fix: cap cool_down_period_s to prevent unstake DoS and add missing event#41
Open
Kukrushka wants to merge 1 commit into
Open
fix: cap cool_down_period_s to prevent unstake DoS and add missing event#41Kukrushka wants to merge 1 commit into
Kukrushka wants to merge 1 commit into
Conversation
SetUpdateCoolDownPeriod accepted any non-negative i64, including i64::MAX. When unstake later computed `current_unix_timestamp.checked_add(cool_down_period_s)` the addition overflowed, returning CoolDownOverflow for every caller — permanently bricking unstake for all users (issue orca-so#39). Fix: - Reject values above MAX_COOL_DOWN_PERIOD_S (10 years, ~315_360_000 s) in set.rs alongside the existing negative-value guard. - Emit a new CoolDownPeriodUpdated event so off-chain monitors can detect authority changes to the cooldown without polling state directly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #39.
Set(UpdateCoolDownPeriod)accepted any non-negativei64value, includingi64::MAX. Inunstake, the program computes:With a large enough cooldown (e.g.
i64::MAX), this addition overflows and everyunstakecall returnsCoolDownOverflow— permanently preventing all users from unstaking their tokens (DoS on withdrawal).Changes
instructions/set.rs— add upper-bound guard alongside the existing negative-value check:event.rs— addCoolDownPeriodUpdatedevent so off-chain monitors can detect authority changes to the cooldown without polling state. PreviouslyUpdateCoolDownPeriodwas the only admin instruction that emitted no event (inconsistent withUpdateUpdateAuthority).Test plan
Set(UpdateCoolDownPeriod { i64::MAX })now returnsInvalidCoolDownPeriodSet(UpdateCoolDownPeriod { MAX_COOL_DOWN_PERIOD_S })succeedsSet(UpdateCoolDownPeriod { MAX_COOL_DOWN_PERIOD_S + 1 })returnsInvalidCoolDownPeriodCoolDownPeriodUpdatedevent is emitted on successful update🤖 Generated with Claude Code