diff --git a/src/test/fuzz/CMakeLists.txt b/src/test/fuzz/CMakeLists.txt
index 457b3a597..2f0870635 100644
--- a/src/test/fuzz/CMakeLists.txt
+++ b/src/test/fuzz/CMakeLists.txt
@@ -1,197 +1,201 @@
 # Fuzzer test harness
 add_custom_target(bitcoin-fuzzers)
 
 define_property(GLOBAL
 	PROPERTY FUZZ_TARGETS
 	BRIEF_DOCS "List of fuzz targets"
 	FULL_DOCS "A list of the fuzz targets"
 )
 set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS bitcoin-fuzzers)
 
 include(InstallationHelper)
 macro(add_fuzz_target TARGET EXE_NAME)
 	add_executable(${TARGET} EXCLUDE_FROM_ALL
 		fuzz.cpp
 		${ARGN}
 	)
 	set_target_properties(${TARGET} PROPERTIES OUTPUT_NAME ${EXE_NAME})
 
 	target_link_libraries(${TARGET} server testutil rpcclient)
 
 	add_dependencies(bitcoin-fuzzers ${TARGET})
 
 	set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS ${TARGET})
 
 	install_target(${TARGET}
 		COMPONENT fuzzer
 		EXCLUDE_FROM_ALL
 	)
 endmacro()
 
 function(add_regular_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			"${_fuzz_test_name}.cpp"
 		)
 	endforeach()
 endfunction()
 
 include(SanitizeHelper)
 function(add_deserialize_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			deserialize.cpp
 		)
 
 		sanitize_c_cxx_definition("" ${_fuzz_test_name} _target_definition)
 		string(TOUPPER ${_target_definition} _target_definition)
 		target_compile_definitions(${_fuzz_target_name} PRIVATE ${_target_definition})
 	endforeach()
 endfunction()
 
 function(add_process_message_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-process_message_" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			process_message_${_fuzz_test_name}
 
 			# Sources
 			process_message.cpp
 		)
 
 		target_compile_definitions(${_fuzz_target_name} PRIVATE MESSAGE_TYPE=${_fuzz_test_name})
 	endforeach()
 endfunction()
 
 add_regular_fuzz_targets(
+	addition_overflow
 	addrdb
 	asmap
 	base_encode_decode
 	block
 	block_header
 	blockfilter
 	bloom_filter
 	cashaddr
 	chain
+	checkqueue
+	cuckoocache
 	descriptor_parse
 	eval_script
 	fee_rate
+	fees
 	flatfile
 	float
 	hex
 	integer
 	key
 	key_io
 	locale
 	merkleblock
 	multiplication_overflow
 	net_permissions
 	netaddress
 	p2p_transport_deserializer
 	parse_hd_keypath
 	parse_iso8601
 	parse_numbers
 	parse_script
 	parse_univalue
 	pow
 	process_message
 	process_messages
 	protocol
 	psbt
 	random
 	rolling_bloom_filter
 	script
 	script_flags
 	script_ops
 	scriptnum_ops
 	signature_checker
 	span
 	spanparsing
 	string
 	strprintf
 	timedata
 	transaction
 	tx_in
 	tx_out
 )
 
 add_deserialize_fuzz_targets(
 	addr_info_deserialize
 	address_deserialize
 	addrman_deserialize
 	banentry_deserialize
 	block_deserialize
 	block_file_info_deserialize
 	block_filter_deserialize
 	block_header_and_short_txids_deserialize
 	blockheader_deserialize
 	blocklocator_deserialize
 	blockmerkleroot
 	blocktransactions_deserialize
 	blocktransactionsrequest_deserialize
 	blockundo_deserialize
 	bloomfilter_deserialize
 	coins_deserialize
 	diskblockindex_deserialize
 	fee_rate_deserialize
 	flat_file_pos_deserialize
 	inv_deserialize
 	key_origin_info_deserialize
 	merkle_block_deserialize
 	messageheader_deserialize
 	netaddr_deserialize
 	out_point_deserialize
 	partial_merkle_tree_deserialize
 	partially_signed_transaction_deserialize
 	prefilled_transaction_deserialize
 	psbt_input_deserialize
 	psbt_output_deserialize
 	pub_key_deserialize
 	script_deserialize
 	service_deserialize
 	snapshotmetadata_deserialize
 	sub_net_deserialize
 	tx_in_deserialize
 	txoutcompressor_deserialize
 	txundo_deserialize
 	uint160_deserialize
 	uint256_deserialize
 )
 
 add_process_message_fuzz_targets(
 	addr
 	block
 	blocktxn
 	cmpctblock
 	feefilter
 	filteradd
 	filterclear
 	filterload
 	getaddr
 	getblocks
 	getblocktxn
 	getdata
 	getheaders
 	headers
 	inv
 	mempool
 	notfound
 	ping
 	pong
 	sendcmpct
 	sendheaders
 	tx
 	verack
 	version
 )
diff --git a/src/test/fuzz/addition_overflow.cpp b/src/test/fuzz/addition_overflow.cpp
new file mode 100644
index 000000000..6275b4486
--- /dev/null
+++ b/src/test/fuzz/addition_overflow.cpp
@@ -0,0 +1,54 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+#if defined(__has_builtin)
+#if __has_builtin(__builtin_add_overflow)
+#define HAVE_BUILTIN_ADD_OVERFLOW
+#endif
+#elif defined(__GNUC__) && (__GNUC__ >= 5)
+#define HAVE_BUILTIN_ADD_OVERFLOW
+#endif
+
+namespace {
+template <typename T>
+void TestAdditionOverflow(FuzzedDataProvider &fuzzed_data_provider) {
+    const T i = fuzzed_data_provider.ConsumeIntegral<T>();
+    const T j = fuzzed_data_provider.ConsumeIntegral<T>();
+    const bool is_addition_overflow_custom = AdditionOverflow(i, j);
+#if defined(HAVE_BUILTIN_ADD_OVERFLOW)
+    T result_builtin;
+    const bool is_addition_overflow_builtin =
+        __builtin_add_overflow(i, j, &result_builtin);
+    assert(is_addition_overflow_custom == is_addition_overflow_builtin);
+    if (!is_addition_overflow_custom) {
+        assert(i + j == result_builtin);
+    }
+#else
+    if (!is_addition_overflow_custom) {
+        (void)(i + j);
+    }
+#endif
+}
+} // namespace
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    TestAdditionOverflow<int64_t>(fuzzed_data_provider);
+    TestAdditionOverflow<uint64_t>(fuzzed_data_provider);
+    TestAdditionOverflow<int32_t>(fuzzed_data_provider);
+    TestAdditionOverflow<uint32_t>(fuzzed_data_provider);
+    TestAdditionOverflow<int16_t>(fuzzed_data_provider);
+    TestAdditionOverflow<uint16_t>(fuzzed_data_provider);
+    TestAdditionOverflow<char>(fuzzed_data_provider);
+    TestAdditionOverflow<uint8_t>(fuzzed_data_provider);
+    TestAdditionOverflow<signed char>(fuzzed_data_provider);
+}
diff --git a/src/test/fuzz/checkqueue.cpp b/src/test/fuzz/checkqueue.cpp
new file mode 100644
index 000000000..e856246ad
--- /dev/null
+++ b/src/test/fuzz/checkqueue.cpp
@@ -0,0 +1,58 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <checkqueue.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+struct DumbCheck {
+    const bool result = false;
+
+    DumbCheck() = default;
+
+    explicit DumbCheck(const bool _result) : result(_result) {}
+
+    bool operator()() const { return result; }
+
+    void swap(DumbCheck &x) {}
+};
+} // namespace
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    const unsigned int batch_size =
+        fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(0, 1024);
+    CCheckQueue<DumbCheck> check_queue_1{batch_size};
+    CCheckQueue<DumbCheck> check_queue_2{batch_size};
+    std::vector<DumbCheck> checks_1;
+    std::vector<DumbCheck> checks_2;
+    const int size = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 1024);
+    for (int i = 0; i < size; ++i) {
+        const bool result = fuzzed_data_provider.ConsumeBool();
+        checks_1.emplace_back(result);
+        checks_2.emplace_back(result);
+    }
+    if (fuzzed_data_provider.ConsumeBool()) {
+        check_queue_1.Add(checks_1);
+    }
+    if (fuzzed_data_provider.ConsumeBool()) {
+        (void)check_queue_1.Wait();
+    }
+
+    CCheckQueueControl<DumbCheck> check_queue_control{&check_queue_2};
+    if (fuzzed_data_provider.ConsumeBool()) {
+        check_queue_control.Add(checks_2);
+    }
+    if (fuzzed_data_provider.ConsumeBool()) {
+        (void)check_queue_control.Wait();
+    }
+}
diff --git a/src/test/fuzz/cuckoocache.cpp b/src/test/fuzz/cuckoocache.cpp
new file mode 100644
index 000000000..34d630631
--- /dev/null
+++ b/src/test/fuzz/cuckoocache.cpp
@@ -0,0 +1,60 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <cuckoocache.h>
+#include <script/sigcache.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <test/util/setup_common.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+FuzzedDataProvider *fuzzed_data_provider_ptr = nullptr;
+
+struct RandomHasher {
+    template <uint8_t> uint32_t operator()(const bool & /* unused */) const {
+        assert(fuzzed_data_provider_ptr != nullptr);
+        return fuzzed_data_provider_ptr->ConsumeIntegral<uint32_t>();
+    }
+};
+
+struct FuzzCuckooCacheKey {
+    bool b;
+
+public:
+    FuzzCuckooCacheKey(bool _b = false) : b(_b){};
+    operator bool() const { return b; }
+};
+} // namespace
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    fuzzed_data_provider_ptr = &fuzzed_data_provider;
+    CuckooCache::cache<CuckooCache::KeyOnly<FuzzCuckooCacheKey>, RandomHasher>
+        cuckoo_cache{};
+    if (fuzzed_data_provider.ConsumeBool()) {
+        const size_t megabytes =
+            fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 16);
+        cuckoo_cache.setup_bytes(megabytes << 20);
+    } else {
+        cuckoo_cache.setup(
+            fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, 4096));
+    }
+    while (fuzzed_data_provider.ConsumeBool()) {
+        if (fuzzed_data_provider.ConsumeBool()) {
+            cuckoo_cache.insert(
+                FuzzCuckooCacheKey(fuzzed_data_provider.ConsumeBool()));
+        } else {
+            cuckoo_cache.contains(
+                FuzzCuckooCacheKey(fuzzed_data_provider.ConsumeBool()),
+                fuzzed_data_provider.ConsumeBool());
+        }
+    }
+    fuzzed_data_provider_ptr = nullptr;
+}
diff --git a/src/test/fuzz/fees.cpp b/src/test/fuzz/fees.cpp
new file mode 100644
index 000000000..a0906268d
--- /dev/null
+++ b/src/test/fuzz/fees.cpp
@@ -0,0 +1,27 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <amount.h>
+#include <feerate.h>
+#include <policy/fees.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const CFeeRate minimal_incremental_fee{ConsumeMoney(fuzzed_data_provider)};
+    FeeFilterRounder fee_filter_rounder{minimal_incremental_fee};
+    while (fuzzed_data_provider.ConsumeBool()) {
+        const Amount current_minimum_fee = ConsumeMoney(fuzzed_data_provider);
+        const Amount rounded_fee =
+            fee_filter_rounder.round(current_minimum_fee);
+        assert(MoneyRange(rounded_fee));
+    }
+}
diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp
index 924093c50..22dee529b 100644
--- a/src/test/fuzz/integer.cpp
+++ b/src/test/fuzz/integer.cpp
@@ -1,297 +1,311 @@
 // Copyright (c) 2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <amount.h>
 #include <arith_uint256.h>
 #include <chainparams.h>
 #include <compressor.h>
 #include <config.h>
 #include <consensus/merkle.h>
 #include <core_io.h>
 #include <crypto/common.h>
 #include <crypto/siphash.h>
 #include <ctime>
 #include <key_io.h>
 #include <memusage.h>
 #include <netbase.h>
 #include <policy/settings.h>
 #include <pow/pow.h>
 #include <protocol.h>
 #include <pubkey.h>
 #include <rpc/util.h>
 #include <script/signingprovider.h>
 #include <script/standard.h>
 #include <serialize.h>
 #include <streams.h>
 #include <uint256.h>
 #include <util/moneystr.h>
 #include <util/strencodings.h>
 #include <util/string.h>
 #include <util/system.h>
 #include <util/time.h>
 #include <version.h>
 
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
 
 #include <cassert>
 #include <chrono>
 #include <limits>
+#include <set>
 #include <vector>
 
 void initialize() {
     SelectParams(CBaseChainParams::REGTEST);
 }
 
 void test_one_input(const std::vector<uint8_t> &buffer) {
     if (buffer.size() < sizeof(uint256) + sizeof(uint160)) {
         return;
     }
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     const uint256 u256(
         fuzzed_data_provider.ConsumeBytes<uint8_t>(sizeof(uint256)));
     const uint160 u160(
         fuzzed_data_provider.ConsumeBytes<uint8_t>(sizeof(uint160)));
     const uint64_t u64 = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
     const int64_t i64 = fuzzed_data_provider.ConsumeIntegral<int64_t>();
     const uint32_t u32 = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
     const int32_t i32 = fuzzed_data_provider.ConsumeIntegral<int32_t>();
     const uint16_t u16 = fuzzed_data_provider.ConsumeIntegral<uint16_t>();
     const int16_t i16 = fuzzed_data_provider.ConsumeIntegral<int16_t>();
     const uint8_t u8 = fuzzed_data_provider.ConsumeIntegral<uint8_t>();
     const int8_t i8 = fuzzed_data_provider.ConsumeIntegral<int8_t>();
     // We cannot assume a specific value of std::is_signed<char>::value:
     // ConsumeIntegral<char>() instead of casting from {u,}int8_t.
     const char ch = fuzzed_data_provider.ConsumeIntegral<char>();
     const bool b = fuzzed_data_provider.ConsumeBool();
 
     const Consensus::Params &consensus_params = Params().GetConsensus();
     (void)CheckProofOfWork(BlockHash(u256), u32, consensus_params);
 
     if (i64 >= 0) {
         Amount satoshis = i64 * SATOSHI;
         if (satoshis <= MAX_MONEY) {
             const uint64_t compressed_money_amount = CompressAmount(satoshis);
             assert(satoshis == DecompressAmount(compressed_money_amount));
             static const uint64_t compressed_money_amount_max =
                 CompressAmount(MAX_MONEY - 1 * SATOSHI);
             assert(compressed_money_amount <= compressed_money_amount_max);
         } else {
             (void)CompressAmount(satoshis);
         }
     }
 
     static const uint256 u256_min(uint256S(
         "0000000000000000000000000000000000000000000000000000000000000000"));
     static const uint256 u256_max(uint256S(
         "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"));
     const std::vector<uint256> v256{u256, u256_min, u256_max};
     (void)ComputeMerkleRoot(v256);
     (void)CountBits(u64);
     (void)DecompressAmount(u64);
     (void)FormatISO8601Date(i64);
     (void)FormatISO8601DateTime(i64);
     // FormatMoney(i) not defined when i == std::numeric_limits<int64_t>::min()
     if (i64 != std::numeric_limits<int64_t>::min()) {
         Amount parsed_money;
         if (ParseMoney(FormatMoney(i64 * SATOSHI), parsed_money)) {
             assert(parsed_money == i64 * SATOSHI);
         }
     }
     (void)GetSizeOfCompactSize(u64);
     (void)GetSpecialScriptSize(u32);
-    // function defined only for a subset of int64_t inputs
-    // ()GetVirtualTransactionSize(i64, i64);
-    // function defined only for a subset of int64_t/uint32_t inputs
-    // ()GetVirtualTransactionSize(i64, i64, u32);
+    if (!MultiplicationOverflow(i64, static_cast<int64_t>(::nBytesPerSigOp)) &&
+        !AdditionOverflow(i64 * ::nBytesPerSigOp, static_cast<int64_t>(4))) {
+        (void)GetVirtualTransactionSize(i64, i64);
+    }
+    if (!MultiplicationOverflow(i64, static_cast<int64_t>(u32)) &&
+        !AdditionOverflow(i64, static_cast<int64_t>(4)) &&
+        !AdditionOverflow(i64 * u32, static_cast<int64_t>(4))) {
+        (void)GetVirtualTransactionSize(i64, i64, u32);
+    }
     (void)HexDigit(ch);
     (void)MoneyRange(i64 * SATOSHI);
     (void)ToString(i64);
     (void)IsDigit(ch);
     (void)IsSpace(ch);
     (void)IsSwitchChar(ch);
     (void)memusage::DynamicUsage(ch);
     (void)memusage::DynamicUsage(i16);
     (void)memusage::DynamicUsage(i32);
     (void)memusage::DynamicUsage(i64);
     (void)memusage::DynamicUsage(i8);
     (void)memusage::DynamicUsage(u16);
     (void)memusage::DynamicUsage(u32);
     (void)memusage::DynamicUsage(u64);
     (void)memusage::DynamicUsage(u8);
     const uint8_t uch = static_cast<uint8_t>(u8);
     (void)memusage::DynamicUsage(uch);
+    {
+        const std::set<int64_t> i64s{i64, static_cast<int64_t>(u64)};
+        const size_t dynamic_usage = memusage::DynamicUsage(i64s);
+        const size_t incremental_dynamic_usage =
+            memusage::IncrementalDynamicUsage(i64s);
+        assert(dynamic_usage == incremental_dynamic_usage * i64s.size());
+    }
     (void)MillisToTimeval(i64);
     const double d = ser_uint64_to_double(u64);
     assert(ser_double_to_uint64(d) == u64);
     const float f = ser_uint32_to_float(u32);
     assert(ser_float_to_uint32(f) == u32);
     (void)SighashToStr(uch);
     (void)SipHashUint256(u64, u64, u256);
     (void)SipHashUint256Extra(u64, u64, u256, u32);
     (void)ToLower(ch);
     (void)ToUpper(ch);
     // ValueFromAmount(i) not defined when i ==
     // std::numeric_limits<int64_t>::min()
     if (i64 != std::numeric_limits<int64_t>::min()) {
         Amount parsed_money;
         if (ParseMoney(ValueFromAmount(i64 * SATOSHI).getValStr(),
                        parsed_money)) {
             assert(parsed_money == i64 * SATOSHI);
         }
     }
     if (i32 >= 0 && i32 <= 16) {
         assert(i32 == CScript::DecodeOP_N(CScript::EncodeOP_N(i32)));
     }
 
     const std::chrono::seconds seconds{i64};
     assert(count_seconds(seconds) == i64);
 
     const CScriptNum script_num{i64};
     (void)script_num.getint();
     // Avoid negation failure:
     // script/script.h:332:35: runtime error: negation of -9223372036854775808
     // cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned
     // type to negate this value to itself
     if (script_num != CScriptNum{std::numeric_limits<int64_t>::min()}) {
         (void)script_num.getvch();
     }
 
     const arith_uint256 au256 = UintToArith256(u256);
     assert(ArithToUint256(au256) == u256);
     assert(uint256S(au256.GetHex()) == u256);
     (void)au256.bits();
     (void)au256.GetCompact(/* fNegative= */ false);
     (void)au256.GetCompact(/* fNegative= */ true);
     (void)au256.getdouble();
     (void)au256.GetHex();
     (void)au256.GetLow64();
     (void)au256.size();
     (void)au256.ToString();
 
     const CKeyID key_id{u160};
     const CScriptID script_id{u160};
     // CTxDestination = CNoDestination ∪ PKHash ∪ ScriptHash
     const PKHash pk_hash{u160};
     const ScriptHash script_hash{u160};
     const std::vector<CTxDestination> destinations{pk_hash, script_hash};
     const SigningProvider store;
     const Config &config = GetConfig();
     for (const CTxDestination &destination : destinations) {
         (void)DescribeAddress(destination);
         (void)EncodeDestination(destination, config);
         (void)GetKeyForDestination(store, destination);
         (void)GetScriptForDestination(destination);
         (void)IsValidDestination(destination);
     }
 
     {
         CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
 
         uint256 deserialized_u256;
         stream << u256;
         stream >> deserialized_u256;
         assert(u256 == deserialized_u256 && stream.empty());
 
         uint160 deserialized_u160;
         stream << u160;
         stream >> deserialized_u160;
         assert(u160 == deserialized_u160 && stream.empty());
 
         uint64_t deserialized_u64;
         stream << u64;
         stream >> deserialized_u64;
         assert(u64 == deserialized_u64 && stream.empty());
 
         int64_t deserialized_i64;
         stream << i64;
         stream >> deserialized_i64;
         assert(i64 == deserialized_i64 && stream.empty());
 
         uint32_t deserialized_u32;
         stream << u32;
         stream >> deserialized_u32;
         assert(u32 == deserialized_u32 && stream.empty());
 
         int32_t deserialized_i32;
         stream << i32;
         stream >> deserialized_i32;
         assert(i32 == deserialized_i32 && stream.empty());
 
         uint16_t deserialized_u16;
         stream << u16;
         stream >> deserialized_u16;
         assert(u16 == deserialized_u16 && stream.empty());
 
         int16_t deserialized_i16;
         stream << i16;
         stream >> deserialized_i16;
         assert(i16 == deserialized_i16 && stream.empty());
 
         uint8_t deserialized_u8;
         stream << u8;
         stream >> deserialized_u8;
         assert(u8 == deserialized_u8 && stream.empty());
 
         int8_t deserialized_i8;
         stream << i8;
         stream >> deserialized_i8;
         assert(i8 == deserialized_i8 && stream.empty());
 
         char deserialized_ch;
         stream << ch;
         stream >> deserialized_ch;
         assert(ch == deserialized_ch && stream.empty());
 
         bool deserialized_b;
         stream << b;
         stream >> deserialized_b;
         assert(b == deserialized_b && stream.empty());
     }
 
     {
         const ServiceFlags service_flags = (ServiceFlags)u64;
         (void)HasAllDesirableServiceFlags(service_flags);
         (void)MayHaveUsefulAddressDB(service_flags);
     }
 
     {
         CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
 
         ser_writedata64(stream, u64);
         const uint64_t deserialized_u64 = ser_readdata64(stream);
         assert(u64 == deserialized_u64 && stream.empty());
 
         ser_writedata32(stream, u32);
         const uint32_t deserialized_u32 = ser_readdata32(stream);
         assert(u32 == deserialized_u32 && stream.empty());
 
         ser_writedata32be(stream, u32);
         const uint32_t deserialized_u32be = ser_readdata32be(stream);
         assert(u32 == deserialized_u32be && stream.empty());
 
         ser_writedata16(stream, u16);
         const uint16_t deserialized_u16 = ser_readdata16(stream);
         assert(u16 == deserialized_u16 && stream.empty());
 
         ser_writedata16be(stream, u16);
         const uint16_t deserialized_u16be = ser_readdata16be(stream);
         assert(u16 == deserialized_u16be && stream.empty());
 
         ser_writedata8(stream, u8);
         const uint8_t deserialized_u8 = ser_readdata8(stream);
         assert(u8 == deserialized_u8 && stream.empty());
     }
 
     {
         CDataStream stream(SER_NETWORK, INIT_PROTO_VERSION);
 
         WriteCompactSize(stream, u64);
         try {
             const uint64_t deserialized_u64 = ReadCompactSize(stream);
             assert(u64 == deserialized_u64 && stream.empty());
         } catch (const std::ios_base::failure &) {
         }
     }
 }
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index 14324fa2c..36ffd0284 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -1,139 +1,149 @@
 // Copyright (c) 2009-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #ifndef BITCOIN_TEST_FUZZ_UTIL_H
 #define BITCOIN_TEST_FUZZ_UTIL_H
 
 #include <amount.h>
 #include <arith_uint256.h>
 #include <attributes.h>
 #include <script/script.h>
 #include <serialize.h>
 #include <streams.h>
 #include <uint256.h>
 #include <version.h>
 
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 
 #include <cstdint>
 #include <string>
 #include <vector>
 
 NODISCARD inline std::vector<uint8_t>
 ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider,
                               const size_t max_length = 4096) noexcept {
     const std::string s =
         fuzzed_data_provider.ConsumeRandomLengthString(max_length);
     return {s.begin(), s.end()};
 }
 
 NODISCARD inline std::vector<std::string>
 ConsumeRandomLengthStringVector(FuzzedDataProvider &fuzzed_data_provider,
                                 const size_t max_vector_size = 16,
                                 const size_t max_string_length = 16) noexcept {
     const size_t n_elements =
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<std::string> r;
     for (size_t i = 0; i < n_elements; ++i) {
         r.push_back(
             fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
     }
     return r;
 }
 
 template <typename T>
 NODISCARD inline std::vector<T>
 ConsumeRandomLengthIntegralVector(FuzzedDataProvider &fuzzed_data_provider,
                                   const size_t max_vector_size = 16) noexcept {
     const size_t n_elements =
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<T> r;
     for (size_t i = 0; i < n_elements; ++i) {
         r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
     }
     return r;
 }
 
 template <typename T>
 NODISCARD inline std::optional<T>
 ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider,
                       const size_t max_length = 4096) noexcept {
     const std::vector<uint8_t> buffer =
         ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
     CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
     T obj;
     try {
         ds >> obj;
     } catch (const std::ios_base::failure &) {
         return std::nullopt;
     }
     return obj;
 }
 
 NODISCARD inline opcodetype
 ConsumeOpcodeType(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return static_cast<opcodetype>(
         fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, MAX_OPCODE));
 }
 
 NODISCARD inline Amount
 ConsumeMoney(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     // FIXME find a better way to avoid duplicating the MAX_MONEY definition
     int64_t maxMoneyAsInt = int64_t(21000000) * int64_t(100000000);
     return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0,
                                                                 maxMoneyAsInt) *
            SATOSHI;
 }
 
 NODISCARD inline CScript
 ConsumeScript(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> b =
         ConsumeRandomLengthByteVector(fuzzed_data_provider);
     return {b.begin(), b.end()};
 }
 
 NODISCARD inline CScriptNum
 ConsumeScriptNum(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return CScriptNum{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
 }
 
 NODISCARD inline uint256
 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> v256 =
         fuzzed_data_provider.ConsumeBytes<uint8_t>(sizeof(uint256));
     if (v256.size() != sizeof(uint256)) {
         return {};
     }
     return uint256{v256};
 }
 
 NODISCARD inline arith_uint256
 ConsumeArithUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return UintToArith256(ConsumeUInt256(fuzzed_data_provider));
 }
 
 template <typename T>
 NODISCARD bool MultiplicationOverflow(const T i, const T j) noexcept {
     static_assert(std::is_integral<T>::value, "Integral required.");
     if (std::numeric_limits<T>::is_signed) {
         if (i > 0) {
             if (j > 0) {
                 return i > (std::numeric_limits<T>::max() / j);
             } else {
                 return j < (std::numeric_limits<T>::min() / i);
             }
         } else {
             if (j > 0) {
                 return i < (std::numeric_limits<T>::min() / j);
             } else {
                 return i != 0 && (j < (std::numeric_limits<T>::max() / i));
             }
         }
     } else {
         return j != 0 && i > std::numeric_limits<T>::max() / j;
     }
 }
 
+template <class T>
+NODISCARD bool AdditionOverflow(const T i, const T j) noexcept {
+    static_assert(std::is_integral<T>::value, "Integral required.");
+    if (std::numeric_limits<T>::is_signed) {
+        return (i > 0 && j > std::numeric_limits<T>::max() - i) ||
+               (i < 0 && j < std::numeric_limits<T>::min() - i);
+    }
+    return std::numeric_limits<T>::max() - i < j;
+}
+
 #endif // BITCOIN_TEST_FUZZ_UTIL_H