Prevent JIT bomb attacks #351

HDauven · 2024-04-08T15:43:41Z

Summary

With Cranelift, it is currently possible for a malicious actor to do a JIT bomb. Wasmtime currently provides a single-pass compiler that should prevent this called Winch.

Possible solution design or implementation

Switch from Cranelift to Winch to prevent potential JIT bombs.

ureeves · 2024-04-16T19:24:02Z

This cannot be implemented until wasmtime implements fuel-based interruption
bytecodealliance/wasmtime#8090

HDauven added fix:vulnerability Issues related to fix vulnerabilities of the architecture or software type:rfc Changing the behaviour of something already defined labels Apr 8, 2024

HDauven added this to the Mainnet milestone Apr 8, 2024

HDauven mentioned this issue Apr 10, 2024

Add Contract Deployment System dusk-network/rusk#1071

Closed

HDauven assigned ureeves Apr 10, 2024

ureeves mentioned this issue Apr 15, 2024

Upgrade to dusk-wasmtime version 19 #354

Merged

HDauven mentioned this issue Apr 24, 2024

Prepare for arbitrary smart contract deployment dusk-network/rusk#1689

Closed

3 tasks

HDauven changed the title ~~Migrate from Cranelift to Winch~~ Prevent JIT bomb attacks Jun 27, 2024

HDauven removed this from the Mainnet milestone Jul 3, 2024

HDauven unassigned ureeves Nov 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent JIT bomb attacks #351

Prevent JIT bomb attacks #351

HDauven commented Apr 8, 2024

ureeves commented Apr 16, 2024

Prevent JIT bomb attacks #351

Prevent JIT bomb attacks #351

Comments

HDauven commented Apr 8, 2024

Summary

Possible solution design or implementation

ureeves commented Apr 16, 2024