more security params validation

Layr-Labs · Nov 14, 2023 · 882ca92 · 882ca92
1 parent b8c1514
commit 882ca92
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/disperser/apiserver/server.go b/disperser/apiserver/server.go
@@ -78,18 +78,27 @@ func (s *DispersalServer) DisperseBlob(ctx context.Context, req *pb.DisperseBlob
 	if len(securityParams) == 0 {
 		return nil, fmt.Errorf("invalid request: security_params must not be empty")
 	}
+	if len(securityParams) > 256 {
+		return nil, fmt.Errorf("invalid request: security_params must not exceed 256")
+	}
 
+	seenQuorums := make(map[uint32]struct{})
 	// The quorum ID must be in range [0, 255]. It'll actually be converted
 	// to uint8, so it cannot be greater than 255.
 	for _, param := range securityParams {
+		if _, ok := seenQuorums[param.QuorumId]; ok {
+			return nil, fmt.Errorf("invalid request: security_params must not contain duplicate quorum_id")
+		}
+		seenQuorums[param.QuorumId] = struct{}{}
+
 		if param.GetQuorumId() >= uint32(s.quorumCount) {
 			err := s.updateQuorumCount(ctx)
 			if err != nil {
 				return nil, fmt.Errorf("failed to get onchain quorum count: %w", err)
 			}
 
 			if param.GetQuorumId() >= uint32(s.quorumCount) {
-				return nil, fmt.Errorf("Invalid request: the quorum_id must be in range [0, %d], but found %d", s.quorumCount-1, param.GetQuorumId())
+				return nil, fmt.Errorf("invalid request: the quorum_id must be in range [0, %d], but found %d", s.quorumCount-1, param.GetQuorumId())
 			}
 		}
 	}

diff --git a/disperser/apiserver/server_test.go b/disperser/apiserver/server_test.go
@@ -81,7 +81,24 @@ func TestDisperseBlobWithInvalidQuorum(t *testing.T) {
 			},
 		},
 	})
-	assert.ErrorContains(t, err, "Invalid request: the quorum_id must be in range [0, 1], but found 2")
+	assert.ErrorContains(t, err, "invalid request: the quorum_id must be in range [0, 1], but found 2")
+
+	_, err = dispersalServer.DisperseBlob(ctx, &pb.DisperseBlobRequest{
+		Data: data,
+		SecurityParams: []*pb.SecurityParams{
+			{
+				QuorumId:           0,
+				AdversaryThreshold: 80,
+				QuorumThreshold:    100,
+			},
+			{
+				QuorumId:           0,
+				AdversaryThreshold: 50,
+				QuorumThreshold:    90,
+			},
+		},
+	})
+	assert.ErrorContains(t, err, "invalid request: security_params must not contain duplicate quorum_id")
 }
 
 func TestGetBlobStatus(t *testing.T) {