search

near-daos / sputnik-dao-contract

Smart contracts for https://app.astrodao.com
https://astrodao.com/
MIT License
107 stars 76 forks source link

Remove 'unsafe' keyword from the smart contracts #153

Closed ctindogaru closed 2 years ago

ctindogaru commented 2 years ago

Use env calls instead of sys to remove unsafe keyword and ensure memory safety.

The issue was reported by the Halborn team while doing an audit of the sputnik smart contracts.

Original description of the issue: Rust code that uses the unsafe keyword is considered unsafe, since all of the memory safety guarantees of Rust are not enforced there. It means that the code might be prone to vulnerabilities that would’ve been prevented by the compiler, such as Buffer Overflow, Double free, Use After free, and more.

ctindogaru commented 2 years ago

The same PR as https://github.com/near-daos/sputnik-dao-contract/pull/151, but open against main not audit-v3.