fix: limit the max size of lending item extradata can be inside the t… (

ethereum#405) * fix: limit the max size of lending item extradata can be inside the trading and lending transactions * chore: add comment for the MaxLendingExtraDataSize constant
s1na · Jan 29, 2024 · 95e108c · 95e108c
1 parent b4d842b
commit 95e108c
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 5 deletions.
diff --git a/XDCxlending/lendingstate/lendingitem.go b/XDCxlending/lendingstate/lendingitem.go
@@ -27,6 +27,13 @@ const (
 	LendingStatusCancelled     = "CANCELLED"
 	Market                     = "MO"
 	Limit                      = "LO"
+	/*
+		Based on all structs that were used to encode into extraData, we can see the liquidationData is likely be the one with max length in payload.
+		A assumptions was made that each numeric value (RecallAmount, LiquidationAmount, CollateralPrice) is up to 30 digits long and the Reason field is 20 characters long, the estimated maximum size of the ExtraData JSON string in the ProcessLiquidationData function would be approximately 185 bytes.
+		Hence the value of 200 has been chosen to safeguard the block/tx in XDC in terms of sizes.
+
+	*/
+	MaxLendingExtraDataSize = 200
 )
 
 var ValidInputLendingStatus = map[string]bool{
@@ -233,6 +240,9 @@ func (l *LendingItem) VerifyLendingItem(state *state.StateDB) error {
 	if err := l.VerifyLendingSignature(); err != nil {
 		return err
 	}
+	if err := l.VerifyLendingExtraData(); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -282,6 +292,13 @@ func (l *LendingItem) VerifyLendingType() error {
 	return nil
 }
 
+func (l *LendingItem) VerifyLendingExtraData() error {
+	if len(l.ExtraData) > MaxLendingExtraDataSize {
+		return fmt.Errorf("VerifyLendingExtraData: invalid lending extraData size. Size: %v", len(l.ExtraData))
+	}
+	return nil
+}
+
 func (l *LendingItem) VerifyLendingStatus() error {
 	if valid, ok := ValidInputLendingStatus[l.Status]; !ok && !valid {
 		return fmt.Errorf("VerifyLendingStatus: invalid lending status. Status: %s", l.Status)

diff --git a/XDCxlending/lendingstate/lendingitem_test.go b/XDCxlending/lendingstate/lendingitem_test.go
@@ -2,17 +2,18 @@ package lendingstate
 
 import (
 	"fmt"
+	"math/big"
+	"math/rand"
+	"os"
+	"testing"
+	"time"
+
 	"github.com/XinFinOrg/XDPoSChain/common"
 	"github.com/XinFinOrg/XDPoSChain/core/rawdb"
 	"github.com/XinFinOrg/XDPoSChain/core/state"
 	"github.com/XinFinOrg/XDPoSChain/crypto"
 	"github.com/XinFinOrg/XDPoSChain/crypto/sha3"
 	"github.com/XinFinOrg/XDPoSChain/rpc"
-	"math/big"
-	"math/rand"
-	"os"
-	"testing"
-	"time"
 )
 
 func TestLendingItem_VerifyLendingSide(t *testing.T) {
@@ -108,6 +109,27 @@ func TestLendingItem_VerifyLendingType(t *testing.T) {
 	}
 }
 
+func TestLendingItem_VerifyExtraData(t *testing.T) {
+	tests := []struct {
+		name    string
+		fields  *LendingItem
+		wantErr bool
+	}{
+		{"within the limit", &LendingItem{ExtraData: "123"}, false},
+		{"within the limit", &LendingItem{ExtraData: "This is a string specifically designed to exceed 201 bytes in length. It contains enough characters, including spaces and punctuation, to ensure that its total size goes beyond the specified limit for demonstration purposes."}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			l := &LendingItem{
+				ExtraData: tt.fields.ExtraData,
+			}
+			if err := l.VerifyLendingExtraData(); (err != nil) != tt.wantErr {
+				t.Errorf("VerifyLendingExtraData() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
 func TestLendingItem_VerifyLendingStatus(t *testing.T) {
 	tests := []struct {
 		name    string