d-bis/app-ethereum
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add funcs to avoid tricking user when using plugin

Browse Source 
Usually the length of an array is sent in a parameter.
Most of the times the developer simply uses U2BE/U4BE to get this length. It
is possible to forge a tx with a `length > sizeof(uint16_t/uint32_t)` and trick the
user into signing something different from what is shown.

For instance consider the following parameter:
00 ... 01 00 00 00 01

if the developer uses U2BE/U4BE, it is possible that this length is shown to the user
and if it is, the user will see the length as 1.
This commit is contained in:
Jorge Martins
2022-11-02 13:34:26 +01:00
parent 912c8afca6
commit ead85a0aaa
4 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tools/build_sdk.py
View File

@@ -164,7 +164,7 @@ if __name__ == "__main__":
"typedef union": ["extraInfo_t"],
"__attribute__((no_instrument_function)) inline": ["int allzeroes"],
"const": ["HEXDIGITS"],
"fn": ["void getEthAddressStringFromBinary", "void getEthAddressFromKey", "void getEthDisplayableAddress", "bool adjustDecimals", "bool uint256_to_decimal", "void amountToString", "void u64_to_string", "void copy_address", "void copy_parameter"]
"fn": ["void getEthAddressStringFromBinary", "void getEthAddressFromKey", "void getEthDisplayableAddress", "bool adjustDecimals", "bool uint256_to_decimal", "void amountToString", "void u64_to_string", "void copy_address", "void copy_parameter", "bool U2BE_from_parameter", "U4BE_from_parameter"]
}
merge_headers(headers_to_merge, nodes_to_extract)