fix: check empty leader nondet result before indexing data[0]

[lau90eth]

Summary

Fixes index-out-of-bounds panic when a malicious leader injects Bytes::new() as a nondet result.

Root Cause

In executor/src/wasi/genlayer_sdk.rs ~L1305, inside leader_nondet_results handling:

Some(data) => {
    let rest = &data[1..]; // panics if data.is_empty()
    let res = match data[0] { // index OOB if data is empty

data arrives from the wire via calldata::decode_obj with no per-element length validation. A malicious leader can inject Bytes::new() (empty bytes), causing data[0] to panic and crashing the validator.

Impact

Consensus liveness compromised — validator crashes on empty nondet result, preventing finalization.

Fix

Added data.is_empty() check before data[0] access, returning a proper error instead of panicking.

PoC

https://github.com/lau90eth/genvm-nondet-panic

Related

Finding originally submitted to GenLayer Builders Program portal.

Summary by CodeRabbit

• Bug Fixes
  • Added validation for leader nondeterministic results to prevent empty values from being processed.
  • Users now receive a clear error if a result is missing expected bytes, reducing unexpected runtime failures.

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8687414a-9ead-4964-a834-981055e3514b

📥 Commits

Reviewing files that changed from the base of the PR and between abb71bf and 7207d8f.

📒 Files selected for processing (1)

• executor/src/wasi/genlayer_sdk.rs

---

📝 Walkthrough

Walkthrough

In run_nondet, a new guard checks whether the leader nondet result bytes are empty when Some(data) is matched. If data is empty, a trap error is returned immediately; otherwise, parsing of data[0] proceeds as before.

Changes

Empty leader nondet result guard

Layer / File(s)	Summary
Empty data guard in run_nondet executor/src/wasi/genlayer_sdk.rs	Adds a length check on data before indexing data[0]; returns a trapped error if the leader nondet result bytes are empty.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A hop and a check, before the byte is read,
"Is the data empty?" the rabbit said.
If nothing is there, we trap with care,
No panic, no crash — just a note to declare.
🐇 Safe bounds for all!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly matches the main fix: guarding against empty leader nondet results before indexing data[0].
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

👋 This PR targeted main, so I've retargeted it to the latest dev branch v0.3-dev.

main is protected and is only an alias of the latest release branch (v0.3-dev), kept in lockstep automatically. Active v0.3 work lands on v0.3-dev, which reaches v0.3.x through the standing release-gate PR once the cross-repo E2E matrix is green.