Closed brianlenz closed 3 years ago
Agreed it’s not a security issue! All of the data is on the blockchain, after all. It just addresses the expected, functional behavior for “balanceOf”.
FWIW, this was identified via our security audit (low risk, of course)...
Is not a security issue, but maybe could be inside good practice to accustom people to check the parameters received, it does not affect safety, but we think it is good to do the checking.
Imagine the following scenario. An application rewards or checks that the address of a user's profile has a balance. However, the address has no balance, but the user instead of a valid address (already reserved by other profiles) sets an arbitrary value that returns a value with balance correctly.