BlogHide Resteemsfuzz-ai (52)in steem • 6 years agosteemCreated with Sketch.The JSON-parsing vulnerability fixed by Steemd 0.20.9In my previous bug report on steemd, @crokkon asked if custom JSON was also vulnerable which inspired me to take a closer look. The JSON parsing code in the FC library used by Steem did have a…fuzz-ai (52)in programming • 6 years agoReproducing a Memory-Tracking Bug with TLA+I was interested in a first project for getting familiar with TLA+ , “a high-level language for modelling programs and systems.” TLA+ has been used to find errors in the design of real-world…fuzz-ai (52)in ontology • 6 years agoFuzz-testing Ontology's NeoVM Execution EngineTwo smart contract fragments were identified that cause panics in the NeoVM implementation in the Ontology blockchain code. Introduction Ontology is a “distributed trust…fuzz-ai (52)in software • 6 years agoImproving Ripple Unit Test Coverage with FuzzingEven quality code with good test coverage can benefit from fuzz testing! The Ripple blockchain server ( rippled ) did not exhibit any security holes in its JSON implementation, or any invariant…fuzz-ai (52)in software • 6 years agoFuzz-Testing the Snappy Compression AlgorithmUsing American Fuzzy Lop on the Snappy compression library found no new bugs, and reported only high memory usage related to preallocation of an output buffer. Users of Snappy should be…fuzz-ai (52)in utopian-io • 6 years agosteemCreated with Sketch.Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_messageProject Information Repository: Project Name: Steem Expected behavior The Steemd process should handle malformed messages arriving from a peer by logging and error and/or terminating…fuzz-ai (52)in software • 6 years agosteemCreated with Sketch.A Memory Exhaustion Attack Against the Steem BlockchainThis article explains the security risk patched in steemd 0.20.7. Using American Fuzzy Lop on a message parsing library contained in the Steem blockchain implementation found unexpectedly large…fuzz-ai (52)in introduceyourself • 6 years agosteemCreated with Sketch.IntroductionFuzz.ai is an early-stage startup dedicated to making software correctness tools easier to use. Fuzzers , model checkers , and property-based testing can make software more robust…fuzz-ai (52)in steem • 6 years agosteemCreated with Sketch.Finding Bugs in the Steem Blockchain with Fuzz TestingUsing American Fuzzy Lop on the JSON parsing library contained in the Steem blockchain implementation found a latent bug. Fortunately, this bug is not exploitable in practice, though it may…
