diff --git a/src/test/fuzz/CMakeLists.txt b/src/test/fuzz/CMakeLists.txt
index b8b395ee5..457b3a597 100644
--- a/src/test/fuzz/CMakeLists.txt
+++ b/src/test/fuzz/CMakeLists.txt
@@ -1,196 +1,197 @@
 # Fuzzer test harness
 add_custom_target(bitcoin-fuzzers)
 
 define_property(GLOBAL
 	PROPERTY FUZZ_TARGETS
 	BRIEF_DOCS "List of fuzz targets"
 	FULL_DOCS "A list of the fuzz targets"
 )
 set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS bitcoin-fuzzers)
 
 include(InstallationHelper)
 macro(add_fuzz_target TARGET EXE_NAME)
 	add_executable(${TARGET} EXCLUDE_FROM_ALL
 		fuzz.cpp
 		${ARGN}
 	)
 	set_target_properties(${TARGET} PROPERTIES OUTPUT_NAME ${EXE_NAME})
 
 	target_link_libraries(${TARGET} server testutil rpcclient)
 
 	add_dependencies(bitcoin-fuzzers ${TARGET})
 
 	set_property(GLOBAL APPEND PROPERTY FUZZ_TARGETS ${TARGET})
 
 	install_target(${TARGET}
 		COMPONENT fuzzer
 		EXCLUDE_FROM_ALL
 	)
 endmacro()
 
 function(add_regular_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			"${_fuzz_test_name}.cpp"
 		)
 	endforeach()
 endfunction()
 
 include(SanitizeHelper)
 function(add_deserialize_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			${_fuzz_test_name}
 
 			# Sources
 			deserialize.cpp
 		)
 
 		sanitize_c_cxx_definition("" ${_fuzz_test_name} _target_definition)
 		string(TOUPPER ${_target_definition} _target_definition)
 		target_compile_definitions(${_fuzz_target_name} PRIVATE ${_target_definition})
 	endforeach()
 endfunction()
 
 function(add_process_message_fuzz_targets)
 	foreach(_fuzz_test_name ${ARGN})
 		sanitize_target_name("fuzz-process_message_" ${_fuzz_test_name} _fuzz_target_name)
 		add_fuzz_target(
 			${_fuzz_target_name}
 			process_message_${_fuzz_test_name}
 
 			# Sources
 			process_message.cpp
 		)
 
 		target_compile_definitions(${_fuzz_target_name} PRIVATE MESSAGE_TYPE=${_fuzz_test_name})
 	endforeach()
 endfunction()
 
 add_regular_fuzz_targets(
 	addrdb
 	asmap
 	base_encode_decode
 	block
 	block_header
 	blockfilter
 	bloom_filter
 	cashaddr
 	chain
 	descriptor_parse
 	eval_script
 	fee_rate
 	flatfile
 	float
 	hex
 	integer
 	key
 	key_io
 	locale
 	merkleblock
 	multiplication_overflow
 	net_permissions
 	netaddress
 	p2p_transport_deserializer
 	parse_hd_keypath
 	parse_iso8601
 	parse_numbers
 	parse_script
 	parse_univalue
+	pow
 	process_message
 	process_messages
 	protocol
 	psbt
 	random
 	rolling_bloom_filter
 	script
 	script_flags
 	script_ops
 	scriptnum_ops
 	signature_checker
 	span
 	spanparsing
 	string
 	strprintf
 	timedata
 	transaction
 	tx_in
 	tx_out
 )
 
 add_deserialize_fuzz_targets(
 	addr_info_deserialize
 	address_deserialize
 	addrman_deserialize
 	banentry_deserialize
 	block_deserialize
 	block_file_info_deserialize
 	block_filter_deserialize
 	block_header_and_short_txids_deserialize
 	blockheader_deserialize
 	blocklocator_deserialize
 	blockmerkleroot
 	blocktransactions_deserialize
 	blocktransactionsrequest_deserialize
 	blockundo_deserialize
 	bloomfilter_deserialize
 	coins_deserialize
 	diskblockindex_deserialize
 	fee_rate_deserialize
 	flat_file_pos_deserialize
 	inv_deserialize
 	key_origin_info_deserialize
 	merkle_block_deserialize
 	messageheader_deserialize
 	netaddr_deserialize
 	out_point_deserialize
 	partial_merkle_tree_deserialize
 	partially_signed_transaction_deserialize
 	prefilled_transaction_deserialize
 	psbt_input_deserialize
 	psbt_output_deserialize
 	pub_key_deserialize
 	script_deserialize
 	service_deserialize
 	snapshotmetadata_deserialize
 	sub_net_deserialize
 	tx_in_deserialize
 	txoutcompressor_deserialize
 	txundo_deserialize
 	uint160_deserialize
 	uint256_deserialize
 )
 
 add_process_message_fuzz_targets(
 	addr
 	block
 	blocktxn
 	cmpctblock
 	feefilter
 	filteradd
 	filterclear
 	filterload
 	getaddr
 	getblocks
 	getblocktxn
 	getdata
 	getheaders
 	headers
 	inv
 	mempool
 	notfound
 	ping
 	pong
 	sendcmpct
 	sendheaders
 	tx
 	verack
 	version
 )
diff --git a/src/test/fuzz/pow.cpp b/src/test/fuzz/pow.cpp
new file mode 100644
index 000000000..a2f045445
--- /dev/null
+++ b/src/test/fuzz/pow.cpp
@@ -0,0 +1,114 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chain.h>
+#include <chainparams.h>
+#include <config.h>
+#include <pow/pow.h>
+#include <primitives/block.h>
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <optional>
+#include <string>
+#include <vector>
+
+void initialize() {
+    SelectParams(CBaseChainParams::MAIN);
+}
+
+void test_one_input(const std::vector<uint8_t> &buffer) {
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const Config &config = GetConfig();
+    const CChainParams &chainparams = config.GetChainParams();
+    const Consensus::Params &consensus_params = chainparams.GetConsensus();
+    std::vector<CBlockIndex> blocks;
+    const uint32_t fixed_time =
+        fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    const uint32_t fixed_bits =
+        fuzzed_data_provider.ConsumeIntegral<uint32_t>();
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        const std::optional<CBlockHeader> block_header =
+            ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);
+        if (!block_header) {
+            continue;
+        }
+        CBlockIndex current_block{*block_header};
+        {
+            CBlockIndex *previous_block =
+                !blocks.empty()
+                    ? &blocks[fuzzed_data_provider.ConsumeIntegralInRange<
+                          size_t>(0, blocks.size() - 1)]
+                    : nullptr;
+            const int current_height =
+                (previous_block != nullptr &&
+                 previous_block->nHeight != std::numeric_limits<int>::max())
+                    ? previous_block->nHeight + 1
+                    : 0;
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.pprev = previous_block;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nHeight = current_height;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nTime =
+                    fixed_time +
+                    current_height * consensus_params.nPowTargetSpacing;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nBits = fixed_bits;
+            }
+            if (fuzzed_data_provider.ConsumeBool()) {
+                current_block.nChainWork =
+                    previous_block != nullptr
+                        ? previous_block->nChainWork +
+                              GetBlockProof(*previous_block)
+                        : arith_uint256{0};
+            } else {
+                current_block.nChainWork =
+                    ConsumeArithUInt256(fuzzed_data_provider);
+            }
+            blocks.push_back(current_block);
+        }
+        {
+            (void)GetBlockProof(current_block);
+            if (current_block.nHeight != std::numeric_limits<int>::max() &&
+                current_block.nHeight -
+                        (consensus_params.DifficultyAdjustmentInterval() - 1) >=
+                    0) {
+                (void)GetNextWorkRequired(&current_block, &(*block_header),
+                                          chainparams);
+            }
+        }
+        {
+            const CBlockIndex *to =
+                &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(
+                    0, blocks.size() - 1)];
+            const CBlockIndex *from =
+                &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(
+                    0, blocks.size() - 1)];
+            const CBlockIndex *tip =
+                &blocks[fuzzed_data_provider.ConsumeIntegralInRange<size_t>(
+                    0, blocks.size() - 1)];
+            try {
+                (void)GetBlockProofEquivalentTime(*to, *from, *tip,
+                                                  consensus_params);
+            } catch (const uint_error &) {
+            }
+        }
+        {
+            const std::optional<BlockHash> hash =
+                ConsumeDeserializable<BlockHash>(fuzzed_data_provider);
+            if (hash) {
+                (void)CheckProofOfWork(
+                    *hash, fuzzed_data_provider.ConsumeIntegral<unsigned int>(),
+                    consensus_params);
+            }
+        }
+    }
+}
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index 1e3d8d94a..14324fa2c 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -1,133 +1,139 @@
 // Copyright (c) 2009-2019 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #ifndef BITCOIN_TEST_FUZZ_UTIL_H
 #define BITCOIN_TEST_FUZZ_UTIL_H
 
 #include <amount.h>
+#include <arith_uint256.h>
 #include <attributes.h>
 #include <script/script.h>
 #include <serialize.h>
 #include <streams.h>
 #include <uint256.h>
 #include <version.h>
 
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 
 #include <cstdint>
 #include <string>
 #include <vector>
 
 NODISCARD inline std::vector<uint8_t>
 ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider,
                               const size_t max_length = 4096) noexcept {
     const std::string s =
         fuzzed_data_provider.ConsumeRandomLengthString(max_length);
     return {s.begin(), s.end()};
 }
 
 NODISCARD inline std::vector<std::string>
 ConsumeRandomLengthStringVector(FuzzedDataProvider &fuzzed_data_provider,
                                 const size_t max_vector_size = 16,
                                 const size_t max_string_length = 16) noexcept {
     const size_t n_elements =
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<std::string> r;
     for (size_t i = 0; i < n_elements; ++i) {
         r.push_back(
             fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
     }
     return r;
 }
 
 template <typename T>
 NODISCARD inline std::vector<T>
 ConsumeRandomLengthIntegralVector(FuzzedDataProvider &fuzzed_data_provider,
                                   const size_t max_vector_size = 16) noexcept {
     const size_t n_elements =
         fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
     std::vector<T> r;
     for (size_t i = 0; i < n_elements; ++i) {
         r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
     }
     return r;
 }
 
 template <typename T>
 NODISCARD inline std::optional<T>
 ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider,
                       const size_t max_length = 4096) noexcept {
     const std::vector<uint8_t> buffer =
         ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
     CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
     T obj;
     try {
         ds >> obj;
     } catch (const std::ios_base::failure &) {
         return std::nullopt;
     }
     return obj;
 }
 
 NODISCARD inline opcodetype
 ConsumeOpcodeType(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return static_cast<opcodetype>(
         fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, MAX_OPCODE));
 }
 
 NODISCARD inline Amount
 ConsumeMoney(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     // FIXME find a better way to avoid duplicating the MAX_MONEY definition
     int64_t maxMoneyAsInt = int64_t(21000000) * int64_t(100000000);
     return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0,
                                                                 maxMoneyAsInt) *
            SATOSHI;
 }
 
 NODISCARD inline CScript
 ConsumeScript(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> b =
         ConsumeRandomLengthByteVector(fuzzed_data_provider);
     return {b.begin(), b.end()};
 }
 
 NODISCARD inline CScriptNum
 ConsumeScriptNum(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     return CScriptNum{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
 }
 
 NODISCARD inline uint256
 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept {
     const std::vector<uint8_t> v256 =
         fuzzed_data_provider.ConsumeBytes<uint8_t>(sizeof(uint256));
     if (v256.size() != sizeof(uint256)) {
         return {};
     }
     return uint256{v256};
 }
 
+NODISCARD inline arith_uint256
+ConsumeArithUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept {
+    return UintToArith256(ConsumeUInt256(fuzzed_data_provider));
+}
+
 template <typename T>
 NODISCARD bool MultiplicationOverflow(const T i, const T j) noexcept {
     static_assert(std::is_integral<T>::value, "Integral required.");
     if (std::numeric_limits<T>::is_signed) {
         if (i > 0) {
             if (j > 0) {
                 return i > (std::numeric_limits<T>::max() / j);
             } else {
                 return j < (std::numeric_limits<T>::min() / i);
             }
         } else {
             if (j > 0) {
                 return i < (std::numeric_limits<T>::min() / j);
             } else {
                 return i != 0 && (j < (std::numeric_limits<T>::max() / i));
             }
         }
     } else {
         return j != 0 && i > std::numeric_limits<T>::max() / j;
     }
 }
 
 #endif // BITCOIN_TEST_FUZZ_UTIL_H