build: upgrade REVM to v38.0

[popescuoctavian]

Upgrade REVM v34 → v38 (tag v107)

Upgrades REVM from v34 (v103) to v38 (v107), absorbing the API breaks across v104–v107 and the alloy 1.0 → 2.0 migration forced by revm-inspectors 0.39 / foundry-fork-db 0.26 / op-revm 19+.

1. Dependency version changes

All edits in the workspace root Cargo.toml ([workspace.dependencies]).

REVM crates

Crate	Before	After
revm	34.0.0	38.0.0
op-revm	15.0.0	19.0.0
revm-bytecode	8.0.0	10.0.0
revm-context	13.0.0	16.0.1
revm-context-interface	14.0.0	17.0.1
revm-database-interface	9.0.0	11.0.1
revm-handler	15.0.0	18.1.0
revm-inspector	15.0.0	19.0.0
revm-interpreter	32.0.0	35.0.1
revm-precompile	32.0.0	34.0.0
revm-primitives	22.0.0	23.0.0
revm-state	9.0.0	11.0.1

Ecosystem crates (required by revm 38 / revm-inspectors 0.39)

Crate	Before	After
revm-inspectors	0.34.2	0.39.0
foundry-fork-db	0.23	0.26
alloy-* meta crates (consensus, eips, network, provider, rpc-client, rpc-types, signer family, transport family, …)	1.0.22	2.0.5
alloy-hardforks	0.4.0	0.4.7
alloy-node-bindings	0.13.0	2.0.5
alloy-signer	1.6.1	2.0.5
alloy-dyn-abi, alloy-json-abi, alloy-primitives, alloy-sol-*	1.x	1.5.2 (revm 38 requirement)
tower	0.4	0.5
tower-http	0.5	0.6
reqwest	0.12	0.13 (with rustls feature)

New direct deps: alloy-rpc-types-engine (jwt feature, for the foundry runtime transport) and alloy-rpc-types-trace (for edr_provider), both 2.0.5.

2. Upstream breaks absorbed

• v104 (revm 35) — the bulk: Bytecode flattened enum → struct; ExecutionResult gas fields collapsed into gas: ResultGas + logs added to Revert/Halt; EthPrecompiles/EthInstructions lost Default; alloy-core fixed-byte maps (AddressMap/B256Map/U256Map); BlockHashCache ring buffer; JournalInner::cfg.spec; Amsterdam EIPs (7843/7708/8024); default hardfork → Osaka.
• v105 (revm 36) — version bumps only, no code changes.
• v106 (revm 37) — EVMError::CustomAny (AnyError); CallInputs::known_bytecode no longer Option; EIP-8037 state-gas reservoir (initial_total_gas, expanded validate_initial_tx_gas); Precompile inner PrecompileFn accessors removed.
• v107 (revm 38) — handler reservoir plumbing; PrecompileOutput::gas_refunded restored.
• alloy 1.0 → 2.0 (forced transitively) — TransactionBuilder split, blob-tx API reshuffle, AnyTransactionReceipt struct, ChainConfig/BlockHeader additions, Claims/JwtSecret moved to alloy-rpc-types-engine.

3. Notable code changes

• Rewrote OverriddenPrecompileProvider::run for the new PrecompileFn signature + precompile_output_to_interpreter_result.
• Threaded EvmState / U256Map typed maps through DatabaseCommit, StateDiff, and the foundry backend.
• ExecutionResult → ResultGas (+ logs) across tracing, napi, foundry executors.
• Replaced the precompile-provider Default bound with a new_precompile_provider(hardfork) constructor; deleted the interim DefaultEthPrecompiles wrapper.
• alloy 2.0 transport fixes; added rustls to foundry-compilers and aws-lc-rs to alloy-transport-ws to restore TLS for solc downloads and wss:// forks.
• Hardhat assertEqualTraces: normalize refund: 0 and 0x-prefixed memory/storage (geth v1.17.3+ / revm-inspectors 0.39 wire-format changes).
• Cooldown downgrades of hyper/reqwest in Cargo.lock.

[changeset-bot]

🦋 Changeset detected

Latest commit: 16a5f0a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@nomicfoundation/edr	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​reqwest@​0.13.3
	cargo/​alloy-eips@​2.0.5
	cargo/​alloy-serde@​2.0.5
	cargo/​sha3@​0.11.0
	cargo/​alloy-consensus@​1.7.3 ⏵ 2.0.5
	cargo/​alloy-dyn-abi@​1.4.1 ⏵ 1.6.0
	cargo/​alloy-ens@​1.0.27 ⏵ 2.0.5
	cargo/​alloy-hardforks@​0.4.4 ⏵ 0.4.7
	cargo/​alloy-json-abi@​1.4.1 ⏵ 1.6.0
	cargo/​alloy-json-rpc@​1.6.1 ⏵ 2.0.5
	cargo/​alloy-network@​1.1.0 ⏵ 2.0.5
	cargo/​alloy-primitives@​1.5.7 ⏵ 1.6.0
	cargo/​alloy-provider@​1.1.0 ⏵ 2.0.5	-1
	cargo/​alloy-pubsub@​1.6.1 ⏵ 2.0.5
	cargo/​alloy-rlp@​0.3.12 ⏵ 0.3.15
	cargo/​alloy-rpc-client@​1.1.0 ⏵ 2.0.5
	cargo/​alloy-rpc-types@​1.1.0 ⏵ 2.0.5
	cargo/​alloy-rpc-types-engine@​1.1.0 ⏵ 2.0.5
	cargo/​alloy-signer@​1.6.3 ⏵ 2.0.5
	cargo/​alloy-signer-local@​1.0.23 ⏵ 2.0.5
	cargo/​alloy-sol-types@​1.4.1 ⏵ 1.6.0
	cargo/​alloy-transport@​1.6.1 ⏵ 2.0.5
	cargo/​alloy-transport-http@​1.0.23 ⏵ 2.0.5
	cargo/​alloy-transport-ipc@​1.6.1 ⏵ 2.0.5
	cargo/​alloy-transport-ws@​1.0.23 ⏵ 2.0.5
	cargo/​alloy-trie@​0.9.3 ⏵ 0.9.5
	cargo/​foundry-fork-db@​0.23.0 ⏵ 0.26.0
	cargo/​op-alloy-rpc-types@​0.17.2 ⏵ 2.0.0
	cargo/​op-revm@​15.0.0 ⏵ 19.0.0
	cargo/​revm@​34.0.0 ⏵ 38.0.0
	cargo/​revm-bytecode@​8.0.0 ⏵ 10.0.0
	cargo/​revm-context@​13.0.0 ⏵ 16.0.1
See 11 more rows in the dashboard

View full report

[codecov]

Codecov Report

❌ Patch coverage is 73.44398% with 64 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.36%. Comparing base (6b39d3c) to head (16a5f0a).

Files with missing lines	Patch %	Lines
crates/tracing/src/lib.rs	0.00%	20 Missing ⚠️
crates/edr_napi/src/result.rs	0.00%	11 Missing ⚠️
crates/precompile/src/lib.rs	42.85%	6 Missing and 2 partials ⚠️
crates/edr_common/src/fmt/ui.rs	25.00%	5 Missing and 1 partial ⚠️
crates/foundry/evm/evm/src/executors/mod.rs	80.00%	3 Missing ⚠️
crates/foundry/evm/evm/src/inspectors/stack.rs	83.33%	3 Missing ⚠️
...ates/edr_provider/src/requests/eth/transactions.rs	84.61%	1 Missing and 1 partial ⚠️
crates/chain/spec/evm/src/error.rs	0.00%	1 Missing ⚠️
crates/database/components/src/lib.rs	0.00%	1 Missing ⚠️
crates/edr_napi_core/src/solidity/config.rs	96.42%	0 Missing and 1 partial ⚠️
... and 8 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1445      +/-   ##
==========================================
+ Coverage   79.31%   79.36%   +0.04%     
==========================================
  Files         445      445              
  Lines       76416    76465      +49     
  Branches    76416    76465      +49     
==========================================
+ Hits        60612    60687      +75     
+ Misses      13679    13646      -33     
- Partials     2125     2132       +7     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Wodann]

Nice work on the improvements!

Approving this pending the change of gas.inner_refunded to gas.final_refunded in 3 call sites.

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• cargo/hyper-util@0.1.20

View full report

[popescuoctavian]

Socket warning is triggered by test code. Their analysis:

No malicious behavior detected. This fragment is a test module for hyper legacy client behavior using a mock connector to simulate I/O, connection errors, and HTTP upgrade flows. It demonstrates data flows through mocked inputs to the client and back as responses for assertion, with verbose logging for debugging. The structure is safe for its intended testing purpose, though the extensive debug output could be noisy in production builds. Security risk is low to moderate due to test scaffolding, not production code paths.

Ignoring the warning.

[popescuoctavian]

@SocketSecurity ignore cargo/hyper-util@0.1.20