paper presents MPFUZZ, the first mempool fuzzer to find asymmetric DoS bugs by exploring the space of symbolized mempool states and optimistically estimating the promisingness of an intermediate state in reaching bug oracles. Compared to the baseline blockchain fuzzers, MPFUZZ achieves a > 100× speedup in finding known DETER exploits. Running MPFUZZ on major Ethereum clients leads to discovering new mempool vulnerabilities, which exhibit a wide variety of sophisticated patterns, including stealthy mempool eviction and mempool locking. Rule-based mitigation schemes are proposed against all newly discovered vulnerabilities.

AB - In blockchains, mempool controls transaction flow before consensus, denial of whose service hurts the health and security of blockchain networks. This paper presents MPFUZZ, the first mempool fuzzer to find asymmetric DoS bugs by exploring the space of symbolized mempool states and optimistically estimating the promisingness of an intermediate state in reaching bug oracles. Compared to the baseline blockchain fuzzers, MPFUZZ achieves a > 100× speedup in finding known DETER exploits. Running MPFUZZ on major Ethereum clients leads to discovering new mempool vulnerabilities, which exhibit a wide variety of sophisticated patterns, including stealthy mempool eviction and mempool locking. Rule-based mitigation schemes are proposed against all newly discovered vulnerabilities.

UR - https://www.scopus.com/pages/publications/85205019826

UR - https://www.scopus.com/pages/publications/85205019826#tab=citedBy

M3 - Conference contribution

AN - SCOPUS:85205019826

T3 - Proceedings of the 33rd USENIX Security Symposium

SP - 4747

EP - 4764

BT - Proceedings of the 33rd USENIX Security Symposium

T2 - 33rd USENIX Security Symposium, USENIX Security 2024

Y2 - 14 August 2024 through 16 August 2024

ER -

Understanding Ethereum Mempool Security under Asymmetric DoS by Symbolized Stateful Fuzzing

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this