Add boundary check for asset value

Author: cffls

pycardano/serialization.py

@@ -870,6 +870,13 @@ def __copy__(self):
     def __deepcopy__(self, memodict={}):
         return self.__class__(deepcopy(self.data))
 
+    def validate(self):
+        for key, value in self.data.items():
+            if isinstance(key, CBORSerializable):
+                key.validate()
+            if isinstance(value, CBORSerializable):
+                value.validate()
+
     def to_shallow_primitive(self) -> dict:
         # Sort keys in a map according to https://datatracker.ietf.org/doc/html/rfc7049#section-3.9
         def _get_sortable_val(key):

pycardano/transaction.py

@@ -54,6 +54,9 @@
     "Withdrawals",
 ]
 
+_MAX_INT64 = (1 << 63) - 1
+_MIN_INT64 = -(1 << 63)
+
 
 @dataclass(repr=False)
 class TransactionInput(ArrayCBORSerializable):
@@ -78,6 +81,13 @@ class Asset(DictCBORSerializable):
 
     VALUE_TYPE = int
 
+    def validate(self):
+        for n in self:
+            if self[n] < _MIN_INT64 or self[n] > _MAX_INT64:
+                raise InvalidDataException(
+                    f"Asset amount must be between {_MIN_INT64} and {_MAX_INT64}: \n {self[n]}"
+                )
+
     def union(self, other: Asset) -> Asset:
         return self + other
 

test/pycardano/test_transaction.py

@@ -469,3 +469,10 @@ class TestDatum(PlutusData):
     cbor = output.to_cbor_hex()
 
     assert cbor == TransactionOutput.from_cbor(cbor).to_cbor_hex()
+
+
+def test_out_of_bound_asset():
+    bad_asset = Asset({AssetName(b"abc"): 1 << 64})
+
+    with pytest.raises(InvalidDataException):
+        bad_asset.to_cbor_hex()