Problem: using insecure number instead of bignumber

crypto-com / chain-desktop-wallet

Crypto.com DeFi Desktop Wallet

https://crypto.com/defi-wallet

Other

363 stars 112 forks source link

Problem: using insecure number instead of bignumber #698

Open leejw51crypto opened 2 years ago

leejw51crypto commented 2 years ago

change from number to bignumber for all numbers

consider bignumber or string

export interface TransactionUnsigned {
  memo: string;
  accountNumber: number;
  accountSequence: number;
  nonce?: number;
  gasPrice?: number;
  gasLimit?: number;
  asset?: UserAsset;
}

by setting bogus gas, some illegal tx can bypass verification, becoming legitimate. so using big int would be good. also add unit test for overflow, underflow check

leejw51crypto commented 2 years ago

from go-ethereum

type TxData interface {
    txType() byte // returns the type ID
    copy() TxData // creates a deep copy and initializes all fields

    chainID() *big.Int
    accessList() AccessList
    data() []byte
    gas() uint64
    gasPrice() *big.Int
    gasTipCap() *big.Int
    gasFeeCap() *big.Int
    value() *big.Int
    nonce() uint64
    to() *common.Address

    rawSignatureValues() (v, r, s *big.Int)
    setSignatureValues(chainID, v, r, s *big.Int)
}