You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A user can claim a handle very similar to those in the RESERVED_WORDS list by using Unicode characters.
Issue details
During the execution of the claim_handle extrinsic, the base handle, which is passed by the user, is validated by the validate_base_handle function. One of the checks in this function ensures that the handle is not part of a list of reserved words:
The is_reserved_handle function does not check the canonical base representation of the base_handle_str. As a result, a user can create a handle which looks very similar to a reserved one.
As an example, the following test claims a handle with "here" as prefix, by using Unicode character "\u0435" instead of "e" for the first 'e':
The code for the final handle creation correctly uses the base_handle_str with a suffix that does take the canonical representation into account. As a result, there will never be two handles that only differ by a similar Unicode character.
However, to prevent any kind of confusion, the check for reserved handles in the RESERVED_WORDS list should use the canonical representation.
Mitigation
A simple mitigation would be to adjust the is_reserved_handle function to check the canonicalized representations of the strings:
Summary
A user can claim a handle very similar to those in the
RESERVED_WORDS
list by using Unicode characters.Issue details
During the execution of the
claim_handle
extrinsic, the base handle, which is passed by the user, is validated by thevalidate_base_handle
function. One of the checks in this function ensures that the handle is not part of a list of reserved words:The
is_reserved_handle
function does not check the canonical base representation of thebase_handle_str
. As a result, a user can create a handle which looks very similar to a reserved one.As an example, the following test claims a handle with "here" as prefix, by using Unicode character "\u0435" instead of "e" for the first 'e':
The code for the final handle creation correctly uses the
base_handle_str
with a suffix that does take the canonical representation into account. As a result, there will never be two handles that only differ by a similar Unicode character.However, to prevent any kind of confusion, the check for reserved handles in the
RESERVED_WORDS
list should use the canonical representation.Mitigation
A simple mitigation would be to adjust the
is_reserved_handle
function to check the canonicalized representations of the strings:However for efficiency, reserved word map should be converted for the constant and test moved to after the canonical conversion of the input.
The text was updated successfully, but these errors were encountered: