Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pallets: Validation of input parameters #915

Open
sameh-farouk opened this issue Dec 18, 2023 · 0 comments
Open

Pallets: Validation of input parameters #915

sameh-farouk opened this issue Dec 18, 2023 · 0 comments
Labels
type_bug Something isn't working
Milestone
later

Comments

@sameh-farouk
Copy link
Member

sameh-farouk commented Dec 18, 2023
edited
Loading

Describe the bug

Many calls in pallets do not sufficiently check the validity of the input parameters, which can lead to DoS of the system for some time.

Recently, due to provide invalid data as parameters to one of tfgrid pallet public calls, our subsquid indexer got jammed, which disrupted graphql and consequently made gridproxy report all nodes as offline, which impacted all the dependent services.

An audit is needed to identify and fix any similar vulnerabilities in our runtime calls.

For more Context:
threefoldtech/tfchain_graphql#143
https://github.com/threefoldtech/tf_operations/issues/2086
@sameh-farouk sameh-farouk added the type_bug Something isn't working label Dec 18, 2023
@sameh-farouk sameh-farouk changed the title parameters Validation Pallets: Validation of input parameters Dec 18, 2023
@renauter renauter added this to the later milestone Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type_bug Something isn't working
Projects
None yet
Milestone
later
Development

No branches or pull requests
2 participants
@sameh-farouk @renauter