Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No validation of size or format on CLI parameters for the validator metadata #2800

Closed
phy-chain opened this issue Mar 4, 2024 · 1 comment · Fixed by #2845
Closed

No validation of size or format on CLI parameters for the validator metadata #2800

phy-chain opened this issue Mar 4, 2024 · 1 comment · Fixed by #2845
Labels
bug Something isn't working PoS
Milestone
Phase 1: mainnet ...

Comments

@phy-chain
Copy link

phy-chain commented Mar 4, 2024
edited
Loading

CLI endpoint change-metadata does not seem to enforce any format or size limit for the fields email and discord handle.
Given that these fields are displayed in a lot of webapps, it could break their UI or lead to security issues maybe.

Discord actually has some rules on what's allowed in that field. Same for emails, their is a RFC for that.

Transaction is accepted :

image

So far, from what I've seen change-metadata and initValidator are concerned.

PR with fix suggestion is coming...
@phy-chain phy-chain added the bug Something isn't working label Mar 4, 2024
@phy-chain phy-chain mentioned this issue Mar 4, 2024
Closed
4 tasks
@brentstone brentstone added the PoS label Mar 4, 2024
@cwgoes cwgoes mentioned this issue Mar 5, 2024
Closed
10 tasks
@brentstone brentstone mentioned this issue Mar 7, 2024
Merged
2 tasks
@brentstone
Copy link
Collaborator

@phy-chain feel free to leave any comments on #2845. Figure we don't need anything complicated, can restrict it quite a bit, and character length is sufficient vs data size.

@brentstone brentstone mentioned this issue Apr 5, 2024
Closed
@brentstone brentstone added this to the Phase 1: mainnet genesis milestone Apr 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working PoS
Projects
None yet
Milestone
Phase 1: mainnet genesis
Development

Successfully merging a pull request may close this issue.

Limit metadata size anoma/namada
2 participants
@brentstone @phy-chain