Use Ferran's Generated SSZ Instead of Generic SSZ, Remove Bazel Passthrough #6116

rauljordan · 2020-06-03T22:17:36Z

💎 Issue

Background

Currently, everywhere we do ssz.Marshal or Unmarshal, bazel applies a runtime patch to use ferran's fast ssz for whitelisted structs instead. This is a security hole when running with the normal Go tool. Instead, we should actually use ferran's fast ssz instead of go-ssz when we need to.

protolambda · 2020-06-03T22:21:20Z

Removing go-ssz is important, as I believe compositeSliceSSZ in go-ssz doesn't check list limits. Making it susceptible to a network split if used in production in a multi-client testnet. And there have been others problems, as discussed in discord. And with a new better SSZ, I am all for replacing the bazel build step to just default prysm to a safe and fast ssz, in every build mode. 👏

prestonvanloon · 2020-06-04T16:17:43Z

I think this is related: #5981

rauljordan added Enhancement New feature or request Priority: High High priority item labels Jun 3, 2020

prestonvanloon added this to the Diamond milestone Jun 4, 2020

rauljordan mentioned this issue Jun 4, 2020

Use FastSSZ Everywhere Applicable #6135

Merged

prylabs-bulldozer bot closed this as completed in #6135 Jun 5, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use Ferran's Generated SSZ Instead of Generic SSZ, Remove Bazel Passthrough #6116

Use Ferran's Generated SSZ Instead of Generic SSZ, Remove Bazel Passthrough #6116

rauljordan commented Jun 3, 2020

protolambda commented Jun 3, 2020

prestonvanloon commented Jun 4, 2020

Use Ferran's Generated SSZ Instead of Generic SSZ, Remove Bazel Passthrough #6116

Use Ferran's Generated SSZ Instead of Generic SSZ, Remove Bazel Passthrough #6116

Comments

rauljordan commented Jun 3, 2020

💎 Issue

Background

protolambda commented Jun 3, 2020

prestonvanloon commented Jun 4, 2020