This repository has been archived by the owner on Jun 6, 2023. It is now read-only.
Bound length of strings and arrays in state #897
Assignees
Labels
P1
High priority, required for basic network functionality and growth
robustness
Related to correctness
Comments
anorth
added
the
P1
Merged
|
#920 currently deals with MinerInfo.PeerID and MinerInfo.Multiaddrs. |
|
@Stebalien done? |
|
Not quite. Still need deal label, and signers. I'm picking 256 for the deal label, same for max signers. |
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
A few items in state are strings or byte arrays that are provided from off chain. We should bound the length of these strings to a tight reasonable bound, else we could incur unwanted de/serialization cost as these things are read and written (potentially by parties other than the party controlling the value).
The Address type is limited on CBOR decoding to 64 bytes, though it should also check on encoding.
BigIntegers are limited to 128 bytes, which is probably ok from a serde point of view (though maybe not for arithmetic, #866).
Related to #604
The text was updated successfully, but these errors were encountered: