Villain in the Dark Forest: Fuzzing and Chaos Testing for Blockchain Systems
Fuchen Ma
Abstract:
Blockchain systems are built on the promise of trustless and secure decentralized computing. Yet, their inherent complexity and adversarial operating environment leave them vulnerable to subtle but critical bugs that often evade conventional testing methods. How can we proactively uncover these hidden vulnerabilities before they are exploited maliciously?
This talk introduces a framework for enhancing blockchain resilience by strategically adopting the adversary's perspective. We present a systematic approach to fuzzing and chaos engineering, deploying "inside agents" within a blockchain network. These agents deliberately orchestrate node-level disruptions, including state-aware consensus packet mutation, data storage pollution, and logic-level bug oracles. This framework has successfully detected over 50 bugs in major systems like Go-Ethereum and Hyperledger Fabric. It has been integrated into WeBank's FISCO BCOS and is currently being adopted by Aptos and Pharos, proving its practical value in securing real-world blockchain infrastructures.
Bio:
Fuchen Ma is a postdoctoral researcher at Tsinghua University. He received his Ph.D. from Tsinghua in 2024, advised by Prof. Jiaguang Sun and Prof. Yu Jiang. His research focuses on fuzz testing for blockchain and distributed systems, including protocol implementations. As first author, he has published his papers in top security venues such as IEEE S&P, CCS, USENIX Security, and NDSS. His doctoral dissertation received the Excellent Doctoral Dissertation Award from the China Institute of Electronics. In 2021, he was named a Tencent Elite Talent and selected as MVP of the Year by the FISCO BCOS community. In 2025, he received a grant from the Aptos Foundation to integrate his fuzzing tool into the Aptos blockchain.