fix(deps): bump grevm to 3c09e7c for EIP-7702 self-auth nonce fix#345
Merged
Merged
Conversation
Pin grevm by rev to the merge of Galxe/grevm#102, which relaxes the StateAsyncCommit caller-nonce assertion so EIP-7702 self-sponsored self-delegation no longer panics. The deployed v2.2.4 pin (=26b586c) crashes deterministically on type-4 SetCode txs where tx.from is also listed as an authority — the bench pattern that halted Gravity testnet at block 1400868 on 2026-06-09 and that is reachable on mainnet via the same input. This bump also pulls in two security-audit fixes that landed between v2.2.4 and the EIP-7702 fix (Galxe#99 and Galxe#101 in Galxe/grevm), since v2.2.5 was tagged before Galxe#102 merged and no later tag exists yet. Refs Galxe/gravity-audit#677 Refs Galxe/grevm#102
Lchangliang
approved these changes
Jun 9, 2026
keanji-x
approved these changes
Jun 9, 2026
Merged
4 tasks
nekomoto911
added a commit
to Galxe/gravity-sdk
that referenced
this pull request
Jun 9, 2026
… e2e (#738) ## What Bump the `gravity-reth` git dependency and add e2e coverage for the bug it fixes: - `bin/gravity_node/Cargo.toml`: greth rev `46c91f9` → `0adbb4c9` (Galxe/gravity-reth#345 merge). - `Cargo.lock`: regenerated via `cargo update -p greth`. Net effect = grevm `26b586c` (v2.2.4) → `3c09e7c` (Galxe/grevm#102). - `gravity_e2e/cluster_test_cases/prague/test_eip7702.py`: new `test_p_b6_self_sponsored_self_delegation` plus a small generalization of the shared `_send_setcode_tx` helper. ## Why The previous grevm pin (v2.2.4 = `26b586c`) panicked deterministically inside `StateAsyncCommit::commit` on type-4 SetCode txs where `tx.from` was *also* listed in the authorization list as an authority. That is the exact `simple-bench --transfer-type eip7702` pattern that halted Gravity testnet at block 1400868 on 2026-06-09, and the same input shape is reachable on mainnet once EIP-7702 is open. The grevm fix (Galxe/grevm#102) relaxes the caller-nonce assertion. This PR pulls it in via Galxe/gravity-reth#345 and locks in a regression test so the chain-halt shape can never silently come back. ## E2E details - `_send_setcode_tx` now detects `sender == authority` and signs the auth tuple with `sender_nonce + 1` instead of `sender_nonce`. Per EIP-7702 the authorization is applied *after* the tx's own nonce bump, so for self-sponsored self-delegation the auth-tuple nonce must be one ahead. Existing P-B1..P-B5 are unaffected since they use distinct sender/authority accounts. - `test_p_b6_self_sponsored_self_delegation` exercises the panic shape with three regression oracles: 1. Receipt arrives within the timeout — pre-fix the validator panicked and no receipt would ever come back. 2. `receipt.status == 1` — tx executed cleanly. 3. A new block is produced after `receipt.blockNumber` within 30s — chain progression, not just landed-and-stuck. ## Test plan - [x] `cargo update -p greth` resolves cleanly; lock-file diff is just the greth subtree + grevm rev swap. - [ ] `cargo build -p gravity_node --profile quick-release` (in progress locally; CI will repeat). - [ ] `python3 gravity_e2e/runner.py prague` — full prague suite (EIP-2935 + EIP-7702 incl. new P-B6). - [ ] CI: workspace clippy / tests / e2e. ## Refs - Galxe/gravity-reth#345 - Galxe/grevm#102 - Galxe/gravity-audit#677
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
grevmbyrevto3c09e7c(the merge of fix(async_commit): relax caller nonce assertion for EIP-7702 self-auth grevm#102), which relaxes theStateAsyncCommitcaller-nonce assertion so EIP-7702 self-sponsored self-delegation no longer panics.tag = "v2.2.4"→26b586c) crashes deterministically insidegrevm::async_commit::commiton type-4 SetCode txs wheretx.fromis also listed as an authority. That is the bench pattern (simple-benchwithtransfer_type = "eip7702") that halted Gravity testnet at block 1400868 on 2026-06-09; the same input shape is reachable on mainnet once EIP-7702 is open.What this rev brings in (full delta v2.2.4..3c09e7c)
v2.2.5was tagged before #102 merged and no later tag exists yet, so a rev pin is the only way to pull the fix without waiting for a new release tag. Happy to switch to a tag once av2.2.6is cut.Files changed
Cargo.toml— single-line swap oftag = \"v2.2.4\"→rev = \"3c09e7c...\"Cargo.lock— regenerated viacargo update -p grevmTest plan
cargo update -p grevm— clean lock updatecargo check -p reth-evm-ethereum— direct grevm consumer compilescargo check -p reth-pipe-exec-layer-ext-v2— second grevm consumer compilesRefs Galxe/gravity-audit#677
Refs Galxe/grevm#102