diff --git a/pkg/services/rpcsrv/params/param.go b/pkg/services/rpcsrv/params/param.go index e0a56db3fb..29d3906487 100644 --- a/pkg/services/rpcsrv/params/param.go +++ b/pkg/services/rpcsrv/params/param.go @@ -399,6 +399,9 @@ func (p Param) GetSignersWithWitnesses() ([]transaction.Signer, []transaction.Wi if err != nil { return nil, nil, err } + if len(hashes) > transaction.MaxAttributes { + return nil, nil, errors.New("too many signers") + } signers := make([]transaction.Signer, len(hashes)) witnesses := make([]transaction.Witness, len(hashes)) // try to extract hashes first diff --git a/pkg/services/rpcsrv/params/param_test.go b/pkg/services/rpcsrv/params/param_test.go index dfe0d2f3f1..d7d866e53a 100644 --- a/pkg/services/rpcsrv/params/param_test.go +++ b/pkg/services/rpcsrv/params/param_test.go @@ -496,6 +496,15 @@ func TestParamGetSigners(t *testing.T) { require.True(t, u2.Equals(actual[1].Account)) }) + t.Run("overflow", func(t *testing.T) { + var hashes = make([]util.Uint256, transaction.MaxAttributes+1) + msg, err := json.Marshal(hashes) + require.NoError(t, err) + p := Param{RawMessage: msg} + _, _, err = p.GetSignersWithWitnesses() + require.Error(t, err) + }) + t.Run("bad format", func(t *testing.T) { p := Param{RawMessage: []byte(`"not a signer"`)} _, _, err := p.GetSignersWithWitnesses()