Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(audit)_: Added fail conditions for malformed string ints #6289

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
+46 −15
Open

chore(audit)_: Added fail conditions for malformed string ints #6289

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions common/errors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package common

import "fmt"

var (
ErrBigIntSetFromString = func(val string) error { return fmt.Errorf("failed to set big.Int balance from string '%s'", val) }
)
2 changes: 1 addition & 1 deletion protocol/identity/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func toBigBaseImpl(value *big.Int, base uint64, res *[](uint64)) {
*res = append(*res, new(big.Int).Mod(value, bigBase).Uint64())
}

// compressedPubKey = |1.5 bytes chars cutoff|20 bytes emoji hash|10 bytes color hash|1.5 bytes chars cutoff|
// Slices compressedPubKey = |1.5 bytes chars cutoff|20 bytes emoji hash|10 bytes color hash|1.5 bytes chars cutoff|
func Slices(compressedPubkey []byte) (res [4][]byte, err error) {
if len(compressedPubkey) != 33 {
return res, errors.New("incorrect compressed pubkey")
Expand Down
15 changes: 11 additions & 4 deletions services/wallet/activity/details.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
eth "github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/common/hexutil"
"github.com/ethereum/go-ethereum/core/types"
statuscommon "github.com/status-im/status-go/common"
"github.com/status-im/status-go/services/wallet/common"
"github.com/status-im/status-go/sqlite"
)
Expand Down Expand Up @@ -130,8 +131,11 @@ func getMultiTxDetails(ctx context.Context, db *sql.DB, multiTxID int) (*EntryDe
maxFeePerGas = (*hexutil.Big)(tx.GasFeeCap())
gasLimit = tx.Gas()
if baseGasFees != nil {
baseGasFees, _ := new(big.Int).SetString(*baseGasFees, 0)
totalFees = (*hexutil.Big)(getTotalFees(tx, baseGasFees))
baseGasFeesInt, ok := new(big.Int).SetString(*baseGasFees, 0)
if !ok {
return nil, statuscommon.ErrBigIntSetFromString(*baseGasFees)
}
totalFees = (*hexutil.Big)(getTotalFees(tx, baseGasFeesInt))
}
}
}
Expand Down Expand Up @@ -214,8 +218,11 @@ func getTxDetails(ctx context.Context, db *sql.DB, id string) (*EntryDetails, er
details.Input = "0x" + hex.EncodeToString(tx.Data())
details.MaxFeePerGas = (*hexutil.Big)(tx.GasFeeCap())
details.GasLimit = tx.Gas()
baseGasFees, _ := new(big.Int).SetString(baseGasFees, 0)
details.TotalFees = (*hexutil.Big)(getTotalFees(tx, baseGasFees))
baseGasFeesInt, ok := new(big.Int).SetString(baseGasFees, 0)
if !ok {
return nil, statuscommon.ErrBigIntSetFromString(baseGasFees)
}
details.TotalFees = (*hexutil.Big)(getTotalFees(tx, baseGasFeesInt))
}

return details, nil
Expand Down
15 changes: 11 additions & 4 deletions services/wallet/reader.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ func (r *Reader) isBalanceUpdateNeededAnyway(clients map[uint64]chain.ClientInte
return updateAnyway
}

func tokensToBalancesPerChain(cachedTokens map[common.Address][]token.StorageToken) map[uint64]map[common.Address]map[common.Address]*hexutil.Big {
func tokensToBalancesPerChain(cachedTokens map[common.Address][]token.StorageToken) (map[uint64]map[common.Address]map[common.Address]*hexutil.Big, error) {
cachedBalancesPerChain := map[uint64]map[common.Address]map[common.Address]*hexutil.Big{}
for address, tokens := range cachedTokens {
for _, token := range tokens {
Expand All @@ -329,13 +329,16 @@ func tokensToBalancesPerChain(cachedTokens map[common.Address][]token.StorageTok
cachedBalancesPerChain[balance.ChainID][address] = map[common.Address]*hexutil.Big{}
}

bigBalance, _ := new(big.Int).SetString(balance.RawBalance, 10)
bigBalance, ok := new(big.Int).SetString(balance.RawBalance, 10)
if !ok {
return nil, gocommon.ErrBigIntSetFromString(balance.RawBalance)
}
cachedBalancesPerChain[balance.ChainID][address][balance.Address] = (*hexutil.Big)(bigBalance)
}
}
}

return cachedBalancesPerChain
return cachedBalancesPerChain, nil
}

func (r *Reader) fetchBalances(ctx context.Context, clients map[uint64]chain.ClientInterface, addresses []common.Address, tokenAddresses []common.Address) (map[uint64]map[common.Address]map[common.Address]*hexutil.Big, error) {
Expand Down Expand Up @@ -566,6 +569,10 @@ func (r *Reader) GetCachedBalances(clients map[uint64]chain.ClientInterface, add
connectedPerChain[chainID] = client.IsConnected()
}

balances := tokensToBalancesPerChain(cachedTokens)
balances, err := tokensToBalancesPerChain(cachedTokens)
if err != nil {
return nil, err
}

return r.balancesToTokensByAddress(connectedPerChain, addresses, allTokens, balances, cachedTokens), nil
}
3 changes: 2 additions & 1 deletion services/wallet/reader_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,8 @@ func TestTokensToBalancesPerChain(t *testing.T) {
},
}

result := tokensToBalancesPerChain(cachedTokens)
result, err := tokensToBalancesPerChain(cachedTokens)
assert.NoError(t, err)

assert.Equal(t, expectedBalancesPerChain, result)
}
Expand Down
9 changes: 7 additions & 2 deletions services/wallet/router/fees/estimated_time.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"math/big"
"sort"
"strings"

"github.com/status-im/status-go/common"
)

const inclusionThreshold = 0.95
Expand Down Expand Up @@ -103,10 +105,13 @@ func (f *FeeManager) estimatedTime(feeHistory *FeeHistory, maxFeePerGas *big.Int
}

func (f *FeeManager) getFeeHistorySorted(feeHistory *FeeHistory) ([]*big.Int, error) {
fees := []*big.Int{}
var fees []*big.Int
for _, fee := range feeHistory.BaseFeePerGas {
i := new(big.Int)
i.SetString(strings.Replace(fee, "0x", "", 1), 16)
_, ok := i.SetString(strings.Replace(fee, "0x", "", 1), 16)
if !ok {
return nil, common.ErrBigIntSetFromString(fee)
}
fees = append(fees, i)
}

Expand Down
10 changes: 7 additions & 3 deletions services/wallet/router/pathprocessor/processor_bridge_celar.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,13 @@ import (
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/common/hexutil"
ethTypes "github.com/ethereum/go-ethereum/core/types"

"github.com/status-im/status-go/account"
statuscommon "github.com/status-im/status-go/common"
"github.com/status-im/status-go/contracts/celer"
"github.com/status-im/status-go/eth-node/types"
"github.com/status-im/status-go/rpc"

"github.com/status-im/status-go/params"
"github.com/status-im/status-go/rpc"
"github.com/status-im/status-go/services/utils"
walletCommon "github.com/status-im/status-go/services/wallet/common"
"github.com/status-im/status-go/services/wallet/router/pathprocessor/cbridge"
Expand Down Expand Up @@ -455,6 +456,9 @@ func (s *CelerBridgeProcessor) CalculateAmountOut(params ProcessorInputParams) (
if amt.Err != nil {
return nil, createBridgeCellerErrorResponse(err)
}
amountOut, _ := new(big.Int).SetString(amt.EqValueTokenAmt, 10)
amountOut, ok := new(big.Int).SetString(amt.EqValueTokenAmt, 10)
if !ok {
return nil, statuscommon.ErrBigIntSetFromString(amt.EqValueTokenAmt)
}
return amountOut, nil
}