feat(ledger/babbage): Integer underflow issue in babbage.UtxoValidateCollateralEqBalance (#1024)

arepala-uml · web-flow · commit 6d06a54f3e2c · 2025-06-03T23:41:06.000-04:00
* feat(ledger/babbage): Prevented uint underflow in UtxoValidateCollateralEqBalance when collateral UTxOs are missing

Signed-off-by: Akhil Repala &lt;arepala@blinklabs.io&gt;

* feat(ledger/babbage): Refactored collateral validation to use only structured errors and return at function end

Signed-off-by: Akhil Repala &lt;arepala@blinklabs.io&gt;

---------

Signed-off-by: Akhil Repala &lt;arepala@blinklabs.io&gt;
diff --git a/ledger/babbage/rules.go b/ledger/babbage/rules.go
@@ -184,11 +184,19 @@ func UtxoValidateCollateralEqBalance(
 		}
 		collBalance += utxo.Output.Amount()
 	}
-	// Subtract collateral return amount
+
+	// Skip validation if no valid collateral UTxOs were found
+	// This avoids subtracting from zero and prevents uint underflow
+	if collBalance == 0 {
+		return nil
+	}
+
+	// Subtract collateral return amount with underflow protection
 	collReturn := tx.CollateralReturn()
-	if collReturn != nil {
+	if collReturn != nil && collBalance >= collReturn.Amount() {
 		collBalance -= collReturn.Amount()
 	}
+
 	if totalCollateral == collBalance {
 		return nil
 	}
diff --git a/ledger/babbage/rules_test.go b/ledger/babbage/rules_test.go
@@ -1449,6 +1449,27 @@ func TestUtxoValidateCollateralEqBalance(t *testing.T) {
 			}
 		},
 	)
+	// no valid collateral UTxO, should skip and not underflow
+	t.Run("no valid collateral UTxO, should skip and not underflow", func(t *testing.T) {
+		// Ledger state with NO matching UTxO
+		missingUtxoLedgerState := test.MockLedgerState{
+			MockUtxos: []common.Utxo{}, // empty
+		}
+		testTx.Body.TxCollateralReturn = &babbage.BabbageTransactionOutput{
+			OutputAmount: mary.MaryTransactionOutputValue{
+				Amount: testCollateralReturnAmountBad,
+			},
+		}
+		err := babbage.UtxoValidateCollateralEqBalance(
+			testTx,
+			testSlot,
+			missingUtxoLedgerState,
+			testProtocolParams,
+		)
+		if err != nil {
+			t.Errorf("Should skip collateral return validation if collBalance == 0. Got error: %v", err)
+		}
+	})
 }
 
 func TestUtxoValidateTooManyCollateralInputs(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -184,11 +184,19 @@ func UtxoValidateCollateralEqBalance(`
`184`	`184`	`}`
`185`	`185`	`collBalance += utxo.Output.Amount()`
`186`	`186`	`}`
`187`		`- // Subtract collateral return amount`
	`187`	`+`
	`188`	`+ // Skip validation if no valid collateral UTxOs were found`
	`189`	`+ // This avoids subtracting from zero and prevents uint underflow`
	`190`	`+ if collBalance == 0 {`
	`191`	`+ return nil`
	`192`	`+ }`
	`193`	`+`
	`194`	`+ // Subtract collateral return amount with underflow protection`
`188`	`195`	`collReturn := tx.CollateralReturn()`
`189`		`- if collReturn != nil {`
	`196`	`+ if collReturn != nil && collBalance >= collReturn.Amount() {`
`190`	`197`	`collBalance -= collReturn.Amount()`
`191`	`198`	`}`
	`199`	`+`
`192`	`200`	`if totalCollateral == collBalance {`
`193`	`201`	`return nil`
`194`	`202`	`}`