File: crates/identity/src/lib.rs:380-387
Severity: robustness — availability
Obvious? no
SignedMessage declares public_key: Vec<u8> and signature: Vec<u8> rather than [u8; 32] / [u8; 64].
Attacker crafts a SignedMessage where these fields consume the bulk of MAX_DESER_SIZE (256 KB) — bincode allocates the Vecs before any signature verification. Length is checked via try_into::<[u8;32]> only after the Vecs are allocated.
Fix: schema → fixed-size arrays. bincode rejects mismatched lengths before allocation.
Filed by /general-audit @ b901575 (2026-05-02). master: #513.
File:
crates/identity/src/lib.rs:380-387Severity: robustness — availability
Obvious? no
SignedMessagedeclarespublic_key: Vec<u8>andsignature: Vec<u8>rather than[u8; 32]/[u8; 64].Attacker crafts a
SignedMessagewhere these fields consume the bulk ofMAX_DESER_SIZE(256 KB) — bincode allocates the Vecs before any signature verification. Length is checked viatry_into::<[u8;32]>only after the Vecs are allocated.Fix: schema → fixed-size arrays. bincode rejects mismatched lengths before allocation.
Filed by
/general-audit@b901575(2026-05-02). master: #513.