fix(pipe): use checked_add to prevent overflow in gas limit

[AshinGau]

Fixes gravity-audit#584 — integer overflow in filter_invalid_txs gas-limit accumulator.

Problem

tx_gas_limit_sum + tx_gas_limit > gas_limit at crates/pipe-exec-layer-ext-v2/execute/src/lib.rs:1249 is plain u64 + with no overflow check. Release builds wrap silently (no overflow-checks), so a byzantine proposer packing:

• tx₀.gas_limit = block.gas_limit (e.g. 1e9)
• tx₁.gas_limit = u64::MAX - tx₀.gas_limit + 1

makes sum + tx₁.gas_limit wrap to 0, the > gas_limit check returns false, and tx₁ slips past the filter. Downstream revm rejects tx₁ with CallerGasLimitMoreThanBlock, executor.execute(&block).unwrap_or_else(\|err\| panic!(...)) fires, and every honest validator panics at the same block → network-wide liveness halt.

Fix

Replace + with checked_add; treat both overflow and "sum exceeds gas_limit" as the same truncation case (same break path):

match tx_gas_limit_sum.checked_add(tx_gas_limit) {
    Some(new_sum) if new_sum <= gas_limit => {
        tx_gas_limit_sum = new_sum;
    }
    _ => { warn!(...); gas_limit_exceeded_tx_idx = idx; break; }
}

Semantics unchanged on all non-overflow inputs. Overflow now produces the same truncation result as a legitimately-too-large tx instead of being silently admitted.

[Richard1048576]

LGTM