input validation 3

[faddat]

Key Changes:

• WASM Bytecode Checks: Validates magic bytes, size limits, sections, and caps on imports/exports/functions to block unsafe bytecode.
• Address Validation: Confirms Bech32, Ethereum, and Solana address formats for reliable handling.
• Gas Limits: Enforces min/max gas thresholds to prevent abuse and keep the network stable.
• Message & Environment Safety: Checks JSON structures, message sizes, chain IDs, contract addresses, block heights, and transaction data to avoid surprises.
• Memory Protections: Adds SafeByteSlice, SafeUnmanagedVector, and memory operation validations to stop memory-related issues.

How It’s Done:

• Early checks in the Rust FFI layer catch issues right away.
• Safe error handling with into_result_safe keeps things smooth.
• Layered validation (API, function-level, static/dynamic WASM checks) for thorough protection.
• Guards against path traversal, format string attacks, and memory exhaustion.

Testing Updates:

• New test cases for CreateChecksum (nil, empty, short, invalid magic, and valid WASM scenarios).
• CI/CD tweaks, including Rust upgrades and new testing/audit workflows.

Let’s Talk:

I’m a bit unsure about how serious some of these issues are—your thoughts? Discussions with ICL have been rolling since October 2024, and a patched version is in the works. Please review these changes and share your feedback. Your input will help make this as solid as possible!

[faddat]

I think cargo deny is dumb so I am going to drop it.

[faddat]

For the sake of this PR, please ignore the safeunmanagedvector. I think it is immature but haven't stripped it out yet.

[faddat]

We're now using wasmver v6.0.x here, thanks @chipshort

[faddat]

You may be wondering why I've included the upgrade to go v1.24 and wasmer v6 here -- the gist of it is I think both are implicated in different aspects of problematic performance that can degrade ux and security, so it makes sense to keep with the latest items.

Together, all of these changes should be seen as a security fix. I don't think they are very meaningful when looked at separately, except for the input validation stuff, which I think it's best not to dig into so much and instead just get fixed.

I am using a fork of cosmwasm, the branch is here:

• https://github.com/faddat/cosmwasm/tree/faddat/use-latest-wasmer-plus-fix

There's also a PR here:

• latest wasmer + fixes to learn perf cosmwasm#2462

I don't know how bad all this is but I'll make my public speculations on Wednesday. Before then, I am working to fix as many issues from this issue class as possible, and I intend to release a patched (heh really just linted) wasmvm to any and all affected teams on Wednesday, and the affected teams are all teams.

Actually I just re-read that and tbh I have no clue what the hell to do, like about releasing a patch and stuff. I've been talking to ICL about these issues since October 2024, and from where I stand as a normal flawed dude who can make mistakes, I'm pretty sure that these are really serious issues.

It's funny cause I'm pretty sure no one cares, guess I could be wrong?

If anyone sees this PR and feels that the issues are NOT serious, can you please lmk why?

[faddat]

Hey I'll get this back on mainline cosmwasm and wasmer. That change was too fancy of me.

[faddat]

I.... definitely need to fix this

[faddat]

also definitely needs to be fixed