From 2ce41760e2c9cff38ed2fa191c949996aa2f2d9a Mon Sep 17 00:00:00 2001
From: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
Date: Mon, 10 Dec 2018 14:24:57 -0500
Subject: [PATCH] Merge PR #3070: Check for gas overflow in tx validation

* Check for gas overflow in tx validation

* Use bitshifting over math.Pow
---
 PENDING.md           | 5 +++--
 x/auth/stdtx.go      | 9 ++++++++-
 x/auth/stdtx_test.go | 9 +++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/PENDING.md b/PENDING.md
index 95ecba5b56..932b3554a7 100644
--- a/PENDING.md
+++ b/PENDING.md
@@ -48,10 +48,11 @@ IMPROVEMENTS
 * Gaia
 
 * SDK
- - \#1277 Complete bank module specification
- - \#2963 Complete auth module specification
+  * \#1277 Complete bank module specification
+  * \#2963 Complete auth module specification
   * \#2914 No longer withdraw validator rewards on bond/unbond, but rather move
   the rewards to the respective validator's pools.
+  * \#3068 check for uint64 gas overflow during `Std#ValidateBasic`.
 
 * Tendermint
 
diff --git a/x/auth/stdtx.go b/x/auth/stdtx.go
index 59edf7c13e..f648d7e77c 100644
--- a/x/auth/stdtx.go
+++ b/x/auth/stdtx.go
@@ -10,7 +10,11 @@ import (
 	"github.com/tendermint/tendermint/crypto/multisig"
 )
 
-var _ sdk.Tx = (*StdTx)(nil)
+var (
+	_ sdk.Tx = (*StdTx)(nil)
+
+	maxGasWanted = uint64((1 << 63) - 1)
+)
 
 // StdTx is a standard way to wrap a Msg with Fee and Signatures.
 // NOTE: the first signature is the fee payer (Signatures must not be nil).
@@ -38,6 +42,9 @@ func (tx StdTx) GetMsgs() []sdk.Msg { return tx.Msgs }
 func (tx StdTx) ValidateBasic() sdk.Error {
 	stdSigs := tx.GetSignatures()
 
+	if tx.Fee.Gas > maxGasWanted {
+		return sdk.ErrInternal(fmt.Sprintf("invalid gas supplied; %d > %d", tx.Fee.Gas, maxGasWanted))
+	}
 	if !tx.Fee.Amount.IsNotNegative() {
 		return sdk.ErrInsufficientFee(fmt.Sprintf("invalid fee %s amount provided", tx.Fee.Amount))
 	}
diff --git a/x/auth/stdtx_test.go b/x/auth/stdtx_test.go
index 1f2fefaca0..7359444209 100644
--- a/x/auth/stdtx_test.go
+++ b/x/auth/stdtx_test.go
@@ -120,6 +120,15 @@ func TestTxValidateBasic(t *testing.T) {
 	require.Error(t, err)
 	require.Equal(t, sdk.CodeTooManySignatures, err.Result().Code)
 
+	// require to fail with invalid gas supplied
+	badFee = newStdFee()
+	badFee.Gas = 9223372036854775808
+	tx = newTestTx(ctx, nil, nil, nil, nil, badFee)
+
+	err = tx.ValidateBasic()
+	require.Error(t, err)
+	require.Equal(t, sdk.CodeInternal, err.Result().Code)
+
 	// require to pass when above criteria are matched
 	privs, accNums, seqs = []crypto.PrivKey{priv1, priv2}, []uint64{0, 1}, []uint64{0, 0}
 	tx = newTestTx(ctx, msgs, privs, accNums, seqs, fee)