Writing Fuzz Targets for Wallets: Avoiding Known Issues

In the realm of software testing, particularly fuzzing, there's a continuous exploration for enhancing efficiency and effectiveness. A notable method that has gained attention is ensemble fuzzing, which integrates the use of multiple fuzzers such as AFL++, libfuzzer, and honggfuzz concurrently on the same set of inputs. This approach aims to leverage the unique strengths of each fuzzer, thereby potentially uncovering more vulnerabilities than when using a single tool.

Another innovative strategy discussed within fuzzing communities involves the optimization of the test corpus. Traditionally, tools like cmin are employed to minimize the corpus while maintaining coverage. However, some practitioners suggest a more radical approach of periodically removing a random portion of the corpus. This method introduces additional variance, which could lead to discovering new paths or vulnerabilities not previously identified with a static corpus set.

Furthermore, there's a debate on the effectiveness of using common project corpora versus creating a bespoke corpus. The latter can offer unique advantages, such as achieving similar coverage with different inputs. This tailored approach might reveal issues that standard corpora, which may become too predictable over time, fail to expose.

These discussions reflect a broader trend in the fuzzing community towards experimentation and customization. By adapting and combining multiple strategies, developers can enhance their fuzzing workflows, potentially leading to quicker identification of vulnerabilities and overall improvements in software reliability.