fix(cast): Always use from field of getTransaction rpc response in cast run

[ckoopmann]

Motivation

Currently the code assumes that any impersonated transaction has been signed with a given constant key. (r=1, s=1). If this check is not passed then the from address will be recovered from the tx signature.

This makes cast run incompatible with impersonated transactions on rpc implementations where that assumption does not hold (i.e. when debugging tests in legacy hardhat projects).

Solution

Add a bypass-sender-recovery flag to cast run that makes it such that the from address is always set to the corresponding field on the getTransaction response from the rpc. (and not recovered from the tx signature)

Always use the from address as returned by the rpc in the getTransaction response.

PR Checklist

• Added Tests
• Added Documentation
• Breaking changes

[ckoopmann]

Note: To fully e2e test this feature you'd have to:

• Start a hardhat rpc node (or other framework that doesn't adhere to the standard impersonation signature)
• Submit a transaction under an impersonated signer
• Run cast run against that tx

I did this locally but wasn't sure if / how to add this to the CI. Lmk if this is critical (or you have a simpler idea of how to test this) and I will look into it further.

[ckoopmann]

Furthermore we might want to add a warning when this flag is not set and the recovered from address differs from the one returned by the getTransaction rpc call as this indicates that something is going wrong. (Originally I had a bunch of "balance too low" or "nonce too high" errors that were quite hard to trace to this root cause).

[ckoopmann]

Note that naming is not entirely consistent here. Elsewhere i call it "bypass sender recovery" whereas here i call it "assume impersonation", happy to change it to either one, or any other naming that improves readability / clairity.

[mattsse]

this comes up from time to time.

I think instead of doing this we should just always use the from field received in the tx rpc response?

[mattsse]

after reviewing this again, I tink we should actually just always use the rpc response from value here?

[ckoopmann]

I agree.

I think when running cast run at least it is fine to trust the "getTransaction" response coming back from the RPC.
I only added the additional flag to keep the default behaviour backwards compatible assuming that there are some users / use cases that depend on the transaction signature being "verified" by recovering the sender from it. Otherwise why was it done this way in the first place ?

Anyway, I will adjust this PR to remove the additional flag and just always use the rpc response as suggested.

[ckoopmann]

Adjusted to always use the rpc "from" field in cast run: 5d0c3e6

[ckoopmann]

Note: I didn't change the configure_tx_req_env function signature or implementation to avoid having to change logic in other places where it is used such as:

• here
• here

I could easily change the argument name from impersonated_from to something like overwrite_from though to indicate that this value is not only used for impersonated tx's anymore.

[ckoopmann]

Clippy failures seem unrelated to my changes so will just ignore them for now.

[mattsse]

lgtm!