fix: add more rlp correctness checks (#1595)

crates/consensus/src/transaction/rlp.rs

@@ -109,13 +109,19 @@ pub trait RlpEcdsaTx: SignableTransaction<Signature> + Sized {
         if !header.list {
             return Err(alloy_rlp::Error::UnexpectedString);
         }
-        let remaining_len = buf.len();
+        let remaining = buf.len();
 
-        if header.payload_length > remaining_len {
+        if header.payload_length > remaining {
             return Err(alloy_rlp::Error::InputTooShort);
         }
 
-        Self::rlp_decode_fields(buf)
+        let this = Self::rlp_decode_fields(buf)?;
+
+        if buf.len() + header.payload_length != remaining {
+            return Err(alloy_rlp::Error::UnexpectedLength);
+        }
+
+        Ok(this)
     }
 
     /// Decodes the transaction from RLP bytes, including the signature.
@@ -185,7 +191,15 @@ pub trait RlpEcdsaTx: SignableTransaction<Signature> + Sized {
         if header.list {
             return Err(alloy_rlp::Error::UnexpectedList.into());
         }
-        Self::eip2718_decode_with_type(buf, ty)
+
+        let remaining = buf.len();
+        let res = Self::eip2718_decode_with_type(buf, ty)?;
+
+        if buf.len() + header.payload_length != remaining {
+            return Err(alloy_rlp::Error::UnexpectedLength.into());
+        }
+
+        Ok(res)
     }
 
     /// Decodes the transaction from network bytes, expecting the default type

crates/eips/src/eip4844/sidecar.rs

@@ -363,7 +363,14 @@ impl BlobTransactionSidecar {
         if buf.len() < header.payload_length {
             return Err(alloy_rlp::Error::InputTooShort);
         }
-        Self::rlp_decode_fields(buf)
+        let remaining = buf.len();
+        let this = Self::rlp_decode_fields(buf)?;
+
+        if buf.len() + header.payload_length != remaining {
+            return Err(alloy_rlp::Error::UnexpectedLength);
+        }
+
+        Ok(this)
     }
 }