fix: guard CalcBaseFee against divide-by-zero from malformed extraData#781
Open
latifkasuli wants to merge 1 commit intoethereum-optimism:optimismfrom
Open
Conversation
CalcBaseFee unconditionally decoded Holocene/Jovian extraData from the parent header and passed the result to calcBaseFeeInner. The decoders use best-effort logic and return zeros on malformed input, which causes a divide-by-zero panic (elasticity==0 on integer division, denominator==0 on big.Int division). Gate the decode behind ValidateOptimismExtraData so that chain-config defaults are preserved when the parent extraData is invalid. This protects all eight callers (header verification, miner, txpool, blobpool, fee history, RPC API, GraphQL, simulate) without signature changes. Also reject invalid extraData at genesis commit time for OP chains that activate Holocene or later at genesis, closing the strongest consensus-adjacent reachability path. Fixes ethereum-optimism#757
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #757
CalcBaseFeeunconditionally decoded Holocene/JovianextraDatafrom the parent header and passed the result tocalcBaseFeeInner. The decoders use best-effort logic and return0, 0on malformed input, which causes a divide-by-zero panic:elasticity == 0panics on integer division (parent.GasLimit / elasticity)denominator == 0panics onbig.Int.DivRoot cause
The precondition documented in
CalcBaseFee("It is assumed the parent Header has valid extraData") is not upheld by all callers. Many non-consensus callers (RPC pending tx, fee history, GraphQL, txpool repricing, blobpool, miner, simulate, t8ntool) useCalcBaseFeeon headers they assume are valid. A malformed parent header already present locally will trigger the panic.Additionally, chains activating Holocene or Jovian at genesis can hit this because:
ExtraDatais written without Optimism-specific validation (core/genesis.go)consensus/beacon/consensus.go)CalcBaseFeeon the genesis parent, triggering the panicChanges
consensus/misc/eip1559/eip1559.go: Gate theDecodeOptimismExtraDatacall behindValidateOptimismExtraData. If the parentextraDatais invalid, chain-config defaults are preserved instead of zero values. No API signature changes.core/genesis.go: Reject invalid OptimismextraDataat genesis commit time for chains that activate Holocene or later at genesis.consensus/misc/eip1559/eip1559_test.go: Add regression tests:TestCalcBaseFeeOptimismMalformedExtraData: 10 sub-tests covering empty, short, wrong-version, wrong-length, zero-denominator, zero-elasticity, and both-zeroextraDatafor both Holocene and Jovian parent times. Asserts no panic.TestCalcBaseFeeOptimismMalformedFallsBackToConfig: Verifies that malformedextraDataproduces the same base fee as chain-config defaults (Canyon denominator/elasticity), not zeros.What this does NOT change
ValidateHolocene1559Paramsis not tightened.(0, 0)in payload attributes is an intentional sentinel per the Holocene spec.extraDataviaValidateOptimismExtraDatainbeacon.verifyHeader.Test plan
go test ./consensus/misc/eip1559/ -v)go build ./core/compiles cleanly