You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many places in the code index slices by shard id, like this:
let prev_chunk_proof = prev_chunk_proofs[shard_id asusize].clone();
This is a risky thing to do, as an invalid shard id could cause a panic.
It would be safer to convert all such pieces of code so that they don't panic when they encounter an invalid shard_id:
- let prev_chunk_proof = prev_chunk_proofs[shard_id as usize].clone();+ let prev_chunk_proof = prev_chunk_proofs+ .get(shard_id as usize)+ .ok_or(Error::InvalidShardId(shard_id))?+ .clone();
Stateless validation and resharding will introduce a lot of new code which will use shard ids in new ways, often dealing with untrusted data, and it's easy to accidentally use a function that doesn't handle invalid shard ids. It would be safer to just eradicate all such functions.
It would give a peace of mind that there won't be any issues like #10621
The text was updated successfully, but these errors were encountered:
Many places in the code index slices by shard id, like this:
This is a risky thing to do, as an invalid shard id could cause a panic.
It would be safer to convert all such pieces of code so that they don't panic when they encounter an invalid
shard_id
:Stateless validation and resharding will introduce a lot of new code which will use shard ids in new ways, often dealing with untrusted data, and it's easy to accidentally use a function that doesn't handle invalid shard ids. It would be safer to just eradicate all such functions.
It would give a peace of mind that there won't be any issues like #10621
The text was updated successfully, but these errors were encountered: