fix(evm): correct CALL gas and stipend accounting

ECNUyhy · ECNUyhy · commit 4669ccaad6f9 · 2026-01-29T14:40:27.000Z
diff --git a/src/compiler/evm_frontend/evm_imported.cpp b/src/compiler/evm_frontend/evm_imported.cpp
@@ -886,27 +886,15 @@ static uint64_t evmHandleCallInternal(zen::runtime::EVMInstance *Instance,
 
   uint64_t CallGas = Gas;
   bool HasEnoughBalance = true;
-  if (HasValueArgs && HasValue) {
-    const auto CallerBalance = Module->Host->get_balance(CurrentMsg->recipient);
-    const intx::uint256 CallerValue =
-        intx::be::load<intx::uint256>(CallerBalance);
-    HasEnoughBalance = CallerValue >= intx::uint256(Value);
-  }
 
   if (HasValueArgs) {
     std::optional<bool> AccountState;
     uint64_t GasCost = HasValue ? zen::evm::CALL_VALUE_COST : 0;
-    if (HasValue && !HasEnoughBalance) {
-      GasCost -= zen::evm::CALL_GAS_STIPEND;
-    }
     if (CallKind == EVMC_CALL) {
       if (HasValue || Instance->getRevision() < EVMC_SPURIOUS_DRAGON) {
         AccountState = Module->Host->account_exists(TargetAddr);
         if (!AccountState.value()) {
           GasCost += zen::evm::ACCOUNT_CREATION_COST;
-          if (HasValue && HasEnoughBalance) {
-            GasCost -= zen::evm::CALL_GAS_STIPEND;
-          }
         }
       }
     }
@@ -924,11 +912,16 @@ static uint64_t evmHandleCallInternal(zen::runtime::EVMInstance *Instance,
   }
 
   if (HasValueArgs && HasValue) {
+    CallGas += zen::evm::CALL_GAS_STIPEND;
+    Instance->addGas(zen::evm::CALL_GAS_STIPEND);
+    const auto CallerBalance = Module->Host->get_balance(CurrentMsg->recipient);
+    const intx::uint256 CallerValue =
+        intx::be::load<intx::uint256>(CallerBalance);
+    HasEnoughBalance = CallerValue >= intx::uint256(Value);
     if (!HasEnoughBalance) {
       Instance->setReturnData({});
       return 0;
     }
-    CallGas += zen::evm::CALL_GAS_STIPEND;
   }
 
   uint8_t *MemoryBase = Instance->getMemoryBase();
@@ -972,11 +965,6 @@ static uint64_t evmHandleCallInternal(zen::runtime::EVMInstance *Instance,
     GasLeft = 0;
   }
   uint64_t GasUsed = CallGas > GasLeft ? CallGas - GasLeft : 0;
-  if (HasValue) {
-    GasUsed = GasUsed > zen::evm::CALL_GAS_STIPEND
-                  ? GasUsed - zen::evm::CALL_GAS_STIPEND
-                  : 0;
-  }
   if (GasUsed > 0) {
     Instance->chargeGas(GasUsed);
   }
diff --git a/src/evm/opcode_handlers.cpp b/src/evm/opcode_handlers.cpp
@@ -1332,11 +1332,6 @@ void CallHandler::doExecute() {
 
   const bool TransfersValue = NeedValue && Value != 0;
   bool HasEnoughBalance = true;
-  if (TransfersValue) {
-    const auto CallerBalance = intx::be::load<intx::uint256>(
-        Frame->Host->get_balance(Frame->Msg.recipient));
-    HasEnoughBalance = CallerBalance >= Value;
-  }
 
   // Map opcode to evmc_call_kind
   evmc_call_kind CallKind;
@@ -1365,15 +1360,13 @@ void CallHandler::doExecute() {
 
   // Charge CALL_VALUE_COST only if actually transferring value (EIP-150)
   int64_t Cost = TransfersValue ? CALL_VALUE_COST : 0;
-  if (TransfersValue && !HasEnoughBalance) {
-    Cost -= CALL_GAS_STIPEND;
-  }
 
   if (OpCode == OP_CALL || OpCode == OP_CALLCODE) {
-    if (OpCode == OP_CALL && TransfersValue && HasEnoughBalance &&
-        !Frame->Host->account_exists(Dest)) {
-      Cost += ACCOUNT_CREATION_COST;
-      Cost -= CALL_GAS_STIPEND;
+    if (OpCode == OP_CALL &&
+        (TransfersValue || currentRevision() < EVMC_SPURIOUS_DRAGON)) {
+      if (!Frame->Host->account_exists(Dest)) {
+        Cost += ACCOUNT_CREATION_COST;
+      }
     }
   }
 
@@ -1433,6 +1426,10 @@ void CallHandler::doExecute() {
 
   if (TransfersValue) {
     NewMsg.gas += CALL_GAS_STIPEND;
+    Frame->Msg.gas += CALL_GAS_STIPEND;
+    const auto CallerBalance = intx::be::load<intx::uint256>(
+        Frame->Host->get_balance(Frame->Msg.recipient));
+    HasEnoughBalance = CallerBalance >= Value;
     if (!HasEnoughBalance) {
       Context->setStatus(EVMC_SUCCESS); // "Light" failure
       return;
@@ -1463,9 +1460,6 @@ void CallHandler::doExecute() {
     GasLeft = 0;
   }
   uint64_t GasUsed = CallGas > GasLeft ? CallGas - GasLeft : 0;
-  if (TransfersValue) {
-    GasUsed = GasUsed > CALL_GAS_STIPEND ? GasUsed - CALL_GAS_STIPEND : 0;
-  }
   chargeGas(Frame, GasUsed); // it's safe to charge gas here
 
   // Track subcall refund at Instance level
diff --git a/src/tests/evm_test_host.hpp b/src/tests/evm_test_host.hpp
@@ -490,15 +490,16 @@ class ZenMockedEVMHost : public evmc::MockedHost {
       if (Msg.kind == EVMC_CALL && !applyCallValueTransfer(Msg)) {
         return ParentResult;
       }
-      if (FeesPrepaidInTx && Msg.kind == EVMC_CALL &&
-          toUint256Bytes(Msg.value) != intx::uint256{0} &&
-          ParentResult.status_code == EVMC_SUCCESS) {
-        CallStipendRefund += CALL_GAS_STIPEND;
-      }
       if (ParentResult.status_code == EVMC_SUCCESS &&
           ParentResult.gas_left == 0) {
         ParentResult.gas_left = Msg.gas;
       }
+      if (FeesPrepaidInTx && Msg.kind == EVMC_CALL &&
+          toUint256Bytes(Msg.value) != intx::uint256{0} &&
+          ParentResult.status_code == EVMC_SUCCESS &&
+          ParentResult.gas_left < Msg.gas) {
+        CallStipendRefund += CALL_GAS_STIPEND;
+      }
       return ParentResult;
     }
 
