![]() ![]() The reason for this is that outdated or unsupported software will not include the latest performance improvements or security patches compared to newer versions. Using components with vulnerabilitiesĪ classical piece of security wisdom is that all software should be kept up-to-date. ![]() Panic should be used only in exceptional situations where there’s absolutely no way for code execution to continue safely. We recommend using proper error handling instead of panic. For more information on this topic we invite you to check out another article we wrote, ‘ Don’t “Panic”: How Improper Error-Handling Can Lead to Blockchain Hacks’, that goes into detail about why you should avoid using panic. In the context of Blockchain software, a panic can have a very pronounced impact. When developing exploits, an attacker’s methodology will begin with discovering a crash and escalating this into a full exploit. From an attacker‘s perspective, a panicking program can indicate a potential attack vector. In general panic can cause security problems in Go code because it indicates that a serious problem has been encountered. Ideally, execution should continue where possible to ensure a smooth user experience. In many cases it’s better to handle the error, log it, and print a helpful error message for the user or the validator software indicating what went wrong. Panic does not allow the program to handle errors gracefully. However, this can be problematic for a number of reasons. In some cases this is appropriate: if there is truly an unrecoverable error, then it may be correct to stop execution entirely. A developer in a hurry might use the panic function in Go to tell the code to abort execution when handling an error case. ![]() In the heat of the moment when developing a hot new feature, it’s tempting to skip error handling, at least temporarily, in order to focus on completing the feature. When developing a project, typically a developer wants to spend their time developing new features and error handling comes second. We wanted to share some of our experience with performing code review on a wide range of Cosmos projects and distill our knowledge into some helpful tips that will assist you during the development process.īelow are the top five most common vulnerabilities and issues that we look for when checking out a new Cosmos project. Are you a Cosmos developer wondering how to secure your project? At Halborn we look at a lot of Cosmos projects to make sure that the protocol works as expected, has robust errors detection, and safely handles user funds. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |