Skip to content

Harden EVM field-bloat validation#3073

Open
Kbhat1 wants to merge 7 commits intomainfrom
kartik/fix-evm-field-bloat-checks
Open

Harden EVM field-bloat validation#3073
Kbhat1 wants to merge 7 commits intomainfrom
kartik/fix-evm-field-bloat-checks

Conversation

@Kbhat1
Copy link
Contributor

@Kbhat1 Kbhat1 commented Mar 13, 2026
edited
Loading

Summary

  • Tighten EVM stateless checks so wrapped EVM txs can’t sneak in Cosmos signatures or other Cosmos envelope fields
  • Reject field-bloat encodings in MsgEVMTransaction and embedded ethTx data, including padded signatures and oversized address / access-list fields
  • Add focused tests for ante, EvmStatelessChecks, core EVM validation, and the mirrored Giga path

Test plan

  • Unit tests

@Kbhat1
Harden EVM field-bloat validation.
f4c632b 
Check raw Cosmos signature bytes and canonical EVM payload sizes so malformed tx wrappers cannot smuggle extra signatures, derived data, or embedded eth tx fields past stateless validation.

Made-with: Cursor
@github-actions
Copy link

github-actions bot commented Mar 13, 2026
edited
Loading

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedMar 18, 2026, 2:14 AM

@codecov
Copy link

codecov bot commented Mar 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.42%. Comparing base (42245eb) to head (612dd9e).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3073      +/-   ##
==========================================
- Coverage   58.76%   58.42%   -0.34%     
==========================================
  Files        2090     2088       -2     
  Lines      172323   172038     -285     
==========================================
- Hits       101257   100516     -741     
- Misses      62090    62591     +501     
+ Partials     8976     8931      -45
Flag Coverage Δ
sei-db 70.41% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
app/ante/evm_checktx.go 35.54% <ø> (+1.78%) ⬆️
app/app.go 67.22% <ø> (ø)
giga/deps/xevm/types/ethtx/access_list_tx.go 100.00% <ø> (ø)
giga/deps/xevm/types/ethtx/associate_tx.go 0.00% <ø> (ø)
giga/deps/xevm/types/ethtx/blob_tx.go 94.04% <ø> (ø)
giga/deps/xevm/types/ethtx/dynamic_fee_tx.go 100.00% <ø> (ø)
giga/deps/xevm/types/ethtx/legacy_tx.go 92.98% <ø> (ø)
giga/deps/xevm/types/ethtx/set_code_tx.go 0.00% <ø> (ø)
giga/deps/xevm/types/message_evm_transaction.go 41.50% <ø> (ø)
x/evm/ante/no_cosmos_fields.go 100.00% <ø> (+5.55%) ⬆️
... and 7 more

... and 36 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Kbhat1
Close remaining EVM field-bloat bypasses.
09ee96c 
Validate wrapped Cosmos envelope fields via the proto tx and enforce semantic tx-data validation so padded addresses, signatures, and access-list fields cannot survive canonicalization into mempool-accepted EVM transactions.

Made-with: Cursor
@Kbhat1 Kbhat1 requested a review from sei-will March 16, 2026 19:27
@Kbhat1
Validate EVM field-bloat checks in Giga execution.
cbdd83b 
Run the existing EVM wrapper and message validators in the actual Giga executor entrypoint so Giga execution rejects bloated envelope fields and non-canonical tx payloads before any execution logic or state changes.

Made-with: Cursor
@sei-will sei-will self-requested a review March 17, 2026 16:56
@Kbhat1
Reject unknown-field padding in outer EVM wrappers.
4240e33 
Clear unknown bytes from the canonical MsgEVMTransaction re-marshal and explicitly reject unknown fields on the outer Any wrapper so protobuf padding cannot bypass the field-bloat check.

Made-with: Cursor
@Kbhat1
Merge origin/main into kartik/fix-evm-field-bloat-checks.
67cb97f 
Resolve the app/app.go conflict by keeping main's Giga stateless validation and panic handling flow while preserving the field-bloat coverage and updated Giga runtime tests on this branch.

Made-with: Cursor
@sei-will sei-will self-requested a review March 17, 2026 23:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yzang2019 yzang2019 yzang2019 approved these changes

@sei-will sei-will Awaiting requested review from sei-will

Assignees

No one assigned

Labels

app-hash-breaking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Kbhat1 @yzang2019 @sei-will