Trail of Bits
Audit Open Original ↗

DFINITY Canister Sandbox

Type

Security review

Client

DFINITY

Date

2022-09

Domain

Blockchain

Effort

2 wks

Section

Other/Multi-Chain

Trail of Bits's security review of DFINITY (Sep 2022) identified 6 issues: 2 medium, 2 low, and 2 informational.

Findings · 6

  1. 1 The canister sandbox has vulnerable dependencies Low
  2. 2 Complete environment of the replica is passed to the sandboxed process Informational
  3. 3 SELinux policy allows the sandbox process to write replica log messages Low
  4. 4 Canister sandbox system calls are not filtered using Seccomp Medium
  5. 5 Invalid system state changes cause the replica to panic Medium
  6. 6 SandboxedExecutionController does not enforce memory size invariants Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related