Обложка канала

Библиотека Go разработчика

8531 @goproglib

Полезные материалы по всему, что может быть полезно разработчику на Go.

Библиотека Go разработчика

4 года назад
Открыть в
Технические детали уязвимости CVE-2021-39137, выявленной в go-ethereum. Как утверждает автор, Rust мог предотвратить данную ошибку. https://proglib.io/w/3dba6aef
A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented

This blog post discusses two erroneous computation patterns in Golang. By erroneous computation we mean simply that given certain input, a computer program with certain state returns incorrect output or enters an incorrect state. While clearly there are no limits on how erroneous computations can happen in general, there are language usage patterns which make erroneous computation more likely. In blockchain, erroneous computation is a problem as the ledger can end up in an unexpected state or the blockchain may get wedged at a certain corrupt endpoint. In addition, if erroneous computation happens in only a subset of nodes on the network, a netsplit occurs, which may result in double-spend attacks.

NCC Group Research