add u64 overflow prevention

Author: alex-mysten

Cargo.lock

@@ -440,7 +440,7 @@ msim-macros = { git = "https://github.com/MystenLabs/mysten-sim.git", rev = "427
 multiaddr = "0.17.0"
 nexlint = { git = "https://github.com/nextest-rs/nexlint.git", rev = "7ce56bd591242a57660ed05f14ca2483c37d895b" }
 nexlint-lints = { git = "https://github.com/nextest-rs/nexlint.git", rev = "7ce56bd591242a57660ed05f14ca2483c37d895b" }
-nonempty = "0.9.0"
+nonempty = { version = "0.9.0", features = ["serialize"] }
 nonzero_ext = "0.3.0"
 notify = "6.1.1"
 ntest = "0.9.0"

Cargo.toml

@@ -0,0 +1,77 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+// Test demonstrating arithmetic overflow protection when withdrawing from address balances.
+// Creates two independent Supply objects, mints 18446744073709551614 (u64::MAX - 1) from each,
+// sends both amounts to address A, then attempts to withdraw both amounts in a single PTB.
+// The withdraw operation fails with arithmetic error because the total exceeds u64::MAX.
+
+//# init --addresses test=0x0 --accounts A B --enable-accumulators --simulator
+
+//# publish --sender A
+module test::large_balance {
+	use sui::balance::{Self, Supply};
+
+	public struct MARKER has drop {}
+
+	public struct SupplyHolder has key, store {
+		id: UID,
+		supply: Supply<MARKER>,
+	}
+
+	public fun create_holder(ctx: &mut TxContext): SupplyHolder {
+		SupplyHolder {
+			id: object::new(ctx),
+			supply: balance::create_supply(MARKER {}),
+		}
+	}
+
+	public fun send_large_balance(holder: &mut SupplyHolder, recipient: address, amount: u64) {
+		let balance = holder.supply.increase_supply(amount);
+		balance::send_funds(balance, recipient);
+	}
+}
+
+// Create two supply holders
+//# programmable --sender A --inputs @A
+//> 0: test::large_balance::create_holder();
+//> 1: test::large_balance::create_holder();
+//> TransferObjects([Result(0), Result(1)], Input(0))
+
+// Send two large transfers in a single PTB - should cause Move abort due to overflow
+//# programmable --sender A --inputs object(2,0) object(2,1) @A 18446744073709551614
+//> 0: test::large_balance::send_large_balance(Input(0), Input(2), Input(3));
+//> 1: test::large_balance::send_large_balance(Input(1), Input(2), Input(3));
+
+//# create-checkpoint
+
+// Send first large amount separately - should succeed
+//# run test::large_balance::send_large_balance --args object(2,0) @A 18446744073709551614 --sender A
+
+//# create-checkpoint
+
+// Send second large amount separately - should succeed
+//# run test::large_balance::send_large_balance --args object(2,1) @A 18446744073709551614 --sender A
+
+//# create-checkpoint
+
+// Withdraw first large amount - should succeed
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(1));
+
+//# create-checkpoint
+
+// Withdraw second large amount - should succeed
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(1));
+
+//# create-checkpoint
+
+// Attempt to withdraw both large amounts in a single PTB - should fail with arithmetic error
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(1));
+//> 2: sui::balance::join<test::large_balance::MARKER>(Result(0), Result(1));
+//> 3: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(2));

crates/sui-adapter-transactional-tests/tests/address_balances/large_balance_transfer.move

@@ -0,0 +1,91 @@
+---
+source: external-crates/move/crates/move-transactional-test-runner/src/framework.rs
+---
+processed 14 tasks
+
+init:
+A: object(0,0), B: object(0,1)
+
+task 1, lines 11-35:
+//# publish --sender A
+created: object(1,0)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 7311200,  storage_rebate: 0, non_refundable_storage_fee: 0
+
+task 2, lines 36-41:
+//# programmable --sender A --inputs @A
+//> 0: test::large_balance::create_holder();
+//> 1: test::large_balance::create_holder();
+//> TransferObjects([Result(0), Result(1)], Input(0))
+// Send two large transfers in a single PTB - should cause Move abort due to overflow
+created: object(2,0), object(2,1)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 3876000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 3, lines 42-44:
+//# programmable --sender A --inputs object(2,0) object(2,1) @A 18446744073709551614
+//> 0: test::large_balance::send_large_balance(Input(0), Input(2), Input(3));
+//> 1: test::large_balance::send_large_balance(Input(1), Input(2), Input(3));
+Error: Transaction Effects Status: Move Primitive Runtime Error. Location: sui::funds_accumulator::add_to_accumulator_address (function index 8) at offset 0. Arithmetic error, stack overflow, max value depth, etc.
+Execution Error: ExecutionError: ExecutionError { inner: ExecutionErrorInner { kind: MovePrimitiveRuntimeError(MoveLocationOpt(Some(MoveLocation { module: ModuleId { address: sui, name: Identifier("funds_accumulator") }, function: 8, instruction: 0, function_name: Some("add_to_accumulator_address") }))), source: Some(VMError { major_status: ARITHMETIC_ERROR, sub_status: None, message: Some("accumulator merge overflow: total merges 36893488147419103228 exceed u64::MAX"), exec_state: None, location: Module(ModuleId { address: sui, name: Identifier("funds_accumulator") }), indices: [], offsets: [(FunctionDefinitionIndex(8), 0)] }), command: Some(1) } }
+
+task 4, lines 46-48:
+//# create-checkpoint
+Checkpoint created: 1
+
+task 5, line 49:
+//# run test::large_balance::send_large_balance --args object(2,0) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 6, lines 51-53:
+//# create-checkpoint
+Checkpoint created: 2
+
+task 7, line 54:
+//# run test::large_balance::send_large_balance --args object(2,1) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,1)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 8, lines 56-58:
+//# create-checkpoint
+Checkpoint created: 3
+
+task 9, lines 59-61:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(1));
+mutated: object(0,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Split), (object(9,0), B, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 988000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 10, lines 63-65:
+//# create-checkpoint
+Checkpoint created: 4
+
+task 11, lines 66-68:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(1));
+mutated: object(0,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Split), (object(9,0), B, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 988000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 12, lines 70-72:
+//# create-checkpoint
+Checkpoint created: 5
+
+task 13, lines 73-77:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(1));
+//> 2: sui::balance::join<test::large_balance::MARKER>(Result(0), Result(1));
+//> 3: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(2));
+Error: Transaction Effects Status: Move Primitive Runtime Error. Location: sui::funds_accumulator::withdraw_from_accumulator_address (function index 9) at offset 0. Arithmetic error, stack overflow, max value depth, etc.
+Debug of error: MovePrimitiveRuntimeError(MoveLocationOpt(Some(MoveLocation { module: ModuleId { address: sui, name: Identifier("funds_accumulator") }, function: 9, instruction: 0, function_name: Some("withdraw_from_accumulator_address") }))) at command Some(1)

crates/sui-adapter-transactional-tests/tests/address_balances/large_balance_transfer.snap

@@ -0,0 +1,91 @@
+---
+source: external-crates/move/crates/move-transactional-test-runner/src/framework.rs
+---
+processed 14 tasks
+
+init:
+A: object(0,0), B: object(0,1)
+
+task 1, lines 11-35:
+//# publish --sender A
+created: object(1,0)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 7311200,  storage_rebate: 0, non_refundable_storage_fee: 0
+
+task 2, lines 36-41:
+//# programmable --sender A --inputs @A
+//> 0: test::large_balance::create_holder();
+//> 1: test::large_balance::create_holder();
+//> TransferObjects([Result(0), Result(1)], Input(0))
+// Send two large transfers in a single PTB - should cause Move abort due to overflow
+created: object(2,0), object(2,1)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 3876000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 3, lines 42-44:
+//# programmable --sender A --inputs object(2,0) object(2,1) @A 18446744073709551614
+//> 0: test::large_balance::send_large_balance(Input(0), Input(2), Input(3));
+//> 1: test::large_balance::send_large_balance(Input(1), Input(2), Input(3));
+Error: Transaction Effects Status: Move Primitive Runtime Error. Location: sui::funds_accumulator::add_to_accumulator_address (function index 8) at offset 0. Arithmetic error, stack overflow, max value depth, etc.
+Execution Error: ExecutionError: ExecutionError { inner: ExecutionErrorInner { kind: MovePrimitiveRuntimeError(MoveLocationOpt(Some(MoveLocation { module: ModuleId { address: sui, name: Identifier("funds_accumulator") }, function: 8, instruction: 0, function_name: Some("add_to_accumulator_address") }))), source: Some(VMError { major_status: ARITHMETIC_ERROR, sub_status: None, message: Some("accumulator merge overflow: total merges 36893488147419103228 exceed u64::MAX"), exec_state: None, location: Module(ModuleId { address: sui, name: Identifier("funds_accumulator") }), indices: [], offsets: [(FunctionDefinitionIndex(8), 0)] }), command: Some(1) } }
+
+task 4, lines 46-48:
+//# create-checkpoint
+Checkpoint created: 1
+
+task 5, line 49:
+//# run test::large_balance::send_large_balance --args object(2,0) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 6, lines 51-53:
+//# create-checkpoint
+Checkpoint created: 2
+
+task 7, line 54:
+//# run test::large_balance::send_large_balance --args object(2,1) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,1)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 8, lines 56-58:
+//# create-checkpoint
+Checkpoint created: 3
+
+task 9, lines 59-61:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(1));
+mutated: object(0,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Split), (object(9,0), B, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 988000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 10, lines 63-65:
+//# create-checkpoint
+Checkpoint created: 4
+
+task 11, lines 66-68:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(1));
+mutated: object(0,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(5,0), A, sui::balance::Balance<test::large_balance::MARKER>, Split), (object(9,0), B, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 988000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 12, lines 70-72:
+//# create-checkpoint
+Checkpoint created: 5
+
+task 13, lines 73-77:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(1));
+//> 2: sui::balance::join<test::large_balance::MARKER>(Result(0), Result(1));
+//> 3: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(2));
+Error: Transaction Effects Status: Move Primitive Runtime Error. Location: sui::funds_accumulator::withdraw_from_accumulator_address (function index 9) at offset 0. Arithmetic error, stack overflow, max value depth, etc.
+Debug of error: MovePrimitiveRuntimeError(MoveLocationOpt(Some(MoveLocation { module: ModuleId { address: sui, name: Identifier("funds_accumulator") }, function: 9, instruction: 0, function_name: Some("withdraw_from_accumulator_address") }))) at command Some(1)

crates/sui-adapter-transactional-tests/tests/address_balances/[email protected]

@@ -15,6 +15,7 @@ serde_json.workspace = true
 serde_with.workspace = true
 colored.workspace = true
 itertools.workspace = true
+nonempty.workspace = true
 tracing.workspace = true
 bcs.workspace = true
 sui-protocol-config.workspace = true

crates/sui-json-rpc-types/Cargo.toml

@@ -20,6 +20,7 @@ use move_core_types::annotated_value::MoveTypeLayout;
 use move_core_types::identifier::{IdentStr, Identifier};
 use move_core_types::language_storage::{ModuleId, StructTag, TypeTag};
 use mysten_metrics::monitored_scope;
+use nonempty::NonEmpty;
 use sui_json::{SuiJsonValue, primitive_type};
 use sui_types::SUI_FRAMEWORK_ADDRESS;
 use sui_types::accumulator_event::AccumulatorEvent;
@@ -822,7 +823,8 @@ impl From<AccumulatorOperation> for SuiAccumulatorOperation {
 pub enum SuiAccumulatorValue {
     Integer(u64),
     IntegerTuple(u64, u64),
-    EventDigest(Vec<(u64 /* event index in the transaction */, Digest)>),
+    #[schemars(with = "Vec<(u64, Digest)>")]
+    EventDigest(NonEmpty<(u64 /* event index in the transaction */, Digest)>),
 }
 
 impl From<AccumulatorValue> for SuiAccumulatorValue {