Closed mchxxx closed 5 years ago
Code should set: amount *= a; before the asserts for -max_amount < amount < max_amount
I think we should first do max_amount/abs(amount)
to determine the valid range of a
, something like:
asset& operator*=( int64_t a ) {
if (amount == 0) return *this;
auto max_a = max_amount / (amount > 0 ? amount : -amount);
eosio_assert( a >= -max_a && a <= max_a, "multiplication overflow or underflow");
amount *= a;
return *this;
}
Can you let me know an estimated date to fix this issue?
fixed
From asset.hpp (https://github.com/EOSIO/eos/blob/master/contracts/eosiolib/asset.hpp) It seems that the asset type has overflow/underflow protection built-in. For example:
However, I did a test, and the result seems to show that there is no overflow/underflow protection. Test:
Result:
So, did I do anything wrong or what? If there is no protection by default, what is the best way to prevent overflow/underflow attack?