-
-
Notifications
You must be signed in to change notification settings - Fork 819
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: per-method calldatasize checks #2911
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2911 +/- ##
==========================================
- Coverage 88.19% 88.17% -0.03%
==========================================
Files 95 95
Lines 10575 10584 +9
Branches 2532 2534 +2
==========================================
+ Hits 9327 9332 +5
- Misses 790 792 +2
- Partials 458 460 +2
Continue to review full report at Codecov.
|
@@ -2452,3 +2452,74 @@ def do_stuff(f: Foo) -> uint256: | |||
c2 = get_contract(callee_code) | |||
|
|||
assert c1.do_stuff(c2.address) == 1 | |||
|
|||
|
|||
def test_calldata_clamp(get_contract, assert_tx_failed): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also need a test for calldata exceeding the expected length in the case of static data.
side note -- i think these tests might be clearer if the malformed data is prepared in python.
Co-authored-by: Charles Cooper <[email protected]>
|
||
@pytest.mark.parametrize( | ||
"typ,val", | ||
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm not sure it's necessary to test non-address types here. all we care about is the size of calldata, so we can just test a single type. (the uint256 case would fail for other reasons, namely that the data is OOB for address type)
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], | |
[("address", TEST_ADDR)], |
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], | |
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], |
|
||
@pytest.mark.parametrize( | ||
"typ,val", | ||
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm not sure it's necessary to test non-address types here. all we care about is the size of calldata, so we can just test a single type. (the uint256 case would fail for other reasons, namely that the data is OOB for address type)
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], | |
[("address", TEST_ADDR)], |
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], | |
[("address", TEST_ADDR), ("uint256", 2 ** 256 - 1), ("int128", 2 ** 127 - 1), ("bool", True)], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. thanks!
What I did
Fix #1730.
How I did it
Add a clamper for calldata to be at least of minimum ABI size + 4 bytes for method ID.
How to verify it
See additional tests.
Commit message
Description for the changelog
Ensure calldata is at least of minimum length.
Cute Animal Picture