From 4bb2352945efd10ffc9d56f4f26afc4b8eb7ad32 Mon Sep 17 00:00:00 2001 From: NAIHANU Date: Tue, 19 Nov 2024 01:22:31 +0100 Subject: [PATCH 1/2] Update reference of Approximation --- docs/build/building-apps/04-security-part-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/build/building-apps/04-security-part-1.md b/docs/build/building-apps/04-security-part-1.md index 65090f38ff35..ed683567262c 100644 --- a/docs/build/building-apps/04-security-part-1.md +++ b/docs/build/building-apps/04-security-part-1.md @@ -115,7 +115,7 @@ This is a consideration that seems trivial but comes up much more frequently tha A few months ago, a security researcher [reported a vulnerability](https://blog.trailofbits.com/2023/10/23/numbers-turned-weapons-dos-in-osmosis-math-library/) in the Osmosis codebase stemming from [PowApprox function](https://github.com/osmosis-labs/osmosis/blob/44a6a100a92f2984a760b41b7486fb9000ac670e/osmomath/math.go#L86). The crux of the issue was centered around long-lasting convergence for certain input values. A determined attacker could in theory use such edge cases to temporarily halt the chain. **The solution in these cases is simple - [introduce a constant loop bound](https://github.com/osmosis-labs/osmosis/pull/6627).** -As a side note, from our experience, rational approximation is a more accurate and performant substitute to Taylor expansion which is used in `PowApprox` of the above example. See [this article](https://xn--2-umb.com/22/approximation/) for details. +As a side note, from our experience, rational approximation is a more accurate and performant substitute to Taylor expansion which is used in `PowApprox` of the above example. See [this article](https://en.wikipedia.org/wiki/Approximation) for details. ## Key Malleability and Prefix Iteration From 9ab68d3b1d7d1a3e03d705300126924da725378d Mon Sep 17 00:00:00 2001 From: Julien Robert Date: Tue, 19 Nov 2024 16:29:05 +0100 Subject: [PATCH 2/2] Update docs/build/building-apps/04-security-part-1.md --- docs/build/building-apps/04-security-part-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/build/building-apps/04-security-part-1.md b/docs/build/building-apps/04-security-part-1.md index ed683567262c..f77392c9ca13 100644 --- a/docs/build/building-apps/04-security-part-1.md +++ b/docs/build/building-apps/04-security-part-1.md @@ -115,7 +115,7 @@ This is a consideration that seems trivial but comes up much more frequently tha A few months ago, a security researcher [reported a vulnerability](https://blog.trailofbits.com/2023/10/23/numbers-turned-weapons-dos-in-osmosis-math-library/) in the Osmosis codebase stemming from [PowApprox function](https://github.com/osmosis-labs/osmosis/blob/44a6a100a92f2984a760b41b7486fb9000ac670e/osmomath/math.go#L86). The crux of the issue was centered around long-lasting convergence for certain input values. A determined attacker could in theory use such edge cases to temporarily halt the chain. **The solution in these cases is simple - [introduce a constant loop bound](https://github.com/osmosis-labs/osmosis/pull/6627).** -As a side note, from our experience, rational approximation is a more accurate and performant substitute to Taylor expansion which is used in `PowApprox` of the above example. See [this article](https://en.wikipedia.org/wiki/Approximation) for details. +As a side note, from our experience, rational approximation is a more accurate and performant substitute to Taylor expansion which is used in `PowApprox` of the above example. See [this article](https://web.archive.org/web/20240628100055/https://xn--2-umb.com/22/approximation/) for details. ## Key Malleability and Prefix Iteration