Return error if wasm to big #287
Comments
If there is no fancy API for that, you can set decompressed = ioutil.ReadAll(io.LimitReader(zr, maxSize +1))
if len(decompressed) > maxSize {
// error
}
return decompressed |
|
Since this is probably censensus breaking, I suggest adding this to 0.12.0. |
|
Changing the value if the limit is now tracked separately: #289 |
|
I think leaving the same limit and returning a better error message is not consensus breaking. As long as it still succeeds at 400kb and fails at 400kb+1. The error message is not part of consensus (the code is however, so we make sure we return the same error code). The further improvements (adjustable limit, new code, etc) should definitely be in 0.12. I would like to pull a non breaking part into 0.11 to avoid confusion from new devs |
|
The error code is one thing to check. In addition to that, I am realtively sure you can create a large Wasm file that is perfectly valid when truncated after 400 KB. This way cou can attack consesus. Would be a nice side-challenge for the hacaktom. We can do this in a patch release, but add a big warning. Since there is no large 0.11 network yet, I assume we don't have to expect 0.11.1 and 0.11.2 mixed networks. |
Currently it cuts of the wasm at 400kb, but doesn't return an error, leading to odd error messages.
We can raise the size limit a bit, maybe 600kb. But mainly, we need to return an error on the limit. Not sure how to do it with this interface.
https://github.com/CosmWasm/cosmwasm/issues/576#issuecomment-706766984
The text was updated successfully, but these errors were encountered: