search

sablier-labs / v2-core

⏳ Core smart contracts of the Sablier V2 token distribution protocol
https://sablier.com
Other
288 stars 38 forks source link

refactor: disallow non alphanumeric symbols #945

Closed andreivladbrg closed 1 week ago

andreivladbrg commented 2 weeks ago

We still need to make a decision, but this PR solves this finding: https://www.codehawks.com/report/clvb9njmy00012dqjyaavpl44#M-01

PaulRBerg commented 2 weeks ago

Separately, I opened feature requests in OpenZeppelin and Solady for implementing alphanumeric check functions:

smol-ninja commented 2 days ago

Should we allow - as well?

From Egis audit report:

Consider adding - (2D) as supported char in for token sybmol, because it is not a threat for JSON injection and there are tokens such as LP, which may use this char. Example token Recom- mendation:Addbool isDash = char == 2Dcheck

Also, even Sablier NFT contains -.

Fixed in https://github.com/sablier-labs/v2-core/pull/960.

PaulRBerg commented 23 hours ago

I agree with adding support for -.