Bitcoin Core Audit: From Static Review to Fuzzing — Inside Bitcoin’s Testing Infrastructure w/ Robin David
Description
This talk explores the internals of the Bitcoin protocol and its reference implementation, Bitcoin Core, whose first version was written by Satoshi Nakamoto.
In 2025, Bitcoin Core underwent a comprehensive security audit performed by Quarkslab, funded by Brink and coordinated by OSTIF.
We will present the scope of this audit, the critical components analyzed, including complex mechanisms such as chain reorganization and testing methodologies employed.
Beyond identifying vulnerabilities, a key objective of the engagement was to strengthen Bitcoin Core's long-term security posture by enhancing its testing infrastructure, particularly through the development of new fuzzing harnesses.
Attendees will gain insights into Bitcoin Core's inner working, its consensus implementation and the challenges of testing decentralized and permissionless critical systems.
Speaker Info
Robin David, PhD, is a Software Security Researcher and Research Lead at Quarkslab. His work focuses on advanced software analysis techniques, including fuzzing, symbolic execution, and automated vulnerability discovery.
He actively develops and contributes to several open-source security tools such as TritonDSE, Pastis, and Quokka, aiming to improve large-scale program analysis and testing methodologies.
Robin regularly presents his research at security conferences and delivers professional training on fuzzing and reverse-engineering.
Stay in Touch
Everyone around the world depends on open source software. If you’re interested in financially supporting this critical work or are interested in an audit for your project, reach out to [email protected].
Follow us on our social media as well at: