Check safe value transfer

phpcoinn · phpcoinn · commit 1e014e745f14 · 2025-08-08T19:32:04.000+02:00
diff --git a/include/class/Transaction.php b/include/class/Transaction.php
@@ -702,6 +702,10 @@ public function check($block, $verify = false, &$error = null)
 				throw new Exception("{$this->val} - Value < 0", 3);
 			}
 
+            if(!isSafeVal($this->val)) {
+                throw new Exception("Transaction value is not safe number, please split its amount", 3);
+            }
+
 	        // the value must be >=0
 	        if ($this->val <= 0 && in_array($phase, ["genesis","launch","mining","combined","deflation","increasing","decreasing","main"]) && $height > UPDATE_10_ZERO_TX_NOT_ALLOWED) {
 				if($this->type != TX_TYPE_SC_CREATE && $this->type != TX_TYPE_SC_EXEC && $this->type != TX_TYPE_SC_SEND) {
@@ -826,7 +830,7 @@ public function check($block, $verify = false, &$error = null)
 	        $id = $this->hash();
 	        // the hash does not match our regenerated hash
 	        if ($thisId != $id) {
-		        throw new Exception("{$this->id} - $id - Invalid hash");
+		        throw new Exception("$thisId - $id - Invalid hash");
 	        }
 
 	        //verify the ecdsa signature
diff --git a/include/functions.inc.php b/include/functions.inc.php
@@ -466,3 +466,37 @@ function process_cmdline_args($argv) {
     }
     return $params;
 }
+
+function isSafeVal($value) {
+    // Normalize to string
+    $value = (string)$value;
+
+    // Split into whole and fractional parts
+    if (strpos($value, '.') !== false) {
+        [$whole, $fraction] = explode('.', $value, 2);
+    } else {
+        $whole = $value;
+        $fraction = '';
+    }
+
+    // Remove any leading/trailing zeros from whole part
+    $whole = ltrim($whole, '0');
+    if ($whole === '') $whole = '0';
+
+    // Max safe integer for float in PHP/IEEE-754 is 2^53 = 9007199254740992
+    // That's 15-16 decimal digits total precision
+    $digitsBeforeDecimal = strlen($whole);
+
+    // If whole part has more than 15 digits → unsafe
+    if ($digitsBeforeDecimal > 15) {
+        return false;
+    }
+
+    // Total significant digits before + after decimal should not exceed 15
+    $significant = strlen(rtrim($whole . $fraction, '0'));
+    if ($significant > 15) {
+        return false;
+    }
+
+    return true;
+}
