REVIEW1.md (1848B)
1 # REVIEW1: PTAL findings 2 3 ## Findings 4 5 1) High: u16-length fields can silently truncate on encode. 6 - Helper `encodeU16Bytes` uses `fromIntegral` without bounds checks. 7 - Affected encoders: TxAddInput, TxAddOutput, Witness, TxAbort, 8 UpdateFailHtlc. 9 - Files: 10 - lib/Lightning/Protocol/BOLT2/Codec.hs:283 11 - lib/Lightning/Protocol/BOLT2/Codec.hs:879 12 - lib/Lightning/Protocol/BOLT2/Codec.hs:909 13 - lib/Lightning/Protocol/BOLT2/Codec.hs:986 14 - lib/Lightning/Protocol/BOLT2/Codec.hs:1074 15 - lib/Lightning/Protocol/BOLT2/Codec.hs:1157 16 17 2) Medium: fixed-size 32-byte secrets are unvalidated in message types. 18 - `RevokeAndAck` and `ChannelReestablish` store secrets as raw 19 ByteString; encoders don't validate length. 20 - Files: 21 - lib/Lightning/Protocol/BOLT2/Messages.hs:527 22 - lib/Lightning/Protocol/BOLT2/Messages.hs:550 23 - lib/Lightning/Protocol/BOLT2/Codec.hs:1247 24 - lib/Lightning/Protocol/BOLT2/Codec.hs:1289 25 26 3) Medium: TLV decoding allows unknown even types by default. 27 - `decodeTlvStreamRaw` does not enforce the unknown-even rule. 28 - Files: 29 - lib/Lightning/Protocol/BOLT2/Codec.hs:226 30 - lib/Lightning/Protocol/BOLT2/Codec.hs:297 31 32 4) Low: list counts can overflow Word16 on encode. 33 - `length` of witnesses/signatures is truncated to Word16 without 34 checking. 35 - Files: 36 - lib/Lightning/Protocol/BOLT2/Codec.hs:996 37 - lib/Lightning/Protocol/BOLT2/Codec.hs:1210 38 39 5) Low: flake uses absolute path for ppad-bolt1. 40 - `flake.nix` points to `/Users/jtobin/src/ppad/bolt1`. 41 - File: 42 - flake.nix:5 43 44 6) Low: tests are empty and helper uses partial `error`. 45 - No tests in `test/Main.hs`; `unhex` uses `error`. 46 - File: 47 - test/Main.hs:15 48 49 ## Notes 50 51 - Decide whether TLV unknown-even enforcement belongs in codec or in a 52 validation layer. 53 - Consider making u16-length encoders return `Either EncodeError` to 54 prevent silent truncation. 55