Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[l2geth]Secure3 : MTL-33 Should avoid account nonce upper the limit 2^64-1 #1291

Open
abelliumnt opened this issue Jul 14, 2023 · 0 comments
Open

[l2geth]Secure3 : MTL-33 Should avoid account nonce upper the limit 2^64-1 #1291

abelliumnt opened this issue Jul 14, 2023 · 0 comments
Assignees
@abelliumnt
Labels
enhancement

Comments

@abelliumnt
Copy link
Collaborator

Describe the bug

At code/l2geth/core/vm/evm.go , function func (evm *EVM) create() does not limit account
nonce according to EIP-2681. So if an account nonce is upper than unit64 can hold, it will overflow.

// create creates a new contract using code as deployment code.
func (evm *EVM) create(caller ContractRef, codeAndHash *codeAndHash, gas uint64, value *big.Int, address common.Address) ([]byte, common.Address, uint64, error) {
	// Depth check execution. Fail if we're trying to execute above the
	// limit.
	if evm.depth > int(params.CallCreateDepth) {
		return nil, common.Address{}, gas, ErrDepth
	}
	if !evm.CanTransfer(evm.StateDB, caller.Address(), value) {
		return nil, common.Address{}, gas, ErrInsufficientBalance
	}
	nonce := evm.StateDB.GetNonce(caller.Address())
	evm.StateDB.SetNonce(caller.Address(), nonce+1)
	...

Expected behavior

        nonce := evm.StateDB.GetNonce(caller.Address())
                if nonce+1 < nonce {
        }
        return nil, common.Address{}, gas, ErrNonceUintOverflow
@abelliumnt abelliumnt self-assigned this Jul 14, 2023
@abelliumnt abelliumnt mentioned this issue Jul 14, 2023
Merged
abelliumnt pushed a commit that referenced this issue Jul 17, 2023
R4R: fix secure mtl33 (#1292)
3b33222 
# Goals of PR

Core changes:

- Check nonce overflow

Notes:

- Write notes here

Related Issues:

- #1291
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abelliumnt abelliumnt

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abelliumnt