Differential Fuzzing of Bitcoin implementations

bruno · November 18, 2023, 3:06pm

Hi, all!

I’m working on differential fuzzing of Bitcoin implementations/libraries (GitHub - brunoerg/bitcoinfuzz: Differential Fuzzing of Bitcoin implementations and libraries). I’m starting it with miniscript, so at this moment it’s fuzzing Core’s and rust-miniscript.

I’m openning this topic to raise ideas and get feedbacks about it.

sipa · November 29, 2023, 11:01pm

Nice, and it seems you’ve discovered something too (bug: `pk()()` is considered a valid policy · Issue #140 · sipa/miniscript · GitHub)!

bruno · December 1, 2023, 7:30pm

Yes, I got more crashes but I’m analyzing them before publishing them.

bruno · December 18, 2023, 6:03pm

Another crash has been discussed in rust-miniscript repo: bug: some miniscripts are being pointed as invalid, but are valid · Issue #633 · rust-bitcoin/rust-miniscript · GitHub

cc: @sipa

bruno · April 15, 2024, 9:37am

One more bug found by it!

github.com/rust-bitcoin/rust-bitcoin

Bug on witness verification (witness flag but empty witnesses)

opened 07:28PM - 12 Apr 24 UTC

brunoerg

By applying differential fuzzing ([bitcoinfuzz](https://github.com/brunoerg/bitc…oinfuzz)) with rust-bitcoin and Bitcoin Core for block deserialization, I found out a bug during the transaction verification step. Basically, it's illegal to have the witness flag present and all witness stacks empty. That is, it has inputs, they have empty witnesses, but the transaction is flagged as segwit. It seems this case is not being catched properly. Base64 to reproduce (for block deserialization): //////////+puampqalJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJqampKak4ODg4ODg4qampqVdRqampAgICAgIB/QITAAICAgICAgICAAABAABRAgICAgH9AgICAgICAgICAgICAgICAgICAgICAACRAAIAAAAAAAAAAFECAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgAAApECAAIAAAAAAAAAUQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAICRAAAAAAAAFv////8AAD0A/////y3/////////AP////8AAQAAAAD///8=