search

revault / revault_tx

Script descriptors and transaction creation routines for Revault
BSD 3-Clause "New" or "Revised" License
15 stars 9 forks source link

Fuzz the transaction chain creation #88

Closed darosior closed 3 years ago

darosior commented 3 years ago

Based on #87 this adds a new fuzzing target testing different possible setups. This required some prep work, but basically we use the existing derive_transactions routine and feed it random configurations.

darosior commented 3 years ago

Finally rebased on master now that #87 and #94 are merged.

darosior commented 3 years ago

Adding a commit reproducing the bug in the sighash computation

darosior commented 3 years ago

Amended the commit to have a mirror unit test of what is asserted in the fuzz target. See how repro2 is the very same code as in the fuzz target and the assertion passes in the unit test but not in the fuzz target. I can't make sense out of it. There is no chance 0000000000000000000000000000000000000000000000000000000000000004 is the result of anything getting hashed.

darosior commented 3 years ago

Finally got back to this. Found the issue and fixed it in the last commit.

darosior commented 3 years ago

Rebased on master, surprinsingly didn't have conflicts

darosior commented 3 years ago

This uncovered a few bugs already, going to let it run now.

darosior commented 3 years ago

It found a few more incorrectness in the test (which is good news), should be pretty final now.

danielabrozzoni commented 3 years ago

I'll let it run for a while. Just a nit, can you please fix here https://github.com/revault/revault_tx/blob/master/fuzz/README.md the flag is max_len, not maxlen. Thanks :)

darosior commented 3 years ago

Be sure to use the corpus or it'll fail on policy compilation for awhile. Had to generate some seeds for it to start to be smart

Sent from ProtonMail mobile

-------- Original Message -------- On Sep 1, 2021, 18:11, Daniela Brozzoni wrote:

I'll let it run for a while. Just a nit, can you please fix here https://github.com/revault/revault_tx/blob/master/fuzz/README.md the flag is max_len, not maxlen. Thanks :)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

darosior commented 3 years ago

Fuzzed overnight without a crash. Now generating coverage. Think it's good to go then i'll add it to my boutique Revault Continuous Fuzzing setup :)

darosior commented 3 years ago

Yay fuzz coverage (of only this new target) is great http://download.darosior.ninja/dump/revault_tx_fuzz_cov.html

darosior commented 3 years ago

ACK b368b18a89cc05e923aed6029999f05c6e92275e