This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
Zero-padding in storage should not be applied #347
Assignees
Labels
I2-security
The client fails to follow expected, security-sensitive, behaviour.
Z1-easy
Can be fixed primarily by duplicating and adapting code by an intermediate coder
Milestone
Comments
gavofyork
added
the
I2-security
|
I don't understand why zero-padding is useful for reading integers either. |
|
curious to know why we need the zero-padding in the first place. for backward-compatibility? |
gavofyork
changed the title
|
indeed. |
gavofyork
added
the
Z1-easy
|
Closed with #709 |
JoshOrndorff
pushed a commit
to moonbeam-foundation/substrate
that referenced
this issue
Apr 21, 2021
* Crude attempt at finding open ports (paritytech#346) * added example test for frontier (paritytech#343) * added example test for frontier * added npm run non-ci-test * move staking test spec to node/chainspec (paritytech#335) * init * hide staking test spec behind test-staking feature flag * clean * comment staking test genesis config for readability * move test spec to separate file * Crude attempt at finding open ports * npx -w * Add missing file * Adds random port and parallel test execution * Fixed ethers test * Adds delay to node start in test Co-authored-by: Antoine Estienne <estienne.antoine@gmail.com> Co-authored-by: Amar Singh <asinghchrony@protonmail.com> Co-authored-by: Crystalin <alan@purestake.com> * Crystalin testweek watch (paritytech#347) * Crude attempt at finding open ports * npx -w * Add missing file * Adds random port and parallel test execution * Fixed ethers test * Adds delay to node start in test * Adds support for test watch * Cleaned package.json * Prevent test to run at start of watch * Restore optimization for cargo build Co-authored-by: Stephen Shelton <steve@brewcraft.org> * Unskip tests (paritytech#357) * Unskip `fetch genesis block by hash` * Remove timeouts * Unskip block gas limit tests * Remove `opt-level = 0` from Cargo.toml * Unskip * Test contract factory (paritytech#351) * added deployContractByName and contractSources * added getcompiled function * increase timeout for testfilterapi * change contract name and add sourcecode * Fix fixture requirement * update package and json Co-authored-by: Crystalin <alan@purestake.com> * Gorka remove intra test dependencies (paritytech#355) * Crude attempt at finding open ports * npx -w * Add missing file * Adds random port and parallel test execution * Fixed ethers test * Adds delay to node start in test * Adds support for test watch * Cleaned package.json * Prevent test to run at start of watch * Restore optimization for cargo build * Allow for non-finalization and ParentHash specification in createAndFinalizeBlock * Make test-block tests non-dependent by using non-finalized chains * Separate tests to make them non-dependent and parametrize tx hashes and nonces in test-txpool * it instead of step in test-version * setup providers before tests in test-ethers.ts * Create a block before tests to avoid one depend on the other in test-nonce * it for step in test-receipt * import constants for test-staking * Attemp at parametrizing test-filter-api tests * attemp at parametrizing test-revert-receipt * remove mocha-steps from tests * make test-subscription tests non-dependent * comply with prettier * Add support for retrieving the hash of the generated block * Make test-trace-filter tests non-dependent * balance-tests non-dependent * Non-dependent tests for test-polkadot-api * Add test-fork-chain tests * remove unnecesary timeouts * Use context provider for test-ether.ts * Remove currentId from test-filter-api since we are uninstalling all filters from test to test * Join balance test setups and check balance at each block * Rename variables to camelCase in tests * small introduced bug in test-pool-pending when camelCasing variables * Use a different account for test-revert-receipt deployment contract to avoid non-determinism of the nonce * shorten line because of editconfig * Separate test-subscription and test-subscription-past-events.ts * remove single letter variable in test-filter-api * Small cosmetic changes * revert changes in package.json * Remove beforeEach and substitute it for common function * change var for let or const Co-authored-by: Stephen Shelton <steve@brewcraft.org> Co-authored-by: Crystalin <alan@purestake.com> * Crystalin remove solc (paritytech#362) * Crude attempt at finding open ports * npx -w * Add missing file * Adds random port and parallel test execution * Fixed ethers test * Adds delay to node start in test * Adds support for test watch * Cleaned package.json * Prevent test to run at start of watch * Restore optimization for cargo build * Allow for non-finalization and ParentHash specification in createAndFinalizeBlock * Make test-block tests non-dependent by using non-finalized chains * Separate tests to make them non-dependent and parametrize tx hashes and nonces in test-txpool * it instead of step in test-version * setup providers before tests in test-ethers.ts * Create a block before tests to avoid one depend on the other in test-nonce * it for step in test-receipt * import constants for test-staking * Attemp at parametrizing test-filter-api tests * attemp at parametrizing test-revert-receipt * remove mocha-steps from tests * make test-subscription tests non-dependent * comply with prettier * Add support for retrieving the hash of the generated block * Make test-trace-filter tests non-dependent * balance-tests non-dependent * Non-dependent tests for test-polkadot-api * Add test-fork-chain tests * remove unnecesary timeouts * Use context provider for test-ether.ts * Remove currentId from test-filter-api since we are uninstalling all filters from test to test * Join balance test setups and check balance at each block * Rename variables to camelCase in tests * small introduced bug in test-pool-pending when camelCasing variables * Use a different account for test-revert-receipt deployment contract to avoid non-determinism of the nonce * shorten line because of editconfig * Separate test-subscription and test-subscription-past-events.ts * remove single letter variable in test-filter-api * Small cosmetic changes * revert changes in package.json * Remove beforeEach and substitute it for common function * change var for let or const * Removes solc from tests * Fixes path for contract tests * Adds formatting for compiled contracts Co-authored-by: Stephen Shelton <steve@brewcraft.org> Co-authored-by: Gorka Irazoqui <gorka.irazoki@gmail.com> * Typescript test refactoring (paritytech#364) * Crude attempt at finding open ports * npx -w * Add missing file * Adds random port and parallel test execution * Fixed ethers test * Adds delay to node start in test * Adds support for test watch * Cleaned package.json * Prevent test to run at start of watch * Restore optimization for cargo build * Allow for non-finalization and ParentHash specification in createAndFinalizeBlock * Make test-block tests non-dependent by using non-finalized chains * Separate tests to make them non-dependent and parametrize tx hashes and nonces in test-txpool * it instead of step in test-version * setup providers before tests in test-ethers.ts * Create a block before tests to avoid one depend on the other in test-nonce * it for step in test-receipt * import constants for test-staking * Attemp at parametrizing test-filter-api tests * attemp at parametrizing test-revert-receipt * remove mocha-steps from tests * make test-subscription tests non-dependent * comply with prettier * Add support for retrieving the hash of the generated block * Make test-trace-filter tests non-dependent * balance-tests non-dependent * Non-dependent tests for test-polkadot-api * Add test-fork-chain tests * remove unnecesary timeouts * Use context provider for test-ether.ts * Remove currentId from test-filter-api since we are uninstalling all filters from test to test * Join balance test setups and check balance at each block * Rename variables to camelCase in tests * small introduced bug in test-pool-pending when camelCasing variables * Use a different account for test-revert-receipt deployment contract to avoid non-determinism of the nonce * shorten line because of editconfig * Separate test-subscription and test-subscription-past-events.ts * remove single letter variable in test-filter-api * Small cosmetic changes * revert changes in package.json * Remove beforeEach and substitute it for common function * change var for let or const * Removes solc from tests * Fixes path for contract tests * Adds formatting for compiled contracts * Refactor tests * Fix formatting * Limit concurrency to half cpus for ts tests * Fixes github action typo Co-authored-by: Stephen Shelton <steve@brewcraft.org> Co-authored-by: Gorka Irazoqui <gorka.irazoki@gmail.com> * Antoine update testweek readme typos (paritytech#369) * added instructions to readme * update package lock * Add missing contracts to definition (paritytech#368) * Add Callee, Caller, Incrementer * Update test-trace * Remove unused * Move blockscout tracer to util/tracer * Test for txpool multiple transactions (paritytech#367) * Improve pending pool test * Rephrase comment * Better naming for txpool tests * Split txpool multiple test for more independance * Fixes few test expectations * Adds test for future transaction * Rename eth pool correctly * Fixes node listeners Co-authored-by: tgmichel <telmo@purestake.com> * Fixes typo in variable name * Added test for block gas in smart contract (paritytech#370) * VSCode debugger (support for TS tests) (paritytech#348) Add a VSCode debugger config with CodeLLDB. TS tests can be debugged by first starting the node in the debugger, then launching DEBUG_MODE=true npm run test-single in the test folder (modify package.json to change the test file). * Adds test for filter trace pagination (paritytech#373) * Fixes trace filter test Co-authored-by: Stephen Shelton <steve@brewcraft.org> Co-authored-by: Antoine Estienne <estienne.antoine@gmail.com> Co-authored-by: Amar Singh <asinghchrony@protonmail.com> Co-authored-by: tgmichel <telmo@purestake.com> Co-authored-by: girazoki <gorka.irazoki@gmail.com> Co-authored-by: nanocryk <6422796+nanocryk@users.noreply.github.com>
liuchengxu
pushed a commit
to chainx-org/substrate
that referenced
this issue
Aug 23, 2021
Signed-off-by: koushiro <koushiro.cqx@gmail.com>
liuchengxu
pushed a commit
to autonomys/substrate
that referenced
this issue
Jun 3, 2022
…om_init_header feeds: extract authority list from the initial header
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently when reading from storage, if the entry in storage is too small, zeroes are appended. This works fine for single LE ints, but less well in pretty much any other situation and could easily lead to security issues.
Zero-padding should only be applied when reading specific types, essentially just
Balance. In other instances, the runtime should simply be allowed to fail.In any case, all zero-padding this should be removed entirely once we decommission the PoC-1/2 testnet.
The text was updated successfully, but these errors were encountered: