Eezo shunt sync: security improve

[SegueII]

Summary by CodeRabbit

• New Features

  • Transaction fetcher now integrates with chain events to track recently confirmed transactions and improve announcement pre-filtering.

• Bug Fixes

  • Strengthened range proof validation with enhanced boundary checks and path prefix detection to prevent invalid proofs from being accepted.

[coderabbitai]

Warning

Rate limit exceeded

@SegueII has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 18 minutes and 51 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 18 minutes and 51 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4b1a38b1-0f0a-4676-b707-97f59e7a7404

📥 Commits

Reviewing files that changed from the base of the PR and between 6c497aa and c23c00d.

📒 Files selected for processing (2)

• trie/proof.go
• trie/proof_test.go

📝 Walkthrough

Walkthrough

Integrated chain-event tracking into the transaction fetcher to pre-filter recently confirmed transactions, reducing redundant fetches. Added bounds validation to trie range proofs to reject invalid key batches. Modified tx-fetcher initialization to support optional blockchain integration while maintaining backward compatibility.

Changes

Cohort / File(s)	Summary
Transaction Fetcher Chain Integration eth/fetcher/tx_fetcher.go, eth/fetcher/tx_fetcher_test.go, eth/handler.go	Introduced optional chain-event subscription to track on-chain transactions in an LRU cache (txOnChainCache). New constructor NewTxFetcherWithChain accepts blockchain instance; refactored shared initialization into internal newTxFetcher. Loop now processes core.ChainEvent updates to populate cache and filter incoming announcements. Tests validate cache population on block arrival and flushing on reorg detection.
Trie Range Proof Validation trie/proof.go, trie/proof_test.go	Enhanced VerifyRangeProof with stricter bounds checking: rejects keys outside requested [firstKey, lastKey] window and rejects batches containing path-prefix pairs. Fixed "more elements available" indicator to reflect post-update root state. Tests cover out-of-range boundaries and path-prefix detection.

Sequence Diagram(s)

sequenceDiagram
    participant ChainEvent as Chain Events
    participant TxFetcher as Transaction Fetcher
    participant Cache as txOnChainCache (LRU)
    participant Announcements as Incoming Announcements
    participant TxPool as Transaction Pool

    ChainEvent->>TxFetcher: New block (ChainEvent)
    alt Parent hash changed (reorg)
        TxFetcher->>Cache: Clear cache
    end
    TxFetcher->>Cache: Add block transaction hashes
    
    Announcements->>TxFetcher: Notify(hashes)
    TxFetcher->>Cache: Check if hash is cached
    alt Hash in cache (on-chain confirmed)
        TxFetcher->>TxFetcher: Skip + record txAnnounceOnchainMeter
    else Hash not cached
        TxFetcher->>TxPool: Process for fetch
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Hoppy hops through blocks so grand,
Caching coins in fetcher-land,
Reorg frolics, bounds refined,
Trie proofs sharper, well-designed!
Chain events bloom, no fetch redundant—
Our whiskers twitch: quite resplendent!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The PR title 'Eezo shunt sync: security improve' is vague and generic, failing to describe the actual changes which involve transaction fetcher refactoring with chain-event integration, trie range proof validation improvements, and handler updates.	Replace with a specific title that captures the main changes, such as 'Add chain-event integration to tx fetcher for on-chain transaction filtering' or 'Improve tx fetcher and range proof validation with on-chain tracking'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 86.67% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch eezo-shunt-sync-fix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@trie/proof_test.go`:
- Around line 1026-1062: The test TestRangeProofPathPrefix incorrectly asserts
that a trie containing kShort and kLong (where kLong extends kShort) is invalid;
instead update the test to expect VerifyRangeProof to succeed for these keys.
Specifically, in the block that calls VerifyRangeProof(hash, kShort, kLong,
[][]byte{kShort,kLong}, [][]byte{[]byte("short"),[]byte("long")}, proof),
replace the current error-expecting assertions with a check that err == nil
(i.e., fail the test if err != nil), and remove or change the subsequent
exact-error-string comparison; keep references to Trie.Update, Trie.Prove and
VerifyRangeProof so the test still builds and verifies a valid range proof.
- Around line 941-968: The tests "first_before_start" and "last_after_end" rely
on wraparound-prone increseKey/decreseKey; replace those with deterministic
neighboring sorted keys from newKeysVals(): for the "first_before_start" case
set firstKey to common.CopyBytes(keys[1]) (and keep lastKey as keys[len-1]) so
the returned keys[0] is strictly before the requested start, and for
"last_after_end" set lastKey to common.CopyBytes(keys[len-2]) (and keep firstKey
as keys[0]) so the returned keys[len-1] is strictly after the requested end;
ensure you only use these when len(keys) > 1 and update the calls to
VerifyRangeProof accordingly (refer to functions newKeysVals, VerifyRangeProof
and the test names).

In `@trie/proof.go`:
- Around line 486-491: The current check in VerifyRangeProof (the
bytes.HasPrefix(keys[i+1], keys[i]) branch) incorrectly rejects valid MPT proofs
where a shorter key is represented via a branch value slot; remove the
unconditional prefix rejection and instead enforce a precondition for callers
that genuinely require fixed-width keys (e.g., check that keys[i] and keys[i+1]
have equal length before treating prefixes as an error). Update VerifyRangeProof
to either accept prefix relationships or only return the "range contains path
prefixes" error when a caller-specified fixed-length/same-length invariant is
violated (add an explicit length check or require the caller to assert
fixed-length keys prior to calling VerifyRangeProof). Ensure references:
VerifyRangeProof, keys slice, and the bytes.HasPrefix check are changed
accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ca83feba-0c8c-4eac-a39c-b3111189adc1

📥 Commits

Reviewing files that changed from the base of the PR and between 87ecf43 and 6c497aa.

📒 Files selected for processing (5)

• eth/fetcher/tx_fetcher.go
• eth/fetcher/tx_fetcher_test.go
• eth/handler.go
• trie/proof.go
• trie/proof_test.go