feat: port cosmos patch to 1.16 (#7)

* Eric/add workflows (#5)

* Add workflows

* Don't change this

* Merge patches onto upstream geth 1.15 (#4)

* Merge patches onto upstream geth 1.15

* Fix test failures

* Tests pass

* Update go version in CI

* Update go version in CI in all places

* Problem: precompile address don't match (#6)

Solution:
- fix addresses and add validation rule

* fix build

* fix test

---------

Co-authored-by: Eric Warehime <[email protected]>

Author: yihuang

.github/workflows/build.yml

@@ -0,0 +1,33 @@
+name: Build
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  cleanup-runs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: rokroskar/workflow-run-cleanup-action@master
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+    if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.23
+          check-latest: true
+      - uses: technote-space/[email protected]
+        id: git_diff
+        with:
+          PATTERNS: |
+            **/**.go
+            go.mod
+            go.sum
+      - run: |
+          make build
+        if: env.GIT_DIFF

.github/workflows/dependencies.yml

@@ -0,0 +1,28 @@
+name: "Dependency Review"
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.23
+          check-latest: true
+      - name: "Checkout Repository"
+        uses: actions/checkout@v3
+      - uses: technote-space/[email protected]
+        with:
+          PATTERNS: |
+            **/**.go
+            go.mod
+            go.sum
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v3
+        if: env.GIT_DIFF
+      - name: "Go vulnerability check"
+        run: make vulncheck
+        if: env.GIT_DIFF

.github/workflows/lint.yml

@@ -0,0 +1,72 @@
+name: Lint
+# Lint runs golangci-lint over the entire ethermint repository This workflow is
+# run on every pull request and push to main The `golangci` will pass without
+# running if no *.{go, mod, sum} files have been changed.
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  golangci:
+    name: Run golangci-lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      # Required: setup-go, for all versions v3.0.0+ of golangci-lint
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.23
+          check-latest: true
+      - uses: actions/checkout@v3
+      - uses: technote-space/[email protected]
+        with:
+          PATTERNS: |
+            **/**.go
+            go.mod
+            go.sum
+      - uses: golangci/[email protected]
+        with:
+          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
+          version: latest
+          args: --timeout 10m
+          github-token: ${{ secrets.github_token }}
+        # Check only if there are differences in the source code
+        if: env.GIT_DIFF
+  markdown-lint:
+    name: Run markdown-lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v3
+      - uses: technote-space/[email protected]
+        with:
+          PATTERNS: |
+            docs/**/*.md
+            x/**/*.md
+            README.md
+      - uses: nosborn/[email protected]
+        with:
+          files: .
+          config_file: .markdownlint.yml
+          ignore_path: .markdownlintignore
+        # Check only if there are differences in the source code
+        if: env.GIT_DIFF
+  gomod2nix:
+    name: Check gomod2nix.toml file is up to date
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+      - uses: cachix/install-nix-action@v18
+      - uses: cachix/cachix-action@v12
+        with:
+          name: ethermint
+      - uses: technote-space/[email protected]
+        with:
+          PATTERNS: |
+            **/**.py
+      - name: run gomod2nix
+        run: |
+          nix run -f ./nix gomod2nix
+          git diff --no-ext-diff --exit-code
+        if: env.GIT_DIFF

.github/workflows/markdown-links.yml

@@ -0,0 +1,29 @@
+name: Check Markdown links
+on: 
+  pull_request:
+    paths:
+      - '**.md'
+  push:
+    branches:
+      - master
+    paths:
+      - '**.md'
+
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: technote-space/[email protected]
+        id: git_diff
+        with:
+          PATTERNS: |
+            **/**.md
+      - uses: gaurav-nelson/github-action-markdown-link-check@master
+        with:
+          folder-path: "docs"
+          check-modified-files-only: "yes"
+          use-quiet-mode: "yes"
+          base-branch: "main"
+          config-file: "mlc_config.json"
+        if: env.GIT_DIFF

.github/workflows/security.yml

@@ -0,0 +1,37 @@
+name: Run Gosec
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  Gosec:
+    permissions:
+      security-events: write
+
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - name: Get Diff
+        uses: technote-space/[email protected]
+        with:
+          PATTERNS: |
+            **/*.go
+            go.mod
+            go.sum
+      - name: Run Gosec Security Scanner
+        uses: cosmos/gosec@master
+        with:
+          # we let the report trigger content trigger a failure using the GitHub Security features.
+          args: "-no-fail -fmt sarif -out results.sarif ./..."
+        if: "env.GIT_DIFF_FILTERED != ''"
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif
+        if: "env.GIT_DIFF_FILTERED != ''"

.github/workflows/super-linter.yml

@@ -0,0 +1,38 @@
+# This workflow executes several linters on changed files based on languages used in your code base whenever
+# you push a code or open a pull request.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/github/super-linter
+---
+name: Lint Code Base
+
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    branches: ["master"]
+jobs:
+  run-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - name: Lint Code Base
+        uses: github/super-linter@v4
+        env:
+          LINTER_RULES_PATH: /
+          YAML_CONFIG_FILE: .yamllint
+          VALIDATE_ALL_CODEBASE: false
+          MARKDOWN_CONFIG_FILE: .markdownlint.yml
+          PROTOBUF_CONFIG_FILE: .protolint.yml
+          VALIDATE_NATURAL_LANGUAGE: false
+          VALIDATE_OPENAPI: false
+          VALIDATE_JSCPD: false
+          VALIDATE_GO: false
+          DEFAULT_BRANCH: "master"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -0,0 +1,35 @@
+name: Tests
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+      - release/**
+
+jobs:
+  cleanup-runs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: rokroskar/workflow-run-cleanup-action@master
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+    if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/master'"
+
+  test-all:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.23
+          check-latest: true
+      - uses: actions/checkout@v3
+      - uses: technote-space/[email protected]
+        with:
+          PATTERNS: |
+            **/**.go
+            go.mod
+            go.sum
+      - name: Test and Create Coverage Report
+        run: |
+          make test all
+        if: env.GIT_DIFF

core/state_transition.go

@@ -486,7 +486,7 @@ func (st *stateTransition) execute() (*ExecutionResult, error) {
 	// Execute the preparatory steps for state transition which includes:
 	// - prepare accessList(post-berlin)
 	// - reset transient storage(eip 1153)
-	st.state.Prepare(rules, msg.From, st.evm.Context.Coinbase, msg.To, vm.ActivePrecompiles(rules), msg.AccessList)
+	st.state.Prepare(rules, msg.From, st.evm.Context.Coinbase, msg.To, st.evm.ActivePrecompiles(), msg.AccessList)
 
 	var (
 		ret   []byte

core/vm/contract.go

@@ -42,8 +42,9 @@ type Contract struct {
 	IsDeployment bool
 	IsSystemCall bool
 
-	Gas   uint64
-	value *uint256.Int
+	Gas          uint64
+	value        *uint256.Int
+	isPrecompile bool
 }
 
 // NewContract returns a new contract environment for the execution of EVM.
@@ -62,6 +63,10 @@ func NewContract(caller common.Address, address common.Address, value *uint256.I
 }
 
 func (c *Contract) validJumpdest(dest *uint256.Int) bool {
+	if c.isPrecompile {
+		return false
+	}
+
 	udest, overflow := dest.Uint64WithOverflow()
 	// PC cannot go beyond len(code) and certainly can't be bigger than 63bits.
 	// Don't bother checking for JUMPDEST in that case.
@@ -78,6 +83,10 @@ func (c *Contract) validJumpdest(dest *uint256.Int) bool {
 // isCode returns true if the provided PC location is an actual opcode, as
 // opposed to a data-segment following a PUSHN operation.
 func (c *Contract) isCode(udest uint64) bool {
+	if c.isPrecompile {
+		return false
+	}
+
 	// Do we already have an analysis laying around?
 	if c.analysis != nil {
 		return c.analysis.codeSegment(udest)
@@ -160,6 +169,9 @@ func (c *Contract) Value() *uint256.Int {
 
 // SetCallCode sets the code of the contract,
 func (c *Contract) SetCallCode(hash common.Hash, code []byte) {
+	if c.isPrecompile {
+		return
+	}
 	c.Code = code
 	c.CodeHash = hash
 }