-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Figure out hash-map security #232
Labels
Milestone
Comments
@Stebalien Can you enumerate the concrete current usages of HashMaps you're concerned about? |
All of the uses inside the actors. |
Stebalien
added
Topic: Built-in actors
area/fvm
Kind: Bug
Something isn't working
P1
P1: Must be resolved
labels
Jan 17, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
1. It gives us sorted iteration for free. 2. Works towards #232.
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
This technically changes access patterns for an AMT, but this particular change should be fine due to caching: 1. Before, we'd repeatedly access the same epoch over and over. 2. Now, we access each epoch once, but in the same order as before. Due to AMT caching: 1. We'll only read blocks the first time we "get" an index (even if we get it repeatedly). 2. We don't write blocks till we flush at the end. part of #232
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
1. It gives us sorted iteration for free. 2. Works towards #232.
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
This technically changes access patterns for an AMT, but this particular change should be fine due to caching: 1. Before, we'd repeatedly access the same epoch over and over. 2. Now, we access each epoch once, but in the same order as before. Due to AMT caching: 1. We'll only read blocks the first time we "get" an index (even if we get it repeatedly). 2. We don't write blocks till we flush at the end. part of #232
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 21, 2022
Stebalien
added a commit
that referenced
this issue
Jan 26, 2022
1. It gives us sorted iteration for free. 2. Works towards #232.
Stebalien
added a commit
that referenced
this issue
Jan 26, 2022
Stebalien
added a commit
that referenced
this issue
Jan 26, 2022
Stebalien
added a commit
that referenced
this issue
Jan 26, 2022
This technically changes access patterns for an AMT, but this particular change should be fine due to caching: 1. Before, we'd repeatedly access the same epoch over and over. 2. Now, we access each epoch once, but in the same order as before. Due to AMT caching: 1. We'll only read blocks the first time we "get" an index (even if we get it repeatedly). 2. We don't write blocks till we flush at the end. part of #232
Stebalien
added a commit
that referenced
this issue
Jan 26, 2022
Stebalien
added a commit
that referenced
this issue
Jan 26, 2022
Stebalien
added a commit
that referenced
this issue
Jan 28, 2022
1. It gives us sorted iteration for free. 2. Works towards #232.
Stebalien
added a commit
that referenced
this issue
Jan 28, 2022
Stebalien
added a commit
that referenced
this issue
Jan 28, 2022
Stebalien
added a commit
that referenced
this issue
Jan 28, 2022
This technically changes access patterns for an AMT, but this particular change should be fine due to caching: 1. Before, we'd repeatedly access the same epoch over and over. 2. Now, we access each epoch once, but in the same order as before. Due to AMT caching: 1. We'll only read blocks the first time we "get" an index (even if we get it repeatedly). 2. We don't write blocks till we flush at the end. part of #232
Stebalien
added a commit
that referenced
this issue
Jan 28, 2022
Stebalien
added a commit
that referenced
this issue
Jan 28, 2022
Stebalien
added a commit
that referenced
this issue
Feb 9, 2022
1. It gives us sorted iteration for free. 2. Works towards #232.
Stebalien
added a commit
that referenced
this issue
Feb 9, 2022
Stebalien
added a commit
that referenced
this issue
Feb 9, 2022
Stebalien
added a commit
that referenced
this issue
Feb 9, 2022
This technically changes access patterns for an AMT, but this particular change should be fine due to caching: 1. Before, we'd repeatedly access the same epoch over and over. 2. Now, we access each epoch once, but in the same order as before. Due to AMT caching: 1. We'll only read blocks the first time we "get" an index (even if we get it repeatedly). 2. We don't write blocks till we flush at the end. part of #232
Stebalien
added a commit
that referenced
this issue
Feb 9, 2022
Stebalien
added a commit
that referenced
this issue
Feb 9, 2022
Stebalien
added a commit
that referenced
this issue
Feb 10, 2022
1. It gives us sorted iteration for free. 2. Works towards #232.
Stebalien
added a commit
that referenced
this issue
Feb 10, 2022
Stebalien
added a commit
that referenced
this issue
Feb 10, 2022
Stebalien
added a commit
that referenced
this issue
Feb 10, 2022
This technically changes access patterns for an AMT, but this particular change should be fine due to caching: 1. Before, we'd repeatedly access the same epoch over and over. 2. Now, we access each epoch once, but in the same order as before. Due to AMT caching: 1. We'll only read blocks the first time we "get" an index (even if we get it repeatedly). 2. We don't write blocks till we flush at the end. part of #232
Stebalien
added a commit
that referenced
this issue
Feb 10, 2022
Stebalien
added a commit
that referenced
this issue
Feb 10, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Most modern languages use a random seed in hash-maps to prevent the DoS attack where an attacker could turn
O(1)
operations intoO(n)
operations. However, because we're operating in a deterministic environment, we can't do that.Note 1: This only impacts system actors. Basically, we need to make sure that a system actor never inserts untrusted data as keys into a HashMap. It's fine if, e.g., a miner actor uses a hash map when called directly by a user.
Note 2: We should not do anything like use chain randomness here. That would just increase the attack surface to non-system actors (a malicious miner could grind on a message till it uses hash maps in such a way that it runs out of gas).
Proposed solution: use btrees and sorted slices as much as possible. These are always log(n).
The text was updated successfully, but these errors were encountered: