-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compile audit areas #2886
Comments
for what concerns the VM, there is a lot to cover. here are some ideas
it may be useful to use this to "classify" the kind of security problems that can arise out of the VM, which will have different impacts (ie. on the chain stability, or on the safety of the language). we need to treat all code coming into hopefully that gives a few places where to start. by my estimation, we should have probably a dozen vulnerabilities which are low hanging fruit, and an almost infinite amount of insidious vulnerabilities, as IMO understanding the VM is complex if you don't live in Jae's brain, and how its parts interact is non-trivial, so there's definitely a lot of things we missed when merging even after doing the careful reviews we carry out. |
We are starting to annotate files and directories in terms of auditing scope here: https://docs.google.com/spreadsheets/d/1rAvzvCH1TBZAykWCzKpefJnbx0SaCEgnP6IypzX8Xo4/edit?usp=sharing (All members of public currently can comment and propose changes to the doc.) A few Gno contributors had a call on this topic earlier and I'll post the meeting notes shortly.. |
This spreadsheet is now updated. Below are changes with corresponding lines of code from Code removed from scope: misc: 11,702 Total removed from scope: 35,590 Percent removed from scope: 17.29% Still in scope: gnovm - stdlibs: 43,452 Totol in scope: 170,149 |
Some code will be re-added in the future for stdlibs and examples. |
The goal is to create a list of audit areas to effectively plan our auditing strategy.
@kristovatlas will lead this task, and we will need input from the @gnolang/core-contributors as well as suggestions from outside contributors. We should include new areas specific to this repo and link to known areas from the original fork.
The text was updated successfully, but these errors were encountered: