You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The original Haskell implementation allows PlutusMap to contain duplicate keys, just as the official CBOR standard does. This is completely bogus and hence correctly ignored by cbor2, which is used by uplc to handle PlutusMap.
However this leads to the issue that it is currently not possible to correctly simulate the behaviour of contracts when passed a CBOR with duplicate keys as dictionary, leading to a potential for oversight of specific attacks.
The original Haskell implementation allows PlutusMap to contain duplicate keys, just as the official CBOR standard does. This is completely bogus and hence correctly ignored by cbor2, which is used by uplc to handle PlutusMap.
However this leads to the issue that it is currently not possible to correctly simulate the behaviour of contracts when passed a CBOR with duplicate keys as dictionary, leading to a potential for oversight of specific attacks.
A potential fix has been begun in https://github.com/OpShin/uplc/tree/feat/support_invalid_plutus_map, however the rigidness of the CBOR encoder/decoder implementation from cbor2 presents some significant challenges for this endeavor.
The text was updated successfully, but these errors were encountered: