Canton ZipBomb Error

Hi, I’m trying to upload my Daml project DAR file to Canton and I’m getting the following error:

WARN  c.d.c.p.a.g.GrpcPackageService:participant=player1 - ZipBomb(CN18404-5): Dar zip file seems to be a zip bomb. err-context:{msg=Invalid DAR: DarUpload, content: [}], location=GrpcPackageService.scala:58}
WARN  c.d.c.p.a.g.GrpcPackageService:participant=gameMaster - ZipBomb(CN18404-5): Dar zip file seems to be a zip bomb. err-context:{msg=Invalid DAR: DarUpload, content: [}], location=GrpcPackageService.scala:58}
WARN  c.d.c.p.a.g.GrpcPackageService:participant=player2 - ZipBomb(CN18404-5): Dar zip file seems to be a zip bomb. err-context:{msg=Invalid DAR: DarUpload, content: [}], location=GrpcPackageService.scala:58}
ERROR c.d.c.e.CommunityConsoleEnvironment - Command failed on 3 out of 3 instances: (failure on player1): Request failed for player1.
  GrpcRequestRefusedByServer: ABORTED/ZipBomb(CN18404-5): Dar zip file seems to be a zip bomb.; msg=Invalid DAR: DarUpload, content: [}], participant=player1
  Request: UploadDar(Some(examples/tic-tac-toe/TicTacToe-0.0.1.dar),true,true,com.typesafe.scalalogging.LoggerTakingImplicit@4efecae)
  Trailers: Metadata(content-type=application/grpc), (failure on gameMaster): Request failed for gameMaster.
  GrpcRequestRefusedByServer: ABORTED/ZipBomb(CN18404-5): Dar zip file seems to be a zip bomb.; msg=Invalid DAR: DarUpload, content: [}], participant=gameMaster
  Request: UploadDar(Some(examples/tic-tac-toe/TicTacToe-0.0.1.dar),true,true,com.typesafe.scalalogging.LoggerTakingImplicit@4efecae)
  Trailers: Metadata(content-type=application/grpc), (failure on player2): Request failed for player2.
  GrpcRequestRefusedByServer: ABORTED/ZipBomb(CN18404-5): Dar zip file seems to be a zip bomb.; msg=Invalid DAR: DarUpload, content: [}], participant=player2
  Request: UploadDar(Some(examples/tic-tac-toe/TicTacToe-0.0.1.dar),true,true,com.typesafe.scalalogging.LoggerTakingImplicit@4efecae)
  Trailers: Metadata(content-type=application/grpc)

ERROR c.d.c.ConsoleInteractiveRunner - Running bootstrap script failed with an exception ()!

I’m using the following command inside of the Canton environment:

participants.all.dars.upload("examples/tic-tac-toe/TicTacToe-0.0.1.dar")

Should it be of help, I’m following the Getting Started tutorial of Canton with one more participant node and different names.
Moreover, using projects such as quickstart work flawlessly, but I’m unable to pinpoint what the difference is between the projects.

Thanks in advance.

Hi @Luis_Almeida and welcome to the forum! Do you get the same issue if you upload the DAR to Sandbox?

Also are you able to reproduce the issue on Canton if you upload the DAR via daml ledger upload-dar rather than via the Canton console?

Indeed, if I attempt to upload the dar the following error occurs:

Created .daml/dist/TicTacToe-0.0.1.dar
Uploading .daml/dist/TicTacToe-0.0.1.dar to localhost:6865
An exception was thrown during the upload-dar command
- GRPCIOTimeout
One reason for this to occur is if the size of DAR file being uploaded exceeds the gRPC maximum message size. The default value for this is 4Mb, but it may be increased when the ledger is (re)started. Please check with your ledger operator.

Would it be possible to share your tic tac toe project with us so we can see if there’s anything off in the DAR?

Here you go, thanks!

Hi @Luis_Almeida, I am unable to reproduce this with Canton 0.27 and your example. Could you share the exact DAR you get so we can make sure that it’s the same that I get when I build it via daml build?

Also are you running daml ledger upload-dar against the right port? Canton does not default to port 6865 so you might need to specify the port of the ledger API differently. You can set it via --host and --port argument to daml ledger upload-dar.

Yes, I believe I have made a mistake. I have tried

daml ledger upload-dar --host localhost --port 5011

and it uploaded successfully, where port 5011 is the participant node port.

When trying it via the Canton console, are you sure the file path is correct? Can you try an absolute filepath to the .daml/dist/TicTacToe-0.0.1.dar file that is uploaded by daml ledger upload-dars

Yes, the error when the filepath is not correct is different. it is:

ERROR c.d.c.e.CommunityConsoleEnvironment - Command failed on 3 out of 3 instances: (failure on player1): No such file [./examples/tic-tac-toe/TicTacToe-0..1.dar], (failure on gameMaster): No such file [./examples/tic-tac-toe/TicTacToe-0..1.dar], (failure on player2): No such file [./examples/tic-tac-toe/TicTacToe-0..1.dar]

Does it still fail reproducibly when run from the Canton console with the correct filepath?

Yes, it does still fail with the same error message as before.

I have added the Dar file to the repository.

Did you push? I don’t see anything in there.

I have now, and I just realised what the error was. It had nothing to do with Daml I’m afraid, I was trying to essentiality upload an empty file to the ledger since I was not copying it correctly to the new location.
Thanks and sorry for the inconvenience.

Glad to hear that you got it working!

The issue where an empty file was reported as a zip bomb has been fixed by @Ratko_Veprek and should make it in the next Canton release.