Sanitize fee rates (user input) #21893

issue MarcoFalke opened this issue on May 9, 2021
  1. MarcoFalke commented at 9:00 AM on May 9, 2021: member

    It would be nice to sanitize fee rates from user input.

    For example the block min fee rate is simply parsed as int64_t value. As fee rates are multiplied by the package size, this can easily lead to overflow.

        if (gArgs.IsArgSet("-blockmintxfee") && ParseMoney(gArgs.GetArg("-blockmintxfee", ""), n)) {

    Assuming a maximum transaction size of at most 4MvB, this would give an upper bound for the fee rate of ~46116 BTC/kvB. Though, any fee rate larger than 1 BTC/kvB is probably nonsense and should be rejected early on startup.

  2. MarcoFalke added the label Feature on May 9, 2021
  3. ghost commented at 10:43 AM on May 9, 2021: none

    Concept ACK. Always good to sanitize user input.

  4. jonatack commented at 11:13 AM on May 9, 2021: contributor

    Yes. Sanitizing port numbers from user input is on my list as a follow-up to #21328, so if no one picks this up I might. Of course, someone else can pick up either of those too.

  5. aureleoules commented at 9:23 AM on September 16, 2022: member

    I believe this is fixed with #22220.

  6. MarcoFalke closed this on Sep 16, 2022
  7. MarcoFalke commented at 10:03 AM on September 16, 2022: member

    No, the integer overflow should still exists, see also #22044 (comment)

  8. fanquake referenced this in commit 5fc3939850 on Oct 12, 2022
  9. bitcoin locked this on Sep 16, 2023
Contributors
MarcoFalkeghostjonatackaureleoules
Labels
Feature
Linked (view graph)
#22044 Sanitize fee options#22087 Validate port-options
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-25 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me