-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing Account ID Checks for get_balance #54
Closed
Labels
Comments
evgenykuzyakov
pushed a commit
to near/near-sdk-rs
that referenced
this issue
Jun 5, 2020
evgenykuzyakov
pushed a commit
to near/NEPs
that referenced
this issue
Jun 5, 2020
Fixes: near/core-contracts#47 Fixes: near/core-contracts#49 ### Changelog `0.2.0` - Introduce storage deposits. Make every method payable. Require caller to attach enough deposit to cover potential storage increase. See [core-contracts/#47](near/core-contracts#47) - Replace `set_allowance` with `inc_allowance` and `dec_allowance` to address the issue of allowance front-running. See [core-contracts/#49](near/core-contracts#49) - Validate `owner_id` account ID. See [core-contracts/#54](near/core-contracts#54) - Enforce that the `new_owner_id` is different from the current `owner_id` for transfer. See [core-contracts/#55](near/core-contracts#55)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Informational
Reported by a third party.
Description
There are currently checks to validate the input accounts for get_allowance() . These checks prevent contracts accidentally checking the allowance of an invalid account.
The function get_balance() does not posses the same checks. Users may accidently check the balance of an invalid account. The return value of the call would be zero.
Furthermore, there is a comment for get_allowance() stating how the allowance may have already changed by the time the return value is read by a contract. The same principle also applies to get_balance() , however it is not documented.
Recommendations
While these checks and comments are not necessary, it is recommended to have a consistent behaviour across similar functions.
The text was updated successfully, but these errors were encountered: