It's possible to send string and hexadecimal values as amount

[prafair]

Bug Type

Functional

Reproduction steps

1. Send as amount of TON or another currency in Invoices menu:

Strings	Hexadecimal
Infinity	0xffffffffffffffff
-Infinity	-0xffffffffffffffff

https://user-images.githubusercontent.com/15040493/190928280-fed3f57a-ed24-49f9-ac55-9dc2eecea0dc.mov

Actual result

Strings	Hexadecimal	Result
Infinity	0xffffffffffffffff	🔺 You entered too big amount.
-Infinity	-0xffffffffffffffff	🔺 You entered too small amount.
	0xB	One payment: 11 TON (17.6$)

Expected result

Strings	Hexadecimal	Result
Infinity	0xffffffffffffffff	🔺 Enter number please.
-Infinity	-0xffffffffffffffff	🔺 Enter number please.
	0xB	🔺 Enter number please.

Suggested Severity

High

Device

Desktop:

• OS: macOS Big Sur (11.6.1)
• Telegram version: 9.0.236759 Stable

Smartphone:

• Device: Samsung Galaxy S20 FE
• OS: Android 12
• Telegram version: 9.0.0 (2800) store bundled arm64-v8a

Additional Context

Of course, we also have to think about a floating point number (for example, 1e1 and 1e+1 or 1e-1). But in this context we are talking about strings and a hexadecimal system, let's focus on that 🙂

[AleksandrShepelev]

Hello, thanks for the report Can you explain how this can affect application in negative way?

We saw this opportunity but decided that different way of typing numbers cannot hurt our app

thank you

[prafair]

@AleksandrShepelev thanks for watching =) Sorry for the long reply!

Yes, indeed, if you use Python type Decimal - these are the correct values (Infinity, 0x1).

But I've now found the combination 0xInfinity and it is perceived as a number. Therefore, I began to doubt, maybe some kind of preprocessing is used, I don't know.

And also, I can imagine that this is somehow used for statistical purposes;) And of course, consistency support (for example, such numbers are not allowed in the web or mobile applications).

And yes, of course, the decision to fix it or not is entirely up to you;)