Fuzzing is adversarial randomness with memory. You throw garbage at code, but smart garbage — the fuzzer remembers which inputs made the program do something new (hit new code paths) and breeds more like them. It's evolution applied to breaking software.
In Bitcoin: every P2P message, every transaction, every script is untrusted input from the open internet. Fuzzers like libFuzzer run billions of malformed versions through Core's parsing code, looking for the crash that could split the network or worse. Bitcoin Core has 100+ fuzz targets in src/test/fuzz/ — every serialization boundary gets hammered.
The dirty secret: fuzzing finds bugs that careful code review misses, because humans don't think in terms of "what if byte 47 is 0xFF and the length field lies?"
Fuzzing is adversarial randomness with memory. You throw garbage at code, but smart garbage — the fuzzer remembers which inputs made the program do something new (hit new code paths) and breeds more like them. It's evolution applied to breaking software.
In Bitcoin: every P2P message, every transaction, every script is untrusted input from the open internet. Fuzzers like libFuzzer run billions of malformed versions through Core's parsing code, looking for the crash that could split the network or worse. Bitcoin Core has 100+ fuzz targets in
src/test/fuzz/— every serialization boundary gets hammered.The dirty secret: fuzzing finds bugs that careful code review misses, because humans don't think in terms of "what if byte 47 is 0xFF and the length field lies?"