Merge pull request #8181 from onflow/janez/public-port-7125-master

Fix EVM gas overflow in FVM - port from internal

Author: janezpodhostnik

cmd/util/ledger/util/nop_meter.go

@@ -1,6 +1,8 @@
 package util
 
 import (
+	"math"
+
 	"github.com/onflow/cadence/common"
 
 	"github.com/onflow/flow-go/fvm/environment"
@@ -28,6 +30,10 @@ func (n NopMeter) ComputationIntensities() meter.MeteredComputationIntensities {
 	return meter.MeteredComputationIntensities{}
 }
 
+func (n NopMeter) ComputationRemaining(_ common.ComputationKind) uint64 {
+	return math.MaxUint64
+}
+
 func (n NopMeter) MeterMemory(_ common.MemoryUsage) error {
 	return nil
 }

fvm/environment/meter.go

@@ -112,6 +112,7 @@ type Meter interface {
 
 	ComputationIntensities() meter.MeteredComputationIntensities
 	ComputationAvailable(common.ComputationUsage) bool
+	ComputationRemaining(kind common.ComputationKind) uint64
 
 	MeterEmittedEvent(byteSize uint64) error
 	TotalEmittedEventBytes() uint64
@@ -141,6 +142,10 @@ func (meter *meterImpl) ComputationAvailable(usage common.ComputationUsage) bool
 	return meter.txnState.ComputationAvailable(usage)
 }
 
+func (meter *meterImpl) ComputationRemaining(kind common.ComputationKind) uint64 {
+	return meter.txnState.ComputationRemaining(kind)
+}
+
 func (meter *meterImpl) ComputationUsed() (uint64, error) {
 	return meter.txnState.TotalComputationUsed(), nil
 }

fvm/environment/mock/environment.go

@@ -82,7 +82,11 @@ func (we *WrappedEnvironment) ComputationAvailable(usage common.ComputationUsage
 	return we.env.ComputationAvailable(usage)
 }
 
-// MeterMemory meters the memory usage of a new operation.
+// ComputationRemaining returns the remaining computation for the given kind.
+func (we *WrappedEnvironment) ComputationRemaining(kind common.ComputationKind) uint64 {
+	return we.env.ComputationRemaining(kind)
+}
+
 func (we *WrappedEnvironment) MeterMemory(usage common.MemoryUsage) error {
 	err := we.env.MeterMemory(usage)
 	return handleEnvironmentError(err)

fvm/environment/mock/meter.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"fmt"
+	"math"
 	"math/big"
 	"testing"
 
@@ -1244,6 +1245,89 @@ func TestEVMBatchRun(t *testing.T) {
 				require.Equal(t, num, new(big.Int).SetBytes(res.ReturnedData).Int64())
 			})
 	})
+
+	// run a batch of two transactions. The sum of their gas usage would overflow an uint46
+	// so the batch run should fail with an overflow error.
+	t.Run("Batch run evm gas overflow", func(t *testing.T) {
+		t.Parallel()
+		RunWithNewEnvironment(t,
+			chain, func(
+				ctx fvm.Context,
+				vm fvm.VM,
+				snapshot snapshot.SnapshotTree,
+				testContract *TestContract,
+				testAccount *EOATestAccount,
+			) {
+				sc := systemcontracts.SystemContractsForChain(chain.ChainID())
+				batchRunCode := []byte(fmt.Sprintf(
+					`
+					import EVM from %s
+
+					transaction(txs: [[UInt8]], coinbaseBytes: [UInt8; 20]) {
+						execute {
+							let coinbase = EVM.EVMAddress(bytes: coinbaseBytes)
+							let batchResults = EVM.batchRun(txs: txs, coinbase: coinbase)
+						}
+					}
+					`,
+					sc.EVMContract.Address.HexWithPrefix(),
+				))
+
+				coinbaseAddr := types.Address{1, 2, 3}
+				coinbaseBalance := getEVMAccountBalance(t, ctx, vm, snapshot, coinbaseAddr)
+				require.Zero(t, types.BalanceToBigInt(coinbaseBalance).Uint64())
+
+				batchCount := 2
+				txBytes := make([]cadence.Value, batchCount)
+
+				tx := testAccount.PrepareSignAndEncodeTx(t,
+					testContract.DeployedAt.ToCommon(),
+					testContract.MakeCallData(t, "storeWithLog", big.NewInt(0)),
+					big.NewInt(0),
+					uint64(200_000),
+					big.NewInt(1),
+				)
+
+				txBytes[0] = cadence.NewArray(
+					unittest.BytesToCdcUInt8(tx),
+				).WithType(stdlib.EVMTransactionBytesCadenceType)
+
+				tx = testAccount.PrepareSignAndEncodeTx(t,
+					testContract.DeployedAt.ToCommon(),
+					testContract.MakeCallData(t, "storeWithLog", big.NewInt(1)),
+					big.NewInt(0),
+					math.MaxUint64-uint64(100_000),
+					big.NewInt(1),
+				)
+
+				txBytes[1] = cadence.NewArray(
+					unittest.BytesToCdcUInt8(tx),
+				).WithType(stdlib.EVMTransactionBytesCadenceType)
+
+				coinbase := cadence.NewArray(
+					unittest.BytesToCdcUInt8(coinbaseAddr.Bytes()),
+				).WithType(stdlib.EVMAddressBytesCadenceType)
+
+				txs := cadence.NewArray(txBytes).
+					WithType(cadence.NewVariableSizedArrayType(
+						stdlib.EVMTransactionBytesCadenceType,
+					))
+
+				txBody, err := flow.NewTransactionBodyBuilder().
+					SetScript(batchRunCode).
+					SetPayer(sc.FlowServiceAccount.Address).
+					AddArgument(json.MustEncode(txs)).
+					AddArgument(json.MustEncode(coinbase)).
+					Build()
+				require.NoError(t, err)
+
+				state, output, err := vm.Run(ctx, fvm.Transaction(txBody, 0), snapshot)
+				require.NoError(t, err)
+				require.Error(t, output.Err)
+				require.ErrorContains(t, output.Err, "insufficient computation")
+				require.Empty(t, state.WriteSet)
+			})
+	})
 }
 
 func TestEVMBlockData(t *testing.T) {

fvm/evm/backends/wrappedEnv.go

@@ -204,13 +204,12 @@ func (h *ContractHandler) BatchRun(rlpEncodedTxs [][]byte, gasFeeCollector types
 }
 
 func (h *ContractHandler) batchRun(rlpEncodedTxs [][]byte) ([]*types.Result, error) {
-	// step 1 - transaction decoding and compute total gas needed
-	// This is safe to be done before checking the gas
-	// as it has its own metering
-	var totalGasLimit types.GasLimit
+	// step 1 - transaction decoding and check that enough evm gas is available in the FVM transaction
+
+	// remainingGasLimit is the remaining EVM gas available in hte FVM transaction
+	remainingGasLimit := h.backend.ComputationRemaining(environment.ComputationKindEVMGasUsage)
 	batchLen := len(rlpEncodedTxs)
 	txs := make([]*gethTypes.Transaction, batchLen)
-
 	for i, rlpEncodedTx := range rlpEncodedTxs {
 		tx, err := h.decodeTransaction(rlpEncodedTx)
 		// if any tx fails decoding revert the batch
@@ -219,14 +218,13 @@ func (h *ContractHandler) batchRun(rlpEncodedTxs [][]byte) ([]*types.Result, err
 		}
 
 		txs[i] = tx
-		totalGasLimit += types.GasLimit(tx.Gas())
-	}
 
-	// step 2 - check if enough computation is available
-	// for the whole batch
-	err := h.checkGasLimit(totalGasLimit)
-	if err != nil {
-		return nil, err
+		// step 2 - check if enough computation is available
+		txGasLimit := tx.Gas()
+		if remainingGasLimit < txGasLimit {
+			return nil, types.ErrInsufficientComputation
+		}
+		remainingGasLimit -= txGasLimit
 	}
 
 	// step 3 - prepare block context

fvm/evm/evm_test.go

@@ -203,6 +203,9 @@ func getSimpleMeter() *testMeter {
 		computationUsed: func() (uint64, error) {
 			return compUsed, nil
 		},
+		computationRemaining: func(kind common.ComputationKind) uint64 {
+			return TestComputationLimit - compUsed
+		},
 	}
 }
 
@@ -366,6 +369,7 @@ type testMeter struct {
 	hasComputationCapacity func(common.ComputationUsage) bool
 	computationUsed        func() (uint64, error)
 	computationIntensities func() meter.MeteredComputationIntensities
+	computationRemaining   func(kind common.ComputationKind) uint64
 
 	meterMemory func(usage common.MemoryUsage) error
 	memoryUsed  func() (uint64, error)
@@ -407,6 +411,14 @@ func (m *testMeter) ComputationIntensities() meter.MeteredComputationIntensities
 	return computationIntensities()
 }
 
+func (m *testMeter) ComputationRemaining(kind common.ComputationKind) uint64 {
+	computationRemaining := m.computationRemaining
+	if computationRemaining == nil {
+		panic("method not set")
+	}
+	return computationRemaining(kind)
+}
+
 func (m *testMeter) ComputationUsed() (uint64, error) {
 	computationUsed := m.computationUsed
 	if computationUsed == nil {

fvm/evm/handler/handler.go

@@ -118,6 +118,22 @@ func (m *ComputationMeter) ComputationAvailable(usage common.ComputationUsage) b
 	return potentialComputationUsage <= m.params.computationLimit
 }
 
+// ComputationRemaining returns the remaining computation (intensity) left in the transaction for the given type
+func (m *ComputationMeter) ComputationRemaining(kind common.ComputationKind) uint64 {
+	w, ok := m.params.computationWeights[kind]
+	// if the weight is 0 or not set return max uint64
+	if !ok || w == 0 {
+		return math.MaxUint64
+	}
+
+	remainingComputationUsage := m.params.computationLimit - m.computationUsed
+	if remainingComputationUsage <= 0 {
+		return 0
+	}
+
+	return remainingComputationUsage / w
+}
+
 // ComputationIntensities returns all the measured computational intensities
 func (m *ComputationMeter) ComputationIntensities() MeteredComputationIntensities {
 	return m.computationIntensities

fvm/evm/testutils/backend.go

@@ -2,6 +2,7 @@ package state
 
 import (
 	"fmt"
+	"math"
 
 	"github.com/onflow/cadence/common"
 	"github.com/onflow/crypto/hash"
@@ -239,6 +240,19 @@ func (state *ExecutionState) ComputationAvailable(usage common.ComputationUsage)
 	return true
 }
 
+// ComputationRemaining returns the remaining computation for the given kind.
+func (state *ExecutionState) ComputationRemaining(kind common.ComputationKind) uint64 {
+	if state.finalized {
+		// if state is finalized return false
+		return 0
+	}
+
+	if state.meteringEnabled {
+		return state.meter.ComputationRemaining(kind)
+	}
+	return math.MaxUint64
+}
+
 // TotalComputationUsed returns total computation used
 func (state *ExecutionState) TotalComputationUsed() uint64 {
 	return state.meter.TotalComputationUsed()