fix: Ensure sender nonce does not overflow (#237)

Close #168 Note to reviewer: this is a fix imported from C4 mitigation, ensure the fix was correctly ported by looking at the corresponding issue and PR.
kkrt-labs · Dec 9, 2024 · 5e773bf · 5e773bf
1 parent bff12c0
commit 5e773bf
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 2 deletions.
diff --git a/cairo/programs/os.cairo b/cairo/programs/os.cairo
@@ -87,6 +87,7 @@ func apply_transactions{
 
     // Validate nonce
     with_attr error_message("Invalid nonce") {
+        assert_le(tx.signer_nonce, 2 ** 64 - 2);
         assert tx.signer_nonce = account.nonce;
     }
 

diff --git a/cairo/tests/programs/test_os.py b/cairo/tests/programs/test_os.py
@@ -187,3 +187,39 @@ def test_create_tx_returndata(self, cairo_run):
         bytes.fromhex(
             "7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe03601600081602082378035828234f58015156039578182fd5b8082525050506014600cf3"
         ) == state["accounts"]["0x32dCAB0EF3FB2De2fce1D2E0799D36239671F04A"]["code"]
+
+    @given(nonce=integers(min_value=2**64, max_value=2**248 - 1))
+    def test_should_raise_when_nonce_is_greater_u64(self, cairo_run, nonce):
+        initial_state = {
+            OWNER: {
+                "code": [],
+                "storage": {},
+                "balance": int(1e18),
+                "nonce": nonce,
+            },
+            OTHER: {
+                "code": [],
+                "storage": {},
+                "balance": int(1e18),
+                "nonce": 0,
+            },
+            COINBASE: {
+                "code": [],
+                "storage": {},
+                "balance": 0,
+                "nonce": 0,
+            },
+        }
+        transaction = {
+            "to": OTHER,
+            "data": "",
+            "value": 0,
+            "signer": OWNER,
+        }
+
+        with cairo_error("Invalid nonce"):
+            cairo_run(
+                "test_os",
+                block=block([transaction], nonces={OWNER: nonce}),
+                state=State.model_validate(initial_state),
+            )
diff --git a/cairo/tests/utils/data.py b/cairo/tests/utils/data.py
@@ -11,8 +11,8 @@
 from tests.utils.models import Block
 
 
-def block(transactions=None):
-    nonces = defaultdict(int)
+def block(transactions=None, nonces=None):
+    nonces = nonces or defaultdict(int)
     transactions = transactions or []
 
     for transaction in transactions: