In my previous bug report on steemd, @crokkon asked if custom JSON was also vulnerable which inspired me to take a closer look. The JSON parsing code in the FC library used by Steem did have a check for

I was interested in a first project for getting familiar with TLA+, “a high-level language for modelling programs and systems.” TLA+ has been used to find errors in the design of real-world distributed

Two smart contract fragments were identified that cause panics in the NeoVM implementation in the Ontology blockchain code. Introduction Ontology is a “distributed trust collaboration platform”, a blockchain

Even quality code with good test coverage can benefit from fuzz testing! The Ripple blockchain server (rippled) did not exhibit any security holes in its JSON implementation, or any invariant violations

Using American Fuzzy Lop on the Snappy compression library found no new bugs, and reported only high memory usage related to preallocation of an output buffer. Users of Snappy should be aware of this

Project Information Repository: Project Name: Steem Expected behavior The Steemd process should handle malformed messages arriving from a peer by logging and error and/or terminating the connection. Actual

This article explains the security risk patched in steemd 0.20.7. Using American Fuzzy Lop on a message parsing library contained in the Steem blockchain implementation found unexpectedly large memory

Fuzz.ai is an early-stage startup dedicated to making software correctness tools easier to use. Fuzzers, model checkers, and property-based testing can make software more robust, expose security

Using American Fuzzy Lop on the JSON parsing library contained in the Steem blockchain implementation found a latent bug. Fortunately, this bug is not exploitable in practice, though it may cause Steem