evm/vm: EIP-8037 follow-ups (parametric CPSB, 7702 auth refund, SD storage refund, system call split)

[gabrocheleau]

Summary

Follow-up work on top of #4286, targeting feat/eip-8037. Four spec items from the EIP-8037 queue:

• Parametric CPSB — cost_per_state_byte is now derived from the block gas limit per the latest spec rather than the constant 1174:

  raw     = ceil(gasLimit * 2_628_000 / (2 * 107_374_182_400))
  shifted = raw + 9578
  shift   = max(bitLen(shifted) - 5, 0)
  rounded = (shifted >> shift) << shift
  cpsb    = rounded <= 9578 ? 1 : rounded - 9578
  

  Returns 1174 at the spec's 96M reference gas limit (matches the prior constant), scales up beyond, floors at 1 for very low limits (covers the cpsb_underflow_boundary fixture). New helper activeCostPerStateByte(common, blockGasLimit?) plumbed through every state-gas charge site (SSTORE, CALL value-to-non-existent, CREATE/CREATE2 frame-exit, intrinsic+7702 in runTx).

• EIP-7702 existing-authority state-gas refund — for each authorization that targets an account that already exists, refund stateBytesPerNewAccount × CPSB directly into the reservoir before execution begins. No 20% cap (replaces the legacy regular-gas refund, which was already disabled under 8037 since perEmptyAccountCost = 0).

• SELFDESTRUCT deferred refund extended to per-account storage state-gas — createdAccountStateGas now accumulates each SSTORE 0→nonzero's state-gas charge per address (additive); nonzero→0 clears within the same tx decrement it so cleared slots aren't double-refunded. The existing refund path in runTx reads the full per-address total, so this drops in transparently.

• System call gas split — SYSTEM_CALL_GAS_LIMIT = 30_000_000 + STATE_BYTES_PER_STORAGE_SET × CPSB(blockGasLimit) × 16. requests.ts now splits the regular 30M (passed as gas_left to runCall) from the reservoir portion (set on vm.evm.stateGasReservoir before the call, restored after via snapshot/restore so an in-flight tx-level reservoir isn't clobbered). accumulateRequests/accumulateWithdrawalsRequest/accumulateConsolidationsRequest now take an optional blockGasLimit threaded through from runBlock and buildBlock.

Item not changed: 20% refund cap formula. Reviewed against the EIP-8037 spec (tx_gas_refund = min(tx_gas_used_before_refund // 5, refund_counter)); the existing results.totalGasSpent / maxRefundQuotient is computed pre-refund and already equals intrinsic_total + executionGasUsed + reservoirDelta, which is tx.gas - gas_left - state_gas_reservoir algebraically. No change needed.

Test plan

• state_gas_reservoir: 16/36 (no regression)
• state_gas_pricing: 4/74 (no regression — *_scales_with_cpsb and pricing_changes_with_block_gas_limit still fail despite correct CPSB derivation, suggesting additional accounting work needed beyond items 1–5)
• Full Amsterdam dev suite (v570_mixed_with_other_eips): 1143/1961 — identical pass count vs feat/eip-8037 parent (verified by checking out parent and re-running). No regressions introduced.

Caveat

In commit b88749674 (per-account storage tracking), the createdAccountStateGas map is not yet snapshotted in the journal-revert path. A SSTORE that gets reverted leaves a stale entry that could affect a later SELFDESTRUCT refund in the same tx. In practice this only fires if the same address goes through a successful CREATE → reverted SSTORE → SELFDESTRUCT sequence; worth wiring into _stateGasSnapshots in a follow-up if any fixture probes it.

[codecov]

Codecov Report

❌ Patch coverage is 21.42857% with 55 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.08%. Comparing base (571b864) to head (0e078aa).

Additional details and impacted files

Flag	Coverage Δ
block	87.33% <ø> (ø)
blockchain	88.82% <ø> (ø)
common	93.44% <ø> (ø)
evm	60.12% <21.42%> (-0.45%)	⬇️
mpt	89.64% <ø> (ø)
statemanager	78.04% <ø> (ø)
static	91.35% <ø> (ø)
tx	87.81% <ø> (ø)
util	80.83% <ø> (ø)
vm	?

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

📦 Bundle Size Analysis

Package	Size (min+gzip)	Δ
binarytree	17.5 KB	⚪ ±0%
block	43.8 KB	🔴 +0.0 KB (+0.09%)
blockchain	69.9 KB	🔴 +0.0 KB (+0.06%)
common	25.4 KB	🔴 +0.0 KB (+0.07%)
devp2p	17.7 KB	⚪ ±0%
e2store	87.3 KB	🔴 +0.0 KB (+0.04%)
ethash	61.8 KB	🔴 +0.0 KB (+0.07%)
evm	63.7 KB	🔴 +1.2 KB (+1.89%)
genesis	272.2 KB	⚪ ±0%
mpt	21.9 KB	⚪ ±0%
rlp	1.7 KB	⚪ ±0%
statemanager	41.3 KB	🔴 +0.0 KB (+0.04%)
testdata	43.8 KB	⚪ ±0%
tx	20.9 KB	🔴 +0.0 KB (+0.16%)
util	13.2 KB	⚪ ±0%
vm	156.7 KB	🔴 +1.9 KB (+1.21%)
wallet	15.0 KB	⚪ ±0%

Values are minified+gzipped bundles of each package entry. Workspace deps are bundled; external deps are excluded.

_{Generated by bundle-size workflow}

[gabrocheleau]

Audit follow-up: spec review + 5 distinct bugs found

After a careful walkthrough of EIP-8037 vs. our implementation (with debug-instrumented runs against failing fixtures), found and fixed 5 distinct bugs beyond the original queue. Test progression:

	Full Amsterdam dev (1961 tests)	EIP-8037 group (374 tests)
Parent baseline	1143	55
After PR (this branch, current HEAD)	1529	283
Δ	+386	+228

New fixes (commits since the previous round)

1. 3cbd381 — sstoreInitEIP2200Gas: 2900 under 8037. The 8037 overlay had set sstoreSetGas: 2900 but the EIP-2200 path uses sstoreInitEIP2200Gas (still 20000) for create-slot regular cost. Mismatched param name.

2. 350a5b2 — sstoreInitRefundEIP2200Gas: 0 under 8037. Legacy regular-gas refund for "create-then-clear-in-same-tx" is replaced by the state-gas reservoir refill; without zeroing the legacy refund, fixtures double-refunded (+10 tests).

3. c40a47a — Block 2D accounting bug. The accumulator had txRegular = max(txRegularGas, blockGasSpent); blockGasSpent is the combined regular+state total, so max inflated block_regular_gas_used and gas_used = max(blockReg, blockState) returned the combined sum instead of the per-dimension max. Apply EIP-7623 calldata floor against txRegularGas directly in runTx, accumulate without re-max'ing (+289 tests).

4. 941e7af — CALL to non-existent EOA takes the empty-code early-exit path, which returned before the state-gas charge block. Charge new-account state-gas on this path too (+14 tests in eip8037 group).

5. d77dbe5 — 7702 existing-authority refund was being added to stateGasReservoirInitial, which is the snapshot used by tx_gas_used = tx.gas - gas_left - reservoir_end. Including the refund there overstated tx_gas_used by the refund amount (since the refund returns previously-paid intrinsic). Apply auth refund directly to evm.stateGasReservoir after snapshotting initial (+29 tests).

6. 95625e0 — State-gas spill at frame-exit was OOG'ing on inner frame's gasLimit. Per spec section 4, state-gas first deducts from reservoir then from gas_left (the tx-level pool). The current frame's budget bounds regular gas only; spill bubbles up to caller's useGas() and consumes parent gas. Drop the inner OOG check (+~50 tests).

7. 0a1046b — SELFDESTRUCT to non-existent beneficiary should charge stateBytesPerNewAccount × CPSB (mirrors CALL value-to-non-existent). Was missing entirely (+15 tests).

8. 9f55cb6 — Snapshot/revert createdAccountStateGas map alongside _stateGasSnapshots. Without this, a reverted SSTORE leaks into the deferred SELFDESTRUCT refund.

Spec ambiguities found

1. CPSB constant vs parametric — mainline eips.ethereum.org/EIPS/eip-8037 page lists CPSB as constant 1174, but tests-bal@v5.7.0 fixtures, Erigon, and Besu treat it as parametric (block-gas-limit-derived per the formula in 5827fb9ab).
2. EIP-8038 dependency — spec defers regular-gas refund value updates (sstoreClearRefundEIP2200Gas, sstoreInitRefundEIP2200Gas) to a separate EIP-8038 that hasn't published. Reverse-engineered behavior from fixtures so far.
3. Creation-tx top-level revert refund — spec says "no state-gas is charged for the new account" on revert, but doesn't address whether the intrinsic state-gas portion (paid up-front in runTx) refunds. Tried implementing in-frame (commit ee3daaf03) but the journal-revert undoes it; tried at runTx level but it over-refunds for cases where state was rolled back internally. Backed out (3d0eebe99); needs a more careful scoping pass.
4. System call block accounting exclusion — spec says system calls don't contribute to block_regular_gas_used / block_state_gas_used. Need to audit our runBlock accumulator to confirm.

Remaining clusters (P2/P3, see todo plan in branch)

• test_call_value_to_self_destructed_burns_value — gas matches expected; receiptTrie mismatch suggests EIP-7708 SD-log differences.
• test_nested_create_fail_parent_revert_state_gas, test_inner_create_succeeds_code_deposit_state_gas — likely related to top-level CREATE revert refund (item 3 above).
• test_create_collision_burned_gas_counted_in_block_regular, test_create_oog_reservoir_inflation_detection, test_failed_create_header_gas_used — all touch the CREATE-failure refund path.