Skip to content

N
nebula
Commit 177b78c5 authored by pcw109550's avatar pcw109550 Committed by protolambda
Browse files
Options

Harden Span batch field size check

parent dbdcde31
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 4 deletions
op-node/rollup/derive/span_batch.go
View file @ 177b78c5
...@@ -9,12 +9,14 @@ import ( ...@@ -9,12 +9,14 @@ import (
"math/big" "math/big"
"sort" "sort"
"github.com/ethereum-optimism/optimism/op-node/rollup"
"github.com/ethereum-optimism/optimism/op-service/eth"
"github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/common/hexutil" "github.com/ethereum/go-ethereum/common/hexutil"
"github.com/ethereum/go-ethereum/common/math"
"github.com/ethereum/go-ethereum/log" "github.com/ethereum/go-ethereum/log"
"github.com/ethereum/go-ethereum/rlp" "github.com/ethereum/go-ethereum/rlp"
"github.com/ethereum-optimism/optimism/op-node/rollup"
"github.com/ethereum-optimism/optimism/op-service/eth"
) )
// Batch format // Batch format
...@@ -144,10 +146,14 @@ func (bp *spanBatchPayload) decodeBlockCount(r *bytes.Reader) error { ...@@ -144,10 +146,14 @@ func (bp *spanBatchPayload) decodeBlockCount(r *bytes.Reader) error {
if err != nil { if err != nil {
return fmt.Errorf("failed to read block count: %w", err) return fmt.Errorf("failed to read block count: %w", err)
} }
bp.blockCount = blockCount // number of L2 block in span batch cannot be greater than MaxSpanBatchFieldSize
if blockCount > MaxSpanBatchFieldSize {
return ErrTooBigSpanBatchFieldSize
}
if blockCount == 0 { if blockCount == 0 {
return ErrEmptySpanBatch return ErrEmptySpanBatch
} }
bp.blockCount = blockCount
return nil return nil
} }
...@@ -160,6 +166,11 @@ func (bp *spanBatchPayload) decodeBlockTxCounts(r *bytes.Reader) error { ...@@ -160,6 +166,11 @@ func (bp *spanBatchPayload) decodeBlockTxCounts(r *bytes.Reader) error {
if err != nil { if err != nil {
return fmt.Errorf("failed to read block tx count: %w", err) return fmt.Errorf("failed to read block tx count: %w", err)
} }
// number of txs in single L2 block cannot be greater than MaxSpanBatchFieldSize
// every tx will take at least single byte
if blockTxCount > MaxSpanBatchFieldSize {
return ErrTooBigSpanBatchFieldSize
}
blockTxCounts = append(blockTxCounts, blockTxCount) blockTxCounts = append(blockTxCounts, blockTxCount)
} }
bp.blockTxCounts = blockTxCounts bp.blockTxCounts = blockTxCounts
...@@ -176,7 +187,15 @@ func (bp *spanBatchPayload) decodeTxs(r *bytes.Reader) error { ...@@ -176,7 +187,15 @@ func (bp *spanBatchPayload) decodeTxs(r *bytes.Reader) error {
} }
totalBlockTxCount := uint64(0) totalBlockTxCount := uint64(0)
for i := 0; i < len(bp.blockTxCounts); i++ { for i := 0; i < len(bp.blockTxCounts); i++ {
totalBlockTxCount += bp.blockTxCounts[i] total, overflow := math.SafeAdd(totalBlockTxCount, bp.blockTxCounts[i])
if overflow {
return ErrTooBigSpanBatchFieldSize
}
totalBlockTxCount = total
}
// total number of txs in span batch cannot be greater than MaxSpanBatchFieldSize
if totalBlockTxCount > MaxSpanBatchFieldSize {
return ErrTooBigSpanBatchFieldSize
} }
bp.txs.totalBlockTxCount = totalBlockTxCount bp.txs.totalBlockTxCount = totalBlockTxCount
if err := bp.txs.decode(r); err != nil { if err := bp.txs.decode(r); err != nil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment