From 38ce04bd5da13d450ed34eac9c51913850fa50f8 Mon Sep 17 00:00:00 2001
From: Mikhail Kalinin <noblesse.knight@gmail.com>
Date: Mon, 3 Mar 2025 17:32:16 +0600
Subject: [PATCH] Update EIP-7251: add fee limit check to fee overpayment
 section

Merged by EIP-Bot.
---
 EIPS/eip-7251.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/EIPS/eip-7251.md b/EIPS/eip-7251.md
index 4d3029e3c2ebc3..3c3a9ed755e0f2 100644
--- a/EIPS/eip-7251.md
+++ b/EIPS/eip-7251.md
@@ -632,7 +632,7 @@ This proposal maintains the activation and exit churn invariants limiting active
 Calls to the system contract require a fee payment defined by the current contract state. Overpaid fees are not returned to the caller. It is not generally possible to compute the exact required fee amount ahead of time. When adding a consolidation request from a contract, the contract can perform a read operation to check for the current fee and then pay exactly the required amount. Here is an example in Solidity:
 
 ```
-function addConsolidation(bytes memory srcPubkey, bytes memory targetPubkey) private {
+function addConsolidation(bytes memory srcPubkey, bytes memory targetPubkey, uint64 requestFeeLimit) private {
     assert(srcPubkey.length == 48);
     assert(targetPubkey.length == 48);
 
@@ -643,6 +643,11 @@ function addConsolidation(bytes memory srcPubkey, bytes memory targetPubkey) pri
     }
     uint256 fee = uint256(bytes32(feeData));
 
+    // Check the fee is not too high.
+    if (fee > requestFeeLimit) {
+        revert('fee is too high');
+    }
+
     // Add the request.
     bytes memory callData = bytes.concat(srcPubkey, targetPubkey);
     (bool writeOK,) = ConsolidationsContract.call{value: fee}(callData);
@@ -654,6 +659,8 @@ function addConsolidation(bytes memory srcPubkey, bytes memory targetPubkey) pri
 
 Note: the system contract uses the EVM `CALLER` operation (Solidity: `msg.sender`) to get the address used in the consolidation request, i.e. the address that calls the system contract must match the 0x01 withdrawal credential recorded in the beacon state.
 
+Note: the above code reverts if the fee is too high, the fee can change significantly between creation of a consolidation request transation and its inclusion into a block, thus, this check is very important to avoid overpayments.
+
 Using an EOA to request consolidations will always result in overpayment of fees. There is no way for an EOA to use a wrapper contract to request a consolidation. And even if a way existed, the gas cost of returning the overage would likely be higher than the overage itself. If requesting consolidations from an EOA to the system contract is desired, we recommend that users perform transaction simulations to estimate a reasonable fee amount to send.
 
 ### Consolidation queue hard limit