D4C is malicious version of Geth for fuzzing the devp2p protocols of ethereum.

Problem

In order to ensure the good running of Ethereum, it is imperative that it remain highly secure. As a large blockchain, Ethereum represents a target for potential hackers.

The Ethereum network and the different protocols of the devp2p play an essential role in enabling communication between nodes, which is an essential element for the operation of the protocol.

Vulnerabilities or errors in this network could cause significant problems. It is therefore crucial to guarantee the maximum security of the network and exchanges between nodes.

To avoid that, ethereum contributors have developed a lot of tools, including fuzzers.

Fuzzer programs are programs that provide invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

There is a lot of Fuzzer projects built by ethereum community and protocol contributors but one thing we can notice is that there is no fuzzer interacting with the devp2p using an execution client.

Solution

D4C is a modified version of go-ethereum client who send fuzzed and malicious messages to others clients in order to find bugs and security vulnerabilities.

it can correctly connect to the Ethereum network and perform fuzzing on messages.

The project was able to find over 30 bugs on various Ethereum execution clients and also a security vulnerability .