Skip to content

fix(spv): reject oversized BloomFilter bitsets in from_hex (closes #6466)#7879

Open
lequangsang01 wants to merge 10 commits into
Scottcjn:mainfrom
lequangsang01:fix/bounty-6466
Open

fix(spv): reject oversized BloomFilter bitsets in from_hex (closes #6466)#7879
lequangsang01 wants to merge 10 commits into
Scottcjn:mainfrom
lequangsang01:fix/bounty-6466

Conversation

@lequangsang01

Copy link
Copy Markdown
Contributor

Summary

  • Fix BloomFilter.from_hex() to validate the byte length of the hex input against the configured size_bits, not just the bit length of the decoded integer
  • The previous check (bit_length() > size_bits) only caught cases where the highest set bit exceeded the filter size, but allowed oversized hex strings with leading zeros to pass validation
  • Add test case for oversized hex with leading zeros ("00ff" with size_bits=8)

Changes

  • node/spv_client.py: Replace bit_length() check with byte-length validation using expected_bytes = (size_bits + 7) // 8
  • node/tests/test_spv_client.py: Add test_bloom_filter_rejects_oversized_hex_with_leading_zeros

Test plan

  • All 8 existing SPV client tests pass
  • New test confirms that hex input exceeding expected byte length is rejected

@github-actions github-actions Bot added documentation Improvements or additions to documentation BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) BCOS-L2 Beacon Certified Open Source tier BCOS-L2 (required for non-doc PRs) node Node server related tests Test suite changes size/XL PR: 500+ lines labels Jul 4, 2026
@lequangsang01

Copy link
Copy Markdown
Contributor Author

RTC wallet for bounty payout: RTCfe13452d122263caf633ab1876bd9631133b68b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) BCOS-L2 Beacon Certified Open Source tier BCOS-L2 (required for non-doc PRs) documentation Improvements or additions to documentation node Node server related size/XL PR: 500+ lines tests Test suite changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant