fix: check for gas limit overflow (#711)

* Fix overflow in gas limit update * Add tests
0xPolygonZero · Oct 9, 2024 · 34307b4 · 34307b4
1 parent 414519d
commit 34307b4
Show file tree

Hide file tree

Showing 6 changed files with 3,325 additions and 4 deletions.
diff --git a/evm_arithmetization/src/cpu/kernel/asm/core/call.asm b/evm_arithmetization/src/cpu/kernel/asm/core/call.asm
@@ -341,7 +341,28 @@ call_too_deep:
  // stack: new_ctx
 %endmacro
 
+%macro set_new_ctx_gas_limit_no_check
+ // stack: gas_limit, new_ctx
+ DUP2
+ %build_address_with_ctx_no_segment(@CTX_METADATA_GAS_LIMIT)
+ SWAP1
+ // stack: gas_limit, addr, new_ctx
+ MSTORE_GENERAL
+ // stack: new_ctx
+%endmacro
+
+/// Similar to `set_new_ctx_gas_limit_no_check`, but ensures that the parent
+/// context's gas limit is not smaller than the new context's.
 %macro set_new_ctx_gas_limit
+ // stack: gas_limit, new_ctx
+ GET_CONTEXT
+ %build_address_with_ctx_no_segment(@CTX_METADATA_GAS_LIMIT)
+ MLOAD_GENERAL
+ // stack: parent_gas_limit, gas_limit, new_ctx
+ DUP2
+ GT
+ %jumpi(fault_exception)
+
  // stack: gas_limit, new_ctx
  DUP2
  %build_address_with_ctx_no_segment(@CTX_METADATA_GAS_LIMIT)

diff --git a/evm_arithmetization/src/cpu/kernel/asm/core/create.asm b/evm_arithmetization/src/cpu/kernel/asm/core/create.asm
@@ -127,7 +127,7 @@ run_constructor:
  // stack: kexit_info, address, new_ctx
  %drain_all_but_one_64th_gas
  %stack (kexit_info, drained_gas, address, new_ctx) -> (drained_gas, new_ctx, address, kexit_info)
- %set_new_ctx_gas_limit
+ %set_new_ctx_gas_limit_no_check
  // stack: new_ctx, address, kexit_info
 
  // Create the new contract account in the state trie.

diff --git a/evm_arithmetization/src/cpu/kernel/asm/core/precompiles/main.asm b/evm_arithmetization/src/cpu/kernel/asm/core/precompiles/main.asm
@@ -60,7 +60,7 @@ global handle_precompiles_from_eoa:
  // stack: addr, retdest
  %create_context
  // stack: new_ctx, addr, retdest
- %non_intrinsic_gas %set_new_ctx_gas_limit
+ %non_intrinsic_gas %set_new_ctx_gas_limit_no_check
  // stack: new_ctx, addr, retdest
 
  // Set calldatasize and copy txn data to calldata.

diff --git a/evm_arithmetization/src/cpu/kernel/asm/core/process_txn.asm b/evm_arithmetization/src/cpu/kernel/asm/core/process_txn.asm
@@ -175,7 +175,7 @@ global process_contract_creation_txn_after_code_loaded:
  %mload_txn_field(@TXN_FIELD_VALUE) %set_new_ctx_value
  %set_new_ctx_parent_ctx
  %set_new_ctx_parent_pc(process_contract_creation_txn_after_constructor)
- %non_intrinsic_gas %set_new_ctx_gas_limit
+ %non_intrinsic_gas %set_new_ctx_gas_limit_no_check
  // stack: new_ctx, address, retdest
 
  %enter_new_ctx
@@ -290,7 +290,7 @@ global process_message_txn_code_loaded:
  %mload_txn_field(@TXN_FIELD_VALUE) %set_new_ctx_value
  %set_new_ctx_parent_ctx
  %set_new_ctx_parent_pc(process_message_txn_after_call)
- %non_intrinsic_gas %set_new_ctx_gas_limit
+ %non_intrinsic_gas %set_new_ctx_gas_limit_no_check
  // stack: new_ctx, retdest
 
  // Set calldatasize and copy txn data to calldata.

diff --git a/trace_decoder/tests/cases/b2841_dev.json b/trace_decoder/tests/cases/b2841_dev.json
diff --git a/trace_decoder/tests/cases/b2841_dev_header.json b/trace_decoder/tests/cases/b2841_dev_header.json