In several places arbitrary inputs can be passed to the canister, e.g.
create_invoice
details of invoice can contain arbitrary long strings and Blobs.
permissions arrays (canGet, canVerify) can be big (no limit)
Risk Description
The create_invoice parameters are stored in the canister storage forever (see also F18). These arguments can be so big that they use the maximum ingress message size and with this it is easy to fill up the canister storage, resulting in denial of service. Also, the canister will no longer be able to upgrade (F19).
Unvalidated data in the invoice (e.g. the details) could also lead to injection attacks in some frontend if the data is displayed and not properly escaped there.
Observation
In several places arbitrary inputs can be passed to the canister, e.g.
create_invoice
canGet
,canVerify
) can be big (no limit)Risk Description
The create_invoice parameters are stored in the canister storage forever (see also F18). These arguments can be so big that they use the maximum ingress message size and with this it is easy to fill up the canister storage, resulting in denial of service. Also, the canister will no longer be able to upgrade (F19).
Unvalidated data in the invoice (e.g. the details) could also lead to injection attacks in some frontend if the data is displayed and not properly escaped there.
Recommendations: