Towards Automated Discovery of Asymmetric Mempool DoS in Blockchains
Yibo Wang, Yuzhe Tang, Kai Li, Wanning Ding, Zhihua Yang
TL;DR
This paper introduces MPFUZZ, a novel mempool fuzzer that efficiently discovers asymmetric DoS vulnerabilities in blockchain networks, revealing new attack patterns and proposing mitigation strategies.
Contribution
The paper presents MPFUZZ, the first tool to explore symbolized mempool states for bug discovery, significantly improving detection speed and uncovering new vulnerabilities in Ethereum clients.
Findings
MPFUZZ achieves over 100x speedup in finding exploits.
Discovered new mempool vulnerabilities with complex attack patterns.
Proposed mitigation schemes for all identified vulnerabilities.
Abstract
In blockchains, mempool controls transaction flow before consensus, denial of whose service hurts the health and security of blockchain networks. This paper presents MPFUZZ, the first mempool fuzzer to find asymmetric DoS bugs by exploring the space of symbolized mempool states and optimistically estimating the promisingness of an intermediate state in reaching bug oracles. Compared to the baseline blockchain fuzzers, MPFUZZ achieves a > 100x speedup in finding known DETER exploits. Running MPFUZZ on major Ethereum clients leads to discovering new mempool vulnerabilities, which exhibit a wide variety of sophisticated patterns, including stealthy mempool eviction and mempool locking. Rule-based mitigation schemes are proposed against all newly discovered vulnerabilities.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware System Performance and Reliability · Network Security and Intrusion Detection · Cloud Computing and Resource Management