feat: handle ledger gaps and reorgs in Horizon indexer#314
Open
ComputerOracle wants to merge 2 commits into
Open
feat: handle ledger gaps and reorgs in Horizon indexer#314ComputerOracle wants to merge 2 commits into
ComputerOracle wants to merge 2 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security Changes
Type of Security Change
Vulnerability Details
Issue Type: Caller-Supplied Withdrawal Token
Severity: Critical
Description:
This change introduces a deliberately vulnerable Soroban contract fixture demonstrating a critical asset-redirection vulnerability. The contract allows a caller to specify the payout token during withdrawal while internal accounting assumes a different asset. An attacker can deposit a low-value token and withdraw a higher-value token held by the contract.
Affected Component:
vulnerable/caller_supplied_withdraw_tokenSecure Comparison Included:
src/secure.rsdemonstrates the correct pattern by storing the authorized token during initialization and preventing caller-controlled token selection.Fix Applied:
Testing
Security Impact Analysis
Affected Components:
Risk Assessment:
This change intentionally introduces a vulnerable fixture for security tooling validation, educational purposes, and scanner regression testing. The vulnerable implementation is isolated within the dedicated
vulnerable/directory and is not intended for production deployment. A secure reference implementation is provided for comparison and remediation guidance.Documentation Updates
Checklist
Additional Notes
This fixture demonstrates the "caller-supplied withdrawal token" anti-pattern. Security scanners should flag withdrawal flows where the payout token address is controlled by the caller rather than being configured and enforced by the contract.
Test Output
Tests were authored to cover:
Execution of tests was temporarily blocked by Cloud Shell storage limitations and workspace configuration issues.
CI Run Link
closes #230