Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zellic remediation #66

Draft
wants to merge 8 commits into
base: master
Choose a base branch
from
Draft

Zellic remediation #66

wants to merge 8 commits into from

Conversation

snissn
Copy link
Collaborator

@snissn snissn commented Jan 13, 2025

wip

snissn added 8 commits January 10, 2025 14:13
@snissn
Add validation to prevent uint32 truncation in readUInt32
d6bc37b
@snissn
Add input validation for BigInt sign byte in deserialization
9bf8817
@snissn
Add strict array length check in GetDealDataCommitmentReturn deserial…
1eabac4 
…ization
@snissn
Fix capacity miscalculation in serializeExtendClaimTermsParams
14d60ce
@snissn
Fix: Standardize BigInt deserialization with deserializeBytesBigInt a…
09f2f20 
…cross CBOR contracts
@snissn
Fix: Revert deserializeBytesBigInt to deserializeBigInt in MarketCBOR…
ff0b386 
….sol

Switched back to using deserializeBigInt for balance, locked, storage_price_per_epoch,
provider_collateral, and client_collateral fields to fix deserialization issues
and pass all tests.
@snissn
fix: Align buffer allocation types in serializeChangeWorkerAddressParams
acf7e81 
- Replaced uint256 with uint64 for consistent buffer allocation in capacity calculation and initialization.
- Added safety check to prevent array length overflow beyond uint64 limits.
- Ensured proper serialization of new_control_addresses without potential truncation.

Addresses buffer allocation type mismatch warning.
@snissn
refactor: Replace assert with if + revert using custom errors
7228593 
- Replaced all `assert` statements with `if` checks followed by `revert` and custom errors from `Errors.sol`
- Implemented specific custom errors:
  - `InvalidArrayLength(uint256 expected, uint256 actual)`
  - `InvalidBooleanType()`
  - `ExpectedMajorByteString()`
  - `ExpectedNegativeBigNumTag()`
  - `ExpectedLowValue27()`
- Ensured proper import of `Errors.sol` across relevant CBOR modules
- Preserved original indentation and code formatting for readability
- Improves error handling consistency and prevents `Panic` exceptions

This change aligns with Solidity best practices by using custom errors for more efficient and descriptive error handling.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snissn