Skip to content

[Fix] Set max entries for VerifyProof in statePlugin #3675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 17, 2025
Merged

[Fix] Set max entries for VerifyProof in statePlugin #3675

merged 4 commits into from
Jan 17, 2025

Conversation

@shargon
Copy link
Member

@shargon shargon commented Jan 16, 2025
edited
Loading

Description

Verify should have a maximum number of entries, otherwise ulong.MaxValue is taken, this could produce a DoS.

Type of change

  • Optimization (the change is only an optimization)
  • Style (the change is only a code style for better maintenance or standard purpose)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

  • Not required

Test Configuration:

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@shargon shargon added the Bug Used to tag confirmed bugs label Jan 16, 2025
@shargon shargon changed the title [Fix] statePlugin [Fix] max entries for VerifyProof in statePlugin Jan 16, 2025
@shargon shargon changed the title [Fix] max entries for VerifyProof in statePlugin [Fix] Set max entries for VerifyProof in statePlugin Jan 16, 2025
@shargon shargon added Waiting for Review Easy-to-Review a simple edit; just a few lines labels Jan 16, 2025
roman-khimov
roman-khimov reviewed Jan 16, 2025
View reviewed changes
Copy link
Contributor

@roman-khimov roman-khimov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Likely byte.MaxValue is enough. It depends on the tree height in reality, right?

shargon
shargon commented Jan 16, 2025
View reviewed changes
@shargon shargon merged commit 15d3553 into master Jan 17, 2025
7 checks passed
@shargon shargon deleted the fix-state branch January 17, 2025 10:00
Jim8y added a commit to Jim8y/neo that referenced this pull request Jan 31, 2025
@Jim8y
Merge branch 'master' into rc-v2
0281ad1 
* master: (43 commits)
  Fix `GetAndChange` warnings (neo-project#3702)
  `Murmur3` should not be cryptographic hash algorithm (neo-project#3668)
  Test: add tests for native contract id (neo-project#3697)
  Update nugets (neo-project#3692)
  [Core P2P] fix the bug (neo-project#3695)
  Add hardfork HF_Echidna (neo-project#3454)
  Fix: add lock for RocksDbStore.Snapshot to keep same behavior as MemoryStore and LevelDbStore (neo-project#3689)
  Nullable rocks db (neo-project#3686)
  Nullable leveldb (neo-project#3685)
  Enforcement Compiler Warnings (neo-project#3687)
  [`Update`] Dotnet & Compiler Version (neo-project#3684)
  [`Add`]: LevelDB Benchmarks (neo-project#3667)
  [`Fix`]: Behavior when `keyPrefix` is null in different `IStore.Seek` impls. (neo-project#3682)
  Improve calculatenetworkfee (neo-project#3674)
  more 2025 (neo-project#3678)
  Nullable in Storage classes (neo-project#3670)
  readonly (neo-project#3676)
  [Fix] Set max entries for `VerifyProof` in `statePlugin` (neo-project#3675)
  Neo.json.benchmarks (neo-project#3673)
  Happy new year 2025 (neo-project#3677)
  ...

# Conflicts:
#	src/Neo/Neo.csproj
#	src/Neo/ProtocolSettings.cs
#	src/Neo/SmartContract/ApplicationEngine.cs
#	src/Neo/SmartContract/Native/NeoToken.cs
#	src/Neo/SmartContract/Native/RoleManagement.cs
#	tests/Neo.UnitTests/SmartContract/Native/UT_NativeContract.cs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roman-khimov roman-khimov roman-khimov approved these changes

+1 more reviewer

@nan01ab nan01ab nan01ab approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Bug Used to tag confirmed bugs Easy-to-Review a simple edit; just a few lines Waiting for Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shargon @nan01ab @roman-khimov