Revert CREATE/CREATE2 static call check to before gas charging

Static call check doesn't need to be after gas charging - CREATE in a
static context is always an error regardless of gas accounting.

Author: rakita

crates/handler/src/handler.rs

@@ -470,10 +470,19 @@ pub trait Handler {
         // Always track state gas spent regardless of outcome.
         gas.set_state_gas_spent(state_gas_spent);
 
-        // Reservoir handling at the top-level frame.
-        // Use the frame's final reservoir directly — it already reflects
-        // child frame restorations and any state gas consumed/spilled during execution.
-        gas.set_reservoir(reservoir);
+        // Reservoir handling at the top-level frame:
+        // - On success: use the frame's final reservoir as-is, state gas was consumed.
+        // - On revert/halt: restore state gas spent back to the reservoir,
+        //   because state changes are rolled back so state gas should be refunded.
+        //
+        // Note: eth devnet3 does NOT do this — it ignores state_gas_spent and
+        // unconditionally sets gas.set_reservoir(reservoir) regardless of the
+        // instruction_result kind. This is a bug in the devnet3 spec.
+        if instruction_result.is_ok() {
+            gas.set_reservoir(reservoir);
+        } else {
+            gas.set_reservoir(reservoir + state_gas_spent);
+        }
 
         Ok(())
     }

crates/interpreter/src/instructions/contract.rs

@@ -24,6 +24,11 @@ use crate::InstructionContext;
 pub fn create<WIRE: InterpreterTypes, const IS_CREATE2: bool, H: Host + ?Sized>(
     context: InstructionContext<'_, H, WIRE>,
 ) {
+    // Static call check is before gas charging (unlike execution-specs where it's
+    // inside generic_create). This is safe because CREATE in a static context is
+    // always an error regardless of gas accounting.
+    require_non_staticcall!(context.interpreter);
+
     // EIP-1014: Skinny CREATE2
     if IS_CREATE2 {
         check!(context.interpreter, PETERSBURG);
@@ -93,12 +98,6 @@ pub fn create<WIRE: InterpreterTypes, const IS_CREATE2: bool, H: Host + ?Sized>(
         );
     }
 
-    // Static call check: must be AFTER gas charging to match the execution-specs,
-    // where the static check is inside generic_create() after all gas has been charged.
-    // This ensures state gas is recorded on the frame, so that on child error the parent
-    // can recover it via handle_reservoir_remaining_gas (EIP-8037 state gas recovery).
-    require_non_staticcall!(context.interpreter);
-
     let mut gas_limit = context.interpreter.gas.remaining();
 
     // EIP-150: Gas cost changes for IO-heavy operations