aurora-is-near / aurora-engine

⚙️ Aurora Engine implements an Ethereum Virtual Machine (EVM) on the NEAR Protocol.

https://doc.aurora.dev/develop/compat/evm

330 stars 82 forks source link

fix: validate account Ids from args #703

Closed 0x3bfc closed 1 year ago

0x3bfc commented 1 year ago

Description

AccountId is a string representing a NEAR account. This string should be between 2 and 64 characters. There are additional requirements such as limited use of alphanumeric characters and separator characters.

There are a number of external smart contract functions in aurora-engine which BorshDeserialize an AccountId without validating it.

[x] implement the missing account validations
[x] Adding extra tests to cover some edge cases.

Aurora-ClickUp commented 1 year ago

Task linked: CU-863g0gf85 AUR-10 Borsh Deserialisation Does Not Validate Account IDs