fix(l1): defer Amsterdam block gas overflow check to post-execution

[azteca1998]

Summary

• The Hive consume-engine Amsterdam tests for EIP-7778 and EIP-8037 were failing because ethrex's per-tx gas limit checks were incompatible with Amsterdam's new gas accounting rules.
• EIP-7778 uses pre-refund gas for block accounting, so cumulative pre-refund gas can exceed the block gas limit even when a block builder correctly included all transactions.
• EIP-8037 introduces 2D gas accounting (block_gas = max(regular, state)), meaning cumulative total gas (regular + state) can legally exceed the block gas limit.
• The fix skips the per-tx cumulative gas check for Amsterdam and adds a post-execution block-level overflow check using max(sum_regular, sum_state) in all three execution paths (sequential, pipeline, parallel).

Local test results

• 200/201 EIP-7778 + EIP-8037 Hive consume-engine tests pass
• 105/105 EIP-7778 + EIP-8037 EF blockchain tests pass (4 + 101)
• The single remaining Hive failure (test_block_regular_gas_limit[exceed=True]) expects TransactionException.GAS_ALLOWANCE_EXCEEDED but we return BlockException.GAS_USED_OVERFLOW — the block is correctly rejected, just with a different error classification.

Test plan

• All EIP-7778 EF blockchain tests pass locally
• All EIP-8037 EF blockchain tests pass locally
• 200/201 Hive consume-engine Amsterdam tests pass locally
• Full CI Amsterdam Hive suite passes

[github-actions]

🤖 Kimi Code Review

Overall Assessment: The changes correctly implement EIP-7778 block-level gas accounting for Amsterdam, moving from per-tx checks to post-execution validation. Logic appears sound, but verify the VM hook assumption.

Critical Verification Required

1. VM Hook Enforcement (Security): The PR assumes TX_MAX_GAS_LIMIT_AMSTERDAM is enforced in the VM hook (lines 131, 434). Verify that ethrex_levm actually implements this cap, otherwise transactions could specify arbitrary gas limits, bypassing the per-tx safety bound.

Code Quality & Correctness

2. Error Message Consistency (lines 189-192, 502-505, 997-1000): Consider using consistent terminology. "Block gas used overflow" suggests arithmetic overflow, but this is a limit exceedance. Suggest: "block gas used {block_gas_used} exceeds gas_limit {}".

3. Dead Code Removal: Confirm block_regular_gas_used (line 126 in new) is still needed elsewhere in the sequential execution function. If only used for the removed per-tx check, it should be deleted to avoid compiler warnings.

Logic Validation

4. Parallel Execution Consistency (lines 983-1000): Good cleanup removing per-tx checks from parallel validation. The final max(regular, state) check correctly implements EIP-7825 gas semantics.

5. Pre-Amsterdam Path (lines 133-134, 438-439): Correctly preserves legacy behavior checking cumulative_gas_used (post-refund) per-transaction.

Minor Suggestions

6. Helper Extraction: The duplicated block-level check appears in both sequential and parallel paths. Consider extracting to a helper:

   fn check_block_gas_limit(used: u64, limit: u64) -> Result<(), EvmError> { ... }

Security Note: The removal of per-tx min(TX_MAX_GAS_LIMIT_AMSTERDAM, tx.gas) checks is safe only if the VM enforces this cap during execution. If unsure, add a debug assertion or comment referencing the VM enforcement location.

The state gas accounting (block_regular_gas_used.max(block_state_gas_used)) correctly implements the Amsterdam "parallel dimension" gas model per EIP-7825.

---

Automated review by Kimi (Moonshot AI) · kimi-k2.5 · custom prompt

[github-actions]

Lines of code report

Total lines added: 25
Total lines removed: 0
Total lines changed: 25

Detailed view

+---------------------------------------+-------+------+
| File                                  | Lines | Diff |
+---------------------------------------+-------+------+
| ethrex/crates/blockchain/payload.rs   | 813   | +13  |
+---------------------------------------+-------+------+
| ethrex/crates/vm/backends/levm/mod.rs | 2047  | +12  |
+---------------------------------------+-------+------+

[github-actions]

🤖 Codex Code Review

1. High: Amsterdam overflow blocks now reach heavy execution work before rejection. In the sequential pipeline, the first overflow check is delayed until mod.rs, but tx state batches may already have been flushed to the merkleizer at mod.rs. In the BAL/parallel path, every tx is executed at mod.rs before the first gas-limit rejection at mod.rs. For untrusted P2P blocks, that is a DoS regression: an invalid Amsterdam block can still force full EVM execution, BAL seeding, and trie-merkleization work before being dropped.

2. Medium: This consensus-critical change has no execution-level regression coverage. The only eip7778 tests are struct/encoding checks in eip7778_tests.rs, eip7778_tests.rs, and eip7778_tests.rs; none exercise execute_block or execute_block_pipeline around the Amsterdam gas boundary. This needs at least:

• a valid Amsterdam block that the old per-tx guard would have rejected but the new block-end accounting should accept
• an invalid Amsterdam block that overflows max(sum_regular, sum_state) and is rejected consistently in sequential and BAL/pipeline execution

Otherwise, the direction looks reasonable: moving Amsterdam block validation to pre-refund block-end accounting matches EIP-7778 better than the removed per-tx heuristic.

---

Automated review by OpenAI Codex · gpt-5.4 · custom prompt

[github-actions]

🤖 Claude Code Review

Now I have everything I need to write a thorough review. Here are my findings:

---

Review: fix(l1): defer Amsterdam block gas overflow check to post-execution

Overview

This PR fixes a premature gas rejection bug in Amsterdam blocks. Under EIP-7778, block gas is tracked using pre-refund values, meaning SSTORE_CLEARS refunds cause post-refund cumulative gas to grow slower than pre-refund gas. The old per-tx check was comparing a capped pre-refund value against the block limit too early, triggering GAS_ALLOWANCE_EXCEEDED before transactions that were legitimately within budget could execute.

The fix removes the per-tx block-level gas check for Amsterdam across all three execution paths (sequential, pipeline, parallel) and adds a single post-execution overflow check in each.

---

Correctness

The approach is correct. For Amsterdam+:

• block_gas_used = max(sum_regular, sum_state) (EIP-8037)
• Gas accounting uses pre-refund values (EIP-7778)
• Since pre-refund totals can only be known after all txs execute (refunds are credited post-execution), a per-tx check against the block limit cannot be accurate

The pre-Amsterdam path is correctly preserved: if !is_amsterdam { check_gas_limit(cumulative_gas_used, tx.gas_limit(), block.header.gas_limit) } is unchanged in both sequential and pipeline loops.

The saturating_add calls for gas accumulation are correct — they prevent silent wrap-around while still ensuring the overflow check will trigger.

---

Issues and Observations

1. Parallel path omits is_amsterdam guard (style inconsistency)

In execute_block_parallel at line 994:

if block_gas_used > header.gas_limit {

The sequential and pipeline paths guard with if is_amsterdam && block_gas_used > .... The parallel function is documented as "Only called for Amsterdam+ blocks" (line 841) so this is functionally correct — but omitting the guard is inconsistent and the next maintainer can't verify the intent without reading the doc comment.

Suggestion: add a debug_assert!(is_amsterdam_or_equivalent) or at minimum align the style with the other two paths.

2. The "VM hook enforces TX_MAX_GAS_LIMIT_AMSTERDAM" claim is imprecise

The comment on lines 131 and 435 states:

the per-tx gas cap (TX_MAX_GAS_LIMIT_AMSTERDAM) is enforced in the VM hook

Looking at the actual hook code:

• l2_hook.rs:585: For Prague to pre-Amsterdam, tx.gas_limit() > TX_MAX_GAS_LIMIT_AMSTERDAM is rejected
• default_hook.rs:413–416: For Amsterdam+, regular_gas.max(floor_cost_by_tokens) > TX_MAX_GAS_LIMIT_AMSTERDAM triggers IntrinsicGasTooLow
• utils.rs:421–433: Excess gas_limit above TX_MAX_GAS_LIMIT_AMSTERDAM is pre-consumed as a "reservoir" for state gas

So for Amsterdam, TX_MAX_GAS_LIMIT_AMSTERDAM is not a cap on tx.gas_limit() — it's a cap on the regular-gas portion of execution. A tx can have gas_limit >> TX_MAX_GAS_LIMIT_AMSTERDAM; the excess enters the state gas reservoir. The old per-tx block check was calling .min(TX_MAX_GAS_LIMIT_AMSTERDAM) on tx.gas_limit(), which was fundamentally wrong because it ignored the state gas contribution.

The comment should clarify this to avoid future confusion: "regular gas execution is capped at TX_MAX_GAS_LIMIT_AMSTERDAM via the gas budget mechanism in the VM; a higher gas_limit feeds the state gas reservoir."

3. Error message string change may affect error-matching callers

Old: "Gas allowance exceeded: used {x} + tx limit {y} > block limit {z}"
New: "Block gas used overflow: block_gas_used {x} > block_gas_limit {y}"

This is a user-visible string change. If any RPC layer, test harness, or downstream code pattern-matches on the "Gas allowance exceeded" prefix for Amsterdam errors, it will silently break. The Hive tests appear to check block rejection (not the message), but worth a quick grep across the codebase for callers that string-match on this error.

4. Note on line 394 (stale comment)

// EIP-7928 size cap: validated after execution so that transaction-level
// errors (e.g. gas allowance exceeded) take priority.

The phrase "gas allowance exceeded" now refers to the pre-Amsterdam error text. This comment is in an Amsterdam-only code path and should say "gas overflow" or use the current error terminology to stay in sync.

---

Code Quality

• The change is cleanly symmetric across all three paths — same new pattern in each.
• Removing the per-tx parallel loop logic (the awkward pre-execution-style checks applied to already-executed results) simplifies the code meaningfully.
• The tx_idx → _ rename in the parallel loop is a nice cleanup since it was only used by the now-removed check.
• The duplicate error format string appearing three times (sequential, pipeline, parallel) could be a shared constant, but this is cosmetic.

---

Test Coverage

The PR description notes unit tests pass and Hive CI is pending. The relevant concern is whether the Hive test_multi_transaction_gas_accounting with exceed_block_gas_limit_True=True covers:

• Blocks where state gas alone pushes max(regular, state) over the limit
• Blocks where regular gas alone exceeds the limit
• Mixed cases

If all 8 failures resolve with the Hive CI run, that's strong validation. The 3 EIP-7778 unit tests passing is a good sign.

---

Summary

The core fix is correct and well-reasoned. The two items worth addressing before merge are:

• Point 2: clarify the comment about TX_MAX_GAS_LIMIT_AMSTERDAM enforcement to accurately describe the Amsterdam reservoir model
• Point 3: check for callers that string-match on the old "Gas allowance exceeded" error text in Amsterdam contexts

The inconsistency in Point 1 (parallel path missing is_amsterdam guard) is low risk given the function's exclusive Amsterdam use, but worth a one-line fix for clarity.

---

Automated review by Claude (Anthropic) · sonnet · custom prompt

[github-actions]

🤖 Claude Code Review

Now I have enough context for a thorough review. Here are my findings:

---

PR #6486: fix(l1): defer Amsterdam block gas overflow check to post-execution

Overview

This PR fixes failures in Amsterdam Hive tests (EIP-7778 and EIP-8037) by replacing the per-tx pre-execution cumulative gas check with a single post-execution block-level overflow check across all three execution paths (sequential, pipeline, parallel). The root cause was that EIP-7778 uses pre-refund gas for block accounting and EIP-8037 introduces 2D gas (max(regular, state)), making it impossible to detect block overflow before all transactions run.

---

Correctness

block_gas_used computation is correct in all three paths.

• Sequential path (mod.rs:166): block_gas_used = block_regular_gas_used.max(block_state_gas_used) ✓
• Pipeline path (mod.rs:485): Same ✓
• Parallel path (mod.rs:992): let block_gas_used = block_regular_gas_used.max(block_state_gas_used) ✓

EIP-7825 cap enforcement is intact. The removal of TX_MAX_GAS_LIMIT_AMSTERDAM from the per-tx block-execution check is safe — the cap is still enforced at the transaction level in default_hook.rs:414 (intrinsic gas validation) and utils.rs:421 (reservoir computation). The import removal is correct.

The parallel path's unconditioned check is safe. mod.rs:994 has no is_amsterdam guard, but the parallel execution branch is only entered when header_bal.is_some(), which is Amsterdam-only. For pre-Amsterdam the math also degenerates correctly (state_gas = 0 → max(regular, 0) = regular), so even if the path were ever reached for non-Amsterdam it would produce the right result.

---

Issues

1. The acknowledged Hive failure may have a fixable root cause

test_block_regular_gas_limit[exceed=True] expects TransactionException.GAS_ALLOWANCE_EXCEEDED but receives BlockException.GAS_USED_OVERFLOW. The new error message at lines 190–194 / 504–508 / 995–999 reads:

"Gas allowance exceeded: Block gas used overflow: block_gas_used X > block_gas_limit Y"

Hive appears to parse the message to classify the exception, and "Block gas used overflow" maps to BlockException. The old check_gas_limit helper at mod.rs:70–73 uses a different format:

"Gas allowance exceeded: used X + tx limit Y > block limit Z"

which Hive maps to TransactionException.GAS_ALLOWANCE_EXCEEDED. If the intent is to match the TransactionException variant, the new error messages should use a format consistent with the old check_gas_limit helper — or a new EvmError::BlockGasOverflow variant should be introduced so the distinction doesn't depend on string parsing.

2. saturating_sub silently undercounts regular gas

mod.rs:160 (all three paths):

let tx_regular_gas = report.gas_used.saturating_sub(tx_state_gas);

If tx_state_gas > report.gas_used (a VM-level invariant violation), tx_regular_gas silently becomes 0 instead of catching the bug. This would undercount block_regular_gas_used, potentially letting a block with regular-gas overflow pass the limit check. Since state gas is by design a component of gas_used, this invariant should hold — but that makes the silent saturation dangerous. Consider using checked_sub(...).unwrap_or_else(|| { /* log or debug_assert */ 0 }) or adding a debug_assert!(tx_state_gas <= report.gas_used) here.

Same issue exists at vm.rs:756–758 for intrinsic_state_gas_refund, but that's pre-existing.

3. Sequential/pipeline: wasted work on overflow

For Amsterdam blocks in the sequential and pipeline paths, all transactions are executed before the overflow check at lines 189 / 503. If transaction N (of M) causes overflow, transactions N+1..M are executed unnecessarily. A per-tx post-execution incremental check — computing the running max(regular, state) after each transaction — would allow early termination and is semantically valid under EIP-8037 (there is no reason pre-refund per-tx post-execution checks cannot be done incrementally). The existing loop already computes the running totals (block_regular_gas_used, block_state_gas_used), so adding the check inside the loop would be minimal code change. This is a performance concern, not a correctness bug, so it does not block merging.

4. Comment slightly overstates the constraint (minor)

Lines 128–133 and 432–437 say:

overflow can only be detected after execution

This is accurate for per-tx pre-execution checks (which must guess at gas using tx.gas_limit()). It is not accurate for per-tx post-execution checks, which could detect overflow incrementally. Tightening the wording to "pre-tx overflow detection is not possible for Amsterdam because declared gas limits are an overestimate under pre-refund accounting" would be more precise and explain why the check was moved rather than why it can't happen incrementally.

---

Summary

The fix is sound. The gas model changes are applied consistently across all three execution paths, TX_MAX_GAS_LIMIT_AMSTERDAM enforcement is preserved at the right layer, and the math is correct. The single remaining Hive failure stems from an error-message format change that alters exception classification — worth investigating whether the message can be aligned with the old format or a proper typed error variant should be used. The saturating_sub issue is low risk given the VM invariant but worth a debug_assert! for safety.

---

Automated review by Claude (Anthropic) · sonnet · custom prompt

[github-actions]

🤖 Codex Code Review

1. Medium: Amsterdam gas overflow is now detected only after full tx execution, but the pipeline path can flush intermediate state to the merkleizer before that check runs. In mod.rs and mod.rs, an ultimately invalid block can still trigger repeated send_state_transitions_tx calls; the caller then waits for the merkleizer work to finish in blockchain.rs. For untrusted block validation, that is a DoS regression versus rejecting earlier. I’d either keep a conservative pre-flush bound for Amsterdam or avoid streaming updates until overflow status is known.

2. Low: This change removes Amsterdam’s per-tx reservation logic from execution in mod.rs and mod.rs, but payload construction still reserves min(tx.gas_limit(), TX_MAX_GAS_LIMIT_AMSTERDAM) in payload.rs. If that divergence is intentional, it needs a comment and regression test; otherwise producer and validator paths are now reasoning about Amsterdam block capacity differently.

Beyond those points, the diff looks internally consistent: sequential and parallel execution now use the same final max(sum_regular, sum_state) check, and the post-exec validation ordering still preserves gas-overflow precedence over BAL errors.

---

Automated review by OpenAI Codex · gpt-5.4 · custom prompt

[greptile-apps]

Greptile Summary

This PR fixes Amsterdam (EIP-7778 / EIP-8037) block execution by deferring the per-tx gas limit check to a single post-execution block-level check in all three execution paths (sequential, pipeline, and parallel). The change correctly accounts for EIP-7778's pre-refund gas accounting and EIP-8037's 2D gas model (max(sum_regular, sum_state)), achieving 200/201 Hive consume-engine tests and all 105 EF blockchain tests for the affected EIPs.

Confidence Score: 5/5

Safe to merge — the Amsterdam gas accounting logic is correct across all three execution paths; only minor P2 findings remain.

All three execution paths (sequential, pipeline, parallel) consistently apply the EIP-7778 / EIP-8037 post-execution check using max(regular, state). The gas formula is correctly derived from ExecutionReport fields. No P0 or P1 issues were found. Two P2 items were raised: the use of EvmError::Transaction for a block-level error (acknowledged in the PR description as the source of the remaining 1/201 Hive failure) and a minor performance concern for block production. Both are non-blocking.

crates/vm/backends/levm/mod.rs — three parallel instances of the post-execution gas check (lines 189, 503, 994) should be kept in sync if the formula or error type ever changes.

Important Files Changed

Filename	Overview
crates/vm/backends/levm/mod.rs	Removes per-tx gas checks for Amsterdam in all three execution paths and replaces them with a post-execution block-level max(regular, state) > gas_limit check; logic is correct but the error is wrapped in EvmError::Transaction for a block-level condition.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[execute_block / pipeline sequential] --> B{is_amsterdam?}
    B -- No --> C[per-tx check_gas_limit\ncumulative + tx.gas_limit vs limit]
    C --> D[Execute tx]
    D --> E[Update cumulative_gas_used\nand block_gas_used]
    E --> C
    B -- Yes --> F[Skip per-tx check]
    F --> G[Execute tx]
    G --> H[block_regular += regular_gas\nblock_state += state_gas\nblock_gas_used = max of both]
    H --> F
    H --> I{After all txs\nblock_gas_used over limit?}
    I -- Yes --> J[EvmError::Transaction\nGas allowance exceeded]
    I -- No --> K[Process requests / withdrawals / BAL]

    L[execute_block_parallel\nAmsterdam only] --> M[Execute all txs in parallel]
    M --> N[Sort results by tx index]
    N --> O[Accumulate regular and state gas]
    O --> P{block_gas_used = max\nof regular and state\nover limit?}
    P -- Yes --> Q[EvmError::Transaction]
    P -- No --> R[BAL validation then build receipts]

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: crates/vm/backends/levm/mod.rs
Line: 189-195

Comment:
**Block-level error wrapped in `EvmError::Transaction`**

`EvmError::Transaction` formats as `"Invalid Transaction: …"`, but this error is triggered by the cumulative block-level gas total exceeding the limit — no single transaction is invalid in isolation. `EvmError::Header` (formats as `"Invalid Header: …"`) would be semantically closer to a block invariant violation, or a dedicated `EvmError::Block` variant could be introduced. The mismatch is what drives the acknowledged remaining Hive failure where the test harness sees `BlockException.GAS_USED_OVERFLOW` instead of `TransactionException.GAS_ALLOWANCE_EXCEEDED`. The same pattern applies to the pipeline (line 503) and parallel (line 994) paths.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: crates/vm/backends/levm/mod.rs
Line: 127-136

Comment:
**Deferred check wastes computation during Amsterdam block production**

With the per-tx guard removed, the sequential/pipeline paths execute every transaction in the block before discovering a gas overflow. For block production (as opposed to validation), this means a builder that over-fills a block will run all transactions and only learn about the overflow after the fact. A lightweight upper-bound estimate — e.g. checking whether `block_regular_gas_used + tx.gas_limit()` already exceeds `block.header.gas_limit` before executing — could short-circuit wasted work without breaking the post-refund-accounting semantics. This is a performance concern, not a correctness issue.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(l1): include both error phrases in A..." | Re-trigger Greptile}

[greptile-apps]

Block-level error wrapped in EvmError::Transaction

EvmError::Transaction formats as "Invalid Transaction: …", but this error is triggered by the cumulative block-level gas total exceeding the limit — no single transaction is invalid in isolation. EvmError::Header (formats as "Invalid Header: …") would be semantically closer to a block invariant violation, or a dedicated EvmError::Block variant could be introduced. The mismatch is what drives the acknowledged remaining Hive failure where the test harness sees BlockException.GAS_USED_OVERFLOW instead of TransactionException.GAS_ALLOWANCE_EXCEEDED. The same pattern applies to the pipeline (line 503) and parallel (line 994) paths.

Prompt To Fix With AI

This is a comment left during a code review.
Path: crates/vm/backends/levm/mod.rs
Line: 189-195

Comment:
**Block-level error wrapped in `EvmError::Transaction`**

`EvmError::Transaction` formats as `"Invalid Transaction: …"`, but this error is triggered by the cumulative block-level gas total exceeding the limit — no single transaction is invalid in isolation. `EvmError::Header` (formats as `"Invalid Header: …"`) would be semantically closer to a block invariant violation, or a dedicated `EvmError::Block` variant could be introduced. The mismatch is what drives the acknowledged remaining Hive failure where the test harness sees `BlockException.GAS_USED_OVERFLOW` instead of `TransactionException.GAS_ALLOWANCE_EXCEEDED`. The same pattern applies to the pipeline (line 503) and parallel (line 994) paths.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Deferred check wastes computation during Amsterdam block production

With the per-tx guard removed, the sequential/pipeline paths execute every transaction in the block before discovering a gas overflow. For block production (as opposed to validation), this means a builder that over-fills a block will run all transactions and only learn about the overflow after the fact. A lightweight upper-bound estimate — e.g. checking whether block_regular_gas_used + tx.gas_limit() already exceeds block.header.gas_limit before executing — could short-circuit wasted work without breaking the post-refund-accounting semantics. This is a performance concern, not a correctness issue.

Prompt To Fix With AI

This is a comment left during a code review.
Path: crates/vm/backends/levm/mod.rs
Line: 127-136

Comment:
**Deferred check wastes computation during Amsterdam block production**

With the per-tx guard removed, the sequential/pipeline paths execute every transaction in the block before discovering a gas overflow. For block production (as opposed to validation), this means a builder that over-fills a block will run all transactions and only learn about the overflow after the fact. A lightweight upper-bound estimate — e.g. checking whether `block_regular_gas_used + tx.gas_limit()` already exceeds `block.header.gas_limit` before executing — could short-circuit wasted work without breaking the post-refund-accounting semantics. This is a performance concern, not a correctness issue.

How can I resolve this? If you propose a fix, please make it concise.

[edg-l]

Bug: payload building path missing state gas overflow check

The validation path (this PR) now correctly checks max(block_regular, block_state) <= gas_limit post-execution. But crates/blockchain/payload.rs::apply_plain_transaction still only tracks remaining_gas against regular gas:

// payload.rs:858-863
if context.is_amsterdam {
    context.remaining_gas = context
        .payload
        .header
        .gas_limit
        .saturating_sub(context.block_regular_gas_used);  // <-- only regular, ignores state
}

If state gas becomes the bottleneck (i.e. block_state_gas_used > block_regular_gas_used > gas_limit), the payload builder will happily include txs that push max(regular, state) past the block gas limit. The block then fails validation and the slot is missed.

Suggested fix (two parts):

1. Post-execution check in apply_plain_transaction — compute new totals before committing them, reject the tx if max(new_regular, new_state) > gas_limit:

let new_regular = context.block_regular_gas_used.saturating_add(tx_regular_gas);
let new_state = context.block_state_gas_used.saturating_add(tx_state_gas);
if context.is_amsterdam && new_regular.max(new_state) > context.payload.header.gas_limit {
    return Err(EvmError::Custom("block gas limit exceeded (state gas overflow)").into());
}
context.block_regular_gas_used = new_regular;
context.block_state_gas_used = new_state;

2. Update remaining_gas to reflect both dimensions so the pre-execution heuristic also rejects:

if context.is_amsterdam {
    context.remaining_gas = context.payload.header.gas_limit
        .saturating_sub(new_regular.max(new_state));
}

[azteca1998]

Fixed the payload building path to match the validation logic for Amsterdam EIP-8037 2D gas accounting.

Changes in commit 43ea8e7:

1. Added post-execution overflow check - Before committing gas totals, check if max(new_regular, new_state) > gas_limit and reject the transaction if true. This prevents the builder from creating invalid blocks.

2. Updated remaining_gas calculation - Changed from tracking only block_regular_gas_used to tracking max(block_regular_gas_used, block_state_gas_used). This ensures the pre-tx heuristic check accounts for both gas dimensions.

Testing:

• ✅ All EIP-7778 tests pass (3/3)
• ✅ All LEVM integration tests pass (149/149)
• ✅ Code compiles cleanly

The fix ensures block building and validation now use consistent gas accounting, preventing the scenario where a builder creates a block that would fail validation due to state gas overflow.

@edg-l This addresses your review feedback - the payload building path now has both the post-execution check and the updated remaining_gas calculation as you suggested.

[edg-l]

LGTM. Verified against EIP-7778 and EIP-8037 specs.

• Validation path: correctly defers block gas check to post-execution using max(sum_regular, sum_state) <= gas_limit, pre-refund values for block accounting, post-refund for receipts.
• Payload building (43ea8e7): correctly adds post-execution overflow guard and updates remaining_gas to reflect both gas dimensions.
• Pre-Amsterdam paths unchanged and correct.

[iovoid]

I think we should still have some sort of check to prevent DoS by blocks using more gas than allowed. In principle in a 10MB block with 100B transactions each with a 16M limit we could end up executing 1.6Tgas of code before realizing the block is actually invalid.