Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implementing suggestions from Egis audit review #960

Merged
merged 6 commits into from
Jul 1, 2024
Merged

implementing suggestions from Egis audit review #960

merged 6 commits into from
Jul 1, 2024

Conversation

smol-ninja
Copy link
Member

Changelog

  1. Index admin in AllowToHook event.

Egis: This way if the admin is changed, it would be easy to query all addresses that were whitelisted by given admin address, etc.

  1. Include dash in alphanumeric check

Egis: Consider adding - (2D) as supported char in for token sybmol, because it is not a threat for JSON injection and there are tokens such as LP, which may use this char. An example token with a market cap of $271M

@andreivladbrg and @PaulRBerg tagging you for feedback on the above changes.

@smol-ninja smol-ninja mentioned this pull request Jun 29, 2024
Merged
PaulRBerg
PaulRBerg requested changes Jun 30, 2024
View reviewed changes
Copy link
Member

@PaulRBerg PaulRBerg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A dash - is not an alphanumeric character.

Thus, let's rename the isAlphanumericWithSpaces function to isAllowedCharacter.

@smol-ninja
Copy link
Member Author

Will rename it. I agree with your point but couldn't think of a good name. Will go with isAllowedCharacter

PaulRBerg
PaulRBerg approved these changes Jun 30, 2024
View reviewed changes
Copy link
Member

@PaulRBerg PaulRBerg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good now, great job

@PaulRBerg
Copy link
Member

Let's wait for @andreivladbrg's review.

andreivladbrg
andreivladbrg approved these changes Jul 1, 2024
View reviewed changes
Copy link
Member

@andreivladbrg andreivladbrg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@smol-ninja smol-ninja merged commit 9eaac34 into staging Jul 1, 2024
9 checks passed
@smol-ninja smol-ninja deleted the egis-security-review branch July 1, 2024 12:40
andreivladbrg pushed a commit that referenced this pull request Jul 3, 2024
@smol-ninja @PaulRBerg @andreivladbrg
implementing suggestions from Egis audit review (#960)
77baae3 
* refactor: index admin in AllowToHook event

* feat: include dash in alphanumeric check

* build: update precompiles

* docs: update natspec

* refactor: rename isAlphanumericWithSpaces to IsAllowedCharacter

* test: fixes

---------

Co-authored-by: Paul Razvan Berg <prberg@proton.me>
andreivladbrg pushed a commit that referenced this pull request Jul 3, 2024
@smol-ninja @PaulRBerg @andreivladbrg
implementing suggestions from Egis audit review (#960)
9d84097 
* refactor: index admin in AllowToHook event

* feat: include dash in alphanumeric check

* build: update precompiles

* docs: update natspec

* refactor: rename isAlphanumericWithSpaces to IsAllowedCharacter

* test: fixes

---------

Co-authored-by: Paul Razvan Berg <prberg@proton.me>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andreivladbrg andreivladbrg andreivladbrg approved these changes

@PaulRBerg PaulRBerg PaulRBerg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smol-ninja @PaulRBerg @andreivladbrg