fuzz: add NewMnemonic & MnemonicToByteArray fuzzers#6
Open
odeke-em wants to merge 2 commits intocosmos:masterfrom
Open
fuzz: add NewMnemonic & MnemonicToByteArray fuzzers#6odeke-em wants to merge 2 commits intocosmos:masterfrom
odeke-em wants to merge 2 commits intocosmos:masterfrom
Conversation
For supply chain security and to easily exhaust code paths around the arithmetic in MnemonicToByteArray that could be attacked.
Author
|
Kindly cc-ing @tac0turtle @julienrbrt |
|
Is this repo even maintained? CI does not work, last commit in 2020, fork of github.com/tyler-smith/go-bip39 (as maintained as this repo it seems 😅) |
Author
|
It's the cosmos fork used in the cosmos-sdk so I think it is up to us to allocate a maintainer, which is def needed. The fuzzers are definitely beneficially for anything that we use. |
Author
|
Fixing the CI just requires bumping the Go version from 1.14 to 1.21 which I shall do |
|
i dont see value in this pr. its a fork that hasnt been touched. We should look at getting rid of dependencies that are not maintained instead of starting to maintain them. Id propose we close this pr |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For supply chain security and to easily exhaust code paths around the arithmetic in MnemonicToByteArray that could be attacked.
/cc @elias-orijtech