ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Saturday Nov 25th 2017
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Event

Submit an event for consideration on ETHNews

Submit Event

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Events
Contact Us

Martin Swende’s Thoughts On Securing Ethereum Against Attackers

By

Jeremy

Nation

WriterETHNews.com

Martin Swende explained some of the breakthroughs in testing on the Ethereum Virtual Machine that are making the system more resilient.

Among the presenters at Devcon3, Martin Swende spoke on November 2 about blockchain security and demonstrated how the system analyzes attacks.

Security is a serious issue for the Ethereum blockchain. “We are in cryptoland,” said Swende. “We should all be very clear about where we are ... It’s like Australia where anything with a heartbeat will try to kill you and if you make a mistake, you’re probably dead. Meanwhile, for attackers – they’ve never had it better.”

Swende went on to detail the Shanghai attacks and how they affected the Geth server for about a month. He said that once the dust settles after an attack, the event presents an opportunity to bolster resilience and readiness. After the Shanghai attacks, more monitoring nodes were added to run in the cloud, which provided valuable analysis and exposed some inherent inefficiencies of transaction propagation. Once invalid transaction propagation was removed from the clients, network traffic was made vastly more efficient, and it was thanks to the analysis provided by the monitoring nodes.

During his presentation, Swende typed a few lines of code into his OP Viewer and demonstrated to attendees the method by which attack analysis takes place. The information gathered allows for Swende to apply patches that can predict problems and find solutions. As Swende explained, “This tooling makes it possible for us to do a quick analysis, and then to check ‘Does this patch work?’” The patch can then be shared among coworkers who can provide testing and catch errors. These types of improvements allow for dynamic adaption to attacks on the Ethereum Virtual Machine (EVM).

Synthesized environments have freed up developers to work on other issues, since testing can be done separately. However, despite a more robust testing environment, there are sometimes problems with consensus, like one that occurred after the second hard fork of Ethereum. Due to the inherent complexity of the EVM, it is sometimes difficult to manually scale tests. But a system that uses raw binaries, called “fuzzing,” was then implemented, allowing for millions of tests per day by generating test cases randomly. Another form of fuzzing, “libfuzzer,” works by mutating inputs to maximize the code coverage, providing about 100 million tests per day. Swede said these systems found 7 or 8 consensus issues, one of which was patched and released after the Byzantium fork.

Billions of tests have since been performed by libfuzzer. “The clients today,” said Swende, “are more thoroughly tested than they have ever been in the history of Ethereum, and we are still running fuzzers 24/7."

He concluded with a warning: “Everyone here are targets for attackers … so be paranoid, and be proactive and work on improving the security and your resilience, and how you can handle attacks.”

Jeremy Nation

Jeremy Nation is a writer living in Los Angeles with interests in technology, human rights, and cuisine. He is a full time staff writer for ETHNews and holds value in Ether.

ETHNews is commited to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Devcon3, Martin Swende or other Ethereum technology news.