fix(alloy-eips): SimpleCoder::decode_one() should return Ok(None)

[StackOverflowExcept1on]

Motivation

Resolves #1388

For example you want to decode 4096 FEs. In this case the first time decode_one() will return data, but the second time (because of loop) it will return Err(()) and it will fail the whole decode_all().

alloy/crates/eips/src/eip4844/builder.rs

Lines 246 to 259 in 24ab11e

	fn decode_all(&mut self, blobs: &[Blob]) -> Option<Vec<Vec<u8>>> {
	let mut fes =
	blobs.iter().flat_map(|blob| blob.chunks(32).map(WholeFe::new)).map(Option::unwrap);
	let mut res = Vec::new();
	loop {
	match Self::decode_one(&mut fes) {
	Ok(Some(data)) => res.push(data),
	Ok(None) => break,
	Err(()) => return None,
	}
	}
	Some(res)
	}

Solution

Returns Ok(None) if there is no data (empty iterator, length prefix is 0).

PR Checklist

• Added Tests
• Added Documentation
• Breaking changes

[StackOverflowExcept1on]

Blob has size of 128 * 1024 bytes. First 32 bytes are used as length, thus leaving 4095 FEs / 4096 FEs. This constant was calculated as 128 * 1024 - 32 - 4095 (4095 zeros in each FE).

[StackOverflowExcept1on]

Previously it didn't work correctly because .map(WholeFe::new)).map(Option::unwrap) was executed lazily (when decode_one() reached the wrong WholeFe, it would panic).

[StackOverflowExcept1on]

I decided to check this in a non-lazy way to do not pass Option<Option<Option<Option<WholeFe>> to decode_one().

[mattsse]

tysm for looking into this,

all of this looks fine to me, although not an expert when it comes to the internals, but these changes match with what I discovered when I looked into the issue earlier

some nits

[mattsse]

no functional changes here, right?

[StackOverflowExcept1on]

I could leave it u64, but then I'd have to make as usize in all usages, which isn't very convenient. Maybe it makes sense to introduce FIELD_ELEMENT_BYTES_USIZE: usize = FIELD_ELEMENT_BYTES as usize? Yes, there are no other functional changes.

[mattsse]

this makes sense

[mattsse]

this also makes sense, because before this would always return an error for iters len > 1, right?

[StackOverflowExcept1on]

this returned an error when there was no more data left in the iterator. but that's a little different from what we want from decode_all().

[mattsse]

this restriction will be problematic soon, because this constant should no longer be used, so I'd rather remove this check entirely

[StackOverflowExcept1on]

what's the problem? if the number of blobs is increased, we just update the constants and everything will work.

[mattsse]

the max number of blobs will be decoupled from this constant ethereum/EIPs#9129

@klkvr should we use the eip7840::BlobParams::cancun() for now or remove this entirely, I guess the proper way of doing this would be to pass around the max_block setting but this seems a bit much...
ref https://github.com/alloy-rs/alloy/pull/1828/files

[klkvr]

yeah don't think we need this check

custom implementations can store the constant in coder if needed

[StackOverflowExcept1on]

Ok, I'll remove the use of MAX_BLOBS_PER_BLOCK in this place and here for now:

alloy/crates/eips/src/eip4844/builder.rs

Lines 206 to 209 in 8ab278c

	// if there are too many bytes
	if num_bytes > BYTES_PER_BLOB * MAX_BLOBS_PER_BLOCK {
	return Err(());
	}

[StackOverflowExcept1on]

We could then do a check that blobs: &[Blob] is not empty and that num_bytes does not exceed 2 MiB (it's limit of 16 blobs against the current 6 blobs and is quite normal practice to defend against attacks of allocating too much memory).

[mattsse]

yeah as pointed out, this overhead should be fine