Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views20 pages

MEW - Fuzzing

The document discusses the integration of MEV (Miner Extractable Value) and fuzzing techniques to create a DeFi firewall, aimed at preventing hacking in decentralized finance. It explains how Ethereum's mempool works, the role of validators, and the potential for using MEV to counteract attacks by predicting and mutating transaction sequences. The presentation concludes with a call to follow FuzzLand and highlights their state-of-the-art fuzzer tool.

Uploaded by

Thanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views20 pages

MEW - Fuzzing

The document discusses the integration of MEV (Miner Extractable Value) and fuzzing techniques to create a DeFi firewall, aimed at preventing hacking in decentralized finance. It explains how Ethereum's mempool works, the role of validators, and the potential for using MEV to counteract attacks by predicting and mutating transaction sequences. The presentation concludes with a call to follow FuzzLand and highlights their state-of-the-art fuzzer tool.

Uploaded by

Thanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

MEV + Fuzzing

= DeFi Firewall
Chaofan Shou
Cofounder @ FuzzLand
https://scf.so
$5M rescued by
MEV
Paraspace, Mar 2023
How Ethereum Works

Mempool Validator 1

Mempool Validator 2

Animal emoji is transaction


Location in mempool
How Ethereum Works depends on gas price!

Mempool Validator 1

Mempool Validator 2

Animal emoji is transaction


Nodes share txs with other
How Ethereum Works nodes through P2P

Mempool Validator 1

Mempool Validator 2

Animal emoji is transaction


One validator node
How Ethereum Works commits the block

Mempool Validator 1

Block by Validator 2

Animal emoji is transaction


MEV in a Nutshell

You can decide the order!

for part of mempool


for >90% of validators
by bribing them
Builder finds most profitable
MEV in a Nutshell layout of block and
proposers get it comitted

( )
Builder

(( ))
Searcher ( )
Proposers (Validators)
Animal emoji is transaction
Anti-Hacking w/ MEV
Replay

Executed
Executed
First

(Hacker 🥷 , Our 🥷 )
We steal assets before hackers using hacker’s exploit
🥷 Anti-Anti-Hacking

Insert checks!
Simply replay would revert
Anti^3-Hacking
Mutating for Replay (Post-Attack)

Trace of 🥷 =( (1), (0x55D6Bf...), (0x55D6Bf...))

We Try:
( (1), (0x55D6Bf...), (0x35cbD...))
( (1), (0x35cbD...), (0x35cbD...))
( (10), (0x35cbD...), (0x55D6Bf...))
…….
Until Profit!
Fruit emoji is calls to contract
Anti^3-Hacking
Mutating for Replay (Post-Attack)

Post-Attack MEV =
High Chance of Failing
Anti^3-Hacking
Mutating for Replay (Post-Attack)

Can we do better?
Anti^3-Hacking
Attack Prediction (Pre-Attack)

When pre-work happens,


Predict attack
Anti^3-Hacking
Attack Prediction (Pre-Attack)

We determine 🥷 may be malicious by ML


& it calls (1)

We Predict:
Can ( (1), ….) yield profit?

Fruit emoji is calls to contract


Anti^3-Hacking
Fuzzing in a nutshell

Try all sequences of Txs


With heuristics to prioritize exploration of certain
sequence of txs
Anti^3-Hacking
Why Fuzzing for Attack Construction?

Fuzzing is good at finding sequence of


transactions leading to vulnerabilities
thanks to the heuristics
Anti^3-Hacking
Attack Prediction (Pre-Attack)

We Predict:
Can ( (1), ….) yield profit?

(1) becomes hints for fuzzing


with part of exploit, # input to explore shrinks

Fruit emoji is calls to contract


Anti^3-Hacking
Attack Prediction (Pre-Attack)

Mempools

� Fuzzer

Fruit emoji is calls to contract


Thanks!
Follow us on Twitter
FuzzLand @hackthedefi
Me @shoucccc 4x c

And state-of-the-art fuzzer we built:


https://github.com/fuzzland/ityfuzz

You might also like