r0gue-io / pop-node

Pop Network makes it easy for smart contract developers to use the Power of Polkadot.
The Unlicense
24 stars 6 forks source link

chore: security analysis pop api implementation #131

Open Daanvdplas opened 3 months ago

Daanvdplas commented 3 months ago

Before merging daan/api branch into main we should conduct a thorough security analysis of the pop api implementation. This includes checking for attack vectors and more.

Daanvdplas commented 3 months ago

Note: the integration test for set_metadata includes setting bad metadata - too large values for the name and symbol. While trying to trigger this error I encountered an error in pallet contracts; OutputBufferTooSmall (used a vector len of 100_000).