bitcoinfuzz

bitcoinfuzz is a differential fuzzing harness for Bitcoin implementations and libraries. It builds multiple modules side by side, feeds them the same randomized inputs, and compares how they parse, validate, and serialize data. That catches crashes, consensus edge cases, and behavior mismatches before they ship downstream.

The public repository already covers a broad set of Bitcoin, Lightning, and library modules, along with a separate public corpora repository for shared fuzz inputs. Public work on the repo shows the direction clearly. Earlier fuzzing exposed a critical NBitcoin consensus bug through script evaluation, and newer public pull requests add differential libbitcoinkernel modules, the first Utreexo target with rustreexo, libwally-core, bitcoin-s, and a verify_script target across Bitcoin Core, btcd, and NBitcoin.

Why fund it?

Bitcoin has multiple full nodes, libraries, bindings, and wallet stacks. That diversity needs constant cross-checking. bitcoinfuzz turns implementation differences into concrete test cases that maintainers can inspect and fix.

OpenSats highlighted bitcoinfuzz in its grant announcement for Bruno Garcia. Support for this work helps fund maintenance, new targets, new module integrations, shared corpora, and the build infrastructure needed to keep cross-implementation testing useful as the ecosystem changes.

What's next?

The public repo already points to the near-term direction: keep adding modules, keep adding cross-implementation targets, and keep the build system workable across a mixed-language stack. That includes script evaluation, parsing, Lightning data, and kernel bindings where implementation differences are easiest to miss.

Recent public maintenance moved Bitcoin Core to a submodule and kept Docker and multi-module build plumbing in shape. That lowers the cost of updates and makes it easier to keep expanding target coverage.