mev-boost icon indicating copy to clipboard operation
mev-boost copied to clipboard
verified publisher icon flashbots

JSON deserialization DoS

Open samczsun opened this issue 3 years ago • 0 comments

If this is a concern, this needs to switch to using a decoder too

https://github.com/flashbots/mev-boost/blob/c03c1674a19346ff6ff27c6c562f15b6d8d33f8a/server/utils.go#L71

Also, a lot of types will deserialize a raw []bytes which has limitless potential to DoS (although it will then result in an invalid message, so hey).

samczsun avatar Aug 30 '22 18:08 samczsun