Guido Vranken
@GuidoVranken
Followers
5,537
Following
563
Media
93
Statuses
834
Software security and fuzzing. Contact: guido @guidovranken .com
Limburg, Nederland
Joined June 2018
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
YouTube,YouTube
• 3294983 Tweets
Walz
• 1994561 Tweets
Alberto
• 272505 Tweets
Drake
• 174073 Tweets
María Oropeza
• 166598 Tweets
Neeraj
• 145753 Tweets
Cori Bush
• 115706 Tweets
Tampon Tim
• 79234 Tweets
AIPAC
• 45124 Tweets
スキャンダル
• 40620 Tweets
中丸くん
• 39016 Tweets
Paiva
• 36266 Tweets
WE LOVE YOU YOONGI
• 33410 Tweets
#JinxGucci
• 28960 Tweets
高校野球
• 24693 Tweets
White Sox
• 21785 Tweets
wooyoung
• 21419 Tweets
Wesley Bell
• 21114 Tweets
女子大生
• 18869 Tweets
#ARMYLovesSuga
• 15860 Tweets
アパホテル
• 14890 Tweets
内田副総裁
• 13388 Tweets
#earthquake
• 11308 Tweets
滋賀学園
• 10544 Tweets
Pinned Tweet
I'm now the world's number 1 Ethereum vulnerability finder 🐐
152
201
812
Lol someone copy-pasted my libzmq exploit + analysis verbatim into a
@Hacker0x01
bug bounty program and collected the cash
13
60
272
Solana bug bounty is fake, in Aug 2023 I reported a bug, they acknowledged the issue, then stopped responding, then *deleted* the report (but I have a PDF printout of the discussion saved locally).
Just stick to reputable programs like Ethereum that play fair.
20
25
246
BitTorrent is an amazing and underrated technology. It's lean, easy to use, decentralized and censorship-resistant. More people should be using it.
19
14
236
By popular request I've released my LD_PRELOAD POSIX network API emulator, for fuzzing networked applications. Like Preeny but more ambitious.
1
68
199
I found a math bug in the blst pairing library which Ethereum uses (but Eth isn't affected because it doesn't use the affected function).
A year of fuzzing on OSS-Fuzz didn't find it, and I found it accidentally as I was looking for something else..
2
21
194
Over 50 bugs found in major cryptographic libraries with (differential) fuzzing
3
72
195
I had so much fun auditing rippled. The code is neatly formatted and organized, minimal use of memcpy, smart pointers everywhere, extensive use of the battle-tested Boost libraries, use of Protobufs, no excessive resource consumption.. 👍
2
41
169
Lots of bugs found with and by Cryptofuzz lately; this is about 2 months worth, doesn't include bugs found for clients, and more is to be announced. It turns out that ECDSA implementations especially are prone to non-conformism and other bugs.
3
49
181
Full disclosure -- ZeroMQ libzmq remote code execution exploit
0
92
157
JavaScript fuzzing with libFuzzer
1
48
147
Golang cross-compiling really works amazing, you can just type 'GOARCH=s390x go build' and without even printing a warning it produces a binary you can readily run with QEMU. To do that with C/C++ you need a PhD in cross-compiling..
5
19
146
@jon_bottarini
@Hacker0x01
@EOS_io
Thank you. A couple more waiting to be rewarded. I think the final tally was $120K but I lost count. Took me about a week.
15
13
125
@zillowgonewild
This happened in the Netherlands a few years ago. The perpetrator is still walking free.
4
1
102
The streaming API of the reference implementation of BLAKE (SHA-3 finalist, not BLAKE2 or 3) contains a bug where passing 0 bytes, instead of being a no-op, resets the internal state, yielding the base hash 716f6e863f744b9ac22c97ec7b76ea5f5908bc5b2f67c61510bfc4751384ea7a
Today there will be the coordinated disclosure of a crypto implementation bug that has gone unnoticed for many years. The impact is probably very limited but it's interesting nonetheless.
2
7
43
4
42
98
Find Squid bug for bug bounty. Write RCE exploit. Inform vendor (Oct. 5 2019). Send patch. Squid stops responding. Ask Internet Bug Bounty what to do. No response.
So here I am with a with a major internet software 0day that nobody cares to move forward. Welcome to 2014.
5
30
96
Differential fuzzing of cryptographic libraries 🔥
0
37
92
Just tried fuzzing the certificate parser of OpenSSL from 2003. It takes 1/10th of a second to find an out-of-bounds read (that's without a seed corpus).
@thedavidbrumley
OpenSSL must have been a swiss cheese in 2003! Before ASLR in Linux too. Great strides have been made since.
0
0
1
1
18
89
The fix for this introduced a (probably remote?) memory corruption bug in the latest OpenSSL release.
x64 modular exponentiation bug in OpenSSL and BoringSSL introduced in 2013
2
11
63
2
29
82
I've open sourced my libFuzzer-based Java fuzzer. Have fun.
1
41
79
Recently found a consensus bug in the Besu Ethereum client. Certain bytecode could cause an exception which causes the tx not to finalize.
Finding it was as simple as downloading the public OSS-Fuzz corpus for Geth and running it on Besu.
3
6
75
HackerOne also continues to "manage" the Squid bounty program, promising big bounties but never paying. My report was triaged 8 months ago.
This is fraud and I will reporting HackerOne to the Federal Trade Commission if this is not resolved by next week.
2
11
69
The buffer overflow by
@taviso
made the headlines but here are some other recent bugs in libgcrypt found by Cryptofuzz:
- Mod/InvMod was broken (T5269, fixed in 1.9.1)
- ECDSA verifies with invalid pubkey (T5282)
- OOB read via scrypt, at least valgrind says so (just reported)
0
19
68
The jury is still out on my bounty for the Geth bug.. How about a milly? 😂
Sushi has paid a bounty of $1M in USDC to
@samczsun
for his assistance in discovering and mitigating a Miso vulnerability.
68
207
2K
6
8
64
VrankenFuzz – a multi-sensor, multi-generator mutational fuzz testing engine
0
21
64
x64 modular exponentiation bug in OpenSSL and BoringSSL introduced in 2013
2
11
63
OpenSSL CVE-2019-1551: Incorrect consttime modular exponentation, found after 1.5 years of bignum fuzzing at OSS-Fuzz
2
18
60
I "found" this bug a few weeks ago by just downloading and running OpenSSL OSS-Fuzz binaries + corpora (see dates in screenshot). Didn't report because I assumed OSS-Fuzz would have caught it.. Didn't it..?
1
9
58
I'm working on a machine-readable fuzzing corpora directory.
I will add docs (+ a script which fetches corpora) later but I think so far it's pretty self-explanatory. Please add entries if you can, this benefits everyone.
39
18
61
Report 2 memory bugs to a "managed" program on BugCrowd complete with poc, build script, stack trace, references.. Get this back for both. God knows how many bugs BugCrowd are hiding from the companies for whom they are managing 😂
14
3
58
V8 crasher
function f(){}var a=f;for(var b=0;b<100000;++b){a=a.bind();Object.defineProperty(a,Symbol.hasInstance,{})}({})instanceof a;
2
15
55
Multi-arch instruction-level differential fuzzing with libFuzzer, Unicorn and Capstone. Also detects use of uninitialized memory. I want to subject OpenSSL's multiple implementations of the same functions (in C, optimized asm across multiple archs) to this.
3
12
55
You have:
- A complex software program, source code available
- Insane compute resources
- Limited human time (to write harnesses and poke around etc)
What would be your general approach to find as many vulnerabilities as possible?
13
12
53
I was looking into this and found a new Geth consensus bug (kind of, but don't worry Ethereum is safe, it only affects an unused configuration)
Cannon (CANNON CANNON CANNON) is our next-gen fault proof architecture, and it’s coming soon.
It enables optimal data costs.
It effortlessly preserves EVM equivalence.
Its very first bug bounty goes live today. 💥
11
64
296
1
7
51
This is one EOS bug I found. Unbounded recursion in Binaryen WASM parsing (GDB backtrace: )
6
5
50
RustCrypto, which is a a suite of primitives widely used throughout the Rust ecosystem, is being fuzzed on OSS-Fuzz.
Other than finding that some hashes like Groestl are a little slow with large inputs no bugs have been detected. Very high quality code.
2
7
49
Within a few days I will publicly disclose a Monero "bleed" bug that leaks process memory to the network. Reported and acknowledged 6 months ago, but not yet fixed, though a new release, incorporating the fix, is supposedly planned for the near future.
6
5
46
0
13
47
Today there will be the coordinated disclosure of a crypto implementation bug that has gone unnoticed for many years. The impact is probably very limited but it's interesting nonetheless.
2
7
43
Another impossible fuzzing puzzle: if (v * v * v == 1881672302290562263) abort(); where v is uint64_t doesn't finish in 60000000000 iters. Solution is 1234567, Z3 solves it instantly.
simple_api_fuzzer -jobs=120 -use_value_profile=1 -max_len=256 -focus_function=BuildHuffmanTable on the most recent public corpus doesn't find it, at least not quickly. Using libwebp-address-202308310602, which is vulnerable (bad.webp triggers it).
0
0
30
4
1
44
Hopefully this will catch a bug or two in other libraries as well.
The lesson learned is that some bugs can be quite elusive even when targeted with countless CPU hours of purpose-built fuzzing.
1
0
41
I'm writing a Solidity to C++ converter by parsing Solidity JSON AST output so I can fuzz smart contracts like I fuzz OpenSSL.
It's fairly straightforward because the languages are quite similar, only minor AST rewrites are required to offer most Solidity functionality in C++.
3
4
43
I added Z3 support to Cryptofuzz to compute inputs to calculation operations yielding a specific result.
Inspired by a bug in a smart contract function which computes ceil(A*B/C). If A*B/C==2^256-1 and A*B%C!=0 then it would incorrectly overflow the result from 2^256-1 to 0.
2
4
41
I thought I had found a Solidity bug with differential fuzzing between optimization levels.
function f() public {assembly {mstore(and(keccak256(0,18446744057039951614),0), 123)}}
1
3
41
A new optimized, extensively documented uint256 lib for Golang by Decred.
0
9
39
The cereal fuzzers can be found in (and built with) this repository:
I spent a lot of time on this and it is one of my most elaborate harnesses to date.
0
9
40
Django fuzzers: 3 CVE's from initial run, OSS-Fuzz integration upcoming
1
8
38
Found a Base58 decoder OOB read in rippled (XRP node), which was generously rewarded, and I'm working on getting fuzzers for rippled released.
5
6
37
I have a DoS (slow execution) bug which affects most EVMs. If you're an EVM maintainer and slow contract execution is a concern to you, please reach out (e-mail in bio) and I'll notify you before I'll publish a blog post about the bug later this week.
2
9
36
I've spent hundreds of hours and CPU-decades of fuzzing on the Geth EVM. I did find some bugs along the way but at this point it's simply impeccable as far as I can tell.
@superphiz
Geth is the most hardened piece of software in blockchain. Many blockchains are literally just Geth forks
But running majority clients is bad for the safety and value of your precious ETH
2
1
14
0
1
37
Some time ago I reported a remote memory corruption vulnerability (max. 1 byte OOB) to Ripple. Bounty $10K.
1
4
36
@realGeorgeHotz
@Austen
Don't get rid of verbatim search, for me the usefulness of a search engine is the extent to which it resembles grep and avoids trying to be clever. (I don't see the problem in the first place, just don't make typo's or use autocorrect?)
5
1
32
This was found by fuzzing the Nimbus EVM (which uses libtommath for the modexp precompile) vs. Geth and observing that their states diverged
Modular exponentiation bug in libtommath, undiscovered since 2004, not yet fixed.
0
2
27
0
2
35
For
@wolfSSL
I've written a Cryptofuzz module that tests their cryptography API. 7000 lines of harnessing code. I honestly can't think of any software that is fuzzed so deeply.
0
5
34
Another one
Incorrect serialization of elliptic curve point whose X = 0
0
1
33
@killa
@the_secret_club
@floesen_
@Hacker0x01
I'm also still waiting for a reward in another H1 program for a bug reported in Jan. 2020 ("managed by HackerOne")
H1 consistently continues to run programs which take the bugs but never pay. That's clearly fraud and I suggest reporting them to the Federal Trade Commission
@FTC
0
1
31
Fuzzing tip: Use mutators to route symmetrical operations. Eg. Cryptofuzz reuses ECDSA Sign output as input to ECDSA Verify via the mutator and this is extremely effective, because EC crypto expects proper input (valid keys, signatures), and randomly generated data doesn't cut it
0
4
32
So in my custom mutator (which is already strongly optimized to construct meaningful inputs to math/crypto functions) I added a feature which mutates values in the Montgomery domain and this helps a lot because the bug is now found within minutes.
1
1
29
simple_api_fuzzer -jobs=120 -use_value_profile=1 -max_len=256 -focus_function=BuildHuffmanTable on the most recent public corpus doesn't find it, at least not quickly. Using libwebp-address-202308310602, which is vulnerable (bad.webp triggers it).
"The WebP 0day" -- a full technical analysis the recently patched vulnerability in the WebP image library that was exploited in the wild (CVE-2023-4863).
15
336
839
0
0
30
It's great that Google does this. As far as I'm aware there is no company investing so heavily in the security of general-purpose FOSS as Google. And a nice consequence of their crowd-sourcing is that anyone can make some extra cash regardless of their credentials or background.
@vegard_no
Note: Google VRP is paying generously for linux kernel patches, even patches that are already found by their syzkaller instance! Wanna earn a quick buck? Go fix some of the bugs! :)
1
5
23
1
4
30
@brewster_kahle
@internetarchive
I think it's not a matter of if but when the IA will be stricken by catastrophe (The Big One, fire, litigation, ..). IA should offer its whole public archive in chunks of 1TB torrents to ensure survival of data.
3
0
28
The subtraction mechanism involved in the OpenSSL vulnerability is interesting because you can use it to subtract a pointer delta from a existing function pointer to set it to a different function.
The following prints 'bad' 25% of the time with ASLR enabled.
1
3
30
I've been testing Stanford Javascript Crypto Library () (5600+ Github stars) with Cryptofuzz.
Observed wrong output for: PBKDF2+SHA1/SHA512/RIPEMD160 (but SHA256 is OK), bignum subtract if result is negative, scrypt with certain parameters, RIPEMD160 HMAC.
3
5
28
Serious bug in Nettle's ecdsa_verify
Found by Cryptofuzz running on OSS-Fuzz
0
8
29
The raw memory of an (initialized!) long double type contains uninitialized bytes.
Try: long double v=0;for(int i=0;i<sizeof(v);i++)printf("%02X",*(((unsigned char*)&v)+i));
This can affect serialization eg. in Cereal:
4
2
30
I wonder if the nature of OpenSSL vuln can be figured out ahead of its disclosure using git kung fu based on these confirmed constraints:
- OpenSSL 1.1.1[a-q] are not affected
- LibreSSL and BoringSSL are not affected
- OpenSSL 3.0.0 through 3.0.6 are affected
2
3
27
Out of 499 OSS-Fuzz projects I surveyed, only 30 use custom mutators, and 9 of those are mine.
They don't make sense for every project, but they can be quite helpful and even essential if the format is particularly strict (valid checksums, source code parsing, signatures).
2
1
29
Fuzzer for Uniswap/SushiSwap/OpenZeppelin math
No bugs so no milly for me 😭
0
6
28
What Z3 can't do: solve A^3 + B^3 + C^3 = {114, 390, 627, 633, 732, 921, 975}. This is an open problem.
Another impossible fuzzing puzzle: if (v * v * v == 1881672302290562263) abort(); where v is uint64_t doesn't finish in 60000000000 iters. Solution is 1234567, Z3 solves it instantly.
4
1
44
0
0
21
Running all OSS-Fuzz fuzzers on their latest corpus while logging file and network access could lead to interesting finds.
strace -e trace=file,network -o trace.txt ./fuzzer corpus/ -runs=1
0
10
28
Golang crypto/elliptic: specific unreduced P-256 scalars produce incorrect results
2
3
28
Fuzzer for arkworks crates, used by
@EspressoSys
,
@penumbrazone
and others, now running on OSS-Fuzz.
No bugs found during high-intensity fuzzing, harness currently only tests prime field math and point ops g1/g2 + * -, but it's a good start.
1
8
28
Modular exponentiation bug in libtommath, undiscovered since 2004, not yet fixed.
0
2
27
Because Squid maintainers and the Internet Bug Bounty are completely unresponsive, I've decided to publish the patch for the Squid remote buffer overflow, so people can patch ahead of an official release, whenever that may happen.
1
12
27
Mozilla NSS CVE-2020-12403: ChaCha20, ChaCha20/Poly1305 OOB read, OOB write, incorrect output with multi-part updating or small AEAD tag.
Found with Cryptofuzz.
1
4
26
V8 BigInt fuzzer. Easily the most error-prone bignum API I've ever used; I had to slalom between a quite a few overflows before getting everything right (see comments in module.cpp). But I guess it's OK since it's only an internal API (?).
1
6
26
For a client I am looking for an auditor with good familiarity with BLS12-381, Rust, and preferably fuzzing. I had to forgo this opportunity for personal reasons but I want to connect my client with a good replacement. Please get in touch if you are or know someone who is keen.
6
7
26
> run the test suite under valgrind
> collect $100K bug bounty
3
1
26
blst BLS12-381 signature library (used by Ethereum 2.0) security advisory
Other bugs:
- uninitialized branching with non-standard domain separation tag
- invmod hang on i386 if input is 0 or modulo
- NULL ptr dereference
Found with Cryptofuzz
1
4
26
Now trying this to find slow inputs in OpenSSL server. 'cu' is the cycle delta (and the fuzzer feedback signal). Notice the exec/s quickly decreasing.
Releasing
#libcpucycles
library to count CPU cycles: Supports counters for amd64 (both PMC and TSC), arm32, arm64 (both PMC and VCT), mips64, ppc32, ppc64, riscv32, riscv64, sparc64, and x86, plus automatic fallbacks to various OS-level timing mechanisms.
2
29
121
3
0
25
OpenSSL mega crypto fuzzer: all (15) digests + all (144) sym. ciphers encryption+decryption (via EVP and BIO), HMAC + all digests, CMAC + all sym. ciphers, KDFs (SCRYPT + HKDF + TLS1 PRF) and then some. Project goal is mega crypto differential fuzzing @ Google oss-fuzz.
0
6
24
Leaderboard on website hasn't been updated yet but here's the PR
1
0
21
I've been doing a little fuzzing of EOS smart contracts (which are written in C++) with great results (as you'd expect from fuzzing) and as a side effect found a few bugs in the EOSIO Contract Development Toolkit as well.
2
0
23
Found an OpenSSL client DoS, kind of. <200KB of input keeps the client busy for minutes by having it invoke the DH keygen over and over.
Here's a script that generates an input for OpenSSL's client fuzzer:
2
9
23
There's this keccak implementation going around with a nasty limitation, for no good reason
2
0
14
For good measure I found and reported a few bugs in py-evm as well (not used in production, but in scope for the Eth bounty program). Once you've done all the legwork it becomes pretty easy.
We're excited to do more EVM audits. Get in touch: evm
@sentnl
.io
2
5
22
Here's the harness:
To build, run from this branch:
infra/helper.py build_fuzzers skale
First Solidity fuzzer on OSS-Fuzz
For
@SkaleNetwork
I'm doing some fuzzing of their cryptography implemented in Solidity. Specifically BLS signature operations and some other math.
1
0
19
0
5
23
A Windows kernel memory bug was considered not in scope for vague reasons.
The Squid bug bounty program promises up to $32K per bug, but they stop responding after you've done your work, and they've never paid out a penny to anyone.
Bug bounties these days suck.
2
4
22