I got some requests to fuzz Bitcoin, so I did. They can be found here:
https://github.com/guidovranken/bitcoin/tree/fuzzing/fuzzers
I expect them to be merged into the main project soon.
So far only one issue has been found: https://github.com/bitcoin/bitcoin/pull/11081 . This code is currently unused and does not pose a security risk (forks of Bitcoin may want to check whether they are using it).
Judging by the number of issues found (1) after extensive fuzzing, the Bitcoin code appears to be exceptionally well-written. Which is also exceptionally good news, because this code is not only used by Bitcoin but also by many, many altcoins, and thus guards billions and billions of dollars.
I’m actively working on expanding the fuzzers and their code coverage (as much as time permits).
Tip jar: 1BnLyXN2QwdMZLZTNqKqY48bU4hN2A3MwZ
In other news, I have a new OpenVPN vulnerability coming up that’s the worst yet in terms of severity but only affects a small number of users. To be announced.
Guido Vranken 