Iroha was accepted into oss-fuzz project by Google. It allows Iroha to have a continuous fuzzing process for free. When a bug (crash, timeout, out of memory etc) is found OSS notifies fuzzing maintainer and other people who are involved, it also provides a link to the bug details, including input lead to the crash. You can reproduce the issue locally with the provided input. Google sets a 90 days deadline before the bug information disclosure.
Local reproducing
Build Iroha with -DFUZZING=ON under clang (don't use Apple clang, use mainstream). E.g.:
cmake -DCMAKE_TOOLCHAIN_FILE=/Users/konstantinmunichev/src/vcpkg/dependencies/scripts/buildsystems/vcpkg.cmake -DCMAKE_C_COMPILER=/usr/local/opt/llvm/bin/clang -DCMAKE_CXX_COMPILER=/usr/local/opt/llvm/bin/clang++ -DFUZZING=ON ..
Now you can build fuzzing targets with make fuzzing (or you can build them one by one: torii_fuzz, status_fuzz, find_fuzz, mst_fuzz, consensus_fuzz, request_proposal_fuzz, send_batches_fuzz, retrieve_block_fuzz, retrieve_blocks_fuzz - one fuzzing target for every endpoint).