Check fees in swap

src/handle_sign_message.c

@@ -122,18 +122,21 @@ static bool check_swap_validity_native(const SummaryItemKind_t kinds[MAX_TRANSAC
         switch (kinds[i]) {
             case SummaryItemAmount:
                 if (strcmp(G_transaction_summary_title, "Max fees") == 0) {
-                    break;
-                }
-                if (strcmp(G_transaction_summary_title, "Transfer") != 0) {
+                    if (!check_swap_fee(G_transaction_summary_text)) {
+                        PRINTF("check_swap_fee failed\n");
+                        return false;
+                    }
+                } else if (strcmp(G_transaction_summary_title, "Transfer") == 0) {
+                    if (!check_swap_amount(G_transaction_summary_text)) {
+                        PRINTF("check_swap_amount failed\n");
+                        return false;
+                    }
+                } else {
                     PRINTF("Refused title '%s', expecting '%s'\n",
                            G_transaction_summary_title,
                            "Transfer");
                     return false;
                 }
-                if (!check_swap_amount(G_transaction_summary_text)) {
-                    PRINTF("check_swap_amount failed\n");
-                    return false;
-                }
                 amount_ok = true;
                 break;
 
@@ -207,8 +210,13 @@ static bool check_swap_validity_token(const SummaryItemKind_t kinds[MAX_TRANSACT
                 break;
 
             case SummaryItemAmount:
-                if (strcmp(G_transaction_summary_title, "Max fees") != 0) {
-                    PRINTF("Refuse non fee amount in token swap context\n");
+                if (strcmp(G_transaction_summary_title, "Max fees") == 0) {
+                    if (!check_swap_fee(G_transaction_summary_text)) {
+                        PRINTF("check_swap_fee failed\n");
+                        return false;
+                    }
+                } else {
+                    PRINTF("Refusing non fee amount in token swap context\n");
                     return false;
                 }
                 break;

src/swap/handle_swap_sign_transaction.c

@@ -12,6 +12,7 @@ typedef struct swap_validated_s {
     uint8_t decimals;
     char ticker[MAX_SWAP_TOKEN_LENGTH];
     uint64_t amount;
+    uint64_t fee;
     char recipient[BASE58_PUBKEY_LENGTH];
 } swap_validated_t;
 
@@ -67,6 +68,11 @@ bool copy_transaction_parameters(create_transaction_parameters_t *params) {
         return false;
     }
 
+    // Save amount
+    if (!swap_str_to_u64(params->fee_amount, params->fee_amount_length, &swap_validated.fee)) {
+        return false;
+    }
+
     swap_validated.initialized = true;
 
     // Full reset the global variables
@@ -105,6 +111,74 @@ bool check_swap_amount(const char *text) {
     }
 }
 
+bool is_valid_char(char c) {
+    return (c == '.' || (c >= '0' && c <= '9'));
+}
+
+bool check_swap_fee(const char *text) {
+    if (!G_swap_validated.initialized) {
+        return false;
+    }
+
+    char validated_fee[MAX_PRINTABLE_AMOUNT_SIZE];
+    if (print_amount(G_swap_validated.fee,
+                           validated_fee,
+                           sizeof(validated_fee)) != 0) {
+        PRINTF("Conversion failed\n");
+        return false;
+    }
+    if (validated_fee[MAX_PRINTABLE_AMOUNT_SIZE - 1] != '\0') {
+        PRINTF("Error in formating, aborting check\n");
+        return false;
+    }
+
+    PRINTF("Fee requested in this transaction = %s\n", text);
+    PRINTF("Fee validated in swap = %s\n", validated_fee);
+    if (strcmp(text, validated_fee) == 0) {
+        PRINTF("Fees are the exact same");
+        return true;
+    } else {
+        // Check that we are paying LESS than promised
+        // Expected format is 'X.Y SOL' anything else is an error
+        uint8_t pos = 0;
+        char current_text;
+        char current_validated;
+        do {
+            current_text = text[pos];
+            current_validated = validated_fee[pos];
+            if (!is_valid_char(current_text)) {
+                PRINTF("!is_valid_char(current_text) %c\n", current_text);
+                return false;
+            }
+            if (!is_valid_char(current_validated)) {
+                PRINTF("!is_valid_char(current_validated) %c\n", current_validated);
+                return false;
+            }
+            if (current_text != current_validated) {
+                // period char is smaller than all integers char, and they are themselves ordered
+                PRINTF("Checking current_text %c vs current_validated %c\n", current_text, current_validated);
+                return (current_text < current_validated);
+            } else {
+                // Keep looking for a diff
+                ++pos;
+            }
+        } while (current_text != '\0' && current_text != ' ' && current_validated != ' ' && current_validated != '\0');
+
+        if (current_text == '\0' || current_validated == '\0') {
+            PRINTF("ERROR: unexpectedly reached end of string\n");
+            return false;
+        }
+
+        if (current_text == ' ' && current_validated == ' ') {
+            PRINTF("ERROR: both strings encountered simultaneous end: tickers differ\n");
+            return false;
+        }
+
+        // current_text is smaller if it ends first, if all previous characters are the same
+        return (current_text == ' ');
+    }
+}
+
 // Check that the recipient in parameter is the same as the previously saved recipient
 bool check_swap_recipient(const char *text) {
     if (!G_swap_validated.initialized) {

src/swap/handle_swap_sign_transaction.h

@@ -6,6 +6,8 @@ bool copy_transaction_parameters(create_transaction_parameters_t *sign_transacti
 
 bool check_swap_amount(const char *text);
 
+bool check_swap_fee(const char *text);
+
 bool check_swap_recipient(const char *text);
 
 bool is_token_transaction();