feat: migrate setcode tx upstream changes

[colinlyguo]

1. Purpose or design rationale of this PR

This PR migrates upstream fixes and enhancements:

• core/txpool/legacypool: reject gapped tx from delegated account ethereum/go-ethereum#31430
• internal/ethapi: exclude 7702 authorities from result in eth_createAccessList ethereum/go-ethereum#31336
• core/txpool: allow tx and authority regardless of admission order ethereum/go-ethereum#31373

2. PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

• feat: A new feature

3. Deployment tag versioning

Has the version in params/version.go been updated?

• Yes

4. Breaking change label

Does this PR have the breaking-change label?

• This PR is not a breaking change

Summary by CodeRabbit

• New Features

  • Stricter enforcement of transaction ordering and concurrency limits for delegated accounts, with clearer error messages when limits are exceeded.
  • Enhanced access list tracer initialization to exclude authorized addresses and validate authorization list size against gas limits.

• Bug Fixes

  • Improved validation to ensure only one in-flight transaction is allowed from delegated or pending delegated accounts, with proper handling of transaction replacements.

• Tests

  • Expanded and refined test coverage for delegated account transaction limits and edge cases involving transaction replacement and authority tracking.

• Refactor

  • Centralized and streamlined logic for delegation-related transaction checks.
  • Simplified access list tracer construction by consolidating exclusion addresses into a single parameter.

• Chores

  • Updated the software patch version to 43.

[coderabbitai]

Walkthrough

This update introduces stricter and refactored logic for handling delegated accounts and transaction concurrency within the transaction pool. A new error and a dedicated method enforce that delegated or pending delegated accounts can have only one in-flight executable transaction, disallowing gapped nonces except for transaction replacements. The access list tracer is refactored to accept a consolidated exclusion map, and the API layer now excludes authorized addresses from access list tracking and validates authorization list size based on available gas. The test suite is expanded to cover these scenarios, and the software patch version is incremented.

Changes

File(s)	Change Summary
core/tx_pool.go	Introduced ErrOutOfOrderTxFromDelegated error; added checkDelegationLimit method; refactored validateAuth to centralize delegation-related transaction limit checks and update authority pending transaction logic.
core/tx_pool_test.go	Expanded and refined test suite for delegated accounts and in-flight transaction limits, adding multiple new scenarios and error condition verifications.
core/vm/access_list_tracer.go	Refactored NewAccessListTracer to accept a map of addresses to exclude, simplifying and centralizing exclusion logic.
internal/ethapi/api.go	Updated access list tracer initialization to use a consolidated exclusion map including sender, receiver, precompiles, and authorized addresses; added gas-based validation for authorization list size.
params/version.go	Incremented VersionPatch constant from 42 to 43.

Sequence Diagram(s)

sequenceDiagram
    participant API
    participant TxPool
    participant AccessListTracer

    API->API: Validate AuthorizationList size
    API->AccessListTracer: Create exclusion map (sender, receiver, precompiles, authorities)
    API->AccessListTracer: Initialize tracer with exclusion map

    API->TxPool: Submit transaction
    TxPool->TxPool: checkDelegationLimit(from, tx)
    TxPool->TxPool: Validate transaction ordering and in-flight limit
    TxPool->API: Return error if limit exceeded or out-of-order

Loading

Possibly related PRs

• feat(tx-pool): migrate upstream setcode transaction changes #1148: Refactored and extended delegation-related transaction concurrency checks, laying groundwork for stricter enforcement and error handling now present in this PR.

Suggested labels

bump-version

Suggested reviewers

• omerfirmak
• jonastheis

Poem

🐇
In the garden of code, where transactions bloom,
Delegation now prunes with a stricter broom.
Only one in flight, no gaps in the queue,
Test bunnies hop in, checking what’s new.
Exclusions mapped, the tracer’s delight—
With version hopped up, all logic is right!
🥕

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15391b3 and 183cb66.

📒 Files selected for processing (1)

• params/version.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• params/version.go

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test
• GitHub Check: Analyze (go)

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (6)

core/vm/access_list_tracer.go (1)

118-131: Handle nil addressesToExclude defensively

addressesToExclude is dereferenced immediately.
A nil map lookup is safe in Go, but later you keep a reference to the same map via a.excl.
If the caller accidentally passes nil, subsequent writes like addressesToExclude[addr] = struct{}{} (which happen outside this function) will still panic.

Consider normalising to an empty map when nil is supplied:

-func NewAccessListTracer(acl types.AccessList, addressesToExclude map[common.Address]struct{}) *AccessListTracer {
-    list := newAccessList()
+func NewAccessListTracer(acl types.AccessList, addressesToExclude map[common.Address]struct{}) *AccessListTracer {
+    if addressesToExclude == nil {
+        addressesToExclude = make(map[common.Address]struct{})
+    }
+    list := newAccessList()

This keeps the API nil-safe while preserving current behaviour.

internal/ethapi/api.go (1)

1551-1556: Minor: overflowing-nonce test is unclear

auth.Nonce + 1 < auth.Nonce

This expression only turns true on uint64 overflow and is hard to parse at a glance.
Explicitly comparing against math.MaxUint64 makes the intent clearer:

if auth.Nonce == math.MaxUint64 {
    continue // would overflow on increment
}

Purely cosmetic but improves readability for future maintainers.

core/tx_pool.go (1)

99-102: Error constant is fine, but documentation can be clearer

ErrOutOfOrderTxFromDelegated is self-descriptive, however the comment above it should explain why gapped nonces are dangerous for delegated accounts (e.g. the sweep-able balance problem). That additional context will be useful for future maintainers.

core/tx_pool_test.go (3)

2717-2732: Consider turning the table-driven loop into t.Run sub-tests

All cases are enumerated in a slice and executed sequentially inside the outer test that already runs in parallel.
Wrapping the body with

for _, tt := range cases {
    tt := tt              // capture
    t.Run(tt.name, func(t *testing.T) {
        t.Parallel()
        …
    })
}

would give:

1. Individual result lines in go test output – failures are easier to pinpoint.
2. True parallel execution of the independent scenarios (they only share global constants), reducing wall-clock time.
3. Proper scoping of defers (pool.Stop()) – currently all defers are stacked and executed after every case finishes, which may keep dozens of pools alive longer than necessary and inflate memory consumption.

---

2733-2748: Use require.ErrorIs/NoError for clearer intent and shorter code

Assertion blocks repeat the same error-checking pattern:

if err := pool.addRemoteSync(...); !errors.Is(err, ErrX) { … }

The stretchr/testify/require helpers already imported earlier give you one-liners that immediately abort on failure and make the expected condition obvious:

require.ErrorIs(t, pool.addRemoteSync(...), core.ErrOutOfOrderTxFromDelegated)

(or require.NoError for success cases).

Besides readability this stops the test at the first unexpected state, preventing cascading follow-up failures.

---

2803-2818: Nit: duplicated wording in failure message

failed to add with pending delegation is reused for several different
operations (second tx insert, delegation tx insert, etc.).
Using a more specific phrase (e.g. “sending delegation after two
in-flight txs”) helps future readers understand which step broke without
needing to locate the code.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eaf06e3 and 15391b3.

📒 Files selected for processing (5)

• core/tx_pool.go (2 hunks)
• core/tx_pool_test.go (2 hunks)
• core/vm/access_list_tracer.go (1 hunks)
• internal/ethapi/api.go (2 hunks)
• params/version.go (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

core/tx_pool_test.go (3)

core/tx_pool.go (4)

• TxPool (285-330)
• ErrOutOfOrderTxFromDelegated (101-101)
• ErrInflightTxLimitReached (97-97)
• ErrAuthorityReserved (106-106)

core/types/setcode_tx.go (1)

• DelegationPrefix (35-35)

core/vm/opcodes.go (3)

• ADDRESS (78-78)
• PUSH0 (126-126)
• SSTORE (116-116)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test
• GitHub Check: Analyze (go)

🔇 Additional comments (3)

params/version.go (1)

24-29: Version bump looks consistent with upstream sync

VersionPatch was incremented from 40 → 41 to advertise the new feature set.
No additional code or semantic changes are introduced in this file, so the bump is correct and harmless.

internal/ethapi/api.go (1)

1591-1592: Reuse previously built exclusion map to avoid inadvertent drift

You correctly pass addressesToExclude into both the initial and subsequent tracers.
Just flagging that if the map is mutated between iterations (it currently isn’t), both tracers will see the mutated contents because they share the same reference.
If later code starts appending to addressesToExclude, consider cloning it per tracer to keep iterations independent.

core/tx_pool_test.go (1)

2754-2756: Delegation clean-up might still leave residual contract code

You reset addrA’s code to nil, but the helper contract (aa) deployed at
common.Address{0xaa, 0xaa} remains in state.
If a later case re-uses the same StateDB instance (e.g. by accident when a new
test forgets to create a fresh pool) the stale storage contract could falsify
results.

Either:

1. Also clear statedb.SetCode(aa, nil) here; or
2. Call pool.requestReset(nil, nil) so the pool refreshes currentState
   from a brand-new database.