Skip to main content

WebAssembly Runtimes Fuzzing (WARF)

This document is referenced in the terms and conditions and therefore needs to contain all the required information. Don't remove any of the mandatory parts presented in bold letters or as headlines! See the Open Grants Program Process on how to submit a proposal.

  • Proposer: pventuzelo
  • Payment Address: 3An3qG2j5RJA3inJMVSzZ8uLp1T55JuL1M

The above combination of your GitHub account and payment address will be your unique identifier during the program. Please keep them safe.

Project Description 📄

This project aim to improve security and resilience of WebAssembly runtimes and parsers using fuzzing. This project will help developers to audit automatically wasm runtime engines and identify security issues/bugs. Multiple fuzzing techniques will be used to achieve this goal but mainly grammar-based fuzzing and differential fuzzing. Complete documentation and user-friendly APIs will be provide to help developers to integrate new WebAssembly runtimes quickly and without any fuzzing skills.

Team 👥

Patrick is an Independent Security Researcher specialized in vulnerability research, fuzzing, reverse engineering and program analysis. He is teacher of two training respectively about WebAssembly Security and Rust Security.

Patrick found hundred of bugs in opensource projects mainly inside WebAssembly VMs and parsers. He is the author of Octopus, one of the first open-source security analysis tool supporting WebAssembly and multiple Blockchain smart contracts bytecode to help researchers perform closed-source analysis.

Development Roadmap 🔩

  • Total Estimated Duration: 3 months
  • Total Costs: 4.5 BTC

Milestone 1 - Discovery & project architecture

  • Estimated Duration: 2 weeks
  • Costs: 0.75 BTC
NumberDeliverableSpecification
1.Integration PlanList of major WebAssembly runtimes used in Polkadot ecosystem and APIs to interact with them.
2.Project developmentDevelopment of the project base (architecture and interface)
3.APIsCreation of integration APIs + documentation
4.Delivery reportTutorial for project installation and testings

Milestone 2 - WebAssembly VM/parsers integration

  • Estimated Duration: 4 weeks
  • Costs: 1.5 BTC
NumberDeliverableSpecification
1.Runtimes IntegrationIntegration with previously listed runtimes engines.
2.CLI toolCommand line tool allowing execution of wasm modules through all runtimes.
3.Project developmentImprovement of the project (threading, runtimes perf monitoring)
4.Project developmentDevelopment of fuzzing harness per runtimes.
5.Runtimes dockersDockers to install runtimes engines easily
6.Delivery reportsTutorial for runtimes installation, compilation, how to run tools and unittests
7.Unittestunit test to verify all runtimes engines work as expected

Milestone 3 - Fuzzing & improvement

  • Estimated Duration: 4 weeks
  • Costs: 1.5 BTC
NumberDeliverableSpecification
1.Project developmentEvaluation fuzzing hardness + improvement
2.Fuzzing ImplementationDifferential fuzzing implementation for wasm runtimes and parsers.
3.Fuzzing ImplementationGrammar fuzzing implementation specific to WebAssembly module
4.Project developmentImprovement of the fuzzing (input file sharing, mutation algorithm, speed).
5.Delivery reportsTutorial for running fuzzers and use advanced CLI options
6.Unittestunit test to verify fuzzing is deterministic and reproductible

Milestone 4 - Performance & Documentation

  • Estimated Duration: 2 weeks
  • Costs: 0.75 BTC
NumberDeliverableSpecification
1.TutorialRuntime integration tutorial
2.TutorialUtilisation tutorial
3.DocumentationInternal architecture
4.DocumentationDetails fuzzing engines & techniques
5.Performance testingImprove fuzzing performances and benchmarks

Additional Information ➕

Some additional information :

  • I'm planning to support a maximum of wasm runtimes and parsers
  • The project will interact with runtimes implemented in different languages but mainly Rust, C, C++ and Go (potentially Python and JS)
  • Huge part of the project will be focused on improving fuzzing performance and create a friendly way to integrate new wasm runtime with the project.
  • Based on actual Polkadot hosts (Substrate, Kagome, Gossamer), I will start integrating parity-wasm, wasmi, wasmtime, wasmer and binaryen.