Fix/audit (#188)

* get slice data pointer from unsafe.sliceData

* follow aptos prod config

* use deserialize_with_config instead of deserialize

* disable resource access control

* remove unused poiter

---------

Co-authored-by: beer-1 <[email protected]>

Author: sh-cha

api/memory.go

@@ -5,7 +5,9 @@ package api
 */
 import "C"
 
-import "unsafe"
+import (
+	"unsafe"
+)
 
 // makeView creates a view into the given byte slice what allows Rust code to read it.
 // The byte slice is managed by Go and will be garbage collected. Use runtime.KeepAlive
@@ -15,16 +17,9 @@ func makeView(s []byte) C.ByteSliceView {
 		return C.ByteSliceView{is_nil: true, ptr: cu8_ptr(nil), len: cusize(0)}
 	}
 
-	// In Go, accessing the 0-th element of an empty array triggers a panic. That is why in the case
-	// of an empty `[]byte` we can't get the internal heap pointer to the underlying array as we do
-	// below with `&data[0]`. https://play.golang.org/p/xvDY3g9OqUk
-	if len(s) == 0 {
-		return C.ByteSliceView{is_nil: false, ptr: cu8_ptr(nil), len: cusize(0)}
-	}
-
 	return C.ByteSliceView{
 		is_nil: false,
-		ptr:    cu8_ptr(unsafe.Pointer(&s[0])),
+		ptr:    cu8_ptr(unsafe.SliceData(s)),
 		len:    cusize(len(s)),
 	}
 }

crates/storage/src/state_view_impl.rs

@@ -146,7 +146,7 @@ impl<'s, S: StateView> CompiledModuleView for StateViewImpl<'s, S> {
         let bytes = self.get_module(id)?;
         let module = match bytes {
             Some(bytes) => {
-                CompiledModule::deserialize(&bytes).map_err(|e| anyhow::anyhow!(e.to_string()))?
+                CompiledModule::deserialize_with_config(&bytes, &self.deserialize_config).map_err(|e| anyhow::anyhow!(e.to_string()))?
             }
             None => return Ok(None),
         };

crates/vm/src/initia_vm.rs

@@ -87,9 +87,13 @@ impl InitiaVM {
     pub fn new(initia_vm_config: InitiaVMConfig) -> Self {
         let gas_params = NativeGasParameters::initial();
         let misc_params = MiscGasParameters::initial();
+        
         let vm_config = VMConfig {
             verifier_config: verifier_config(),
             use_loader_v2: true,
+            type_max_cost: 5000,
+            type_base_cost: 100,
+            type_byte_cost: 1,
             ..Default::default()
         };
         let runtime_environment = Arc::new(RuntimeEnvironment::new_with_config(

crates/vm/src/verifier/config.rs

@@ -10,24 +10,24 @@ pub fn verifier_config() -> VerifierConfig {
         max_value_stack_size: 1024,
         max_type_nodes: Some(256),
         max_push_size: Some(10000),
-        max_struct_definitions: Some(200),
-        max_fields_in_struct: Some(30),
-        max_struct_variants: Some(90),
-        max_function_definitions: Some(1000),
+        max_struct_definitions: None,
+        max_fields_in_struct: None,
+        max_struct_variants: None,
+        max_function_definitions: None,
 
         // Do not use back edge constraints as they are superseded by metering
         max_back_edges_per_function: None,
         max_back_edges_per_module: None,
 
         // Same as the default.
-        max_per_fun_meter_units: Some(1000 * 8000),
-        max_per_mod_meter_units: Some(1000 * 8000),
+        max_per_fun_meter_units: Some(1000 * 80000),
+        max_per_mod_meter_units: Some(1000 * 80000),
 
         use_signature_checker_v2: true,
 
         sig_checker_v2_fix_script_ty_param_count: true,
 
         enable_enum_types: true,
-        enable_resource_access_control: true,
+        enable_resource_access_control: false,
     }
 }