Skip to content

Harden EVM field-bloat validation#3073

Open
Kbhat1 wants to merge 2 commits intomainfrom
kartik/fix-evm-field-bloat-checks
Open

Harden EVM field-bloat validation#3073
Kbhat1 wants to merge 2 commits intomainfrom
kartik/fix-evm-field-bloat-checks

Conversation

@Kbhat1
Copy link
Contributor

@Kbhat1 Kbhat1 commented Mar 13, 2026
edited
Loading

Summary

  • reject raw Cosmos Tx.Signatures on EVM txs instead of trusting GetSignaturesV2(), which can report zero signatures when SignerInfos is empty
  • reject protobuf-sized bloat in MsgEVMTransaction and embedded ethTx payloads by checking canonical serialized sizes, covering external Derived bytes and extra inner tx fields
  • add focused regression tests for the ante decorator, EvmStatelessChecks, the main EVM message type, and the mirrored Giga message validation path

Test plan

  • Unit tests

@Kbhat1
Harden EVM field-bloat validation.
f4c632b 
Check raw Cosmos signature bytes and canonical EVM payload sizes so malformed tx wrappers cannot smuggle extra signatures, derived data, or embedded eth tx fields past stateless validation.

Made-with: Cursor
@github-actions
Copy link

github-actions bot commented Mar 13, 2026
edited
Loading

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedMar 13, 2026, 7:59 PM

@codecov
Copy link

codecov bot commented Mar 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.41%. Comparing base (bb2c5b3) to head (e202655).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3073      +/-   ##
==========================================
- Coverage   58.41%   58.41%   -0.01%     
==========================================
  Files        2081     2110      +29     
  Lines      171790   174428    +2638     
==========================================
+ Hits       100352   101887    +1535     
- Misses      62504    63529    +1025     
- Partials     8934     9012      +78
Flag Coverage Δ
sei-db 70.41% <ø> (-0.22%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
app/ante/evm_checktx.go 35.88% <ø> (+2.12%) ⬆️
giga/deps/xevm/types/message_evm_transaction.go 41.50% <ø> (ø)
x/evm/ante/no_cosmos_fields.go 100.00% <ø> (+5.55%) ⬆️
x/evm/types/message_evm_transaction.go 77.35% <ø> (ø)

... and 336 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

app-hash-breaking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Kbhat1