Function joinProvider(...) succeeds if I specify an non-existent providerUID. All the checks pass (because values are nulls or zeros).
I think this should not be allowed to reduce the surface of possible exploits. For example, I could create multiple clients and join any future (potentially private) providers, since the providerUID is just a sequential number.
Function
joinProvider(...)succeeds if I specify an non-existentproviderUID. All the checks pass (because values are nulls or zeros). I think this should not be allowed to reduce the surface of possible exploits. For example, I could create multiple clients and join any future (potentially private) providers, since the providerUID is just a sequential number.