Skip to content

fix(tools): reject non-positive and overflow amounts in CampaignTotal…#52

Open
cybermax4200 wants to merge 3 commits into
OrbitChainLabs:mainfrom
cybermax4200:fix/campaign-totals-signed-amount-validation
Open

fix(tools): reject non-positive and overflow amounts in CampaignTotal…#52
cybermax4200 wants to merge 3 commits into
OrbitChainLabs:mainfrom
cybermax4200:fix/campaign-totals-signed-amount-validation

Conversation

@cybermax4200

@cybermax4200 cybermax4200 commented Jun 20, 2026

Copy link
Copy Markdown

Problem

CampaignTotals::increment accepted any i128, including negative values and zero. A caller passing a negative amount would silently subtract from the running
total — driving (campaign_id, asset) balances negative with no error. This creates a semantic mismatch with the on-chain storage_increment_total_raised, which
panics on delta <= 0, and corrupts off-chain analytics dashboards that treat these totals as "amount raised".

Overflow was also silent: a sufficiently large amount would wrap, producing a nonsense total.

Changes

  • increment now returns Result instead of i128
  • Returns Err immediately for amount <= 0, matching the contract's InvalidAmount guard
  • Replaces += with checked_add, returning Err on overflow
  • Updated all existing tests to .unwrap() the happy path

Tests

Three new cases added alongside the existing six:

Test Asserts
rejects_negative_amount increment(..., -100) returns Err containing "positive amount"
rejects_zero_amount increment(..., 0) returns Err containing "positive amount"
rejects_overflow adding 1 to a saturated entry returns Err containing "overflow"

All 9 unit tests pass.

Closes #50

@Alqku GitHub Codespaces

Alqku commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Good defensive check on the increment path — catching negatives and overflow is exactly what we need for #50. Heads up though: flipping 's return type from to is a public API break for downstream callers. Could you either add a non-breaking alongside (leaving 's signature as-is), or handle the validation internally while keeping the current signature? Once that's done this is good to go.

@Alqku Alqku mentioned this pull request Jun 21, 2026
Merged
@Alqku GitHub Codespaces

Alqku commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Hey @cybermax4200 👋 — the validation tightening for #50 (rejecting non-positive / overflow amounts in CampaignTotals::increment) is solid. Unfortunately no CI checks have run on this PR. Could you rebase on main or push a no-op commit to retrigger the workflow? Happy to merge once everything is green 🚀

@cybermax4200

cybermax4200 commented Jun 22, 2026

Copy link
Copy Markdown
Author

Hey @cybermax4200 👋 — the validation tightening for #50 (rejecting non-positive / overflow amounts in CampaignTotals::increment) is solid. Unfortunately no CI checks have run on this PR. Could you rebase on main or push a no-op commit to retrigger the workflow? Happy to merge once everything is green 🚀

Everything is now green, can you merge please

@GBOYEE

GBOYEE commented Jun 24, 2026

Copy link
Copy Markdown

Can I work on this? I've contributed to similar full-stack projects and can handle this quickly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[LOW] CampaignTotals::increment accepts negative amount — should reject like storage_increment_total_raised does

3 participants

@cybermax4200 @Alqku @GBOYEE