Seeking feedback re: Ziggurat network testing suite

Hi everybody, my name is Mark Henderson. I’m the VP of Engineering at Equilibrium and part of the Ziggurat team. We are interested in expanding our coverage to The Graph network and, as per the grant instructions, are soliciting feedback on our approach before applying.

We have successfully applied the Ziggurat process to ZCash, XRPL, and Algorand, finding networking layer bugs and security vulnerabilities in their P2P networks which are very similar to the one that powers The Graph. Our claim is that, one day soon, a malicious attack on a peer-to-peer network will take down an entire blockchain. The ultimate goal of Ziggurat is to prove our own claim wrong.

Ziggurat expands beyond the standard suite of network tests coupled with the node by reverse engineering the network protocol to create a “synthetic node” that speaks the network protocol and then and using the it to perform a battery of black box tests that validate the networking spec, test the nodes under load, and simulate things like malicious intent.

The overall steps are:

1. Pre-flight checks

• Study of existing network documentation and/or code base
• Liaising with existing developers
• Set up existing test harness

2. Reverse engineer the network protocol via the use of a synthetic node

3. Write the test suite for a single network node

• Identify instances where a node’s behavior is non-conformant to spec
• “Fuzz” the inputs with unexpected values
• Test performance under heavy load / DoS conditions
• Emulate malicious actors and disclose findings

4. Expand test suite to network wide

1. Crawl the network looking for reachable nodes via the network layer (not RPC)
2. Analyze network topography to detect centrality and islands
3. Conduct “red team” exercises on testnet

We would be thrilled to perform any or all of these activities for The Graph’s network. A successful implementation will likely find critical bugs and flaws in the existing network implementation, or at least convincingly validate the robustness of the existing network implementation in the absence of bugs and flaws.

Ziggurat not only helps existing node developers harden their implementations, it also makes it easier for others to create their own node implementations.

Please let us know what you think, and if you have any questions/comments/suggestions!

Just a quick FYI - we have applied via the Typeform

Hi aphelionz,

Thanks for applying and posting here.

We take security very seriously, which is why we have a bug bounty program with Immunefi, with bounties up to $2.5M. We would appreciate it if you could use your testing suite to look for valid vulnerabilities, and report those via Immunefi instead, as many other whitehat hackers and security researchers do. The bug bounty covers all components of The Graph’s stack.

When it comes to security grants, we believe this is the most efficient way to go for both parties. This is aligned with our retroactive funding scheme and approach.

Thank you so much, once again! We’re eager to know what your team finds out.

Hi @Pedro! Following up on this - given the market conditions is there still enough money in The Graph’s treasury to cover a $2.5M bug bounty?

Hi @aphelionz

The details of our bug bounty program remains the same. We’re in the process of getting our Immunefi listing updated, but the assets and bounty sizes will not change.

I kindly invite you to use their platform if you found something. If you do so, and for security reasons, no need to acknowledge anything here.

Sounds good @Pedro. We’re thinking of focusing exclusively on the networking layer, as we have for Zcash, XRPL, and Algorand. Is that something that would still “count” in terms of the bounties?

Hi @aphelionz

We’ve just updated the rules of our security bug bounty program here: The Graph Bug Bounties | Immunefi I highly recommend checking what’s in scope. If you submit something that’s valuable, you’ll get rewarded accordingly

Perfect, @Pedro Thank you! It looks like this is the one we’re targeting:

A bug that could cause network disruption at Indexer and Gateway level, taking at least 50% of both Gateways and Indexer nodes down (Indexer software stack)