Closed mikhailOK closed 4 years ago
BorshDeserialize for bool and Option accepts arbitrary values where it should only allow 0 or 1. This makes it possible for an object to have multiple representations which can potentially allow attacks on our usage of borsh.
fixed now
https://github.com/nearprotocol/borsh/blob/master/borsh-rs/borsh/src/de/mod.rs#L83-L123
BorshDeserialize for bool and Option accepts arbitrary values where it should only allow 0 or 1. This makes it possible for an object to have multiple representations which can potentially allow attacks on our usage of borsh.