Martin Swende’s Thoughts On Securing Ethereum Against Attackers

Among the presenters at Devcon3, Martin Swende spoke on November 2 about blockchain security and demonstrated how the system analyzes attacks.

Security is a serious issue for the Ethereum blockchain. “We are in cryptoland,” said Swende. “We should all be very clear about where we are ... It’s like Australia where anything with a heartbeat will try to kill you and if you make a mistake, you’re probably dead. Meanwhile, for attackers – they’ve never had it better.”

Swende went on to detail the Shanghai attacks and how they affected the Geth server for about a month. He said that once the dust settles after an attack, the event presents an opportunity to bolster resilience and readiness. After the Shanghai attacks, more monitoring nodes were added to run in the cloud, which provided valuable analysis and exposed some inherent inefficiencies of transaction propagation. Once invalid transaction propagation was removed from the clients, network traffic was made vastly more efficient, and it was thanks to the analysis provided by the monitoring nodes.

During his presentation, Swende typed a few lines of code into his OP Viewer and demonstrated to attendees the method by which attack analysis takes place. The information gathered allows for Swende to apply patches that can predict problems and find solutions. As Swende explained, “This tooling makes it possible for us to do a quick analysis, and then to check ‘Does this patch work?’” The patch can then be shared among coworkers who can provide testing and catch errors. These types of improvements allow for dynamic adaption to attacks on the Ethereum Virtual Machine (EVM).

Synthesized environments have freed up developers to work on other issues, since testing can be done separately. However, despite a more robust testing environment, there are sometimes problems with consensus, like one that occurred after the second hard fork of Ethereum. Due to the inherent complexity of the EVM, it is sometimes difficult to manually scale tests. But a system that uses raw binaries, called “fuzzing,” was then implemented, allowing for millions of tests per day by generating test cases randomly. Another form of fuzzing, “libfuzzer,” works by mutating inputs to maximize the code coverage, providing about 100 million tests per day. Swede said these systems found 7 or 8 consensus issues, one of which was patched and released after the Byzantium fork.

Billions of tests have since been performed by libfuzzer. “The clients today,” said Swende, “are more thoroughly tested than they have ever been in the history of Ethereum, and we are still running fuzzers 24/7. But he concluded with a warning: “Everyone here are targets for attackers … so be paranoid, and be proactive and work on improving the security in your resilience, and how you can handle attacks.”