Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(arns): disallow negative token costs #156

Merged
merged 5 commits into from
Oct 31, 2024
Merged

fix(arns): disallow negative token costs #156

merged 5 commits into from
Oct 31, 2024

Conversation

dtfiedler
Copy link
Collaborator

No description provided.

@codecov-commenter
Copy link

codecov-commenter commented Oct 31, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 93.93939% with 2 lines in your changes missing coverage. Please review.

Project coverage is 90.84%. Comparing base (65c97f5) to head (da8ab39).
Report is 6 commits behind head on develop.

Files with missing lines Patch % Lines
src/arns.lua 93.75% 2 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #156      +/-   ##
===========================================
+ Coverage    90.43%   90.84%   +0.41%     
===========================================
  Files            9        9              
  Lines         1986     1966      -20     
===========================================
- Hits          1796     1786      -10     
+ Misses         190      180      -10

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

dtfiedler
dtfiedler commented Oct 31, 2024
View reviewed changes
src/utils.lua
Comment on lines -12 to -19
function utils.isValidBase64Url(url)
local isValidBase64Url = #url == 43 and string.match(url, "^[%w-_]+$") ~= nil

if not isValidBase64Url then
error("String pattern is invalid.")
end
return url
end
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cruft from aos copy/pasta - we use more specific utils and this has been confused with those

arielmelendez
arielmelendez reviewed Oct 31, 2024
View reviewed changes
spec/arns_spec.lua Outdated Show resolved Hide resolved
arielmelendez
arielmelendez reviewed Oct 31, 2024
View reviewed changes
spec/arns_spec.lua Outdated Show resolved Hide resolved
arielmelendez
arielmelendez reviewed Oct 31, 2024
View reviewed changes
spec/arns_spec.lua Outdated Show resolved Hide resolved
arielmelendez
arielmelendez reviewed Oct 31, 2024
View reviewed changes
spec/arns_spec.lua Outdated Show resolved Hide resolved
fedellen
fedellen reviewed Oct 31, 2024
View reviewed changes
src/arns.lua
Comment on lines +379 to +381
-- stub the process id as it is not required for this intent
local processId = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
arns.assertValidBuyRecord(name, years, purchaseType, processId)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this part seems odd to be in the non-test code. without digging into the function I wonder why wouldn't assertValidBuyRecord take an optional processID instead

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess you're just getting the cost here, whereas the assertion function may be used in later on in the creation flow

arielmelendez
arielmelendez reviewed Oct 31, 2024
View reviewed changes
src/arns.lua
tokenCost = arns.calculatePermabuyFee(baseFee, demand.getDemandFactor())
end
-- if token Cost is less than 0, throw an error
if tokenCost < 0 then
error("Invalid token cost for " .. intendedAction.intent)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be helpful for debugging if the bad value were in the error string too.

arielmelendez
arielmelendez reviewed Oct 31, 2024
View reviewed changes
src/main.lua
@@ -1813,7 +1815,7 @@ addEventingHandler(ActionMap.ReassignName, utils.hasMatchingTag("Action", Action
local initiator = utils.formatAddress(msg.Tags.Initiator)
local checkAssertions = function()
assert(name and #name > 0, "Name is required")
assert(newProcessId and utils.isValidBase64Url(newProcessId), "Invalid Process-Id")
assert(utils.isValidAOAddress(newProcessId), "Process id must be a valid base64url.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This util function is too permissive (e.g. eth names).

arielmelendez
arielmelendez requested changes Oct 31, 2024
View reviewed changes
Copy link
Contributor

@arielmelendez arielmelendez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment re: isvalidaoaddress

@dtfiedler dtfiedler merged commit 683c82d into develop Oct 31, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fedellen fedellen fedellen approved these changes

@arielmelendez arielmelendez arielmelendez approved these changes

@kunstmusik kunstmusik Awaiting requested review from kunstmusik

@atticusofsparta atticusofsparta Awaiting requested review from atticusofsparta

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dtfiedler @codecov-commenter @arielmelendez @fedellen