From b9e39d7f97e1f063a1f78e675add03d6685d48f6 Mon Sep 17 00:00:00 2001 From: Jorge Silva Date: Tue, 19 Sep 2023 09:54:20 +0100 Subject: [PATCH 1/2] fix: (webapi) check offledger byte prefix before deserialization --- packages/isc/requestimpl.go | 8 ++++++++ packages/webapi/services/offledger.go | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/packages/isc/requestimpl.go b/packages/isc/requestimpl.go index 9f8c04ec13..787da9d613 100644 --- a/packages/isc/requestimpl.go +++ b/packages/isc/requestimpl.go @@ -22,6 +22,14 @@ const ( requestKindOffLedgerEVMCall ) +func IsOffledgerKind(b byte) bool { + switch RequestKind(b) { + case requestKindOffLedgerISC, requestKindOffLedgerEVMTx: + return true + } + return false +} + func RequestFromBytes(data []byte) (Request, error) { rr := rwutil.NewBytesReader(data) return RequestFromReader(rr), rr.Err diff --git a/packages/webapi/services/offledger.go b/packages/webapi/services/offledger.go index c9f149dc19..95449c8210 100644 --- a/packages/webapi/services/offledger.go +++ b/packages/webapi/services/offledger.go @@ -26,6 +26,10 @@ func NewOffLedgerService(chainService interfaces.ChainService, networkProvider p } func (c *OffLedgerService) ParseRequest(binaryRequest []byte) (isc.OffLedgerRequest, error) { + // check offledger kind (avoid deserialization otherwise) + if !isc.IsOffledgerKind(binaryRequest[0]) { + return nil, errors.New("error parsing request: off-ledger request expected") + } request, err := isc.RequestFromBytes(binaryRequest) if err != nil { return nil, errors.New("error parsing request from payload") From 45a32877de5d60047998bff111d833ea29f982ac Mon Sep 17 00:00:00 2001 From: Jorge Silva Date: Tue, 19 Sep 2023 10:20:11 +0100 Subject: [PATCH 2/2] refactor: (wasp-cli) disable-gas-policy -> disable-feepolicy, for consistency --- tools/wasp-cli/chain/governance.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/wasp-cli/chain/governance.go b/tools/wasp-cli/chain/governance.go index 5ef85f7ebd..6f40918e1e 100644 --- a/tools/wasp-cli/chain/governance.go +++ b/tools/wasp-cli/chain/governance.go @@ -81,7 +81,7 @@ func initDisableFeePolicyCmd() *cobra.Command { var chain string cmd := &cobra.Command{ - Use: "disable-gas-policy", + Use: "disable-feepolicy", Short: "set token charged by each gas to free.", Run: func(cmd *cobra.Command, args []string) { node = waspcmd.DefaultWaspNodeFallback(node)