feat: replay preceding block txs for accurate gas estimation

[RonTuretzky]

Summary

Closes #95

• Adds PrecedingTx struct and replay_preceding_transactions() to the gas-estimator crate — replays transactions via revm's transact_commit to advance CacheDB state
• Adds get_preceding_transactions() to the rpc crate — fetches block with full tx objects via a single eth_getBlockByNumber(N, true) call, converts to PrecedingTx
• Adds estimate_state_changes_gas_with_preceding() to GasKillerEvmSketchDefault — creates one CacheDB, replays preceding txs, then runs gas estimation on the same DB
• Wires it into the CLI: extracts transaction_index from receipt, fetches preceding txs when index > 0, gracefully falls back to current behavior on RPC failure

Decisions (from spec):

• Single RPC call (eth_getBlockByNumber with full tx objects) for fetching preceding txs
• Direct revm replay (not debug_traceCall per preceding tx)
• EIP-4788 beacon root handling is out of scope
• WASM path unchanged (no RPC access)

Test plan

• Test with a first-in-block transaction (should skip replay, no behavior change)
• Test with a mid-block transaction (should replay preceding txs and show improved accuracy)
• Test with --anvil flag (Anvil path is unchanged, no regression)
• Verify graceful fallback when RPC doesn't support eth_getBlockByNumber

[Copilot]

Pull request overview

Adds mid-block state awareness to gas estimation by replaying transactions that precede the target transaction within the same block, improving estimation accuracy for state-dependent executions.

Changes:

• Introduces a PrecedingTx representation and replay_preceding_transactions() in gas-estimator to advance a shared CacheDB via revm replay.
• Adds get_preceding_transactions() in rpc to fetch a block with full transactions and convert 0..tx_index into replayable transactions.
• Integrates preceding-tx replay into the EvmSketch estimator path and CLI (with graceful fallback on RPC failure).

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
crates/rpc/src/lib.rs	Fetches full block txs via eth_getBlockByNumber(..., true) and converts preceding txs into PrecedingTx.
crates/rpc/Cargo.toml	Adds dependencies needed for block tx fetching/conversion (gas-analyzer-estimator, alloy-rpc-types, revm).
crates/gas-estimator/src/lib.rs	Adds PrecedingTx and a revm-based replay routine that commits preceding tx state into CacheDB.
crates/evmsketch/src/lib.rs	Adds estimate_state_changes_gas_with_preceding() to replay into the same CacheDB before estimating.
crates/cli/src/main.rs	Wires receipt transaction_index -> preceding tx fetch -> replayed estimation, with fallback to prior behavior.
Cargo.lock	Updates lockfile for added dependencies/versions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[rubydusa]

CI failure diagnosis & fix

The test-native failure on this PR is an external regression, not caused by anything on this branch. Pushed c8e4495 to fix it.

Symptom

test tests::test_compute_state_update_simulate_call ... FAILED

thread 'tests::test_compute_state_update_simulate_call' panicked at crates/core/src/trace.rs:38:45:
invalid hex: ParseIntError { kind: InvalidDigit }

Why it's not the PR's fault

git diff main..HEAD --stat shows the PR touches cli, evmsketch, gas-estimator, rpc, and wasm — not crates/core/src/trace.rs or crates/anvil/. The failing test (test_compute_state_update_simulate_call) and the panicking parser (parse_trace_memory) are both untouched by this branch.

Branch CI history confirms this:

Date	Foundry stable at the time	Result
2026-04-02 (last green on this branch, after merging main)	v1.5.1	✅
2026-04-06 (last green on main)	v1.5.1	✅
2026-04-29 (this PR's CI runs)	v1.7.0 (released 2026-04-28)	❌

The CI workflow installs Foundry via foundry-rs/foundry-toolchain@v1, which always pulls the latest stable. The toolchain rolled from 1.5.1 → 1.7.0 between green and red, with no code change on our side.

Root cause

Foundry v1.7.0 bumped revm-inspectors from 0.33.0 → 0.39.0. Since revm-inspectors v0.38.1, PR #425 ("align memory encoding and returnData gating") changed convert_memory():

-        memory.push(hex::encode(chunk));
+        memory.push(hex::encode_prefixed(chunk));

So Anvil's debug_traceTransaction StructLog.memory entries now look like:

• Old: "0000000000000000000000000000000000000000000000000000000000000001" (64 hex chars, bare)
• New: "0x0000000000000000000000000000000000000000000000000000000000000001" (66 chars, prefixed)

The motivation for the upstream change is alignment with the opcode tracer spec (execution-apis #762).

Our parse_trace_memory (crates/core/src/trace.rs:35) joined the entries and parsed every 2 chars as a hex byte. With the new format, the second chunk is \"0x\", and u8::from_str_radix(\"0x\", 16) returns InvalidDigit on the 'x' — exactly the panic in the log. Geth/erigon and pre-1.7 Anvil still emit bare hex, so it's a forward-incompatibility, not a bug we introduced.

This affects only the Anvil backend; the EvmSketch path doesn't go through Anvil's structlogger, which is why test-native's first step (cargo test, default = EvmSketch) passed and only the second step (cargo test --features anvil) failed.

The fix (c8e4495)

In parse_trace_memory, strip an optional 0x per entry before joining:

pub fn parse_trace_memory(memory: Vec<String>) -> Vec<u8> {
    memory
        .iter()
        .map(|s| s.strip_prefix(\"0x\").unwrap_or(s))
        .collect::<String>()
        .chars()
        .collect::<Vec<char>>()
        .chunks(2)
        .map(|c| c.iter().collect::<String>())
        .map(|s| u8::from_str_radix(&s, 16).expect(\"invalid hex\"))
        .collect::<Vec<u8>>()
}

This is backward-compatible: bare hex passes through strip_prefix unchanged, and prefixed hex gets the prefix removed. Both old and new Anvil, plus geth/erigon, now work.

I also added a #[cfg(test)] unit test in crates/core/src/trace.rs covering bare, prefixed, and mixed inputs. This locks in both formats so the same regression — or anything similar — gets caught in core without needing a live RPC + Anvil round-trip.

Verification

• cargo test -p gas-analyzer-core ✅ (new unit test passes)
• cargo clippy --workspace --exclude gas-killer-wasm --exclude gas-analyzer-anvil --all-targets -- -D warnings ✅
• cargo fmt --all -- --check ✅
• The original test_compute_state_update_simulate_call integration test could not be reproduced locally (my Anvil is v1.5.1, pre-regression), but it goes through parse_trace_memory which now handles both formats. CI will confirm.

Optional follow-up (not in this PR)

foundry-rs/foundry-toolchain@v1 floats to latest stable, so any future Foundry release can break CI the same way. If we want determinism, pin the version:

- uses: foundry-rs/foundry-toolchain@v1
  with:
    version: stable  # or a specific tag like v1.7.0

Happy to do that as a separate PR if desired.

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Copilot reviewed 11 out of 12 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[bagelface]

Correctness review. Six issues below, ranging from latent bugs to cases that actively corrupt the mid-block CacheDB state used for gas estimation.

[bagelface]

Same SpecId::OSAKA problem as line 186, but with a more direct correctness consequence here. In the replay path, a preceding transaction from a pre-Osaka block may behave differently under Osaka semantics: it might revert when it originally succeeded, or succeed when it originally reverted, resulting in different storage writes being committed to the CacheDB. Any subsequent read from those slots — including by the analyzed transaction's simulation — will see wrong state.

[rubydusa]

Same fix as the comment on line 186 — replay_preceding_transactions now uses sim_env.spec (derived from the anchored header against EthSpec::mainnet()) instead of a hardcoded OSAKA. See 3e0f025 and test_sim_env_spec_derivation_against_mainnet in crates/evmsketch/src/lib.rs.

[bagelface]

The public estimate_state_changes_gas_raw at line 142 was not updated by this PR. It still creates CacheDB::new(&self.sketch.rpc_db) — BasicRpcDb anchored to block N — so eth_getStorageAt calls return post-block state. This is the exact bug PR #122 fixed for estimate_state_changes_gas (line 246) and this function. Any external caller of estimate_state_changes_gas_raw gets subtly wrong results. It should be updated to use SimpleRpcDb at block_number - 1, consistent with its sibling methods.

[rubydusa]

Addressed in 3e0f025. estimate_state_changes_gas_raw now constructs SimpleRpcDb { provider, block_number: anchor - 1 } and wraps it in a CacheDB, mirroring the fix already applied to its sibling estimate_state_changes_gas.

Tested by test_simple_rpc_db_queries_at_configured_block in crates/evmsketch/src/lib.rs. It uses a custom recording tower::Service that captures every JSON-RPC request, then constructs a SimpleRpcDb with block_number = 99 and asserts the resulting eth_getStorageAt call carries block tag "0x63" — so the underlying primitive cannot silently ignore its configured block.

[bagelface]

see comments

[bagelface]

we can't assume mainnet spec. we will be running Sepolia transactions as well, so should detect from chain ID

[rubydusa]

Addressed in 6fdfdfc.

Chain detection now happens in EvmSketchExecutorBuilder::build: it queries eth_chainId, maps it through chain_id_to_genesis_and_spec, threads Genesis::Mainnet | Genesis::Sepolia into EvmSketch::builder().with_genesis(...), and stores the chain ID on the executor. sim_env() then picks EthSpec::mainnet() or EthSpec::sepolia() based on the stored chain ID instead of hardcoding mainnet.

Unsupported chain IDs (Holesky, Anvil, etc.) error explicitly rather than silently defaulting to mainnet — defaulting would corrupt hardfork derivation whenever the target chain disagrees with mainnet at the same height/timestamp.

Two tests in crates/evmsketch/src/lib.rs:

• test_chain_id_to_genesis_and_spec_supported_and_rejected_chains — pins mainnet→Genesis::Mainnet + Cancun ts 1_710_338_135, sepolia→Genesis::Sepolia + Cancun ts 1_706_655_072, and asserts that 17000/31337/0 all error.
• test_sepolia_spec_diverges_from_mainnet — synthesizes a header at timestamp 1_708_000_000 (between the two Cancun activations) and asserts mainnet maps to SHANGHAI while Sepolia maps to CANCUN. Hardcoding mainnet would silently misclassify the Sepolia case as Shanghai.

[bagelface]

We don't want to assume mainnet specs, so need to detect Sepolia or Mainnet.

[bagelface]

lgtm