* [bitcoin-dev] push tx fuzzing
@ 2015-09-01 15:50 Kristov Atlas
2015-09-01 16:59 ` Monarch
0 siblings, 1 reply; 4+ messages in thread
From: Kristov Atlas @ 2015-09-01 15:50 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 1101 bytes --]
I am interested in finding or writing a fuzzer for push tx APIs. I did not
find one after a brief search. Has anyone found otherwise, or is she in the
process of writing one?
If not, what features would people recommend for a new push tx fuzzer?
Endpoints I would like to test include:
https://live.blockcypher.com/btc-testnet/pushtx/
https://insight.bitpay.com/tx/send
https://blockchain.info/pushtx
https://coinb.in/#broadcast
https://btc.blockr.io/tx/push
https://chain.localbitcoins.com/tx/send
The fuzzer should be able to send random data, invalid characters, etc. but
also fuzz particular aspects of the transaction format such as malformed
P2SH and P2PKH transactions, fields such as lock time, size, # inputs,
version number, vin size, etc. It should also be able to fuzz a variety of
valid and invalid script formats using odd op codes, changing the order of
op codes, etc.
If anyone has recommendations about how such a fuzzer should be structured,
please let me know.
Finally, if you are interested in collaborating, please contact me via
private message.
Thanks!
Kristov
[-- Attachment #2: Type: text/html, Size: 5512 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bitcoin-dev] push tx fuzzing
2015-09-01 15:50 [bitcoin-dev] push tx fuzzing Kristov Atlas
@ 2015-09-01 16:59 ` Monarch
2015-09-01 18:03 ` Wladimir J. van der Laan
0 siblings, 1 reply; 4+ messages in thread
From: Monarch @ 2015-09-01 16:59 UTC (permalink / raw)
To: bitcoin-dev
On 2015-09-01 15:50, Kristov Atlas via bitcoin-dev wrote:
> I am interested in finding or writing a fuzzer for push tx APIs. I did
> not find one after a brief search. Has anyone found otherwise, or is
> she in the process of writing one?
>
https://github.com/jonasnick/bitcoinconsensus_testcases
https://jonasnick.github.io/blog/2015/05/09/fuzzing-bitcoin-consensus/
The only implementations with any significant network presence are
btcd and Bitcoin Core, fuzzing them should be sufficient if these
services are doing validation of transactions using one of the two.
For example two of the ones you have linked are based in Insight,
which uses Bitcoin Core for validation. If they aren't validating
transactions before broadcast they won't make it more than a single
hop through the P2P the network so they are of minimum concern.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bitcoin-dev] push tx fuzzing
2015-09-01 16:59 ` Monarch
@ 2015-09-01 18:03 ` Wladimir J. van der Laan
2015-09-01 18:22 ` Manuel Aráoz
0 siblings, 1 reply; 4+ messages in thread
From: Wladimir J. van der Laan @ 2015-09-01 18:03 UTC (permalink / raw)
To: Monarch; +Cc: bitcoin-dev
On Tue, Sep 01, 2015 at 04:59:15PM +0000, Monarch via bitcoin-dev wrote:
> which uses Bitcoin Core for validation. If they aren't validating
> transactions before broadcast they won't make it more than a single
> hop through the P2P the network so they are of minimum concern.
blockchain.info had some problems here for a while. They were not using a full validating node underneath:
- Signatures were not verified properly. This resulted in some panic when it looked like (on their site) a massive number of very old coins were being spent.
- They were relaying loose coinbase transactions. This caused them to be instantly banned from nodes they were connected to.
So there's certainly some scope for fun with fuzzing those APIs.
Wladimir
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bitcoin-dev] push tx fuzzing
2015-09-01 18:03 ` Wladimir J. van der Laan
@ 2015-09-01 18:22 ` Manuel Aráoz
0 siblings, 0 replies; 4+ messages in thread
From: Manuel Aráoz @ 2015-09-01 18:22 UTC (permalink / raw)
To: Wladimir J. van der Laan; +Cc: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 1523 bytes --]
Interesting project, Kristov. Two more ideas for fuzzing bitcoin txs:
- random bit flipping from valid txs
- random tx script generators:
- from a grammar
- from a stochastic grammar
- from a random sequence of opcodes
I've made some really small experiments on fuzzing in the past [1][2], and
I'm interested in helping out.
Best,
Manuel
[1] https://github.com/maraoz/json-fuzzer
[2] https://github.com/maraoz/bitcoin-fuzzer
On Tue, Sep 1, 2015 at 3:03 PM, Wladimir J. van der Laan via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> On Tue, Sep 01, 2015 at 04:59:15PM +0000, Monarch via bitcoin-dev wrote:
>
> > which uses Bitcoin Core for validation. If they aren't validating
> > transactions before broadcast they won't make it more than a single
> > hop through the P2P the network so they are of minimum concern.
>
> blockchain.info had some problems here for a while. They were not using a
> full validating node underneath:
>
> - Signatures were not verified properly. This resulted in some panic when
> it looked like (on their site) a massive number of very old coins were
> being spent.
>
> - They were relaying loose coinbase transactions. This caused them to be
> instantly banned from nodes they were connected to.
>
> So there's certainly some scope for fun with fuzzing those APIs.
>
> Wladimir
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 2492 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-09-01 18:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-01 15:50 [bitcoin-dev] push tx fuzzing Kristov Atlas
2015-09-01 16:59 ` Monarch
2015-09-01 18:03 ` Wladimir J. van der Laan
2015-09-01 18:22 ` Manuel Aráoz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox