[codex] add evm-only giga executor path

[codchen]

Summary

• add giga/evmonly as the final-form EVM-only giga execution path boundary
• define raw Ethereum RLP block input and commit-neutral outputs as an EVM-native state changeset plus receipts
• port the core sei-v3-style execution shape directly into giga/evmonly:
  • raw RLP tx parsing and sender recovery
  • go-ethereum execution against an SDK-free native vm.StateDB
  • key-addressable EVM-native balance, nonce, code, and storage state reads
  • deterministic post-block StateChangeSet output
  • Ethereum receipt and per-tx metadata construction
• add a map-backed MemoryState backend for tests and early integration
• leave custom precompiles as fail-closed placeholders behind an SDK-free registry/context
• refresh the README to describe the current implementation, input/output contract, and known limitations

Notes

Custom precompile behavior is intentionally still open. Registered custom precompile addresses return ErrCustomPrecompilesOpen, including through geth's precompile map, so calls fail closed instead of silently executing as empty accounts.

The current port is sequential. The state boundary and changeset shape are intended to be replaceable with the sei-v3 OCC scheduler/store once that layer is brought over.

Historical BLOCKHASH lookups beyond the parent block are not wired yet; BlockHash is currently used for receipt/log metadata.

Validation

go test ./giga/evmonly/...
go test ./giga/...

[codecov]

Codecov Report

❌ Patch coverage is 76.77225% with 154 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.24%. Comparing base (0ff5a52) to head (5e36ab5).

Files with missing lines	Patch %	Lines
giga/evmonly/state_db.go	70.35%	102 Missing and 16 partials ⚠️
giga/evmonly/executor.go	85.23%	15 Missing and 7 partials ⚠️
giga/evmonly/state.go	88.63%	5 Missing and 5 partials ⚠️
giga/evmonly/parser.go	80.00%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3583      +/-   ##
==========================================
- Coverage   59.16%   58.24%   -0.92%     
==========================================
  Files        2262     2175      -87     
  Lines      187009   176465   -10544     
==========================================
- Hits       110643   102790    -7853     
+ Misses      66430    64647    -1783     
+ Partials     9936     9028     -908     

Flag	Coverage Δ
sei-chain-pr	76.77% <76.77%> (?)
sei-db	70.41% <ø> (ø)
sei-db-state-db	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
giga/evmonly/config.go	100.00% <100.00%> (ø)
giga/evmonly/parser.go	80.00% <80.00%> (ø)
giga/evmonly/state.go	88.63% <88.63%> (ø)
giga/evmonly/executor.go	85.23% <85.23%> (ø)
giga/evmonly/state_db.go	70.35% <70.35%> (ø)

... and 168 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	Jun 26, 2026, 4:37 PM

[cursor]

PR Summary

Medium Risk
New execution path with substantial EVM/state logic and strict block-abort semantics, but isolated from app wiring and covered by broad tests; custom precompiles are intentionally unimplemented.

Overview
Introduces giga/evmonly, a Cosmos-free execution boundary for the final-form giga path: ordered blocks of raw Ethereum RLP txs in, commit-neutral StateChangeSet plus Ethereum receipts out.

The Executor runs go-ethereum ApplyMessage against a new SDK-free nativeStateDB, with lazy key-addressable reads from StateReader and a deterministic post-block changeset (final balances, nonces, code, storage). Block validation errors abort the whole block with no partial commit; in-tx EVM failures still produce failed receipts and later txs can run. Config covers min gas price, optional nonce/gas-price checks, chain config, and a fail-closed custom precompile registry (ErrCustomPrecompilesOpen). A map-backed MemoryState supports tests; README documents the contract and known gaps (sequential execution, parent-only BLOCKHASH, precompiles TBD).

^{Reviewed by Cursor Bugbot for commit 5e36ab5. Bugbot is set up for automated code reviews on this repo. Configure here.}

[philipsu522]

does "SDK" mean Cosmos?

[codchen]

yep

[philipsu522]

do we need to set acct.Created = false?

[codchen]

Created is used to decided whether SelfDestruct6780 should early return, and I think the behavior of SelfDestruct6780 is to not early return if selfdestruct is called multiple times, so I think we shouldn't set Created to false upon selfdestruct (consistent with geth)

[philipsu522]

is this dangerous? could someone maliciously set gasLimit = 0 to bypass any limits we may have?

[codchen]

gasLimit here is the block gas limit, so it'd be decided by consensus and not set by tx senders

[philipsu522]

this is a lot of critical state changing code. i think we need a lot of tests here. Could we use AI to generate a ton of unit cases, interleaving ordering of contract creation/deletion, invalid txs (out of gas, invalid state transition, invalid nonce, verify receipt outputs...etc).

[cursor]

Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

Want higher recall? High effort reviews run extra passes and find more bugs. A team admin can switch effort levels in the Cursor dashboard.

^{Reviewed by Cursor Bugbot for commit 5e36ab5. Configure here.}

[cursor]

Self-destruct omits unstaged storage

High Severity

When a contract is self-destructed or recreated via CreateAccount, Finalise clears only the in-memory storage map. ChangeSet compares storage using keys from base.Storage, which is populated lazily via ensureStorage. Slots that still exist in the persistent StateReader but were never read or written in that block never appear in the changeset, so ApplyChangeSet leaves orphaned storage at that address.

Additional Locations (1)

• giga/evmonly/state_db.go#L132-L140

 

^{Reviewed by Cursor Bugbot for commit 5e36ab5. Configure here.}

[seidroid]

A new, self-contained giga/evmonly package adds an SDK-free EVM-only block executor with a go-ethereum-backed vm.StateDB, changeset output, receipts, and extensive tests. It is not wired into the production app path, but contains two genuine EVM-semantics correctness bugs (EXTCODEHASH for existing code-less accounts, and storage clearing on legacy SELFDESTRUCT/SetStorage) plus a notable per-snapshot deep-copy performance cost that should be addressed before this becomes the live giga path.

Findings: 2 blocking | 5 non-blocking | 3 posted inline

Blockers

• None at the file/PR level.
• 2 blocking issue(s) flagged inline on specific lines.

Non-blocking

• cursor-review.md was empty — the Cursor second-opinion pass produced no output, so only this review and Codex's findings were merged.
• GetStorageRoot always returns the zero hash, so the CREATE/CREATE2 collision check (nonce != 0 || codeHash != EmptyCodeHash || storageRoot != EmptyRootHash) can miss collisions against a pre-existing account that has storage but no code/nonce. Combined with the GetCodeHash issue this narrows collision detection to nonce-only for storage-only accounts. Edge case, but worth documenting alongside the known limitations.
• EIP-158/161 empty-account deletion is not implemented in Finalise (touched-but-empty accounts are not pruned). For the value-based changeset this is mostly benign since no diff is recorded, but it diverges from go-ethereum StateDB semantics and is worth a note in the README limitations.
• Consider adding tests that exercise the two correctness gaps above: EXTCODEHASH against a funded code-less EOA (expect EmptyCodeHash, not 0x0), and a legacy SELFDESTRUCT of a pre-existing contract whose persisted storage slots were never read in-block (expect deletes in the changeset).
• 1 suggestion(s)/nit(s) flagged inline on specific lines.

[seidroid]

[blocker] EXTCODEHASH semantics bug: this returns common.Hash{} (0x0) whenever code is empty, conflating "account does not exist" with "account exists but has no code". go-ethereum's StateDB returns types.EmptyCodeHash (keccak256 of empty) for an existing account with no code and only common.Hash{} for a non-existent account. As written, EXTCODEHASH on a funded/active EOA returns 0x0 instead of the empty-code hash, so contracts observe incorrect account existence/code state. Distinguish existence (e.g. via Exist(addr)) and return types.EmptyCodeHash for existing code-less accounts.

[seidroid]

[blocker] The changeset only diffs storage keys present in base.Storage/acct.Storage, and base.Storage is populated lazily only for slots read via ensureStorage. When Finalise clears a self-destructed account (legacy SELFDESTRUCT) or SetStorage resets an account, persisted slots that were never read in-block are in neither map, so no delete is emitted for them. Applying the changeset to durable state then leaves stale storage behind. Because the backend is key-addressable with no range reads, the executor cannot enumerate those slots — this needs an explicit account-clear/delete signal in the changeset (or a documented constraint) rather than per-slot diffs.

[seidroid]

[suggestion] Snapshot() deep-copies the entire accounts, base, logs, accessList, transientStates, and preimages on every call, and the EVM snapshots on every CALL/CREATE/STATICCALL. This is O(touched-state) per snapshot and will be a severe performance cliff for any non-trivial contract execution. Acceptable for the sequential placeholder, but flag it as a known cost — a journal/undo-log approach (as in go-ethereum) will be needed before this is the live giga path.