op-node: Fix OPB-04 (#3530)

* op-node: Fix OPB-04 The length of the ExtraData field was not being checked, which could lead to panics in the MarshalSSZ function. Fixes ENG-2614 * code review fixes * increase resource size Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

op-node: Fix OPB-04 (#3530)
* op-node: Fix OPB-04 The length of the ExtraData field was not being checked, which could lead to panics in the MarshalSSZ function. Fixes ENG-2614 * code review fixes * increase resource size Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2b55f5ee · Matthew Slipper · GitHub · 3883f34b · 2b55f5ee · 2b55f5ee
Commit 2b55f5ee authored Sep 22, 2022 by Matthew Slipper Committed by GitHub Sep 22, 2022
Show whitespace changes
Inline Side-by-side

Showing with 33 additions and 0 deletions

config.yml .circleci/config.yml +1 -0

ssz.go op-node/eth/ssz.go +9 -0

ssz_test.go op-node/eth/ssz_test.go +23 -0

No files found.
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -228,6 +228,7 @@ jobs:
  bedrock-go-tests:
    docker:
      - image: ethereumoptimism/ci-builder:latest
+    resource_class: xlarge
    steps:
      - checkout
      - run:

--- a/op-node/eth/ssz.go
+++ b/op-node/eth/ssz.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math"
 	"sync"
 )
@@ -18,6 +19,10 @@ const executionPayloadFixedPart = 32 + 20 + 32 + 32 + 256 + 32 + 8 + 8 + 8 + 8 +
 // MAX_TRANSACTIONS_PER_PAYLOAD in consensus spec
 const maxTransactionsPerPayload = 1 << 20
+// ErrExtraDataTooLarge occurs when the ExecutionPayload's ExtraData field
+// is too large to be properly represented in SSZ.
+var ErrExtraDataTooLarge = errors.New("extra data too large")
 // The payloads are small enough to read and write at once.
 // But this happens often enough that we want to avoid re-allocating buffers for this.
 var payloadBufPool = sync.Pool{New: func() any {
@@ -57,6 +62,10 @@ func unmarshalBytes32LE(in []byte, z *Uint256Quantity) {
 // MarshalSSZ encodes the ExecutionPayload as SSZ type
 func (payload *ExecutionPayload) MarshalSSZ(w io.Writer) (n int, err error) {
+	if len(payload.ExtraData) > math.MaxUint32-executionPayloadFixedPart {
+		return 0, ErrExtraDataTooLarge
+	}
 	scope := payload.SizeSSZ()
 	buf := *payloadBufPool.Get().(*[]byte)

--- a/op-node/eth/ssz_test.go
+++ b/op-node/eth/ssz_test.go
@@ -3,6 +3,7 @@ package eth
 import (
 	"bytes"
 	"encoding/binary"
+	"math"
 	"testing"
 	"github.com/google/go-cmp/cmp"
@@ -124,3 +125,25 @@ func TestOPB01(t *testing.T) {
 	err = unmarshalled.UnmarshalSSZ(uint32(len(data)), bytes.NewReader(data))
 	require.Equal(t, ErrBadTransactionOffset, err)
 }
+// TestOPB04 verifies that the SSZ marshaling code
+// properly returns an error when the ExtraData field
+// cannot be represented in the outputted SSZ.
+func TestOPB04(t *testing.T) {
+	// First, test the maximum len - which in this case is the max uint32
+	// minus the execution payload fixed part.
+	payload := &ExecutionPayload{
+		ExtraData: make([]byte, math.MaxUint32-executionPayloadFixedPart),
+	}
+	var buf bytes.Buffer
+	_, err := payload.MarshalSSZ(&buf)
+	require.NoError(t, err)
+	buf.Reset()
+	payload = &ExecutionPayload{
+		ExtraData: make([]byte, math.MaxUint32-executionPayloadFixedPart+1),
+	}
+	_, err = payload.MarshalSSZ(&buf)
+	require.Error(t, err)
+	require.Equal(t, ErrExtraDataTooLarge, err)
+}