Differential Fuzzing of Bitcoin implementations and libraries. Note this project is a WIP and might be not stable.
Change the RUST_TARGET according to your architecture.
export RUST_TARGET="aarch64-apple-darwin"
cd modules/rustbitcoin
cd rust_bitcoin_lib && cargo build --release --target=$RUST_TARGET
cd .. && make
export CXXFLAGS="$CXXFLAGS -DRUST_BITCOIN"export RUST_TARGET="aarch64-apple-darwin"
cd modules/rustminiscript
cd rust_miniscript_lib && cargo build --release --target=$RUST_TARGET
cd .. && make
export CXXFLAGS="$CXXFLAGS -DRUST_MINISCRIPT"For the script_eval target, we recommend to get Mako from https://github.com/brunoerg/mako/tree/bitcoinfuzz since there are some checks that should be skipped for better fuzzing.
cd modules/mako
export MAKO_LIB_PATH="path/to/libmako.a"
makecd modules/btcd
make
export CXXFLAGS="$CXXFLAGS -DBTCD"cd modules/bitcoin
make
export CXXFLAGS="$CXXFLAGS -DBITCOIN_CORE"
export BOOST_LIB_DIR="path/to/boost/"Once the modules are compiled, you can compile bitcoinfuzz and execute it:
make
FUZZ=target_name ./bitcoinfuzz- sipa/miniscript: sipa/miniscript#140
- rust-miniscript: rust-bitcoin/rust-miniscript#633
- rust-bitcoin: rust-bitcoin/rust-bitcoin#2681
- btcd: btcsuite/btcd#2195 (API mismatch with Bitcoin Core)
- Bitcoin Core: #34
- rust-miniscript: rust-bitcoin/rust-miniscript#696 (not found but reproductive)
- rust-miniscript: #39
- rust-bitcoin: rust-bitcoin/rust-bitcoin#2891
- rust-bitcoin: rust-bitcoin/rust-bitcoin#2879
- btcd: btcsuite/btcd#2199
- rust-bitcoin: #57
- rust-bitcoin: CVE-2024-44073
- rust-miniscript: rust-bitcoin/rust-miniscript#785
- rust-miniscript: rust-bitcoin/rust-miniscript#788