fix(EVM): Fix stack overflow check (#1085)

matter-labs · Dec 10, 2024 · 5db2a30 · 5db2a30
1 parent b649f5f
commit 5db2a30
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 24 deletions.
diff --git a/system-contracts/contracts/EvmEmulator.yul b/system-contracts/contracts/EvmEmulator.yul
@@ -132,8 +132,12 @@ object "EvmEmulator" {
             offset := add(LAST_RETURNDATA_SIZE_OFFSET(), 64)
         }
 
+        function MAX_STACK_SLOT_OFFSET() -> offset {
+            offset := add(STACK_OFFSET(), mul(1023, 32))
+        }
+
         function BYTECODE_LEN_OFFSET() -> offset {
-            offset := add(STACK_OFFSET(), mul(1024, 32))
+            offset := add(MAX_STACK_SLOT_OFFSET(), 32)
         }
 
         function BYTECODE_OFFSET() -> offset {
@@ -507,7 +511,7 @@ object "EvmEmulator" {
         }
 
         function pushStackItem(sp, item, oldStackHead) -> newSp, stackHead {
-            if iszero(lt(sp, BYTECODE_LEN_OFFSET())) {
+            if iszero(lt(sp, MAX_STACK_SLOT_OFFSET())) {
                 panic()
             }
 
@@ -534,12 +538,6 @@ object "EvmEmulator" {
             }
         }
 
-        function pushStackCheck(sp, numInputs) {
-            if iszero(lt(add(sp, mul(0x20, sub(numInputs, 1))), BYTECODE_LEN_OFFSET())) {
-                panic()
-            }
-        }
-
         function accessStackHead(sp, stackHead) -> value {
             if lt(sp, STACK_OFFSET()) {
                 panic()
@@ -3155,8 +3153,12 @@ object "EvmEmulator" {
                 offset := add(LAST_RETURNDATA_SIZE_OFFSET(), 64)
             }
 
+            function MAX_STACK_SLOT_OFFSET() -> offset {
+                offset := add(STACK_OFFSET(), mul(1023, 32))
+            }
+
             function BYTECODE_LEN_OFFSET() -> offset {
-                offset := add(STACK_OFFSET(), mul(1024, 32))
+                offset := add(MAX_STACK_SLOT_OFFSET(), 32)
             }
 
             function BYTECODE_OFFSET() -> offset {
@@ -3530,7 +3532,7 @@ object "EvmEmulator" {
             }
 
             function pushStackItem(sp, item, oldStackHead) -> newSp, stackHead {
-                if iszero(lt(sp, BYTECODE_LEN_OFFSET())) {
+                if iszero(lt(sp, MAX_STACK_SLOT_OFFSET())) {
                     panic()
                 }
 
@@ -3557,12 +3559,6 @@ object "EvmEmulator" {
                 }
             }
 
-            function pushStackCheck(sp, numInputs) {
-                if iszero(lt(add(sp, mul(0x20, sub(numInputs, 1))), BYTECODE_LEN_OFFSET())) {
-                    panic()
-                }
-            }
-
             function accessStackHead(sp, stackHead) -> value {
                 if lt(sp, STACK_OFFSET()) {
                     panic()

diff --git a/system-contracts/evm-emulator/EvmEmulatorFunctions.template.yul b/system-contracts/evm-emulator/EvmEmulatorFunctions.template.yul
@@ -70,8 +70,12 @@ function STACK_OFFSET() -> offset {
     offset := add(LAST_RETURNDATA_SIZE_OFFSET(), 64)
 }
 
+function MAX_STACK_SLOT_OFFSET() -> offset {
+    offset := add(STACK_OFFSET(), mul(1023, 32))
+}
+
 function BYTECODE_LEN_OFFSET() -> offset {
-    offset := add(STACK_OFFSET(), mul(1024, 32))
+    offset := add(MAX_STACK_SLOT_OFFSET(), 32)
 }
 
 function BYTECODE_OFFSET() -> offset {
@@ -445,7 +449,7 @@ function popStackItem(sp, oldStackHead) -> a, newSp, stackHead {
 }
 
 function pushStackItem(sp, item, oldStackHead) -> newSp, stackHead {
-    if iszero(lt(sp, BYTECODE_LEN_OFFSET())) {
+    if iszero(lt(sp, MAX_STACK_SLOT_OFFSET())) {
         panic()
     }
 
@@ -472,12 +476,6 @@ function popStackCheck(sp, numInputs) {
     }
 }
 
-function pushStackCheck(sp, numInputs) {
-    if iszero(lt(add(sp, mul(0x20, sub(numInputs, 1))), BYTECODE_LEN_OFFSET())) {
-        panic()
-    }
-}
-
 function accessStackHead(sp, stackHead) -> value {
     if lt(sp, STACK_OFFSET()) {
         panic()