Merge pull request #431 from bane-labs/ensure-envelope-gaslimit

contracts: move encrypted tx gas limit check to consensus level

Author: AnnaShaleva

antimev/envelope.go

@@ -9,8 +9,14 @@ import (
 	"github.com/ethereum/go-ethereum/core/systemcontracts"
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/crypto/tpke"
+	"github.com/ethereum/go-ethereum/params"
 )
 
+// MinEncryptedGasLimit is the minimum required gas limit for encrypted transaction.
+// It is set to be equal to a simple transfer execution cost since it is assumed that
+// minimum valid encrypted transaction structure is a simple transfer.
+const MinEncryptedGasLimit = uint32(params.TxGas)
+
 var (
 	// EncryptedDataPrefix is the prefix of Envelope transaction's data. It's used to
 	// distinguish simple transactions that have GovernanceRewardProxy contract as a
@@ -75,7 +81,7 @@ func GetEncryptedHash(envelope *types.Transaction) common.Hash {
 
 // GetEncryptedGas returns the gas limit of inner encrypted transaction specified in an
 // unencrypted part of Envelope data. Passing non-Envelope as an argument is a no-op.
-func GetEncryptedGas(envelope *types.Transaction) uint32 {
+func GetEncryptedGas(envelopeData []byte) uint32 {
 	gasOffset := EncryptedDataPrefixLen + EncryptedDataRoundLen
-	return binary.BigEndian.Uint32(envelope.Data()[gasOffset : gasOffset+EncryptedDataGasLen])
+	return binary.BigEndian.Uint32(envelopeData[gasOffset : gasOffset+EncryptedDataGasLen])
 }

consensus/dbft/dbft.go

@@ -1263,7 +1263,7 @@ func (c *DBFT) validateDecryptedTx(head *types.Header, decryptedTx *types.Transa
 		return fmt.Errorf("decryptedTx hash mismatch: expected %s, got %s", expectedH, decryptedTx.Hash())
 	}
 	// Ensure decrypted gas limit is the same as the envelope declared
-	expectedG := antimev.GetEncryptedGas(envelope)
+	expectedG := antimev.GetEncryptedGas(envelope.Data())
 	if decryptedTx.Gas() != uint64(expectedG) {
 		return fmt.Errorf("decryptedTx gas limit mismatch: expected %v, got %v", expectedG, decryptedTx.Gas())
 	}

core/state_transition.go

@@ -335,6 +335,16 @@ func (st *StateTransition) preCheck() error {
 						return fmt.Errorf("%w: address %v, gasLimit %v, policy maxEnvelopeGasLimit %v, ", ErrGasLimitReached, msg.From.Hex(), msg.GasLimit,
 							envelopeGasLimit)
 					}
+					// Check that encrypted transaction gas limit satisfies the minimum required gas limit.
+					encryptedGasLimit := antimev.GetEncryptedGas(msg.Data)
+					if encryptedGasLimit < antimev.MinEncryptedGasLimit {
+						return fmt.Errorf("invalid encrypted transaction gas limit: required at least %v, got %v", antimev.MinEncryptedGasLimit, encryptedGasLimit)
+					}
+					// The gas limit of Envelope transaction should be enough to cover encrypted transaction
+					// execution.
+					if msg.GasLimit < uint64(encryptedGasLimit) {
+						return fmt.Errorf("invalid envelope gas limit: at least %d is required for encrypted transaction execution, have %d", encryptedGasLimit, msg.GasLimit)
+					}
 					var envelopeFee = st.state.GetState(systemcontracts.PolicyProxyHash, systemcontracts.GetEnvelopeFeeStateHash()).Big()
 					minGasTipCap.Add(minGasTipCap, envelopeFee)
 				}

core/txpool/errors.go

@@ -45,6 +45,10 @@ var (
 	// maximum allowance of the current block.
 	ErrGasLimit = errors.New("exceeds block gas limit")
 
+	// ErrEnvelopeGasLimit is returned if an Envelope transaction's requested gas limit
+	// doesn't satisfy verification criteria.
+	ErrEnvelopeGasLimit = errors.New("invalid Envelope gas limit")
+
 	// ErrNegativeValue is a sanity error to ensure no one is able to specify a
 	// transaction with a negative value.
 	ErrNegativeValue = errors.New("negative value")

core/txpool/validation.go

@@ -220,7 +220,18 @@ func ValidateTransactionWithState(tx *types.Transaction, signer types.Signer, op
 	if antimev.IsEnvelope(tx) {
 		var envelopeGasLimit = opts.State.GetState(systemcontracts.PolicyProxyHash, systemcontracts.GetMaxEnvelopeGasLimitStateHash()).Big()
 		if new(big.Int).SetUint64(tx.Gas()).Cmp(envelopeGasLimit) > 0 {
-			return fmt.Errorf("%w: policy maxEnvelopeGasLimit allowed %v, gas %v", ErrGasLimit, envelopeGasLimit, tx.Gas())
+			return fmt.Errorf("%w: policy maxEnvelopeGasLimit allowed %v, gas %v", ErrEnvelopeGasLimit, envelopeGasLimit, tx.Gas())
+		}
+		// Assuming that encrypted transaction is at least a simple transfer, its gas limit
+		// must be enough to cover simple transfer execution.
+		encryptedGasLimit := antimev.GetEncryptedGas(tx.Data())
+		if encryptedGasLimit < antimev.MinEncryptedGasLimit {
+			return fmt.Errorf("invalid encrypted transaction gas limit: required at least %v, got %v", antimev.MinEncryptedGasLimit, encryptedGasLimit)
+		}
+		// The gas limit of Envelope transaction should be enough to cover encrypted transaction
+		// execution.
+		if tx.Gas() < uint64(encryptedGasLimit) {
+			return fmt.Errorf("%w: at least %d is required for encrypted transaction execution, have %d", ErrEnvelopeGasLimit, encryptedGasLimit, tx.Gas())
 		}
 		// Add envelope fee on top of minGasTipCap check
 		var envelopeFee = opts.State.GetState(systemcontracts.PolicyProxyHash, systemcontracts.GetEnvelopeFeeStateHash()).Big()