lambdaclass · ilitteri · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024
@@ -36,8 +36,12 @@ impl Stack {
         self.stack.get(index).ok_or(VMError::StackUnderflow)
     }
 
-    pub fn swap(&mut self, a: usize, b: usize) {
-        self.stack.swap(a, b)
+    pub fn swap(&mut self, a: usize, b: usize) -> Result<(), VMError> {
+        if a >= self.stack.len() || b >= self.stack.len() {
+            return Err(VMError::StackUnderflow);
+        }
+        self.stack.swap(a, b);
+        Ok(())
     }
 }
 
@@ -144,6 +148,10 @@ impl CallFrame {
     }
 
     fn opcode_at(&self, offset: usize) -> Option<Opcode> {
-        self.bytecode.get(offset).copied().map(Opcode::from)
+        self.bytecode
+            .get(offset)
+            .copied()
+            .map(Opcode::try_from)?
+            .ok()
     }
 }
@@ -30,8 +30,11 @@ pub enum VMError {
     ContractOutputTooBig,
     InvalidInitialByte,
     NonceOverflow,
+    MemoryLoadOutOfBounds,
+    GasLimitPriceProductOverflow,
 }
 
+#[derive(Debug, Clone)]
 pub enum OpcodeSuccess {
     Continue,
     Result(ResultReason),

@@ -30,20 +30,23 @@ impl Memory {
         }
     }
 
-    pub fn load(&mut self, offset: usize) -> U256 {
+    pub fn load(&mut self, offset: usize) -> Result<U256, VMError> {
         self.resize(offset + 32);
         let value_bytes: [u8; 32] = self
             .data
             .get(offset..offset + 32)
-            .unwrap()
+            .ok_or(VMError::MemoryLoadOutOfBounds)?
             .try_into()
             .unwrap();
-        U256::from(value_bytes)
+        Ok(U256::from(value_bytes))
     }
 
-    pub fn load_range(&mut self, offset: usize, size: usize) -> Vec<u8> {
+    pub fn load_range(&mut self, offset: usize, size: usize) -> Result<Vec<u8>, VMError> {
         self.resize(offset + size);
-        self.data.get(offset..offset + size).unwrap().into()
+        self.data
+            .get(offset..offset + size)
+            .ok_or(VMError::MemoryLoadOutOfBounds)
+            .map(|slice| slice.to_vec())
     }
 
     pub fn store_bytes(&mut self, offset: usize, value: &[u8]) {

@@ -56,7 +56,10 @@ impl VM {
             current_call_frame.stack.push(U256::zero())?;
             return Ok(OpcodeSuccess::Continue);
         }
-        let quotient = dividend / divisor;
+        let Some(quotient) = dividend.checked_div(divisor) else {
+            current_call_frame.stack.push(U256::zero())?;
+            return Ok(OpcodeSuccess::Continue);
+        };
         current_call_frame.stack.push(quotient)?;
 
         Ok(OpcodeSuccess::Continue)
@@ -88,7 +91,10 @@ impl VM {
         } else {
             divisor
         };
-        let quotient = dividend / divisor;
+        let Some(quotient) = dividend.checked_div(divisor) else {
+            current_call_frame.stack.push(U256::zero())?;
+            return Ok(OpcodeSuccess::Continue);
+        };
         let quotient_is_negative = dividend_is_negative ^ divisor_is_negative;
         let quotient = if quotient_is_negative {
             negate(quotient)
@@ -264,5 +270,6 @@ fn abs(value: U256) -> U256 {
 
 /// Negates a number in two's complement
 fn negate(value: U256) -> U256 {
-    !value + U256::one()
+    let inverted = !value;
+    inverted.saturating_add(U256::one())
 }
@@ -150,17 +150,17 @@ impl VM {
             .stack
             .pop()?
             .try_into()
-            .unwrap_or(usize::MAX);
+            .map_err(|_err| VMError::VeryLargeNumber)?;
         let calldata_offset: usize = current_call_frame
             .stack
             .pop()?
             .try_into()
-            .unwrap_or(usize::MAX);
+            .map_err(|_err| VMError::VeryLargeNumber)?;
         let size: usize = current_call_frame
             .stack
             .pop()?
             .try_into()
-            .unwrap_or(usize::MAX);
+            .map_err(|_err| VMError::VeryLargeNumber)?;
 
         let minimum_word_size = (size + WORD_SIZE - 1) / WORD_SIZE;
         let memory_expansion_cost = current_call_frame
@@ -176,10 +176,23 @@ impl VM {
             return Ok(OpcodeSuccess::Continue);
         }
 
-        let data = current_call_frame
-            .calldata
-            .slice(calldata_offset..calldata_offset + size);
-        current_call_frame.memory.store_bytes(dest_offset, &data);
+        // This check is because if offset is larger than the calldata then we should push 0 to the stack.
+        let result = if calldata_offset < current_call_frame.calldata.len() {
+            // Read calldata from offset to the end
+            let calldata = current_call_frame.calldata.slice(calldata_offset..);
+
+            // Get the 32 bytes from the data slice, padding with 0 if fewer than 32 bytes are available
+            let mut padded_calldata = vec![0u8; size];
+            let data_len_to_copy = calldata.len().min(size);
+
+            padded_calldata[..data_len_to_copy].copy_from_slice(&calldata[..data_len_to_copy]);
+
+            padded_calldata
+        } else {
+            vec![0u8; size]
+        };
+
+        current_call_frame.memory.store_bytes(dest_offset, &result);
 
         Ok(OpcodeSuccess::Continue)
     }
@@ -235,7 +248,14 @@ impl VM {
 
         self.increase_consumed_gas(current_call_frame, gas_cost)?;
 
-        let code = current_call_frame.bytecode.slice(offset..offset + size);
+        let bytecode_len = current_call_frame.bytecode.len();
+        let code = if offset < bytecode_len {
+            current_call_frame
+                .bytecode
+                .slice(offset..(offset + size).min(bytecode_len))
+        } else {
+            vec![0u8; size].into()
+        };
 
         current_call_frame.memory.store_bytes(dest_offset, &code);
 
@@ -385,9 +405,15 @@ impl VM {
             return Ok(OpcodeSuccess::Continue);
         }
 
-        let data = current_call_frame
-            .sub_return_data
-            .slice(returndata_offset..returndata_offset + size);
+        let sub_return_data_len = current_call_frame.sub_return_data.len();
+        let data = if returndata_offset < sub_return_data_len {
+            current_call_frame
+                .sub_return_data
+                .slice(returndata_offset..(returndata_offset + size).min(sub_return_data_len))
+        } else {
+            vec![0u8; size].into()
+        };
+
         current_call_frame.memory.store_bytes(dest_offset, &data);
 
         Ok(OpcodeSuccess::Continue)

@@ -18,18 +18,19 @@ impl VM {
     ) -> Result<OpcodeSuccess, VMError> {
         self.increase_consumed_gas(current_call_frame, gas_cost::SWAPN)?;
 
-        let depth = (op as u8) - (Opcode::SWAP1 as u8) + 1;
-
-        if current_call_frame.stack.len() < depth as usize {
-            return Err(VMError::StackUnderflow);
-        }
-        let stack_top_index = current_call_frame.stack.len();
+        let depth = op as u8 - Opcode::SWAP1 as u8 + 1;
+        let stack_top_index = current_call_frame
+            .stack
+            .len()
+            .checked_sub(1)
+            .ok_or(VMError::StackUnderflow)?;
         let to_swap_index = stack_top_index
-            .checked_sub(depth as usize)
+            .checked_sub(depth.into())
             .ok_or(VMError::StackUnderflow)?;
+
         current_call_frame
             .stack
-            .swap(stack_top_index - 1, to_swap_index - 1);
+            .swap(stack_top_index, to_swap_index)?;
 
         Ok(OpcodeSuccess::Continue)
     }

@@ -34,7 +34,7 @@ impl VM {
 
         self.increase_consumed_gas(current_call_frame, gas_cost)?;
 
-        let value_bytes = current_call_frame.memory.load_range(offset, size);
+        let value_bytes = current_call_frame.memory.load_range(offset, size)?;
 
         let mut hasher = Keccak256::new();
         hasher.update(value_bytes);

@@ -27,12 +27,12 @@ impl VM {
             .stack
             .pop()?
             .try_into()
-            .unwrap_or(usize::MAX);
+            .map_err(|_err| VMError::VeryLargeNumber)?;
         let size = current_call_frame
             .stack
             .pop()?
             .try_into()
-            .unwrap_or(usize::MAX);
+            .map_err(|_err| VMError::VeryLargeNumber)?;
         let mut topics = Vec::new();
         for _ in 0..number_of_topics {
             let topic = current_call_frame.stack.pop()?;
@@ -49,7 +49,7 @@ impl VM {
 
         self.increase_consumed_gas(current_call_frame, gas_cost)?;
 
-        let data = current_call_frame.memory.load_range(offset, size);
+        let data = current_call_frame.memory.load_range(offset, size)?;
         let log = Log {
             address: current_call_frame.msg_sender, // Should change the addr if we are on a Call/Create transaction (Call should be the contract we are calling, Create should be the original caller)
             topics,

@@ -71,7 +71,7 @@ impl VM {
 
         self.increase_consumed_gas(current_call_frame, gas_cost)?;
 
-        let value = current_call_frame.memory.load(offset);
+        let value = current_call_frame.memory.load(offset)?;
         current_call_frame.stack.push(value)?;
 
         Ok(OpcodeSuccess::Continue)
@@ -82,7 +82,11 @@ impl VM {
         &mut self,
         current_call_frame: &mut CallFrame,
     ) -> Result<OpcodeSuccess, VMError> {
-        let offset = current_call_frame.stack.pop()?.try_into().unwrap();
+        let offset = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
         let memory_expansion_cost = current_call_frame
             .memory
             .expansion_cost(offset + WORD_SIZE)?;

@@ -102,10 +102,26 @@ impl VM {
         let gas = current_call_frame.stack.pop()?;
         let code_address = word_to_address(current_call_frame.stack.pop()?);
         let value = current_call_frame.stack.pop()?;
-        let args_offset = current_call_frame.stack.pop()?.try_into().unwrap();
-        let args_size = current_call_frame.stack.pop()?.try_into().unwrap();
-        let ret_offset = current_call_frame.stack.pop()?.try_into().unwrap();
-        let ret_size = current_call_frame.stack.pop()?.try_into().unwrap();
+        let args_offset = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let args_size = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let ret_offset = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let ret_size = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
 
         // Sender and recipient are the same in this case. But the code executed is from another account.
         let msg_sender = current_call_frame.to;
@@ -148,7 +164,7 @@ impl VM {
 
         self.increase_consumed_gas(current_call_frame, gas_cost)?;
 
-        let return_data = current_call_frame.memory.load_range(offset, size).into();
+        let return_data = current_call_frame.memory.load_range(offset, size)?.into();
         current_call_frame.returndata = return_data;
         current_call_frame
             .stack
@@ -165,10 +181,26 @@ impl VM {
     ) -> Result<OpcodeSuccess, VMError> {
         let gas = current_call_frame.stack.pop()?;
         let code_address = word_to_address(current_call_frame.stack.pop()?);
-        let args_offset = current_call_frame.stack.pop()?.try_into().unwrap();
-        let args_size = current_call_frame.stack.pop()?.try_into().unwrap();
-        let ret_offset = current_call_frame.stack.pop()?.try_into().unwrap();
-        let ret_size = current_call_frame.stack.pop()?.try_into().unwrap();
+        let args_offset = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let args_size = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let ret_offset = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let ret_size = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
 
         let msg_sender = current_call_frame.msg_sender;
         let value = current_call_frame.msg_value;
@@ -199,10 +231,26 @@ impl VM {
     ) -> Result<OpcodeSuccess, VMError> {
         let gas = current_call_frame.stack.pop()?;
         let code_address = word_to_address(current_call_frame.stack.pop()?);
-        let args_offset = current_call_frame.stack.pop()?.try_into().unwrap();
-        let args_size = current_call_frame.stack.pop()?.try_into().unwrap();
-        let ret_offset = current_call_frame.stack.pop()?.try_into().unwrap();
-        let ret_size = current_call_frame.stack.pop()?.try_into().unwrap();
+        let args_offset = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let args_size = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let ret_offset = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
+        let ret_size = current_call_frame
+            .stack
+            .pop()?
+            .try_into()
+            .map_err(|_err| VMError::VeryLargeNumber)?;
 
         let value = U256::zero();
         let msg_sender = current_call_frame.to; // The new sender will be the current contract.
@@ -231,8 +279,8 @@ impl VM {
         current_call_frame: &mut CallFrame,
     ) -> Result<OpcodeSuccess, VMError> {
         let value_in_wei_to_send = current_call_frame.stack.pop()?;
-        let code_offset_in_memory = current_call_frame.stack.pop()?.try_into().unwrap();
-        let code_size_in_memory = current_call_frame.stack.pop()?.try_into().unwrap();
+        let code_offset_in_memory = current_call_frame.stack.pop()?;
+        let code_size_in_memory = current_call_frame.stack.pop()?;
 
         self.create(
             value_in_wei_to_send,
@@ -250,8 +298,8 @@ impl VM {
         current_call_frame: &mut CallFrame,
     ) -> Result<OpcodeSuccess, VMError> {
         let value_in_wei_to_send = current_call_frame.stack.pop()?;
-        let code_offset_in_memory = current_call_frame.stack.pop()?.try_into().unwrap();
-        let code_size_in_memory = current_call_frame.stack.pop()?.try_into().unwrap();
+        let code_offset_in_memory = current_call_frame.stack.pop()?;
+        let code_size_in_memory = current_call_frame.stack.pop()?;
         let salt = current_call_frame.stack.pop()?;
 
         self.create(
@@ -281,7 +329,7 @@ impl VM {
 
         self.increase_consumed_gas(current_call_frame, gas_cost)?;
 
-        current_call_frame.returndata = current_call_frame.memory.load_range(offset, size).into();
+        current_call_frame.returndata = current_call_frame.memory.load_range(offset, size)?.into();
 
         Err(VMError::RevertOpcode)
     }