You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: posts/2024-12-05_audit-request/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,7 +43,7 @@ While the full codebase needs a thorough review, we've identified several areas
43
43
As a blockchain designed for deterministic execution, ensuring that the GnoVM executes contracts consistently across all nodes is crucial. Our goal is to eliminate non-deterministic components from Go, such as using AVL trees instead of Go maps. However, we may still have lingering issues that could lead to non-deterministic behavior. A prime example is the module within `gnovm/pkg/gnolang/values_string.go`, which should be carefully reviewed for any such issues.
44
44
**Why this matters**: Non-determinism can lead to chain halts or splits, which could be exploited by attackers.
45
45
2.**Other GnoVM Challenges**
46
-
Gno.land contributor Morgan has detailed some additional areas of concern of the Virtual Machine here: https://github.com/gnolang/gno/issues/2886#issuecomment-2400274812
46
+
gno.land contributor [@thehowl](https://github.com/thehowl) has detailed some additional areas of concern of the Virtual Machine here: https://github.com/gnolang/gno/issues/2886#issuecomment-2400274812
47
47
3.**Security in Realms (Smart Contracts)**
48
48
Developers deploy smart contracts, called "Realms," to the chain. Malicious Realms could attempt to inject harmful content that could affect other users of the chain, particularly in the `Render` function or supporting tools like **Gnoweb**, which displays Realms to end users.
49
49
**Potential risk**: Cross-site scripting (XSS) and other injection attacks.
0 commit comments