From 2515d6c6c5b5ad89401f0c9bb2666f7e7a4250ef Mon Sep 17 00:00:00 2001
From: Daniel Liu <139250065@qq.com>
Date: Sat, 28 Feb 2026 20:59:52 +0800
Subject: [PATCH] fix(trie): fix embedded node size validation #33803 (#2047)

The `decodeRef` function used `size > hashLen` to reject oversized
embedded nodes, but this incorrectly allowed nodes of exactly 32 bytes
through. The encoding side (hasher.go, stacktrie.go) consistently uses
`len(enc) < 32` to decide whether to embed a node inline, meaning nodes
of 32+ bytes are always hash-referenced. The error message itself
already stated `want size < 32`, confirming the intended threshold.
Changed `size > hashLen` to `size >= hashLen` in `decodeRef` to align
the decoding validation with the encoding logic, the Yellow Paper spec,
and the surrounding comments.

Co-authored-by: sashass1315 <sashass1315@gmail.com>
---
 trie/node.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/trie/node.go b/trie/node.go
index d9903476b9..5dc3f0fc09 100644
--- a/trie/node.go
+++ b/trie/node.go
@@ -215,8 +215,8 @@ func decodeRef(buf []byte) (node, []byte, error) {
 	case kind == rlp.List:
 		// 'embedded' Node reference. The encoding must be smaller
 		// than a hash in order to be valid.
-		if size := len(buf) - len(rest); size > hashLen {
-			err := fmt.Errorf("oversized embedded Node (size is %d bytes, want size < %d)", size, hashLen)
+		if size := len(buf) - len(rest); size >= hashLen {
+			err := fmt.Errorf("oversized embedded node (size is %d bytes, want size < %d)", size, hashLen)
 			return nil, buf, err
 		}
 		n, err := decodeNode(nil, buf)