Skip to content

Harden VM against invalid inputs and add security checks #948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sasurobert wants to merge 3 commits into from
Closed

Harden VM against invalid inputs and add security checks #948

sasurobert wants to merge 3 commits into from

Conversation

@sasurobert
Copy link
Contributor

@sasurobert sasurobert commented Jul 31, 2025

This change introduces several security enhancements to the VM host to make it more robust against potentially malicious smart contract code.

The following changes were made:

  • In vmhooks/bigIntOps.go, changed silent failures for out-of-range argument indexes to explicit execution failures.
  • In vmhooks/manBufOps.go, changed silent failures for out-of-bounds slice operations to explicit execution failures.
  • In vmhooks/manBufOps.go, added a recover block to MBufferToBigFloat to prevent panics in GobDecode from crashing the VM.
  • In contexts/managedType.go, improved the bounds checking in GetSlice to be safer against integer overflows.
  • In hostCore/execution.go, removed a redundant defer block to improve code clarity.
  • Updated several test scenarios to reflect the new, stricter error handling.

@google-labs-jules
Harden VM against invalid inputs and add security checks
f61c2be 
This change introduces several security enhancements to the VM host to make it more robust against potentially malicious smart contract code.

The following changes were made:
- In `vmhooks/bigIntOps.go`, changed silent failures for out-of-range argument indexes to explicit execution failures.
- In `vmhooks/manBufOps.go`, changed silent failures for out-of-bounds slice operations to explicit execution failures.
- In `vmhooks/manBufOps.go`, added a `recover` block to `MBufferToBigFloat` to prevent panics in `GobDecode` from crashing the VM.
- In `contexts/managedType.go`, improved the bounds checking in `GetSlice` to be safer against integer overflows.
- In `hostCore/execution.go`, removed a redundant `defer` block to improve code clarity.
- Updated several test scenarios to reflect the new, stricter error handling.
@codecov
Copy link

codecov bot commented Jul 31, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 42.10526% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 36.22%. Comparing base (05006fc) to head (24eb111).

Files with missing lines Patch % Lines
vmhost/vmhooks/manBufOps.go 28.57% 4 Missing and 1 partial ⚠️
vmhost/contexts/managedType.go 60.00% 2 Missing and 2 partials ⚠️
vmhost/vmhooks/bigIntOps.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #948   +/-   ##
=======================================
  Coverage   36.22%   36.22%           
=======================================
  Files          87       87           
  Lines       20589    20600   +11     
=======================================
+ Hits         7459     7463    +4     
- Misses      12463    12467    +4     
- Partials      667      670    +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@andreibancioiu andreibancioiu requested a review from Copilot July 31, 2025 10:10
Copilot AI reviewed Jul 31, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR hardens the VM against invalid inputs by replacing silent failures with explicit execution failures and adding security checks to prevent crashes from malicious smart contract code.

  • Converts silent failures to explicit execution failures in bigIntOps.go and manBufOps.go for out-of-range operations
  • Adds panic recovery to MBufferToBigFloat to prevent VM crashes from malformed data
  • Improves bounds checking logic in managedType.go to prevent integer overflow vulnerabilities

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
vmhost/vmhooks/manBufOps.go Converts silent bounds failures to explicit execution failures and adds panic recovery for GobDecode
vmhost/vmhooks/bigIntOps.go Converts silent argument index failures to explicit execution failures
vmhost/contexts/managedType.go Improves bounds checking to prevent integer overflow vulnerabilities
vmhost/hostCore/execution.go Removes redundant defer block for code clarity
Multiple test files Updates test expectations to reflect new error handling behavior

sasurobert and others added 2 commits August 5, 2025 13:13
@sasurobert
Update vmhost/contexts/managedType.go
b0cfe69 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@sasurobert
Update vmhost/vmhooks/manBufOps.go
24eb111 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@sasurobert
Copy link
Contributor Author

sasurobert commented Aug 6, 2025

added to a new PR.

@sasurobert sasurobert closed this Aug 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sasurobert