erwanor
commented
1 month ago It should only interrupt the connection right? if it makes the full node panic we need to do this immediately
Open zbuc opened 1 month ago
erwanor
commented
1 month ago It should only interrupt the connection right? if it makes the full node panic we need to do this immediately
cratelyn
commented
1 month ago i'm not sure if there is comet behavior involved when you say "full node panic" but yes, unimplemented!, todo!, and co. will cause the current thread to panic. if panics are exposed in any publicly accessible endpoints, they almost always end up being DDoS-shaped bugs.
zbuc
commented
1 month ago I just tested this by adding a panic to the batch_swap_output_data RPC. Good news is that the entire node does not crash; I think Tonic handles recovery from the task's panic. Even running a client calling the crashy RPC in a loop didn't prevent other services on the Dex RPC from being called simultaneously.
This work may not need to be completed after all, or is at least lower-priority than we initially thought.
In #4444 @cratelyn noted that the use of the
unimplemented!()macro in RPCs can allow a malicious client to crash the node software.I performed a brief search through the codebase and saw several other calls to
unimplementedelsewhere. We should audit the codebase for panicky macros (panic,unimplemented,todo, etc.) and ensure they're unable to crash node software.