Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure non-zero instruction cost in wasm #2816

Closed
sug0 opened this issue Mar 5, 2024 · 1 comment · Fixed by #2838
Closed

Configure non-zero instruction cost in wasm #2816

sug0 opened this issue Mar 5, 2024 · 1 comment · Fixed by #2838
Assignees
@grarco
Labels
bug Something isn't working gas security wasm
Milestone
Phase 1: mainnet ...

Comments

@sug0
Copy link
Contributor

sug0 commented Mar 5, 2024
edited
Loading

Bugs in wasm code causing infinite loops and/or dry ran txs with custom wasm code may be a DoS vector, since wasm instructions have no associated gas cost (see get_gas_rules() in crates/namada/src/vm/wasm/run.rs). We should associate some non-zero cost to executing wasm opcodes, in order to avoid the aforementioned problems.
@sug0 sug0 added bug Something isn't working security labels Mar 5, 2024
@sug0 sug0 mentioned this issue Mar 5, 2024
Closed
10 tasks
@sug0 sug0 added the wasm label Mar 5, 2024
@grarco grarco self-assigned this Mar 6, 2024
@grarco
Copy link
Contributor

grarco commented Mar 6, 2024
edited
Loading

This is a known issue due to the lack of a proper runtime gas meter but I believe two things should be considered:

  1. For actual txs in storage we always have the whitelist. This attack can be exploited on loops that don't call host functions (since these are tracking gas). So as long as the whitelist is there and we check what gets whitelisted it should not happen
  2. For dry runs this should be fixed in Fix allowlist checks #2819 since the whitelist check is moved inside the call to tx which is called from apply_wasm_tx

Still I'll try to see how hard it is to swap the current whitelist-based gas metering system with a proper runtime one

@grarco grarco added the gas label Mar 7, 2024
@grarco grarco mentioned this issue Mar 7, 2024
Merged
2 tasks
@brentstone brentstone added this to the Phase 1: mainnet genesis milestone Apr 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@grarco grarco

Labels
bug Something isn't working gas security wasm
Projects
None yet
Milestone
Phase 1: mainnet genesis
Development

Successfully merging a pull request may close this issue.

Runtime gas meter anoma/namada
3 participants
@sug0 @brentstone @grarco