edr The JSON-RPC layer is overly permissive about the number formats it accepts

The JSON-RPC layer is overly permissive about the number formats it accepts

Open fvictorio opened this issue 8 months ago • 4 comments

These are all being accepted by EDR right now:

send("eth_getBlockByNumber", [0, false])
send("eth_getBlockByNumber", ["0", false])
send("eth_getBlockByNumber", ["0b0", false])
send("eth_getBlockByNumber", ["0o0", false])

send("eth_getStorageAt", ["0x63689f2aE7c74Db7A9D5523d5a1463a0F5bF0cf4", "0"])
send("eth_getStorageAt", ["0x63689f2aE7c74Db7A9D5523d5a1463a0F5bF0cf4", "0b0"])

Curiously, the last two are also accepted by geth, but that's clearly an error.

The full scope of this is not clear, but my guess is that fixing those (and any other examples that come to mind) will already uncover some issues. No need to do a thorough investigation.

Jun 13 '24 09:06 fvictorio

edr edr copied to clipboard

The JSON-RPC layer is overly permissive about the number formats it accepts

edr
edr copied to clipboard