Iroha was accepted into oss-fuzz project by Google. It allows Iroha to have a continuous fuzzing process for free. When a bug (crash, timeout, out of memory etc) is found OSS notifies fuzzing maintainer and other people who are involved, it also provides a link to the bug details, including input lead to the crash. You can reproduce the issue locally with the provided input. Google sets a 90 days deadline before the bug information disclosure.
Local reproducing
Build Iroha with -DFUZZING=ON under clang (don't use Apple clang, use mainstream). E.g.:
cmake -DCMAKE_TOOLCHAIN_FILE=/Users/konstantinmunichev/src/vcpkg/dependencies/scripts/buildsystems/vcpkg.cmake -DCMAKE_C_COMPILER=/usr/local/opt/llvm/bin/clang -DCMAKE_CXX_COMPILER=/usr/local/opt/llvm/bin/clang++ -DFUZZING=ON ..
Now you can build fuzzing targets with make fuzzing (or you can build them one by one: torii_fuzz, status_fuzz, find_fuzz, mst_fuzz, consensus_fuzz, request_proposal_fuzz, send_batches_fuzz, retrieve_block_fuzz, retrieve_blocks_fuzz - one fuzzing target for every endpoint).
After that if you run any of targets they will exit without any output. It happens because they are intended to reproduce crashes (and to perform fuzzing by itself). To use it download crash file (the typical name looks like clusterfuzz-testcase-minimized-find_fuzz-5745437956374528) and run:
./find_fuzz clusterfuzz-testcase-minimized-find_fuzz-574543795637452
If crash reproduces successfully you will see a crash. To get a stacktrace run it the target under gdb (lldb).
Sometimes you may want to run a fuzzing process on a localhost. To do this execute
export LIB_FUZZING_ENGINE='-fsanitize=fuzzer'
and rebuild everything. Now you can start fuzzing by simple running the fuzzing executable.
Further reading
Please start at https://github.com/google/oss-fuzz - all the necessary information could be found here (the docs structure could be better though).
Please notice the next comment. It contains information about possible fuzzing improvements - I guess it's worth to do.