From be2bb0a58860f3a5440a53cf880bb135d7eeb13e Mon Sep 17 00:00:00 2001 From: parthshah1 Date: Sun, 10 Mar 2024 18:43:45 -0700 Subject: [PATCH] fix: api: Length check the array sent to eth_feeHistory RPC (#11696) Co-authored-by: Rod Vagg Co-authored-by: Steven Allen --- node/impl/full/eth.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/node/impl/full/eth.go b/node/impl/full/eth.go index 11c53b3cfb6..5c3fcac960d 100644 --- a/node/impl/full/eth.go +++ b/node/impl/full/eth.go @@ -42,6 +42,8 @@ import ( var ErrUnsupported = errors.New("unsupported method") +const maxEthFeeHistoryRewardPercentiles = 100 + type EthModuleAPI interface { EthBlockNumber(ctx context.Context) (ethtypes.EthUint64, error) EthAccounts(ctx context.Context) ([]ethtypes.EthAddress, error) @@ -698,6 +700,9 @@ func (a *EthModule) EthFeeHistory(ctx context.Context, p jsonrpc.RawParams) (eth } rewardPercentiles := make([]float64, 0) if params.RewardPercentiles != nil { + if len(*params.RewardPercentiles) > maxEthFeeHistoryRewardPercentiles { + return ethtypes.EthFeeHistory{}, errors.New("length of the reward percentile array cannot be greater than 100") + } rewardPercentiles = append(rewardPercentiles, *params.RewardPercentiles...) } for i, rp := range rewardPercentiles {