Fix BlockReward contract "arithmetic operation overflow" #8611
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -122,7 +122,13 @@ impl EthereumMachine { | |
| } | ||
|
|
||
| impl EthereumMachine { | ||
| /// Execute a call as the system address. Block environment information passed to the | ||
| /// VM is modified to have its gas limit bounded at the upper limit of possible used | ||
| /// gases including this system call, capped at the maximum value able to be | ||
| /// represented by U256. This system call modifies the block state, but discards other | ||
| /// information. If suicides, logs or refunds happen within the system call, they | ||
| /// will not be executed or recorded. Gas used by this system call will not be counted | ||
| /// on the block. | ||
| pub fn execute_as_system( | ||
| &self, | ||
| block: &mut ExecutedBlock, | ||
|
|
@@ -132,7 +138,7 @@ impl EthereumMachine { | |
| ) -> Result<Vec<u8>, Error> { | ||
| let env_info = { | ||
| let mut env_info = block.env_info(); | ||
| env_info.gas_limit = env_info.gas_used.saturating_add(gas); | ||
|
There was a problem hiding this comment. It would be great to document (and/or add a test for it) what happens in case of an overflow with this change. It fixes the panic, but is the new non-panicky behaviour legal? There was a problem hiding this comment. I added more docs on how execute_as_system function actually works. I think this is mostly a definition issue -- system transactions are not normal transactions after all. There was a problem hiding this comment. @sorpaas talking further about this with @ascjones we were wondering what the reason is this method accepts a cc @andresilva There was a problem hiding this comment. It does make sense. Sometimes we want to limit the gas can be used by system transactions. Like BLOCKHASH contract (https://eips.ethereum.org/EIPS/eip-210). There was a problem hiding this comment. @dvdplm It's typically used for consensus-level transactions, e.g. finalizing changes to There was a problem hiding this comment. @sorpaas @andresilva ok, I'll trust you on that. I am still not sure I fully understand what happens when the addition overflows though: wouldn't that risk making the There was a problem hiding this comment. Isn't that what the change to There was a problem hiding this comment. @ascjones you are right ofc, I was totally confused about what |
||
| env_info | ||
| }; | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if I understand this phrase fully. Can you rephrase the part around "…upper limit of possible used gases including this system call"? Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain more which parts looks confusing? Would help a lot for me to rephrase it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Absolutely. And remember I'm new to much of this so it might just be me being ignorant. To me it's "upper limit of possible used gases" that is hard to understand.
Maybe something like: "This call executes a call as the system address and modifies the VM's gas limits to be bound to the upper limit, given by the gas amounts provided in the call. Gas is capped to the maximum value represented by a U256" – is that close to what you meant to say?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm TBH it feels a little bit confusing. I think maybe it's just that we're using different terminologies here.
So I think what I'm trying to say there is as follows:
U256::max_value(). If it's saturated, it apparently doesn't comply with the worst case gas property. However, no execution on the consensus level will break -- this particular value is not referenced back from the VM. So if the contract does not need it, it can be ignored. If the contract needs it, then it just needs to understand this consensus-level behavior correctly. For block reward contract, this value will actually always beU256::max_value()so it doesn't matter at all.Mixing terms of gas limit and used gas can be confusing, so that's how I got the phrase "upper limit of possible used gases including this system call". So using your sentence, it would be "modifies the block-environment-block-gas-limit (this is a different term than VM's gas limit) to be bound to the upper limit, given by the block used gas at the moment the system transaction is executed, and the gas limit provided to the system call".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I think I understand a little better now, thank you for taking the time. I like your suggested change!