Skip to content

fix: use checked arithmetic for cumulative gas accounting in payload builder#42

Open
Himess wants to merge 2 commits intocirclefin:mainfrom
Himess:fix/checked-gas-accumulation-v2
Open

fix: use checked arithmetic for cumulative gas accounting in payload builder#42
Himess wants to merge 2 commits intocirclefin:mainfrom
Himess:fix/checked-gas-accumulation-v2

Conversation

@Himess
Copy link
Copy Markdown

@Himess Himess commented Apr 24, 2026

Context

Reopen of #24, which was auto-closed after the main branch reset (per @ZhiyuCircle's note on that PR). Rebased onto the new origin/main via cherry-pick since the original base commit no longer exists.

Summary

Replaces saturating_add with checked arithmetic in two places in payload.rs so that u64 gas overflows surface as build failures instead of silently clamping:

  1. Capacity check (line 578)cumulative_gas_used.checked_add(pool_tx.gas_limit()).is_none_or(|total| total > block_gas_limit). Defensive hardening — per @atiwari-circle's review overflow here is not practically reachable (both sides bounded by block_gas_limit ~30M), but checked_add is the semantically correct primitive.

  2. Cumulative update (line 665)cumulative_gas_used.checked_add(gas_used).ok_or_else(|| PayloadBuilderError::other(...))?. This was the line called out as incorrect by @atiwari-circle in fix: use checked arithmetic for cumulative gas accounting in payload builder #24: a silent clamp at u64::MAX would let the payload builder continue past the block gas limit. Overflow is now propagated via PayloadBuilderError.

Links to original discussion: #24

Himess added 2 commits April 25, 2026 00:00
…builder

Use checked_add and saturating_add for cumulative gas tracking to
prevent potential u64 overflow, consistent with the defensive arithmetic
pattern applied to reward_beneficiary in circlefin#21.
…review

Per reviewer feedback, saturating_add silently clamps at u64::MAX which
would corrupt cumulative_gas_used rather than fail the block build cleanly.
Switch to checked_add with PayloadBuilderError propagation, matching the
defensive pattern used at the capacity check on line 579.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant