New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feedback re: CBOR parsing, ensure all bytes are parsed #384

Open

CedarMist opened this issue Sep 9, 2024 · 0 comments

Labels

bug contracts solidity

Member

CedarMist commented Sep 9, 2024

This was noted in an audit:

the _decodeReceiptUndelegateDone function is the absence of a check to ensure that the parsing of the CBOR data structure hats-finance/Accumulated-finance-0x75278bcc0fa7c9e3af98654bce195eaf3bb6a784#60

There are a few issues around CBOR parsing in Solidity:

If new keys are added in future to existing structures this could break contracts
- A workaround for this, is passing in a 'schema version' argument, which returns different structures - e.g. request 'version 2' to return the struct with the new fields
Implement a skipping CBOR parser, which skips past unknown keys

The text was updated successfully, but these errors were encountered:

CedarMist added contracts solidity bug labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment