[Bug] "insufficient funds for gas * price + value" Error with AwsSigner

[musitdev]

Component

signers

What version of Alloy are you on?

86b46b9

Operating System

Linux

Describe the bug

I try to use Alloy crate with AWS KMS and I always have the same error:
{ code: -32000, message: "insufficient funds for gas * price + value: balance 1000032000, tx cost 29077834524000005, overshot 29077833523968005", data: None }

I've done the test with Anvil and Sepolia network and I get the same result.
I test by signing a simple transfer Tx. I've funded the account before doing the transfer.
What surprise me is the tx cost 45317401308000005 that is very, very high, that why I suspect an issue in the way the Tx is signed.
I try the same program with the default Alloy signer and it works.
I've tested with different version of Alloy too.

Perhaps someone has already got this error?

The program I made is:
mains.rs

use alloy::node_bindings::Anvil;
use alloy::providers::{Provider, ProviderBuilder};
use alloy::rpc::types::TransactionRequest;
use alloy::signers::local::PrivateKeySigner;
use alloy_network::EthereumWallet;
use alloy_network::TransactionBuilder;
use alloy_network::TxSigner;
use alloy_primitives::U256;
use alloy_signer_aws::AwsSigner;
use std::env;

#[tokio::main]
async fn main() {
   // Start Anvil
   let anvil = Anvil::new().port(8545u16).arg("-vvvvv").spawn();
   let rpc_url = anvil.endpoint_url();
   let chain_id = anvil.chain_id();

   // Use AWS KMS
   let _access_key = env::var("AWS_ACCESS_KEY").expect("AWS_ACCESS_KEY not set");
   let _secret_key = env::var("AWS_SECRET_KEY").expect("AWS_SECRET_KEY not set");
   let key_id = env::var("AWS_KEY_ID").expect("AWS_KEY_ID not set");

   println!("key_id:{key_id}");

   let config = aws_config::load_from_env().await;
   let client = aws_sdk_kms::Client::new(&config);
   let signer = AwsSigner::new(client, key_id, Some(chain_id))
       .await
       .unwrap();
   let address = signer.address();

   let key_provider = ProviderBuilder::new()
       .with_recommended_fillers()
       .wallet(EthereumWallet::new(signer))
       .on_builtin(&rpc_url.to_string())
       .await
       .unwrap();

   let admin: PrivateKeySigner = anvil.keys()[1].clone().into();
   let admin_address = admin.address();
   let admin_provider = ProviderBuilder::new()
       .with_recommended_fillers()
       .wallet(EthereumWallet::new(admin))
       .on_builtin(&rpc_url.to_string())
       .await
       .unwrap();

   //transfer some eth to the AWS account.
   let tx = TransactionRequest::default()
       .with_to(address)
       .with_value(U256::from(1000000000));
   let receipt = admin_provider
       .send_transaction(tx)
       .await
       .unwrap()
       .get_receipt()
       .await
       .unwrap();
   println!("Admin -> Key receipt: {receipt:?}",);

   let account = key_provider.get_accounts().await;
   println!("Account: {:?}", account);
   let balance = key_provider.get_balance(address).await;
   println!("Balance: {:?}", balance);

   //transfer back some eth.
   let tx = TransactionRequest::default()
       .with_from(address)
       .with_to(admin_address)
       .with_value(U256::from(5));
   //        .gas_limit(3000000);
   println!("Tx from {:?}", tx.from);

   let receipt = key_provider.send_transaction(tx).await; //.get_receipt().await?;
   println!("Key -> Admin receipt: {receipt:?}",);
}

Cargo.toml

[package]
name = "testawssigning"
version = "0.0.1"
edition = "2021"
license = "MIT OR Apache-2.0"

[dependencies]
alloy = { git = "https://github.com/alloy-rs/alloy.git", package = "alloy", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9", features = [
   "node-bindings",
   "rpc-types-trace",
   "json-rpc",
   "json-abi",
   "rpc-client",
   "signers",
   "signer-yubihsm",
   "pubsub",
   "providers",
] }
alloy-network = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9" }
alloy-primitives = { version = "0.7.2", default-features = false }
alloy-consensus = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9" }
alloy-provider = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9", features = [
   "ws",
] }
alloy-rlp = "0.3.5"
alloy-rpc-types = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9" }
alloy-sol-types = { version = "0.7.2", features = ["json"] }
alloy-signer = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9" }
alloy-transport = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9" }
alloy-transport-http = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9", features = ["reqwest-rustls-tls"] }

k256 = "0.13.4"

aws-types = "1.3.3"
aws-config = { version = "1.1.7", features = ["behavior-version-latest"] }
aws-sdk-s3 = "1.42.0"
aws-sdk-kms = "1.51.0"

anyhow = "1.0.95"
tokio = { version = "1.42.0", features = ["full"] }
alloy-signer-aws = { git = "https://github.com/alloy-rs/alloy.git", rev = "86b46b93c9911f0baf4d6f3f697f28b3bb3609c9" }

ethereum-types = "0.11"
keccak-hash = "0.10"
hex = "0.4"
sha3 = "0.10.8"

[KevinSheeranxyj]

I encountered this bug as well recently

[musitdev]

Could you let me know if you found a solution or a workaround?

[DaniPopes]

Could you perhaps check the difference between the raw RPC requests when using AWS vs local signer? The signer should not have an impact on the costs of a transaction.

You can view the raw requests and responses by registering a tracing_subscriber and running with RUST_LOG=alloy=trace.