diff --git a/src/random.h b/src/random.h
index 982e0e50a..4130ad57c 100644
--- a/src/random.h
+++ b/src/random.h
@@ -1,269 +1,272 @@
 // Copyright (c) 2009-2010 Satoshi Nakamoto
 // Copyright (c) 2009-2016 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #ifndef BITCOIN_RANDOM_H
 #define BITCOIN_RANDOM_H
 
 #include <crypto/chacha20.h>
 #include <crypto/common.h>
 #include <uint256.h>
 
 #include <chrono> // For std::chrono::microseconds
 #include <cstdint>
 #include <limits>
 
 /**
  * Overall design of the RNG and entropy sources.
  *
  * We maintain a single global 256-bit RNG state for all high-quality
  * randomness. The following (classes of) functions interact with that state by
  * mixing in new entropy, and optionally extracting random output from it:
  *
  * - The GetRand*() class of functions, as well as construction of
  * FastRandomContext objects, perform 'fast' seeding, consisting of mixing in:
  *   - A stack pointer (indirectly committing to calling thread and call stack)
  *   - A high-precision timestamp (rdtsc when available, c++
  * high_resolution_clock otherwise)
  *   - 64 bits from the hardware RNG (rdrand) when available.
  *   These entropy sources are very fast, and only designed to protect against
  * situations where a VM state restore/copy results in multiple systems with the
  * same randomness. FastRandomContext on the other hand does not protect against
  * this once created, but is even faster (and acceptable to use inside tight
  * loops).
  *
  * - The GetStrongRand*() class of function perform 'slow' seeding, including
  * everything that fast seeding includes, but additionally:
  *   - OS entropy (/dev/urandom, getrandom(), ...). The application will
  * terminate if this entropy source fails.
  *   - Another high-precision timestamp (indirectly committing to a benchmark of
  * all the previous sources). These entropy sources are slower, but designed to
  * make sure the RNG state contains fresh data that is unpredictable to
  * attackers.
  *
  * - RandAddPeriodic() seeds everything that fast seeding includes, but
  * additionally:
  *   - A high-precision timestamp
  *   - Dynamic environment data (performance monitoring, ...)
  *   - Strengthen the entropy for 10 ms using repeated SHA512.
  *   This is run once every minute.
  *
  * On first use of the RNG (regardless of what function is called first), all
  * entropy sources used in the 'slow' seeder are included, but also:
  * - 256 bits from the hardware RNG (rdseed or rdrand) when available.
  * - Dynamic environment data (performance monitoring, ...)
  * - Static environment data
  * - Strengthen the entropy for 100 ms using repeated SHA512.
  *
  * When mixing in new entropy, H = SHA512(entropy || old_rng_state) is computed,
  * and (up to) the first 32 bytes of H are produced as output, while the last 32
  * bytes become the new RNG state.
  */
 
 /**
  * Generate random data via the internal PRNG.
  *
  * These functions are designed to be fast (sub microsecond), but do not
  * necessarily meaningfully add entropy to the PRNG state.
  *
  * Thread-safe.
  */
 void GetRandBytes(uint8_t *buf, int num) noexcept;
 uint64_t GetRand(uint64_t nMax) noexcept;
 std::chrono::microseconds
 GetRandMicros(std::chrono::microseconds duration_max) noexcept;
 int GetRandInt(int nMax) noexcept;
 uint256 GetRandHash() noexcept;
 
 /**
  * Gather entropy from various sources, feed it into the internal PRNG, and
  * generate random data using it.
  *
  * This function will cause failure whenever the OS RNG fails.
  *
  * Thread-safe.
  */
 void GetStrongRandBytes(uint8_t *buf, int num) noexcept;
 
 /**
  * Gather entropy from various expensive sources, and feed them to the PRNG
  * state.
  *
  * Thread-safe.
  */
 void RandAddPeriodic() noexcept;
 
 /**
  * Gathers entropy from the low bits of the time at which events occur. Should
  * be called with a uint32_t describing the event at the time an event occurs.
  *
  * Thread-safe.
  */
 void RandAddEvent(const uint32_t event_info) noexcept;
 
 /**
  * Fast randomness source. This is seeded once with secure random data, but
  * is completely deterministic and does not gather more entropy after that.
  *
  * This class is not thread-safe.
  */
 class FastRandomContext {
 private:
     bool requires_seed;
     ChaCha20 rng;
 
     uint8_t bytebuf[64];
     int bytebuf_size;
 
     uint64_t bitbuf;
     int bitbuf_size;
 
     void RandomSeed();
 
     void FillByteBuffer() {
         if (requires_seed) {
             RandomSeed();
         }
         rng.Keystream(bytebuf, sizeof(bytebuf));
         bytebuf_size = sizeof(bytebuf);
     }
 
     void FillBitBuffer() {
         bitbuf = rand64();
         bitbuf_size = 64;
     }
 
 public:
     explicit FastRandomContext(bool fDeterministic = false) noexcept;
 
     /** Initialize with explicit seed (only for testing) */
     explicit FastRandomContext(const uint256 &seed) noexcept;
 
     // Do not permit copying a FastRandomContext (move it, or create a new one
     // to get reseeded).
     FastRandomContext(const FastRandomContext &) = delete;
     FastRandomContext(FastRandomContext &&) = delete;
     FastRandomContext &operator=(const FastRandomContext &) = delete;
 
     /**
      * Move a FastRandomContext. If the original one is used again, it will be
      * reseeded.
      */
     FastRandomContext &operator=(FastRandomContext &&from) noexcept;
 
     /** Generate a random 64-bit integer. */
     uint64_t rand64() noexcept {
         if (bytebuf_size < 8) {
             FillByteBuffer();
         }
         uint64_t ret = ReadLE64(bytebuf + 64 - bytebuf_size);
         bytebuf_size -= 8;
         return ret;
     }
 
     /** Generate a random (bits)-bit integer. */
     uint64_t randbits(int bits) noexcept {
         if (bits == 0) {
             return 0;
         } else if (bits > 32) {
             return rand64() >> (64 - bits);
         } else {
             if (bitbuf_size < bits) {
                 FillBitBuffer();
             }
             uint64_t ret = bitbuf & (~uint64_t(0) >> (64 - bits));
             bitbuf >>= bits;
             bitbuf_size -= bits;
             return ret;
         }
     }
 
-    /** Generate a random integer in the range [0..range). */
+    /**
+     * Generate a random integer in the range [0..range).
+     * Precondition: range > 0.
+     */
     uint64_t randrange(uint64_t range) noexcept {
         assert(range);
         --range;
         int bits = CountBits(range);
         while (true) {
             uint64_t ret = randbits(bits);
             if (ret <= range) {
                 return ret;
             }
         }
     }
 
     /** Generate random bytes. */
     std::vector<uint8_t> randbytes(size_t len);
 
     /** Generate a random 32-bit integer. */
     uint32_t rand32() noexcept { return randbits(32); }
 
     /** generate a random uint160. */
     uint160 rand160() noexcept;
 
     /** generate a random uint256. */
     uint256 rand256() noexcept;
 
     /** Generate a random boolean. */
     bool randbool() noexcept { return randbits(1); }
 
     // Compatibility with the C++11 UniformRandomBitGenerator concept
     typedef uint64_t result_type;
     static constexpr uint64_t min() { return 0; }
     static constexpr uint64_t max() {
         return std::numeric_limits<uint64_t>::max();
     }
     inline uint64_t operator()() noexcept { return rand64(); }
 };
 
 /**
  * More efficient than using std::shuffle on a FastRandomContext.
  *
  * This is more efficient as std::shuffle will consume entropy in groups of
  * 64 bits at the time and throw away most.
  *
  * This also works around a bug in libstdc++ std::shuffle that may cause
  * type::operator=(type&&) to be invoked on itself, which the library's
  * debug mode detects and panics on. This is a known issue, see
  * https://stackoverflow.com/questions/22915325/avoiding-self-assignment-in-stdshuffle
  */
 template <typename I, typename R> void Shuffle(I first, I last, R &&rng) {
     while (first != last) {
         size_t j = rng.randrange(last - first);
         if (j) {
             using std::swap;
             swap(*first, *(first + j));
         }
         ++first;
     }
 }
 
 /**
  * Number of random bytes returned by GetOSRand.
  * When changing this constant make sure to change all call sites, and make
  * sure that the underlying OS APIs for all platforms support the number.
  * (many cap out at 256 bytes).
  */
 static const int NUM_OS_RANDOM_BYTES = 32;
 
 /**
  * Get 32 bytes of system entropy. Do not use this in application code: use
  * GetStrongRandBytes instead.
  */
 void GetOSRand(uint8_t *ent32);
 
 /**
  * Check that OS randomness is available and returning the requested number of
  * bytes.
  */
 bool Random_SanityCheck();
 
 /**
  * Initialize global RNG state and log any CPU features that are used.
  *
  * Calling this function is optional. RNG state will be initialized when first
  * needed if it is not called.
  */
 void RandomInit();
 
 #endif // BITCOIN_RANDOM_H
diff --git a/src/test/fuzz/CMakeLists.txt b/src/test/fuzz/CMakeLists.txt
index 26b57c4b8..b8b395ee5 100644
--- a/src/test/fuzz/CMakeLists.txt
+++ b/src/test/fuzz/CMakeLists.txt
@@ -1,192 +1,196 @@
 # Fuzzer test harness
 add_custom_target(bitcoin-fuzzers)
 
 define_property(GLOBAL
 	PROPERTY FUZZ_TARGETS
 	BRIEF_DOCS "List of fuzz targets"
 	FULL_DOCS "A list of the fuzz targets"
 )
 set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS bitcoin-fuzzers)
 
 include(InstallationHelper)
 macro(add_fuzz_target TARGET EXE_NAME)
 	add_executable(${TARGET} EXCLUDE_FROM_ALL
 		fuzz.cpp
 		${ARGN}
 	)
 	set_target_properties(${TARGET} PROPERTIES OUTPUT_NAME ${EXE_NAME})
 
 	target_link_libraries(${TARGET} server testutil rpcclient)
 
 	add_dependencies(bitcoin-fuzzers ${TARGET})
 
 	set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS ${TARGET})
 
 	install_target(${TARGET}
 		COMPONENT fuzzer
 		EXCLUDE_FROM_ALL
 	)
 endmacro()
 
 function(add_regular_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			"${_fuzz_test_name}.cpp"
 		)
 	endforeach()
 endfunction()
 
 include(SanitizeHelper)
 function(add_deserialize_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			deserialize.cpp
 		)
 
 		sanitize_c_cxx_definition("" ${_fuzz_test_name} _target_definition)
 		string(TOUPPER ${_target_definition} _target_definition)
 		target_compile_definitions(${_fuzz_target_name} PRIVATE ${_target_definition})
 	endforeach()
 endfunction()
 
 function(add_process_message_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-process_message_" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			process_message_${_fuzz_test_name}
 
 			# Sources
 			process_message.cpp
 		)
 
 		target_compile_definitions(${_fuzz_target_name} PRIVATE MESSAGE_TYPE=${_fuzz_test_name})
 	endforeach()
 endfunction()
 
 add_regular_fuzz_targets(
 	addrdb
 	asmap
 	base_encode_decode
 	block
 	block_header
 	blockfilter
 	bloom_filter
 	cashaddr
 	chain
 	descriptor_parse
 	eval_script
 	fee_rate
+	flatfile
 	float
 	hex
 	integer
 	key
 	key_io
 	locale
+	merkleblock
 	multiplication_overflow
 	net_permissions
 	netaddress
 	p2p_transport_deserializer
 	parse_hd_keypath
 	parse_iso8601
 	parse_numbers
 	parse_script
 	parse_univalue
 	process_message
 	process_messages
 	protocol
 	psbt
+	random
 	rolling_bloom_filter
 	script
 	script_flags
 	script_ops
 	scriptnum_ops
 	signature_checker
+	span
 	spanparsing
 	string
 	strprintf
 	timedata
 	transaction
 	tx_in
 	tx_out
 )
 
 add_deserialize_fuzz_targets(
 	addr_info_deserialize
 	address_deserialize
 	addrman_deserialize
 	banentry_deserialize
 	block_deserialize
 	block_file_info_deserialize
 	block_filter_deserialize
 	block_header_and_short_txids_deserialize
 	blockheader_deserialize
 	blocklocator_deserialize
 	blockmerkleroot
 	blocktransactions_deserialize
 	blocktransactionsrequest_deserialize
 	blockundo_deserialize
 	bloomfilter_deserialize
 	coins_deserialize
 	diskblockindex_deserialize
 	fee_rate_deserialize
 	flat_file_pos_deserialize
 	inv_deserialize
 	key_origin_info_deserialize
 	merkle_block_deserialize
 	messageheader_deserialize
 	netaddr_deserialize
 	out_point_deserialize
 	partial_merkle_tree_deserialize
 	partially_signed_transaction_deserialize
 	prefilled_transaction_deserialize
 	psbt_input_deserialize
 	psbt_output_deserialize
 	pub_key_deserialize
 	script_deserialize
 	service_deserialize
 	snapshotmetadata_deserialize
 	sub_net_deserialize
 	tx_in_deserialize
 	txoutcompressor_deserialize
 	txundo_deserialize
 	uint160_deserialize
 	uint256_deserialize
 )
 
 add_process_message_fuzz_targets(
 	addr
 	block
 	blocktxn
 	cmpctblock
 	feefilter
 	filteradd
 	filterclear
 	filterload
 	getaddr
 	getblocks
 	getblocktxn
 	getdata
 	getheaders
 	headers
 	inv
 	mempool
 	notfound
 	ping
 	pong
 	sendcmpct
 	sendheaders
 	tx
 	verack
 	version
 )
diff --git a/src/test/fuzz/flatfile.cpp b/src/test/fuzz/flatfile.cpp
new file mode 100644
index 000000000..7d4b3f49c
--- /dev/null
+++ b/src/test/fuzz/flatfile.cpp
@@ -0,0 +1,33 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <flatfile.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cassert>
+#include <cstdint>
+#include <optional>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    std::optional<FlatFilePos> flat_file_pos =
+        ConsumeDeserializable<FlatFilePos>(fuzzed_data_provider);
+    if (!flat_file_pos) {
+        return;
+    }
+    std::optional<FlatFilePos> another_flat_file_pos =
+        ConsumeDeserializable<FlatFilePos>(fuzzed_data_provider);
+    if (another_flat_file_pos) {
+        assert((*flat_file_pos == *another_flat_file_pos) !=
+               (*flat_file_pos != *another_flat_file_pos));
+    }
+    (void)flat_file_pos->ToString();
+    flat_file_pos->SetNull();
+    assert(flat_file_pos->IsNull());
+}
diff --git a/src/test/fuzz/merkleblock.cpp b/src/test/fuzz/merkleblock.cpp
new file mode 100644
index 000000000..d5bf5bf89
--- /dev/null
+++ b/src/test/fuzz/merkleblock.cpp
@@ -0,0 +1,28 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <merkleblock.h>
+#include <uint256.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <optional>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    std::optional<CPartialMerkleTree> partial_merkle_tree =
+        ConsumeDeserializable<CPartialMerkleTree>(fuzzed_data_provider);
+    if (!partial_merkle_tree) {
+        return;
+    }
+    (void)partial_merkle_tree->GetNumTransactions();
+    std::vector<uint256> matches;
+    std::vector<size_t> indices;
+    (void)partial_merkle_tree->ExtractMatches(matches, indices);
+}
diff --git a/src/test/fuzz/random.cpp b/src/test/fuzz/random.cpp
new file mode 100644
index 000000000..21d9d3da3
--- /dev/null
+++ b/src/test/fuzz/random.cpp
@@ -0,0 +1,36 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <random.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <algorithm>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    FastRandomContext fast_random_context{ConsumeUInt256(fuzzed_data_provider)};
+    (void)fast_random_context.rand64();
+    (void)fast_random_context.randbits(
+        fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 64));
+    (void)fast_random_context.randrange(
+        fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(
+            FastRandomContext::min() + 1, FastRandomContext::max()));
+    (void)fast_random_context.randbytes(
+        fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1024));
+    (void)fast_random_context.rand32();
+    (void)fast_random_context.rand256();
+    (void)fast_random_context.randbool();
+    (void)fast_random_context();
+
+    std::vector<int64_t> integrals =
+        ConsumeRandomLengthIntegralVector<int64_t>(fuzzed_data_provider);
+    Shuffle(integrals.begin(), integrals.end(), fast_random_context);
+    std::shuffle(integrals.begin(), integrals.end(), fast_random_context);
+}
diff --git a/src/test/fuzz/span.cpp b/src/test/fuzz/span.cpp
new file mode 100644
index 000000000..392c68855
--- /dev/null
+++ b/src/test/fuzz/span.cpp
@@ -0,0 +1,41 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <span.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cassert>
+#include <cstddef>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+
+    std::string str = fuzzed_data_provider.ConsumeBytesAsString(32);
+    const Span<const char> span = MakeSpan(str);
+    (void)span.data();
+    (void)span.begin();
+    (void)span.end();
+    if (span.size() > 0) {
+        const std::ptrdiff_t idx =
+            fuzzed_data_provider.ConsumeIntegralInRange<std::ptrdiff_t>(
+                0U, span.size() - 1U);
+        (void)span.first(idx);
+        (void)span.last(idx);
+        (void)span.subspan(idx);
+        (void)span.subspan(idx, span.size() - idx);
+        (void)span[idx];
+    }
+
+    std::string another_str = fuzzed_data_provider.ConsumeBytesAsString(32);
+    const Span<const char> another_span = MakeSpan(another_str);
+    assert((span <= another_span) != (span > another_span));
+    assert((span == another_span) != (span != another_span));
+    assert((span >= another_span) != (span < another_span));
+}
diff --git a/src/test/fuzz/string.cpp b/src/test/fuzz/string.cpp
index 2c6766d98..6732bf3d4 100644
--- a/src/test/fuzz/string.cpp
+++ b/src/test/fuzz/string.cpp
@@ -1,98 +1,129 @@
 // Copyright (c) 2020 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <blockfilter.h>
 #include <clientversion.h>
 #include <logging.h>
 #include <netbase.h>
 #include <outputtype.h>
 #include <rpc/client.h>
 #include <rpc/request.h>
 #include <rpc/server.h>
 #include <rpc/util.h>
 #include <script/descriptor.h>
-#include <test/fuzz/FuzzedDataProvider.h>
-#include <test/fuzz/fuzz.h>
-#include <test/fuzz/util.h>
+#include <serialize.h>
+#include <streams.h>
 #include <util/error.h>
 #include <util/message.h>
 #include <util/settings.h>
 #include <util/strencodings.h>
 #include <util/string.h>
 #include <util/system.h>
 #include <util/translation.h>
 #include <util/url.h>
+#include <version.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
 
 #include <cstdint>
 #include <string>
 #include <vector>
 
 void test_one_input(const std::vector<uint8_t> &buffer) {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     const std::string random_string_1 =
         fuzzed_data_provider.ConsumeRandomLengthString(32);
     const std::string random_string_2 =
         fuzzed_data_provider.ConsumeRandomLengthString(32);
     const std::vector<std::string> random_string_vector =
         ConsumeRandomLengthStringVector(fuzzed_data_provider);
 
     (void)AmountErrMsg(random_string_1, random_string_2);
     (void)AmountHighWarn(random_string_1);
     BlockFilterType block_filter_type;
     (void)BlockFilterTypeByName(random_string_1, block_filter_type);
     (void)Capitalize(random_string_1);
     (void)CopyrightHolders(random_string_1);
     (void)FormatParagraph(
         random_string_1,
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000),
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000));
     (void)FormatSubVersion(random_string_1,
                            fuzzed_data_provider.ConsumeIntegral<int>(),
                            random_string_vector);
     (void)GetDescriptorChecksum(random_string_1);
     (void)HelpExampleCli(random_string_1, random_string_2);
     (void)HelpExampleRpc(random_string_1, random_string_2);
     (void)HelpMessageGroup(random_string_1);
     (void)HelpMessageOpt(random_string_1, random_string_2);
     ArgsManager argsman;
     (void)IsDeprecatedRPCEnabled(argsman, random_string_1);
     (void)Join(random_string_vector, random_string_1);
     (void)JSONRPCError(fuzzed_data_provider.ConsumeIntegral<int>(),
                        random_string_1);
     const util::Settings settings;
     (void)OnlyHasDefaultSectionSetting(settings, random_string_1,
                                        random_string_2);
     (void)ParseNetwork(random_string_1);
     try {
         (void)ParseNonRFCJSONValue(random_string_1);
     } catch (const std::runtime_error &) {
     }
     OutputType output_type;
     (void)ParseOutputType(random_string_1, output_type);
     (void)ResolveErrMsg(random_string_1, random_string_2);
     try {
         (void)RPCConvertNamedValues(random_string_1, random_string_vector);
     } catch (const std::runtime_error &) {
     }
     try {
         (void)RPCConvertValues(random_string_1, random_string_vector);
     } catch (const std::runtime_error &) {
     }
     (void)SanitizeString(random_string_1);
     (void)SanitizeString(
         random_string_1,
         fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 3));
     (void)ShellEscape(random_string_1);
     int port_out;
     std::string host_out;
     SplitHostPort(random_string_1, port_out, host_out);
     (void)TimingResistantEqual(random_string_1, random_string_2);
     (void)ToLower(random_string_1);
     (void)ToUpper(random_string_1);
     (void)TrimString(random_string_1);
     (void)TrimString(random_string_1, random_string_2);
     (void)urlDecode(random_string_1);
     (void)ValidAsCString(random_string_1);
     (void)_(random_string_1.c_str());
+
+    {
+        CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
+        std::string s;
+        LimitedString<10> limited_string = LIMITED_STRING(s, 10);
+        data_stream << random_string_1;
+        try {
+            data_stream >> limited_string;
+            assert(data_stream.empty());
+            assert(s.size() <= random_string_1.size());
+            assert(s.size() <= 10);
+            if (!random_string_1.empty()) {
+                assert(!s.empty());
+            }
+        } catch (const std::ios_base::failure &) {
+        }
+    }
+    {
+        CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
+        const LimitedString<10> limited_string =
+            LIMITED_STRING(random_string_1, 10);
+        data_stream << limited_string;
+        std::string deserialized_string;
+        data_stream >> deserialized_string;
+        assert(data_stream.empty());
+        assert(deserialized_string == random_string_1);
+    }
 }
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index e371d33b4..1e3d8d94a 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -1,119 +1,133 @@
 // Copyright (c) 2009-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #ifndef BITCOIN_TEST_FUZZ_UTIL_H
 #define BITCOIN_TEST_FUZZ_UTIL_H
 
 #include <amount.h>
 #include <attributes.h>
 #include <script/script.h>
 #include <serialize.h>
 #include <streams.h>
 #include <uint256.h>
 #include <version.h>
 
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 
 #include <cstdint>
 #include <string>
 #include <vector>
 
 NODISCARD inline std::vector<uint8_t>
 ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider,
-                              size_t max_length = 4096) noexcept {
+                              const size_t max_length = 4096) noexcept {
     const std::string s =
         fuzzed_data_provider.ConsumeRandomLengthString(max_length);
     return {s.begin(), s.end()};
 }
 
 NODISCARD inline std::vector<std::string>
 ConsumeRandomLengthStringVector(FuzzedDataProvider &fuzzed_data_provider,
-                                size_t max_vector_size = 16,
-                                size_t max_string_length = 16) noexcept {
+                                const size_t max_vector_size = 16,
+                                const size_t max_string_length = 16) noexcept {
     const size_t n_elements =
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<std::string> r;
     for (size_t i = 0; i < n_elements; ++i) {
         r.push_back(
             fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
     }
     return r;
 }
 
+template <typename T>
+NODISCARD inline std::vector<T>
+ConsumeRandomLengthIntegralVector(FuzzedDataProvider &fuzzed_data_provider,
+                                  const size_t max_vector_size = 16) noexcept {
+    const size_t n_elements =
+        fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
+    std::vector<T> r;
+    for (size_t i = 0; i < n_elements; ++i) {
+        r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
+    }
+    return r;
+}
+
 template <typename T>
 NODISCARD inline std::optional<T>
 ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider,
-                      size_t max_length = 4096) noexcept {
+                      const size_t max_length = 4096) noexcept {
     const std::vector<uint8_t> buffer =
         ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
     CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
     T obj;
     try {
         ds >> obj;
     } catch (const std::ios_base::failure &) {
         return std::nullopt;
     }
     return obj;
 }
 
 NODISCARD inline opcodetype
 ConsumeOpcodeType(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return static_cast<opcodetype>(
         fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, MAX_OPCODE));
 }
 
 NODISCARD inline Amount
 ConsumeMoney(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     // FIXME find a better way to avoid duplicating the MAX_MONEY definition
     int64_t maxMoneyAsInt = int64_t(21000000) * int64_t(100000000);
     return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0,
                                                                 maxMoneyAsInt) *
            SATOSHI;
 }
 
 NODISCARD inline CScript
 ConsumeScript(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> b =
         ConsumeRandomLengthByteVector(fuzzed_data_provider);
     return {b.begin(), b.end()};
 }
 
 NODISCARD inline CScriptNum
 ConsumeScriptNum(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return CScriptNum{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
 }
 
 NODISCARD inline uint256
 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> v256 =
         fuzzed_data_provider.ConsumeBytes<uint8_t>(sizeof(uint256));
     if (v256.size() != sizeof(uint256)) {
         return {};
     }
     return uint256{v256};
 }
 
-template <typename T> bool MultiplicationOverflow(T i, T j) {
+template <typename T>
+NODISCARD bool MultiplicationOverflow(const T i, const T j) noexcept {
     static_assert(std::is_integral<T>::value, "Integral required.");
     if (std::numeric_limits<T>::is_signed) {
         if (i > 0) {
             if (j > 0) {
                 return i > (std::numeric_limits<T>::max() / j);
             } else {
                 return j < (std::numeric_limits<T>::min() / i);
             }
         } else {
             if (j > 0) {
                 return i < (std::numeric_limits<T>::min() / j);
             } else {
                 return i != 0 && (j < (std::numeric_limits<T>::max() / i));
             }
         }
     } else {
         return j != 0 && i > std::numeric_limits<T>::max() / j;
     }
 }
 
 #endif // BITCOIN_TEST_FUZZ_UTIL_H