Description
metadata_limits.rs validates length but not content. Add a codepoint validator that rejects zero-width characters, bidi-override controls, and other invisible Unicode so attackers cannot smuggle homoglyph or RTL-override payloads into market titles and outcome names.
Requirements and Context
- Define a denylist of codepoints/ranges as constants
- Validator returns
Error::InvalidCharacter with the offending codepoint
- Surface the deny set via a query
- Must be secure, tested, and documented
- Should be efficient and easy to review
Suggested Execution
- Fork the repo and create a branch
git checkout -b feature/metadata-codepoint-validator
- Implement changes
contracts/predictify-hybrid/src/metadata_limits.rscontracts/predictify-hybrid/src/metadata_limits_tests.rs
- Test and commit
cargo test -p predictify-hybrid codepoint_validator- Cover edge cases
- Include test output and notes in the PR
Example commit message
feat: reject zero-width and bidi-override codepoints in metadata_limits
Acceptance Criteria
Guidelines
- Validate auth, overflow, and storage TTL/archival
- Clear documentation and inline comments
- Timeframe: 96 hours
Description
metadata_limits.rsvalidates length but not content. Add a codepoint validator that rejects zero-width characters, bidi-override controls, and other invisible Unicode so attackers cannot smuggle homoglyph or RTL-override payloads into market titles and outcome names.Requirements and Context
Error::InvalidCharacterwith the offending codepointSuggested Execution
contracts/predictify-hybrid/src/metadata_limits.rscontracts/predictify-hybrid/src/metadata_limits_tests.rscargo test -p predictify-hybrid codepoint_validatorExample commit message
Acceptance Criteria
Guidelines