solana RPC does not validate shape and types of `RpcContextConfig`

RPC does not validate shape and types of `RpcContextConfig`

Open steveluscher opened this issue 6 months ago • 1 comments

Problem

The RPC does not appear to validate or throw on invalid values for RpcContextConfig::commitment.

curl https://api.devnet.solana.com/ -X POST -H "Content-Type: application/json" -d '
  {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "getBalance",
    "params": [
      "83astBRguLMdt2h5U1Tpdq5tjFoJ6noeGwaY3mDLVcri",
      {"commitment": "wheeeeeee"}
    ]
  }
'

It also isn't strict about what properties you supply. You can slightly misspell ‘commitment’ which results in your setting having no effect.

curl https://api.devnet.solana.com/ -X POST -H "Content-Type: application/json" -d '
  {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "getBalance",
    "params": [
      "83astBRguLMdt2h5U1Tpdq5tjFoJ6noeGwaY3mDLVcri",
      {"committment": "processed"}
    ]
  }
'

Similarly, you can supply properties that don't exist.

curl https://api.devnet.solana.com/ -X POST -H "Content-Type: application/json" -d '
  {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "getBalance",
    "params": [
      "83astBRguLMdt2h5U1Tpdq5tjFoJ6noeGwaY3mDLVcri",
      {"xommitment": "processed"}
    ]
  }
'

This happens in the wild.

https://github.com/tDev0809/solana-staking-cli/blob/a7ec96cb140ce067e3e22813e9234a6abbb3e288/server/user.js#L29

Proposed Solution

Throw when RPC inputs don't match the Rust types.

Dec 14 '23 02:12 steveluscher

solana solana copied to clipboard

RPC does not validate shape and types of `RpcContextConfig`

Problem

Proposed Solution

solana
solana copied to clipboard