You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, everywhere we do ssz.Marshal or Unmarshal, bazel applies a runtime patch to use ferran's fast ssz for whitelisted structs instead. This is a security hole when running with the normal Go tool. Instead, we should actually use ferran's fast ssz instead of go-ssz when we need to.
The text was updated successfully, but these errors were encountered:
Removing go-ssz is important, as I believe compositeSliceSSZ in go-ssz doesn't check list limits. Making it susceptible to a network split if used in production in a multi-client testnet. And there have been others problems, as discussed in discord. And with a new better SSZ, I am all for replacing the bazel build step to just default prysm to a safe and fast ssz, in every build mode. 馃憦
馃拵 Issue
Background
Currently, everywhere we do ssz.Marshal or Unmarshal, bazel applies a runtime patch to use ferran's fast ssz for whitelisted structs instead. This is a security hole when running with the normal Go tool. Instead, we should actually use ferran's fast ssz instead of go-ssz when we need to.
The text was updated successfully, but these errors were encountered: