Refactor `parseUint`, `parseInt` and `parseHexUint` to check bounds

OpenZeppelin / openzeppelin-contracts

OpenZeppelin Contracts is a library for secure smart contract development.

https://openzeppelin.com/contracts

MIT License

25k stars 11.81k forks source link

Refactor `parseUint`, `parseInt` and `parseHexUint` to check bounds #5304

Closed ernestognw closed 1 day ago

ernestognw commented 6 days ago

Fixes M-01 and M-02

PR Checklist

[ ] Tests
[ ] Documentation
[ ] Changeset entry (run npx changeset add)

changeset-bot[bot] commented 6 days ago

⚠️ No Changeset found

Latest commit: 04624b4f96de64b775bddecadbf7921bd579bddc

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

ernestognw commented 6 days ago

I think it's easier to fix both M-02 and M-01 within the same PR. The implementation adds an extra check that begin <= end in tryParseUint. I think this is the right direction, though. Otherwise it would be inconsistent that for invalid ranges the tryParseUint function returns (true, 0) whereas their counterparts return (false, 0).

Using the new private functions seemed like a good middleground IMO and we're not extending the interface