I’ve created this issue in substrate to continue the discussions around the WASM blobs: https://github.com/paritytech/polkadot-sdk/issues/4714
So we can’t be sure the node serving the WASM blob is trusted not to serve malicious blobs? Or more of a doubt as to what should be allowed to be in a WASM blob?
The node could in theory alter the WASM blob to generate malicious behaviors. For example, if the metadata contains at some point the fn hash(private_key: &[u8]) -> Vec<u8> a malicious node could modify the code to pass through the private_key and leak it in the returned vector. Then, when the user submits the hash to the node, the node will gain access to the user’s private key.