Page MenuHomePhabricator
Differential D14976

[Cashtab] Add function to generate targetOutputs for multisend tx from user input
ClosedPublic
Actions

Authored by bytesofman on Dec 12 2023, 21:32.

Details

Reviewers
Fabien
Group Reviewers
Restricted Project
Commits
rABC097a01f19640: [Cashtab] Add function to generate targetOutputs for multisend tx from user…
Summary

Diff required to implement new send functions. Convert user input into desired targetOutputs for new ecash-coinselect based tx generation fn.

Test Plan

npm test

Diff Detail

Repository
rABC Bitcoin ABC
Branch
cashtab-getMultisendTargetOutputs
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 25978
Build 51530: Build Diffcashtab-tests
Build 51529: arc lint + arc unit

Event Timeline

bytesofman created this revision.Dec 12 2023, 21:32
Herald added a reviewer: Restricted Project. · View Herald TranscriptDec 12 2023, 21:32
bytesofman requested review of this revision.Dec 12 2023, 21:32
bytesofman updated this revision to Diff 43592.Dec 12 2023, 21:34

another unit test

Harbormaster completed remote builds in B25946: Diff 43591.Dec 12 2023, 21:45
Harbormaster completed remote builds in B25947: Diff 43592.
Fabien requested changes to this revision.Dec 13 2023, 10:13
Fabien added a subscriber: Fabien.
Fabien added inline comments.
cashtab/src/transactions/__tests__/index.test.js
54 ↗(On Diff #43592)

copy pasta

cashtab/src/transactions/index.js
122 ↗(On Diff #43592)

Don't split twice, it's expensive

127 ↗(On Diff #43592)

There is a lot of sanitizing that is missing here:

  • You should trim the address and amount (+test)
  • If the amount is expected to be a float (missing test), the decimal point can be a comma depending on the user locale ? This will conflict with the CSV comma separator
  • There is no satoshi rounding nor decimal check, so your function will accept 550.442 as an amount
  • There might be a buffer overflow vulnerability, if I set the amount to be close to the max js integer the multiply will overflow.
This revision now requires changes to proceed.Dec 13 2023, 10:13
bytesofman planned changes to this revision.Dec 13 2023, 17:38
bytesofman marked 2 inline comments as done.
bytesofman added inline comments.
cashtab/src/transactions/index.js
127 ↗(On Diff #43592)

You should trim the address and amount (+test)

Cashtab rejects any input with extra spaces, this will fail address validation in isValidMultiSendUserInput. Arguably we should change to accept the spaces and trim them, will address in a separate diff.

If the amount is expected to be a float (missing test), the decimal point can be a comma depending on the user locale ? This will conflict with the CSV comma separator

good point + existing issue in multisend validation. Will address and rebase this diff on that fix.

There is no satoshi rounding nor decimal check, so your function will accept 550.442 as an amount

This is handled in isValidMultiSendUserInput

There might be a buffer overflow vulnerability, if I set the amount to be close to the max js integer the multiply will overflow.

Existing issue, will patch and rebase this diff on the patch. Currently "handled" by impossibility of user having more than XEC supply worth of satoshis to spend.

bytesofman added inline comments.Dec 13 2023, 18:37
cashtab/src/transactions/index.js
127 ↗(On Diff #43592)

D14982

bytesofman updated this revision to Diff 43623.Dec 14 2023, 22:34

rebase

bytesofman planned changes to this revision.Dec 14 2023, 22:35

still need to trim()

Harbormaster completed remote builds in B25965: Diff 43623.Dec 14 2023, 22:39
bytesofman updated this revision to Diff 43642.Dec 15 2023, 14:22

Improve validation, support extra spaces, add unit tests to confirm supported cases and errors

Harbormaster completed remote builds in B25978: Diff 43642.Dec 15 2023, 14:25
Fabien accepted this revision.Dec 18 2023, 08:51

Please add another test for extra comma outside of the float, like ecash:qzj5zu6fgg8v2we82gh76xnrk9njcreglum9ffspnr,200.12,foobar, unless it's already tested somewhere else.

This revision is now accepted and ready to land.Dec 18 2023, 08:51
Closed by commit rABC097a01f19640: [Cashtab] Add function to generate targetOutputs for multisend tx from user… (authored by bytesofman). · Explain WhyDec 19 2023, 14:50
This revision was automatically updated to reflect the committed changes.
bytesofman added a commit: rABC097a01f19640: [Cashtab] Add function to generate targetOutputs for multisend tx from user….

Revision Contents
Changeset List

PathSize
cashtab/
src/
transactions/
__tests__/
35 lines
fixtures/
77 lines
31 lines

Diff 43642

View Options

cashtab/src/transactions/__tests__/index.test.js

Loading...
View Options

cashtab/src/transactions/fixtures/vectors.js

Loading...
View Options

cashtab/src/transactions/index.js

Loading...