Giters

mit-dci / opencbdc-tx

A transaction processor for a hypothetical, general-purpose, central bank digital currency

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Casting errors in client-cli

mszulcz-mitre opened this issue · comments

commented

Affected Branch

trunk

Basic Diagnostics

  • I've pulled the latest changes on the affected branch and the issue is still present.

  • The issue is reproducible in docker

Description

The executable compiled from client-cli.cpp is used to interact with the transaction processor. In the "Launch System" section in README.md, it's called to mint new coins, print the balance of a wallet, make a new wallet, and send coins between wallets. For example, to mint new coins, the command is:

# ./build/src/uhs/client/client-cli 2pc-compose.cfg mempool0.dat wallet0.dat mint 10 5

When calling client-cli with the commands "mint", "send", or "fan", the code may exhibit a casting error. For example, if the mint command is accidentally called with a negative number, such as in

# ./build/src/uhs/client/client-cli 2pc-compose.cfg mempool0.dat wallet0.dat mint -1 5

the code would cast -1 to 18446744073709551615 and would create 18446744073709551615 new utxos without warning. If the mint command is invoked with -18446744073709551615 outputs, it actually only makes one:

root@102611d59e8f:/opt/tx-processor# ./build/src/uhs/client/client-cli 2pc-compose.cfg mempool0.dat wallet0.dat mint -18446744073709551615 5
[2022-09-28 05:18:56.541] [WARN ] Existing wallet file not found
[2022-09-28 05:18:56.541] [WARN ] Existing client file not found
34162c6120b9ddb3d1dd6f69b4898ba2af4e4e6868e3b099d39316c133ab54ae
root@102611d59e8f:/opt/tx-processor# ./build/src/uhs/client/client-cli 2pc-compose.cfg mempool0.dat wallet0.dat info
Balance: $0.05, UTXOs: 1, pending TXs: 0

This is caused by the use of std::stoull and std::stoul, which are used to convert strings to unsigned integers. For example, here's the function mint_command:

auto mint_command(cbdc::client& client, const std::vector<std::string>& args)
    -> bool {
    static constexpr auto min_mint_arg_count = 7;
    if(args.size() < min_mint_arg_count) {
        std::cerr << "Mint requires args <n outputs> <output value>"
                  << std::endl;
        return false;
    }

    const auto n_outputs = std::stoull(args[5]);
    const auto output_val = std::stoul(args[6]);

Code of Conduct

  • I agree to follow this project's Code of Conduct