Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WEB3-124: chore: address TODOs #243

Merged
merged 9 commits into from
Sep 13, 2024
Merged

WEB3-124: chore: address TODOs #243

merged 9 commits into from
Sep 13, 2024

Conversation

Wollac
Copy link
Contributor

@Wollac Wollac commented Sep 12, 2024

This PR either resolves the open TODOs, or links them to an GitHub issue.

@github-actions github-actions bot changed the title chore: address TODOs WEB3-124: chore: address TODOs Sep 12, 2024
@Wollac Wollac marked this pull request as ready for review September 12, 2024 23:37
@Wollac Wollac self-assigned this Sep 12, 2024
nategraf
nategraf approved these changes Sep 13, 2024
View reviewed changes
steel/src/ethereum.rs
Comment on lines +97 to 98
// safe conversion: according to the consensus spec, excess_blob_gas is always an uint64
blk_env.set_blob_excess_gas_and_price(excess_blob_gas.try_into().unwrap())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Annoying that the upstream header type is factored to use u128. I worry that an unwrap here would become a DoS vector, in that a malformed header could crash the host. I think we should use as u64 instead, to simple truncate the result.

Suggested change
// safe conversion: according to the consensus spec, excess_blob_gas is always an uint64
blk_env.set_blob_excess_gas_and_price(excess_blob_gas.try_into().unwrap())
// safe conversion: according to the consensus spec, excess_blob_gas is always an uint64
blk_env.set_blob_excess_gas_and_price(excess_blob_gas as u64)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure, isn't a weird overflow even worse than a clean panic?
If I am a malicious host/RPC, there are so many ways I could make the guest panic, like sending wrong state root or corrupted inclusion proofs, ...

nategraf
nategraf approved these changes Sep 13, 2024
View reviewed changes
steel/src/contract.rs Outdated Show resolved Hide resolved
steel/src/contract.rs Outdated Show resolved Hide resolved
steel/src/contract.rs Outdated Show resolved Hide resolved
@Wollac Wollac requested a review from a team as a code owner September 13, 2024 20:11
@Wollac Wollac merged commit 649289a into main Sep 13, 2024
11 checks passed
@Wollac Wollac deleted the chore/todos branch September 13, 2024 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nategraf nategraf nategraf approved these changes

@capossele capossele Awaiting requested review from capossele capossele is a code owner

Assignees

@Wollac Wollac

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Wollac @nategraf