We release security updates for the following versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
DO NOT report security vulnerabilities through public GitHub issues.
- Email: Send details to security@julia-viper.dev (or open a private security advisory on GitHub)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Response Time: We aim to respond within 48 hours
- Fix Timeline: Critical issues will be patched within 7 days
Julia the Viper provides the following architectural security guarantees:
The parser enforces Harvard Architecture separation:
- Data Language: Only addition allowed, no control flow
- Control Language: Can use Data results, but Data cannot call Control
Example Attack Prevention:
# In other languages, this could execute:
user_input = "5; import os; os.system('rm -rf /')"
eval(user_input) # DISASTER!
# In JtV, this is a parse error:
user_value = malicious_input
result = user_value + 10 # Parser rejects non-numeric inputThe grammar makes injection impossible to express, not just "hard to do".
All arithmetic in Data expressions uses checked operations:
- Addition with overflow detection
- Bounded iteration counts
- Type-safe number system conversions
Smart contract operations are atomic:
- State updates happen in single transaction
- No external calls during state modification
- Balance checks grammatically enforced
Functions marked @pure or @total are proven to halt:
- No unbounded loops allowed in pure context
- No recursion in Data Language
- Static analysis verifies termination
- Parser bypass allowing control flow in Data context
- Memory safety violation in Rust code
- Type confusion leading to arbitrary code execution
- Integer overflow in interpreter
- Incorrect totality analysis
- Smart contract state corruption
- Performance degradation attack (DoS)
- Error message information disclosure
- Incorrect optimization
- Documentation inaccuracies
- Build system issues
- Non-critical deprecations
We maintain:
- Fuzzing: Grammar fuzzing with AFL++
- Property Testing: QuickCheck-style tests for interpreter
- Static Analysis: Clippy with security lints
- Formal Verification: Lean 4 proofs for core properties (planned v2)
We follow coordinated disclosure:
- Day 0: Receive report
- Day 1-2: Acknowledge and triage
- Day 3-7: Develop fix
- Day 8: Private disclosure to affected users
- Day 15: Public disclosure with patch
We recognize security researchers who responsibly disclose vulnerabilities:
- (No reports yet - be the first!)
- Email: security@julia-viper.dev
- PGP Key: [Coming soon]
- GitHub Security Advisories: Preferred method
For smart contracts:
[security]
max_iterations = 1_000_000 # Prevent DoS
enable_trace = false # Don't leak execution info in production
pure_function_enforcement = true # Strict purity checkingFor development:
[security]
max_iterations = 10_000_000
enable_trace = true
pure_function_enforcement = true- Currently no type checking - planned for v1.1
- Runtime type errors possible
- Mitigation: Explicit type annotations
- Import resolution not fully implemented
- No namespace isolation yet
- Mitigation: Use single-file programs for now
- Code generation incomplete
- No sandboxing yet
- Mitigation: Use interpreter for security-critical code
JtV itself does not implement cryptography, but smart contracts may:
DO:
- Use established cryptographic libraries (libsodium, ring)
- Verify signatures before state changes
- Use constant-time operations
DON'T:
- Implement crypto in JtV itself (use FFI)
- Roll your own crypto
- Use weak algorithms (MD5, SHA1)
- v1.1: Type checking to prevent type confusion
- v1.2: Module isolation for security boundaries
- v2.0: Formal verification with Lean 4
- v2.1: Certified compilation (CompCert-style)
Last updated: 2025-01-22