sneak/AutistMask
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(L5): truncate token name/symbol from RPC responses

Browse Source 
Limits token name to 64 chars and symbol to 12 chars to prevent
storage of excessively long values from malicious contracts.
This commit is contained in:
clawbot
2026-02-27 11:42:18 -08:00
committed by user
parent 04a34d1a5e
commit 909543e943
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/balances.js
View File

@@ -192,6 +192,10 @@ async function lookupTokenInfo(contractAddress, rpcUrl) {
name = symbol;
}
// Truncate to prevent storage of excessively long values from RPC
name = String(name).slice(0, 64);
symbol = String(symbol).slice(0, 12);
log.infof("Token resolved:", symbol, "decimals", Number(decimals));
return { name, symbol, decimals: Number(decimals) };
}