Open areas of hardening/investigation #428
Description
We are preparing for ref-fvm to be deployed to Filecoin mainnet as part of network version 16 (Skyr).
There are several audit efforts underway, all of which need to be aware of technical areas we are actively investigating as part of hardening efforts.
- Wasmtime configuration parameters
- Usage of float instructions in Wasm bytecode
- Wasmtime stack accounting (including limits and determinism)
- Wasmtime fuel accounting (including correctness and halting), e.g.
- Wasmtime module sizes (not important for M1, we're happy where we are now)
- Wasmtime module storage as non-CBOR IPLD blocks, and interaction with other components (fix: make flush match lotus as much as possible #586, fix: vm: support raw blocks in chain export lotus#8691)
- Auditing 3rd party dependencies and reducing the dependency graph
- Hints are welcome and valid ones may qualify as Note severity
- CBOR, IPLD, and serde, including limits, validation.
- Wasm memory limits
- Integer overflow inside the FVM, not necessarily inside actors
- FFI unsafety concerns being addressed in fix: improve ffi safety filecoin-ffi#247.
- Panics during message execution
As areas are sufficiently investigated and relevant actions taken, they will be checked off.