-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
π‘οΈ High Memory Consumption leading to Network Outage #618
Comments
Below is my analysis and steps to reproduce the critical issue at hand. Let's open discussion about this issue and potential solutions to resolve it. π
|
Thanks @bdeneux for your detailed analysis of the nature of the security problem revealed by the audit. Regarding the In preliminary consideration, I believe the best approach would be to implement controls on the allocators (memory, variables, etc.) that:
That said, it's not easy, quite tricky (as you mentioned, ichiban/prolog#226 is a good read) But I'd need a bit more time to get a better grasp of the issue and see if other approaches might not be more effective and safer. |
@ccamel @bdeneux This is really tricky, I would propose a first far from ideal fix: prohibit unification of the length with a not initialized variable using the What do you think? |
@amimart Yes seems a good temporary solution but after working on axone-protocol/prolog#3, I think it would be better (as a temporary solution too) if we add instead a maximum number of NewVariable possible. It will allow alway to use unification of length with uninitialized variable but with a defined limit, like say @ccamel in his first comment about allocated resources. This is a temporary solution since it act only on the variable resource and not on the global memory but it's a good starting point. |
Totally agree with you that's way better π, let's go this way |
Note
Severity: Critical
target: v7.1.0 - Commit: 3c854270b006db30aa3894da2cdba10cc31b8c5f
Ref: OKP4 Blockchain Audit Report v1.0 - 02-05-2024 - BlockApex
Description
While approaching the prolog code being executed on the okp4 blockchain, we used blackbox approach in which we tried various prolog predicates which were natively allowed in the blockchain. We found that if a large list is generated and then tried to be mapped, it would cause a high memory usage which may lead to termination of that specific blockchain instance. This issue was
also verfied on itchiban/prolog's Scripting engine. If a large list i.e
N = 10000000000
was passed it would cause high memory usage that the node instance is forced to terminate. It is interesting to note that on some value ofN = 10000
, the blockchain will gracefully handle the issue and return gas error.Furthermore, it was tested that this issue is applicable for all predicates that may have a high memory consumption.
This finding is not isolated to our custom testing environments but was also corroborated using the Ichiban Prolog's scripting engine, highlighting a fundamental issue within the underlying computational logic that poses a serious risk to the blockchain's stability and operational integrity.
Impact
The ramifications of this vulnerability are twofold:
Recommandation
TBC
The text was updated successfully, but these errors were encountered: