-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document and enforce the limit on the amount field in the deposit file [TOB-EF-DEP-004] #72
Comments
Our range is likely: To be confirmed. |
More good insight from yorick:
|
Which is to say, we will not run into JSON limits. We are already enforcing a limit when we get user input for the deposit amount (new flow), capped at This is far, far away from 2**53. This is not a security concern, we just need to push back on the finding and point out that we are, indeed, checking the range of this parameter to be between |
The current cap for the partial-deposit amount parameter is |
The document part should be in #140 |
TOB-EF-DEP-004 in the original security assessment notes that the Integer range for JSON numeric types is limited to
[-(2**53)+1, (2**53)-1]
.We should probably document and enforce some sane limits on our uses of integer with the amount field.
The text was updated successfully, but these errors were encountered: