aquavm

aquavm copied to clipboard

TracePos values can be controlled by an attacker, and it worth checking that values do not overflow, returning a error instead.

Some care should be taking in implementing it.

panicing on overflow is bad idea as will make Marine to create a new instance that is slower than re-using an existing one (but, perhaps, is not slow enough for (D)DoS attack).

Replacing + with .checked_add(...) and returning Err can be cumbersome...