Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent negative values in btc scripts #67

Open
jrwbabylonlab opened this issue Feb 27, 2025 · 1 comment
Open

Prevent negative values in btc scripts #67

jrwbabylonlab opened this issue Feb 27, 2025 · 1 comment
Assignees
@jrwbabylonlab

Comments

@jrwbabylonlab
Copy link
Collaborator

In btc-staking-ts, there are multiple functions that claim to validate whether values are negative but do so incorrectly.

In addition, the ObservableStaking class does not validate whether the btcActivationHeight field is a negative number.

A user or dApp would not be prevented from accidentally supplying a negative number for these fields, which could lead to unintended behavior.
In the case of StakingScripts, this value would be compiled into the Bitcoin script and passed to the OP_CHECKSEQUENCEVERIFY opcode, which could lead to errors upon execution.
Recommendations
Fix the checks to prevent negative values.

Examples

// check that maximum value for staking time is not greater than uint16 and
      above 0
  if (this.stakingTimeLock == 0 || this.stakingTimeLock > 65535) {
      return false;
}
  // check that maximum value for unbonding time is not greater than uint16 and
      above 0
  if (this.unbondingTimeLock == 0 || this.unbondingTimeLock > 65535) {
      return false;
}
@jrwbabylonlab jrwbabylonlab self-assigned this Feb 27, 2025
@jrwbabylonlab
Copy link
Collaborator Author

#68

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrwbabylonlab jrwbabylonlab

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jrwbabylonlab