View Issue Details

IDProjectCategoryView StatusLast Update
0005383Talermechant backendpublic2019-12-20 19:12
ReporterMarcello Stanisci Assigned ToMarcello Stanisci  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version0.6Fixed in Version0.6 
Summary0005383: Integrity check on "total_amount" as of /track/transfer is missing.
DescriptionThe merchant does not check whether the "total_amount" field from /track/transfer response body actually matches the sum of all the coins involved in the wire transfer.
TagsNo tags attached.

Activities

Marcello Stanisci

2018-07-26 15:06

reporter   ~0013150

This is not a bug, because this kind of check takes place within
the exchange-lib (used by the merchant to request /track/transfer).

However it emerged that the merchant logic aborted the execution if exchange-lib returned "424 Failed Dependency" upon a sloppy "total_amount" field, and so c993c0d fixed it (by simply passing the control to the proper callback).

Issue History

Date Modified Username Field Change
2018-07-03 10:22 Marcello Stanisci New Issue
2018-07-03 10:22 Marcello Stanisci Status new => assigned
2018-07-03 10:22 Marcello Stanisci Assigned To => Marcello Stanisci
2018-07-03 10:23 Marcello Stanisci Target Version => 0.6
2018-07-03 10:23 Marcello Stanisci Description Updated
2018-07-26 15:06 Marcello Stanisci Note Added: 0013150
2018-07-26 15:07 Marcello Stanisci Status assigned => resolved
2018-07-26 15:07 Marcello Stanisci Resolution open => fixed
2018-09-15 11:06 Christian Grothoff Fixed in Version => 0.6
2019-12-20 19:12 Christian Grothoff Status resolved => closed