chainweb-node icon indicating copy to clipboard operation
chainweb-node copied to clipboard

Published 20 hours ago verified publisher icon kadena-io

Minimum Precision "bug"

Open Thanos420NoScope opened this issue 3 years ago • 3 comments

The coin contract accepts transactions with more than 12 digits if they are 0s. It is not a security threat and cannot break precision, but is permanent for both the sending and the receiving account. image

Thanos420NoScope avatar Jun 17 '21 21:06 Thanos420NoScope

That could be a valid space attack, and I'd consider it a valid bug as a result.

emilypi avatar Aug 13 '21 23:08 emilypi

I think, this is a pact issue, since the chainweb-node is agnostic about semantics of payloads.

Resolving this on pact validation level could would probably require a fork. So, we may instead continue accept those numbers internally within pact evaluation (execValidateBlock, but reject pending zeros on input in pact-service (e.g. in the mempool or newBlock).

larskuhtz avatar Aug 13 '21 23:08 larskuhtz