Closed guidanoli closed 4 months ago
You can inspect the /bounties/examples
directory by running cartesi build
, then cartesi shell
, and then...
ls -1 /bounties/examples/
This is the output for my case. It depends on what bounties you have compiled locally.
busybox-1.36.1-bounty_riscv64.tar.xz
lua-5.4.3-bounty_riscv64.tar.xz
lua-5.4.6-bounty_riscv64.tar.xz
solidity-0.8.24-bounty_riscv64.tar.xz
sqlite-3.32.2-bounty_riscv64.tar.xz
sqlite-3.43.2-bounty_riscv64.tar.xz
The largest one by far is the Solidity compiler bounty. You can check how much space are the bounty examples occupying by running:
du -h /bounties/examples/
In my case, it's 4.5 MB big. Considering the machine image as a whole is 247 MB, I wouldn't say it would take a too big of a toll on the disk and RAM of the node.
Hey @guidanoli !
I don't think we should add the Solidity compiler bounty to the /bounties/examples
folder because we don't have an exploit already known for it and then users will not be able to play with it.
My understanding is that the Solidity compiler is the first real bounty (or official bounty), funded by the foundation, that we will make available to hackers to try to find a exploit.
Here comes my thoughts for us to shape together:
/bounties/official
?)What do you think? Can we move forward this way?
Hey @claudioantonio!
I don't think we should add the Solidity compiler bounty to the /bounties/examples folder because we don't have an exploit already known for it and then users will not be able to play with it.
Yes, you are right, Solidity 0.8.25 has no known exploits. However, I think it would be beneficial to have the Solidity bounty included in the machine, so that we can test it on Optimism Sepolia. This would allow us to catch any bugs at this early stage, and not on production.
I think we should have another folder for real bounties (
/bounties/official
?)
It would complicate the Dockefile
, though... Right now, we can just do a test/bounties/**/*.tar.xz
glob, but if we were to create separate folders for example and real bounties, we'd have to copy bounties one-by-one.
I would not add all examples that we have today as built-in to allow users experiment sending them as inputs. We could left the Lua one for users experiment sending a bounty via input.
I don't see why we need to filter out some bounties, just so we can force users to add them through calldata
. If a user wants, they can upload bounties even if they are built-in.
I think we should have another folder for real bounties (/bounties/official ?)
It would complicate the Dockefile, though... Right now, we can just do a test/bounties/*/.tar.xz glob, but if we were to create separate folders for example and real bounties, we'd have to copy bounties one-by-one.
Not the time to complicate things! I will approve the PR so we can keep the plan and we can discuss more the adjustments for the next steps. 😉
Closes #100