test(fuzzing): add tx creation scenario to fuzz target

oleonardolima · oleonardolima · commit 8ea8cb61c94c · 2025-08-07T11:53:11.000-03:00
- add the `CreateTx` scenario to `bdk_wallet` fuzz target.
- add two new macros: `try_consume_tx_builder` and
  `try_consume_sign_options`, in order to build the specific structures
and types required for tx creation, signing and applying to wallet.
diff --git a/fuzz/fuzz_targets/bdk_wallet.rs b/fuzz/fuzz_targets/bdk_wallet.rs
@@ -7,10 +7,11 @@ use std::{
 };
 
 use bdk_wallet::{
-    bitcoin::{hashes::Hash as _, BlockHash, Network, Txid},
+    bitcoin::{self, hashes::Hash as _, BlockHash, Network, Txid},
     chain::{BlockId, ConfirmationBlockTime, TxUpdate},
     rusqlite::Connection,
-    KeychainKind, Update, Wallet,
+    signer::TapLeavesOptions,
+    KeychainKind, SignOptions, TxOrdering, Update, Wallet,
 };
 
 use bdk_wallet::bitcoin::{
@@ -19,8 +20,8 @@ use bdk_wallet::bitcoin::{
 
 use bdk_wallet_fuzz::{
     fuzz_utils::*, try_consume_anchors, try_consume_bool, try_consume_byte, try_consume_checkpoint,
-    try_consume_seen_or_evicted_ats, try_consume_txouts, try_consume_txs, try_consume_u32,
-    try_consume_u64, try_consume_u8,
+    try_consume_seen_or_evicted_ats, try_consume_sign_options, try_consume_tx_builder,
+    try_consume_txouts, try_consume_txs, try_consume_u32, try_consume_u64, try_consume_u8,
 };
 
 // descriptors
@@ -114,8 +115,47 @@ fuzz_target!(|data: &[u8]| {
                 wallet.apply_update(update).unwrap();
             }
             WalletAction::CreateTx => {
-                // todo!()
-                continue;
+                // generate fuzzed tx builder
+                let tx_builder = try_consume_tx_builder!(&mut new_data, &mut wallet);
+
+                // generate fuzzed psbt
+                let mut psbt = match tx_builder.finish() {
+                    Ok(psbt) => psbt,
+                    Err(_) => continue,
+                };
+
+                // generate fuzzed sign options
+                // let sign_options = consume_sign_options(new_data);
+                let sign_options = try_consume_sign_options!(data_iter);
+
+                // generate fuzzed signed psbt
+                let _is_signed = match wallet.sign(&mut psbt, sign_options.clone()) {
+                    Ok(is_signed) => is_signed,
+                    Err(_) => continue,
+                };
+
+                // generated fuzzed finalized psbt
+                // extract and apply fuzzed tx
+                match wallet.finalize_psbt(&mut psbt, sign_options) {
+                    Ok(is_finalized) => match is_finalized {
+                        true => match psbt.extract_tx() {
+                            Ok(tx) => {
+                                let mut update = Update::default();
+                                update.tx_update.txs.push(tx.into());
+                                wallet.apply_update(update).unwrap()
+                            }
+                            Err(e) => {
+                                assert!(matches!(
+                                    e,
+                                    bitcoin::psbt::ExtractTxError::AbsurdFeeRate { .. }
+                                ));
+                                return;
+                            }
+                        },
+                        false => continue,
+                    },
+                    Err(_) => continue,
+                }
             }
             WalletAction::PersistAndLoad => {
                 let expected_balance = wallet.balance();
diff --git a/fuzz/src/fuzz_utils.rs b/fuzz/src/fuzz_utils.rs
@@ -166,6 +166,193 @@ macro_rules! try_consume_checkpoint {
     }};
 }
 
+#[macro_export]
+macro_rules! try_consume_sign_options {
+    ($data_iter:expr) => {{
+        let mut sign_options = SignOptions::default();
+
+        if try_consume_bool!($data_iter) {
+            sign_options.trust_witness_utxo = true;
+        }
+
+        if try_consume_bool!($data_iter) {
+            let height = try_consume_u32!($data_iter);
+            sign_options.assume_height = Some(height);
+        }
+
+        if try_consume_bool!($data_iter) {
+            sign_options.allow_all_sighashes = true;
+        }
+
+        if try_consume_bool!($data_iter) {
+            sign_options.try_finalize = false;
+        }
+
+        if try_consume_bool!($data_iter) {
+            // FIXME: how can we use the other include/exclude variants here ?
+            if try_consume_bool!($data_iter) {
+                sign_options.tap_leaves_options = TapLeavesOptions::All;
+            } else {
+                sign_options.tap_leaves_options = TapLeavesOptions::None;
+            }
+        }
+
+        if try_consume_bool!($data_iter) {
+            sign_options.sign_with_tap_internal_key = false;
+        }
+
+        if try_consume_bool!($data_iter) {
+            sign_options.allow_grinding = false;
+        }
+
+        sign_options
+    }};
+}
+
+#[macro_export]
+macro_rules! try_consume_tx_builder {
+    ($data:expr, $wallet:expr) => {{
+        let mut data_iter = $data.into_iter();
+
+        let utxo = $wallet.list_unspent().next();
+
+        let recipients_count = *try_consume_byte!(data_iter) as usize;
+        let mut recipients = Vec::with_capacity(recipients_count);
+        for _ in 0..recipients_count {
+            let spk = consume_spk($data, $wallet);
+            let amount = *try_consume_byte!(data_iter) as u64 * 1_000;
+            let amount = bitcoin::Amount::from_sat(amount);
+            recipients.push((spk, amount));
+        }
+
+        let drain_to = consume_spk($data, $wallet);
+
+        let mut tx_builder = match try_consume_bool!(data_iter) {
+            true => $wallet.build_tx(),
+            false => {
+                // FIXME: (@leonardo) get a randomized txid.
+                let txid = $wallet
+                    .tx_graph()
+                    .full_txs()
+                    .next()
+                    .map(|tx_node| tx_node.txid);
+                match txid {
+                    Some(txid) => match $wallet.build_fee_bump(txid) {
+                        Ok(builder) => builder,
+                        Err(_) => continue,
+                    },
+                    None => continue,
+                }
+            }
+        };
+
+        if try_consume_bool!(data_iter) {
+            let mut rate = *try_consume_byte!(data_iter) as u64;
+            if try_consume_bool!(data_iter) {
+                rate *= 1_000;
+            }
+            let rate =
+                bitcoin::FeeRate::from_sat_per_vb(rate).expect("It should be a valid fee rate.");
+            tx_builder.fee_rate(rate);
+        }
+
+        if try_consume_bool!(data_iter) {
+            let mut fee = *try_consume_byte!(data_iter) as u64;
+            if try_consume_bool!(data_iter) {
+                fee *= 1_000;
+            }
+            let fee = bitcoin::Amount::from_sat(fee);
+            tx_builder.fee_absolute(fee);
+        }
+
+        if try_consume_bool!(data_iter) {
+            if let Some(ref utxo) = utxo {
+                tx_builder
+                    .add_utxo(utxo.outpoint)
+                    .expect("It should be a known UTXO.");
+            }
+        }
+
+        // FIXME: add the fuzzed option for `TxBuilder.add_foreign_utxo`.
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.manually_selected_only();
+        }
+
+        if try_consume_bool!(data_iter) {
+            if let Some(ref utxo) = utxo {
+                tx_builder.add_unspendable(utxo.outpoint);
+            }
+        }
+
+        if try_consume_bool!(data_iter) {
+            let sighash =
+                bitcoin::psbt::PsbtSighashType::from_u32(*try_consume_byte!(data_iter) as u32);
+            tx_builder.sighash(sighash);
+        }
+
+        if try_consume_bool!(data_iter) {
+            let ordering = if try_consume_bool!(data_iter) {
+                TxOrdering::Shuffle
+            } else {
+                TxOrdering::Untouched
+            };
+            tx_builder.ordering(ordering);
+        }
+
+        if try_consume_bool!(data_iter) {
+            let lock_time = try_consume_u32!(data_iter);
+            let lock_time = bitcoin::absolute::LockTime::from_consensus(lock_time);
+            tx_builder.nlocktime(lock_time);
+        }
+
+        if try_consume_bool!(data_iter) {
+            let version = try_consume_u32!(data_iter);
+            tx_builder.version(version as i32);
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.do_not_spend_change();
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.only_spend_change();
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.only_witness_utxo();
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.include_output_redeem_witness_script();
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.add_global_xpubs();
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.drain_wallet();
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.allow_dust(true);
+        }
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.set_recipients(recipients);
+        }
+
+        // FIXME: add the fuzzed option for `TxBuilder.add_data()` method.
+
+        if try_consume_bool!(data_iter) {
+            tx_builder.drain_to(drain_to);
+        }
+
+        tx_builder
+    }};
+}
+
 pub fn consume_txid(data: &mut &[u8]) -> Txid {
     let bytes: [u8; 32] = consume_bytes(data, 32).try_into().unwrap_or([0; 32]);
 
diff --git a/fuzz/src/fuzzed_data_provider.rs b/fuzz/src/fuzzed_data_provider.rs
@@ -64,59 +64,3 @@ pub fn consume_bytes(data: &mut &[u8], num_bytes: usize) -> Vec<u8> {
 
     bytes.to_vec()
 }
-
-pub fn consume_u64(data: &mut &[u8]) -> u64 {
-    // We need at least 8 bytes to read a u64
-    if data.len() < 8 {
-        return 0;
-    }
-
-    let (u64_bytes, rest) = data.split_at(8);
-    *data = rest;
-
-    u64::from_le_bytes([
-        u64_bytes[0],
-        u64_bytes[1],
-        u64_bytes[2],
-        u64_bytes[3],
-        u64_bytes[4],
-        u64_bytes[5],
-        u64_bytes[6],
-        u64_bytes[7],
-    ])
-}
-
-pub fn consume_u32(data: &mut &[u8]) -> u32 {
-    // We need at least 4 bytes to read a u32
-    if data.len() < 4 {
-        return 0;
-    }
-
-    let (u32_bytes, rest) = data.split_at(4);
-    *data = rest;
-
-    u32::from_le_bytes([u32_bytes[0], u32_bytes[1], u32_bytes[2], u32_bytes[3]])
-}
-
-pub fn consume_u8(data: &mut &[u8]) -> u8 {
-    // We need at least 1 byte to read a u8
-    if data.is_empty() {
-        return 0;
-    }
-
-    let (u8_bytes, rest) = data.split_at(1);
-    *data = rest;
-
-    u8::from_le_bytes([u8_bytes[0]])
-}
-
-pub fn consume_bool(data: &mut &[u8]) -> bool {
-    (1 & consume_u8(data)) != 0
-}
-
-pub fn consume_byte(data: &mut &[u8]) -> u8 {
-    let byte = data[0];
-    *data = &data[1..];
-
-    byte
-}
