Skip to content

Commit 1e014e7

Browse files
committed
Check safe value transfer
1 parent bf21408 commit 1e014e7

2 files changed

Lines changed: 39 additions & 1 deletion

File tree

include/class/Transaction.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -702,6 +702,10 @@ public function check($block, $verify = false, &$error = null)
702702
throw new Exception("{$this->val} - Value < 0", 3);
703703
}
704704

705+
if(!isSafeVal($this->val)) {
706+
throw new Exception("Transaction value is not safe number, please split its amount", 3);
707+
}
708+
705709
// the value must be >=0
706710
if ($this->val <= 0 && in_array($phase, ["genesis","launch","mining","combined","deflation","increasing","decreasing","main"]) && $height > UPDATE_10_ZERO_TX_NOT_ALLOWED) {
707711
if($this->type != TX_TYPE_SC_CREATE && $this->type != TX_TYPE_SC_EXEC && $this->type != TX_TYPE_SC_SEND) {
@@ -826,7 +830,7 @@ public function check($block, $verify = false, &$error = null)
826830
$id = $this->hash();
827831
// the hash does not match our regenerated hash
828832
if ($thisId != $id) {
829-
throw new Exception("{$this->id} - $id - Invalid hash");
833+
throw new Exception("$thisId - $id - Invalid hash");
830834
}
831835

832836
//verify the ecdsa signature

include/functions.inc.php

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -466,3 +466,37 @@ function process_cmdline_args($argv) {
466466
}
467467
return $params;
468468
}
469+
470+
function isSafeVal($value) {
471+
// Normalize to string
472+
$value = (string)$value;
473+
474+
// Split into whole and fractional parts
475+
if (strpos($value, '.') !== false) {
476+
[$whole, $fraction] = explode('.', $value, 2);
477+
} else {
478+
$whole = $value;
479+
$fraction = '';
480+
}
481+
482+
// Remove any leading/trailing zeros from whole part
483+
$whole = ltrim($whole, '0');
484+
if ($whole === '') $whole = '0';
485+
486+
// Max safe integer for float in PHP/IEEE-754 is 2^53 = 9007199254740992
487+
// That's 15-16 decimal digits total precision
488+
$digitsBeforeDecimal = strlen($whole);
489+
490+
// If whole part has more than 15 digits → unsafe
491+
if ($digitsBeforeDecimal > 15) {
492+
return false;
493+
}
494+
495+
// Total significant digits before + after decimal should not exceed 15
496+
$significant = strlen(rtrim($whole . $fraction, '0'));
497+
if ($significant > 15) {
498+
return false;
499+
}
500+
501+
return true;
502+
}

0 commit comments

Comments
 (0)