Get rid of the unsafe get_mut function in the rust cdk

Developers Language Support
1

Roman mentions this in the community-conversation, this is an unsafe api, two get_mut calls within the same public-method can corrupt the memory.

image
image1124×613 41.4 KB

image
image1124×631 71.4 KB

thread_local! With the Cell and RefCell is the way to go.

3 Likes
2

There are several examples that are using the unsafe approach. The cycles wallet too.

1 Like
3

FYI @roman-kashitsyn

4

I couldn’t find the video but I did find this blog post:

https://mmapped.blog/posts/01-effective-rust-canisters.html

5

https://www.dfinitycommunity.com/infinityswap-the-is20-token-standard-tested-and-interoperable/#iccdk-storage-bug-fix

  1. IS20 fixes two other vulnerabilities found in prior implementations of token standards. There is a bug in the commonly used ic_cdk storage that can lead to memory corruption through dangling references. Please see the appendix for more details.

Linked bug: Heap corruption in storage · Issue #73 · dfinity/cdk-rs · GitHub

Infinity Swap Impl: canister-sdk/ic-storage/ic-storage-derive/src/lib.rs at main · bitfinity-network/canister-sdk · GitHub

thread_local! {
    static store: Rc<RefCell<#ident>> = Rc::new(RefCell::new(#ident::default()));
}
6

Example usage in their IS20 token: