diff --git a/beacon-chain/rpc/beacon/validators.go b/beacon-chain/rpc/beacon/validators.go index 3ea251ff7..5641e972c 100644 --- a/beacon-chain/rpc/beacon/validators.go +++ b/beacon-chain/rpc/beacon/validators.go @@ -162,6 +162,10 @@ func (bs *Server) ListValidatorBalances( }, nil } + if end > len(res) || end < start { + return nil, status.Error(codes.OutOfRange, "Request exceeds response length") + } + return ðpb.ValidatorBalances{ Epoch: requestedEpoch, Balances: res[start:end], diff --git a/beacon-chain/rpc/beacon/validators_test.go b/beacon-chain/rpc/beacon/validators_test.go index 393b85514..300d812cc 100644 --- a/beacon-chain/rpc/beacon/validators_test.go +++ b/beacon-chain/rpc/beacon/validators_test.go @@ -372,6 +372,33 @@ func TestServer_ListValidatorBalances_Pagination_CustomPageSizes(t *testing.T) { } } +func TestServer_ListValidatorBalances_ResponseOutOfBound(t *testing.T) { + db, sc := dbTest.SetupDB(t) + ctx := context.Background() + + count := 10 + setupValidators(t, db, count) + headState, err := db.HeadState(context.Background()) + require.NoError(t, err) + b := testutil.NewBeaconBlock() + gRoot, err := b.Block.HashTreeRoot() + require.NoError(t, err) + require.NoError(t, db.SaveGenesisBlockRoot(ctx, gRoot)) + require.NoError(t, db.SaveState(ctx, headState, gRoot)) + + bs := &Server{ + GenesisTimeFetcher: &mock.ChainService{}, + StateGen: stategen.New(db, sc), + HeadFetcher: &mock.ChainService{ + State: headState, + }, + } + + req := ðpb.ListValidatorBalancesRequest{PageSize: 250, QueryFilter: ðpb.ListValidatorBalancesRequest_Epoch{Epoch: 0}, PublicKeys: [][]byte{{'a'}}} + _, err = bs.ListValidatorBalances(context.Background(), req) + require.ErrorContains(t, "Request exceeds response length", err) +} + func TestServer_ListValidatorBalances_OutOfRange(t *testing.T) { db, sc := dbTest.SetupDB(t)