temp fix security issue 18

core/types/blob_tx.go

@@ -30,6 +30,8 @@ import (
 	"github.com/erigontech/erigon-lib/rlp"
 )
 
+var ErrNilToFieldBlobTx = errors.New("BlobTx: field 'To' can not be 'nil'")
+
 type BlobTx struct {
 	DynamicFeeTransaction
 	MaxFeePerBlobGas    *uint256.Int
@@ -262,6 +264,9 @@ func (stx *BlobTx) encodePayload(w io.Writer, b []byte, payloadSize, nonceLen, g
 }
 
 func (stx *BlobTx) EncodeRLP(w io.Writer) error {
+	if stx.To == nil {
+		return ErrNilToFieldBlobTx
+	}
 	payloadSize, nonceLen, gasLen, accessListLen, blobHashesLen := stx.payloadSize()
 	// size of struct prefix and TxType
 	envelopeSize := 1 + rlp.ListPrefixLen(payloadSize) + payloadSize
@@ -283,6 +288,9 @@ func (stx *BlobTx) EncodeRLP(w io.Writer) error {
 }
 
 func (stx *BlobTx) MarshalBinary(w io.Writer) error {
+	if stx.To == nil {
+		return ErrNilToFieldBlobTx
+	}
 	payloadSize, nonceLen, gasLen, accessListLen, blobHashesLen := stx.payloadSize()
 	b := newEncodingBuf()
 	defer pooledBuf.Put(b)

core/types/block_test.go

@@ -595,12 +595,16 @@ func TestCopyTxs(t *testing.T) {
 
 	populateBlobTxs()
 	for _, txn := range dummyBlobTxs {
-		txs = append(txs, txn)
+		if txn.To != nil { // BlobTx To field can not be nil
+			txs = append(txs, txn)
+		}
 	}
 
 	populateBlobWrapperTxs()
 	for _, txn := range dummyBlobWrapperTxs {
-		txs = append(txs, txn)
+		if txn.Tx.To != nil {
+			txs = append(txs, txn)
+		}
 	}
 
 	copies := CopyTxs(txs)

core/types/encdec_test.go

@@ -18,6 +18,7 @@ package types
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"math/big"
 	"math/rand"
@@ -233,11 +234,17 @@ func (tr *TRand) RandTransaction(_type int) Transaction {
 	} else {
 		txType = _type
 	}
-	to := tr.RandAddress()
+	var to *libcommon.Address
+	if tr.RandIntInRange(0, 10)%2 == 0 {
+		_to := tr.RandAddress()
+		to = &_to
+	} else {
+		to = nil
+	}
 	commonTx := CommonTx{
 		Nonce: *tr.RandUint64(),
 		Gas:   *tr.RandUint64(),
-		To:    &to,
+		To:    to,
 		Value: uint256.NewInt(*tr.RandUint64()), // wei amount
 		Data:  tr.RandBytes(tr.RandIntInRange(128, 1024)),
 		V:     *tr.RandUint256(),
@@ -515,6 +522,9 @@ func TestTransactionEncodeDecodeRLP(t *testing.T) {
 		enc := tr.RandTransaction(-1)
 		buf.Reset()
 		if err := enc.EncodeRLP(&buf); err != nil {
+			if enc.Type() == BlobTxType && errors.Is(err, ErrNilToFieldBlobTx) {
+				continue
+			}
 			t.Errorf("error: RawBody.EncodeRLP(): %v", err)
 		}
 
@@ -581,6 +591,9 @@ func TestBodyEncodeDecodeRLP(t *testing.T) {
 		enc := tr.RandBody()
 		buf.Reset()
 		if err := enc.EncodeRLP(&buf); err != nil {
+			if errors.Is(err, ErrNilToFieldBlobTx) {
+				continue
+			}
 			t.Errorf("error: RawBody.EncodeRLP(): %v", err)
 		}
 

core/types/set_code_tx.go

@@ -245,11 +245,13 @@ func (tx *SetCodeTransaction) DecodeRLP(s *rlp.Stream) error {
 	if b, err = s.Bytes(); err != nil {
 		return err
 	}
-	if len(b) != 20 {
+	if len(b) > 0 && len(b) != 20 {
 		return fmt.Errorf("wrong size for To: %d", len(b))
 	}
-	tx.To = &libcommon.Address{}
-	copy((*tx.To)[:], b)
+	if len(b) > 0 {
+		tx.To = &libcommon.Address{}
+		copy((*tx.To)[:], b)
+	}
 	if b, err = s.Uint256Bytes(); err != nil {
 		return err
 	}

core/types/transaction_test.go

@@ -598,7 +598,8 @@ func newRandBlobTx() *BlobTx {
 		CommonTx: CommonTx{
 			Nonce: rand.Uint64(),
 			Gas:   rand.Uint64(),
-			To:    randAddr(),
+			// To:    randAddr(),
+			To:    nil,
 			Value: uint256.NewInt(rand.Uint64()),
 			Data:  randData(),
 			V:     *uint256.NewInt(0),
@@ -715,6 +716,9 @@ func TestBlobTxEncodeDecode(t *testing.T) {
 		// printSTX(dummyBlobTxs[i])
 
 		tx, err := encodeDecodeBinary(dummyBlobTxs[i])
+		if errors.Is(err, ErrNilToFieldBlobTx) {
+			continue
+		}
 		if err != nil {
 			t.Fatal(err)
 		}