Expensify Bug: Negative Expenses & 'To' Field Hack

by Admin 51 views
Expensify Bug: Negative Expenses & 'To' Field Hack

Hey folks! 👋 Let's dive into a sneaky bug in Expensify that involves negative expenses and some clever manipulation of the "To" field. It's a pretty interesting case, so buckle up! This article is all about understanding how a seemingly small issue can lead to unexpected outcomes. We'll explore the steps, the expected and actual results, and what it all means for Expensify users. Remember, this is a technical breakdown, so we'll be getting into the nitty-gritty. Let's get started, shall we?

The Lowdown: What's the Bug About?

So, the core issue is this: negative expenses can be submitted to a user in Expensify if you play around with the "To" field on the confirmation page. You know, that field where you select who you're expensing the money to? Yeah, that one. The problem arises because the app doesn't always reset the "To" field to the default workspace when it encounters a negative expense amount. This creates a loophole where you could potentially submit a negative expense to a specific user, which is a big no-no. It is like an unexpected twist in a financial thriller, isn't it? 🕵️‍♂️

To make things clearer, let's break down the scenario step-by-step. This bug was found during testing and, as you'll see, it's pretty easy to replicate. This kind of testing is super important for catching these issues before they go live and mess with our finances.

The Setup: Prerequisites

First off, you need an Expensify account that's part of a workspace. If you've got that, you're good to go. The bug report was filed by the Applause Internal Team, which means that the issue was identified during internal testing before it hit the real world. That's a huge win for keeping the platform safe!

Step-by-Step Breakdown: How to Trigger the Bug

Let's get into the nitty-gritty of how this bug happens. Follow these steps to see it for yourself:

  1. Head to Staging: Go to staging.new.expensify.com. This is where the testing happens. Think of it as the lab where they try out all the new features and fixes.
  2. Create a Manual Expense: Click the FAB (Floating Action Button) and select "Create expense" -> "Manual." This starts the process of manually entering an expense.
  3. Enter an Amount: Put in any amount and click "Next." This is like setting the stage for the rest of the process. It does not matter what the actual amount is at this stage.
  4. Confirm Page and the "To" Field: On the confirmation page, tap the "To" field. This is where you choose who gets the expense.
  5. Select a User: Choose a specific user, not your workspace. This sets up the potential for the bug.
  6. Back to Input: On the confirmation page, hit the RHP (Right Hand Pane) back button. This takes you back to the input page.
  7. Add a Negative Sign: Now, here's where the magic happens (or, well, the bug). Add a negative sign to the amount. For example, if you entered $10, change it to -$10.
  8. Next & Create Expense: Click "Next" and then "Create expense."

The Problem Unveiled

The expected result here is that, in step 8, after you change the amount to negative, the confirmation page should reset the "To" field back to the default workspace. Why? Because you're not allowed to submit negative expenses to an individual user in Expensify. But, unfortunately, that's not what happens.

The actual result? The "To" field doesn't reset. As a result, you can submit the negative expense to the user you selected. However, the expense isn't actually negative. It's a bit of a head-scratcher, right? 🤔

Expected vs. Actual: The Discrepancy

So, what's the difference between what should happen and what does happen? Let's break it down:

  • Expected Result: When you enter a negative amount, the app should recognize this and automatically reset the "To" field to the default workspace. This ensures that you can't accidentally (or intentionally!) submit a negative expense to a specific user.
  • Actual Result: The "To" field remains unchanged, allowing you to submit the negative expense to the selected user. However, the submitted expense isn't actually negative, which leads to confusion and potential financial discrepancies.

This discrepancy is where the bug lies. The app isn't behaving as it should, leading to a potential for financial errors. This is why testing is so essential; it uncovers these unexpected behaviors before they affect real users.

Workarounds and Impact

Currently, there's no known workaround for this bug. That means if you stumble upon it, you're pretty much stuck. It's like finding a detour when you are on the highway. You just have to wait for the road to be fixed. The impact of this bug could be significant, because it could lead to incorrect expense reports and potentially affect financial reconciliation. It is essential for a business to maintain accurate financial records, so it is necessary to solve this issue as soon as possible.

Platforms Affected

This bug has been found to affect multiple platforms, which means it's pretty widespread and can affect lots of users. The platforms where the bug is reproducible include:

  • Android App and mWeb Chrome
  • iOS App, mWeb Safari, and mWeb Chrome
  • MacOS: Chrome / Safari and Desktop.

That's a wide range of devices and browsers, which means a lot of users could potentially experience this issue. This cross-platform nature is crucial for developers to consider when fixing the problem because they have to make sure that the fix works everywhere.

Conclusion: The Takeaway

So, what have we learned? We've seen a bug in Expensify where changing the "To" field on the confirmation page, followed by entering a negative amount, can lead to submitting negative expenses to a user. This is not the expected behavior, and it highlights a potential flaw in the app's handling of negative expenses. 🐞

This case demonstrates the importance of rigorous testing in software development. Bugs like this, which may seem small, can have significant implications for users and the platform's financial integrity. By understanding the steps to reproduce the bug, the expected versus actual results, and the platforms affected, we can work towards a solution. The goal is to make sure the app functions as intended and keeps everyone's finances in order. Thanks for reading, and stay tuned for more tech breakdowns!