Merge pull request #20 from push-protocol/audit/issue-8

Audit Issue8: added limit to identity bytes
push-protocol · Nov 20, 2024 · 2de05c1 · 2de05c1
2 parents 310175d + 7a7b9a5
commit 2de05c1
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/src/lib.cairo b/src/lib.cairo
@@ -261,6 +261,15 @@ pub mod PushComm {
             recipient: ContractAddress,
             identity: ByteArray
         ) -> bool {
+            // Define the maximum allowed bytes based on felts limit
+            let MAX_IDENTITY_BYTES_LIMIT: usize = 9145; // equivalent to 295 felts
+
+            // Check that the identity length is within the limit
+            let identity_length = identity.len();
+            if identity_length > MAX_IDENTITY_BYTES_LIMIT {
+                return false;
+            }
+
             let success = self._check_notif_req(channel);
             if success {
                 self
@@ -276,7 +285,6 @@ pub mod PushComm {
         }
     }
 
-
     #[abi(embed_v0)]
     impl PushComm of super::IPushComm<ContractState> {
         // User
@@ -312,6 +320,16 @@ pub mod PushComm {
             );
 
             let modified_notif_settings = format!("@{}+@{}", notif_id, notif_settings);
+
+            // Define the maximum allowed bytes based on felts limit
+            let MAX_IDENTITY_BYTES_LIMIT: usize = 9145; // equivalent to 295 felts
+
+            // Check that the notif_settings length is within the limit
+            let modified_notif_settings_length = modified_notif_settings.len();
+            assert!(
+                modified_notif_settings_length <= MAX_IDENTITY_BYTES_LIMIT, "notif_settings exceeds limit"
+            );
+
             self
                 .user_to_channel_notifs
                 .entry(caller_address)