Bug
Manual affiliate conversions can be created or edited with fractional sale_amount_sats values, for example 100.5. Satoshi amounts are indivisible, so accepting decimals can produce inconsistent sale and commission records.
Impact
Sellers can store impossible affiliate conversion amounts through the manual conversion APIs. A later commission recalculation may also run on a fractional satoshi value.
Expected
POST /api/affiliates/offers/[id]/conversions and PUT /api/affiliates/offers/[id]/conversions should accept only positive integer satoshi amounts.
Fix
Validate sale_amount_sats with integer checks before recording or recalculating conversions, and add regression coverage for fractional create/update requests.
Payment for the active uGig affiliate testing bounty can go to SOL: 27sdMYXofqoM9qR13bZhccRNYeEgYn5EoHXTSJn4QWKP.
Bug
Manual affiliate conversions can be created or edited with fractional
sale_amount_satsvalues, for example100.5. Satoshi amounts are indivisible, so accepting decimals can produce inconsistent sale and commission records.Impact
Sellers can store impossible affiliate conversion amounts through the manual conversion APIs. A later commission recalculation may also run on a fractional satoshi value.
Expected
POST /api/affiliates/offers/[id]/conversionsandPUT /api/affiliates/offers/[id]/conversionsshould accept only positive integer satoshi amounts.Fix
Validate
sale_amount_satswith integer checks before recording or recalculating conversions, and add regression coverage for fractional create/update requests.Payment for the active uGig affiliate testing bounty can go to SOL:
27sdMYXofqoM9qR13bZhccRNYeEgYn5EoHXTSJn4QWKP.