[JSON-RPC] Prevent silent uint conversion (#1819)

* Prevent silent uint conversion

* bump json-rpc

beacon_chain/eth2_json_rpc_serialization.nim

@@ -40,10 +40,16 @@ proc fromJson*(n: JsonNode, argName: string, result: var Version) =
 proc `%`*(value: Version): JsonNode =
   result = newJString($value)
 
-template genFromJsonForIntType(t: untyped) =
-  proc fromJson*(n: JsonNode, argName: string, result: var t) =
+template genFromJsonForIntType(T: untyped) =
+  proc fromJson*(n: JsonNode, argName: string, result: var T) =
     n.kind.expect(JInt, argName)
-    result = n.getInt().t
+    let asInt = n.getInt()
+    # signed -> unsigned conversions are unchecked
+    # https://github.com/nim-lang/RFCs/issues/175
+    if asInt < 0:
+      raise newException(
+        ValueError, "JSON-RPC input is an unexpected negative value")
+    result = T(asInt)
 
 genFromJsonForIntType(Epoch)
 genFromJsonForIntType(Slot)

beacon_chain/validator_api.nim

@@ -43,7 +43,7 @@ func checkEpochToSlotOverflow(epoch: Epoch) =
   const maxEpoch = compute_epoch_at_slot(not 0'u64)
   if epoch >= maxEpoch:
     raise newException(
-      CatchableError, "Requesting epoch for which slot would overflow")
+      ValueError, "Requesting epoch for which slot would overflow")
 
 proc doChecksAndGetCurrentHead(node: BeaconNode, slot: Slot): BlockRef =
   result = node.chainDag.head

docs/the_auditors_handbook/src/02.2.2_casting_and_low_level_memory_representation.md

@@ -2,7 +2,9 @@
 
 ## Conversions
 
-Casting to or from a signed integer will lead to a range check
+Casting to a signed integer will lead to a range check.
+Conversion to an unsigned integer even from a negative signed integer will NOT lead to a range check (https://github.com/nim-lang/RFCs/issues/175)
+https://nim-lang.org/docs/manual.html#statements-and-expressions-type-conversions
 
 ## Casting integers
 

vendor/nim-json-rpc

@@ -1 +1 @@
-Subproject commit dff46c991d8ff533991ce9ae7fbeda07f18e6956
+Subproject commit 99455437ba3d83d5af1c38007fedeeff295e959e