Merge branch 'main' into ma/evm-rechecking-alignment

Author: mattac21

Makefile

@@ -374,17 +374,17 @@ test-rpc-compat-stop:
 
 .PHONY: localnet-start localnet-stop localnet-build-env localnet-build-nodes test-rpc-compat test-rpc-compat-stop mocks
 
-test-system: build-v05 build
+test-system: build-v06 build
 	mkdir -p ./tests/systemtests/binaries/
 	cp $(BUILDDIR)/evmd ./tests/systemtests/binaries/
 	cd tests/systemtests/Counter && forge build
 	$(MAKE) -C tests/systemtests test
 
-build-v05:
-	mkdir -p ./tests/systemtests/binaries/v0.5
-	git checkout v0.5.1
+build-v06:
+	mkdir -p ./tests/systemtests/binaries/v0.6
+	git checkout v0.6.0
 	make build
-	cp $(BUILDDIR)/evmd ./tests/systemtests/binaries/v0.5
+	cp $(BUILDDIR)/evmd ./tests/systemtests/binaries/v0.6
 	git checkout -
 
 mocks:

docs/migrations/v0.5.0_to_v0.6.0.md

@@ -10,12 +10,12 @@ import (
 )
 
 // UpgradeName defines the on-chain upgrade name for the sample EVMD upgrade
-// from v0.5.0 to v0.6.0.
+// from v0.6.0 to v0.7.0.
 //
 // NOTE: This upgrade defines a reference implementation of what an upgrade
 // could look like when an application is migrating from EVMD version
-// v0.4.0 to v0.5.x
-const UpgradeName = "v0.5.0-to-v0.6.0"
+// v0.6.x to v0.7.0.
+const UpgradeName = "v0.6.0-to-v0.7.0"
 
 func (app EVMD) RegisterUpgradeHandlers() {
 	app.UpgradeKeeper.SetUpgradeHandler(

docs/migrations/v0.6.x_to_v0.7.0.md

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/ecdsa"
 	"errors"
+	"fmt"
 	"math/big"
 	"strconv"
 	"sync"
@@ -629,6 +630,66 @@ type testMempoolDependencies struct {
 	accounts        []testAccount
 }
 
+// AdvanceNonce updates the mock vmKeeper to return newNonce for GetNonce(addr)
+// and a matching Account from GetAccount. Used to simulate chain-state advance
+// between blocks so legacypool's reactive reset path can observe the change.
+//
+// Assumes prior GetNonce/GetAccount expectations were registered with a
+// concrete common.Address argument (as setupMempool does). Expectations
+// registered with mock.Anything or other non-Address matchers would not match
+// the type assertion below and would survive — leaving stale entries that race
+// with the new ones.
+func (s *testMempoolDependencies) AdvanceNonce(t *testing.T, addr common.Address, newNonce uint64) {
+	t.Helper()
+	var toUnset []*mock.Call
+	for _, c := range s.vmKeeper.ExpectedCalls {
+		switch c.Method {
+		case "GetNonce":
+			if len(c.Arguments) >= 1 {
+				if a, ok := c.Arguments[0].(common.Address); ok && a == addr {
+					toUnset = append(toUnset, c)
+				}
+			}
+		case "GetAccount":
+			if len(c.Arguments) >= 2 {
+				if a, ok := c.Arguments[1].(common.Address); ok && a == addr {
+					toUnset = append(toUnset, c)
+				}
+			}
+		}
+	}
+	for _, c := range toUnset {
+		c.Unset() // acquires the mock's internal mutex
+	}
+	s.vmKeeper.On("GetNonce", addr).Return(newNonce).Maybe()
+	s.vmKeeper.On("GetAccount", mock.Anything, addr).Return(&statedb.Account{
+		Nonce:   newNonce,
+		Balance: uint256.NewInt(1e18),
+	}).Maybe()
+}
+
+// InstallNonceCheckingRechecker wires the EVM rechecker to reject txs whose
+// nonce is below the mock's GetAccount(sender).Nonce. Simulates the ante
+// handler's sequence check during reset's demoteUnexecutables.
+func (s *testMempoolDependencies) InstallNonceCheckingRechecker(t *testing.T) {
+	t.Helper()
+	signer := types.LatestSignerForChainID(big.NewInt(int64(constants.EighteenDecimalsChainID)))
+	s.evmRechecker.SetEVMRecheck(func(ctx sdk.Context, tx *types.Transaction) (sdk.Context, error) {
+		from, err := types.Sender(signer, tx)
+		if err != nil {
+			return ctx, nil
+		}
+		acc := s.vmKeeper.GetAccount(sdk.Context{}, from)
+		if acc == nil {
+			return ctx, nil
+		}
+		if tx.Nonce() < acc.Nonce {
+			return sdk.Context{}, fmt.Errorf("stale tx: nonce %d < chain %d", tx.Nonce(), acc.Nonce)
+		}
+		return ctx, nil
+	})
+}
+
 func setupMempoolWithAccounts(t *testing.T, numAccounts int) (*mempool.Mempool, testMempoolDependencies) {
 	t.Helper()
 
@@ -795,6 +856,173 @@ func createMsgEthereumTx(
 	return cosmosTx
 }
 
+// createMsgEthereum7702Tx builds a cosmos-wrapped MsgEthereumTx of type-04
+// (EIP-7702 SetCode) signed by senderKey with the supplied authorization
+// list. Each `auths` entry is signed by its `key` field with the embedded
+// nonce. Returns the cosmos-signed sdk.Tx and the underlying ethereum tx
+// for assertion convenience.
+func createMsgEthereum7702Tx(
+	t *testing.T,
+	txConfig client.TxConfig,
+	senderKey *ecdsa.PrivateKey,
+	txNonce uint64,
+	auths []types.SetCodeAuthorization,
+) sdk.Tx {
+	t.Helper()
+
+	chainID := vmtypes.GetEthChainConfig().ChainID
+	to := common.Address{0x55}
+	signedTx := types.MustSignNewTx(senderKey, types.LatestSignerForChainID(chainID), &types.SetCodeTx{
+		ChainID:   uint256.MustFromBig(chainID),
+		Nonce:     txNonce,
+		GasTipCap: uint256.NewInt(1),
+		GasFeeCap: uint256.NewInt(1e9),
+		Gas:       250000,
+		To:        to,
+		Value:     uint256.NewInt(0),
+		AuthList:  auths,
+	})
+
+	msg := &vmtypes.MsgEthereumTx{
+		Raw:  vmtypes.EthereumTx{Transaction: signedTx},
+		From: crypto.PubkeyToAddress(senderKey.PublicKey).Bytes(),
+	}
+
+	// priv=nil → PrepareEthTx skips re-signing (we already have a signed eth
+	// tx) and just wraps the message into a cosmos tx with the EVM extension
+	// option.
+	cosmosTx, err := evmtestutiltx.PrepareEthTx(txConfig, nil, msg)
+	require.NoError(t, err)
+	return cosmosTx
+}
+
+// signSetCodeAuth is a small wrapper around types.SignSetCode for tests.
+func signSetCodeAuth(t *testing.T, key *ecdsa.PrivateKey, nonce uint64) types.SetCodeAuthorization {
+	t.Helper()
+	chainID := vmtypes.GetEthChainConfig().ChainID
+	auth, err := types.SignSetCode(key, types.SetCodeAuthorization{
+		ChainID: *uint256.MustFromBig(chainID),
+		Address: common.Address{0x42},
+		Nonce:   nonce,
+	})
+	require.NoError(t, err)
+	return auth
+}
+
+// TestEvictsStaleTx covers eviction of stale txs via demoteUnexecutables →
+// RecheckEVM during reset, across three scenarios where the eager mechanism
+// can't or doesn't catch the chain advance.
+func TestEvictsStaleTx(t *testing.T) {
+	type scenario struct {
+		name         string
+		numAccounts  int
+		targetIdx    int      // account whose pool should drain
+		seedNonces   []uint64 // nonces to pre-seed for accounts[targetIdx]
+		finalize7702 func(t *testing.T, mp *mempool.Mempool, txConfig client.TxConfig, accs []testAccount)
+		advanceTo    uint64 // chain nonce to set for accounts[targetIdx]
+		// Expected eager-cache state for accounts[targetIdx] AFTER the test:
+		// expectsEager=false when no SetLatestNonce was triggered for the target;
+		// expectsEager=true with eagerNonce set when the eager path fired.
+		expectsEager bool
+		eagerNonce   uint64
+	}
+
+	cases := []scenario{
+		{
+			name:        "stale-sender-no-7702",
+			numAccounts: 1,
+			targetIdx:   0,
+			seedNonces:  []uint64{0},
+			advanceTo:   1,
+			// no RemoveWithReason call → eager cache untouched.
+			expectsEager: false,
+		},
+		{
+			name:        "authority-after-cross-account-7702",
+			numAccounts: 2,
+			targetIdx:   1,
+			seedNonces:  []uint64{0},
+			finalize7702: func(t *testing.T, mp *mempool.Mempool, txConfig client.TxConfig, accs []testAccount) {
+				t.Helper()
+				auths := []types.SetCodeAuthorization{signSetCodeAuth(t, accs[1].key, 1)}
+				cosmosTx := createMsgEthereum7702Tx(t, txConfig, accs[0].key, 0, auths)
+				require.NoError(t, mp.RemoveWithReason(context.Background(), cosmosTx, mempooltypes.RemoveReason{
+					Caller: mempooltypes.CallerRunTxFinalize,
+				}))
+			},
+			advanceTo: 1,
+			// Eager fires for sender (idx 0); authority (idx 1, the target) is invisible.
+			expectsEager: false,
+		},
+		{
+			name:        "sender-+1-gap-after-self-sponsored-7702",
+			numAccounts: 1,
+			targetIdx:   0,
+			seedNonces:  []uint64{0, 1},
+			finalize7702: func(t *testing.T, mp *mempool.Mempool, txConfig client.TxConfig, accs []testAccount) {
+				t.Helper()
+				auths := []types.SetCodeAuthorization{signSetCodeAuth(t, accs[0].key, 1)}
+				cosmosTx := createMsgEthereum7702Tx(t, txConfig, accs[0].key, 0, auths)
+				require.NoError(t, mp.RemoveWithReason(context.Background(), cosmosTx, mempooltypes.RemoveReason{
+					Caller: mempooltypes.CallerRunTxFinalize,
+				}))
+			},
+			advanceTo: 2,
+			// Eager fires for sender (== target) at tx.Nonce()=0; the +1 bump is reactive.
+			expectsEager: true,
+			eagerNonce:   0,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			mp, s := setupMempoolWithAccounts(t, tc.numAccounts)
+			txConfig, bus, accounts := s.txConfig, s.eventBus, s.accounts
+			target := accounts[tc.targetIdx]
+
+			require.NoError(t, bus.PublishEventNewBlockHeader(cmttypes.EventDataNewBlockHeader{
+				Header: cmttypes.Header{Height: 1, Time: time.Now(), ChainID: strconv.Itoa(constants.EighteenDecimalsChainID)},
+			}))
+			require.NoError(t, mp.GetTxPool().Sync())
+
+			for _, n := range tc.seedNonces {
+				tx := createMsgEthereumTx(t, txConfig, target.key, n, big.NewInt(1e8))
+				require.NoError(t, mp.Insert(context.Background(), tx))
+			}
+			require.NoError(t, mp.GetTxPool().Sync())
+
+			legacyPool := mp.GetTxPool().Subpools[0].(*legacypool.LegacyPool)
+			pending, _ := legacyPool.ContentFrom(target.address)
+			require.Len(t, pending, len(tc.seedNonces))
+
+			if tc.finalize7702 != nil {
+				tc.finalize7702(t, mp, txConfig, accounts)
+			}
+
+			s.InstallNonceCheckingRechecker(t)
+			s.AdvanceNonce(t, target.address, tc.advanceTo)
+
+			require.NoError(t, bus.PublishEventNewBlockHeader(cmttypes.EventDataNewBlockHeader{
+				Header: cmttypes.Header{Height: 2, Time: time.Now(), ChainID: strconv.Itoa(constants.EighteenDecimalsChainID)},
+			}))
+			require.NoError(t, mp.GetTxPool().Sync())
+
+			require.Eventually(t, func() bool {
+				p, q := legacyPool.ContentFrom(target.address)
+				return len(p) == 0 && len(q) == 0
+			}, time.Second, 10*time.Millisecond, "reset must evict stale tx")
+
+			got, ok := legacyPool.LatestNonce(target.address)
+			if tc.expectsEager {
+				require.True(t, ok, "eager cache should have an entry for target")
+				require.Equal(t, tc.eagerNonce, got)
+			} else {
+				require.False(t, ok, "no eager signal expected; eviction proves reactive path")
+			}
+		})
+	}
+}
+
 // decodeTxBytes decodes transaction bytes returned from ReapNewValidTxs back into an Ethereum transaction
 func decodeTxBytes(t *testing.T, txConfig client.TxConfig, txBytes []byte) *types.Transaction {
 	t.Helper()

evmd/upgrades.go

@@ -515,6 +515,8 @@ func (m *RecheckMempool) markTxRechecked(txn sdk.Tx) {
 // a higher nonce is dropped and rebuilt by the next recheck.
 func (m *RecheckMempool) markTxInserted(txn sdk.Tx) {
 	m.recheckedTxs.Do(func(store *CosmosTxStore) {
+		// If we invalidate any txs we can't execute this txn's antehandler sequence until the next rechecker.Update.
+		// This is because the invalidated txns have written their state to the Store's cache context already.
 		if store.InvalidateFrom(txn) > 0 {
 			return
 		}

mempool/mempool_test.go

@@ -88,8 +88,11 @@ func (r *TxRechecker) Update(ctx sdk.Context, header *ethtypes.Header) {
 	cached = cached.WithBlockGasMeter(storetypes.NewGasMeter(header.GasLimit))
 	cached = cached.WithGasMeter(storetypes.NewInfiniteGasMeter())
 	if cached.ConsensusParams().Block == nil {
-		// set the latest blocks gas limit as the max gas in cp. this is
-		// necessary to validate each tx's gas wanted
+		// On freshly-initialized contexts Block can be nil e.g.
+		// * the Start path before consensus params are populated
+		// * the EVM-side path where the ctx didn't come from CometBFT
+		// That would result in either dereference-panic or skipping the gas-wanted check during antehandler.
+		// Set the latest blocks gas limit as the max gas in cp to avoid this.
 		maxGas, err := utils.SafeInt64(header.GasLimit)
 		if err != nil {
 			panic(fmt.Errorf("converting evm block gas limit to int64: %w", err))

mempool/recheck_pool.go

@@ -21,8 +21,13 @@ func NewEthSignerExtractionAdapter(fallback mempool.SignerExtractionAdapter) Eth
 	return EthSignerExtractionAdapter{fallback}
 }
 
-// GetSigners implements the Adapter interface
-// NOTE: only the first item is used by the mempool
+// GetSigners returns the EVM tx sender. EIP-7702 authorities are NOT enumerated:
+// whether each authorization succeeds on chain (and therefore actually bumps
+// the authority's nonce) is unverifiable without chain state — a failed
+// authorization does not increment the nonce. Eagerly reporting auth.Nonce
+// would falsely evict legitimate pending txs from authorities whose auths
+// failed. Async reset catches authority nonce advances instead.
+// Non-EVM cosmos txs fall through to the SDK default.
 func (s EthSignerExtractionAdapter) GetSigners(tx sdk.Tx) ([]mempool.SignerData, error) {
 	if txWithExtensions, ok := tx.(authante.HasExtensionOptionsTx); ok {
 		opts := txWithExtensions.GetExtensionOptions()

mempool/rechecker.go

@@ -555,6 +555,13 @@ func (pool *LegacyPool) SetLatestNonce(sender common.Address, nonce uint64) {
 	}
 }
 
+// LatestNonce returns the most recently recorded latest-included nonce for
+// addr and whether an entry exists in the cache. Primarily useful for tests
+// and debugging.
+func (pool *LegacyPool) LatestNonce(addr common.Address) (uint64, bool) {
+	return pool.latestIncludedNonce.Get(addr)
+}
+
 // removeOlds removes txs that have been scheduled for removals from
 // list l for sender addr. Returns the txs successfully removed.
 func (pool *LegacyPool) removeOlds(addr common.Address, l *list, poolType PoolType) types.Transactions {