snarkVM icon indicating copy to clipboard operation
snarkVM copied to clipboard
verified publisher icon AleoNet

[Bug] Deserialization/Parsing consumes more input than permitted.

Open d0cd opened this issue 2 years ago • 1 comments

🐛 Bug Report

A number of datatypes implement the FromBytes, ToBytes, and Parser traits. Some implementations are initially more permissive, for example:

  • Function::read_le accepts more inputs than MAX_INPUTS before it is checked later.
  • Plaintext::read_le/parse accepts more than MAX_ENTRIES before it is checked later.

A potential attack vector is that a malicious actor can send a node large messages that may waste a node's compute. Of course, this can be mitigated by fees. Ideally, the deserializer/parser should stop as soon as the input exceeds the bounds set by NETWORK.

Some further questions:

  • what is the maximum number of verifying keys in a deployment?

d0cd avatar Feb 07 '23 00:02 d0cd

Should be resolved with https://github.com/AleoNet/snarkVM/pull/1988

raychu86 avatar Nov 19 '24 23:11 raychu86