[Security] Float-to-String Conversion in Financial Parameters (No Decimal Support)

## Bug Name
Float-to-String Conversion in Financial Parameters (No Decimal Support)

## Attack Scenario
Financial values are converted using Python native float type and str(val) in the make_serializable function. Python float has IEEE 754 double-precision limitations. str(0.1 + 0.2) produces 0.30000000000000004.

## Impact
Users who pass Python float values through the SDK may encounter precision issues causing order rejection or unintended quantities.

## Components
File: common/src/binance_common/utils.py (lines 146-147, in make_serializable).

## Reproduction
1. Pass a float value like 0.1 + 0.2 as a price parameter.
2. Observe the serialized value is 0.30000000000000004 instead of 0.3.

## Fix
Document that users should pass financial values as strings. Consider adding optional Decimal support.

## Details
Finding ID: SEC-07
Severity: Informational


---
Researcher: Independent Security Researcher -- Mefai Security Team

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Float-to-String Conversion in Financial Parameters (No Decimal Support) #514

Bug Name

Attack Scenario

Impact

Components

Reproduction

Fix

Details

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security] Float-to-String Conversion in Financial Parameters (No Decimal Support) #514

Description

Bug Name

Attack Scenario

Impact

Components

Reproduction

Fix

Details

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions