Fix issue with mulSub borrows

Signed-off-by: Luis Pinto <luis.pinto@consensys.net>

Author: lu-pinto

evm/src/main/java/org/hyperledger/besu/evm/UInt256.java

@@ -1407,8 +1407,11 @@ private UInt192 mulSub(final long v2, final long v1, final long v0, final long q
       carry = p1 + ((Long.compareUnsigned(v1, res) < 0) ? 1 : 0);
 
       // Propagate overflows (borrows)
-      long z2 = v2 - carry - borrow;
-      borrow = (Long.compareUnsigned(v2, z2) < 0) ? 1 : 0;
+      long t2 = v2 - carry;
+      long z2 = t2 - borrow;
+      borrow =
+          ((Long.compareUnsigned(v2, t2) < 0) ? 1 : 0)
+              | ((Long.compareUnsigned(t2, z2) < 0) ? 1 : 0);
 
       if (borrow != 0) return addBack(z2, z1, z0); // unlikely
       return new UInt192(z2, z1, z0);
@@ -1620,14 +1623,21 @@ private UInt256 mulSub(
 
       p0 = u2 * q;
       p1 = Math.unsignedMultiplyHigh(u2, q);
-      res = v2 - p0 - borrow;
+      long t2 = v2 - p0;
+      res = t2 - borrow;
       long z2 = res - carry;
       borrow = (Long.compareUnsigned(res, z2) < 0) ? 1 : 0;
-      carry = p1 + ((Long.compareUnsigned(v2, res) < 0) ? 1 : 0);
+      carry =
+          p1
+              + ((Long.compareUnsigned(v2, t2) < 0) ? 1 : 0)
+              + ((Long.compareUnsigned(t2, res) < 0) ? 1 : 0);
 
       // Propagate overflows (borrows)
-      long z3 = v3 - carry - borrow;
-      borrow = (Long.compareUnsigned(v3, z3) < 0) ? 1 : 0;
+      long t3 = v3 - carry;
+      long z3 = t3 - borrow;
+      borrow =
+          ((Long.compareUnsigned(v3, t3) < 0) ? 1 : 0)
+              | ((Long.compareUnsigned(t3, z3) < 0) ? 1 : 0);
 
       if (borrow != 0) return addBack(z3, z2, z1, z0);
       return new UInt256(z3, z2, z1, z0);

evm/src/test/java/org/hyperledger/besu/evm/UInt256Test.java

@@ -462,6 +462,25 @@ public void mulMod_Modulus256_mulSubOverflow() {
     assertThat(remainder).isEqualTo(expected);
   }
 
+  @Test
+  public void mulMod_ExecutionSpecStateTest_104() {
+    Bytes value0 =
+      Bytes.fromHexString("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe");
+    Bytes value1 =
+      Bytes.fromHexString("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe");
+    Bytes value2 =
+      Bytes.fromHexString("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe");
+    BigInteger aInt = new BigInteger(1, value0.toArrayUnsafe());
+    BigInteger bInt = new BigInteger(1, value1.toArrayUnsafe());
+    BigInteger cInt = new BigInteger(1, value2.toArrayUnsafe());
+    UInt256 a = UInt256.fromBytesBE(value0.toArrayUnsafe());
+    UInt256 b = UInt256.fromBytesBE(value1.toArrayUnsafe());
+    UInt256 c = UInt256.fromBytesBE(value2.toArrayUnsafe());
+    Bytes32 remainder = Bytes32.leftPad(Bytes.wrap(a.mulMod(b, c).toBytesBE()));
+    Bytes32 expected = bigIntTo32B(aInt.multiply(bInt).mod(cInt));
+    assertThat(remainder).isEqualTo(expected);
+  }
+
   @Test
   public void mulMod_ExecutionSpecStateTest_457() {
     Bytes value0 =