You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Two critical VM issues (denial of service attacks)
Hey everyone, I am a Web3 cybersecurity researcher working for Hacken specializing in layer 1 protocols and virtual machines. I met with the Gno team during Web3 Summit in Berlin where they introduced me to your project. I promised to check it out because it sounded very interesting to me. I spent a day playing with your project and virtual machine and managed to find two ways to crash it.
Critical issues
Crashing VM due to out-of-memory error by allocating a huge slice:
package main
funcmain() {
buffer:=make([]int, 1_000_000_000_000)
buffer[1] =1
}
Crashing VM by creating very deep structure which is very CPU-intensive to process:
funcinit() {
varxinterface{}
for {
x= [1]interface{}{x}
}
}
I used the following test to reproduce these issues: crash_test.go.zip. You should put it in gno.land/pkg/sdk/vm and run it there with go test -v -run TestVMCrash.
Next steps
I highly recommend introducing Fuzzing in your project and undergoing a full audit before launching your product.
Feel free to contact me here or by sending an email to b.barwikowski@hacken.io if you need any help.
The text was updated successfully, but these errors were encountered:
…ons (#2781)
<!-- please provide a detailed description of the changes made in this
pull request. -->
This is to fix the first issue mentioned in #2738.
In short, when allocating and reallocating slices' underlying arrays,
the VM was building the `TypedValue` slice before making the necessary
VM allocations. It is important the VM allocations be done before the
`TypedValue` allocations to ensure the values being allocated won't
exceed the VM's limit. In extreme cases, unchecked allocations resulted
in the VM hanging as it tried to allocate massive `TypedValue` slices in
the go runtime.
<details><summary>Contributors' checklist...</summary>
- [x] Added new tests, or not needed, or not feasible
- [x] Provided an example (e.g. screenshot) to aid review or the PR is
self-explanatory
- [x] Updated the official documentation or not needed
- [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message
was included in the description
- [x] Added references to related issues and PRs
- [x] Provided any useful hints for running manual tests
- [x] Added new benchmarks to [generated
graphs](https://gnoland.github.io/benchmarks), if any. More info
[here](https://github.com/gnolang/gno/blob/master/.benchmarks/README.md).
</details>
Two critical VM issues (denial of service attacks)
Hey everyone, I am a Web3 cybersecurity researcher working for Hacken specializing in layer 1 protocols and virtual machines. I met with the Gno team during Web3 Summit in Berlin where they introduced me to your project. I promised to check it out because it sounded very interesting to me. I spent a day playing with your project and virtual machine and managed to find two ways to crash it.
Critical issues
or alternatively:
I used the following test to reproduce these issues: crash_test.go.zip. You should put it in
gno.land/pkg/sdk/vm
and run it there withgo test -v -run TestVMCrash
.Next steps
I highly recommend introducing Fuzzing in your project and undergoing a full audit before launching your product.
Feel free to contact me here or by sending an email to b.barwikowski@hacken.io if you need any help.
The text was updated successfully, but these errors were encountered: