Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Minimum Precision "bug" #1242

Open
Thanos420NoScope opened this issue Jun 17, 2021 · 4 comments
Open

Minimum Precision "bug" #1242

Thanos420NoScope opened this issue Jun 17, 2021 · 4 comments
Labels
bug Something isn't working component: pact-service The Pact Service, or Pact language updates in general.

Comments

@Thanos420NoScope
Copy link

The coin contract accepts transactions with more than 12 digits if they are 0s.
It is not a security threat and cannot break precision, but is permanent for both the sending and the receiving account.
image

@emilypi
Copy link
Member

emilypi commented Aug 13, 2021

That could be a valid space attack, and I'd consider it a valid bug as a result.

@larskuhtz larskuhtz added bug Something isn't working component: pact-service The Pact Service, or Pact language updates in general. labels Aug 13, 2021
@larskuhtz
Copy link
Contributor

I think, this is a pact issue, since the chainweb-node is agnostic about semantics of payloads.

Resolving this on pact validation level could would probably require a fork. So, we may instead continue accept those numbers internally within pact evaluation (execValidateBlock, but reject pending zeros on input in pact-service (e.g. in the mempool or newBlock).

@chessai
Copy link
Contributor

chessai commented Jan 9, 2024

@jmcardon @edmundnoble is this still an issue? iirc this has been patched, but my recollection is only vague.

@AncientHodler-Demiurg
Copy link

Perhaps pact 5.0 is a good way to fix this. However, i dont really see how this could be used as an attaack, because hte moment you are using something with more than 12 decimals, it simply wont work.

The problem lies in how pact interprets decimals.
666.12345678900000 is still interpreted as having 9 decimals due to how the floor function works that does the enforcements. It is still seen as having 9 decimals.

If this is something that can be attacked in any way, it should be changed, but i dont see how an attack could be possible....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working component: pact-service The Pact Service, or Pact language updates in general.
Projects
None yet
Development

No branches or pull requests

5 participants