ethereumjs-monorepo
ethereumjs-monorepo copied to clipboard
ethereumjs
Util -> Account: upper bound nonce and balance
Linking https://github.com/ethereumjs/ethereumjs-vm/issues/464
The problem here is that we can artificially cause the VM to put BNs with more than 256 bits on the stack. StateManager will throw but we should never allow that this data ends up on the stack in the first place.
Account currently does some bound checks (checking if balance >= 0, for instance). However, we should also check that the balance does not exceed the max BN. Same goes for the nonce.
Just to verify here, it is allowed to change values of the Account? (balance, nonce, etc. are not marked as readonly?)
@jochem-brouwer why do you need to change values if you just plan to add an additional check?
Nonce is capped here https://github.com/ethereumjs/ethereumjs-monorepo/pull/1568. We should cap balance at 2^256-1 which is rather trivial.
Actually it is not entirely trivial; we should use setters for both nonce and balance to verify that these do not exceed their maxima.
The nonce is bounded by the VM in the linked PR. But we might want to add these checks directly into util's account class; we can check there that nonce/balance does not exceed their maxima.
There is a nonce check here, which is OK with this issue:
https://github.com/ethereumjs/ethereumjs-monorepo/blob/a87f179938d9b22902893dc4d1af0bf4b8b63e76/packages/tx/src/baseTransaction.ts#L119
However, I'm not sure about the balance check, should we interally limit to 32 bytes balance?
Partly addressed and stale for a long time, will close, seems there is no pressing need to implement (might also be that we now have all checks anyhow, not 100% sure).