Skip to content

TIP-20 Overflow Detection Missing Detailed Logging #2318

Open
Open
TIP-20 Overflow Detection Missing Detailed Logging#2318
@aquariusluo

Description

@aquariusluo
aquariusluo
opened on Jan 29, 2026

Describe the bug

Affected Component

TIP-20 Token Precompile (crates/precompiles/src/tip20/mod.rs)

Description

The TIP-20 token precompile detects overflow/underflow conditions in critical operations (mint, transfer, burn) but does not provide sufficient logging information when these errors occur. This makes debugging overflow scenarios extremely difficult in production environments.

When an overflow is detected, the precompile returns a generic PanicKind::UnderOverflow error without logging:

  • Which operation failed (mint/transfer/burn)
  • Which account was involved
  • Current balance/supply values
  • The amount that caused the overflow
  • Supply cap constraints

Root Cause

The overflow detection uses ok_or(TempoPrecompileError::under_overflow()) which creates the error inline without context:

// BEFORE (insufficient logging)
let new_supply = total_supply
    .checked_add(amount)
    .ok_or(TempoPrecompileError::under_overflow())?;

This should be replaced with ok_or_else(|| { ... }) to enable logging at the error site:

// AFTER (with detailed logging)
let new_supply = total_supply
    .checked_add(amount)
    .ok_or_else(|| {
        tracing::error!(
            total_supply = %total_supply,
            amount = %amount,
            supply_cap = %self.supply_cap(),
            "TIP20 mint: total supply overflow detected"
        );
        TempoPrecompileError::under_overflow()
    })?;

Affected Operations

  1. Mint - Total Supply Overflow: When total_supply + amount exceeds u128::MAX or supply_cap
  2. Mint - Balance Overflow: When recipient_balance + amount would overflow
  3. Transfer - Sender Underflow: When sender_balance < amount (insufficient balance)
  4. Transfer - Recipient Overflow: When recipient_balance + amount would overflow
  5. Burn - Opted-in Supply Underflow: When opted-in supply accounting underflows
  6. Fee Refund - Opted-in Supply Overflow: When opted-in supply accounting overflows during refund

Steps to reproduce

Scenario 1: Mint Total Supply Overflow

  1. Deploy a TIP-20 token with a supply cap set to a specific value
  2. Mint tokens up to the supply cap
  3. Attempt to mint additional tokens that would exceed the cap
  4. Observe that the transaction reverts with PanicKind::UnderOverflow
  5. Check logs - no detailed information about:
    • Current total supply
    • Amount being minted
    • Supply cap value

Expected: Logs showing the exact values that caused overflow
Actual: Generic error with no diagnostic information

Scenario 2: Mint Balance Overflow

  1. Create a TIP-20 token
  2. Mint u128::MAX tokens to an address
  3. Attempt to mint additional tokens to the same address
  4. Transaction reverts with overflow
  5. No logs indicate which address or what balance/amount values were involved

Logs

Platform(s)

Linux (x86)

Container Type

Not running in a container

What version/commit are you on?

v1.0.2 - the Presto release

If you've built from source, provide the full command you used

No response

Code of Conduct

  • I agree to follow the Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions