fix: double substate discard in eip-3860 #160
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OutOfGas
error code used for initcode limit violations has been changed toCreateContractLimit
, and superfluousInitCodeLimit
error was removed.Details
More detail about the bug
The problem was that the current execution's memory stack substate was discarded immediately in the error path:
https://github.com/rust-blockchain/evm/blob/2e9c3b71f7b9ff241735f15145517d0627c469e6/src/executor/stack/executor.rs#L402-L409
while the
transact_{call,create}
methods also attempted to exit the same substate in their cleanup procedures:https://github.com/rust-blockchain/evm/blob/2e9c3b71f7b9ff241735f15145517d0627c469e6/src/executor/stack/executor.rs#L346-L355
E.g.,
cleanup_for_call
callsexit_substate
here: https://github.com/rust-blockchain/evm/blob/2e9c3b71f7b9ff241735f15145517d0627c469e6/src/executor/stack/executor.rs#L989However, because such a substate no longer existed at that point and only the root substate remained, the executor would panic as the root substate cannot be removed.
Context - the test case that triggered the bug
The way this error surfaced was when the initial
StackExecutor::transact_{call,create}
executed code that contained aCREATE/2
opcode which resulted in a call to<StackExecutor as Handler>::create
.Specifically, the
st_random
andst_random2
tests were failing, e.g. therandomStatetest307
test case contained code what would try to create a contract with an initcode size of 50k bytes that exceeded the initcode size limit and thus triggered the error path in the nested create call (CREATE
opcode).