txpool: introduce MaxTxGasLimit feature to enforce per-transaction gas limits (#626)

Adds a new flag `--txpool.maxtxgas` which represents the maximum gas limit for individual transactions (0 = no limit) when added to the mempool. Transactions exceeding this limit will be rejected by the transaction pool.

Co-authored-by: Mark Tyneway <[email protected]>

Author: niran

cmd/geth/main.go

@@ -86,6 +86,7 @@ var (
 		utils.TxPoolAccountQueueFlag,
 		utils.TxPoolGlobalQueueFlag,
 		utils.TxPoolLifetimeFlag,
+		utils.TxPoolMaxTxGasLimitFlag,
 		utils.BlobPoolDataDirFlag,
 		utils.BlobPoolDataCapFlag,
 		utils.BlobPoolPriceBumpFlag,

cmd/utils/flags.go

@@ -478,6 +478,12 @@ var (
 		Value:    ethconfig.Defaults.TxPool.Lifetime,
 		Category: flags.TxPoolCategory,
 	}
+	TxPoolMaxTxGasLimitFlag = &cli.Uint64Flag{
+		Name:     "txpool.maxtxgas",
+		Usage:    "Maximum gas limit for individual transactions (0 = no limit). Transactions exceeding this limit will be rejected by the transaction pool",
+		Value:    0,
+		Category: flags.TxPoolCategory,
+	}
 	// Blob transaction pool settings
 	BlobPoolDataDirFlag = &cli.StringFlag{
 		Name:     "blobpool.datadir",
@@ -1671,6 +1677,9 @@ func setTxPool(ctx *cli.Context, cfg *legacypool.Config) {
 		// it to avoid accepting transactions that can never be included in a block.
 		cfg.EffectiveGasCeil = ctx.Uint64(MinerEffectiveGasLimitFlag.Name)
 	}
+	if ctx.IsSet(TxPoolMaxTxGasLimitFlag.Name) {
+		cfg.MaxTxGasLimit = ctx.Uint64(TxPoolMaxTxGasLimitFlag.Name)
+	}
 }
 
 func setBlobPool(ctx *cli.Context, cfg *blobpool.Config) {

core/txpool/errors.go

@@ -67,4 +67,8 @@ var (
 	// ErrInflightTxLimitReached is returned when the maximum number of in-flight
 	// transactions is reached for specific accounts.
 	ErrInflightTxLimitReached = errors.New("in-flight transaction limit reached for delegated accounts")
+
+	// ErrTxGasLimitExceeded is returned if a transaction's gas limit exceeds the
+	// configured maximum per-transaction limit.
+	ErrTxGasLimitExceeded = errors.New("exceeds maximum per-transaction gas limit")
 )

core/txpool/legacypool/legacypool.go

@@ -158,6 +158,7 @@ type Config struct {
 	Lifetime time.Duration // Maximum amount of time non-executable transaction are queued
 
 	EffectiveGasCeil uint64 // OP-Stack: if non-zero, a gas ceiling to enforce independent of the header's gaslimit value
+	MaxTxGasLimit    uint64 // Maximum gas limit allowed per individual transaction
 
 	// FilterInterval defines how often already-added transactions are rechecked
 	// against ingress filters.
@@ -177,6 +178,8 @@ var DefaultConfig = Config{
 	AccountQueue: 64,
 	GlobalQueue:  1024,
 
+	MaxTxGasLimit: 0, // 0 means no limit (default behavior)
+
 	Lifetime:       3 * time.Hour,
 	FilterInterval: 12 * time.Second,
 }
@@ -652,6 +655,7 @@ func (pool *LegacyPool) ValidateTxBasics(tx *types.Transaction) error {
 		MaxSize:          txMaxSize,
 		MinTip:           pool.gasTip.Load().ToBig(),
 		EffectiveGasCeil: pool.config.EffectiveGasCeil,
+		MaxTxGasLimit:    pool.config.MaxTxGasLimit,
 	}
 	return txpool.ValidateTransaction(tx, pool.currentHead.Load(), pool.signer, opts)
 }

core/txpool/legacypool/legacypool_test.go

@@ -219,12 +219,17 @@ func (f *dummyFilter) FilterTx(ctx context.Context, tx *types.Transaction) bool
 }
 
 func setupPoolWithConfig(config *params.ChainConfig) (*LegacyPool, *ecdsa.PrivateKey) {
+	return setupPoolWithTxPoolConfig(config, testTxPoolConfig)
+}
+
+// setupPoolWithTxPoolConfig creates a new pool with custom pool configuration
+func setupPoolWithTxPoolConfig(chainConfig *params.ChainConfig, poolConfig Config) (*LegacyPool, *ecdsa.PrivateKey) {
 	statedb, _ := state.New(types.EmptyRootHash, state.NewDatabaseForTesting())
-	blockchain := newTestBlockChain(config, 10000000, statedb, new(event.Feed))
+	blockchain := newTestBlockChain(chainConfig, 10000000, statedb, new(event.Feed))
 
 	key, _ := crypto.GenerateKey()
-	pool := New(testTxPoolConfig, blockchain)
-	if err := pool.Init(testTxPoolConfig.PriceLimit, blockchain.CurrentBlock(), newReserver()); err != nil {
+	pool := New(poolConfig, blockchain)
+	if err := pool.Init(poolConfig.PriceLimit, blockchain.CurrentBlock(), newReserver()); err != nil {
 		panic(err)
 	}
 	// wait for the pool to initialize
@@ -2767,3 +2772,51 @@ func BenchmarkMultiAccountBatchInsert(b *testing.B) {
 		pool.addRemotesSync([]*types.Transaction{tx})
 	}
 }
+
+func TestTxPoolMaxTxGasLimit(t *testing.T) {
+	t.Parallel()
+
+	// Create custom config with MaxTxGasLimit set
+	config := testTxPoolConfig
+	config.MaxTxGasLimit = 50000
+
+	pool, key := setupPoolWithTxPoolConfig(params.TestChainConfig, config)
+	defer pool.Close()
+
+	// Create transaction that exceeds the limit
+	tx := transaction(0, 100000, key) // gas limit > 50000
+	from, _ := deriveSender(tx)
+	testAddBalance(pool, from, big.NewInt(1000000))
+
+	// Should be rejected
+	if err := pool.addRemoteSync(tx); !errors.Is(err, txpool.ErrTxGasLimitExceeded) {
+		t.Errorf("Expected ErrTxGasLimitExceeded, got %v", err)
+	}
+
+	// Create transaction within the limit
+	tx2 := transaction(0, 30000, key) // gas limit < 50000
+	if err := pool.addRemoteSync(tx2); err != nil {
+		t.Errorf("Expected transaction within limit to be accepted, got %v", err)
+	}
+}
+
+func TestTxPoolMaxTxGasLimitDisabled(t *testing.T) {
+	t.Parallel()
+
+	// Test with default config (MaxTxGasLimit = 0, disabled)
+	config := testTxPoolConfig
+	config.MaxTxGasLimit = 0
+
+	pool, key := setupPoolWithTxPoolConfig(params.TestChainConfig, config)
+	defer pool.Close()
+
+	// Create transaction with high gas limit
+	tx := transaction(0, 100000, key)
+	from, _ := deriveSender(tx)
+	testAddBalance(pool, from, big.NewInt(1000000))
+
+	// Should be accepted since MaxTxGasLimit is disabled (0)
+	if err := pool.addRemoteSync(tx); err != nil {
+		t.Errorf("Expected transaction to be accepted when MaxTxGasLimit is disabled, got %v", err)
+	}
+}

core/txpool/validation.go

@@ -66,6 +66,7 @@ type ValidationOptions struct {
 	MinTip  *big.Int // Minimum gas tip needed to allow a transaction into the caller pool
 
 	EffectiveGasCeil uint64 // if non-zero, a gas ceiling to enforce independent of the header's gaslimit value
+	MaxTxGasLimit    uint64 // Maximum gas limit allowed per individual transaction
 }
 
 // ValidationFunction is an method type which the pools use to perform the tx-validations which do not
@@ -125,6 +126,10 @@ func ValidateTransaction(tx *types.Transaction, head *types.Header, signer types
 	if EffectiveGasLimit(opts.Config, head.GasLimit, opts.EffectiveGasCeil) < tx.Gas() {
 		return ErrGasLimit
 	}
+	// Check individual transaction gas limit if configured
+	if opts.MaxTxGasLimit != 0 && tx.Gas() > opts.MaxTxGasLimit {
+		return fmt.Errorf("%w: transaction gas %v, limit %v", ErrTxGasLimitExceeded, tx.Gas(), opts.MaxTxGasLimit)
+	}
 	// Sanity check for extremely large numbers (supported by RLP or RPC)
 	if tx.GasFeeCap().BitLen() > 256 {
 		return core.ErrFeeCapVeryHigh

core/txpool/validation_test.go

@@ -0,0 +1,112 @@
+// Copyright 2025 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package txpool
+
+import (
+	"errors"
+	"math/big"
+	"testing"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/params"
+)
+
+func TestValidateTransactionMaxTxGasLimit(t *testing.T) {
+	// Create a test private key and signer
+	key, _ := crypto.GenerateKey()
+	signer := types.NewEIP155Signer(big.NewInt(1))
+
+	tests := []struct {
+		name          string
+		maxTxGasLimit uint64
+		txGasLimit    uint64
+		expectError   bool
+		expectedError error
+	}{
+		{
+			name:          "No limit set",
+			maxTxGasLimit: 0,
+			txGasLimit:    1000000,
+			expectError:   false,
+		},
+		{
+			name:          "Under limit",
+			maxTxGasLimit: 100000,
+			txGasLimit:    50000,
+			expectError:   false,
+		},
+		{
+			name:          "At limit",
+			maxTxGasLimit: 100000,
+			txGasLimit:    100000,
+			expectError:   false,
+		},
+		{
+			name:          "Over limit",
+			maxTxGasLimit: 100000,
+			txGasLimit:    150000,
+			expectError:   true,
+			expectedError: ErrTxGasLimitExceeded,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			// Create test transaction with specified gas limit
+			tx := types.NewTransaction(0, common.Address{}, big.NewInt(0), test.txGasLimit, big.NewInt(1000000000), nil)
+
+			// Sign the transaction
+			signedTx, err := types.SignTx(tx, signer, key)
+			if err != nil {
+				t.Fatalf("Failed to sign transaction: %v", err)
+			}
+
+			// Create minimal validation options
+			opts := &ValidationOptions{
+				Config:        params.TestChainConfig,
+				Accept:        1 << types.LegacyTxType,
+				MaxSize:       32 * 1024,
+				MinTip:        big.NewInt(0),
+				MaxTxGasLimit: test.maxTxGasLimit,
+			}
+
+			// Create test header with high gas limit to not interfere
+			header := &types.Header{
+				Number:     big.NewInt(1),
+				GasLimit:   10000000,
+				Time:       0,
+				Difficulty: big.NewInt(0),
+			}
+
+			err = ValidateTransaction(signedTx, header, signer, opts)
+
+			if test.expectError {
+				if err == nil {
+					t.Errorf("Expected error but got none")
+				} else if !errors.Is(err, test.expectedError) {
+					t.Errorf("Expected error %v, got %v", test.expectedError, err)
+				}
+			} else {
+				if err != nil {
+					t.Errorf("Unexpected error: %v", err)
+				}
+			}
+		})
+	}
+}