115 total views
Researchers in Korea have developed a system that detects fatal blockchain technology errors and finds additional bugs (defects in computer programs) that may occur, attracting attention.
Seoul National University College of Engineering announced on the 7th that Professor Byung-Gon Jeon and Ph.
Ethereum, launched in 2015, is a programmable blockchain and operates based on the second-largest cryptocurrency,’Ethereum’. Developers can use Ethereum to develop various types of applications (apps), and Ethereum is used as a key currency in the world of blockchain development.
Professor Jeon’s team discovered two rare consensus bugs in Ethereum while researching blockchain security last year.
Blockchain consensus means that decentralized client nodes agree on a single blockchain. The consensus bug is a bug that prevents a specific blockchain client from consensus with other clients by hard forking the blockchain (changing it in a new way that is not compatible with the existing blockchain). It is very important for chain safety.
The former professor’s team forwarded the error to the Ethereum Foundation (the Ethereum operator), and the Ethereum Foundation released a new version of the Ethereum client that fixed the bug. The former professor’s team who discovered the error received a bug bounty (vulnerability compensation program) from the Ethereum Foundation of $20,000 (approximately 2236 million won) as a prize money.
In some cases, one of the bugs the former professor’s team found triggered. The bug caused the previous version of the client (Guess Ethereum Client) to hard fork the Ethereum blockchain, and on November 11 last year, services that used the old version of the client were severely paralyzed.
At the time, major services such as Ethereum infrastructure provider’Inpura’ and Ethereum wallet’Metamask’ for browsers were unavailable, causing difficulties for developers and investors.
Due to the failure, the Ethereum deposit and withdrawal services of major domestic and foreign cryptocurrency trading sites such as Binance and Bithumb were temporarily suspended. Blockchain media outlets are evaluating the incident as the worst incident since the 2016 Ethereum DAO hacking incident.
Professor Jeon’s research team did not discover errors, but suggested alternatives. Multi-transaction differential spread’floppy’ is it. The existing fuzzing method to find the Ethereum consensus bug is to repeatedly create and test the blockchain state and one transaction. However, this has a limitation in that it cannot fundamentally find bugs hidden deep in the Ethereum client code even when using infinite computing resources.
Fluffy, proposed by the former professor’s team, searches for consensus bugs deeply hidden in the Ethereum client code by testing several transactions in succession at a time. Through system optimization, Fluffy achieves more than 510 times the fuzzing throughput and more than 2.7 times the code coverage compared to the existing one.
Professor Jeon said, “We were able to find a bug in Ethereum that was impossible to find with the spread we developed this time. It is a very influential research to increase the stability of Ethereum, the second largest cryptocurrency in the world, and we acknowledge its contribution. It was accepted and adopted as a paper by the OSDI (USENIX Symposium on Operating Systems Design and Implementation), an academic society in the field of computer systems.”
The research results of the former professor’s team will be announced at OSDI in July.