Skip to content

fix(serde): handle overflow in quantity deserialization for Arbitrum gas prices #2858

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

fix(serde): handle overflow in quantity deserialization for Arbitrum gas prices #2858

wants to merge 5 commits into from
+230 −3

Conversation

avorylli
Copy link

@avorylli avorylli commented Sep 9, 2025

Fixes deserialization failures when processing Arbitrum Classic blocks with extremely high gas prices that overflow u128.

Problem:

  • Arbitrum Classic used unbounded gas price bids
  • Values like 0x30783134626639633464372e3333333333333333333333333333333333333333 cause u128 overflow
  • Deserialization panics instead of gracefully handling overflow

Solution:

  • Modified ConvertRuint::from_ruint() to return 0 on overflow instead of panicking
  • Added overflow_default() method to trait for configurable overflow handling
  • Implemented for all primitive types (u8, u16, u32, u64, u128, bool)

Closes #2842

graphite-app[bot]
graphite-app bot reviewed Sep 9, 2025
View reviewed changes
crates/serde/src/quantity.rs Outdated
#[inline]
fn from_ruint(ruint: Self::Ruint) -> Self {
ruint.try_into().ok().unwrap()
ruint.try_into().unwrap_or_else(|_| Self::overflow_default())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current approach of returning 0 for all numeric types during overflow may not be semantically appropriate for all use cases. For gas prices specifically, defaulting to 0 could potentially allow transactions to be processed without fees, which might lead to economic issues or unexpected behavior.

Consider making the overflow handling more context-aware:

  1. Either return a Result type instead of using unwrap_or_else to propagate the error to the caller
  2. Or make the default value configurable based on the specific field being deserialized (perhaps with a trait parameter)
  3. For gas prices specifically, a more appropriate default might be u128::MAX or another value that aligns with the expected behavior

This would ensure that overflow handling is semantically appropriate for each specific use case rather than using a one-size-fits-all approach.

Suggested change
ruint.try_into().unwrap_or_else(|_| Self::overflow_default())
ruint.try_into().map_err(|_| serde::de::Error::custom("numeric overflow"))?

Spotted by Diamond

Fix in Graphite

Is this helpful? React 👍 or 👎 to let us know.

mattsse
mattsse reviewed Sep 9, 2025
View reviewed changes
Copy link
Member

@mattsse mattsse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we cant really approach this like this, because we'd need to specialize the actual serde impl manually and cant change the regular quantity fn

@jaggad
Copy link

jaggad commented Sep 12, 2025

we cant really approach this like this, because we'd need to specialize the actual serde impl manually and cant change the regular quantity fn

if we're aiming for "I think we could make this u128::Max and maybe store it in an otherfield as u256 if it's for AnyBlock", how would you go about approaching it?

@mattsse
Copy link
Member

mattsse commented Sep 12, 2025

the only way to do this really is manual serde impl on the block type

@avorylli
Copy link
Author

@mattsse
So I created a gas_price module in quantity.rs that handles overflow specifically for gas prices

And updated the transaction types to use it and reverted the ConvertRuint changes.

I hope this should fix the Arbitrum issue without breaking anything else.

graphite-app[bot]
graphite-app bot reviewed Sep 19, 2025
View reviewed changes
@jaggad
Copy link

jaggad commented Sep 25, 2025

I think this looks pretty good.

@avorylli @mattsse What do we think is needed to get this over the line, it's a pretty high value addition for our use case right now. If we think it can merge soon I'll wait, otherwise I might try and build from this fork?

@jaggad jaggad mentioned this pull request Sep 25, 2025
Open
@jaggad
Copy link

jaggad commented Oct 3, 2025

@mattsse Is there anything holding up this PR from being merged from your perspective?

@desfero
Copy link

desfero commented Oct 8, 2025

@mattsse we would also greatly benefit if this PR get's merged and new released pushed 🙏

@DaniPopes
Copy link
Member

Closed in favor of #3010. This requires too many changes to fix the AI slop and has unrelated changes.

@DaniPopes DaniPopes closed this Oct 9, 2025
@github-project-automation github-project-automation bot moved this to Done in Alloy Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattsse mattsse mattsse left review comments

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@DaniPopes DaniPopes Awaiting requested review from DaniPopes DaniPopes is a code owner

@klkvr klkvr Awaiting requested review from klkvr klkvr is a code owner

@yash-atreya yash-atreya Awaiting requested review from yash-atreya

Assignees
No one assigned
Labels
None yet
Projects
Alloy
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] Arbitrum Gas Price Deserialize Faliure
5 participants
@avorylli @jaggad @mattsse @desfero @DaniPopes