mpfuzz: Bug Reports & Demos
Symbolized stateful fuzzer for mempool security in Ethereum and beyond
Embedded Files
This website shows the snapshot of the state-search tree of various Ethereum clients under the mpfuzz. We use the box filled with yellow to report the ADAMS exploits that mpfuzz found.
We list the exploits we found in the following table. The rows with grey background are the exploits that were already known before we report.
Bug Report Status
XT7 (ED3), XT4 (TD2) on Nethermind:
CVE-2023-51822 (XT4), CVE-2023-51826 (XT7)
XT4 (TD2) on Erigon: CVE-2023-51824
XT2 (ED2), XT4 (TD2) on Besu:
CVE-2023-51821 (XT2), CVE-2023-51825 (XT4)
XT1 (DETER-X), XT2 (DETER-Z) on Besu
XT8 (A mempool-locking exploit) on Reth: CVE-2023-51823
XT2 (DETER-Z), XT4 and XT6 on EigenPhi builder
XT6 on Flashbot builder
Demo: Running mpfuzz on Geth V1.11.4 (one exploit found: XT6)
3-slots-geth-1-11-4.jpgXT6 (in 3 slot mempool)
6-slots-geth-1-11-4.pdfXT6 (in 6-slot mempool)
9-slots-geth-1-11-4.pdfXT6 (in 9-slot mempool)
Demo: Running mpfuzz on Geth pre-V1.11.4 (exploits found: XT2, XT4, XT5)
3slots-geth-old.pdfXT2, XT4 and XT5 (in 3 slot mempool)
6-slots-geth-old.pdfXT2, XT4 and XT5 (in 6 slot mempool)
Demo: Running mpfuzz on Nethermind-V1.18.0 (exploits found: XT4, XT7)
3-slots-nethermind.pdfXT4 (in 3 slot mempool)
nethermind-lowcost.pdfXT7 (in 3 slot mempool)
Demo: Running mpfuzz on Erigon-V2.42.0 (one exploit found: XT4)
3-slots-erigon.pdfXT4 (in 3 slot mempool)
Demo: Running mpfuzz on Geth-V1.11.4 (video)
video-mpfuzz-3slots.mov3 slots mempool
Page updated
Google Sites
Report abuse