evmos · mmsqe · Feb 24, 2023 · Feb 24, 2023 · Feb 24, 2023 · Feb 24, 2023
@@ -42,6 +42,10 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 * (deps) [#1168](https://github.com/evmos/ethermint/pull/1168) Upgrade Cosmos SDK to [`v0.46.6`]
 
+### Features
+
+* (rpc) [#1682](https://github.com/evmos/ethermint/pull/1682) Add config for maximum number of bytes returned from eth_call.
+
 ### Bug Fixes
 
 * (rpc) [#1688](https://github.com/evmos/ethermint/pull/1688) Align filter rule for `debug_traceBlockByNumber`

@@ -384,6 +384,10 @@ func (b *Backend) DoCall(
 	if err != nil {
 		return nil, err
 	}
+	length := len(res.Ret)
+	if length > int(b.cfg.JSONRPC.ReturnDataLimit) && b.cfg.JSONRPC.ReturnDataLimit != 0 {
+		return nil, fmt.Errorf("call retuned result on length %d exceeding limit %d", length, b.cfg.JSONRPC.ReturnDataLimit)
+	}
 
 	if res.Failed() {
 		if res.VmError != vm.ErrExecutionReverted.Error() {

@@ -75,6 +75,9 @@ const (
 
 	// DefaultMaxOpenConnections represents the amount of open connections (unlimited = 0)
 	DefaultMaxOpenConnections = 0
+
+	// DefaultReturnDataLimit is maximum number of bytes returned from eth_call or similar invocations
+	DefaultReturnDataLimit = 100000
 )
 
 var evmTracers = []string{"json", "markdown", "struct", "access_list"}
@@ -138,6 +141,8 @@ type JSONRPCConfig struct {
 	MetricsAddress string `mapstructure:"metrics-address"`
 	// FixRevertGasRefundHeight defines the upgrade height for fix of revert gas refund logic when transaction reverted
 	FixRevertGasRefundHeight int64 `mapstructure:"fix-revert-gas-refund-height"`
+	// ReturnDataLimit defines maximum number of bytes returned from `eth_call` or similar invocations
+	ReturnDataLimit int64 `mapstructure:"return-data-limit"`
 }
 
 // TLSConfig defines the certificate and matching private key for the server.
@@ -241,6 +246,7 @@ func DefaultJSONRPCConfig() *JSONRPCConfig {
 		EnableIndexer:            false,
 		MetricsAddress:           DefaultJSONRPCMetricsAddress,
 		FixRevertGasRefundHeight: DefaultFixRevertGasRefundHeight,
+		ReturnDataLimit:          DefaultReturnDataLimit,
 	}
 }
 
@@ -351,6 +357,7 @@ func GetConfig(v *viper.Viper) (Config, error) {
 			EnableIndexer:            v.GetBool("json-rpc.enable-indexer"),
 			MetricsAddress:           v.GetString("json-rpc.metrics-address"),
 			FixRevertGasRefundHeight: v.GetInt64("json-rpc.fix-revert-gas-refund-height"),
+			ReturnDataLimit:          v.GetInt64("json-rpc.return-data-limit"),
 		},
 		TLS: TLSConfig{
 			CertificatePath: v.GetString("tls.certificate-path"),

@@ -95,6 +95,9 @@ metrics-address = "{{ .JSONRPC.MetricsAddress }}"
 # Upgrade height for fix of revert gas refund logic when transaction reverted.
 fix-revert-gas-refund-height = {{ .JSONRPC.FixRevertGasRefundHeight }}
 
+# Maximum number of bytes returned from eth_call or similar invocations.
+return-data-limit = {{ .JSONRPC.ReturnDataLimit }}
+
 ###############################################################################
 ###                             TLS Configuration                           ###
 ###############################################################################

@@ -70,6 +70,7 @@ const (
 	// https://github.com/ethereum/go-ethereum/blob/master/metrics/metrics.go#L35-L55
 	JSONRPCEnableMetrics            = "metrics"
 	JSONRPCFixRevertGasRefundHeight = "json-rpc.fix-revert-gas-refund-height"
+	JSONRPCReturnDataLimit          = "json-rpc.return-data-limit"
 )
 
 // EVM flags

@@ -0,0 +1,11 @@
+local config = import 'default.jsonnet';
+
+config {
+  'ethermint_9000-1'+: {
+    'app-config'+: {
+      'json-rpc'+: {
+        'return-data-limit': 3594241,  // memory_byte_size + 1
+      },
+    },
+  },
+}
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+contract TestExploitContract {
+    function dos() public pure {
+        assembly {
+            return(0, 0x36d800)
+        }
+    }
+}
@@ -0,0 +1,75 @@
+from concurrent.futures import ThreadPoolExecutor, as_completed
+from pathlib import Path
+
+import pytest
+import requests
+from pystarport import ports
+
+from .network import setup_custom_ethermint
+from .utils import CONTRACTS, deploy_contract
+
+
+@pytest.fixture(scope="module")
+def custom_ethermint(tmp_path_factory):
+    path = tmp_path_factory.mktemp("exploit")
+    yield from setup_custom_ethermint(
+        path, 26910, Path(__file__).parent / "configs/exploit.jsonnet"
+    )
+
+
+def call(port, params):
+    url = f"http://127.0.0.1:{ports.evmrpc_port(port)}"
+    rsp = requests.post(url, json=params)
+    assert rsp.status_code == 200
+    return rsp.json()
+
+
+def run_test(provider, concurrent, batch, expect_cb):
+    _, res = deploy_contract(provider.w3, CONTRACTS["TestExploitContract"])
+    param = {
+        "jsonrpc": "2.0",
+        "method": "eth_call",
+        "params": [
+            {
+                "data": "0x5e67164c",
+                "to": res["contractAddress"],
+            },
+            "latest",
+        ],
+        "id": 1,
+    }
+    params = []
+    for _ in range(batch):
+        params.append(param)
+    with ThreadPoolExecutor(concurrent) as executor:
+        tasks = [
+            executor.submit(call, provider.base_port(0), params)
+            for _ in range(0, concurrent)
+        ]
+        results = [future.result() for future in as_completed(tasks)]
+    assert len(results) == concurrent
+    for result in results:
+        expect_cb(result)
+
+
+def test_call(ethermint):
+    concurrent = 2
+    batch = 1
+
+    def expect_cb(result):
+        for item in result:
+            assert "error" in item
+            assert "exceeding limit" in item["error"]["message"]
+
+    run_test(ethermint, concurrent, batch, expect_cb)
+
+
+def test_large_call(custom_ethermint):
+    concurrent = 2
+    batch = 1
+
+    def expect_cb(result):
+        for item in result:
+            assert "error" not in item
+
+    run_test(custom_ethermint, concurrent, batch, expect_cb)
@@ -32,6 +32,7 @@
     "TestChainID": "ChainID.sol",
     "Mars": "Mars.sol",
     "StateContract": "StateContract.sol",
+    "TestExploitContract": "TestExploitContract.sol",
 }