Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Denial of service when creating deeply nested structure #3471

Open
thehowl opened this issue Jan 9, 2025 · 2 comments
Open

Denial of service when creating deeply nested structure #3471

thehowl opened this issue Jan 9, 2025 · 2 comments
Assignees
@petar-dambovaliev
Labels
🐞 bug Something isn't working in focus Core team is prioritizing this work 📦 🤖 gnovm Issues or PRs gnovm related security Security-sensitive issue
Milestone
🚀 Mainnet beta la...

Comments

@thehowl
Copy link
Member

thehowl commented Jan 9, 2025
edited
Loading

All credit to @bbarwik, just re-creating the issue from the original at #2738 which jumbled together two different issues.

Crashing VM by creating very deep structure which is very CPU-intensive to process:

func init() {
    var x interface{}    
    for {
        x = [1]interface{}{x}    
   }
}

or alternatively:

package main
func main() {
    var x interface{}    
    for i := 0; i < 10000; i++ {
        x = [1]interface{}{x}    
    }
    for i := 0; i < 10000; i++ {
        println(x)   
    }
}

I used the following test to reproduce these issues: crash_test.go.zip. You should put it in gno.land/pkg/sdk/vm and run it there with go test -v -run TestVMCrash.

This can be replicated by doing a gnokey maketx run on a running node with either of the two files.
@thehowl thehowl added 🐞 bug Something isn't working 📦 🤖 gnovm Issues or PRs gnovm related security Security-sensitive issue labels Jan 9, 2025
@thehowl thehowl added this to the 🚀 Mainnet beta launch milestone Jan 9, 2025
@thehowl thehowl mentioned this issue Jan 9, 2025
Closed
@thehowl thehowl added the in focus Core team is prioritizing this work label Jan 9, 2025
@thehowl thehowl moved this from Triage to In Progress in 🧙‍♂️gno.land core team Jan 9, 2025
@odeke-em
Copy link
Contributor

odeke-em commented Jan 9, 2025

Just for context and comparison though, even Go runs out of memory running the same program https://go.dev/play/p/bfn4_KIapaK

...
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
(0x46cca0,0xc000121ac0)
timeout running program

Program exited.

@thehowl
Copy link
Member Author

thehowl commented Jan 10, 2025

@odeke-em yeah, and that's expected on gno run, however the problem is that this happens also when submitting the file as a MsgRun transaction; ie. it is dangerous because it can directly affect the chain.

@Kouteki Kouteki moved this from In Progress to Todo in 🧙‍♂️gno.land core team Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petar-dambovaliev petar-dambovaliev

Labels
🐞 bug Something isn't working in focus Core team is prioritizing this work 📦 🤖 gnovm Issues or PRs gnovm related security Security-sensitive issue
Projects
🧙‍♂️gno.land core team
Status: Todo
Milestone
🚀 Mainnet beta launch
Development

No branches or pull requests
3 participants
@thehowl @odeke-em @petar-dambovaliev