Closed MichaelMure closed 3 years ago
Nice catch! Thank you for reporting this. Yeah I guess the best thing is to calculate that hash locally before uploading and then verify it matches the response. Also reduces need for trust in the pinning service.
Would you like to work on this?
I think this might've been fixed on the latest release. For most services, we now make sure we actually check the results for the CID of the root folder instead of just using the last one. Could you please check for me? Also, we no longer silently ignore errors.
I'm closing this. However, if this bug shows up again, please let me know.
https://github.com/agentofuser/ipfs-deploy/blob/master/index.js#L147
If the request fail due to a timeout or another reason, ipfs-deploy use the last received hash as the root hash. However, there is no guarantee that it's actually the root hash, and it won't be if the response has been truncated.