Validate string amount decimal places.

2024-11-17 00:07:56 +00:00 · 2019-07-31 20:49:45 +02:00 · 2019-07-31 20:49:45 +02:00 · d6341eceb7
commit d6341eceb7
parent 9a0f237019
2 changed files with 19 additions and 3 deletions
--- a/basicswap/basicswap.py
+++ b/basicswap/basicswap.py
@ -972,6 +972,7 @@ class BasicSwap():
    def postBid(self, offer_id, amount, addr_send_from=None):
        # Bid to send bid.amount * offer.rate of coin_to in exchange for bid.amount of coin_from
        self.log.debug('postBid %s %s', offer_id.hex(), format8(amount))
+
        self.mxDB.acquire()
        try:
            offer = self.getOffer(offer_id)
@ -1643,7 +1644,7 @@ class BasicSwap():

        # TODO: Lookup from explorers

-        if assert_txid != None:
+        if assert_txid is not None:
            try:
                ro = self.callcoinrpc(coin_type, 'getmempoolentry', [assert_txid])
                self.log.debug('Tx %s found in mempool, fee %s', assert_txid, ro['fee'])
--- a/basicswap/http_server.py
+++ b/basicswap/http_server.py
@ -19,6 +19,7 @@ from . import __version__
 from .util import (
    COIN,
    format8,
+    makeInt,
 )
 from .chainparams import (
    chainparams,
@ -88,6 +89,14 @@ def getTxSpendHex(bid, tx_type):
    return obj.spend_txid.hex() + ' {}'.format(obj.spend_n)


+def validateAmountString(amount):
+    if type(amount) != str:
+        return
+    ar = amount.split('.')
+    if len(ar) > 0 and len(ar[1]) > 8:
+        raise ValueError('Too many decimal places in amount {}'.format(amount))
+
+
 def html_content_start(title, h2=None, refresh=None):
    content = '<!DOCTYPE html><html lang="en">\n<head>' \
        + '<meta charset="UTF-8">' \
@ -260,8 +269,14 @@ class HttpHandler(BaseHTTPRequestHandler):
            except Exception:
                raise ValueError('Unknown Coin To')

-            value_from = int(float(form_data[b'amt_from'][0]) * COIN)
-            value_to = int(float(form_data[b'amt_to'][0]) * COIN)
+            value_from = form_data[b'amt_from'][0].decode('utf-8')
+            value_to = form_data[b'amt_to'][0].decode('utf-8')
+
+            validateAmountString(value_from)
+            validateAmountString(value_to)
+            value_from = makeInt(value_from)
+            value_to = makeInt(value_to)
+
            min_bid = int(value_from)
            rate = int((value_to / value_from) * COIN)
            autoaccept = True if b'autoaccept' in form_data else False