Skip to content

Closes #156 - fix: enforce MAX_BATCH_SIZE in all batch functions (#156) test: add b…#229

Merged
dDevAhmed merged 2 commits into
DigiNodes:mainfrom
Emmanuel-abiola:fix/batch-payout-limit
May 30, 2026
Merged

Closes #156 - fix: enforce MAX_BATCH_SIZE in all batch functions (#156) test: add b…#229
dDevAhmed merged 2 commits into
DigiNodes:mainfrom
Emmanuel-abiola:fix/batch-payout-limit

Conversation

@Emmanuel-abiola
Copy link
Copy Markdown
Contributor

@Emmanuel-abiola Emmanuel-abiola commented May 30, 2026

Description

Closes #156

Changes proposed

What were you told to do?

Audit fix: enforce MAX_BATCH_SIZE in all batch functions.

What did I do?

Enforced a batch-size cap in every batch entry point:

  • VerifierSlashing.batchSlash — replaced the inline magic number 50 with a named MAX_BATCH_SIZE = 50 constant. Cap kept low because each slash performs an external staking call plus storage writes (heavier per item than a token transfer). Mismatch/oversize/empty cases now revert with custom errors (BatchLengthMismatch, BatchSizeExceeded, EmptyBatch) to match the contract's existing error style.
  • TruthBountyClaims.settleClaimsBatch — already enforced MAX_BATCH_SIZE = 200; annotated with the audit reference, no functional change.
  • MockReputationOracle.batchSetReputationScores (test mock) — added MAX_BATCH_SIZE = 200 and a size guard for consistency and to prevent confusing out-of-gas failures. This is a robustness change, not a production security fix.

Tests

  • Added test/BatchSizeLimit_test.ts covering, per function: empty batch reverts, mismatched array lengths revert, exactly MAX_BATCH_SIZE succeeds, MAX_BATCH_SIZE + 1 reverts.
  • Updated the existing array-mismatch assertion in VerifierSlashing_test.ts to expect the new BatchLengthMismatch custom error.

Behavior changes

  • batchSlash reverts are now custom errors instead of strings.
  • MockReputationOracle.batchSetReputationScores now reverts on empty input (previously a silent no-op); no callers affected.

Check List (Check all the applicable boxes)

  • My code follows the code style of this project.
  • This PR does not contain plagiarized content.
  • The title and description of the PR is clear and explains the approach.
  • I am making a pull request against the dev branch (left side).
  • My commit messages styles matches our requested structure.
  • My code additions will fail neither code linting checks nor unit test.
  • I am only making changes to files I was requested to.

@dDevAhmed dDevAhmed merged commit 3aa26c2 into DigiNodes:main May 30, 2026
1 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Batch Payout Limit

2 participants

@Emmanuel-abiola @dDevAhmed