Are you a bug hunter? Try out FuzzCoin.

FuzzCoin is a public fuzzing network inspired from group-mining of BitCoin. To put it in one sentence, Fuzzing is a computer technique to automatically find software defects; which is helpful to software developers making their product secure and trustworthy What is Fuzzing?. In BitCoin you want to find hash collision, but in FuzzCoin you want to find bugs (or new code coverage). Your mining bot will join a fuzzing-pool that you choose and fireup isolated (docker) environment to run fuzzer and generate Proof-of-Fuzzing-Work (PoFW) to get fuzzcoins.
From business perspective, fuzzcoin is an ecosystem depicted as follow.



We want your computing power for large-scale distributed fuzzing (Google's ClusterFuzz is based on 25,000 CPU cores. We need you to outperform Google). In return, even if you couldn't find any bugs, you get FuzzCoin points simply by submitting the proof-of-fuzzing-work; similarly to BitCoin group mining. You can earn FuzzCoin points with following three events and enroll your self to ranking board.

Reward Type Description
PoFW Proof-of-Fuzzing-Work. This is a hash value that our fuzzer generates to prove that you actually ran our fuzzer.
Fuzzing pool server will verify your PoFW and give you tiny reward (typically one fuzzcoin).
Some fuzzing pools do not give reward based on PoFW based on their configuration and policy.
Coverage This is the main type of reward you will hunt (harder than PoFW, easier than Crash).
Coverage here is defined as "a special input that expands the global code coverage".
This indicates that you found some special input data which makes the software to execute
the previously unexplored portion of the code.
Finding and expanding the coverage will eventually accelerate our system to find crashes.
Crash This is the ultimate discovery we want to make. Crash here is defined as "an input that triggers crash
to the target software", which means your fuzzer actually found a software defect that needs to be fixed.
Typically, you will get a substantial amount of FuzzCoins for this.
The crash-triggering input that you (fuzzing bot) found will be reported to fuzzing-pool masters
(software developers of the project) with discoverer's ID and this project.
You can also report the bug you found, but please mention this project to the report
(e.g., "bug was discovered using fuzzcoin").

Usage Example

0. Donation Mode

For people who aren't familiar with fuzzers/linux stuffs, we provide WASM-fuzzer.
WASM-fuzzer runs inside your web-browser, thus there is absolutly no need for any cumbersome setups.
You don't even need to sign up, just click a link and you can contribute to our research.
If you have account and you are logged in when you click the link, WASM-fuzzer will get you points (slowly).
If not, you are considered as an anonymous donor for our fuzzing project.
You should see something like the following if your WASM-fuzzer is successfully running.



1. Create Account

To list your self for contribution ranking, run linux-based fuzzers, you need to create an account. It only takes your Name/Email/Password.
After you login, you can select the fuzzing pool you want to join (choose an open-source project that you want to contribute).
Once you click a project, you will see something like this.


  

2. Setup Environment

To run fuzzer you need Linux environment (you can your web-browser for WASM-fuzzers, but you can't access bugs in that case)
For Linux environment we recommend the following distros: Ubuntu 16.04/18.04 (mostly recommended), Debian 10.x, and CentOS 7.x (all 64bit).
In the fuzzing-pool project page (you can see once you login), we provide a command-line you can copy and paste to your terminal.
The command-line downloads our python bootstrap script and executes. You should see something like this if things happen without error.

  

3. Running Fuzzer

For WASM-fuzzers, no need to setup at all (just click the linke and done).
For Linux-fuzzers do as our setup script tells you and you are all set!
You should see the following screen when you successfully start fuzzcoin mining.

  

4. Download Your Bugs

You can list the bugs you found and download them from the web site.
Note that your bug can be automatically reported to developers (with your credit).



The bug file you download is essentially libfuzzer's input file.
To test/reproduce your bug, the best way is connecting inside your docker container as below.

1. `sudo docker ps` to get your running container ID.
2. `sudo docker exec -it [your_container_id] bash` to get inside docker container.
3. inside docker, you will see a file starting with `crash-` prefix (if you found crash).
4. run `/target.bin /crash-xxxxxxxxxxxxxxxxx` to reproduce crash and see ASAN result.
* You can extract the `target.bin` (libfuzzer binary) to your host and try the same thing
but if there is mismatch in environment (e.g., library) you might fail to reproduce crash.

* If you kill your docker and restart, put your crash input inside docker (via shared folder),
your fuzzer `target.bin` might be changed into different version
thus fail to reproduce the crash (some projects has multiple versions of `target.bin`, e,g, 10 or 100).
So, it is best not to exit your docker since the moment you found crash (to maintain same environment).
For some projects, you might get the different version of `target.bin` when you restart your docker container.
As an alternative, you can download fuzzer binaries from each project pages and feed your crash input to all of them.
If you have trouble reproducing the bug, contact admin for support.
  

5. Advanced Linux Users

If you have fancy multi-core CPU, you can run multiple fuzzers in parallel and maximize your computing power.
In your `fuzzcoin-worker` folder, you will see `multi-run.sh` script.
Try `multi-run.sh [#core]` which will install `tmux` (for management) and start multiple tmux sessions.
Each tmux session will pin your CPU cores to your fuzzer. See below.


Also, you can customize details (CPU usage, Pools you want to fuzz, etc) in your `Advanced` menu.
Refer the following menu (require login).