search

ethereum / evmc

EVMC – Ethereum Client-VM Connector API
https://evmc.ethereum.org
Apache License 2.0
348 stars 310 forks source link

In evmc-tool validate EOF code before executing it #703

Closed gumb0 closed 9 months ago

gumb0 commented 9 months ago

Currently invalid code can be executed, for example this one contains CREATE (executed with eof-create4 branch of evmone):

>build/bin/evmc run --vm /home/andrei/dev/evmone/build/lib/libevmone.so,trace --rev 13 --gas 15000000 ef0001010004020001000b0400140000800000ea5f5febea60006000f000ef000101000402000100010400000000800000fe
Config: /home/andrei/dev/evmone/build/lib/libevmone.so,trace
Executing on Prague with 15000000 gas limit

{"pc":0,"op":234,"gas":"0xe4e1c0","gasCost":"0x2","memSize":0,"stack":[],"depth":1,"refund":0,"opName":"DATASIZE"}
{"pc":1,"op":95,"gas":"0xe4e1be","gasCost":"0x2","memSize":0,"stack":["0x14"],"depth":1,"refund":0,"opName":"PUSH0"}
{"pc":2,"op":95,"gas":"0xe4e1bc","gasCost":"0x2","memSize":0,"stack":["0x14","0x0"],"depth":1,"refund":0,"opName":"PUSH0"}
{"pc":3,"op":235,"gas":"0xe4e1ba","gasCost":"0x3","memSize":0,"stack":["0x14","0x0","0x0"],"depth":1,"refund":0,"opName":"DATACOPY"}
{"pc":4,"op":234,"gas":"0xe4e1b1","gasCost":"0x2","memSize":32,"stack":[],"depth":1,"refund":0,"opName":"DATASIZE"}
{"pc":5,"op":96,"gas":"0xe4e1af","gasCost":"0x3","memSize":32,"stack":["0x14"],"depth":1,"refund":0,"opName":"PUSH1"}
{"pc":7,"op":96,"gas":"0xe4e1ac","gasCost":"0x3","memSize":32,"stack":["0x14","0x0"],"depth":1,"refund":0,"opName":"PUSH1"}
{"pc":9,"op":240,"gas":"0xe4e1a9","gasCost":"0x7d00","memSize":32,"stack":["0x14","0x0","0x0"],"depth":1,"refund":0,"opName":"CREATE"}
{"pc":10,"op":0,"gas":"0x39192","gasCost":"0x0","memSize":32,"stack":["0x0"],"depth":1,"refund":0,"opName":"STOP"}
Result:   success
Gas used: 14766126
Output:

Perhaps it makes sense to add EOF validation before execution.

pdobacz commented 9 months ago

https://github.com/ethereum/evmone/pull/768, you should be able to use a validate_eof option on the --vm argument

gumb0 commented 9 months ago

Oh thanks, I forgot about this feature, I think it is good enough.

Perhaps I would prefer it to be on by default and option to disable it, but fine for now, I'll close the issue.

pdobacz commented 9 months ago

Perhaps I would prefer it to be on by default and option to disable it, but fine for now, I'll close the issue.

This makes it a bit hard, because the "production" default is disabled, so you'd need to enable it by default on evmc level, and that in turn requires some magic in evmc to figure out whether or not an EVM supports such option.

A clean option would be to expand evmc API by validate_eof, but back then we decided it's not worth it.