mirror of
https://github.com/actualbudget/actual.git
synced 2026-07-16 07:04:23 -05:00
[Bug]: No check for invalid timestamps from the client #404
Closed
opened 2026-02-28 19:02:38 -06:00 by GiteaMirror
·
5 comments
No Branch/Tag Specified
master
dependabot/npm_and_yarn/npm_and_yarn-cd62b4b37a
api-browser-custom-data-dir
tabedzki/feat/replacing-month-picker-with-day-picker
delay-initial-sync-until-loaded
jfdoming/mobile-app-build
cross-version-sync-compat
jfdoming/api-tokens-part-1
jfdoming/api-tokens-part-2
jfdoming/api-tokens-part-3
jfdoming/mobile-app-updates
claude/budget-version-migration-compat-151jlr
claude/worker-error-serialization-9iqtl7
claude/react-table-library-research-afx83z
claude/issue-8401-regression-test-9nw9l3
jfdoming/mobile-app-foundation-part-1
jfdoming/mobile-app-scaffold
release
ai-fix-cleanup-def-8290
claude/relaxed-shannon-jusywa
claude/fervent-keller-s6f2fq
claude/determined-feynman-st1y9z
claude/wizardly-einstein-vi2wce
claude/sweet-albattani-7nseio
feat/bank-sync-per-budget-file
claude/affectionate-cannon-y0kc82
claude/dependabot-findings-m9pgmb
claude/mac-app-ios-publish-zjs1lz
claude/vigilant-tesla-aiiyos
depot-migrate-secrets-1781296330308
claude/quirky-cerf-v5qck7
claude/animation-removal-alternative-2etfh1
claude/netlify-preview-comments-consolidate-9XPYa
osc/7391-error-boundaries-reports
claude/pensive-dijkstra-7DYui
claude/server-app-version-mismatch-HTCGv
claude/pr-8027-review-feedback-mELuO
claude/zealous-wozniak-e5pO0
claude/intelligent-heisenberg-BSHJq
claude/translation-download-refactor-jFRsO
claude/mobile-performance-ideas-G9PAO
claude/github-issue-7988-5A5ly
blacksmith-migration-ff70d2d
claude/great-mayer-KRvOk
claude/react-native-ios-compilation-fcJh5
claude/serene-goldberg-58xv0
claude/kind-euler-LVG3K
release-automation/edge-nightly
7710-bundle-migrations
claude/fix-docker-build-error-WMfed
claude/llm-compatible-release-notes-t20Nr
7710-tests-tdd
cursor/transaction-table-rewrite-f077
claude/plan-ci-secure-context-OtEe1
claude/fix-issue-7667-DPXi3
cursor/resolve-pr-7449-ee11
claude/fix-typescript-build-error-JPtZ5
copilot/add-repository-configs-to-packages
worktree-compressed-drifting-ritchie
claude/api-consumer-verification-kfz1K
pr-7454
claude/fix-issue-7410-LLLQ4
revert-7281-generate-icons
react-query-useSchedules
copilot/sub-pr-6140
package-upgrades
v26.7.0
v26.6.0
v26.5.2
v26.5.1
v26.5.0
v26.4.0
v26.3.0
v26.2.1
v26.2.0
v26.1.0
v25.12.0
v25.11.0
v25.10.0
v25.9.0
v25.8.0
v25.7.1
v25.7.0
v25.6.1
v25.6.0
v25.5.0
v25.4.0
v25.3.1
v25.3.0
v25.2.1
v25.2.0
v25.1.0
v24.12.0
v24.11.0
v24.10.1
v24.10.0
v24.9.0
v24.8.0
v24.7.0
v24.6.0
v24.5.0
v24.4.0
v24.3.0
v24.2.0
v24.1.0
v23.12.0
v23.11.0
v23.10.0
v23.9.0
v23.8.1
v23.8.0
v23.7.2
v23.7.1
v23.7.0
v23.6.0
v23.5.0
v23.4.2
v23.4.1
v23.4.0
v23.3.2
v23.3.0
v23.2.9
v23.2.5
v23.1.12
v22.12.9
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
regression
reports
responsive
rules
schedules
server
✨ merged
split transactions
tech debt
tech-support
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
✅ approved
wontfix
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/actual#404
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @steida on GitHub (May 16, 2023).
Verified issue does not already exist?
What happened?
Here https://github.com/actualbudget/actual/blob/master/packages/loot-core/src/server/crdt/merkle.ts#L17
I don't think there is a reason why
keyhas to be padded. Especially when here it's not padded:https://github.com/actualbudget/actual/blob/master/packages/loot-core/src/server/crdt/merkle.ts#L25
I suppose this is the correct code:
What error did you receive?
No response
Where are you hosting Actual?
None
What browsers are you seeing the problem on?
No response
Operating System
None
@jlongster commented on GitHub (May 16, 2023):
It doesn't pad it when you already have a full time because... you already know it's a fully formed time! There's nothing to pad. Base 3 of a date (in ms) is always going to be of 16 length.
Caveat: that is until
Nov 5, 2051 8:20. That is the upper limit of the system currently, but there are other ways to encode/decode the time that if Actual still exists in 30 years, that can be solved. After that time, the length of a base 3 encoded time will be 17.Your code above is not equivalent. It's assuming that the encoding of the time in the trie starts from the right, when in fact is starts from the left. That's why the padding is required: Say you walk down the trie for 3 nodes and get
102. Each node in the trie represents a "window" of time. You want to get the "time" represented from this node: you only have102. That function will pad it with 0s to get the lower bound of time for that node:new Date(parseInt('102' + '0'.repeat(16 - 3), 3) * 1000 * 60)Which results in May 6, 2003. This is an extreme case, but you can take any node in the trie, even if you haven't traversed all the way down to the bottom, and generate a lower bound time for it. This is useful because you know all child nodes happens after that time. That property is what we use for different kinds of checks.
Yes, there is the caveat above. We'll have to figure out something in 30 years, but it's more of a limitation than a bug.
@j-f1 commented on GitHub (May 16, 2023):
@steida Is this causing any incorrect behavior that you can see? If not I’m probably gonna close this since James seems to have a good rationale for why it is the way it is and I don’t want to touch the core syncing logic unless it has serious bugs.
@steida commented on GitHub (May 17, 2023):
@j-f1 I will send a failing test case if I will have one.
@steida commented on GitHub (Oct 20, 2023):
@jlongster Omg, I was so silly. 😂 Now I perfectly understand why the time has to be padded. Let me explain why my brain was rejecting it. With such padding, the lowest supported time is 860934420000 (1997). And that's OK, but it also means a timestamp with lower time must not be allowed to be created and stored in the Merkle tree because that would make the Merkle tree unsyncable forever because older timestamps would not be selected from DB. Just for fun, that's how Evolu defines Millis now:
It looks like ActualBudget has no such check
75f2bf8b1b/packages/loot-core/src/server/sync/index.ts (L360), only clock drift in the client, but if client has time < 1997, there is no drift and invalid timestamp can be created and can destroy server Merkle tree forever.@steida commented on GitHub (May 6, 2024):
By the way, https://github.com/evoluhq/evolu is the Actual Budget CRDT on steroids. I plan to provide the free server for syncing (the current evolu.world is already free, but it's not ready for production yet), and it could be valuable for Actual Budget users.