arnaucube
/
hermez-node
mirror of https://github.com/arnaucube/hermez-node.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #260 from hermeznetwork/feature/api-fee-check 

Check feeAmount overflow in API
feature/sql-semaphore1
laisolizq 3 years ago
committed by GitHub
parent
9ab50135d7 f90f14d0c1
commit
651572cbf3
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 2 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -0
      api/txspool.go
  2. +11
    -2
      api/txspool_test.go

+ 5
- 0
api/txspool.go
View File

@ -163,6 +163,11 @@ func verifyPoolL2TxWrite(txw *l2db.PoolL2TxWrite) error {
if err != nil { if err != nil {
return err return err
} }
// Validate feeAmount
_, err = common.CalcFeeAmount(poolTx.Amount, poolTx.Fee)
if err != nil {
return err
}
// Check signature // Check signature
if !poolTx.VerifySignature(account.PublicKey) { if !poolTx.VerifySignature(account.PublicKey) {
return errors.New("wrong signature") return errors.New("wrong signature")

+ 11
- 2
api/txspool_test.go
View File

@ -205,14 +205,23 @@ func TestPoolTxs(t *testing.T) {
assert.Equal(t, tx.TxID, fetchedTxID) assert.Equal(t, tx.TxID, fetchedTxID)
} }
// 400 // 400
// Wrong signature
// Wrong fee
badTx := tc.poolTxsToSend[0] badTx := tc.poolTxsToSend[0]
badTx.FromIdx = "hez:foo:1000"
badTx.Amount = "99999999999999999999999"
badTx.Fee = 255
jsonTxBytes, err := json.Marshal(badTx) jsonTxBytes, err := json.Marshal(badTx)
assert.NoError(t, err) assert.NoError(t, err)
jsonTxReader := bytes.NewReader(jsonTxBytes) jsonTxReader := bytes.NewReader(jsonTxBytes)
err = doBadReq("POST", endpoint, jsonTxReader, 400) err = doBadReq("POST", endpoint, jsonTxReader, 400)
assert.NoError(t, err) assert.NoError(t, err)
// Wrong signature
badTx = tc.poolTxsToSend[0]
badTx.FromIdx = "hez:foo:1000"
jsonTxBytes, err = json.Marshal(badTx)
assert.NoError(t, err)
jsonTxReader = bytes.NewReader(jsonTxBytes)
err = doBadReq("POST", endpoint, jsonTxReader, 400)
assert.NoError(t, err)
// Wrong to // Wrong to
badTx = tc.poolTxsToSend[0] badTx = tc.poolTxsToSend[0]
ethAddr := "hez:0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" ethAddr := "hez:0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

Write Preview
Loading…
Cancel
Save