From 95e108c3e9e0823d23693084bb807608d0e66d49 Mon Sep 17 00:00:00 2001 From: Banana-J Date: Mon, 29 Jan 2024 11:31:48 +1100 Subject: [PATCH] =?UTF-8?q?fix:=20limit=20the=20max=20size=20of=20lending?= =?UTF-8?q?=20item=20extradata=20can=20be=20inside=20the=20t=E2=80=A6=20(#?= =?UTF-8?q?405)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: limit the max size of lending item extradata can be inside the trading and lending transactions * chore: add comment for the MaxLendingExtraDataSize constant --- XDCxlending/lendingstate/lendingitem.go | 17 +++++++++++ XDCxlending/lendingstate/lendingitem_test.go | 32 +++++++++++++++++--- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/XDCxlending/lendingstate/lendingitem.go b/XDCxlending/lendingstate/lendingitem.go index 40ace76ba9..235a77fa60 100644 --- a/XDCxlending/lendingstate/lendingitem.go +++ b/XDCxlending/lendingstate/lendingitem.go @@ -27,6 +27,13 @@ const ( LendingStatusCancelled = "CANCELLED" Market = "MO" Limit = "LO" + /* + Based on all structs that were used to encode into extraData, we can see the liquidationData is likely be the one with max length in payload. + A assumptions was made that each numeric value (RecallAmount, LiquidationAmount, CollateralPrice) is up to 30 digits long and the Reason field is 20 characters long, the estimated maximum size of the ExtraData JSON string in the ProcessLiquidationData function would be approximately 185 bytes. + Hence the value of 200 has been chosen to safeguard the block/tx in XDC in terms of sizes. + + */ + MaxLendingExtraDataSize = 200 ) var ValidInputLendingStatus = map[string]bool{ @@ -233,6 +240,9 @@ func (l *LendingItem) VerifyLendingItem(state *state.StateDB) error { if err := l.VerifyLendingSignature(); err != nil { return err } + if err := l.VerifyLendingExtraData(); err != nil { + return err + } return nil } @@ -282,6 +292,13 @@ func (l *LendingItem) VerifyLendingType() error { return nil } +func (l *LendingItem) VerifyLendingExtraData() error { + if len(l.ExtraData) > MaxLendingExtraDataSize { + return fmt.Errorf("VerifyLendingExtraData: invalid lending extraData size. Size: %v", len(l.ExtraData)) + } + return nil +} + func (l *LendingItem) VerifyLendingStatus() error { if valid, ok := ValidInputLendingStatus[l.Status]; !ok && !valid { return fmt.Errorf("VerifyLendingStatus: invalid lending status. Status: %s", l.Status) diff --git a/XDCxlending/lendingstate/lendingitem_test.go b/XDCxlending/lendingstate/lendingitem_test.go index 4a6fe13e09..692dff1c2f 100644 --- a/XDCxlending/lendingstate/lendingitem_test.go +++ b/XDCxlending/lendingstate/lendingitem_test.go @@ -2,17 +2,18 @@ package lendingstate import ( "fmt" + "math/big" + "math/rand" + "os" + "testing" + "time" + "github.com/XinFinOrg/XDPoSChain/common" "github.com/XinFinOrg/XDPoSChain/core/rawdb" "github.com/XinFinOrg/XDPoSChain/core/state" "github.com/XinFinOrg/XDPoSChain/crypto" "github.com/XinFinOrg/XDPoSChain/crypto/sha3" "github.com/XinFinOrg/XDPoSChain/rpc" - "math/big" - "math/rand" - "os" - "testing" - "time" ) func TestLendingItem_VerifyLendingSide(t *testing.T) { @@ -108,6 +109,27 @@ func TestLendingItem_VerifyLendingType(t *testing.T) { } } +func TestLendingItem_VerifyExtraData(t *testing.T) { + tests := []struct { + name string + fields *LendingItem + wantErr bool + }{ + {"within the limit", &LendingItem{ExtraData: "123"}, false}, + {"within the limit", &LendingItem{ExtraData: "This is a string specifically designed to exceed 201 bytes in length. It contains enough characters, including spaces and punctuation, to ensure that its total size goes beyond the specified limit for demonstration purposes."}, true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + l := &LendingItem{ + ExtraData: tt.fields.ExtraData, + } + if err := l.VerifyLendingExtraData(); (err != nil) != tt.wantErr { + t.Errorf("VerifyLendingExtraData() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} + func TestLendingItem_VerifyLendingStatus(t *testing.T) { tests := []struct { name string