feat: unfork reth to paradigmxyz/reth v2.2.0 with retroactive state-root trust

[panos-xyz]

Summary

Unfork the execution-layer reth dependency from morph-l2/reth to upstream paradigmxyz/reth@v2.2.0. Morph-specific validator hooks now live in-tree instead of inside a reth fork.

Pre-Jade blocks still skip state-root validation because Morph historical headers use ZK-trie roots, while post-Jade blocks enforce reth/MPT state-root validation. Amsterdam fork support is intentionally deferred to a separate PR; this PR keeps Morph below Amsterdam/EIP-8037 semantics.

What Changed

• Bumped the reth stack to v2.2.0, revm to 38.0.0, and alloy crates to 2.0.4.
• Updated Morph primitives, payload attributes, engine API conversion, node add-ons, payload builder, block executor, and RPC types for the new upstream APIs.
• Re-ported the engine-tree payload validator extension while preserving Morph's pre-Jade state-root validation gate.
• Preserved Morph gas behavior across revm v38 changes, including regular-vs-state gas accounting and precompile halt handling.
• Wired new alloy/reth fields such as slot_number, block_access_list_hash, block_timestamp, and GasOutput without activating unused Ethereum/Amsterdam semantics.
• Added receipt conversion coverage for eth_getBlockReceipts and reth v2.2 eth_subscribe("transactionReceipts") so Morph receipt metadata stays visible over RPC.
• Added chainspec guards to ensure current Morph hardforks do not map to Amsterdam or enable EIP-8037 state gas.

Notes

• transactionReceipts is provided by reth v2.2 pubsub and uses the configured MorphReceiptConverter.
• eth_sendRawTransactionSync is provided by reth v2.2 through the default EthTransactions implementation.
• movePrecompileToAddress / Amsterdam fork behavior is not implemented here and should be handled in a dedicated follow-up PR.
• Review identified two pre-existing validation follow-ups worth separate investigation: L1 message cross-block queue-index strictness and withdraw-trie-root checks when the storage slot is unchanged.

Recent Commits

hash	subject
58b96ce	chore: adapt to reth v2.2.0
5c19446	test(rpc): cover Morph receipt conversion paths
06ad105	test(chainspec): guard Amsterdam gas semantics

Test Plan

• cargo fmt --all -- --check
• cargo test -p morph-chainspec hardfork
• cargo test -p morph-node --features test-utils --test it block_receipts_expose_morph_fields_over_rpc
• Earlier branch verification before commit split: workspace unit tests, doc tests, e2e tests, clippy, and fmt completed successfully.

Summary by CodeRabbit

• New Features

  • Extensible engine-tree validator and payload validation extension
  • RPC: improved gas estimation/call handling for fee tokens and L1 costs
  • Storage-only token-fee lookup and related RPC/receipt exposure
  • Block tag tracker for safer canonical-head tag handling

• Improvements

  • Rust toolchain bumped to 1.95 and dependency upgrades
  • Stricter payload-status checks and safer fork-choice/tag updates
  • Engine persistence/memory tuning and optional jemalloc support

• Bug Fixes

  • Jade hardfork boundary: state-root enforcement clarified and hardened
  • Improved payload/block import resilience and test coverage

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new crate engine-tree-ext with a Jade-gated engine-tree validator and trie utilities; migrates many reth-* workspace deps to paradigmxyz/reth v2.2.0; refactors EVM/block executor ownership and revm opcode/fee semantics; rewires payload builder, engine-api, node, RPC, txpool, tests, and local tooling to the new validation pipeline and payload attribute shapes.

Changes

Engine-tree validator, EVM refactor, payload & RPC wiring

Layer / File(s)	Summary
Workspace & Toolchain Cargo.toml, deny.toml, README.md, CONTRIBUTING.md	Workspace rust-version bumped to 1.95; added crates/engine-tree-ext member and workspace dependency; many reth-* deps switched to paradigmxyz/reth tag v2.2.0; cargo-deny allow-git updated.
New crate manifest crates/engine-tree-ext/Cargo.toml	New crate manifest declaring features (std, trie-debug, test-utils) and optional reth-trie-sparse dependency.
Engine-tree public surface crates/engine-tree-ext/src/lib.rs, .../gate.rs	Adds gate and payload_validator modules; exposes MorphBasicEngineValidator; implements state_root_enforced_at.
Core validator implementation crates/engine-tree-ext/src/payload_validator.rs	Implements MorphBasicEngineValidator with phased validation pipeline, BlockOrPayload enum, concurrent receipt/hash/state tasks, multiple state-root strategies, Jade-gated strict checks, invalid-block hook, deferred trie changeset background task, and ValidationOutcome type.
Trie compare/debug crates/engine-tree-ext/src/trie_updates.rs	Adds compare_trie_updates to diff task vs. regular trie updates against DB and emit structured diffs.
Engine-tree tests crates/engine-tree-ext/tests/jade_boundary.rs	Integration tests for Jade boundary retroactive-trust behavior and P2P downloaded-block import path.
Engine API builder & wiring crates/engine-api/src/builder.rs, crates/engine-api/src/lib.rs	Switches payload RPC to BuildNewPayload { attributes, parent_hash, cache: None, trie_handle: None }; enforces PayloadStatusEnum::Valid only; introduces BlockTagTracker and reorders safe/finalized tag writes; updates tests.
Removed validator helpers crates/engine-api/src/validator.rs (removed)	Removes should_validate_state_root and MorphValidationContext (gating moved into engine-tree-ext).
Payload attributes & builder crates/payload/types/src/attributes.rs, crates/payload/types/src/lib.rs, crates/payload/builder/src/builder.rs, .../error.rs, .../config.rs	Makes payload ID first-class; rewrites MorphPayloadBuilderAttributes with explicit fields and try_new; PayloadBuilder::Attributes is now RPC-level MorphPayloadAttributes; builder accepts optional trie_handle, conditionally wraps provider with CachedStateProvider, installs sparse-trie hook, returns state-root/trie-updates; adds Storage(String) error variant and uses FastInstant.
EVM executor ownership & receipts crates/evm/src/block/mod.rs, crates/evm/src/block/factory.rs, crates/evm/src/lib.rs, crates/evm/src/evm.rs, crates/evm/src/config.rs, crates/evm/src/context.rs, crates/evm/src/block/receipt.rs, crates/evm/src/assemble.rs	MorphBlockExecutor now owns MorphEvm<DB,I> and an Arc<MorphChainSpec>; introduces MorphTxResult (per-tx result + recovered envelope + l1_fee + fee logs); updates BlockExecutor/Factory signatures and trait bounds; CfgEnv uses mainnet gas params; BlockEnv.slot_num = 0; Evm trait exposes cfg_env.
revm opcode, handler, tx, precompiles, token-fee crates/revm/src/evm.rs, .../handler.rs, .../tx.rs, .../precompiles.rs, .../token_fee.rs, .../exec.rs	Adds sload_morph/sstore_morph to restore original value on cold DB loads and adjust gas/refund logic; execution_result now accepts ResultGas; TransactionEnvMut used; disabled precompiles return PrecompileOutput::halt(...); TokenFeeInfo::load_storage_only reads balances directly from storage.
Node validator & wiring crates/node/src/validator.rs, crates/node/src/add_ons.rs, crates/node/src/components/pool.rs, crates/node/src/node.rs, crates/node/src/test_utils.rs	Engine validator construction switched to morph_engine_tree_ext::MorphBasicEngineValidator; MorphEngineValidator::new() no longer needs chain_spec; missing withdraw-trie expectation on Block-input now returns Ok(()) (logged); MorphAddOns gains AuthHttpMiddleware; MorphPoolBuilder accepts Evm generic and constructs MorphEvmConfig; test utilities drop TaskManager from returns, use BuildNewPayload, and add with_account_code.
RPC: caller gas allowance, errors, receipts, transactions crates/rpc/src/eth/call.rs, crates/rpc/src/error.rs, crates/rpc/src/eth/mod.rs, .../transaction.rs, .../receipt.rs	Implements caller_gas_allowance with L1-fee and fee-token math (ETH vs token paths) and tests; adds RPC error variants InsufficientFundsForTransfer, InsufficientFundsForL1Fee, InvalidFeeToken (mapped to -32000); send_transaction accepts origin; TryIntoTxEnv always populates rlp_bytes; adds receipt conversion regression tests.
Txpool & validator crates/txpool/src/lib.rs, .../validator.rs, .../transaction.rs, crates/txpool/Cargo.toml	MorphTransactionPool alias gains an Evm generic; MorphTransactionValidator is generic over Evm and uses EthTransactionValidator<...,Evm>; validate_transactions accepts a sendable IntoIterator; on_new_head_block tightened; PoolTransaction::consensus_ref added.
Consensus changes crates/consensus/src/validation.rs	validate_block_post_execution gained receipt_root_bloom: Option<ReceiptRootBloom> and conditionally verifies precomputed receipts root/logs bloom or falls back to recomputing; many ConsensusError constructions refactored to ConsensusError::other(...)/msg(...).
Reference-index batching crates/node/src/exex/reference_index.rs, crates/node/tests/**	Batches ExEx ready notifications, processes up to MAX_LIVE_NOTIFICATION_BATCH in one DB transaction, emits a single FinishedHeight per batch, and adds tests for batching and reorg-within-batch semantics.
Tests & test helpers crates/node/tests/**, crates/revm/** tests, crates/payload/** tests	Many tests updated for TestNodeBuilder::build() return shape and BuildNewPayload RPC shape; added Jade-boundary integration tests, RPC insufficient-funds and eth_call tests, MorphTx ERC20 gas regression test, and multiple unit-test adjustments.
Local tooling & docs local-test/reth-start.sh, local-test/reset.sh, local-test/README.md, etc/docker-compose.yml, bin/morph-reth/*	morph-reth startup exposes reth API and adds --nat none plus engine persistence/memory/backpressure flags for local testing; reset script/docs expanded; binary features for jemalloc and global allocator config added.

Sequence Diagram(s)

sequenceDiagram
participant Client
participant PayloadBuilder as PayloadBuilder/EngineAPI
participant Validator as MorphBasicEngineValidator
participant EVM
participant DB
participant Consensus

Client->>PayloadBuilder: request new payload / import block
PayloadBuilder->>Validator: submit BlockOrPayload
Validator->>DB: fetch parent header / build overlay
par Parallel execution
    Validator->>EVM: execute transactions (streams receipts)
    Validator->>DB: spawn state-root task or compute parallel updates
and
    EVM->>DB: storage reads/writes (sload/sstore handlers)
    EVM-->>Validator: execution results + streamed receipts
end
Validator->>Validator: hashed-post-state computation completes
Validator->>Consensus: verify receipts_root and logs_bloom
alt state-root enforced (post-Jade)
    Validator->>DB: verify computed state_root == header.state_root
else state-root skipped (pre-Jade or missing expectation)
    Validator->>Consensus: mark state-root validation skipped
end
Validator-->>Client: return validation outcome (Valid / Invalid / Skip)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• morph-l2/morph-reth#12: Introduced should_validate_state_root / MorphValidationContext which this PR removes and replaces with engine-tree-ext gating.
• morph-l2/morph-reth#39: Modifies revm opcode handling (sload/sstore) similar to the handlers added here.
• morph-l2/morph-reth#48: Overlapping edits to consensus, engine-api, EVM/block executor, and revm internals.

Suggested labels

enhancement

Suggested reviewers

• chengwenxi
• anylots

"🐰 I nibble code and prune each test and seed,
New trees take root where receipts and tries lead.
Jade gates open, sparse tries race the sun—
I hop through diffs, collect diffs done.
A carrot for builders: validation won."

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/unfork-reth-retroactive-trust

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

crates/evm/src/block/receipt.rs (1)

248-271: ⚠️ Potential issue | 🟡 Minor

Fix ResultGas constructor arguments in test helpers — gas_limit and spent are distinct fields.

The test helpers pass ResultGas::new(gas_used, gas_used, 0, 0, 0) where parameters map to (gas_limit, spent, refunded, floor_gas, intrinsic_gas). Setting gas_limit to the spent amount conflates two distinct semantic fields; gas_limit should represent the transaction's total available gas, not the amount consumed. While current tests only exercise is_success() and into_logs(), any future test reading gas fields or refund calculations would encounter inaccurate values. Assign explicit names to each parameter in the helpers (e.g., gas_limit: gas_used, spent: gas_used, refunded: 0, ...) and consider using a realistic gas_limit value (e.g., 21000 for basic transfer, or a higher constant for complex operations).

crates/node/src/test_utils.rs (1)

8-18: ⚠️ Potential issue | 🟡 Minor

Update the examples for the new two-value return type.

build() no longer returns a TaskManager, but the ignored examples still destructure _tasks. This will mislead callers copying the test utility snippets.

Proposed documentation fix

-//! let (mut nodes, _tasks, wallet) = TestNodeBuilder::new().build().await?;
+//! let (mut nodes, wallet) = TestNodeBuilder::new().build().await?;
@@
-///     let (mut nodes, _, wallet) = TestNodeBuilder::new().with_schedule(schedule).build().await?;
+///     let (mut nodes, wallet) = TestNodeBuilder::new().with_schedule(schedule).build().await?;
@@
-/// let (mut nodes, _tasks, wallet) = TestNodeBuilder::new().build().await?;
+/// let (mut nodes, wallet) = TestNodeBuilder::new().build().await?;
@@
-/// let (mut nodes, _tasks, wallet) = TestNodeBuilder::new()
+/// let (mut nodes, wallet) = TestNodeBuilder::new()
@@
-/// let (nodes, _tasks, wallet) = TestNodeBuilder::new()
+/// let (nodes, wallet) = TestNodeBuilder::new()

Also applies to: 55-63, 170-187, 247-249

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/node/src/test_utils.rs` around lines 8 - 18, The examples in
test_utils.rs still destructure a now-removed TaskManager from
TestNodeBuilder::new().build(); update every example that does let (mut nodes,
_tasks, wallet) = TestNodeBuilder::new().build().await?; to match the new
two-value return (e.g., let (mut nodes, wallet) =
TestNodeBuilder::new().build().await?;), remove the unused _tasks variable, and
adjust subsequent code that references _tasks accordingly (affects the examples
around TestNodeBuilder::new().build() and uses of advance_chain).

crates/payload/builder/src/builder.rs (1)

700-711: ⚠️ Potential issue | 🟡 Minor

Minor: withdrawals is now always Some(_) — confirm no semantic shift for pre-Shanghai paths.

Previously BuildNextEnv for MorphPayloadAttributes mapped inner.withdrawals.clone().map(Into::into), preserving None. Here, because MorphPayloadBuilderAttributes::try_new already unwrap_or_default()s, you end up with Some(Withdrawals::default()) even when the CL sent withdrawals: None. For Morph (post-Shanghai) this is benign (withdrawals root of the empty set equals the default), but it's a subtle change worth noting for any consumer that distinguishes "no withdrawals field" from "empty list".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/payload/builder/src/builder.rs` around lines 700 - 711, The code
constructs NextBlockEnvAttributes with withdrawals always Some(...) because
MorphPayloadBuilderAttributes::try_new already unwraps to default; to preserve
the original semantics where None stays None, change the withdrawals assignment
in MorphNextBlockEnvAttributes/NextBlockEnvAttributes construction to propagate
the original optional by using attributes.withdrawals.clone().map(Into::into)
(or attributes.withdrawals.clone().map(|w| w.into())), or alternatively stop
unwrap_or_default() in MorphPayloadBuilderAttributes::try_new so that None is
preserved—apply the change in the builder code paths touching
MorphNextBlockEnvAttributes and MorphPayloadBuilderAttributes::try_new to ensure
consumers that rely on None vs Some(empty) still see None when the CL omitted
withdrawals.

🧹 Nitpick comments (5)

crates/evm/src/engine.rs (1)

91-98: Minor: reuse to_tx_env to avoid duplicating the MorphTxEnv construction.

into_parts reimplements the body of to_tx_env verbatim (line 86-88). Delegating avoids drift if MorphTxEnv::from_recovered_tx gains additional inputs later.

♻️ Proposed refactor

 impl ExecutableTxParts<MorphTxEnv, MorphTxEnvelope> for RecoveredInBlock {
     type Recovered = Self;

     fn into_parts(self) -> (MorphTxEnv, Self) {
-        let tx_env = MorphTxEnv::from_recovered_tx(self.tx(), *self.signer());
-        (tx_env, self)
+        let tx_env = self.to_tx_env();
+        (tx_env, self)
     }
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/evm/src/engine.rs` around lines 91 - 98, into_parts duplicates the
MorphTxEnv construction already provided by to_tx_env; change
ExecutableTxParts::into_parts for RecoveredInBlock to delegate to the existing
to_tx_env implementation instead of calling MorphTxEnv::from_recovered_tx
directly—call self.to_tx_env() (which internally uses self.tx() and
self.signer()) and return (that_tx_env, self) so any future changes to
MorphTxEnv::from_recovered_tx are honored.

crates/payload/builder/src/error.rs (1)

45-48: Consider preserving error source instead of a String.

Wrapping the underlying storage error as String loses the #[source] chain (stack trace, downcast). If the upstream error type is Send + Sync + 'static, a #[source] Box<dyn std::error::Error + Send + Sync> variant would be strictly more informative, at no ergonomic cost for callers using .to_string().

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/payload/builder/src/error.rs` around lines 45 - 48, The Storage error
variant currently captures the underlying storage error as a String which loses
the original error source; change the Storage variant in the error enum from
Storage(String) to store the error as a boxed source error (e.g.
Storage(#[source] Box<dyn std::error::Error + Send + Sync + 'static>)) and keep
the existing display error message (#[error("storage error: {0}")]) so
formatting still works; update any construction sites that currently pass a
String to instead box the original error (Box::new(err)) or convert existing
errors into the boxed trait object.

crates/engine-api/src/builder.rs (1)

664-703: Use the payload_id returned by send_new_payload instead of pre-computing it locally.

The code at line 671 computes payload_id via MorphPayloadBuilderAttributes::try_new(...) and then discards the result of send_new_payload(...) at lines 679–690 via let _ = .... The test code (helpers.rs:247) confirms that send_new_payload() returns Result<PayloadId, ...>, so this id is available.

While both ids are currently derived from identical inputs (parent hash + rpc_attributes + version 1, via payload_id_morph), discarding the service's returned id creates a maintenance hazard: if the service's derivation ever changes (e.g., version bump, different hashing), the locally-computed id would diverge without detection, causing resolve_kind() at line 696 to timeout waiting for a non-existent job.

Use the returned id directly and eliminate the local MorphPayloadBuilderAttributes::try_new call since it's only needed for its payload_id.

♻️ Proposed refactor

-        let builder_attrs =
-            MorphPayloadBuilderAttributes::try_new(parent_hash, rpc_attributes.clone(), 1)
-                .map_err(|e| {
-                    MorphEngineApiError::BlockBuildError(format!(
-                        "failed to create builder attributes: {e}",
-                    ))
-                })?;
-        let payload_id = builder_attrs.payload_id();
-
         let build_input = BuildNewPayload {
             attributes: rpc_attributes,
             parent_hash,
             cache: None,
             trie_handle: None,
         };
-        let _ = self
+        let payload_id = self
             .payload_builder
             .send_new_payload(build_input)
             .await
             .map_err(|_| {
                 MorphEngineApiError::BlockBuildError("failed to send build request".to_string())
             })?
             .map_err(|e| {
                 MorphEngineApiError::BlockBuildError(format!(
                     "failed to receive build response: {e}"
                 ))
             })?;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/engine-api/src/builder.rs` around lines 664 - 703, The code
pre-computes payload_id via MorphPayloadBuilderAttributes::try_new(...) and then
discards the result of payload_builder.send_new_payload(...), causing
resolve_kind(...) to use a locally-derived id that can diverge; instead capture
the PayloadId returned by send_new_payload and use that for resolve_kind. Remove
the unnecessary MorphPayloadBuilderAttributes::try_new call (and its
payload_id()), change the send_new_payload call to bind its successful Result to
a variable (e.g. payload_id_from_service) and pass that into
payload_builder.resolve_kind(...), and keep the existing error mappings when
send_new_payload fails.

crates/engine-tree-ext/src/payload_validator.rs (2)

1191-1253: Timeout-race loop has a subtle issue: serial fallback result can be discarded on panic recovery.

If the state-root task is RecvTimeoutError::Timeout and enters the poll loop, and then the task channel returns Ok(result) (line 1208), we return that result and drop seq_rx. The serial fallback task is still running in the background and will hold seq_overlay / seq_hashed_state until it completes. This is benign (just wasted work + cache churn) but worth documenting; the alternative of letting the serial result race-cancel would require a cancellation token.

Also: when task_rx returns Disconnected (line 1216) we await seq_rx.recv() synchronously — if the serial task itself panics, seq_rx returns RecvError which is mapped to a generic ProviderError. Fine, but a panic::catch_unwind around the spawn_blocking_named closure (as done in spawn_deferred_trie_task) would give a cleaner error trail.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/engine-tree-ext/src/payload_validator.rs` around lines 1191 - 1253,
The serial fallback task spawned with
self.payload_processor.executor().spawn_blocking_named("serial-root", move || {
... }) can panic and currently that panic will be lost and leave
seq_overlay/seq_hashed_state held; wrap the closure body in
std::panic::catch_unwind to catch any panic from compute_state_root_serial,
convert it into a ProviderResult::Err (e.g. ProviderError::other with context),
and send that through seq_tx (handling send errors), so seq_rx.recv() yields a
clear error instead of a generic RecvError; reference the spawned closure around
spawn_blocking_named, seq_tx/seq_rx, and Self::compute_state_root_serial when
applying the change.

---

2107-2111: block_access_list() stub — acceptable for now, but worth a tracking TODO.

Returning None unconditionally is fine while Morph doesn't produce BAL, since input.block_access_list().transpose()? in validate_block_with_state will just yield None and the StateRootTask path runs without BAL hints. If/when Morph adopts EIP-7928, this needs real decoding — consider linking the TODO to a tracking issue so it doesn't get lost once a future reth rebase surfaces BAL.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/engine-tree-ext/src/payload_validator.rs` around lines 2107 - 2111,
The stubbed function block_access_list() currently returns None unconditionally;
leave behavior as-is for now but replace the TODO with a tracking-task comment
and implement decoding later: update the comment inside block_access_list to
reference a specific issue or tracker ID (e.g., “TODO: implement decoding for
EIP-7928 — see ISSUE-XXXX”), and ensure callers like validate_block_with_state
that call input.block_access_list().transpose()? continue to work; when Morph or
reth adopts EIP-7928, implement decoding to return
Option<Result<BlockAccessList, alloy_rlp::Error>> in block_access_list()
accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/primitives/src/transaction/envelope.rs`:
- Around line 236-237: The comment referencing "v0.1.0" is misleading; update
the comment in envelope.rs near the references to
reth_primitives_traits::SignedTransaction and RlpBincode to be version‑agnostic
— e.g., state that SignedTransaction has a blanket impl in upstream reth so no
explicit impl is needed and that the RlpBincode trait was removed in recent reth
releases so no impl is required, replacing the hardcoded version string with
neutral wording referencing "upstream reth" or "recent reth versions" and keep
the two symbol mentions (SignedTransaction and RlpBincode) so readers can locate
the rationale easily.

In `@crates/txpool/src/validator.rs`:
- Around line 518-524: The FIXME comment and the surrounding attribute
#![allow(dead_code, unused_imports)] indicate tests gated by #[cfg(any())] that
were disabled pending migration from MockEthProvider to a MorphPrimitives-aware
mock provider; create a tracking issue that lists this migration task, reference
the FIXME(morph-unfork) note, enumerate the affected test groups that use
MockEthProvider/EIP-1559/L1-message admission paths, and add a brief migration
plan: update MockEthProvider to implement MorphPrimitives-compatible traits (or
add a new MorphMock provider), re-enable the #[cfg]d tests, remove the temporary
#![allow(dead_code, unused_imports)] and verify unit coverage, then link the
issue in the comment above the attribute so future readers know where progress
is tracked.

---

Outside diff comments:
In `@crates/node/src/test_utils.rs`:
- Around line 8-18: The examples in test_utils.rs still destructure a
now-removed TaskManager from TestNodeBuilder::new().build(); update every
example that does let (mut nodes, _tasks, wallet) =
TestNodeBuilder::new().build().await?; to match the new two-value return (e.g.,
let (mut nodes, wallet) = TestNodeBuilder::new().build().await?;), remove the
unused _tasks variable, and adjust subsequent code that references _tasks
accordingly (affects the examples around TestNodeBuilder::new().build() and uses
of advance_chain).

In `@crates/payload/builder/src/builder.rs`:
- Around line 700-711: The code constructs NextBlockEnvAttributes with
withdrawals always Some(...) because MorphPayloadBuilderAttributes::try_new
already unwraps to default; to preserve the original semantics where None stays
None, change the withdrawals assignment in
MorphNextBlockEnvAttributes/NextBlockEnvAttributes construction to propagate the
original optional by using attributes.withdrawals.clone().map(Into::into) (or
attributes.withdrawals.clone().map(|w| w.into())), or alternatively stop
unwrap_or_default() in MorphPayloadBuilderAttributes::try_new so that None is
preserved—apply the change in the builder code paths touching
MorphNextBlockEnvAttributes and MorphPayloadBuilderAttributes::try_new to ensure
consumers that rely on None vs Some(empty) still see None when the CL omitted
withdrawals.

---

Nitpick comments:
In `@crates/engine-api/src/builder.rs`:
- Around line 664-703: The code pre-computes payload_id via
MorphPayloadBuilderAttributes::try_new(...) and then discards the result of
payload_builder.send_new_payload(...), causing resolve_kind(...) to use a
locally-derived id that can diverge; instead capture the PayloadId returned by
send_new_payload and use that for resolve_kind. Remove the unnecessary
MorphPayloadBuilderAttributes::try_new call (and its payload_id()), change the
send_new_payload call to bind its successful Result to a variable (e.g.
payload_id_from_service) and pass that into payload_builder.resolve_kind(...),
and keep the existing error mappings when send_new_payload fails.

In `@crates/engine-tree-ext/src/payload_validator.rs`:
- Around line 1191-1253: The serial fallback task spawned with
self.payload_processor.executor().spawn_blocking_named("serial-root", move || {
... }) can panic and currently that panic will be lost and leave
seq_overlay/seq_hashed_state held; wrap the closure body in
std::panic::catch_unwind to catch any panic from compute_state_root_serial,
convert it into a ProviderResult::Err (e.g. ProviderError::other with context),
and send that through seq_tx (handling send errors), so seq_rx.recv() yields a
clear error instead of a generic RecvError; reference the spawned closure around
spawn_blocking_named, seq_tx/seq_rx, and Self::compute_state_root_serial when
applying the change.
- Around line 2107-2111: The stubbed function block_access_list() currently
returns None unconditionally; leave behavior as-is for now but replace the TODO
with a tracking-task comment and implement decoding later: update the comment
inside block_access_list to reference a specific issue or tracker ID (e.g.,
“TODO: implement decoding for EIP-7928 — see ISSUE-XXXX”), and ensure callers
like validate_block_with_state that call input.block_access_list().transpose()?
continue to work; when Morph or reth adopts EIP-7928, implement decoding to
return Option<Result<BlockAccessList, alloy_rlp::Error>> in block_access_list()
accordingly.

In `@crates/evm/src/engine.rs`:
- Around line 91-98: into_parts duplicates the MorphTxEnv construction already
provided by to_tx_env; change ExecutableTxParts::into_parts for RecoveredInBlock
to delegate to the existing to_tx_env implementation instead of calling
MorphTxEnv::from_recovered_tx directly—call self.to_tx_env() (which internally
uses self.tx() and self.signer()) and return (that_tx_env, self) so any future
changes to MorphTxEnv::from_recovered_tx are honored.

In `@crates/payload/builder/src/error.rs`:
- Around line 45-48: The Storage error variant currently captures the underlying
storage error as a String which loses the original error source; change the
Storage variant in the error enum from Storage(String) to store the error as a
boxed source error (e.g. Storage(#[source] Box<dyn std::error::Error + Send +
Sync + 'static>)) and keep the existing display error message (#[error("storage
error: {0}")]) so formatting still works; update any construction sites that
currently pass a String to instead box the original error (Box::new(err)) or
convert existing errors into the boxed trait object.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fb77985b-bf97-4398-9ae4-61b61c47c8ce

📥 Commits

Reviewing files that changed from the base of the PR and between faec4c8 and c72fba2.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (56)

• Cargo.toml
• crates/consensus/src/validation.rs
• crates/engine-api/Cargo.toml
• crates/engine-api/src/builder.rs
• crates/engine-tree-ext/Cargo.toml
• crates/engine-tree-ext/src/gate.rs
• crates/engine-tree-ext/src/lib.rs
• crates/engine-tree-ext/src/payload_validator.rs
• crates/engine-tree-ext/src/trie_updates.rs
• crates/engine-tree-ext/tests/jade_boundary.rs
• crates/evm/Cargo.toml
• crates/evm/src/block/curie.rs
• crates/evm/src/block/factory.rs
• crates/evm/src/block/mod.rs
• crates/evm/src/block/receipt.rs
• crates/evm/src/config.rs
• crates/evm/src/context.rs
• crates/evm/src/engine.rs
• crates/evm/src/lib.rs
• crates/node/Cargo.toml
• crates/node/src/add_ons.rs
• crates/node/src/components/pool.rs
• crates/node/src/test_utils.rs
• crates/node/src/validator.rs
• crates/node/tests/it/block_building.rs
• crates/node/tests/it/consensus.rs
• crates/node/tests/it/engine.rs
• crates/node/tests/it/evm.rs
• crates/node/tests/it/hardfork.rs
• crates/node/tests/it/helpers.rs
• crates/node/tests/it/l1_messages.rs
• crates/node/tests/it/morph_tx.rs
• crates/node/tests/it/rpc.rs
• crates/node/tests/it/sync.rs
• crates/node/tests/it/txpool.rs
• crates/payload/builder/Cargo.toml
• crates/payload/builder/src/builder.rs
• crates/payload/builder/src/error.rs
• crates/payload/types/Cargo.toml
• crates/payload/types/src/attributes.rs
• crates/payload/types/src/lib.rs
• crates/primitives/Cargo.toml
• crates/primitives/src/header.rs
• crates/primitives/src/receipt/mod.rs
• crates/primitives/src/transaction/envelope.rs
• crates/revm/src/evm.rs
• crates/revm/src/exec.rs
• crates/revm/src/handler.rs
• crates/revm/src/tx.rs
• crates/rpc/src/eth/mod.rs
• crates/rpc/src/eth/transaction.rs
• crates/txpool/Cargo.toml
• crates/txpool/src/lib.rs
• crates/txpool/src/transaction.rs
• crates/txpool/src/validator.rs
• local-test/reth-start.sh

💤 Files with no reviewable changes (1)

• crates/engine-api/Cargo.toml

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (5)

crates/revm/src/token_fee.rs (1)

98-139: ⚡ Quick win

Add unit coverage for the unknown-balance-slot sentinel behavior.

load_storage_only intentionally returns balance = 0 with balance_slot = None when the slot is unknown. Please add targeted tests for this contract so future refactors don’t accidentally treat it as a real zero balance.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/revm/src/token_fee.rs` around lines 98 - 139, Write a unit test that
exercises TokenFee::load_storage_only to assert the sentinel behavior: when
read_registry_entry returns Some(entry) with entry.balance_slot = None the
returned Option is Some(token_fee) where token_fee.balance == U256::ZERO and
token_fee.balance_slot == None (not treated as a real zero balance), and when
balance_slot is Some(...) it calls read_balance_from_storage and returns that
value; use a mock or test DB implementing RevmDatabase to control
read_registry_entry/read_balance_from_storage results and assert both paths
(unknown slot vs known slot) using the TokenFee::load_storage_only function name
as the target under test.

crates/rpc/src/error.rs (1)

67-88: ⚡ Quick win

Add unit assertions for the new RPC error variants.

These variants change the public RPC contract, but error_display_messages and error_to_json_rpc_error_codes still only pin the older cases. A few exact assertions here for the new message/code pairs would catch drift locally, especially for InvalidFeeToken.

Also applies to: 136-148

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/rpc/src/error.rs` around lines 67 - 88, The new RPC error variants
InsufficientFundsForTransfer, InsufficientFundsForL1Fee, and InvalidFeeToken
changed the public RPC contract but there are no unit assertions for their
display messages and JSON-RPC codes; add unit tests that call the existing
error_display_messages and error_to_json_rpc_error_codes helpers (or the
functions used by them) and assert the exact string produced for each of these
three enum variants and the exact numeric/error-code mapping expected for
InvalidFeeToken (and mirror that pattern for the other two), ensuring the new
message/code pairs are covered and will fail the test if they drift.

crates/rpc/src/eth/transaction.rs (1)

53-58: ⚡ Quick win

Add one non-None test for block_timestamp propagation.

This field is only forwarded here, and the updated tests still build TransactionInfo with block_timestamp: None in every case. A single positive assertion would lock in the new RPC field.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/rpc/src/eth/transaction.rs` around lines 53 - 58, Tests currently only
construct TransactionInfo with block_timestamp: None; add a positive test that
builds a TransactionInfo with block_timestamp: Some(non_zero_value) and assert
that the RPC Transaction produced by the code path that uses
transaction::block_timestamp (the block_timestamp: tx_info.block_timestamp
forwarding in the TransactionInfo -> RPC Transaction conversion) contains that
same non-None value. Locate the test that exercises TransactionInfo -> RPC
serialization (or create a new unit test), set tx_info.block_timestamp =
Some(<valid timestamp>), call the conversion/path that uses transaction_index/
block_timestamp, and assert equality of the block_timestamp field on the
resulting RPC struct.

crates/engine-tree-ext/tests/jade_boundary.rs (1)

92-116: ⚡ Quick win

Strengthen post-Jade rejection assertion to distinguish INVALID from other non-VALID statuses.

try_import_with_tampered_state_root collapses the engine response to status.is_valid(), so the post-Jade test's assert!(!accepted, ...) will pass for any non-VALID outcome — including SYNCING or ACCEPTED — even though the regression you actually want to catch is "engine returned INVALID because MPT state-root equality was enforced". In practice SYNCING/ACCEPTED should not occur here since the parent is known, but a future change to engine semantics could silently weaken this test without any failure.

Returning the full PayloadStatus lets each caller assert the precise expected status.

♻️ Proposed change to surface the full status

-async fn try_import_with_tampered_state_root(
-    node: &mut MorphTestNode,
-    base: &MorphBuiltPayload,
-    bogus_state_root: B256,
-) -> eyre::Result<bool> {
+async fn try_import_with_tampered_state_root(
+    node: &mut MorphTestNode,
+    base: &MorphBuiltPayload,
+    bogus_state_root: B256,
+) -> eyre::Result<alloy_rpc_types_engine::PayloadStatus> {
     ...
-    let status = node
+    let status = node
         .inner
         .add_ons_handle
         .beacon_engine_handle
         .new_payload(execution_data)
         .await?;
-    Ok(status.is_valid())
+    Ok(status)
 }

Then in the post-Jade test:

-    let accepted =
-        try_import_with_tampered_state_root(&mut node, &base_payload, B256::from([0xFF; 32]))
-            .await?;
-
-    assert!(
-        !accepted,
-        "post-Jade block with tampered state_root must be rejected — MorphBasicEngineValidator \
-         enforces strict MPT root equality after Jade"
-    );
+    let status =
+        try_import_with_tampered_state_root(&mut node, &base_payload, B256::from([0xFF; 32]))
+            .await?;
+
+    assert!(
+        status.is_invalid(),
+        "post-Jade block with tampered state_root must be rejected as INVALID — got {status:?}"
+    );

Also applies to: 141-162

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/engine-tree-ext/tests/jade_boundary.rs` around lines 92 - 116, The
test helper try_import_with_tampered_state_root currently returns a bool via
status.is_valid(), which masks non-VALID payload statuses; change it to return
the full PayloadStatus (the engine response) instead of bool so callers can
assert the exact expected status (e.g., equals PayloadStatus::Invalid). Update
the function signature and return value in try_import_with_tampered_state_root
(and the other similar helper around the other occurrence) to propagate the
engine's PayloadStatus, and adjust the post-Jade test to assert that the
returned status == PayloadStatus::Invalid rather than assert!(!accepted).

crates/payload/builder/src/error.rs (1)

40-42: ⚡ Quick win

Consider preserving structured error information.

The replacement of Database(#[from] ProviderError) with Storage(String) loses:

1. Automatic ProviderError → MorphPayloadBuilderError conversion (via #[from])
2. Structured error context that could aid debugging

If storage errors are mapped manually in calling code (e.g., via .map_err(|e| MorphPayloadBuilderError::Storage(e.to_string()))), consider whether preserving the original error type or using a boxed dyn Error would provide better diagnostics.

💡 Alternative: Preserve error structure

-    /// Generic storage error (e.g. from revm EvmDatabaseError, ProviderError).
-    #[error("storage error: {0}")]
-    Storage(String),
+    /// Generic storage error (e.g. from revm EvmDatabaseError, ProviderError).
+    #[error("storage error: {0}")]
+    Storage(#[source] Box<dyn std::error::Error + Send + Sync>),

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/payload/builder/src/error.rs` around lines 40 - 42, The Storage error
variant replaced the previous Database(#[from] ProviderError) and lost automatic
conversion and structured context; restore structured errors by changing the
enum variant to accept the original ProviderError via #[from] (e.g.,
Database(#[from] ProviderError) or rename back to Database) or switch Storage to
hold a boxed error type (Storage(Box<dyn std::error::Error + Send + Sync +
'static>)) so automatic From conversions and rich error context are preserved;
update MorphPayloadBuilderError in error.rs accordingly and adjust call sites
that currently map errors with to_string() to rely on the new From or
boxed-error variant.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/node/tests/it/morph_tx.rs`:
- Around line 563-571: The test currently grabs the first transaction via
payload.block().body().transactions.first() which can silently pick the wrong tx
if harness behavior changes; make selection deterministic by asserting the
transaction count before taking the first element: capture transactions into a
local (e.g., let txs = payload.block().body().transactions;),
assert_eq!(txs.len(), 1, "expected exactly one transaction in block for this
regression test"), and then use txs.first().tx_hash() to set tx_hash; adjust the
expected count if the test should allow more than one.

In `@crates/revm/src/handler.rs`:
- Around line 267-277: The current unwrap_or_else on
validate_initial_tx_gas(...) swallows all validation errors; instead, call
validate_initial_tx_gas and pattern-match its Result so only the specific
"intrinsic gas > gas_limit" error is converted to
InitialAndFloorGas::new(tx.gas_limit(), 0), while any other Err is propagated
(or returned) unchanged. Reference validate_initial_tx_gas,
InitialAndFloorGas::new(tx.gas_limit(), 0) and the surrounding handler code so
you implement a match/if-let that maps only the intrinsic-gas-too-high variant
to the fallback and returns/propagates other errors.

---

Nitpick comments:
In `@crates/engine-tree-ext/tests/jade_boundary.rs`:
- Around line 92-116: The test helper try_import_with_tampered_state_root
currently returns a bool via status.is_valid(), which masks non-VALID payload
statuses; change it to return the full PayloadStatus (the engine response)
instead of bool so callers can assert the exact expected status (e.g., equals
PayloadStatus::Invalid). Update the function signature and return value in
try_import_with_tampered_state_root (and the other similar helper around the
other occurrence) to propagate the engine's PayloadStatus, and adjust the
post-Jade test to assert that the returned status == PayloadStatus::Invalid
rather than assert!(!accepted).

In `@crates/payload/builder/src/error.rs`:
- Around line 40-42: The Storage error variant replaced the previous
Database(#[from] ProviderError) and lost automatic conversion and structured
context; restore structured errors by changing the enum variant to accept the
original ProviderError via #[from] (e.g., Database(#[from] ProviderError) or
rename back to Database) or switch Storage to hold a boxed error type
(Storage(Box<dyn std::error::Error + Send + Sync + 'static>)) so automatic From
conversions and rich error context are preserved; update
MorphPayloadBuilderError in error.rs accordingly and adjust call sites that
currently map errors with to_string() to rely on the new From or boxed-error
variant.

In `@crates/revm/src/token_fee.rs`:
- Around line 98-139: Write a unit test that exercises
TokenFee::load_storage_only to assert the sentinel behavior: when
read_registry_entry returns Some(entry) with entry.balance_slot = None the
returned Option is Some(token_fee) where token_fee.balance == U256::ZERO and
token_fee.balance_slot == None (not treated as a real zero balance), and when
balance_slot is Some(...) it calls read_balance_from_storage and returns that
value; use a mock or test DB implementing RevmDatabase to control
read_registry_entry/read_balance_from_storage results and assert both paths
(unknown slot vs known slot) using the TokenFee::load_storage_only function name
as the target under test.

In `@crates/rpc/src/error.rs`:
- Around line 67-88: The new RPC error variants InsufficientFundsForTransfer,
InsufficientFundsForL1Fee, and InvalidFeeToken changed the public RPC contract
but there are no unit assertions for their display messages and JSON-RPC codes;
add unit tests that call the existing error_display_messages and
error_to_json_rpc_error_codes helpers (or the functions used by them) and assert
the exact string produced for each of these three enum variants and the exact
numeric/error-code mapping expected for InvalidFeeToken (and mirror that pattern
for the other two), ensuring the new message/code pairs are covered and will
fail the test if they drift.

In `@crates/rpc/src/eth/transaction.rs`:
- Around line 53-58: Tests currently only construct TransactionInfo with
block_timestamp: None; add a positive test that builds a TransactionInfo with
block_timestamp: Some(non_zero_value) and assert that the RPC Transaction
produced by the code path that uses transaction::block_timestamp (the
block_timestamp: tx_info.block_timestamp forwarding in the TransactionInfo ->
RPC Transaction conversion) contains that same non-None value. Locate the test
that exercises TransactionInfo -> RPC serialization (or create a new unit test),
set tx_info.block_timestamp = Some(<valid timestamp>), call the conversion/path
that uses transaction_index/ block_timestamp, and assert equality of the
block_timestamp field on the resulting RPC struct.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 22c38b12-ae80-4200-9ff3-e257c3329b31

📥 Commits

Reviewing files that changed from the base of the PR and between c72fba2 and e2897d8.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (57)

• CONTRIBUTING.md
• Cargo.toml
• README.md
• bin/morph-reth/Cargo.toml
• bin/morph-reth/src/main.rs
• crates/chainspec/src/hardfork.rs
• crates/consensus/src/validation.rs
• crates/engine-api/src/builder.rs
• crates/engine-api/src/lib.rs
• crates/engine-api/src/validator.rs
• crates/engine-tree-ext/src/lib.rs
• crates/engine-tree-ext/src/payload_validator.rs
• crates/engine-tree-ext/tests/jade_boundary.rs
• crates/evm/Cargo.toml
• crates/evm/src/assemble.rs
• crates/evm/src/block/factory.rs
• crates/evm/src/block/mod.rs
• crates/evm/src/block/receipt.rs
• crates/evm/src/config.rs
• crates/evm/src/context.rs
• crates/evm/src/evm.rs
• crates/evm/src/lib.rs
• crates/node/Cargo.toml
• crates/node/src/add_ons.rs
• crates/node/src/components/pool.rs
• crates/node/src/node.rs
• crates/node/src/test_utils.rs
• crates/node/src/validator.rs
• crates/node/tests/it/engine.rs
• crates/node/tests/it/helpers.rs
• crates/node/tests/it/morph_tx.rs
• crates/node/tests/it/rpc.rs
• crates/payload/builder/src/builder.rs
• crates/payload/builder/src/config.rs
• crates/payload/builder/src/error.rs
• crates/payload/types/src/attributes.rs
• crates/payload/types/src/lib.rs
• crates/primitives/src/header.rs
• crates/primitives/src/receipt/mod.rs
• crates/primitives/src/transaction/envelope.rs
• crates/reference-index/src/tables.rs
• crates/revm/src/evm.rs
• crates/revm/src/handler.rs
• crates/revm/src/precompiles.rs
• crates/revm/src/token_fee.rs
• crates/revm/src/tx.rs
• crates/rpc/Cargo.toml
• crates/rpc/src/error.rs
• crates/rpc/src/eth/call.rs
• crates/rpc/src/eth/mod.rs
• crates/rpc/src/eth/receipt.rs
• crates/rpc/src/eth/transaction.rs
• crates/txpool/src/validator.rs
• deny.toml
• etc/docker-compose.yml
• local-test/README.md
• local-test/reth-start.sh

💤 Files with no reviewable changes (1)

• crates/engine-api/src/validator.rs

✅ Files skipped from review due to trivial changes (5)

• CONTRIBUTING.md
• etc/docker-compose.yml
• README.md
• crates/rpc/Cargo.toml
• crates/node/Cargo.toml

🚧 Files skipped from review as they are similar to previous changes (18)

• crates/engine-tree-ext/src/lib.rs
• crates/payload/types/src/lib.rs
• crates/revm/src/tx.rs
• crates/evm/src/config.rs
• crates/node/src/test_utils.rs
• crates/primitives/src/receipt/mod.rs
• crates/node/tests/it/engine.rs
• crates/node/src/components/pool.rs
• crates/primitives/src/transaction/envelope.rs
• local-test/reth-start.sh
• crates/consensus/src/validation.rs
• crates/revm/src/evm.rs
• crates/txpool/src/validator.rs
• crates/payload/types/src/attributes.rs
• crates/node/tests/it/helpers.rs
• crates/rpc/src/eth/mod.rs
• crates/evm/src/block/mod.rs
• crates/engine-tree-ext/src/payload_validator.rs

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Make tx selection deterministic before using .first().

Add a block transaction-count assertion before taking the first tx hash, so the test cannot silently validate the wrong transaction if harness behavior changes.

Proposed patch

     node.rpc.inject_tx(raw_tx).await?;
     let payload = node.advance_block().await?;
+    assert_eq!(
+        payload.block().body().transactions.len(),
+        1,
+        "regression block should contain only the injected tx"
+    );
 
     let tx_hash = *payload
         .block()
         .body()
         .transactions

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let payload = node.advance_block().await?;
	let tx_hash = *payload
	.block()
	.body()
	.transactions
	.first()
	.expect("block should contain regression tx")
	.tx_hash();
	let payload = node.advance_block().await?;
	assert_eq!(
	payload.block().body().transactions.len(),
	1,
	"regression block should contain only the injected tx"
	);
	let tx_hash = *payload
	.block()
	.body()
	.transactions
	.first()
	.expect("block should contain regression tx")
	.tx_hash();

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/node/tests/it/morph_tx.rs` around lines 563 - 571, The test currently
grabs the first transaction via payload.block().body().transactions.first()
which can silently pick the wrong tx if harness behavior changes; make selection
deterministic by asserting the transaction count before taking the first
element: capture transactions into a local (e.g., let txs =
payload.block().body().transactions;), assert_eq!(txs.len(), 1, "expected
exactly one transaction in block for this regression test"), and then use
txs.first().tx_hash() to set tx_hash; adjust the expected count if the test
should allow more than one.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Narrow the L1-message fallback to the intended intrinsic-gas error only.

The comment says this path should only relax the “intrinsic gas > gas_limit” case, but unwrap_or_else(|_| ...) swallows every validate_initial_tx_gas failure. That also bypasses unrelated checks and future upstream validations for L1 messages.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/revm/src/handler.rs` around lines 267 - 277, The current
unwrap_or_else on validate_initial_tx_gas(...) swallows all validation errors;
instead, call validate_initial_tx_gas and pattern-match its Result so only the
specific "intrinsic gas > gas_limit" error is converted to
InitialAndFloorGas::new(tx.gas_limit(), 0), while any other Err is propagated
(or returned) unchanged. Reference validate_initial_tx_gas,
InitialAndFloorGas::new(tx.gas_limit(), 0) and the surrounding handler code so
you implement a match/if-let that maps only the intrinsic-gas-too-high variant
to the fallback and returns/propagates other errors.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/engine-api/src/builder.rs (1)

720-736: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Potential finalized > safe inconsistency in FCU when only one L1 tag is set.

resolve_fcu_block_tag_hash is called independently for safe and finalized, so the tracker’s two slots are decoupled. If an external set_block_tags(safe=A, finalized=ZERO) ever runs (the public API explicitly allows skipping zero hashes — see lines 502-505), then:

• l1_safe_hash() = Some(A) (older L1 block), l1_finalized_hash() = None.
• On a later import of a historical block (now - block_timestamp > 60s):
  • safe_hash → A
  • finalized_hash → data.hash (the new head, with number > A.number)

The FCU is then sent with finalized.number > safe.number, violating the very invariant the set_block_tags reordering on lines 506-514 is designed to preserve. This can occur in practice during catch-up when L1 finalization data isn’t yet available.

A simple guard is to only apply the head fallback when both L1 tags are missing (or clamp finalized to safe in the asymmetric case):

🛡️ Proposed fix

-        let finalized_hash = resolve_fcu_block_tag_hash(
-            self.block_tag_tracker.l1_finalized_hash(),
-            data.hash,
-            data.timestamp,
-            now_timestamp,
-        );
-        let safe_hash = resolve_fcu_block_tag_hash(
-            self.block_tag_tracker.l1_safe_hash(),
-            data.hash,
-            data.timestamp,
-            now_timestamp,
-        );
+        let l1_finalized = self.block_tag_tracker.l1_finalized_hash();
+        let l1_safe = self.block_tag_tracker.l1_safe_hash();
+        // Only synthesize from head when *both* L1 tags are absent, otherwise we
+        // can push an FCU with finalized > safe (e.g. safe set, finalized still
+        // pending from L1 finalization).
+        let (safe_hash, finalized_hash) = match (l1_safe, l1_finalized) {
+            (Some(s), Some(f)) => (s, f),
+            (None, None) => {
+                let h = resolve_fcu_block_tag_hash(None, data.hash, data.timestamp, now_timestamp);
+                (h, h)
+            }
+            // Partial L1 update: keep the known L1 hash for that tag and mirror
+            // it on the missing side so finalized <= safe holds.
+            (Some(s), None) => (s, s),
+            (None, Some(f)) => (f, f),
+        };

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/engine-api/src/builder.rs` around lines 720 - 736, The code
independently calls resolve_fcu_block_tag_hash for finalized and safe using
block_tag_tracker.l1_finalized_hash() and .l1_safe_hash(), which can produce
finalized.number > safe.number when only one L1 tag is set; update the logic
around computing finalized_hash and safe_hash (the calls to
resolve_fcu_block_tag_hash and the subsequent
alloy_rpc_types_engine::ForkchoiceState construction) to either only apply the
head-fallback when BOTH l1_finalized_hash() and l1_safe_hash() are None, or
clamp finalized_hash to safe_hash when finalized > safe (i.e., after computing
both hashes, if finalized_hash.number > safe_hash.number then set finalized_hash
= safe_hash) so the FCU invariant never permits finalized > safe.

🧹 Nitpick comments (2)

crates/engine-api/src/builder.rs (1)

506-514: 💤 Low value

Consider adding a unit test for the partial-update path of record_block_tags.

The new test_block_tag_tracker_records_l1_block_tags only covers the both-Some case. Given the explicit semantics that None preserves the previous value (and the asymmetric ordering rationale documented above), a test asserting record_block_tags(Some(x), None) keeps the prior finalized hash (and vice-versa) would lock in the intended behavior and catch future regressions where someone “fixes” the conditional and accidentally clears tags.

Also applies to: 1230-1240

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/engine-api/src/builder.rs` around lines 506 - 514, Add unit tests for
the partial-update paths of record_block_tags: extend or add tests alongside
test_block_tag_tracker_records_l1_block_tags to cover record_block_tags(Some(x),
None) and record_block_tags(None, Some(y)). For each case, initialize the
tracker with both tags set, call record_block_tags with one None and one Some,
and assert the None parameter does not clear the prior stored value while the
Some parameter updates the value; include assertions for both hash and number
semantics to lock in the intended behavior.

crates/node/src/add_ons.rs (1)

37-51: 💤 Low value

Note: new AuthHttpMiddleware generic isn’t reachable through the trait impls.

The struct now exposes AuthHttpMiddleware = Identity, but the impls of NodeAddOns, RethRpcAddOns, and EngineValidatorAddOn are written for MorphAddOns<N, EthB, PVB, EVB> (defaulting both RpcMiddleware and AuthHttpMiddleware to Identity). So any consumer that customizes either middleware will silently lose the trait implementations.

If that’s intentional for now (i.e., this PR just widens the inner RpcAddOns shape to match upstream), consider a short doc comment on the struct calling that out so future contributors aren’t surprised. Otherwise, threading the two middleware generics through the impls would make the wrapper actually usable with non-Identity middleware.

Also applies to: 96-108

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/node/src/add_ons.rs` around lines 37 - 51, The new AuthHttpMiddleware
generic on MorphAddOns is not propagated to the impls, so consumers that set
custom RpcMiddleware or AuthHttpMiddleware lose the trait impls; update the impl
blocks for NodeAddOns, RethRpcAddOns, and EngineValidatorAddOn to include the
RpcMiddleware and AuthHttpMiddleware generics (matching the struct signature:
MorphAddOns<N, EthB, PVB, EVB, RpcMiddleware, AuthHttpMiddleware>) and add the
appropriate where bounds (e.g., RpcMiddleware: /* required trait */,
AuthHttpMiddleware: /* required trait */) and pass them to the inner RpcAddOns
type, or if intentional, add a short doc comment on MorphAddOns explaining that
only Identity middleware is supported for now so future contributors are aware.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@crates/engine-api/src/builder.rs`:
- Around line 720-736: The code independently calls resolve_fcu_block_tag_hash
for finalized and safe using block_tag_tracker.l1_finalized_hash() and
.l1_safe_hash(), which can produce finalized.number > safe.number when only one
L1 tag is set; update the logic around computing finalized_hash and safe_hash
(the calls to resolve_fcu_block_tag_hash and the subsequent
alloy_rpc_types_engine::ForkchoiceState construction) to either only apply the
head-fallback when BOTH l1_finalized_hash() and l1_safe_hash() are None, or
clamp finalized_hash to safe_hash when finalized > safe (i.e., after computing
both hashes, if finalized_hash.number > safe_hash.number then set finalized_hash
= safe_hash) so the FCU invariant never permits finalized > safe.

---

Nitpick comments:
In `@crates/engine-api/src/builder.rs`:
- Around line 506-514: Add unit tests for the partial-update paths of
record_block_tags: extend or add tests alongside
test_block_tag_tracker_records_l1_block_tags to cover record_block_tags(Some(x),
None) and record_block_tags(None, Some(y)). For each case, initialize the
tracker with both tags set, call record_block_tags with one None and one Some,
and assert the None parameter does not clear the prior stored value while the
Some parameter updates the value; include assertions for both hash and number
semantics to lock in the intended behavior.

In `@crates/node/src/add_ons.rs`:
- Around line 37-51: The new AuthHttpMiddleware generic on MorphAddOns is not
propagated to the impls, so consumers that set custom RpcMiddleware or
AuthHttpMiddleware lose the trait impls; update the impl blocks for NodeAddOns,
RethRpcAddOns, and EngineValidatorAddOn to include the RpcMiddleware and
AuthHttpMiddleware generics (matching the struct signature: MorphAddOns<N, EthB,
PVB, EVB, RpcMiddleware, AuthHttpMiddleware>) and add the appropriate where
bounds (e.g., RpcMiddleware: /* required trait */, AuthHttpMiddleware: /*
required trait */) and pass them to the inner RpcAddOns type, or if intentional,
add a short doc comment on MorphAddOns explaining that only Identity middleware
is supported for now so future contributors are aware.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 04da6609-b7b0-48a5-9d7f-8e3ef678733e

📥 Commits

Reviewing files that changed from the base of the PR and between 9242f5e and 3b64bd6.

📒 Files selected for processing (4)

• crates/engine-api/src/builder.rs
• crates/engine-api/src/lib.rs
• crates/node/src/add_ons.rs
• crates/node/tests/it/engine.rs

🚧 Files skipped from review as they are similar to previous changes (1)

• crates/node/tests/it/engine.rs