Closed danpaul000 closed 4 years ago
We don’t have any checks if our native programs don’t modify account size. With system program, if you create an account, you allocate memory. We have protections with smart contracts cannot allocate memory, but we don’t confirm that built-ins don’t mess with memory allocation. Known issue that Move program does modify account size/re-allocate memory. https://github.com/solana-labs/solana/blob/b75438ff3225e976ac4884205cb4387efebeb160/runtime/src/message_processor.rs#L246
@garious is this still in scope of SLP1 QA, as it is just a runtime check as you said?
@mvines, @danpaul000, classic @jackcmay fixed it faster than we could classify it
📬
Problem
We don’t have any checks if our native programs don’t modify account size. With system program, if you create an account, you allocate memory. We have protections with smart contracts cannot allocate memory, but we don’t confirm that built-ins don’t mess with memory allocation. Known issue that Move program does modify account size/re-allocate memory. https://github.com/solana-labs/solana/blob/b75438ff3225e976ac4884205cb4387efebeb160/runtime/src/message_processor.rs#L246