Highlights
Denial of Service: 34 prior fixes. Scrutinize any change in this area.
vm/interpreter/src/default_runtime.rs: most-fixed (4 issues). Treat as high-risk during review.
46 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Auth Bypass: RPC endpoints lacked appropriate authorization checks on sensitive administrative write methods. This was addressed by introducing explicit JWT permission levels and validation checks on HTTP and WebSocket RPC handlers.
Denial of Service: CPU-intensive RLE+ bitfield decoding and serialization of large bitfields can trigger out-of-bounds panics, integer overflows, or excessive execution times. Mitigation required introducing lazy validation, explicit size constraints, and overflow checks.
Auth Bypass: The VM interpreter suffered from state leakage on nested calls where actor validation logic could be bypassed, in addition to incorrect consensus fault verification flow logic.