fuzz: sanity check hardcoded snapshot in utxo_snapshot target

darosior · darosior · commit 63b534f97e59 · 2025-02-21T20:55:01.000-05:00
The assumeutxo data for the fuzz target could change and invalidate the hash silently, preventing
the fuzz target from reaching some code paths.

Fix this by sanity checking the snapshot values during initialization.
diff --git a/src/test/fuzz/utxo_snapshot.cpp b/src/test/fuzz/utxo_snapshot.cpp
@@ -7,6 +7,7 @@
 #include <coins.h>
 #include <consensus/consensus.h>
 #include <consensus/validation.h>
+#include <kernel/coinstats.h>
 #include <node/blockstorage.h>
 #include <node/utxo_snapshot.h>
 #include <primitives/block.h>
@@ -39,14 +40,42 @@ using node::SnapshotMetadata;
 namespace {
 
 const std::vector<std::shared_ptr<CBlock>>* g_chain;
-TestingSetup* g_setup;
+TestingSetup* g_setup{nullptr};
+
+/** Sanity check the assumeutxo values hardcoded in chainparams for the fuzz target. */
+void sanity_check_snapshot()
+{
+    Assert(g_chain && g_setup == nullptr);
+
+    // Create a temporary chainstate manager to connect the chain to.
+    const auto tmp_setup{MakeNoLogFileContext<TestingSetup>(ChainType::REGTEST, TestOpts{.setup_net = false})};
+    const auto& node{tmp_setup->m_node};
+    for (auto& block: *g_chain) {
+        ProcessBlock(node, block);
+    }
+
+    // Connect the chain to the tmp chainman and sanity check the chainparams snapshot values.
+    LOCK(cs_main);
+    auto& cs{node.chainman->ActiveChainstate()};
+    cs.ForceFlushStateToDisk();
+    const auto stats{*Assert(kernel::ComputeUTXOStats(kernel::CoinStatsHashType::HASH_SERIALIZED, &cs.CoinsDB(), node.chainman->m_blockman))};
+    const auto cp_au_data{*Assert(node.chainman->GetParams().AssumeutxoForHeight(2 * COINBASE_MATURITY))};
+    Assert(stats.nHeight == cp_au_data.height);
+    Assert(stats.nTransactions + 1 == cp_au_data.m_chain_tx_count); // +1 for the genesis tx.
+    Assert(stats.hashBlock == cp_au_data.blockhash);
+    Assert(AssumeutxoHash{stats.hashSerialized} == cp_au_data.hash_serialized);
+}
 
 template <bool INVALID>
 void initialize_chain()
 {
     const auto params{CreateChainParams(ArgsManager{}, ChainType::REGTEST)};
     static const auto chain{CreateBlockChain(2 * COINBASE_MATURITY, *params)};
     g_chain = &chain;
+
+    // Make sure we can generate a valid snapshot.
+    sanity_check_snapshot();
+
     static const auto setup{
         MakeNoLogFileContext<TestingSetup>(ChainType::REGTEST,
                                            TestOpts{
