From 789dc8578405e242e6772ea2c80b467b43e861dc Mon Sep 17 00:00:00 2001 From: Jianrong Date: Sat, 27 Jan 2024 22:55:41 +1100 Subject: [PATCH 1/2] fix: limit the max size of lending item extradata can be inside the trading and lending transactions --- XDCxlending/lendingstate/lendingitem.go | 11 +++++++ XDCxlending/lendingstate/lendingitem_test.go | 32 +++++++++++++++++--- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/XDCxlending/lendingstate/lendingitem.go b/XDCxlending/lendingstate/lendingitem.go index 09006738ebc4..85114c8413ad 100644 --- a/XDCxlending/lendingstate/lendingitem.go +++ b/XDCxlending/lendingstate/lendingitem.go @@ -27,6 +27,7 @@ const ( LendingStatusCancelled = "CANCELLED" Market = "MO" Limit = "LO" + MaxLendingExtraDataSize = 200 ) var ValidInputLendingStatus = map[string]bool{ @@ -233,6 +234,9 @@ func (l *LendingItem) VerifyLendingItem(state *state.StateDB) error { if err := l.VerifyLendingSignature(); err != nil { return err } + if err := l.VerifyLendingExtraData(); err != nil { + return err + } return nil } @@ -282,6 +286,13 @@ func (l *LendingItem) VerifyLendingType() error { return nil } +func (l *LendingItem) VerifyLendingExtraData() error { + if len(l.ExtraData) > MaxLendingExtraDataSize { + return fmt.Errorf("VerifyLendingExtraData: invalid lending extraData size. Size: %v", len(l.ExtraData)) + } + return nil +} + func (l *LendingItem) VerifyLendingStatus() error { if valid, ok := ValidInputLendingStatus[l.Status]; !ok && !valid { return fmt.Errorf("VerifyLendingStatus: invalid lending status. Status: %s", l.Status) diff --git a/XDCxlending/lendingstate/lendingitem_test.go b/XDCxlending/lendingstate/lendingitem_test.go index 4a6fe13e09a0..692dff1c2fd6 100644 --- a/XDCxlending/lendingstate/lendingitem_test.go +++ b/XDCxlending/lendingstate/lendingitem_test.go @@ -2,17 +2,18 @@ package lendingstate import ( "fmt" + "math/big" + "math/rand" + "os" + "testing" + "time" + "github.com/XinFinOrg/XDPoSChain/common" "github.com/XinFinOrg/XDPoSChain/core/rawdb" "github.com/XinFinOrg/XDPoSChain/core/state" "github.com/XinFinOrg/XDPoSChain/crypto" "github.com/XinFinOrg/XDPoSChain/crypto/sha3" "github.com/XinFinOrg/XDPoSChain/rpc" - "math/big" - "math/rand" - "os" - "testing" - "time" ) func TestLendingItem_VerifyLendingSide(t *testing.T) { @@ -108,6 +109,27 @@ func TestLendingItem_VerifyLendingType(t *testing.T) { } } +func TestLendingItem_VerifyExtraData(t *testing.T) { + tests := []struct { + name string + fields *LendingItem + wantErr bool + }{ + {"within the limit", &LendingItem{ExtraData: "123"}, false}, + {"within the limit", &LendingItem{ExtraData: "This is a string specifically designed to exceed 201 bytes in length. It contains enough characters, including spaces and punctuation, to ensure that its total size goes beyond the specified limit for demonstration purposes."}, true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + l := &LendingItem{ + ExtraData: tt.fields.ExtraData, + } + if err := l.VerifyLendingExtraData(); (err != nil) != tt.wantErr { + t.Errorf("VerifyLendingExtraData() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} + func TestLendingItem_VerifyLendingStatus(t *testing.T) { tests := []struct { name string From 0ec1f9ab17e2a3418d9fdb579c0561eab4ac579d Mon Sep 17 00:00:00 2001 From: Jianrong Date: Sun, 28 Jan 2024 17:04:02 +1100 Subject: [PATCH 2/2] chore: add comment for the MaxLendingExtraDataSize constant --- XDCxlending/lendingstate/lendingitem.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/XDCxlending/lendingstate/lendingitem.go b/XDCxlending/lendingstate/lendingitem.go index 85114c8413ad..bd226bdca0ba 100644 --- a/XDCxlending/lendingstate/lendingitem.go +++ b/XDCxlending/lendingstate/lendingitem.go @@ -27,7 +27,13 @@ const ( LendingStatusCancelled = "CANCELLED" Market = "MO" Limit = "LO" - MaxLendingExtraDataSize = 200 + /* + Based on all structs that were used to encode into extraData, we can see the liquidationData is likely be the one with max length in payload. + A assumptions was made that each numeric value (RecallAmount, LiquidationAmount, CollateralPrice) is up to 30 digits long and the Reason field is 20 characters long, the estimated maximum size of the ExtraData JSON string in the ProcessLiquidationData function would be approximately 185 bytes. + Hence the value of 200 has been chosen to safeguard the block/tx in XDC in terms of sizes. + + */ + MaxLendingExtraDataSize = 200 ) var ValidInputLendingStatus = map[string]bool{