The dynamic call copy-passes the current args or return data to the target contract through serialization.
At this time, the maximum memory size of serialized data is limited, which is currently u32::MAX (~4GB). This becomes an vulnerability point by intentionally making the argument passing type large.
Constrain the size to be smaller and, if possible, be able to control it with the gov parameter.
loloicci
commented
2 years ago
https://github.com/line/cosmwasm/blob/d81a930ee2d6d92980e2696b9c24bd984a3f71e4/packages/vm/src/dynamic_link.rs#L173
The dynamic call copy-passes the current args or return data to the target contract through serialization. At this time, the maximum memory size of serialized data is limited, which is currently
u32::MAX(~4GB). This becomes an vulnerability point by intentionally making the argument passing type large.Constrain the size to be smaller and, if possible, be able to control it with the gov parameter.