Differential Fuzzing Framework for Polkafuzz. Maintained by Sigma Prime for the Web3 Foundation.
This project aims at identifying bugs, vulnerabilities, and non-conformance on various Polkadot Host implementations, by leveraging different fuzzing engines and techniques.
A note on terminology: "client" and "implementation" are used interchangeably here to mean a specific Polkadot implementation.
The following diagram describes the current architecture of polkafuzz:
The purpose of this tool is to identify crashes (i.e. panics) in Polkadot implementations. It uses multiple different fuzzing engines (AFL++, HonggFuzz, libFuzzer, etc.).
A differential fuzzer of Polkadot implementations using libfuzzer and libafl. It is developed in Rust (for ease of maintainability) and leverages Foreign Function Interfaces (FFI) bindings.
By leveraging the latest updates to the libfuzzer-sys and cargo_fuzz crates, this tool is able to write fuzz targets that take well-formed instances of custom types by deriving and implementing the Arbitrary trait, which allows us to create structured inputs from raw byte buffers.
This tool can be used to reproduce crashes to help with debugging and triaging.
Please refer to each tool's README for detailed instructions: