Get rid of the unsafe get_mut function in the rust cdk

Roman mentions this in the community-conversation, this is an unsafe api, two get_mut calls within the same public-method can corrupt the memory.

thread_local! With the Cell and RefCell is the way to go.


There are several examples that are using the unsafe approach. The cycles wallet too.

1 Like

FYI @roman-kashitsyn

I couldn’t find the video but I did find this blog post:

  1. IS20 fixes two other vulnerabilities found in prior implementations of token standards. There is a bug in the commonly used ic_cdk storage that can lead to memory corruption through dangling references. Please see the appendix for more details.

Linked bug: Heap corruption in storage · Issue #73 · dfinity/cdk-rs · GitHub

Infinity Swap Impl: canister-sdk/ic-storage/ic-storage-derive/src/ at main · bitfinity-network/canister-sdk · GitHub

thread_local! {
    static store: Rc<RefCell<#ident>> = Rc::new(RefCell::new(#ident::default()));

Example usage in their IS20 token: