diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b6256d4761dc..1b7360faff4d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -132,6 +132,7 @@ builder-image:
       - build-ci/dashcore-$BUILD_TARGET/src/qt/test/test_dash-qt.exe
       - build-ci/dashcore-$BUILD_TARGET/src/test/test_dash
       - build-ci/dashcore-$BUILD_TARGET/src/test/test_dash.exe
+      - build-ci/dashcore-$BUILD_TARGET/src/test/fuzz/*
     expire_in: 3 days
 
 .test-template:
diff --git a/doc/fuzzing.md b/doc/fuzzing.md
index 1d515339fc09..81b67dc5d2b6 100644
--- a/doc/fuzzing.md
+++ b/doc/fuzzing.md
@@ -102,7 +102,7 @@ libFuzzer is needed (all found in the `compiler-rt` runtime libraries package).
 To build all fuzz targets with libFuzzer, run
 
 ```
-./configure --disable-ccache --enable-fuzz --with-sanitizers=fuzzer,address CC=clang CXX=clang++
+./configure --disable-ccache --enable-fuzz --with-sanitizers=fuzzer,address,undefined CC=clang CXX=clang++
 make
 ```
 
diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 8f8dc69c8f4b..a08053982eea 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -8,7 +8,10 @@ FUZZ_TARGETS = \
   test/fuzz/addr_info_deserialize \
   test/fuzz/address_deserialize \
   test/fuzz/addrman_deserialize \
+  test/fuzz/asmap \
+  test/fuzz/asmap_direct \
   test/fuzz/banentry_deserialize \
+  test/fuzz/base_encode_decode \
   test/fuzz/bech32 \
   test/fuzz/block \
   test/fuzz/block_deserialize \
@@ -21,29 +24,45 @@ FUZZ_TARGETS = \
   test/fuzz/blocktransactions_deserialize \
   test/fuzz/blocktransactionsrequest_deserialize \
   test/fuzz/blockundo_deserialize \
+  test/fuzz/bloom_filter \
   test/fuzz/bloomfilter_deserialize \
   test/fuzz/coins_deserialize \
+  test/fuzz/decode_tx \
   test/fuzz/descriptor_parse \
   test/fuzz/diskblockindex_deserialize \
   test/fuzz/eval_script \
   test/fuzz/fee_rate_deserialize \
   test/fuzz/flat_file_pos_deserialize \
+  test/fuzz/float \
+  test/fuzz/hex \
   test/fuzz/integer \
   test/fuzz/inv_deserialize \
+  test/fuzz/key \
   test/fuzz/key_origin_info_deserialize \
+  test/fuzz/locale \
   test/fuzz/merkle_block_deserialize \
   test/fuzz/messageheader_deserialize \
   test/fuzz/netaddr_deserialize \
   test/fuzz/out_point_deserialize \
+  test/fuzz/p2p_transport_deserializer \
+  test/fuzz/parse_hd_keypath \
+  test/fuzz/parse_iso8601 \
+  test/fuzz/parse_numbers \
+  test/fuzz/parse_script \
+  test/fuzz/parse_univalue \
   test/fuzz/partial_merkle_tree_deserialize \
   test/fuzz/partially_signed_transaction_deserialize \
   test/fuzz/prefilled_transaction_deserialize \
   test/fuzz/psbt_input_deserialize \
   test/fuzz/psbt_output_deserialize \
   test/fuzz/pub_key_deserialize \
+  test/fuzz/rolling_bloom_filter \
+  test/fuzz/script \
   test/fuzz/script_deserialize \
   test/fuzz/script_flags \
   test/fuzz/service_deserialize \
+  test/fuzz/spanparsing \
+  test/fuzz/strprintf \
   test/fuzz/sub_net_deserialize \
   test/fuzz/transaction \
   test/fuzz/tx_in \
@@ -88,7 +107,8 @@ BITCOIN_TEST_SUITE = \
 FUZZ_SUITE = \
   test/fuzz/fuzz.cpp \
   test/fuzz/fuzz.h \
-  test/fuzz/FuzzedDataProvider.h
+  test/fuzz/FuzzedDataProvider.h \
+  test/fuzz/util.h
 
 FUZZ_SUITE_LD_COMMON = \
  $(LIBBITCOIN_SERVER) \
@@ -98,6 +118,7 @@ FUZZ_SUITE_LD_COMMON = \
  $(LIBBITCOIN_CONSENSUS) \
  $(LIBBITCOIN_CRYPTO) \
  $(LIBBITCOIN_WALLET) \
+ $(LIBBITCOIN_CLI) \
  $(BDB_LIBS) \
  $(LIBUNIVALUE) \
  $(LIBLEVELDB) \
@@ -272,6 +293,18 @@ test_fuzz_addrman_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_addrman_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_addrman_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_asmap_SOURCES = $(FUZZ_SUITE) test/fuzz/asmap.cpp
+test_fuzz_asmap_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_asmap_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_asmap_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_asmap_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
+test_fuzz_asmap_direct_SOURCES = $(FUZZ_SUITE) test/fuzz/asmap_direct.cpp
+test_fuzz_asmap_direct_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_asmap_direct_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_asmap_direct_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_asmap_direct_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_blockheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_blockheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKHEADER_DESERIALIZE=1
 test_fuzz_blockheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -290,6 +323,12 @@ test_fuzz_bech32_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_bech32_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_bech32_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_base_encode_decode_SOURCES = $(FUZZ_SUITE) test/fuzz/base_encode_decode.cpp
+test_fuzz_base_encode_decode_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_base_encode_decode_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_base_encode_decode_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_base_encode_decode_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_txundo_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_txundo_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DTXUNDO_DESERIALIZE=1
 test_fuzz_txundo_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -302,12 +341,30 @@ test_fuzz_blockundo_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_blockundo_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_blockundo_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_bloom_filter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_bloom_filter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_bloom_filter_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_bloom_filter_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_bloom_filter_SOURCES = $(FUZZ_SUITE) test/fuzz/bloom_filter.cpp
+
+test_fuzz_bloomfilter_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
+test_fuzz_bloomfilter_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOOMFILTER_DESERIALIZE=1
+test_fuzz_bloomfilter_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_bloomfilter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_bloomfilter_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_coins_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_coins_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DCOINS_DESERIALIZE=1
 test_fuzz_coins_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_coins_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_coins_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_decode_tx_SOURCES = $(FUZZ_SUITE) test/fuzz/decode_tx.cpp
+test_fuzz_decode_tx_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_decode_tx_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_decode_tx_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_decode_tx_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_descriptor_parse_SOURCES = $(FUZZ_SUITE) test/fuzz/descriptor_parse.cpp
 test_fuzz_descriptor_parse_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_descriptor_parse_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -320,6 +377,18 @@ test_fuzz_netaddr_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_netaddr_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_netaddr_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_parse_iso8601_SOURCES = $(FUZZ_SUITE) test/fuzz/parse_iso8601.cpp
+test_fuzz_parse_iso8601_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_parse_iso8601_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_parse_iso8601_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_parse_iso8601_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
+test_fuzz_script_SOURCES = $(FUZZ_SUITE) test/fuzz/script.cpp
+test_fuzz_script_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_script_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_script_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_script_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_script_flags_SOURCES = $(FUZZ_SUITE) test/fuzz/script_flags.cpp
 test_fuzz_script_flags_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_script_flags_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -332,6 +401,12 @@ test_fuzz_service_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_spanparsing_SOURCES = $(FUZZ_SUITE) test/fuzz/spanparsing.cpp
+test_fuzz_spanparsing_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_spanparsing_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_spanparsing_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_messageheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_messageheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DMESSAGEHEADER_DESERIALIZE=1
 test_fuzz_messageheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -344,18 +419,18 @@ test_fuzz_address_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_address_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_address_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_hex_SOURCES = $(FUZZ_SUITE) test/fuzz/hex.cpp
+test_fuzz_hex_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_hex_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_hex_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_hex_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_inv_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_inv_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DINV_DESERIALIZE=1
 test_fuzz_inv_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_inv_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_inv_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
-test_fuzz_bloomfilter_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
-test_fuzz_bloomfilter_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOOMFILTER_DESERIALIZE=1
-test_fuzz_bloomfilter_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
-test_fuzz_bloomfilter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
-test_fuzz_bloomfilter_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
-
 test_fuzz_diskblockindex_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_diskblockindex_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DDISKBLOCKINDEX_DESERIALIZE=1
 test_fuzz_diskblockindex_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -434,12 +509,30 @@ test_fuzz_flat_file_pos_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_flat_file_pos_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_flat_file_pos_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_float_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_float_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_float_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_float_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_float_SOURCES = $(FUZZ_SUITE) test/fuzz/float.cpp
+
+test_fuzz_key_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_key_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_key_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_key_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_key_SOURCES = $(FUZZ_SUITE) test/fuzz/key.cpp
+
 test_fuzz_key_origin_info_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_key_origin_info_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DKEY_ORIGIN_INFO_DESERIALIZE=1
 test_fuzz_key_origin_info_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_key_origin_info_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_key_origin_info_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_locale_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_locale_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_locale_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_locale_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_locale_SOURCES = $(FUZZ_SUITE) test/fuzz/locale.cpp
+
 test_fuzz_merkle_block_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_merkle_block_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DMERKLE_BLOCK_DESERIALIZE=1
 test_fuzz_merkle_block_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -452,6 +545,12 @@ test_fuzz_out_point_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_out_point_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_out_point_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_p2p_transport_deserializer_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_p2p_transport_deserializer_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_p2p_transport_deserializer_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_p2p_transport_deserializer_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_p2p_transport_deserializer_SOURCES = $(FUZZ_SUITE) test/fuzz/p2p_transport_deserializer.cpp
+
 test_fuzz_partially_signed_transaction_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_partially_signed_transaction_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DPARTIALLY_SIGNED_TRANSACTION_DESERIALIZE=1
 test_fuzz_partially_signed_transaction_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -488,12 +587,24 @@ test_fuzz_pub_key_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_pub_key_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_pub_key_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_rolling_bloom_filter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_rolling_bloom_filter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_rolling_bloom_filter_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_rolling_bloom_filter_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_rolling_bloom_filter_SOURCES = $(FUZZ_SUITE) test/fuzz/rolling_bloom_filter.cpp
+
 test_fuzz_script_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_script_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSCRIPT_DESERIALIZE=1
 test_fuzz_script_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_script_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_script_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_strprintf_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_strprintf_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_strprintf_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_strprintf_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_strprintf_SOURCES = $(FUZZ_SUITE) test/fuzz/strprintf.cpp
+
 test_fuzz_sub_net_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_sub_net_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSUB_NET_DESERIALIZE=1
 test_fuzz_sub_net_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
@@ -509,15 +620,39 @@ test_fuzz_tx_in_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_tx_in_SOURCES = $(FUZZ_SUITE) test/fuzz/tx_in.cpp
 test_fuzz_tx_in_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_tx_in_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
-test_fuzz_tx_in_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_tx_in_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_tx_in_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
 test_fuzz_tx_out_SOURCES = $(FUZZ_SUITE) test/fuzz/tx_out.cpp
 test_fuzz_tx_out_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_tx_out_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
-test_fuzz_tx_out_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_tx_out_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_tx_out_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_parse_hd_keypath_SOURCES = $(FUZZ_SUITE) test/fuzz/parse_hd_keypath.cpp
+test_fuzz_parse_hd_keypath_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_parse_hd_keypath_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_parse_hd_keypath_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_parse_hd_keypath_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
+test_fuzz_parse_script_SOURCES = $(FUZZ_SUITE) test/fuzz/parse_script.cpp
+test_fuzz_parse_script_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_parse_script_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_parse_script_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_parse_script_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
+test_fuzz_parse_numbers_SOURCES = $(FUZZ_SUITE) test/fuzz/parse_numbers.cpp
+test_fuzz_parse_numbers_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_parse_numbers_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_parse_numbers_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_parse_numbers_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
+test_fuzz_parse_univalue_SOURCES = $(FUZZ_SUITE) test/fuzz/parse_univalue.cpp
+test_fuzz_parse_univalue_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_parse_univalue_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_parse_univalue_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_parse_univalue_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 endif # ENABLE_FUZZ
 
 nodist_test_test_dash_SOURCES = $(GENERATED_TEST_FILES)
diff --git a/src/addrman.cpp b/src/addrman.cpp
index b548a7872a92..c4ba414ccef6 100644
--- a/src/addrman.cpp
+++ b/src/addrman.cpp
@@ -680,5 +680,9 @@ std::vector<bool> CAddrMan::DecodeAsmap(fs::path path)
             bits.push_back((cur_byte >> bit) & 1);
         }
     }
+    if (!SanityCheckASMap(bits)) {
+        LogPrintf("Sanity check of asmap file %s failed\n", path);
+        return {};
+    }
     return bits;
 }
diff --git a/src/indirectmap.h b/src/indirectmap.h
index 76da4a6bd557..417d500bd46d 100644
--- a/src/indirectmap.h
+++ b/src/indirectmap.h
@@ -5,6 +5,8 @@
 #ifndef BITCOIN_INDIRECTMAP_H
 #define BITCOIN_INDIRECTMAP_H
 
+#include <map>
+
 template <class T>
 struct DereferencingComparator { bool operator()(const T a, const T b) const { return *a < *b; } };
 
diff --git a/src/memusage.h b/src/memusage.h
index d489a4a3b5b6..c25bdf66c6d7 100644
--- a/src/memusage.h
+++ b/src/memusage.h
@@ -6,9 +6,11 @@
 #define BITCOIN_MEMUSAGE_H
 
 #include <indirectmap.h>
+#include <prevector.h>
 
 #include <stdlib.h>
 
+#include <cassert>
 #include <map>
 #include <memory>
 #include <set>
diff --git a/src/netaddress.cpp b/src/netaddress.cpp
index e0dce09fcc19..701f0286ad43 100644
--- a/src/netaddress.cpp
+++ b/src/netaddress.cpp
@@ -1095,3 +1095,8 @@ bool operator<(const CSubNet& a, const CSubNet& b)
 {
     return (a.network < b.network || (a.network == b.network && memcmp(a.netmask, b.netmask, 16) < 0));
 }
+
+bool SanityCheckASMap(const std::vector<bool>& asmap)
+{
+    return SanityCheckASMap(asmap, 128); // For IP address lookups, the input is 128 bits
+}
diff --git a/src/netaddress.h b/src/netaddress.h
index 7347f4be8d93..ab688656c936 100644
--- a/src/netaddress.h
+++ b/src/netaddress.h
@@ -146,7 +146,6 @@ class CNetAddr
          */
         void SetLegacyIPv6(Span<const uint8_t> ipv6);
 
-    private:
         /**
          * Set raw IPv4 or IPv6 address (in network byte order)
          * @note Only NET_IPV4 and NET_IPV6 are allowed for network.
@@ -531,4 +530,6 @@ class CService : public CNetAddr
         }
 };
 
+bool SanityCheckASMap(const std::vector<bool>& asmap);
+
 #endif // BITCOIN_NETADDRESS_H
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index e871fc4f8589..aac8520bf8cc 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -1437,16 +1437,30 @@ uint256 GetOutputsHash(const T& txTo)
 } // namespace
 
 template <class T>
-PrecomputedTransactionData::PrecomputedTransactionData(const T& txTo)
+void PrecomputedTransactionData::Init(const T& txTo, std::vector<CTxOut>&& spent_outputs)
 {
+    assert(!m_ready);
+
+    m_spent_outputs = std::move(spent_outputs);
+
     hashPrevouts = GetPrevoutHash(txTo);
     hashSequence = GetSequenceHash(txTo);
     hashOutputs = GetOutputsHash(txTo);
+
+    m_ready = true;
+}
+
+template <class T>
+PrecomputedTransactionData::PrecomputedTransactionData(const T& txTo)
+{
+    Init(txTo, {});
 }
 
 // explicit instantiation
 template PrecomputedTransactionData::PrecomputedTransactionData(const CTransaction& txTo);
 template PrecomputedTransactionData::PrecomputedTransactionData(const CMutableTransaction& txTo);
+template void PrecomputedTransactionData::Init(const CTransaction& txTo, std::vector<CTxOut>&& spent_outputs);
+template void PrecomputedTransactionData::Init(const CMutableTransaction& txTo, std::vector<CTxOut>&& spent_outputs);
 
 template <class T>
 uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn, int nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache)
diff --git a/src/script/interpreter.h b/src/script/interpreter.h
index e0977f4a16f7..929e50275dc2 100644
--- a/src/script/interpreter.h
+++ b/src/script/interpreter.h
@@ -15,6 +15,7 @@
 class CPubKey;
 class CScript;
 class CTransaction;
+class CTxOut;
 class uint256;
 
 /** Signature hash types/flags */
@@ -108,6 +109,13 @@ bool CheckSignatureEncoding(const std::vector<unsigned char> &vchSig, unsigned i
 struct PrecomputedTransactionData
 {
     uint256 hashPrevouts, hashSequence, hashOutputs;
+    bool m_ready = false;
+    std::vector<CTxOut> m_spent_outputs;
+
+    PrecomputedTransactionData() = default;
+
+    template <class T>
+    void Init(const T& tx, std::vector<CTxOut>&& spent_outputs);
 
     template <class T>
     explicit PrecomputedTransactionData(const T& tx);
diff --git a/src/test/fuzz/FuzzedDataProvider.h b/src/test/fuzz/FuzzedDataProvider.h
index 36907de14f6e..07fe78b2f489 100644
--- a/src/test/fuzz/FuzzedDataProvider.h
+++ b/src/test/fuzz/FuzzedDataProvider.h
@@ -13,11 +13,10 @@
 #ifndef LLVM_FUZZER_FUZZED_DATA_PROVIDER_H_
 #define LLVM_FUZZER_FUZZED_DATA_PROVIDER_H_
 
-#include <limits.h>
-#include <stddef.h>
-#include <stdint.h>
-
 #include <algorithm>
+#include <climits>
+#include <cstddef>
+#include <cstdint>
 #include <cstring>
 #include <initializer_list>
 #include <limits>
@@ -26,8 +25,10 @@
 #include <utility>
 #include <vector>
 
+// In addition to the comments below, the API is also briefly documented at
+// https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider
 class FuzzedDataProvider {
-public:
+ public:
   // |data| is an array of length |size| that the FuzzedDataProvider wraps to
   // provide more granular access. |data| must outlive the FuzzedDataProvider.
   FuzzedDataProvider(const uint8_t *data, size_t size)
@@ -144,9 +145,9 @@ class FuzzedDataProvider {
     return ConsumeBytes<T>(remaining_bytes_);
   }
 
+  // Returns a std::string containing all remaining bytes of the input data.
   // Prefer using |ConsumeRemainingBytes| unless you actually need a std::string
   // object.
-  // Returns a std::vector containing all remaining bytes of the input data.
   std::string ConsumeRemainingBytesAsString() {
     return ConsumeBytesAsString(remaining_bytes_);
   }
@@ -162,7 +163,7 @@ class FuzzedDataProvider {
   // Reads one byte and returns a bool, or false when no data remains.
   bool ConsumeBool() { return 1 & ConsumeIntegral<uint8_t>(); }
 
-  // Returns a copy of a value selected from a fixed-size |array|.
+  // Returns a copy of the value selected from the given fixed-size |array|.
   template <typename T, size_t size>
   T PickValueInArray(const T (&array)[size]) {
     static_assert(size > 0, "The array must be non empty.");
@@ -171,11 +172,14 @@ class FuzzedDataProvider {
 
   template <typename T>
   T PickValueInArray(std::initializer_list<const T> list) {
-    // static_assert(list.size() > 0, "The array must be non empty.");
+    // TODO(Dor1s): switch to static_assert once C++14 is allowed.
+    if (!list.size())
+      abort();
+
     return *(list.begin() + ConsumeIntegralInRange<size_t>(0, list.size() - 1));
   }
 
-  // Return an enum value. The enum must start at 0 and be contiguous. It must
+  // Returns an enum value. The enum must start at 0 and be contiguous. It must
   // also contain |kMaxValue| aliased to its largest (inclusive) value. Such as:
   // enum class Foo { SomeValue, OtherValue, kMaxValue = OtherValue };
   template <typename T> T ConsumeEnum() {
@@ -184,10 +188,60 @@ class FuzzedDataProvider {
         0, static_cast<uint32_t>(T::kMaxValue)));
   }
 
+  // Returns a floating point number in the range [0.0, 1.0]. If there's no
+  // input data left, always returns 0.
+  template <typename T> T ConsumeProbability() {
+    static_assert(std::is_floating_point<T>::value,
+                  "A floating point type is required.");
+
+    // Use different integral types for different floating point types in order
+    // to provide better density of the resulting values.
+    using IntegralType =
+        typename std::conditional<(sizeof(T) <= sizeof(uint32_t)), uint32_t,
+                                  uint64_t>::type;
+
+    T result = static_cast<T>(ConsumeIntegral<IntegralType>());
+    result /= static_cast<T>(std::numeric_limits<IntegralType>::max());
+    return result;
+  }
+
+  // Returns a floating point value in the range [Type's lowest, Type's max] by
+  // consuming bytes from the input data. If there's no input data left, always
+  // returns approximately 0.
+  template <typename T> T ConsumeFloatingPoint() {
+    return ConsumeFloatingPointInRange<T>(std::numeric_limits<T>::lowest(),
+                                          std::numeric_limits<T>::max());
+  }
+
+  // Returns a floating point value in the given range by consuming bytes from
+  // the input data. If there's no input data left, returns |min|. Note that
+  // |min| must be less than or equal to |max|.
+  template <typename T> T ConsumeFloatingPointInRange(T min, T max) {
+    if (min > max)
+      abort();
+
+    T range = .0;
+    T result = min;
+    constexpr T zero(.0);
+    if (max > zero && min < zero && max > min + std::numeric_limits<T>::max()) {
+      // The diff |max - min| would overflow the given floating point type. Use
+      // the half of the diff as the range and consume a bool to decide whether
+      // the result is in the first of the second part of the diff.
+      range = (max / 2.0) - (min / 2.0);
+      if (ConsumeBool()) {
+        result += range;
+      }
+    } else {
+      range = max - min;
+    }
+
+    return result + range * ConsumeProbability<T>();
+  }
+
   // Reports the remaining bytes available for fuzzed input.
   size_t remaining_bytes() { return remaining_bytes_; }
 
-private:
+ private:
   FuzzedDataProvider(const FuzzedDataProvider &) = delete;
   FuzzedDataProvider &operator=(const FuzzedDataProvider &) = delete;
 
@@ -210,6 +264,12 @@ class FuzzedDataProvider {
     // which seems to be a natural choice for other implementations as well.
     // To increase the odds even more, we also call |shrink_to_fit| below.
     std::vector<T> result(size);
+    if (size == 0) {
+      if (num_bytes_to_consume != 0)
+        abort();
+      return result;
+    }
+
     std::memcpy(result.data(), data_ptr_, num_bytes_to_consume);
     Advance(num_bytes_to_consume);
 
@@ -231,9 +291,9 @@ class FuzzedDataProvider {
 
     // Avoid using implementation-defined unsigned to signer conversions.
     // To learn more, see https://stackoverflow.com/questions/13150449.
-    if (value <= std::numeric_limits<TS>::max())
+    if (value <= std::numeric_limits<TS>::max()) {
       return static_cast<TS>(value);
-    else {
+    } else {
       constexpr auto TS_min = std::numeric_limits<TS>::min();
       return TS_min + static_cast<char>(value - TS_min);
     }
diff --git a/src/test/fuzz/asmap.cpp b/src/test/fuzz/asmap.cpp
new file mode 100644
index 000000000000..18478c43dd07
--- /dev/null
+++ b/src/test/fuzz/asmap.cpp
@@ -0,0 +1,60 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <netaddress.h>
+#include <test/fuzz/fuzz.h>
+#include <util/asmap.h>
+
+#include <cstdint>
+#include <vector>
+
+//! asmap code that consumes nothing
+static const std::vector<bool> IPV6_PREFIX_ASMAP = {};
+
+//! asmap code that consumes the 96 prefix bits of ::ffff:0/96 (IPv4-in-IPv6 map)
+static const std::vector<bool> IPV4_PREFIX_ASMAP = {
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
+    true, true, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true,         // Match 0xFF
+    true, true, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true          // Match 0xFF
+};
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    // Encoding: [7 bits: asmap size] [1 bit: ipv6?] [3-130 bytes: asmap] [4 or 16 bytes: addr]
+    if (buffer.size() < 1 + 3 + 4) return;
+    int asmap_size = 3 + (buffer[0] & 127);
+    bool ipv6 = buffer[0] & 128;
+    const size_t addr_size = ipv6 ? ADDR_IPV6_SIZE : ADDR_IPV4_SIZE;
+    if (buffer.size() < size_t(1 + asmap_size + addr_size)) return;
+    std::vector<bool> asmap = ipv6 ? IPV6_PREFIX_ASMAP : IPV4_PREFIX_ASMAP;
+    asmap.reserve(asmap.size() + 8 * asmap_size);
+    for (int i = 0; i < asmap_size; ++i) {
+        for (int j = 0; j < 8; ++j) {
+            asmap.push_back((buffer[1 + i] >> j) & 1);
+        }
+    }
+    if (!SanityCheckASMap(asmap, 128)) return;
+
+    const uint8_t* addr_data = buffer.data() + 1 + asmap_size;
+    CNetAddr net_addr;
+    if (ipv6) {
+        assert(addr_size == ADDR_IPV6_SIZE);
+        net_addr.SetLegacyIPv6({addr_data, addr_size});
+    } else {
+        assert(addr_size == ADDR_IPV4_SIZE);
+        in_addr ipv4;
+        memcpy(&ipv4, addr_data, addr_size);
+        net_addr.SetIP(CNetAddr{ipv4});
+    }
+    (void)net_addr.GetMappedAS(asmap);
+}
diff --git a/src/test/fuzz/asmap_direct.cpp b/src/test/fuzz/asmap_direct.cpp
new file mode 100644
index 000000000000..790f80237d1f
--- /dev/null
+++ b/src/test/fuzz/asmap_direct.cpp
@@ -0,0 +1,46 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <util/asmap.h>
+#include <test/fuzz/fuzz.h>
+
+#include <cstdint>
+#include <vector>
+
+#include <assert.h>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    // Encoding: [asmap using 1 bit / byte] 0xFF [addr using 1 bit / byte]
+    bool have_sep = false;
+    size_t sep_pos;
+    for (size_t pos = 0; pos < buffer.size(); ++pos) {
+        uint8_t x = buffer[pos];
+        if ((x & 0xFE) == 0) continue;
+        if (x == 0xFF) {
+            if (have_sep) return;
+            have_sep = true;
+            sep_pos = pos;
+        } else {
+            return;
+        }
+    }
+    if (!have_sep) return; // Needs exactly 1 separator
+    if (buffer.size() - sep_pos - 1 > 128) return; // At most 128 bits in IP address
+
+    // Checks on asmap
+    std::vector<bool> asmap(buffer.begin(), buffer.begin() + sep_pos);
+    if (SanityCheckASMap(asmap, buffer.size() - 1 - sep_pos)) {
+        // Verify that for valid asmaps, no prefix (except up to 7 zero padding bits) is valid.
+        std::vector<bool> asmap_prefix = asmap;
+        while (!asmap_prefix.empty() && asmap_prefix.size() + 7 > asmap.size() && asmap_prefix.back() == false) asmap_prefix.pop_back();
+        while (!asmap_prefix.empty()) {
+            asmap_prefix.pop_back();
+            assert(!SanityCheckASMap(asmap_prefix, buffer.size() - 1 - sep_pos));
+        }
+        // No address input should trigger assertions in interpreter
+        std::vector<bool> addr(buffer.begin() + sep_pos + 1, buffer.end());
+        (void)Interpret(asmap, addr);
+    }
+}
diff --git a/src/test/fuzz/base_encode_decode.cpp b/src/test/fuzz/base_encode_decode.cpp
new file mode 100644
index 000000000000..02bac68c9364
--- /dev/null
+++ b/src/test/fuzz/base_encode_decode.cpp
@@ -0,0 +1,47 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/fuzz.h>
+
+#include <base58.h>
+#include <util/string.h>
+#include <util/strencodings.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string random_encoded_string(buffer.begin(), buffer.end());
+
+    std::vector<unsigned char> decoded;
+    if (DecodeBase58(random_encoded_string, decoded)) {
+        const std::string encoded_string = EncodeBase58(decoded);
+        assert(encoded_string == TrimString(encoded_string));
+        assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string)));
+    }
+
+    if (DecodeBase58Check(random_encoded_string, decoded)) {
+        const std::string encoded_string = EncodeBase58Check(decoded);
+        assert(encoded_string == TrimString(encoded_string));
+        assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string)));
+    }
+
+    bool pf_invalid;
+    std::string decoded_string = DecodeBase32(random_encoded_string, &pf_invalid);
+    if (!pf_invalid) {
+        const std::string encoded_string = EncodeBase32(decoded_string);
+        assert(encoded_string == TrimString(encoded_string));
+        assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string)));
+    }
+
+    decoded_string = DecodeBase64(random_encoded_string, &pf_invalid);
+    if (!pf_invalid) {
+        const std::string encoded_string = EncodeBase64(decoded_string);
+        assert(encoded_string == TrimString(encoded_string));
+        assert(ToLower(encoded_string) == ToLower(TrimString(random_encoded_string)));
+    }
+}
diff --git a/src/test/fuzz/bloom_filter.cpp b/src/test/fuzz/bloom_filter.cpp
new file mode 100644
index 000000000000..b78744d9df02
--- /dev/null
+++ b/src/test/fuzz/bloom_filter.cpp
@@ -0,0 +1,80 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <bloom.h>
+#include <optional.h>
+#include <primitives/transaction.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <uint256.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    CBloomFilter bloom_filter{
+        fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 10000000),
+        1.0 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max()),
+        fuzzed_data_provider.ConsumeIntegral<unsigned int>(),
+        static_cast<unsigned char>(fuzzed_data_provider.PickValueInArray({BLOOM_UPDATE_NONE, BLOOM_UPDATE_ALL, BLOOM_UPDATE_P2PUBKEY_ONLY, BLOOM_UPDATE_MASK}))};
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 6)) {
+        case 0: {
+            const std::vector<unsigned char>& b = ConsumeRandomLengthByteVector(fuzzed_data_provider);
+            (void)bloom_filter.contains(b);
+            bloom_filter.insert(b);
+            const bool present = bloom_filter.contains(b);
+            assert(present);
+            break;
+        }
+        case 1: {
+            const Optional<COutPoint> out_point = ConsumeDeserializable<COutPoint>(fuzzed_data_provider);
+            if (!out_point) {
+                break;
+            }
+            (void)bloom_filter.contains(*out_point);
+            bloom_filter.insert(*out_point);
+            const bool present = bloom_filter.contains(*out_point);
+            assert(present);
+            break;
+        }
+        case 2: {
+            const Optional<uint256> u256 = ConsumeDeserializable<uint256>(fuzzed_data_provider);
+            if (!u256) {
+                break;
+            }
+            (void)bloom_filter.contains(*u256);
+            bloom_filter.insert(*u256);
+            const bool present = bloom_filter.contains(*u256);
+            assert(present);
+            break;
+        }
+        case 3:
+            bloom_filter.clear();
+            break;
+        case 4:
+            bloom_filter.reset(fuzzed_data_provider.ConsumeIntegral<unsigned int>());
+            break;
+        case 5: {
+            const Optional<CMutableTransaction> mut_tx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
+            if (!mut_tx) {
+                break;
+            }
+            const CTransaction tx{*mut_tx};
+            (void)bloom_filter.IsRelevantAndUpdate(tx);
+            break;
+        }
+        case 6:
+            bloom_filter.UpdateEmptyFull();
+            break;
+        }
+        (void)bloom_filter.IsWithinSizeConstraints();
+    }
+}
diff --git a/src/test/fuzz/decode_tx.cpp b/src/test/fuzz/decode_tx.cpp
new file mode 100644
index 000000000000..fe18c3ade091
--- /dev/null
+++ b/src/test/fuzz/decode_tx.cpp
@@ -0,0 +1,21 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <core_io.h>
+#include <primitives/transaction.h>
+#include <test/fuzz/fuzz.h>
+#include <util/strencodings.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string tx_hex = HexStr(std::string{buffer.begin(), buffer.end()});
+    CMutableTransaction mtx;
+    const bool result_none = DecodeHexTx(mtx, tx_hex);
+    assert(!result_none);
+}
diff --git a/src/test/fuzz/float.cpp b/src/test/fuzz/float.cpp
new file mode 100644
index 000000000000..a24bae5b35d0
--- /dev/null
+++ b/src/test/fuzz/float.cpp
@@ -0,0 +1,42 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <memusage.h>
+#include <serialize.h>
+#include <streams.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <version.h>
+
+#include <cassert>
+#include <cstdint>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    {
+        const double d = fuzzed_data_provider.ConsumeFloatingPoint<double>();
+        (void)memusage::DynamicUsage(d);
+        assert(ser_uint64_to_double(ser_double_to_uint64(d)) == d);
+
+        CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
+        stream << d;
+        double d_deserialized;
+        stream >> d_deserialized;
+        assert(d == d_deserialized);
+    }
+
+    {
+        const float f = fuzzed_data_provider.ConsumeFloatingPoint<float>();
+        (void)memusage::DynamicUsage(f);
+        assert(ser_uint32_to_float(ser_float_to_uint32(f)) == f);
+
+        CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
+        stream << f;
+        float f_deserialized;
+        stream >> f_deserialized;
+        assert(f == f_deserialized);
+    }
+}
diff --git a/src/test/fuzz/hex.cpp b/src/test/fuzz/hex.cpp
new file mode 100644
index 000000000000..54693180be1f
--- /dev/null
+++ b/src/test/fuzz/hex.cpp
@@ -0,0 +1,22 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/fuzz.h>
+
+#include <util/strencodings.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string random_hex_string(buffer.begin(), buffer.end());
+    const std::vector<unsigned char> data = ParseHex(random_hex_string);
+    const std::string hex_data = HexStr(data);
+    if (IsHex(random_hex_string)) {
+        assert(ToLower(random_hex_string) == hex_data);
+    }
+}
diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp
index 997911e39365..d7b91423bd7c 100644
--- a/src/test/fuzz/integer.cpp
+++ b/src/test/fuzz/integer.cpp
@@ -19,12 +19,14 @@
 #include <script/sign.h>
 #include <script/standard.h>
 #include <serialize.h>
+#include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <uint256.h>
 #include <util/strencodings.h>
 #include <util/system.h>
 #include <util/time.h>
+#include <version.h>
 
 #include <cassert>
 #include <limits>
@@ -54,6 +56,7 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     // We cannot assume a specific value of std::is_signed<char>::value:
     // ConsumeIntegral<char>() instead of casting from {u,}int8_t.
     const char ch = fuzzed_data_provider.ConsumeIntegral<char>();
+    const bool b = fuzzed_data_provider.ConsumeBool();
 
     const Consensus::Params& consensus_params = Params().GetConsensus();
     (void)CheckProofOfWork(u256, u32, consensus_params);
@@ -119,4 +122,68 @@ void test_one_input(const std::vector<uint8_t>& buffer)
         (void)GetScriptForDestination(destination);
         (void)IsValidDestination(destination);
     }
+
+    {
+        CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
+
+        uint256 deserialized_u256;
+        stream << u256;
+        stream >> deserialized_u256;
+        assert(u256 == deserialized_u256 && stream.empty());
+
+        uint160 deserialized_u160;
+        stream << u160;
+        stream >> deserialized_u160;
+        assert(u160 == deserialized_u160 && stream.empty());
+
+        uint64_t deserialized_u64;
+        stream << u64;
+        stream >> deserialized_u64;
+        assert(u64 == deserialized_u64 && stream.empty());
+
+        int64_t deserialized_i64;
+        stream << i64;
+        stream >> deserialized_i64;
+        assert(i64 == deserialized_i64 && stream.empty());
+
+        uint32_t deserialized_u32;
+        stream << u32;
+        stream >> deserialized_u32;
+        assert(u32 == deserialized_u32 && stream.empty());
+
+        int32_t deserialized_i32;
+        stream << i32;
+        stream >> deserialized_i32;
+        assert(i32 == deserialized_i32 && stream.empty());
+
+        uint16_t deserialized_u16;
+        stream << u16;
+        stream >> deserialized_u16;
+        assert(u16 == deserialized_u16 && stream.empty());
+
+        int16_t deserialized_i16;
+        stream << i16;
+        stream >> deserialized_i16;
+        assert(i16 == deserialized_i16 && stream.empty());
+
+        uint8_t deserialized_u8;
+        stream << u8;
+        stream >> deserialized_u8;
+        assert(u8 == deserialized_u8 && stream.empty());
+
+        int8_t deserialized_i8;
+        stream << i8;
+        stream >> deserialized_i8;
+        assert(i8 == deserialized_i8 && stream.empty());
+
+        char deserialized_ch;
+        stream << ch;
+        stream >> deserialized_ch;
+        assert(ch == deserialized_ch && stream.empty());
+
+        bool deserialized_b;
+        stream << b;
+        stream >> deserialized_b;
+        assert(b == deserialized_b && stream.empty());
+    }
 }
diff --git a/src/test/fuzz/key.cpp b/src/test/fuzz/key.cpp
new file mode 100644
index 000000000000..111235df4beb
--- /dev/null
+++ b/src/test/fuzz/key.cpp
@@ -0,0 +1,259 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chainparams.h>
+#include <chainparamsbase.h>
+#include <key.h>
+#include <key_io.h>
+#include <policy/policy.h>
+#include <pubkey.h>
+#include <rpc/util.h>
+#include <script/script.h>
+#include <script/sign.h>
+#include <script/standard.h>
+#include <streams.h>
+#include <test/fuzz/fuzz.h>
+#include <util/memory.h>
+#include <util/strencodings.h>
+
+#include <cassert>
+#include <cstdint>
+#include <numeric>
+#include <string>
+#include <vector>
+
+void initialize()
+{
+    static const ECCVerifyHandle ecc_verify_handle;
+    ECC_Start();
+    SelectParams(CBaseChainParams::REGTEST);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const CKey key = [&] {
+        CKey k;
+        k.Set(buffer.begin(), buffer.end(), true);
+        return k;
+    }();
+    if (!key.IsValid()) {
+        return;
+    }
+
+    {
+        assert(key.begin() + key.size() == key.end());
+        assert(key.IsCompressed());
+        assert(key.size() == 32);
+        assert(DecodeSecret(EncodeSecret(key)) == key);
+    }
+
+    {
+        CKey invalid_key;
+        assert(!(invalid_key == key));
+        assert(!invalid_key.IsCompressed());
+        assert(!invalid_key.IsValid());
+        assert(invalid_key.size() == 0);
+    }
+
+    {
+        CKey uncompressed_key;
+        uncompressed_key.Set(buffer.begin(), buffer.end(), false);
+        assert(!(uncompressed_key == key));
+        assert(!uncompressed_key.IsCompressed());
+        assert(key.size() == 32);
+        assert(uncompressed_key.begin() + uncompressed_key.size() == uncompressed_key.end());
+        assert(uncompressed_key.IsValid());
+    }
+
+    {
+        CKey copied_key;
+        copied_key.Set(key.begin(), key.end(), key.IsCompressed());
+        assert(copied_key == key);
+    }
+
+    {
+        CKey negated_key = key;
+        negated_key.Negate();
+        assert(negated_key.IsValid());
+        assert(!(negated_key == key));
+
+        negated_key.Negate();
+        assert(negated_key == key);
+    }
+
+    const uint256 random_uint256 = Hash(buffer.begin(), buffer.end());
+
+    {
+        CKey child_key;
+        ChainCode child_chaincode;
+        const bool ok = key.Derive(child_key, child_chaincode, 0, random_uint256);
+        assert(ok);
+        assert(child_key.IsValid());
+        assert(!(child_key == key));
+        assert(child_chaincode != random_uint256);
+    }
+
+    const CPubKey pubkey = key.GetPubKey();
+
+    {
+        assert(pubkey.size() == 33);
+        assert(key.VerifyPubKey(pubkey));
+        assert(pubkey.GetHash() != random_uint256);
+        assert(pubkey.begin() + pubkey.size() == pubkey.end());
+        assert(pubkey.data() == pubkey.begin());
+        assert(pubkey.IsCompressed());
+        assert(pubkey.IsValid());
+        assert(pubkey.IsFullyValid());
+        assert(HexToPubKey(HexStr(pubkey)) == pubkey);
+    }
+
+    {
+        CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
+        pubkey.Serialize(data_stream);
+
+        CPubKey pubkey_deserialized;
+        pubkey_deserialized.Unserialize(data_stream);
+        assert(pubkey_deserialized == pubkey);
+    }
+
+    {
+        const CScript tx_pubkey_script = GetScriptForRawPubKey(pubkey);
+        assert(!tx_pubkey_script.IsPayToScriptHash());
+        assert(!tx_pubkey_script.IsPushOnly());
+        assert(!tx_pubkey_script.IsUnspendable());
+        assert(tx_pubkey_script.size() == 35);
+
+        const CScript tx_multisig_script = GetScriptForMultisig(1, {pubkey});
+        assert(!tx_multisig_script.IsPayToScriptHash());
+        assert(!tx_multisig_script.IsPushOnly());
+        assert(!tx_multisig_script.IsUnspendable());
+        assert(tx_multisig_script.size() == 37);
+
+        txnouttype which_type_tx_pubkey;
+        const bool is_standard_tx_pubkey = IsStandard(tx_pubkey_script, which_type_tx_pubkey);
+        assert(is_standard_tx_pubkey);
+        assert(which_type_tx_pubkey == txnouttype::TX_PUBKEY);
+
+        txnouttype which_type_tx_multisig;
+        const bool is_standard_tx_multisig = IsStandard(tx_multisig_script, which_type_tx_multisig);
+        assert(is_standard_tx_multisig);
+        assert(which_type_tx_multisig == txnouttype::TX_MULTISIG);
+
+        std::vector<std::vector<unsigned char>> v_solutions_ret_tx_pubkey;
+        const txnouttype outtype_tx_pubkey = Solver(tx_pubkey_script, v_solutions_ret_tx_pubkey);
+        assert(outtype_tx_pubkey == txnouttype::TX_PUBKEY);
+        assert(v_solutions_ret_tx_pubkey.size() == 1);
+        assert(v_solutions_ret_tx_pubkey[0].size() == 33);
+
+        std::vector<std::vector<unsigned char>> v_solutions_ret_tx_multisig;
+        const txnouttype outtype_tx_multisig = Solver(tx_multisig_script, v_solutions_ret_tx_multisig);
+        assert(outtype_tx_multisig == txnouttype::TX_MULTISIG);
+        assert(v_solutions_ret_tx_multisig.size() == 3);
+        assert(v_solutions_ret_tx_multisig[0].size() == 1);
+        assert(v_solutions_ret_tx_multisig[1].size() == 33);
+        assert(v_solutions_ret_tx_multisig[2].size() == 1);
+
+        const CTxDestination tx_destination = pubkey.GetID();
+        const CScript script_for_destination = GetScriptForDestination(tx_destination);
+        assert(script_for_destination.size() == 25);
+
+        const std::string destination_address = EncodeDestination(tx_destination);
+        assert(DecodeDestination(destination_address) == tx_destination);
+
+        CKeyID key_id = pubkey.GetID();
+        assert(!key_id.IsNull());
+        assert(key_id == CKeyID{key_id});
+    }
+
+    {
+        const std::vector<unsigned char> vch_pubkey{pubkey.begin(), pubkey.end()};
+        assert(CPubKey::ValidSize(vch_pubkey));
+        assert(!CPubKey::ValidSize({pubkey.begin(), pubkey.begin() + pubkey.size() - 1}));
+
+        const CPubKey pubkey_ctor_1{vch_pubkey};
+        assert(pubkey == pubkey_ctor_1);
+
+        const CPubKey pubkey_ctor_2{vch_pubkey.begin(), vch_pubkey.end()};
+        assert(pubkey == pubkey_ctor_2);
+
+        CPubKey pubkey_set;
+        pubkey_set.Set(vch_pubkey.begin(), vch_pubkey.end());
+        assert(pubkey == pubkey_set);
+    }
+
+    {
+        const CPubKey invalid_pubkey{};
+        assert(!invalid_pubkey.IsValid());
+        assert(!invalid_pubkey.IsFullyValid());
+        assert(!(pubkey == invalid_pubkey));
+        assert(pubkey != invalid_pubkey);
+        assert(pubkey < invalid_pubkey);
+    }
+
+    {
+        // Cover CPubKey's operator[](unsigned int pos)
+        unsigned int sum = 0;
+        for (size_t i = 0; i < pubkey.size(); ++i) {
+            sum += pubkey[i];
+        }
+        assert(std::accumulate(pubkey.begin(), pubkey.end(), 0U) == sum);
+    }
+
+    {
+        CPubKey decompressed_pubkey = pubkey;
+        assert(decompressed_pubkey.IsCompressed());
+
+        const bool ok = decompressed_pubkey.Decompress();
+        assert(ok);
+        assert(!decompressed_pubkey.IsCompressed());
+        assert(decompressed_pubkey.size() == 65);
+    }
+
+    {
+        std::vector<unsigned char> vch_sig;
+        const bool ok = key.Sign(random_uint256, vch_sig, false);
+        assert(ok);
+        assert(pubkey.Verify(random_uint256, vch_sig));
+        assert(CPubKey::CheckLowS(vch_sig));
+
+        const std::vector<unsigned char> vch_invalid_sig{vch_sig.begin(), vch_sig.begin() + vch_sig.size() - 1};
+        assert(!pubkey.Verify(random_uint256, vch_invalid_sig));
+        assert(!CPubKey::CheckLowS(vch_invalid_sig));
+    }
+
+    {
+        std::vector<unsigned char> vch_compact_sig;
+        const bool ok_sign_compact = key.SignCompact(random_uint256, vch_compact_sig);
+        assert(ok_sign_compact);
+
+        CPubKey recover_pubkey;
+        const bool ok_recover_compact = recover_pubkey.RecoverCompact(random_uint256, vch_compact_sig);
+        assert(ok_recover_compact);
+        assert(recover_pubkey == pubkey);
+    }
+
+    {
+        CPubKey child_pubkey;
+        ChainCode child_chaincode;
+        const bool ok = pubkey.Derive(child_pubkey, child_chaincode, 0, random_uint256);
+        assert(ok);
+        assert(child_pubkey != pubkey);
+        assert(child_pubkey.IsCompressed());
+        assert(child_pubkey.IsFullyValid());
+        assert(child_pubkey.IsValid());
+        assert(child_pubkey.size() == 33);
+        assert(child_chaincode != random_uint256);
+    }
+
+    const CPrivKey priv_key = key.GetPrivKey();
+
+    {
+        for (const bool skip_check : {true, false}) {
+            CKey loaded_key;
+            const bool ok = loaded_key.Load(priv_key, pubkey, skip_check);
+            assert(ok);
+            assert(key == loaded_key);
+        }
+    }
+}
diff --git a/src/test/fuzz/locale.cpp b/src/test/fuzz/locale.cpp
new file mode 100644
index 000000000000..c8288123e83c
--- /dev/null
+++ b/src/test/fuzz/locale.cpp
@@ -0,0 +1,96 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <tinyformat.h>
+#include <util/strencodings.h>
+
+#include <cassert>
+#include <clocale>
+#include <cstdint>
+#include <locale>
+#include <string>
+#include <vector>
+
+namespace {
+const std::string locale_identifiers[] = {
+    "C", "C.UTF-8", "aa_DJ", "aa_DJ.ISO-8859-1", "aa_DJ.UTF-8", "aa_ER", "aa_ER.UTF-8", "aa_ET", "aa_ET.UTF-8", "af_ZA", "af_ZA.ISO-8859-1", "af_ZA.UTF-8", "agr_PE", "agr_PE.UTF-8", "ak_GH", "ak_GH.UTF-8", "am_ET", "am_ET.UTF-8", "an_ES", "an_ES.ISO-8859-15", "an_ES.UTF-8", "anp_IN", "anp_IN.UTF-8", "ar_AE", "ar_AE.ISO-8859-6", "ar_AE.UTF-8", "ar_BH", "ar_BH.ISO-8859-6", "ar_BH.UTF-8", "ar_DZ", "ar_DZ.ISO-8859-6", "ar_DZ.UTF-8", "ar_EG", "ar_EG.ISO-8859-6", "ar_EG.UTF-8", "ar_IN", "ar_IN.UTF-8", "ar_IQ", "ar_IQ.ISO-8859-6", "ar_IQ.UTF-8", "ar_JO", "ar_JO.ISO-8859-6", "ar_JO.UTF-8", "ar_KW", "ar_KW.ISO-8859-6", "ar_KW.UTF-8", "ar_LB", "ar_LB.ISO-8859-6", "ar_LB.UTF-8", "ar_LY", "ar_LY.ISO-8859-6", "ar_LY.UTF-8", "ar_MA", "ar_MA.ISO-8859-6", "ar_MA.UTF-8", "ar_OM", "ar_OM.ISO-8859-6", "ar_OM.UTF-8", "ar_QA", "ar_QA.ISO-8859-6", "ar_QA.UTF-8", "ar_SA", "ar_SA.ISO-8859-6", "ar_SA.UTF-8", "ar_SD", "ar_SD.ISO-8859-6", "ar_SD.UTF-8", "ar_SS", "ar_SS.UTF-8", "ar_SY", "ar_SY.ISO-8859-6", "ar_SY.UTF-8", "ar_TN", "ar_TN.ISO-8859-6", "ar_TN.UTF-8", "ar_YE", "ar_YE.ISO-8859-6", "ar_YE.UTF-8", "as_IN", "as_IN.UTF-8", "ast_ES", "ast_ES.ISO-8859-15", "ast_ES.UTF-8", "ayc_PE", "ayc_PE.UTF-8", "az_AZ", "az_AZ.UTF-8", "az_IR", "az_IR.UTF-8", "be_BY", "be_BY.CP1251", "be_BY.UTF-8", "bem_ZM", "bem_ZM.UTF-8", "ber_DZ", "ber_DZ.UTF-8", "ber_MA", "ber_MA.UTF-8", "bg_BG", "bg_BG.CP1251", "bg_BG.UTF-8", "bho_IN", "bho_IN.UTF-8", "bho_NP", "bho_NP.UTF-8", "bi_VU", "bi_VU.UTF-8", "bn_BD", "bn_BD.UTF-8", "bn_IN", "bn_IN.UTF-8", "bo_CN", "bo_CN.UTF-8", "bo_IN", "bo_IN.UTF-8", "br_FR", "br_FR.ISO-8859-1", "br_FR.UTF-8", "brx_IN", "brx_IN.UTF-8", "bs_BA", "bs_BA.ISO-8859-2", "bs_BA.UTF-8", "byn_ER", "byn_ER.UTF-8", "ca_AD", "ca_AD.ISO-8859-15", "ca_AD.UTF-8", "ca_ES", "ca_ES.ISO-8859-1", "ca_ES.UTF-8", "ca_FR", "ca_FR.ISO-8859-15", "ca_FR.UTF-8", "ca_IT", "ca_IT.ISO-8859-15", "ca_IT.UTF-8", "ce_RU", "ce_RU.UTF-8", "chr_US", "chr_US.UTF-8", "ckb_IQ", "ckb_IQ.UTF-8", "cmn_TW", "cmn_TW.UTF-8", "crh_UA", "crh_UA.UTF-8", "csb_PL", "csb_PL.UTF-8", "cs_CZ", "cs_CZ.ISO-8859-2", "cs_CZ.UTF-8", "cv_RU", "cv_RU.UTF-8", "cy_GB", "cy_GB.ISO-8859-14", "cy_GB.UTF-8", "da_DK", "da_DK.ISO-8859-1", "da_DK.UTF-8", "de_AT", "de_AT.ISO-8859-1", "de_AT.UTF-8", "de_BE", "de_BE.ISO-8859-1", "de_BE.UTF-8", "de_CH", "de_CH.ISO-8859-1", "de_CH.UTF-8", "de_DE", "de_DE.ISO-8859-1", "de_DE.UTF-8", "de_IT", "de_IT.ISO-8859-1", "de_IT.UTF-8", "de_LU", "de_LU.ISO-8859-1", "de_LU.UTF-8", "doi_IN", "doi_IN.UTF-8", "dv_MV", "dv_MV.UTF-8", "dz_BT", "dz_BT.UTF-8", "el_CY", "el_CY.ISO-8859-7", "el_CY.UTF-8", "el_GR", "el_GR.ISO-8859-7", "el_GR.UTF-8", "en_AG", "en_AG.UTF-8", "en_AU", "en_AU.ISO-8859-1", "en_AU.UTF-8", "en_BW", "en_BW.ISO-8859-1", "en_BW.UTF-8", "en_CA", "en_CA.ISO-8859-1", "en_CA.UTF-8", "en_DK", "en_DK.ISO-8859-1", "en_DK.ISO-8859-15", "en_DK.UTF-8", "en_GB", "en_GB.ISO-8859-1", "en_GB.ISO-8859-15", "en_GB.UTF-8", "en_HK", "en_HK.ISO-8859-1", "en_HK.UTF-8", "en_IE", "en_IE.ISO-8859-1", "en_IE.UTF-8", "en_IL", "en_IL.UTF-8", "en_IN", "en_IN.UTF-8", "en_NG", "en_NG.UTF-8", "en_NZ", "en_NZ.ISO-8859-1", "en_NZ.UTF-8", "en_PH", "en_PH.ISO-8859-1", "en_PH.UTF-8", "en_SG", "en_SG.ISO-8859-1", "en_SG.UTF-8", "en_US", "en_US.ISO-8859-1", "en_US.ISO-8859-15", "en_US.UTF-8", "en_ZA", "en_ZA.ISO-8859-1", "en_ZA.UTF-8", "en_ZM", "en_ZM.UTF-8", "en_ZW", "en_ZW.ISO-8859-1", "en_ZW.UTF-8", "es_AR", "es_AR.ISO-8859-1", "es_AR.UTF-8", "es_BO", "es_BO.ISO-8859-1", "es_BO.UTF-8", "es_CL", "es_CL.ISO-8859-1", "es_CL.UTF-8", "es_CO", "es_CO.ISO-8859-1", "es_CO.UTF-8", "es_CR", "es_CR.ISO-8859-1", "es_CR.UTF-8", "es_CU", "es_CU.UTF-8", "es_DO", "es_DO.ISO-8859-1", "es_DO.UTF-8", "es_EC", "es_EC.ISO-8859-1", "es_EC.UTF-8", "es_ES", "es_ES.ISO-8859-1", "es_ES.UTF-8", "es_GT", "es_GT.ISO-8859-1", "es_GT.UTF-8", "es_HN", "es_HN.ISO-8859-1", "es_HN.UTF-8", "es_MX", "es_MX.ISO-8859-1", "es_MX.UTF-8", "es_NI", "es_NI.ISO-8859-1", "es_NI.UTF-8", "es_PA", "es_PA.ISO-8859-1", "es_PA.UTF-8", "es_PE", "es_PE.ISO-8859-1", "es_PE.UTF-8", "es_PR", "es_PR.ISO-8859-1", "es_PR.UTF-8", "es_PY", "es_PY.ISO-8859-1", "es_PY.UTF-8", "es_SV", "es_SV.ISO-8859-1", "es_SV.UTF-8", "es_US", "es_US.ISO-8859-1", "es_US.UTF-8", "es_UY", "es_UY.ISO-8859-1", "es_UY.UTF-8", "es_VE", "es_VE.ISO-8859-1", "es_VE.UTF-8", "et_EE", "et_EE.ISO-8859-1", "et_EE.ISO-8859-15", "et_EE.UTF-8", "eu_ES", "eu_ES.ISO-8859-1", "eu_ES.UTF-8", "eu_FR", "eu_FR.ISO-8859-1", "eu_FR.UTF-8", "fa_IR", "fa_IR.UTF-8", "ff_SN", "ff_SN.UTF-8", "fi_FI", "fi_FI.ISO-8859-1", "fi_FI.UTF-8", "fil_PH", "fil_PH.UTF-8", "fo_FO", "fo_FO.ISO-8859-1", "fo_FO.UTF-8", "fr_BE", "fr_BE.ISO-8859-1", "fr_BE.UTF-8", "fr_CA", "fr_CA.ISO-8859-1", "fr_CA.UTF-8", "fr_CH", "fr_CH.ISO-8859-1", "fr_CH.UTF-8", "fr_FR", "fr_FR.ISO-8859-1", "fr_FR.UTF-8", "fr_LU", "fr_LU.ISO-8859-1", "fr_LU.UTF-8", "fur_IT", "fur_IT.UTF-8", "fy_DE", "fy_DE.UTF-8", "fy_NL", "fy_NL.UTF-8", "ga_IE", "ga_IE.ISO-8859-1", "ga_IE.UTF-8", "gd_GB", "gd_GB.ISO-8859-15", "gd_GB.UTF-8", "gez_ER", "gez_ER.UTF-8", "gez_ET", "gez_ET.UTF-8", "gl_ES", "gl_ES.ISO-8859-1", "gl_ES.UTF-8", "gu_IN", "gu_IN.UTF-8", "gv_GB", "gv_GB.ISO-8859-1", "gv_GB.UTF-8", "hak_TW", "hak_TW.UTF-8", "ha_NG", "ha_NG.UTF-8", "he_IL", "he_IL.ISO-8859-8", "he_IL.UTF-8", "hif_FJ", "hif_FJ.UTF-8", "hi_IN", "hi_IN.UTF-8", "hne_IN", "hne_IN.UTF-8", "hr_HR", "hr_HR.ISO-8859-2", "hr_HR.UTF-8", "hsb_DE", "hsb_DE.ISO-8859-2", "hsb_DE.UTF-8", "ht_HT", "ht_HT.UTF-8", "hu_HU", "hu_HU.ISO-8859-2", "hu_HU.UTF-8", "hy_AM", "hy_AM.ARMSCII-8", "hy_AM.UTF-8", "ia_FR", "ia_FR.UTF-8", "id_ID", "id_ID.ISO-8859-1", "id_ID.UTF-8", "ig_NG", "ig_NG.UTF-8", "ik_CA", "ik_CA.UTF-8", "is_IS", "is_IS.ISO-8859-1", "is_IS.UTF-8", "it_CH", "it_CH.ISO-8859-1", "it_CH.UTF-8", "it_IT", "it_IT.ISO-8859-1", "it_IT.UTF-8", "iu_CA", "iu_CA.UTF-8", "kab_DZ", "kab_DZ.UTF-8", "ka_GE", "ka_GE.GEORGIAN-PS", "ka_GE.UTF-8", "kk_KZ", "kk_KZ.PT154", "kk_KZ.RK1048", "kk_KZ.UTF-8", "kl_GL", "kl_GL.ISO-8859-1", "kl_GL.UTF-8", "km_KH", "km_KH.UTF-8", "kn_IN", "kn_IN.UTF-8", "kok_IN", "kok_IN.UTF-8", "ks_IN", "ks_IN.UTF-8", "ku_TR", "ku_TR.ISO-8859-9", "ku_TR.UTF-8", "kw_GB", "kw_GB.ISO-8859-1", "kw_GB.UTF-8", "ky_KG", "ky_KG.UTF-8", "lb_LU", "lb_LU.UTF-8", "lg_UG", "lg_UG.ISO-8859-10", "lg_UG.UTF-8", "li_BE", "li_BE.UTF-8", "lij_IT", "lij_IT.UTF-8", "li_NL", "li_NL.UTF-8", "ln_CD", "ln_CD.UTF-8", "lo_LA", "lo_LA.UTF-8", "lt_LT", "lt_LT.ISO-8859-13", "lt_LT.UTF-8", "lv_LV", "lv_LV.ISO-8859-13", "lv_LV.UTF-8", "lzh_TW", "lzh_TW.UTF-8", "mag_IN", "mag_IN.UTF-8", "mai_IN", "mai_IN.UTF-8", "mai_NP", "mai_NP.UTF-8", "mfe_MU", "mfe_MU.UTF-8", "mg_MG", "mg_MG.ISO-8859-15", "mg_MG.UTF-8", "mhr_RU", "mhr_RU.UTF-8", "mi_NZ", "mi_NZ.ISO-8859-13", "mi_NZ.UTF-8", "miq_NI", "miq_NI.UTF-8", "mjw_IN", "mjw_IN.UTF-8", "mk_MK", "mk_MK.ISO-8859-5", "mk_MK.UTF-8", "ml_IN", "ml_IN.UTF-8", "mni_IN", "mni_IN.UTF-8", "mn_MN", "mn_MN.UTF-8", "mr_IN", "mr_IN.UTF-8", "ms_MY", "ms_MY.ISO-8859-1", "ms_MY.UTF-8", "mt_MT", "mt_MT.ISO-8859-3", "mt_MT.UTF-8", "my_MM", "my_MM.UTF-8", "nan_TW", "nan_TW.UTF-8", "nb_NO", "nb_NO.ISO-8859-1", "nb_NO.UTF-8", "nds_DE", "nds_DE.UTF-8", "nds_NL", "nds_NL.UTF-8", "ne_NP", "ne_NP.UTF-8", "nhn_MX", "nhn_MX.UTF-8", "niu_NU", "niu_NU.UTF-8", "niu_NZ", "niu_NZ.UTF-8", "nl_AW", "nl_AW.UTF-8", "nl_BE", "nl_BE.ISO-8859-1", "nl_BE.UTF-8", "nl_NL", "nl_NL.ISO-8859-1", "nl_NL.UTF-8", "nn_NO", "nn_NO.ISO-8859-1", "nn_NO.UTF-8", "nr_ZA", "nr_ZA.UTF-8", "nso_ZA", "nso_ZA.UTF-8", "oc_FR", "oc_FR.ISO-8859-1", "oc_FR.UTF-8", "om_ET", "om_ET.UTF-8", "om_KE", "om_KE.ISO-8859-1", "om_KE.UTF-8", "or_IN", "or_IN.UTF-8", "os_RU", "os_RU.UTF-8", "pa_IN", "pa_IN.UTF-8", "pap_AW", "pap_AW.UTF-8", "pap_CW", "pap_CW.UTF-8", "pa_PK", "pa_PK.UTF-8", "pl_PL", "pl_PL.ISO-8859-2", "pl_PL.UTF-8", "ps_AF", "ps_AF.UTF-8", "pt_BR", "pt_BR.ISO-8859-1", "pt_BR.UTF-8", "pt_PT", "pt_PT.ISO-8859-1", "pt_PT.UTF-8", "quz_PE", "quz_PE.UTF-8", "raj_IN", "raj_IN.UTF-8", "ro_RO", "ro_RO.ISO-8859-2", "ro_RO.UTF-8", "ru_RU", "ru_RU.CP1251", "ru_RU.ISO-8859-5", "ru_RU.KOI8-R", "ru_RU.UTF-8", "ru_UA", "ru_UA.KOI8-U", "ru_UA.UTF-8", "rw_RW", "rw_RW.UTF-8", "sa_IN", "sa_IN.UTF-8", "sat_IN", "sat_IN.UTF-8", "sc_IT", "sc_IT.UTF-8", "sd_IN", "sd_IN.UTF-8", "sd_PK", "sd_PK.UTF-8", "se_NO", "se_NO.UTF-8", "sgs_LT", "sgs_LT.UTF-8", "shn_MM", "shn_MM.UTF-8", "shs_CA", "shs_CA.UTF-8", "sid_ET", "sid_ET.UTF-8", "si_LK", "si_LK.UTF-8", "sk_SK", "sk_SK.ISO-8859-2", "sk_SK.UTF-8", "sl_SI", "sl_SI.ISO-8859-2", "sl_SI.UTF-8", "sm_WS", "sm_WS.UTF-8", "so_DJ", "so_DJ.ISO-8859-1", "so_DJ.UTF-8", "so_ET", "so_ET.UTF-8", "so_KE", "so_KE.ISO-8859-1", "so_KE.UTF-8", "so_SO", "so_SO.ISO-8859-1", "so_SO.UTF-8", "sq_AL", "sq_AL.ISO-8859-1", "sq_AL.UTF-8", "sq_MK", "sq_MK.UTF-8", "sr_ME", "sr_ME.UTF-8", "sr_RS", "sr_RS.UTF-8", "ss_ZA", "ss_ZA.UTF-8", "st_ZA", "st_ZA.ISO-8859-1", "st_ZA.UTF-8", "sv_FI", "sv_FI.ISO-8859-1", "sv_FI.UTF-8", "sv_SE", "sv_SE.ISO-8859-1", "sv_SE.ISO-8859-15", "sv_SE.UTF-8", "sw_KE", "sw_KE.UTF-8", "sw_TZ", "sw_TZ.UTF-8", "szl_PL", "szl_PL.UTF-8", "ta_IN", "ta_IN.UTF-8", "ta_LK", "ta_LK.UTF-8", "te_IN", "te_IN.UTF-8", "tg_TJ", "tg_TJ.KOI8-T", "tg_TJ.UTF-8", "the_NP", "the_NP.UTF-8", "th_TH", "th_TH.TIS-620", "th_TH.UTF-8", "ti_ER", "ti_ER.UTF-8", "ti_ET", "ti_ET.UTF-8", "tig_ER", "tig_ER.UTF-8", "tk_TM", "tk_TM.UTF-8", "tl_PH", "tl_PH.ISO-8859-1", "tl_PH.UTF-8", "tn_ZA", "tn_ZA.UTF-8", "to_TO", "to_TO.UTF-8", "tpi_PG", "tpi_PG.UTF-8", "tr_CY", "tr_CY.ISO-8859-9", "tr_CY.UTF-8", "tr_TR", "tr_TR.ISO-8859-9", "tr_TR.UTF-8", "ts_ZA", "ts_ZA.UTF-8", "tt_RU", "tt_RU.UTF-8", "ug_CN", "ug_CN.UTF-8", "uk_UA", "uk_UA.KOI8-U", "uk_UA.UTF-8", "unm_US", "unm_US.UTF-8", "ur_IN", "ur_IN.UTF-8", "ur_PK", "ur_PK.UTF-8", "uz_UZ", "uz_UZ.ISO-8859-1", "uz_UZ.UTF-8", "ve_ZA", "ve_ZA.UTF-8", "vi_VN", "vi_VN.UTF-8", "wa_BE", "wa_BE.ISO-8859-1", "wa_BE.UTF-8", "wae_CH", "wae_CH.UTF-8", "wal_ET", "wal_ET.UTF-8", "wo_SN", "wo_SN.UTF-8", "xh_ZA", "xh_ZA.ISO-8859-1", "xh_ZA.UTF-8", "yi_US", "yi_US.CP1255", "yi_US.UTF-8", "yo_NG", "yo_NG.UTF-8", "yue_HK", "yue_HK.UTF-8", "yuw_PG", "yuw_PG.UTF-8", "zh_CN", "zh_CN.GB18030", "zh_CN.GB2312", "zh_CN.GBK", "zh_CN.UTF-8", "zh_HK", "zh_HK.BIG5-HKSCS", "zh_HK.UTF-8", "zh_SG", "zh_SG.GB2312", "zh_SG.GBK", "zh_SG.UTF-8", "zh_TW", "zh_TW.BIG5", "zh_TW.EUC-TW", "zh_TW.UTF-8", "zu_ZA", "zu_ZA.ISO-8859-1", "zu_ZA.UTF-8"
+};
+
+std::string ConsumeLocaleIdentifier(FuzzedDataProvider& fuzzed_data_provider)
+{
+    return fuzzed_data_provider.PickValueInArray<std::string>(locale_identifiers);
+}
+
+bool IsAvailableLocale(const std::string& locale_identifier)
+{
+    try {
+        (void)std::locale(locale_identifier);
+    } catch (const std::runtime_error&) {
+        return false;
+    }
+    return true;
+}
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const std::string locale_identifier = ConsumeLocaleIdentifier(fuzzed_data_provider);
+    if (!IsAvailableLocale(locale_identifier)) {
+        return;
+    }
+    const char* c_locale = std::setlocale(LC_ALL, "C");
+    assert(c_locale != nullptr);
+
+    const std::string random_string = fuzzed_data_provider.ConsumeRandomLengthString(5);
+    int32_t parseint32_out_without_locale;
+    const bool parseint32_without_locale = ParseInt32(random_string, &parseint32_out_without_locale);
+    int64_t parseint64_out_without_locale;
+    const bool parseint64_without_locale = ParseInt64(random_string, &parseint64_out_without_locale);
+    const int64_t atoi64_without_locale = atoi64(random_string);
+    const int atoi_without_locale = atoi(random_string);
+    const int64_t atoi64c_without_locale = atoi64(random_string.c_str());
+    const int64_t random_int64 = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+    const std::string i64tostr_without_locale = i64tostr(random_int64);
+    const int32_t random_int32 = fuzzed_data_provider.ConsumeIntegral<int32_t>();
+    const std::string itostr_without_locale = itostr(random_int32);
+    const std::string strprintf_int_without_locale = strprintf("%d", random_int64);
+    const double random_double = fuzzed_data_provider.ConsumeFloatingPoint<double>();
+    const std::string strprintf_double_without_locale = strprintf("%f", random_double);
+
+    const char* new_locale = std::setlocale(LC_ALL, locale_identifier.c_str());
+    assert(new_locale != nullptr);
+
+    int32_t parseint32_out_with_locale;
+    const bool parseint32_with_locale = ParseInt32(random_string, &parseint32_out_with_locale);
+    assert(parseint32_without_locale == parseint32_with_locale);
+    if (parseint32_without_locale) {
+        assert(parseint32_out_without_locale == parseint32_out_with_locale);
+    }
+    int64_t parseint64_out_with_locale;
+    const bool parseint64_with_locale = ParseInt64(random_string, &parseint64_out_with_locale);
+    assert(parseint64_without_locale == parseint64_with_locale);
+    if (parseint64_without_locale) {
+        assert(parseint64_out_without_locale == parseint64_out_with_locale);
+    }
+    const int64_t atoi64_with_locale = atoi64(random_string);
+    assert(atoi64_without_locale == atoi64_with_locale);
+    const int64_t atoi64c_with_locale = atoi64(random_string.c_str());
+    assert(atoi64c_without_locale == atoi64c_with_locale);
+    const int atoi_with_locale = atoi(random_string);
+    assert(atoi_without_locale == atoi_with_locale);
+    const std::string i64tostr_with_locale = i64tostr(random_int64);
+    assert(i64tostr_without_locale == i64tostr_with_locale);
+    const std::string itostr_with_locale = itostr(random_int32);
+    assert(itostr_without_locale == itostr_with_locale);
+    const std::string strprintf_int_with_locale = strprintf("%d", random_int64);
+    assert(strprintf_int_without_locale == strprintf_int_with_locale);
+    const std::string strprintf_double_with_locale = strprintf("%f", random_double);
+    assert(strprintf_double_without_locale == strprintf_double_with_locale);
+
+    const std::locale current_cpp_locale;
+    assert(current_cpp_locale == std::locale::classic());
+}
diff --git a/src/test/fuzz/p2p_transport_deserializer.cpp b/src/test/fuzz/p2p_transport_deserializer.cpp
new file mode 100644
index 000000000000..57393fed4502
--- /dev/null
+++ b/src/test/fuzz/p2p_transport_deserializer.cpp
@@ -0,0 +1,47 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chainparams.h>
+#include <net.h>
+#include <protocol.h>
+#include <test/fuzz/fuzz.h>
+
+#include <cassert>
+#include <cstdint>
+#include <limits>
+#include <vector>
+
+void initialize()
+{
+    SelectParams(CBaseChainParams::REGTEST);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    V1TransportDeserializer deserializer{Params().MessageStart(), SER_NETWORK, INIT_PROTO_VERSION};
+    const char* pch = (const char*)buffer.data();
+    size_t n_bytes = buffer.size();
+    while (n_bytes > 0) {
+        const int handled = deserializer.Read(pch, n_bytes);
+        if (handled < 0) {
+            break;
+        }
+        pch += handled;
+        n_bytes -= handled;
+        if (deserializer.Complete()) {
+            const int64_t m_time = std::numeric_limits<int64_t>::max();
+            const CNetMessage msg = deserializer.GetMessage(Params().MessageStart(), m_time);
+            assert(msg.m_command.size() <= CMessageHeader::COMMAND_SIZE);
+            assert(msg.m_raw_message_size <= buffer.size());
+            assert(msg.m_raw_message_size == CMessageHeader::HEADER_SIZE + msg.m_message_size);
+            assert(msg.m_time == m_time);
+            if (msg.m_valid_header) {
+                assert(msg.m_valid_netmagic);
+            }
+            if (!msg.m_valid_netmagic) {
+                assert(!msg.m_valid_header);
+            }
+        }
+    }
+}
diff --git a/src/test/fuzz/parse_hd_keypath.cpp b/src/test/fuzz/parse_hd_keypath.cpp
new file mode 100644
index 000000000000..9a23f4b2d439
--- /dev/null
+++ b/src/test/fuzz/parse_hd_keypath.cpp
@@ -0,0 +1,13 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/fuzz.h>
+#include <util/bip32.h>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string keypath_str(buffer.begin(), buffer.end());
+    std::vector<uint32_t> keypath;
+    (void)ParseHDKeypath(keypath_str, keypath);
+}
diff --git a/src/test/fuzz/parse_iso8601.cpp b/src/test/fuzz/parse_iso8601.cpp
new file mode 100644
index 000000000000..c86f8a853e8a
--- /dev/null
+++ b/src/test/fuzz/parse_iso8601.cpp
@@ -0,0 +1,32 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <util/time.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    const int64_t random_time = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+    const std::string random_string = fuzzed_data_provider.ConsumeRemainingBytesAsString();
+
+    const std::string iso8601_datetime = FormatISO8601DateTime(random_time);
+    const int64_t parsed_time_1 = ParseISO8601DateTime(iso8601_datetime);
+    if (random_time >= 0) {
+        assert(parsed_time_1 >= 0);
+        if (iso8601_datetime.length() == 20) {
+            assert(parsed_time_1 == random_time);
+        }
+    }
+
+    const int64_t parsed_time_2 = ParseISO8601DateTime(random_string);
+    assert(parsed_time_2 >= 0);
+}
diff --git a/src/test/fuzz/parse_numbers.cpp b/src/test/fuzz/parse_numbers.cpp
new file mode 100644
index 000000000000..59f89dc9fbbb
--- /dev/null
+++ b/src/test/fuzz/parse_numbers.cpp
@@ -0,0 +1,35 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/fuzz.h>
+#include <util/moneystr.h>
+#include <util/strencodings.h>
+
+#include <string>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string random_string(buffer.begin(), buffer.end());
+
+    CAmount amount;
+    (void)ParseMoney(random_string, amount);
+
+    double d;
+    (void)ParseDouble(random_string, &d);
+
+    int32_t i32;
+    (void)ParseInt32(random_string, &i32);
+    (void)atoi(random_string);
+
+    uint32_t u32;
+    (void)ParseUInt32(random_string, &u32);
+
+    int64_t i64;
+    (void)atoi64(random_string);
+    (void)ParseFixedPoint(random_string, 3, &i64);
+    (void)ParseInt64(random_string, &i64);
+
+    uint64_t u64;
+    (void)ParseUInt64(random_string, &u64);
+}
diff --git a/src/test/fuzz/parse_script.cpp b/src/test/fuzz/parse_script.cpp
new file mode 100644
index 000000000000..21ac1aecf3a9
--- /dev/null
+++ b/src/test/fuzz/parse_script.cpp
@@ -0,0 +1,16 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <core_io.h>
+#include <script/script.h>
+#include <test/fuzz/fuzz.h>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string script_string(buffer.begin(), buffer.end());
+    try {
+        (void)ParseScript(script_string);
+    } catch (const std::runtime_error&) {
+    }
+}
diff --git a/src/test/fuzz/parse_univalue.cpp b/src/test/fuzz/parse_univalue.cpp
new file mode 100644
index 000000000000..4f1099549485
--- /dev/null
+++ b/src/test/fuzz/parse_univalue.cpp
@@ -0,0 +1,87 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chainparams.h>
+#include <core_io.h>
+#include <key.h>
+#include <rpc/client.h>
+#include <rpc/util.h>
+#include <test/fuzz/fuzz.h>
+#include <util/memory.h>
+#include <script/sign.h>
+
+#include <limits>
+#include <string>
+
+void initialize()
+{
+    static const auto verify_handle = MakeUnique<ECCVerifyHandle>();
+    SelectParams(CBaseChainParams::REGTEST);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string random_string(buffer.begin(), buffer.end());
+    bool valid = true;
+    const UniValue univalue = [&] {
+        try {
+            return ParseNonRFCJSONValue(random_string);
+        } catch (const std::runtime_error&) {
+            valid = false;
+            return NullUniValue;
+        }
+    }();
+    if (!valid) {
+        return;
+    }
+    try {
+        (void)ParseHashO(univalue, "A");
+        (void)ParseHashO(univalue, random_string);
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)ParseHashV(univalue, "A");
+        (void)ParseHashV(univalue, random_string);
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)ParseHexO(univalue, "A");
+        (void)ParseHexO(univalue, random_string);
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)ParseHexUV(univalue, "A");
+        (void)ParseHexUV(univalue, random_string);
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)ParseHexV(univalue, "A");
+        (void)ParseHexV(univalue, random_string);
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)ParseSighashString(univalue);
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)AmountFromValue(univalue);
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)ParseConfirmTarget(univalue, std::numeric_limits<unsigned int>::max());
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)ParseDescriptorRange(univalue);
+    } catch (const UniValue&) {
+    } catch (const std::runtime_error&) {
+    }
+}
diff --git a/src/test/fuzz/rolling_bloom_filter.cpp b/src/test/fuzz/rolling_bloom_filter.cpp
new file mode 100644
index 000000000000..ce69c4e8da38
--- /dev/null
+++ b/src/test/fuzz/rolling_bloom_filter.cpp
@@ -0,0 +1,50 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <bloom.h>
+#include <optional.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <uint256.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    CRollingBloomFilter rolling_bloom_filter{
+        fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 1000),
+        0.999 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max())};
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 2)) {
+        case 0: {
+            const std::vector<unsigned char>& b = ConsumeRandomLengthByteVector(fuzzed_data_provider);
+            (void)rolling_bloom_filter.contains(b);
+            rolling_bloom_filter.insert(b);
+            const bool present = rolling_bloom_filter.contains(b);
+            assert(present);
+            break;
+        }
+        case 1: {
+            const Optional<uint256> u256 = ConsumeDeserializable<uint256>(fuzzed_data_provider);
+            if (!u256) {
+                break;
+            }
+            (void)rolling_bloom_filter.contains(*u256);
+            rolling_bloom_filter.insert(*u256);
+            const bool present = rolling_bloom_filter.contains(*u256);
+            assert(present);
+            break;
+        }
+        case 2:
+            rolling_bloom_filter.reset();
+            break;
+        }
+    }
+}
diff --git a/src/test/fuzz/script.cpp b/src/test/fuzz/script.cpp
new file mode 100644
index 000000000000..251b6c891622
--- /dev/null
+++ b/src/test/fuzz/script.cpp
@@ -0,0 +1,58 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chainparams.h>
+#include <compressor.h>
+#include <core_io.h>
+#include <core_memusage.h>
+#include <key.h>
+#include <policy/policy.h>
+#include <pubkey.h>
+#include <script/descriptor.h>
+#include <script/script.h>
+#include <script/sign.h>
+#include <script/standard.h>
+#include <streams.h>
+#include <test/fuzz/fuzz.h>
+#include <util/memory.h>
+
+void initialize()
+{
+    // Fuzzers using pubkey must hold an ECCVerifyHandle.
+    static const auto verify_handle = MakeUnique<ECCVerifyHandle>();
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const CScript script(buffer.begin(), buffer.end());
+
+    std::vector<unsigned char> compressed;
+    (void)CompressScript(script, compressed);
+
+    CTxDestination address;
+    (void)ExtractDestination(script, address);
+
+    txnouttype type_ret;
+    std::vector<CTxDestination> addresses;
+    int required_ret;
+    (void)ExtractDestinations(script, type_ret, addresses, required_ret);
+
+    const FlatSigningProvider signing_provider;
+    (void)InferDescriptor(script, signing_provider);
+
+    (void)IsSolvable(signing_provider, script);
+
+    txnouttype which_type;
+    (void)IsStandard(script, which_type);
+
+    (void)RecursiveDynamicUsage(script);
+
+    std::vector<std::vector<unsigned char>> solutions;
+    (void)Solver(script, solutions);
+
+    (void)script.IsPayToScriptHash();
+    (void)script.IsPushOnly();
+    (void)script.IsUnspendable();
+    (void)script.GetSigOpCount(/* fAccurate= */ false);
+}
diff --git a/src/test/fuzz/spanparsing.cpp b/src/test/fuzz/spanparsing.cpp
new file mode 100644
index 000000000000..8e5e7dad11b3
--- /dev/null
+++ b/src/test/fuzz/spanparsing.cpp
@@ -0,0 +1,30 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <util/spanparsing.h>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const size_t query_size = fuzzed_data_provider.ConsumeIntegral<size_t>();
+    const std::string query = fuzzed_data_provider.ConsumeBytesAsString(std::min<size_t>(query_size, 1024 * 1024));
+    const std::string span_str = fuzzed_data_provider.ConsumeRemainingBytesAsString();
+    const Span<const char> const_span = MakeSpan(span_str);
+
+    Span<const char> mut_span = const_span;
+    (void)spanparsing::Const(query, mut_span);
+
+    mut_span = const_span;
+    (void)spanparsing::Func(query, mut_span);
+
+    mut_span = const_span;
+    (void)spanparsing::Expr(mut_span);
+
+    if (!query.empty()) {
+        mut_span = const_span;
+        (void)spanparsing::Split(mut_span, query.front());
+    }
+}
diff --git a/src/test/fuzz/strprintf.cpp b/src/test/fuzz/strprintf.cpp
new file mode 100644
index 000000000000..0de21f0e7c98
--- /dev/null
+++ b/src/test/fuzz/strprintf.cpp
@@ -0,0 +1,147 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <tinyformat.h>
+#include <util/strencodings.h>
+
+#include <algorithm>
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const std::string format_string = fuzzed_data_provider.ConsumeRandomLengthString(64);
+
+    const int digits_in_format_specifier = std::count_if(format_string.begin(), format_string.end(), IsDigit);
+
+    // Avoid triggering the following crash bug:
+    // * strprintf("%987654321000000:", 1);
+    //
+    // Avoid triggering the following OOM bug:
+    // * strprintf("%.222222200000000$", 1.1);
+    //
+    // Upstream bug report: https://github.com/c42f/tinyformat/issues/70
+    if (format_string.find("%") != std::string::npos && digits_in_format_specifier >= 7) {
+        return;
+    }
+
+    // Avoid triggering the following crash bug:
+    // * strprintf("%1$*1$*", -11111111);
+    //
+    // Upstream bug report: https://github.com/c42f/tinyformat/issues/70
+    if (format_string.find("%") != std::string::npos && format_string.find("$") != std::string::npos && format_string.find("*") != std::string::npos && digits_in_format_specifier > 0) {
+        return;
+    }
+
+    // Avoid triggering the following crash bug:
+    // * strprintf("%.1s", (char*)nullptr);
+    //
+    // (void)strprintf(format_string, (char*)nullptr);
+    //
+    // Upstream bug report: https://github.com/c42f/tinyformat/issues/70
+
+    try {
+        (void)strprintf(format_string, (signed char*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (unsigned char*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (void*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (bool*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (float*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (double*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (int16_t*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (uint16_t*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (int32_t*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (uint32_t*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (int64_t*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+    try {
+        (void)strprintf(format_string, (uint64_t*)nullptr);
+    } catch (const tinyformat::format_error&) {
+    }
+
+    try {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 13)) {
+        case 0:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeRandomLengthString(32));
+            break;
+        case 1:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeRandomLengthString(32).c_str());
+            break;
+        case 2:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<signed char>());
+            break;
+        case 3:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<unsigned char>());
+            break;
+        case 4:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<char>());
+            break;
+        case 5:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeBool());
+            break;
+        case 6:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeFloatingPoint<float>());
+            break;
+        case 7:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeFloatingPoint<double>());
+            break;
+        case 8:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<int16_t>());
+            break;
+        case 9:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<uint16_t>());
+            break;
+        case 10:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<int32_t>());
+            break;
+        case 11:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<uint32_t>());
+            break;
+        case 12:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<int64_t>());
+            break;
+        case 13:
+            (void)strprintf(format_string, fuzzed_data_provider.ConsumeIntegral<uint64_t>());
+            break;
+        default:
+            assert(false);
+        }
+    } catch (const tinyformat::format_error&) {
+    }
+}
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
new file mode 100644
index 000000000000..d2a69ddfae98
--- /dev/null
+++ b/src/test/fuzz/util.h
@@ -0,0 +1,39 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_TEST_FUZZ_UTIL_H
+#define BITCOIN_TEST_FUZZ_UTIL_H
+
+#include <attributes.h>
+#include <optional.h>
+#include <serialize.h>
+#include <streams.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <version.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+[[ nodiscard ]] inline std::vector<uint8_t> ConsumeRandomLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept
+{
+    const std::string s = fuzzed_data_provider.ConsumeRandomLengthString(max_length);
+    return {s.begin(), s.end()};
+}
+
+template <typename T>
+[[ nodiscard ]] inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept
+{
+    const std::vector<uint8_t>& buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
+    CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
+    T obj;
+    try {
+        ds >> obj;
+    } catch (const std::ios_base::failure&) {
+        return nullopt;
+    }
+    return obj;
+}
+
+#endif // BITCOIN_TEST_FUZZ_UTIL_H
diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp
index bf9190844e45..0891f2e114f4 100644
--- a/src/test/util_tests.cpp
+++ b/src/test/util_tests.cpp
@@ -116,9 +116,17 @@ BOOST_AUTO_TEST_CASE(util_Join)
     BOOST_CHECK_EQUAL(Join({"foo", "bar"}, ", "), "foo, bar");
 }
 
-BOOST_AUTO_TEST_CASE(util_FormatISO8601DateTime)
+BOOST_AUTO_TEST_CASE(util_FormatParseISO8601DateTime)
 {
     BOOST_CHECK_EQUAL(FormatISO8601DateTime(1317425777), "2011-09-30T23:36:17Z");
+    BOOST_CHECK_EQUAL(FormatISO8601DateTime(0), "1970-01-01T00:00:00Z");
+
+    BOOST_CHECK_EQUAL(ParseISO8601DateTime("1970-01-01T00:00:00Z"), 0);
+    BOOST_CHECK_EQUAL(ParseISO8601DateTime("1960-01-01T00:00:00Z"), 0);
+    BOOST_CHECK_EQUAL(ParseISO8601DateTime("2011-09-30T23:36:17Z"), 1317425777);
+
+    auto time = GetSystemTimeInSeconds();
+    BOOST_CHECK_EQUAL(ParseISO8601DateTime(FormatISO8601DateTime(time)), time);
 }
 
 BOOST_AUTO_TEST_CASE(util_FormatISO8601Date)
diff --git a/src/util/asmap.cpp b/src/util/asmap.cpp
index 473977b71003..d56fcb528618 100644
--- a/src/util/asmap.cpp
+++ b/src/util/asmap.cpp
@@ -2,11 +2,15 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <assert.h>
+#include <map>
 #include <vector>
 #include <crypto/common.h>
 
 namespace {
 
+constexpr uint32_t INVALID = 0xFFFFFFFF;
+
 uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos, uint8_t minval, const std::vector<uint8_t> &bit_sizes)
 {
     uint32_t val = minval;
@@ -24,7 +28,7 @@ uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector
             val += (1 << *bit_sizes_it);
         } else {
             for (int b = 0; b < *bit_sizes_it; b++) {
-                if (bitpos == endpos) break;
+                if (bitpos == endpos) return INVALID; // Reached EOF in mantissa
                 bit = *bitpos;
                 bitpos++;
                 val += bit << (*bit_sizes_it - 1 - b);
@@ -32,13 +36,21 @@ uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector
             return val;
         }
     }
-    return -1;
+    return INVALID; // Reached EOF in exponent
 }
 
+enum class Instruction : uint32_t
+{
+    RETURN = 0,
+    JUMP = 1,
+    MATCH = 2,
+    DEFAULT = 3,
+};
+
 const std::vector<uint8_t> TYPE_BIT_SIZES{0, 0, 1};
-uint32_t DecodeType(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
+Instruction DecodeType(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
 {
-    return DecodeBits(bitpos, endpos, 0, TYPE_BIT_SIZES);
+    return Instruction(DecodeBits(bitpos, endpos, 0, TYPE_BIT_SIZES));
 }
 
 const std::vector<uint8_t> ASN_BIT_SIZES{15, 16, 17, 18, 19, 20, 21, 22, 23, 24};
@@ -69,34 +81,105 @@ uint32_t Interpret(const std::vector<bool> &asmap, const std::vector<bool> &ip)
     const std::vector<bool>::const_iterator endpos = asmap.end();
     uint8_t bits = ip.size();
     uint32_t default_asn = 0;
-    uint32_t opcode, jump, match, matchlen;
+    uint32_t jump, match, matchlen;
+    Instruction opcode;
     while (pos != endpos) {
         opcode = DecodeType(pos, endpos);
-        if (opcode == 0) {
-            return DecodeASN(pos, endpos);
-        } else if (opcode == 1) {
+        if (opcode == Instruction::RETURN) {
+            default_asn = DecodeASN(pos, endpos);
+            if (default_asn == INVALID) break; // ASN straddles EOF
+            return default_asn;
+        } else if (opcode == Instruction::JUMP) {
             jump = DecodeJump(pos, endpos);
-            if (bits == 0) break;
+            if (jump == INVALID) break; // Jump offset straddles EOF
+            if (bits == 0) break; // No input bits left
+            if (jump >= endpos - pos) break; // Jumping past EOF
             if (ip[ip.size() - bits]) {
-                if (jump >= endpos - pos) break;
                 pos += jump;
             }
             bits--;
-        } else if (opcode == 2) {
+        } else if (opcode == Instruction::MATCH) {
             match = DecodeMatch(pos, endpos);
+            if (match == INVALID) break; // Match bits straddle EOF
             matchlen = CountBits(match) - 1;
+            if (bits < matchlen) break; // Not enough input bits
             for (uint32_t bit = 0; bit < matchlen; bit++) {
-                if (bits == 0) break;
                 if ((ip[ip.size() - bits]) != ((match >> (matchlen - 1 - bit)) & 1)) {
                     return default_asn;
                 }
                 bits--;
             }
-        } else if (opcode == 3) {
+        } else if (opcode == Instruction::DEFAULT) {
             default_asn = DecodeASN(pos, endpos);
+            if (default_asn == INVALID) break; // ASN straddles EOF
         } else {
-            break;
+            break; // Instruction straddles EOF
         }
     }
+    assert(false); // Reached EOF without RETURN, or aborted (see any of the breaks above) - should have been caught by SanityCheckASMap below
     return 0; // 0 is not a valid ASN
 }
+
+bool SanityCheckASMap(const std::vector<bool>& asmap, int bits)
+{
+    const std::vector<bool>::const_iterator begin = asmap.begin(), endpos = asmap.end();
+    std::vector<bool>::const_iterator pos = begin;
+    std::vector<std::pair<uint32_t, int>> jumps; // All future positions we may jump to (bit offset in asmap -> bits to consume left)
+    jumps.reserve(bits);
+    Instruction prevopcode = Instruction::JUMP;
+    bool had_incomplete_match = false;
+    while (pos != endpos) {
+        uint32_t offset = pos - begin;
+        if (!jumps.empty() && offset >= jumps.back().first) return false; // There was a jump into the middle of the previous instruction
+        Instruction opcode = DecodeType(pos, endpos);
+        if (opcode == Instruction::RETURN) {
+            if (prevopcode == Instruction::DEFAULT) return false; // There should not be any RETURN immediately after a DEFAULT (could be combined into just RETURN)
+            uint32_t asn = DecodeASN(pos, endpos);
+            if (asn == INVALID) return false; // ASN straddles EOF
+            if (jumps.empty()) {
+                // Nothing to execute anymore
+                if (endpos - pos > 7) return false; // Excessive padding
+                while (pos != endpos) {
+                    if (*pos) return false; // Nonzero padding bit
+                    ++pos;
+                }
+                return true; // Sanely reached EOF
+            } else {
+                // Continue by pretending we jumped to the next instruction
+                offset = pos - begin;
+                if (offset != jumps.back().first) return false; // Unreachable code
+                bits = jumps.back().second; // Restore the number of bits we would have had left after this jump
+                jumps.pop_back();
+                prevopcode = Instruction::JUMP;
+            }
+        } else if (opcode == Instruction::JUMP) {
+            uint32_t jump = DecodeJump(pos, endpos);
+            if (jump == INVALID) return false; // Jump offset straddles EOF
+            if (jump > endpos - pos) return false; // Jump out of range
+            if (bits == 0) return false; // Consuming bits past the end of the input
+            --bits;
+            uint32_t jump_offset = pos - begin + jump;
+            if (!jumps.empty() && jump_offset >= jumps.back().first) return false; // Intersecting jumps
+            jumps.emplace_back(jump_offset, bits);
+            prevopcode = Instruction::JUMP;
+        } else if (opcode == Instruction::MATCH) {
+            uint32_t match = DecodeMatch(pos, endpos);
+            if (match == INVALID) return false; // Match bits straddle EOF
+            int matchlen = CountBits(match) - 1;
+            if (prevopcode != Instruction::MATCH) had_incomplete_match = false;
+            if (matchlen < 8 && had_incomplete_match) return false; // Within a sequence of matches only at most one should be incomplete
+            had_incomplete_match = (matchlen < 8);
+            if (bits < matchlen) return false; // Consuming bits past the end of the input
+            bits -= matchlen;
+            prevopcode = Instruction::MATCH;
+        } else if (opcode == Instruction::DEFAULT) {
+            if (prevopcode == Instruction::DEFAULT) return false; // There should not be two successive DEFAULTs (they could be combined into one)
+            uint32_t asn = DecodeASN(pos, endpos);
+            if (asn == INVALID) return false; // ASN straddles EOF
+            prevopcode = Instruction::DEFAULT;
+        } else {
+            return false; // Instruction straddles EOF
+        }
+    }
+    return false; // Reached EOF without RETURN instruction
+}
diff --git a/src/util/asmap.h b/src/util/asmap.h
index a0e14013c56a..b31e639bb5d7 100644
--- a/src/util/asmap.h
+++ b/src/util/asmap.h
@@ -5,6 +5,11 @@
 #ifndef BITCOIN_UTIL_ASMAP_H
 #define BITCOIN_UTIL_ASMAP_H
 
+#include <stdint.h>
+#include <vector>
+
 uint32_t Interpret(const std::vector<bool> &asmap, const std::vector<bool> &ip);
 
+bool SanityCheckASMap(const std::vector<bool>& asmap, int bits);
+
 #endif // BITCOIN_UTIL_ASMAP_H
diff --git a/src/util/system.cpp b/src/util/system.cpp
index 5ff13ba85aee..bdcd3c03378a 100644
--- a/src/util/system.cpp
+++ b/src/util/system.cpp
@@ -12,6 +12,7 @@
 #include <stacktraces.h>
 #include <util/getuniquepath.h>
 #include <util/strencodings.h>
+#include <util/string.h>
 
 
 #if (defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__))
@@ -843,16 +844,6 @@ fs::path GetConfigFile(const std::string& confPath)
     return AbsPathForConfigVal(fs::path(confPath), false);
 }
 
-static std::string TrimString(const std::string& str, const std::string& pattern)
-{
-    std::string::size_type front = str.find_first_not_of(pattern);
-    if (front == std::string::npos) {
-        return std::string();
-    }
-    std::string::size_type end = str.find_last_not_of(pattern);
-    return str.substr(front, end - front + 1);
-}
-
 static bool GetConfigOptions(std::istream& stream, const std::string& filepath, std::string& error, std::vector<std::pair<std::string, std::string>>& options, std::list<SectionInfo>& sections)
 {
     std::string str, prefix;
diff --git a/src/util/time.cpp b/src/util/time.cpp
index d768065cd6ff..a6c8fed3d3d5 100644
--- a/src/util/time.cpp
+++ b/src/util/time.cpp
@@ -105,3 +105,17 @@ std::string FormatISO8601Time(int64_t nTime) {
 #endif
     return strprintf("%02i:%02i:%02iZ", ts.tm_hour, ts.tm_min, ts.tm_sec);
 }
+
+int64_t ParseISO8601DateTime(const std::string& str)
+{
+    static const boost::posix_time::ptime epoch = boost::posix_time::from_time_t(0);
+    static const std::locale loc(std::locale::classic(),
+        new boost::posix_time::time_input_facet("%Y-%m-%dT%H:%M:%SZ"));
+    std::istringstream iss(str);
+    iss.imbue(loc);
+    boost::posix_time::ptime ptime(boost::date_time::not_a_date_time);
+    iss >> ptime;
+    if (ptime.is_not_a_date_time() || epoch > ptime)
+        return 0;
+    return (ptime - epoch).total_seconds();
+}
diff --git a/src/util/time.h b/src/util/time.h
index 1fed5db50a41..5cc886208f85 100644
--- a/src/util/time.h
+++ b/src/util/time.h
@@ -49,5 +49,6 @@ T GetTime();
 std::string FormatISO8601DateTime(int64_t nTime);
 std::string FormatISO8601Date(int64_t nTime);
 std::string FormatISO8601Time(int64_t nTime);
+int64_t ParseISO8601DateTime(const std::string& str);
 
 #endif // BITCOIN_UTIL_TIME_H
diff --git a/src/validation.cpp b/src/validation.cpp
index 82346f5cf8d3..88e3f491f6fa 100644
--- a/src/validation.cpp
+++ b/src/validation.cpp
@@ -742,7 +742,7 @@ static bool AcceptToMemoryPoolWorker(const CChainParams& chainparams, CTxMemPool
 
         // Check against previous transactions
         // This is done last to help prevent CPU exhaustion denial-of-service attacks.
-        PrecomputedTransactionData txdata(tx);
+        PrecomputedTransactionData txdata;
         if (!CheckInputs(tx, state, view, true, scriptVerifyFlags, true, false, txdata))
             return false; // state filled in by CheckInputs
 
@@ -1452,6 +1452,10 @@ bool CheckInputs(const CTransaction& tx, CValidationState &state, const CCoinsVi
                 return true;
             }
 
+            if (!txdata.m_ready) {
+                txdata.Init(tx, {});
+            }
+
             for (unsigned int i = 0; i < tx.vin.size(); i++) {
                 const COutPoint &prevout = tx.vin[i].prevout;
                 const Coin& coin = inputs.AccessCoin(prevout);
@@ -2126,7 +2130,13 @@ bool CChainState::ConnectBlock(const CBlock& block, CValidationState& state, CBl
 
     CBlockUndo blockundo;
 
+    // Precomputed transaction data pointers must not be invalidated
+    // until after `control` has run the script checks (potentially
+    // in multiple threads). Preallocate the vector size so a new allocation
+    // doesn't invalidate pointers into the vector, and keep txsdata in scope
+    // for as long as `control`.
     CCheckQueueControl<CScriptCheck> control(fScriptChecks && g_parallel_script_checks ? &scriptcheckqueue : nullptr);
+    std::vector<PrecomputedTransactionData> txsdata(block.vtx.size());
 
     std::vector<int> prevheights;
     CAmount nFees = 0;
@@ -2137,9 +2147,6 @@ bool CChainState::ConnectBlock(const CBlock& block, CValidationState& state, CBl
     std::vector<std::pair<CAddressUnspentKey, CAddressUnspentValue> > addressUnspentIndex;
     std::vector<std::pair<CSpentIndexKey, CSpentIndexValue> > spentIndex;
 
-    std::vector<PrecomputedTransactionData> txdata;
-    txdata.reserve(block.vtx.size()); // Required so that pointers to individual PrecomputedTransactionData don't get invalidated
-
     bool fDIP0001Active_context = pindex->nHeight >= Params().GetConsensus().DIP0001Height;
 
     // MUST process special txes before updating UTXO to ensure consistency between mempool and block processing
@@ -2233,13 +2240,12 @@ bool CChainState::ConnectBlock(const CBlock& block, CValidationState& state, CBl
             return state.DoS(100, error("ConnectBlock(): too many sigops"),
                              REJECT_INVALID, "bad-blk-sigops");
 
-        txdata.emplace_back(tx);
         if (!tx.IsCoinBase())
         {
 
             std::vector<CScriptCheck> vChecks;
             bool fCacheResults = fJustCheck; /* Don't cache results if we're actually connecting blocks (still consult the cache, though) */
-            if (fScriptChecks && !CheckInputs(tx, state, view, fScriptChecks, flags, fCacheResults, fCacheResults, txdata[i], g_parallel_script_checks ? &vChecks : nullptr)) {
+            if (fScriptChecks && !CheckInputs(tx, state, view, fScriptChecks, flags, fCacheResults, fCacheResults, txsdata[i], g_parallel_script_checks ? &vChecks : nullptr)) {
                 return error("ConnectBlock(): CheckInputs on %s failed with %s",
                     tx.GetHash().ToString(), FormatStateMessage(state));
             }
diff --git a/src/wallet/rpcdump.cpp b/src/wallet/rpcdump.cpp
index c0679858aebe..afb97166eb32 100644
--- a/src/wallet/rpcdump.cpp
+++ b/src/wallet/rpcdump.cpp
@@ -26,23 +26,9 @@
 #include <tuple>
 
 #include <boost/algorithm/string.hpp>
-#include <boost/date_time/posix_time/posix_time.hpp>
 
 #include <univalue.h>
 
-int64_t static DecodeDumpTime(const std::string &str) {
-    static const boost::posix_time::ptime epoch = boost::posix_time::from_time_t(0);
-    static const std::locale loc(std::locale::classic(),
-        new boost::posix_time::time_input_facet("%Y-%m-%dT%H:%M:%SZ"));
-    std::istringstream iss(str);
-    iss.imbue(loc);
-    boost::posix_time::ptime ptime(boost::date_time::not_a_date_time);
-    iss >> ptime;
-    if (ptime.is_not_a_date_time())
-        return 0;
-    return (ptime - epoch).total_seconds();
-}
-
 std::string static EncodeDumpString(const std::string &str) {
     std::stringstream ret;
     for (const unsigned char c : str) {
@@ -595,7 +581,7 @@ UniValue importwallet(const JSONRPCRequest& request)
                 continue;
             CKey key = DecodeSecret(vstr[0]);
             if (key.IsValid()) {
-                int64_t nTime = DecodeDumpTime(vstr[1]);
+                int64_t nTime = ParseISO8601DateTime(vstr[1]);
                 std::string strLabel;
                 bool fLabel = true;
                 for (unsigned int nStr = 2; nStr < vstr.size(); nStr++) {
@@ -614,7 +600,7 @@ UniValue importwallet(const JSONRPCRequest& request)
             } else if(IsHex(vstr[0])) {
                 std::vector<unsigned char> vData(ParseHex(vstr[0]));
                 CScript script = CScript(vData.begin(), vData.end());
-                int64_t birth_time = DecodeDumpTime(vstr[1]);
+                int64_t birth_time = ParseISO8601DateTime(vstr[1]);
                 scripts.push_back(std::pair<CScript, int64_t>(script, birth_time));
             }
         }
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
index d8fa8861e65a..cb7eb4d2cfd4 100755
--- a/test/fuzz/test_runner.py
+++ b/test/fuzz/test_runner.py
@@ -15,27 +15,41 @@
 # Fuzzers known to lack a seed corpus in https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus
 FUZZERS_MISSING_CORPORA = [
     "addr_info_deserialize",
+    "asmap",
+    "base_encode_decode",
     "block",
     "block_file_info_deserialize",
     "block_filter_deserialize",
     "block_header_and_short_txids_deserialize",
+    "bloom_filter",
+    "decode_tx",
     "fee_rate_deserialize",
     "flat_file_pos_deserialize",
+    "float",
+    "hex",
     "integer",
+    "key",
     "key_origin_info_deserialize",
     "locale",
     "merkle_block_deserialize",
     "out_point_deserialize",
+    "p2p_transport_deserializer",
+    "parse_hd_keypath",
+    "parse_numbers",
+    "parse_script",
+    "parse_univalue",
     "partial_merkle_tree_deserialize",
     "partially_signed_transaction_deserialize",
     "prefilled_transaction_deserialize",
     "psbt_input_deserialize",
     "psbt_output_deserialize",
     "pub_key_deserialize",
+    "rolling_bloom_filter",
     "script_deserialize",
+    "strprintf",
     "sub_net_deserialize",
-    "tx_in_deserialize",
     "tx_in",
+    "tx_in_deserialize",
     "tx_out",
 ]
 
diff --git a/test/lint/lint-format-strings.sh b/test/lint/lint-format-strings.sh
index cb630c78adeb..d37829c78ece 100755
--- a/test/lint/lint-format-strings.sh
+++ b/test/lint/lint-format-strings.sh
@@ -34,7 +34,7 @@ if ! python3 -m doctest test/lint/lint-format-strings.py; then
 fi
 for S in "${FUNCTION_NAMES_AND_NUMBER_OF_LEADING_ARGUMENTS[@]}"; do
     IFS="," read -r FUNCTION_NAME SKIP_ARGUMENTS <<< "${S}"
-    for MATCHING_FILE in $(git grep --full-name -l "${FUNCTION_NAME}" -- "*.c" "*.cpp" "*.h" | sort | grep -vE "^src/(leveldb|secp256k1|tinyformat|univalue)"); do
+    for MATCHING_FILE in $(git grep --full-name -l "${FUNCTION_NAME}" -- "*.c" "*.cpp" "*.h" | sort | grep -vE "^src/(leveldb|secp256k1|tinyformat|univalue|test/fuzz/strprintf.cpp)"); do
         MATCHING_FILES+=("${MATCHING_FILE}")
     done
     if ! test/lint/lint-format-strings.py --skip-arguments "${SKIP_ARGUMENTS}" "${FUNCTION_NAME}" "${MATCHING_FILES[@]}"; then
diff --git a/test/lint/lint-locale-dependence.sh b/test/lint/lint-locale-dependence.sh
index 1121e779f515..1f52f13ed6d4 100755
--- a/test/lint/lint-locale-dependence.sh
+++ b/test/lint/lint-locale-dependence.sh
@@ -4,19 +4,39 @@ export LC_ALL=C
 
 KNOWN_VIOLATIONS=(
     "src/bench/string_cast.cpp.*atoi"
+    "src/bench/string_cast.cpp.*std::to_string"
     "src/dash-tx.cpp.*stoul"
+    "src/dash-tx.cpp.*std::to_string"
     "src/dash-tx.cpp.*trim_right"
     "src/dbwrapper.cpp.*stoul"
     "src/dbwrapper.cpp:.*vsnprintf"
+    "src/governance/vote.cpp.*std::to_string"
     "src/httprpc.cpp.*trim"
     "src/init.cpp:.*atoi"
+    "src/qt/optionsmodel.cpp.*std::to_string"
     "src/qt/rpcconsole.cpp:.*atoi"
     "src/rest.cpp:.*strtol"
     "src/rpc/blockchain.cpp.*atoi"
     "src/rpc/governance.cpp.*atoi"
     "src/rpc/masternode.cpp.*atoi"
     "src/statsd_client.cpp:.*snprintf"
+    "src/rpc/net.cpp.*std::to_string"
+    "src/rpc/rawtransaction.cpp.*std::to_string"
+    "src/rpc/util.cpp.*std::to_string"
+    "src/spork.cpp.*std::to_string"
+    "src/test/addrman_tests.cpp.*std::to_string"
+    "src/test/blockchain_tests.cpp.*std::to_string"
     "src/test/dbwrapper_tests.cpp:.*snprintf"
+    "src/test/denialofservice_tests.cpp.*std::to_string"
+    "src/test/fuzz/locale.cpp"
+    "src/test/fuzz/parse_numbers.cpp:.*atoi"
+    "src/test/key_tests.cpp.*std::to_string"
+    "src/test/net_tests.cpp.*std::to_string"
+    "src/test/settings_tests.cpp.*std::to_string"
+    "src/test/timedata_tests.cpp.*std::to_string"
+    "src/test/util/setup_common.cpp.*std::to_string"
+    "src/test/util_tests.cpp.*std::to_string"
+    "src/test/util_threadnames_tests.cpp.*std::to_string"
     "src/torcontrol.cpp:.*atoi"
     "src/torcontrol.cpp:.*strtol"
     "src/util/strencodings.cpp:.*atoi"
@@ -26,6 +46,7 @@ KNOWN_VIOLATIONS=(
     "src/wallet/wallet.cpp:.*atoi"
     "src/util/system.cpp:.*atoi"
     "src/util/system.cpp:.*fprintf"
+    "src/wallet/scriptpubkeyman.cpp.*std::to_string"
 )
 
 REGEXP_IGNORE_EXTERNAL_DEPENDENCIES="^src/(crypto/ctaes/|leveldb/|secp256k1/|tinyformat.h|univalue/)"
@@ -100,6 +121,7 @@ LOCALE_DEPENDENT_FUNCTIONS=(
     snprintf
     sprintf
     sscanf
+    std::to_string
     stod
     stof
     stoi