From 90713300bf61daba6b58c1560da2df69c54ca048 Mon Sep 17 00:00:00 2001 From: Federico Gimenez Date: Wed, 22 May 2024 18:11:30 +0200 Subject: [PATCH] docs: add warning notes about using NippyJar and Compact encoding formats with untrusted data (#8345) --- README.md | 6 +++++- crates/storage/codecs/src/lib.rs | 4 ++++ crates/storage/nippy-jar/src/lib.rs | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 47d833712..cc720c9ef 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Reth is performant, feature-complete, [Cancun-ready](https://paradigmxyz.github. We actively recommend professional node operators to switch to Reth in production for performance and cost reasons in use cases where high performance with great margins is required such as RPC, MEV, Indexing, Simulations, and P2P activities. -While we are aware of parties running Reth staking nodes in production, we do *not* encourage usage in production staking environments by non-professionals until our audits are done, and the 1.0 version of Reth is released, but we are available to support without warranty or liability. +While we are aware of parties running Reth staking nodes in production, we do *not* encourage usage in production staking environments by non-professionals until our audits are done, and the 1.0 version of Reth is released, but we are available to support without warranty or liability. More historical context below: * We are releasing 1.0 "production-ready" stable Reth once our Reth & Revm audits are done. ETA ~May 2024. @@ -155,5 +155,9 @@ None of this would have been possible without them, so big shoutout to the teams - [Erigon](https://github.com/ledgerwatch/erigon) (fka Turbo-Geth): Erigon pioneered the ["Staged Sync" architecture](https://erigon.substack.com/p/erigon-stage-sync-and-control-flows) that Reth is using, as well as [introduced MDBX](https://github.com/ledgerwatch/erigon/wiki/Choice-of-storage-engine) as the database of choice. We thank Erigon for pushing the state of the art research on the performance limits of Ethereum nodes. - [Akula](https://github.com/akula-bft/akula/): Reth uses forks of the Apache versions of Akula's [MDBX Bindings](https://github.com/paradigmxyz/reth/pull/132), [FastRLP](https://github.com/paradigmxyz/reth/pull/63) and [ECIES](https://github.com/paradigmxyz/reth/pull/80) . Given that these packages were already released under the Apache License, and they implement standardized solutions, we decided not to reimplement them to iterate faster. We thank the Akula team for their contributions to the Rust Ethereum ecosystem and for publishing these packages. +## Warning + +The `NippyJar` and `Compact` encoding formats and their implementations are designed for storing and retrieving data internally. They are not hardened to safely read potentially malicious data. + [book]: https://paradigmxyz.github.io/reth/ [tg-url]: https://t.me/paradigm_reth diff --git a/crates/storage/codecs/src/lib.rs b/crates/storage/codecs/src/lib.rs index 9dcef1273..79f579919 100644 --- a/crates/storage/codecs/src/lib.rs +++ b/crates/storage/codecs/src/lib.rs @@ -1,5 +1,9 @@ //! Compact codec. //! +//! *Warning*: The `Compact` encoding format and its implementations are +//! designed for storing and retrieving data internally. They are not hardened +//! to safely read potentially malicious data. +//! //! ## Feature Flags //! //! - `alloy`: [Compact] implementation for various alloy types. diff --git a/crates/storage/nippy-jar/src/lib.rs b/crates/storage/nippy-jar/src/lib.rs index 435e91e87..ad2eb19a8 100644 --- a/crates/storage/nippy-jar/src/lib.rs +++ b/crates/storage/nippy-jar/src/lib.rs @@ -1,4 +1,8 @@ //! Immutable data store format. +//! +//! *Warning*: The `NippyJar` encoding format and its implementations are +//! designed for storing and retrieving data internally. They are not hardened +//! to safely read potentially malicious data. #![doc( html_logo_url = "https://raw.githubusercontent.com/paradigmxyz/reth/main/assets/reth-docs.png",