Merge bitcoin/bitcoin#17860: fuzz: BIP 30, CVE-2018-17144

[DashCoreAutoGuix]

Backport of Bitcoin Core PR bitcoin#17860

Original Bitcoin PR: bitcoin#17860

Summary

This backport adds a validation fuzz test for BIP 30 and CVE-2018-17144, along with improvements to the test utility infrastructure.

Changes Included

• fa2d8b61f9 - fuzz: BIP 42, BIP 30, CVE-2018-17144 (MarcoFalke)
• faae7d5c00 - Move LoadVerifyActivateChainstate to ChainTestingSetup (MarcoFalke)
• fa26e3462a - Avoid dereferencing interruption_point if it is nullptr (MarcoFalke)
• fa846ee074 - test: Add util to mine invalid blocks (MarcoFalke)

Dash-Specific Adaptations

• Replaced Bitcoin witness/segwit patterns with Dash's non-segwit approach in test utilities
• Adapted MineBlock() to return COutPoint instead of using witness scripts
• Updated test fixtures to use standard scripts (CScript() << OP_TRUE) instead of P2WSH
• Integrated with Dash's existing chainstate initialization (maintaining EvoDb, masternode components, etc.)
• Preserved Dash's LoadChainstate and VerifyLoadedChainstate function signatures

Files Modified

• src/Makefile.test.include - Added new fuzz test to build system
• src/bench/block_assemble.cpp - Updated to use new MineBlock API
• src/node/coinstats.cpp - Minor path update (kernel/coinstats.cpp)
• src/test/fuzz/tx_pool.cpp - Updated to use new MineBlock API
• src/test/fuzz/utxo_total_supply.cpp - New fuzz test (adapted for Dash)
• src/test/util/mining.cpp - Enhanced block mining utilities with validation state tracking
• src/test/util/mining.h - Updated function signatures
• src/test/util/setup_common.cpp - Added LoadVerifyActivateChainstate() method
• src/test/util/setup_common.h - Updated TestingSetup constructor signature

Testing Notes

• This is a test infrastructure improvement
• New fuzz test validates BIP 30 behavior and CVE-2018-17144 mitigations
• All changes are confined to test code (src/test/ and src/bench/)
• No consensus or production code changes

---

Backport Source: bitcoin/bitcoin@322ec63

[coderabbitai]

Warning

Rate limit exceeded

@DashCoreAutoGuix has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 20 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 54e2588 and 6e6ae95.

📒 Files selected for processing (9)

• src/Makefile.test.include (1 hunks)
• src/bench/block_assemble.cpp (1 hunks)
• src/node/coinstats.cpp (1 hunks)
• src/test/fuzz/tx_pool.cpp (1 hunks)
• src/test/fuzz/utxo_total_supply.cpp (1 hunks)
• src/test/util/mining.cpp (2 hunks)
• src/test/util/mining.h (2 hunks)
• src/test/util/setup_common.cpp (2 hunks)
• src/test/util/setup_common.h (1 hunks)

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch backport-0.25-batch-415-pr-17860

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}