search

WalletConnect / walletconnect-utils

Javascript Utilities for WalletConnect
MIT License
65 stars 56 forks source link

SafeJSON.JSONParse mangles number inside of string literal #145

Closed ian-eulith closed 8 months ago

ian-eulith commented 10 months ago

We hit this bug while trying to use WalletConnect with Dodo.

Test case:

it("should handle number inside string literal", () => {
  const nested = '{"params":{"proposer":{"metadata":{"description":"Trade Any Token on DODOEX. Swap ETH to WETH at 0.99852536006139370845107244063040676283327993685155310925333096461126073315184832, 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE, 0x82aF49447D8a07e3bd95BD0d56f35241523fBab1"}}}}';
  const result = safeJsonParse(nested);
  chai.expect(result).to.deep.eq(JSON.parse(nested));
});

The problem is that safe-json uses a regex to parse big numbers, but this regex does not respect the structure of JSON objects.

It would also be good if the library didn't swallow the error as this causes problems higher-up which are difficult to diagnose.

ian-eulith commented 10 months ago

More minimal test case:

it("should handle number inside string literal", () => {
  const nested = '{"x":"12345678901234567,"}';
  const result = safeJsonParse(nested);
  chai.expect(result).to.deep.eq(JSON.parse(nested));
});
arein commented 9 months ago

Welcome to submit a pull request with an improvement - will flag this to the team