Fuzzamoto

Fuzzamoto provides a framework and fuzzing engine for coverage-guided fuzzing of Bitcoin full node implementations.

Implementation Agnostic: The same tests can target different protocol implementations and compare their behavior (e.g. Bitcoin Core, btcd, libbitcoin, ...)
Holistic: Tests are performed on the full system, not just isolated components, enabling the discovery of bugs that arise from the composition of different components
Coverage-Guided: Fuzzing is guided by coverage feedback

It is not meant to be a replacement for traditional fuzzing of isolated components, but rather a complement to it.

Check out the book for more information.

Trophies

Project	Bug	Scenario
Bitcoin Core	`migratewallet` RPC assertion failure	`wallet-migration`
Bitcoin Core	`migratewallet` RPC assertion failure	`wallet-migration`
Bitcoin Core	assertion failure in `CheckBlockIndex`	`rpc-generic`
Bitcoin Core PR#30277	Remotely reachable assertion failure in `Miniketch::Deserialize`	`ir`
Bitcoin Core PR#28676	Assertion failure in `CTxMemPool::check()`	`ir`
Bitcoin Core	uncaught exception in IPC interface	`ipc-mining` (*)
btcd	bloom filters; panic: integer divide by zero	`ir`
btcd	addrv2; panic: invalid memory address or nil pointer dereference	`ir`
btcd	infinite wait in getdata handling	`ir`