🛡️ Faulty implementation for Balance Fetching

[ccamel]

Note

Severity: Low
target: v7.1.0 - Commit: 3c854270b006db30aa3894da2cdba10cc31b8c5f
Ref: OKP4 Blockchain Audit Report v1.0 - 02-05-2024 - BlockApex

Description

Okp4 includes custom predicates within its bank module to facilitate operations like balance fetching. The available predicates —bank_balances, bank_spendable_balances, and bank_locked_balances — are intended to query and return various account balances. According to Okp4 documentation, bank_balances(X,Y) should fetch the balances for all accounts.

However, our comprehensive testing revealed a significant issue: the maxOutput result limit in the Logic module is set too low (e.g., 3 on the testnet) relative to the potential thousands of accounts on the blockchain. This setting prevents the predicate from returning comprehensive results when triggered, thus impeding the correct functioning of any Prolog logic dependent on this data.

Impact

The implications of this issue are critical for operations that rely on fetching and processing comprehensive account balance data. Since the predicate fails to return full results due to the maxOutput limit, any logic in the Prolog that depends on these results will not function as intended.

Recommandation

Revise the maxOutput setting in the Logic module to accommodate the highest possible number of accounts, ensuring all balance-related predicates function as documented.