feat: support create_access_list

[thomas-nguy]

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

• New Features
  • Added support for create_access_list to improve transaction handling and storage access optimization.
• Tests
  • Added end-to-end tests validating access list behavior and contract interactions.
• Chores
  • Bumped Go/tooling module references to newer versions for build reproducibility.
• Documentation
  • Added an UNRELEASED changelog entry noting the new access list support.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds an access-list integration test and a small Solidity test contract, registers the contract in test assets, updates related integration test code, and bumps/redirects ethermint module versions; changelog notes create_access_list support.

Changes

Cohort / File(s)	Summary
Dependency updates go.mod, gomod2nix.toml	Updated Go toolchain version and replaced/redirected github.com/evmos/ethermint to a new pseudo-version/hash in both go.mod and gomod2nix.toml.
Changelog CHANGELOG.md	Added an UNRELEASED improvement entry: "Support create_access_list" (references PR #1932).
Test contract integration_tests/contracts/.../TestAccessList.sol	New Solidity contract TestAccessList with public slotA, slotB, balances, and touchSlots(uint256 a, uint256 b) to exercise multiple storage slots.
Integration tests & utilities integration_tests/test_basic.py, integration_tests/utils.py	Added test_access_list(cronos) end-to-end test that constructs/sends txns with access lists and verifies persisted access lists; registered TestAccessList in TEST_CONTRACTS.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review dependency replacement/version/hash changes in go.mod and gomod2nix.toml.
• Inspect TestAccessList.sol for intended storage layout and visibility.
• Verify test_access_list constructs access lists correctly and that on-chain assertions match node behavior.
• Confirm TEST_CONTRACTS registration path and contract compile/deploy integration.

Possibly related PRs

• feat: backport release/v1.5.x to main #1906 — Also updates the github.com/evmos/ethermint replace/redirect entry and is related at the dependency level.

Suggested labels

nix

Suggested reviewers

• XinyuCRO
• calvinaco
• songgaoye

Poem

🐰 I hopped through code to mark each slot,
I nudged two values — a tiny plot,
An access list I built with care,
Tests verified the state was there,
A hop, a tweak, and then I'm off to trot.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: support create_access_list' clearly and accurately summarizes the main objective of the changeset, which adds support for the create_access_list feature through new test contracts, integration tests, and updated dependencies.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​github.com/​crypto-org-chain/​ethermint@​v0.22.1-0.20251208051817-9f5d1db3246d ⏵ v0.22.1-0.20251212021209-7da2d575eebe	+1

View full report

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

gomod2nix.toml (1)

315-317: gomod2nix Ethermint pin matches go.mod; remember to realign when reverting the fork

The updated version/hash and replaced = "github.com/thomas-nguy/ethermint" are consistent with the go.mod replace, so Nix builds should stay in sync. Once Ethermint changes are moved to an org‑managed repo (see go.mod comment), this entry will also need to be updated back to the org fork.

🧹 Nitpick comments (2)

CHANGELOG.md (1)

5-9: Changelog entry is fine; optional wording tweak

The new improvement entry is formatted consistently. If you want to be more explicit, you could rename it to “Support eth_createAccessList” to match the JSON‑RPC method name, but it’s not strictly necessary.

integration_tests/test_basic.py (1)

1126-1195: Access‑list test covers the right behavior; consider computing the mapping slot dynamically

The structure of test_access_list is solid:

• It verifies that eth_sendTransaction with accessList round‑trips via eth_getTransaction.
• It then uses eth_createAccessList on a TestAccessList.touchSlots call and asserts that the contract address and 3 storage keys (2 plain slots + 1 mapping entry) are present.

Two small improvements to make the test less brittle:

1. Compute the mapping storage key instead of hard‑coding it

Hard‑coding "0x30939a3d..." ties the test to a specific storage layout and ADDRS["validator"]. If either changes, the test silently becomes wrong. You can derive the key using the standard mapping formula:

-    storage_keys = access_list["result"]["accessList"][0]["storageKeys"]
-    assert len(storage_keys) == 3
-    assert (
-        "0x0000000000000000000000000000000000000000000000000000000000000000".lower()
-        in [k.lower() for k in storage_keys]
-    )
-    assert (
-        "0x0000000000000000000000000000000000000000000000000000000000000001".lower()
-        in [k.lower() for k in storage_keys]
-    )
-    assert (
-        "0x30939a3db93623b4b889c7802487ba975ac3bc59182f4c2dff55b302788334ec".lower()
-        in [k.lower() for k in storage_keys]
-    )
+    storage_keys = access_list["result"]["accessList"][0]["storageKeys"]
+    assert len(storage_keys) == 3
+    normalized_keys = [k.lower() for k in storage_keys]
+
+    # Slots 0 and 1 (slotA, slotB)
+    assert "0x" + "0" * 64 in normalized_keys
+    assert "0x" + "0" * 63 + "1" in normalized_keys
+
+    # balances[msg.sender] mapping slot: keccak(address, 2)
+    mapping_slot = 2
+    mapping_key = Web3.solidity_keccak(
+        ["address", "uint256"], [ADDRS["validator"], mapping_slot]
+    ).hex().lower()
+    assert mapping_key in normalized_keys

This keeps the assertion logically equivalent but decouples it from the magic constant.

2. Refresh the inline comment

The comment # Build data field for set(123) no longer matches touchSlots(123, 456). Renaming it (e.g., “Build data field for touchSlots(123, 456)”) will avoid confusion.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb992dd and 1b69a09.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (6)

• CHANGELOG.md (1 hunks)
• go.mod (1 hunks)
• gomod2nix.toml (1 hunks)
• integration_tests/contracts/contracts/TestAccessList.sol (1 hunks)
• integration_tests/test_basic.py (1 hunks)
• integration_tests/utils.py (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

integration_tests/test_basic.py (2)

integration_tests/network.py (1)

• w3 (39-42)

integration_tests/utils.py (2)

• send_transaction (468-471)
• deploy_contract (423-443)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)

• GitHub Check: build (macos-14)
• GitHub Check: gomod2nix
• GitHub Check: build (ubuntu-latest)
• GitHub Check: build (macos-latest)
• GitHub Check: unittest
• GitHub Check: Run golangci-lint
• GitHub Check: integration_tests (gov)
• GitHub Check: integration_tests (mint)
• GitHub Check: integration_tests (upgrade)
• GitHub Check: integration_tests (gas)
• GitHub Check: integration_tests (ica)
• GitHub Check: integration_tests (slow)
• GitHub Check: integration_tests (ibc_timeout)
• GitHub Check: integration_tests (ibc_update_client)
• GitHub Check: integration_tests (ibc_rly_gas)
• GitHub Check: integration_tests (ibc_rly_evm)
• GitHub Check: integration_tests (unmarked)
• GitHub Check: integration_tests (ibc)

🔇 Additional comments (3)

integration_tests/utils.py (1)

49-75: TestAccessList wiring into TEST_CONTRACTS looks correct

The new "TestAccessList": "TestAccessList.sol" entry matches the artifact path convention (contracts/artifacts/contracts/<name>.sol/<name>.json) and integrates cleanly with the existing CONTRACTS mapping.

integration_tests/contracts/contracts/TestAccessList.sol (1)

1-14: TestAccessList storage layout matches the intended access‑list test

slotA, slotB, and the balances mapping are laid out in distinct slots, and touchSlots writes to each of them, which is exactly what you need for exercising eth_createAccessList over three storage keys. The contract is minimal and fit for purpose.

go.mod (1)

293-307: Avoid pinning Ethermint to a personal fork in main go.mod

Replacing github.com/evmos/ethermint with github.com/thomas-nguy/ethermint is reasonable for development, but merging into main ties the build and supply chain to an individual user account rather than an org‑controlled repo. This creates maintenance, security, and sustainability risks.

Consider:

• Moving changes to github.com/crypto-org-chain/ethermint and updating the replace directive there, or
• Establishing a timeline to merge these changes upstream and removing the replacement once complete.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 37.13%. Comparing base (a3c2f70) to head (4b79feb).
⚠️ Report is 125 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1932       +/-   ##
===========================================
+ Coverage   16.87%   37.13%   +20.25%     
===========================================
  Files          72      127       +55     
  Lines        6163     9757     +3594     
===========================================
+ Hits         1040     3623     +2583     
- Misses       5000     5713      +713     
- Partials      123      421      +298     

see 121 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1b69a09 and 4b79feb.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• go.mod (2 hunks)
• gomod2nix.toml (2 hunks)
• integration_tests/test_basic.py (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• integration_tests/test_basic.py
• gomod2nix.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: integration_tests (ibc_timeout)
• GitHub Check: integration_tests (mint)
• GitHub Check: integration_tests (gas)
• GitHub Check: integration_tests (slow)
• GitHub Check: integration_tests (gov)
• GitHub Check: integration_tests (ibc_update_client)
• GitHub Check: integration_tests (upgrade)
• GitHub Check: integration_tests (ica)
• GitHub Check: integration_tests (ibc_rly_gas)
• GitHub Check: integration_tests (ibc_rly_evm)
• GitHub Check: build (macos-14)
• GitHub Check: integration_tests (unmarked)
• GitHub Check: integration_tests (ibc)
• GitHub Check: build (macos-latest)
• GitHub Check: build (ubuntu-latest)
• GitHub Check: unittest
• GitHub Check: gomod2nix
• GitHub Check: Run golangci-lint
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (1)

go.mod (1)

38-38: Minor version bump for spf13/cobra — routine maintenance.

The cobra CLI framework has been bumped from v1.10.1 to v1.10.2. This is a patch-level update and represents routine maintenance.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

integration_tests/contracts/contracts/TestAccessList.sol (1)

9-13: Consider external visibility for minor gas savings.

Since touchSlots is not called internally, declaring it as external instead of public would provide a minor gas optimization. However, for a test contract, this is an optional refinement.

-    function touchSlots(uint256 a, uint256 b) public {
+    function touchSlots(uint256 a, uint256 b) external {
         slotA = a;
         slotB = b;
         balances[msg.sender] = a + b;
     }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4b79feb and e1ed497.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (6)

• CHANGELOG.md (1 hunks)
• go.mod (2 hunks)
• gomod2nix.toml (1 hunks)
• integration_tests/contracts/contracts/TestAccessList.sol (1 hunks)
• integration_tests/test_basic.py (1 hunks)
• integration_tests/utils.py (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• CHANGELOG.md
• integration_tests/utils.py
• go.mod
• gomod2nix.toml
• integration_tests/test_basic.py

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (17)

• GitHub Check: Socket Security: Pull Request Alerts
• GitHub Check: integration_tests (gas)
• GitHub Check: integration_tests (mint)
• GitHub Check: integration_tests (evm)
• GitHub Check: integration_tests (slow)
• GitHub Check: integration_tests (gov)
• GitHub Check: integration_tests (ica)
• GitHub Check: integration_tests (upgrade)
• GitHub Check: integration_tests (ibc)
• GitHub Check: integration_tests (unmarked)
• GitHub Check: integration_tests (ibc_rly_evm)
• GitHub Check: integration_tests (ibc_timeout)
• GitHub Check: integration_tests (ibc_rly_gas)
• GitHub Check: integration_tests (ibc_update_client)
• GitHub Check: build (macos-14)
• GitHub Check: build (macos-latest)
• GitHub Check: Run golangci-lint