In allways/commitments.py:40-42, float("inf") and float("nan") parse without raising, and the surrounding except only catches ValueError / IndexError — so neither value is rejected.
Impact: an inf rate sorts to the top of crown-holder ranking; a NaN rate silently drops out of comparisons (all comparisons with NaN are false). Easy to exploit, easy to fix.
Direction: after float(...), assert math.isfinite(rate) and rate > 0.
In allways/commitments.py:40-42,
float("inf")andfloat("nan")parse without raising, and the surroundingexceptonly catchesValueError/IndexError— so neither value is rejected.Impact: an
infrate sorts to the top of crown-holder ranking; aNaNrate silently drops out of comparisons (all comparisons with NaN are false). Easy to exploit, easy to fix.Direction: after
float(...), assertmath.isfinite(rate) and rate > 0.