origin-js icon indicating copy to clipboard operation
origin-js copied to clipboard

Published 20 hours ago verified publisher icon OriginProtocol

🐃 No code to check that review.rating is actually between 1-5

Open DanielVF opened this issue 7 years ago • 2 comments

We currently don't check that a review rating coming from IPFS is between 1-5. This would allow an evil reviewer to mess up any future aggregated review rating score for someone by submitting an out of range review.

DanielVF avatar Sep 24 '18 13:09 DanielVF

Good catch. Seems we should add some checks to cap rating between 1-5 in origin-js when writing and reading review data from IPFS.

BTW, what are we deciding on rating value. Is it an integer, one of [1,2,3,4,5] or is it a float between 1.0 and 5.0 ? I'd favor using integer for now to keep things simple. Any objections ?

franckc avatar Sep 24 '18 17:09 franckc

I'm good with changing it to an integer.

DanielVF avatar Sep 24 '18 18:09 DanielVF