Valery Gantchev
authored
This PR modifies `named_reserve()` in frame-balances to use checked math instead of defensive saturating math. The use of saturating math relies on the assumption that the sum of the values will always fit in `u128::MAX`. However, there is nothing preventing the implementing pallet from passing a larger value which overflows. This can happen if the implementing pallet does not validate user input and instead relies on `named_reserve()` to return an error (this saves an additional read) This is not a security concern, as the method will subsequently return an error thanks to `<Self as ReservableCurrency<_>>::reserve(who, value)?;`. However, the `defensive_saturating_add` will panic in `--all-features`, creating false positive crashes in fuzzing operations. --------- Co-authored-by:cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com> (cherry picked from commit f373af0d)
| Name | Last commit | Last update |
|---|---|---|
| .. | ||
| 1.10.0 | ||
| 1.11.0 | ||
| 1.12.0 | ||
| 1.13.0 | ||
| 1.14.0 | ||
| 1.15.0 | ||
| 1.15.1 | ||
| 1.16.0 | ||
| 1.16.1 | ||
| 1.3.0 | ||
| 1.4.0 | ||
| 1.5.0 | ||
| 1.6.0 | ||
| 1.7.0 | ||
| 1.8.0 | ||
| 1.9.0 | ||
| stable2412-1 | ||
| stable2412 | ||
| .gitkeep | ||
| .template.prdoc | ||
| pr_7365.prdoc | ||
| schema_user.json | ||