sigp
enforce right types for spec-reserved keys
There is right now an easy way to overwrite spec-keys with corrupted data via the raw_rpl methods. We have now checks in place for most integer types but the rest should be checked as well
This repository contains our implementation of an Ethereum Node Record (https://eips.ethereum.org/EIPS/eip-778).
Might be worth reading the specification to understand what is happening.
There are a few keys (in the spec) that are required. Like seq signature id etc.
Our library as it stands, makes it possible for users to accidentally (or intentially) overwrite these fields with incorrect values making the ENR object invalid.
The library would be better if the mutating functions prevented users from erroneously modifying an ENR that could make it valid. This issue is to check all our mutating functions in the ENRBuilder and the ENR struct to make sure the spec-reserved keys cannot be mutated by the user to make the ENR invalid.
One example is:
The insert() function: https://github.com/sigp/enr/blob/master/src/lib.rs#L457 which calls insert_raw_rlp():https://github.com/sigp/enr/blob/master/src/lib.rs#L470
I think a user is capable of setting invalid types for tcp udp ip etc. It might error if we try to set the seq or signature here, but its worth checking.
It might be useful to write some tests to ensure changes prevent invalid ENRs.
We should also check other mutable functions to make sure users cannot create invalid enrs (according to the spec).
One solution could be to create a const list of spec-reserved keys and prevent their mutation through generic functions like insert(). This way if new spec keys are added its easy to maintain, as we simply add to this list.