Tracking fuzzing candidatesΒ #1267
Description
This issue is intended to track good initial fuzzing candidates for payjoin that can best get coverage on our code.
- bitcoin_uri deserialize / serialize roundtrip
- this is really just a good demonstration of the fuzzer and how fuzzing can work in payjoin
- payjoin directory
- Because this is a service exposed to the internet this is an important attack vector to test against
- ohttp-relay
- Similarly to the directory this is also exposed to the internet but has slightly less risk to all users based on its function
- A full payjoin roundtrip
- While a fuzzed integration test is complex it can demonstrate edge cases in the real world ensuring that all steps along the way properly error out when we expect them to
- payjoin-ffi
- while this is an extension of the payjoin crate, I do believe there is some value in exploring some fuzzing here as we may have missed some language specific implementation details