Was this helpful?
Submitted on Jan 17th 2025 at 16:23:21 UTC by @a3yip6 for
Report ID: #38908
Report Type: Blockchain/DLT
Report severity: Insight
Target: https://github.com/ledgerwatch/erigon
Impacts:
(Specifications) A bug in specifications with no direct impact on client implementations
Given any transactions with a failed subcalls due to insufficient balance, the tracer module in Erigon does not work properly. More specifically, the corresponding subcall is missing. This bug can be exploited in production.
For a transaction with a failed subcall due to ErrInsufficientBalance, the tracer should return the full trace, including all subcalls, even if some fail. The expected output is:
This behavior matches the output from geth and reth.
In erigon, the tracer does not include the second subcall, resulting in the following truncated output:
The second subcall with the ErrInsufficientBalance error is missing, which differs from the behavior of geth and reth.
Some platform (e.g., Etherscan) might use Erigon's tracer to calculate some front-end data. A buggy implementation would result in incorrect UI data.
I believe the bug is in here: https://github.com/erigontech/erigon/blob/ab8c054a7179072bb12fa30c94dbb28f008c28d3/core/vm/evm.go#L181-L202
Option 1: Testnet with Custom Nodes
Deploy the PoC contracts to the testnet.
Inspect the transaction trace via the RPC of geth and erigon:
debug_traceTransaction on both nodes.
Compare the outputs to observe the discrepancy in the erigon trace.
Option 2: Mainnet Analysis
Identify a mainnet transaction with a failed subcall caused by ErrInsufficientBalance.
Trace the transaction using the debug_traceTransaction RPC method:
Use geth RPC.
Use erigon RPC.
Compare the outputs from both nodes.
Set up a testnet using geth and erigon as nodes. Use for automation.
Send a transaction that includes a failed subcall due to ErrInsufficientBalance. One can directly use the and run:
