Merge pull request #422 from bane-labs/govreward-burn-gas

antimev: require gas burning in envelope transaction

Author: txhsl

antimev/envelope.go

@@ -3,6 +3,7 @@ package antimev
 import (
 	"bytes"
 	"crypto/aes"
+	"encoding/binary"
 
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/systemcontracts"
@@ -21,9 +22,13 @@ var (
 	EncryptedDataPrefixLen = len(EncryptedDataPrefix)
 
 	// EncryptedDataRoundLen is the amount of bytes that encoded DKG round of transaction
-	// encryption takes in the Envelope's data byte slice (the size of Uint64).
+	// encryption takes in the Envelope's data byte slice (the size of Uint32).
 	EncryptedDataRoundLen = 4
 
+	// EncryptedDataGasLen is the amount of bytes that encoded gas space to reserve for
+	// the decrypted transaction in the block (the size of Uint32).
+	EncryptedDataGasLen = 4
+
 	// EncryptedDataHashLen is the amount of bytes that represents the hash of an
 	// encrypted transaction.
 	EncryptedDataHashLen = common.HashLength
@@ -34,7 +39,7 @@ var (
 	// a simple gas transfer with 1 gwei (105 bytes) is taken as a reference point
 	// for evaluation of variable-length part; it is padded to be even to the AES
 	// block size as required by AES encryption rules.
-	minEncryptedDataSize = EncryptedDataPrefixLen + EncryptedDataRoundLen + EncryptedDataHashLen + tpke.CipherTextSize + 105 + (aes.BlockSize - 105%aes.BlockSize)
+	minEncryptedDataSize = EncryptedDataPrefixLen + EncryptedDataRoundLen + EncryptedDataGasLen + EncryptedDataHashLen + tpke.CipherTextSize + 105 + (aes.BlockSize - 105%aes.BlockSize)
 )
 
 // IsEnvelope checks whether a transaction is an Envelope transaction. The criteria
@@ -64,6 +69,13 @@ func IsEnvelopeData(data []byte) bool {
 // GetEncryptedHash returns the hash of inner encrypted transaction specified in an
 // unencrypted part of Envelope data. Passing non-Envelope as an argument is a no-op.
 func GetEncryptedHash(envelope *types.Transaction) common.Hash {
-	hashOffset := EncryptedDataPrefixLen + EncryptedDataRoundLen
+	hashOffset := EncryptedDataPrefixLen + EncryptedDataRoundLen + EncryptedDataGasLen
 	return common.Hash(envelope.Data()[hashOffset : hashOffset+EncryptedDataHashLen])
 }
+
+// GetEncryptedGas returns the gas limit of inner encrypted transaction specified in an
+// unencrypted part of Envelope data. Passing non-Envelope as an argument is a no-op.
+func GetEncryptedGas(envelope *types.Transaction) uint32 {
+	gasOffset := EncryptedDataPrefixLen + EncryptedDataRoundLen
+	return binary.BigEndian.Uint32(envelope.Data()[gasOffset : gasOffset+EncryptedDataGasLen])
+}

antimev/tpke_test.go

@@ -82,7 +82,8 @@ func TestTPKE(t *testing.T) {
 
 	// Generate an example envelope for privnet verification
 	var envelopeData = EncryptedDataPrefix
-	envelopeData = binary.LittleEndian.AppendUint32(envelopeData, 0)
+	envelopeData = binary.BigEndian.AppendUint32(envelopeData, 0)
+	envelopeData = binary.BigEndian.AppendUint32(envelopeData, 0)
 	envelopeData = append(envelopeData, common.MaxHash[:]...)
 	envelopeData = append(envelopeData, encryptedKey.ToBytes()...)
 	envelopeData = append(envelopeData, encryptedMsg...)
@@ -154,7 +155,8 @@ func TestGenerateEncryptedTx(t *testing.T) {
 	}
 	// Generate envelope.
 	var envelopeData = EncryptedDataPrefix
-	envelopeData = binary.LittleEndian.AppendUint32(envelopeData, epoch)
+	envelopeData = binary.BigEndian.AppendUint32(envelopeData, epoch)
+	envelopeData = binary.BigEndian.AppendUint32(envelopeData, uint32(tx.Gas()))
 	envelopeData = append(envelopeData, tx.Hash().Bytes()...)
 	envelopeData = append(envelopeData, encryptedKey.ToBytes()...)
 	envelopeData = append(envelopeData, encryptedMsg...)

consensus/dbft/amev.go

@@ -31,15 +31,15 @@ type envelopeData struct {
 func decodeEnvelopeData(buf []byte) (envelopeData, error) {
 	var (
 		key              = new(tpke.CipherText)
-		keyOffset        = antimev.EncryptedDataPrefixLen + antimev.EncryptedDataRoundLen + antimev.EncryptedDataHashLen
+		keyOffset        = antimev.EncryptedDataPrefixLen + antimev.EncryptedDataRoundLen + antimev.EncryptedDataGasLen + antimev.EncryptedDataHashLen
 		cipherTextOffset = keyOffset + tpke.CipherTextSize
 	)
 	// It's guaranteed by Envelope definition that buf has a proper length.
 	_, err := key.FromBytes(buf[keyOffset:cipherTextOffset])
 	if err != nil {
 		return envelopeData{}, fmt.Errorf("failed to decode TPKE cipher text: %w", err)
 	}
-	round := binary.LittleEndian.Uint32(buf[antimev.EncryptedDataPrefixLen:keyOffset])
+	round := binary.BigEndian.Uint32(buf[antimev.EncryptedDataPrefixLen:keyOffset])
 	if round == 0 {
 		return envelopeData{}, fmt.Errorf("invalid TPKE cipher text: invalid round %d", round)
 	}

consensus/dbft/dbft.go

@@ -1142,7 +1142,7 @@ func (c *DBFT) processPreBlockCb(b dbft.PreBlock[common.Hash]) error {
 					break
 				}
 			}
-			err = c.validateDecryptedTx(parent, decryptedTx, pre.transactions[i])
+			err = c.validateDecryptedTx(parent, decryptedTx, pre.transactions[i], pre.finalReceipts[i])
 			if err != nil {
 				if fallbackToEnvelope(i, true, fmt.Sprintf("decrypted transaction verification failed: %s", err)) {
 					continue
@@ -1232,7 +1232,7 @@ func (c *DBFT) newLocalPool(parent *types.Header) *legacypool.LegacyPool {
 }
 
 // validateDecryptedTx checks the validity of the transaction to determine whether the outer envelope transaction should be replaced.
-func (c *DBFT) validateDecryptedTx(head *types.Header, decryptedTx *types.Transaction, envelope *types.Transaction) error {
+func (c *DBFT) validateDecryptedTx(head *types.Header, decryptedTx *types.Transaction, envelope *types.Transaction, envelopeReceipt *types.Receipt) error {
 	// Make sure the transaction is signed properly and has the same sender and nonce with envelope
 	if decryptedTx.Nonce() != envelope.Nonce() {
 		return fmt.Errorf("decryptedTx nonce mismatch: decryptedNonce %v, envelopeNonce %v", decryptedTx.Nonce(), envelope.Nonce())
@@ -1262,6 +1262,15 @@ func (c *DBFT) validateDecryptedTx(head *types.Header, decryptedTx *types.Transa
 	if decryptedTx.Hash().Cmp(expectedH) != 0 {
 		return fmt.Errorf("decryptedTx hash mismatch: expected %s, got %s", expectedH, decryptedTx.Hash())
 	}
+	// Ensure decrypted gas limit is the same as the envelope declared
+	expectedG := antimev.GetEncryptedGas(envelope)
+	if decryptedTx.Gas() != uint64(expectedG) {
+		return fmt.Errorf("decryptedTx gas limit mismatch: expected %v, got %v", expectedG, decryptedTx.Gas())
+	}
+	// Ensure decrypted gas limit has been allocated by Envelope
+	if decryptedTx.Gas() > envelopeReceipt.GasUsed {
+		return fmt.Errorf("decryptedTx gas limit not allocated: needed %v, got %v", decryptedTx.Gas(), envelopeReceipt.GasUsed)
+	}
 
 	return nil
 }

contracts/solidity/GovReward.sol

@@ -2,6 +2,7 @@
 pragma solidity ^0.8.25;
 
 import {Errors} from "./libraries/Errors.sol";
+import {Bytes} from "./libraries/Bytes.sol";
 import {IGovReward} from "./interfaces/IGovReward.sol";
 import {IGovernance} from "./interfaces/IGovernance.sol";
 import {ERC1967Utils, GovProxyUpgradeable} from "./base/GovProxyUpgradeable.sol";
@@ -17,6 +18,17 @@ contract GovReward is IGovReward, GovProxyUpgradeable {
         if (msg.sig != bytes4(0xffffffff)) {
             revert Errors.InvalidSelector();
         }
+        // burn required gas amount internally
+        uint32 requiredSpace = Bytes.decodeUint32(msg.data[8:12]);
+        if (requiredSpace < 21000) {
+            revert Errors.InvalidGasLimit();
+        }
+        (bool success, bytes memory data) = address(this).staticcall{
+            gas: requiredSpace - 21000
+        }(abi.encodeWithSelector(this._wasteGas.selector));
+        if (success || data.length > 0) {
+            revert Errors.UnexpectedGasBurn();
+        }
     }
 
     modifier onlyGov() {
@@ -58,4 +70,8 @@ contract GovReward is IGovReward, GovProxyUpgradeable {
         (bool success, ) = to.call{value: value}(new bytes(0));
         if (!success) revert Errors.TransferFailed();
     }
+
+    function _wasteGas() external pure {
+        while (true) {}
+    }
 }

contracts/solidity/Policy.sol

@@ -18,6 +18,8 @@ contract Policy is IPolicy, GovernanceVote, GovProxyUpgradeable {
     uint256 public baseFee;
     uint256 internal candidateLimit;
     uint256 public envelopeFee;
+    uint256 public maxEnvelopesPerBlock;
+    uint256 public maxEnvelopeGasLimit;
 
     // Only for precompiled uups implementation in genesis file, need to be removed when upgrading the contract.
     // This override is added because "immutable __self" in UUPSUpgradeable is not avaliable in precompiled contract.
@@ -39,6 +41,15 @@ contract Policy is IPolicy, GovernanceVote, GovProxyUpgradeable {
         }
     }
 
+    // Only for Policy upgrading for the new Envelope transactions
+    function setInitialEnvelopeLimits(
+        uint256 _maxEnvelopesPerBlock,
+        uint256 _maxEnvelopeGasLimit
+    ) external onlyAdmin {
+        maxEnvelopesPerBlock = _maxEnvelopesPerBlock;
+        maxEnvelopeGasLimit = _maxEnvelopeGasLimit;
+    }
+
     function addBlackList(
         address _addr
     )
@@ -148,4 +159,38 @@ contract Policy is IPolicy, GovernanceVote, GovProxyUpgradeable {
         envelopeFee = _fee;
         emit SetEnvelopeFee(_fee);
     }
+
+    function setMaxEnvelopesPerBlock(
+        uint256 _number
+    )
+        external
+        needVote(
+            bytes32(
+                // keccak256("setMaxEnvelopesPerBlock")
+                0x468ff90b65b7330769fd5fa1950650ac15948bbbaaff84f86b3c11a5dc7842d1
+            ),
+            keccak256(abi.encode(_number))
+        )
+    {
+        if (_number <= 0) revert Errors.InvalidMaxEnvelopesPerBlock();
+        maxEnvelopesPerBlock = _number;
+        emit SetMaxEnvelopesPerBlock(_number);
+    }
+
+    function setMaxEnvelopeGasLimit(
+        uint256 _gaslimit
+    )
+        external
+        needVote(
+            bytes32(
+                // keccak256("setMaxEnvelopeGasLimit")
+                0xf48e9af07262cd1c77a4209ac59848c8bf3f8ec29817678aa7f1b67dd990501c
+            ),
+            keccak256(abi.encode(_gaslimit))
+        )
+    {
+        if (_gaslimit < 21000) revert Errors.InvalidMaxEnvelopeGasLimit();
+        maxEnvelopeGasLimit = _gaslimit;
+        emit SetMaxEnvelopeGasLimit(_gaslimit);
+    }
 }

contracts/solidity/interfaces/IPolicy.sol

@@ -8,6 +8,8 @@ interface IPolicy {
     event SetBaseFee(uint256 baseFee);
     event SetCandidateLimit(uint256 candidateLimit);
     event SetEnvelopeFee(uint256 envelopeFee);
+    event SetMaxEnvelopesPerBlock(uint256 maxEnvelopesPerBlock);
+    event SetMaxEnvelopeGasLimit(uint256 setMaxEnvelopeGasLimit);
 
     // add an address to blacklist policy
     function addBlackList(address _addr) external;
@@ -35,4 +37,16 @@ interface IPolicy {
 
     // return the value of candidate limit policy
     function getCandidateLimit() external view returns (uint256);
+
+    // set the maximum number of envelope transactions to be packed in each block
+    function setMaxEnvelopesPerBlock(uint256 _number) external;
+
+    // get the value of envelope transaction number policy
+    function maxEnvelopesPerBlock() external view returns (uint256);
+
+    // set the maximum value of envelope transaction gas limit
+    function setMaxEnvelopeGasLimit(uint256 _gaslimit) external;
+
+    // get the value of envelope transaction gas limit policy
+    function maxEnvelopeGasLimit() external view returns (uint256);
 }

contracts/solidity/libraries/Bytes.sol

@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.25;
+
+library Bytes {
+    function toBytes4(
+        bytes memory data
+    ) internal pure returns (bytes4) {
+        bytes4 out;
+        for (uint256 i = 0; i < 4; i++) {
+            out |= bytes4(data[i] & 0xFF) >> (i * 8);
+        }
+        return out;
+    }
+
+    function decodeUint32(bytes memory data) internal pure returns (uint32) {
+        require(data.length == 4, "Bad data");
+        return uint32(toBytes4(data));
+    }
+}

contracts/solidity/libraries/Errors.sol

@@ -13,6 +13,8 @@ library Errors {
 
     // GovReward Errors
     error InvalidSelector();
+    error InvalidGasLimit();
+    error UnexpectedGasBurn();
 
     // Policy Errors
     error BlacklistExists();
@@ -21,6 +23,8 @@ library Errors {
     error InvalidBaseFee();
     error InvalidCandidateLimit();
     error InvalidEnvelopeFee();
+    error InvalidMaxEnvelopesPerBlock();
+    error InvalidMaxEnvelopeGasLimit();
 
     // Governance Errors
     error SideCallNotAllowed();

contracts/solidity/test/MockFallback.sol

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+contract MockFallback {
+    function call_fallback(address addr, bytes calldata data) public payable {
+        bool success;
+        assembly {
+            calldatacopy(0, data.offset, calldatasize())
+            success := call(
+                gas(),
+                addr,
+                0,
+                0,
+                calldatasize(),
+                0,
+                returndatasize()
+            )
+            switch success
+            case 0 {
+                invalid()
+            }
+        }
+    }
+}