Skip to content

Harden EVM field-bloat validation#3073

Open
Kbhat1 wants to merge 3 commits intomainfrom
kartik/fix-evm-field-bloat-checks
Open

Harden EVM field-bloat validation#3073
Kbhat1 wants to merge 3 commits intomainfrom
kartik/fix-evm-field-bloat-checks

Conversation

@Kbhat1
Copy link
Contributor

@Kbhat1 Kbhat1 commented Mar 13, 2026
edited
Loading

Summary

  • Tighten EVM stateless checks so wrapped EVM txs can’t sneak in Cosmos signatures or other Cosmos envelope fields
  • Reject field-bloat encodings in MsgEVMTransaction and embedded ethTx data, including padded signatures and oversized address / access-list fields
  • Add focused tests for ante, EvmStatelessChecks, core EVM validation, and the mirrored Giga path

Test plan

  • Unit tests

@Kbhat1
Harden EVM field-bloat validation.
f4c632b 
Check raw Cosmos signature bytes and canonical EVM payload sizes so malformed tx wrappers cannot smuggle extra signatures, derived data, or embedded eth tx fields past stateless validation.

Made-with: Cursor
@github-actions
Copy link

github-actions bot commented Mar 13, 2026
edited
Loading

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedMar 16, 2026, 4:19 PM

@codecov
Copy link

codecov bot commented Mar 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.41%. Comparing base (bb2c5b3) to head (09ee96c).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3073      +/-   ##
==========================================
- Coverage   58.41%   58.41%   -0.01%     
==========================================
  Files        2081     2110      +29     
  Lines      171790   174426    +2636     
==========================================
+ Hits       100352   101887    +1535     
- Misses      62504    63527    +1023     
- Partials     8934     9012      +78
Flag Coverage Δ
sei-db 70.41% <ø> (-0.22%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
app/ante/evm_checktx.go 35.88% <ø> (+2.12%) ⬆️
giga/deps/xevm/types/ethtx/access_list_tx.go 100.00% <ø> (ø)
giga/deps/xevm/types/ethtx/associate_tx.go 0.00% <ø> (ø)
giga/deps/xevm/types/ethtx/blob_tx.go 94.04% <ø> (ø)
giga/deps/xevm/types/ethtx/dynamic_fee_tx.go 100.00% <ø> (ø)
giga/deps/xevm/types/ethtx/legacy_tx.go 92.98% <ø> (ø)
giga/deps/xevm/types/ethtx/set_code_tx.go 0.00% <ø> (ø)
giga/deps/xevm/types/message_evm_transaction.go 41.50% <ø> (ø)
x/evm/ante/no_cosmos_fields.go 100.00% <ø> (+5.55%) ⬆️
x/evm/types/ethtx/access_list_tx.go 100.00% <ø> (ø)
... and 6 more

... and 336 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Kbhat1
Close remaining EVM field-bloat bypasses.
09ee96c 
Validate wrapped Cosmos envelope fields via the proto tx and enforce semantic tx-data validation so padded addresses, signatures, and access-list fields cannot survive canonicalization into mempool-accepted EVM transactions.

Made-with: Cursor
@Kbhat1 Kbhat1 requested a review from sei-will March 16, 2026 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sei-will sei-will Awaiting requested review from sei-will

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

app-hash-breaking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Kbhat1