execution/tests: enforce checkNonce/checkTransaction in state harness#21001
Merged
execution/tests: enforce checkNonce/checkTransaction in state harness#21001
Conversation
…rness The state-test harness was passing checkNonce=false and checkTransaction=false to NewMessage, bypassing the EIP-2681 saturated-nonce guard and the EIP-3607 / EIP-7702 sender-code check in preCheck. With the checks off, erigon silently executed transactions from senders with malformed delegation designators (prefix-only, short, or trailing-junk code - anything not matching the strict 23-byte 0xef0100||addr form) and from senders whose nonce was already 2^64-1, producing post-state roots that diverged from geth (whose harness runs the equivalent checks unconditionally). The four reproducer fixtures from the issue are added under test-corners/state/ for regression coverage. Fixes #20684 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR tightens the execution state-test harness to enforce the same sender/nonce validity checks as real transaction processing (and as geth’s state-test harness), fixing consensus/root divergences that occurred when invalid transactions were inadvertently executed during state tests.
Changes:
- Enable
checkNonceandcheckTransactionwhen constructingtypes.Messagein the state-test harness. - Add four regression state-test corner fixtures covering malformed EIP-7702 delegation designators and EIP-2681 saturated nonce rejection.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| execution/tests/testutil/state_test_util.go | Enables nonce and sender transaction pre-checks in the state-test message builder. |
| execution/tests/test-corners/state/eip7702-trailing-junk-delegation-sender.json | Adds a corner-case fixture for malformed delegation designator with trailing junk. |
| execution/tests/test-corners/state/eip7702-short-target-delegation-sender.json | Adds a corner-case fixture for malformed delegation designator with a short target. |
| execution/tests/test-corners/state/eip7702-prefix-only-delegation-sender.json | Adds a corner-case fixture for prefix-only (malformed) delegation designator sender code. |
| execution/tests/test-corners/state/eip2681-max-sender-nonce.json | Adds a corner-case fixture for saturated sender nonce (2^64-1) rejection. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The harness's stJSON struct only declares Env/Pre/Tx/Out/Post, so the config.blobSchedule.Osaka block in the four reproducer fixtures was silently discarded by the parser. Removing it avoids the misleading mismatch between the unused Osaka schedule and the Prague/Berlin forks the tests actually run at. Addresses Copilot review feedback on #21001. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
taratorio
approved these changes
May 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Messages withcheckNonce=falseandcheckTransaction=false, bypassing the EIP-2681 saturated-nonce guard and the EIP-3607 / EIP-7702 sender-code check inpreCheck.0xef0100||addrform) and from senders whose nonce was already2^64-1, producing post-state roots that diverged from geth (whose harness runs the equivalents unconditionally).test-corners/state/for regression coverage.Fixes #20684
Test plan
evm stateteston all four issue fixtures returns the geth-matching reject-state roots (0xf224752f…,0x032cd985…,0xad6d4201…,0x81198fa9…)TestStateCornerCasespasses (now picks up the four new fixtures)TestLegacyCancunState+TestStatepass (full legacy + EEST static state-test sweep)make lintclean🤖 Generated with Claude Code