Apply traditional fuzzing

[danwt]

What is fuzzing

Traditional fuzzing [AFL] is really good at finding bugs in programs that accept 'byte' style data. e.g. programs like parsers and renderers that accept complex images or strings. These programs are often components in bigger systems, therefore fuzzing can be useful for testing a lot of different software. Fuzzers work by generating input data and watching the output of the target binary in a loop. They are easy to use, only requiring (usually) a sandboxed setup to run them in (because a buggy target program might do nasty things to your computer).

Application in interchain security

Fuzzing can be a very cost effective tool so if there is a reason to use in on interchain security then I'd like to. The question is if there is any need? Is there enough of the right kind of surface in ccv/interchain security to suggest fuzzing would be useful? The right kind of surface is usually things like parsers ect.

[danwt]

Question: is fuzzing likely to find anything? Is there any juicy surface area to apply it to in interchain-security/ccv?

[jtremback]

Depends on what you mean by fuzzing. I consider "fuzzing" to be any process where a random sequence of inputs are given to the program, whether those inputs are random bytes, or random messages generated within some schema, like the SDK Simapp. But maybe I am using the term wrong.

I don't think there is any application for fuzzing with random bytes.

Fuzzing with random messages may be useful but may be tricky because there are two chains at play and the application is somewhat complicated. It might be hard to get anywhere interesting.

[danwt]

By fuzzing I mean using tools that have some kind of feedback loop or 'smartness' built in.

I'll save this issue for later as it seems low priority.

[danwt]

There is an example of OSS-Fuzz being used successfully in the sdk here

• https://github.com/cosmos/cosmos-sdk/issues/11732

[danwt]

I'll close this until there is a concrete target for it.