fix: adding additional allow list test coverage

[chatton]

Description

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Refactoring

Related Issues

Fixes #(issue)

Checklist

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Testing

Additional Notes

Summary by CodeRabbit

• Tests
  • Expanded unit tests for deployment allowlist behavior across handler and transaction-pool validation, covering empty/none allowlists, allowlisted vs non-allowlisted callers, CREATE vs CALL semantics, and sponsor/value interactions.
  • Added end-to-end test validating CREATE2 factory flow: allowlisted deployer creates a factory that enables a subsequent CREATE2 deployment to succeed.
  • Adjusted test-helper visibility to allow crate-level reuse in tests.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds extensive tests across ev-revm, node txpool, and integration suites to validate deploy allowlist behavior (including CREATE vs CALL and CREATE2-via-factory scenarios) and makes one crate-local helper function pub(crate).

Changes

Cohort / File(s)	Summary
Deploy Module Tests crates/ev-revm/src/deploy.rs	Adds unit tests for DeployAllowlistSettings and check_deploy_allowed covering empty/none allowlists, allowlisted vs non-allowlisted callers, and non-top-level-create behavior.
Handler Module Tests crates/ev-revm/src/handler.rs	Adds unit tests exercising handler-level deploy allowlist validation (validate_against_state_and_deduct_caller) for Create vs Call and various allowlist permutations.
Transaction Pool Tests crates/node/src/txpool.rs	Adds EV-specific txpool validation tests for CREATE and CALL transactions with empty/none/allowlisted/non-allowlisted signers (including sponsor/value combinations).
Integration E2E Tests crates/tests/src/test_deploy_allowlist.rs	New async end-to-end test: deploys a factory via a top-level CREATE from an allowlisted account, triggers a CREATE2 child deployment from a non-allowlisted account, and verifies the child address and code exist.
Tests crate surface crates/tests/src/lib.rs, crates/tests/src/e2e_tests.rs	Exports contract_address_from_nonce as pub(crate) and registers new test modules (test_deploy_allowlist, minor #[cfg(test)] placement adjustment).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐇 I hopped through tests both near and far,
Watched factories build and children by salt and char.
Allowlists checked, CREATE and CALL aligned,
A snug little rabbit, satisfied and kind—
More carrots for tests, more code to mind! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is an empty template with unchecked boxes and no concrete details about changes, testing methodology, or related issues, failing to document the actual work performed.	Fill in the Description section with a summary of test additions, mark relevant Type of Change boxes, complete the Checklist, and describe the testing performed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: adding additional allow list test coverage' accurately describes the main change—comprehensive test additions for deploy allowlist functionality across multiple modules.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cian/fix-allowlist-check

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @chatton's task —— View job

---

Code Review for Deploy Allowlist Test Coverage

I've completed a comprehensive review of this PR. This is excellent work that significantly improves test coverage for the deploy allowlist functionality across multiple layers of the system.

Todo List:

• Read and analyze all changed files
• Evaluate test coverage comprehensiveness
• Check for code quality and best practices
• Look for potential bugs or security concerns
• Assess performance implications
• Review integration with existing patterns
• Provide comprehensive feedback

---

🎯 Overall Assessment: EXCELLENT

This PR provides comprehensive test coverage for deploy allowlist functionality with well-structured tests across multiple layers. The code is high quality with good documentation and clear test scenarios.

✅ Strengths

1. Comprehensive Multi-Layer Testing

   • Unit tests at the core logic level (deploy.rs)
   • Handler-level validation tests (handler.rs)
   • Transaction pool validation tests (txpool.rs)
   • End-to-end integration test (test_deploy_allowlist.rs)

2. Thorough Scenario Coverage

   • Empty allowlist behavior
   • None/missing allowlist behavior
   • Allowlisted vs non-allowlisted callers
   • CREATE vs CALL transaction distinction
   • Factory contract CREATE2 bypass pattern

3. Well-Structured E2E Test

   • Clear test documentation with detailed comments
   • Realistic scenario testing factory-based deployment
   • Proper verification of both denied and allowed behaviors

4. Good Code Quality

   • Clear, descriptive test names
   • Proper use of assertion messages
   • Good separation of concerns

⚠️ Minor Issues & Suggestions

1. Missing Test Case in Handler Module

The handler tests are missing a critical deny scenario. You should add:

#[test]
fn deny_deploy_for_non_allowlisted_caller() {
    let allowed = address!("0x00000000000000000000000000000000000000aa");
    let caller = address!("0x00000000000000000000000000000000000000bb");
    let allowlist = DeployAllowlistSettings::new(vec![allowed], 0);
    
    // ... setup context similar to other tests ...
    ctx.tx.caller = caller;
    ctx.tx.kind = TxKind::Create;
    
    let result = handler.validate_against_state_and_deduct_caller(&mut evm);
    assert!(result.is_err(), "non-allowlisted CREATE should be denied");
}

2. Missing Activation Height Boundary Test

In crates/ev-revm/src/deploy.rs, add a test for the activation height boundary:

#[test]
fn inactive_allowlist_allows_all_callers() {
    let allowed = address!("0x00000000000000000000000000000000000000aa");
    let caller = address!("0x00000000000000000000000000000000000000bb");
    let settings = DeployAllowlistSettings::new(vec![allowed], 100);
    // Test before activation height
    let result = check_deploy_allowed(Some(&settings), caller, true, 50);
    assert!(result.is_ok(), "allowlist should be inactive before activation height");
}

3. Test Helper Refactoring (Optional)

The test setup in handler.rs and txpool.rs has repetitive boilerplate. Consider extracting common setup into helper functions for better maintainability.

4. E2E Test Improvements

• More specific child contract validation: Instead of just checking !child_code.is_empty(), verify the exact runtime bytecode matches expectations
• Transaction-specific denial check: Rather than checking if the entire block is empty, verify the specific denied transaction is not included

🔒 Security Analysis

• ✅ No security vulnerabilities identified
• ✅ Proper separation between allowlist and non-allowlist scenarios
• ✅ Correct handling of the factory bypass pattern (by design)
• ✅ No potential for allowlist bypass except through the intended factory pattern

⚡ Performance Considerations

• ✅ Tests use efficient patterns with minimal overhead
• ✅ Binary search in allowlist implementation is optimal
• ✅ No performance regressions introduced

🏗️ Code Quality & Best Practices

• ✅ Excellent test documentation and naming
• ✅ Proper use of test-specific helper functions
• ✅ Good error handling and assertion patterns
• ✅ Appropriate test isolation and setup

📋 Test Coverage Analysis

Covered Scenarios:

• ✅ Empty allowlist permits all
• ✅ None allowlist permits all
• ✅ Allowlisted caller permitted
• ✅ Non-allowlisted CREATE denied (txpool level)
• ✅ Non-allowlisted CALL allowed
• ✅ Factory CREATE2 bypass works
• ✅ E2E integration scenarios

Missing Scenarios:

• ❌ Handler-level denial test (mentioned above)
• ❌ Activation height boundary test (mentioned above)

🎯 Recommendations

1. High Priority: Add the missing handler denial test case
2. Medium Priority: Add activation height boundary test
3. Low Priority: Consider refactoring test helpers for maintainability
4. Low Priority: Enhance E2E test assertions for more specific validation

📝 PR Description Issue

The PR description is mostly empty template. Consider filling it out with:

• Summary of test additions
• What scenarios are now covered
• Any specific testing approaches used

---

Overall: This is excellent work that significantly improves the codebase's test coverage and confidence in the deploy allowlist functionality. The few suggestions above are minor enhancements to an already strong implementation.

[coderabbitai]

🧹 Nitpick comments (3)

crates/ev-revm/src/deploy.rs (1)

97-137: Add one activation-height boundary test to complete policy coverage.

Current cases always use active settings (activation_height = 0). A not-yet-active case would lock in expected behavior for future regressions.

Proposed test addition

+    #[test]
+    fn inactive_allowlist_does_not_restrict_deploy() {
+        let allowed = address!("0x00000000000000000000000000000000000000aa");
+        let caller = address!("0x00000000000000000000000000000000000000bb");
+        let settings = DeployAllowlistSettings::new(vec![allowed], 100);
+        let result = check_deploy_allowed(Some(&settings), caller, true, 99);
+        assert!(result.is_ok());
+    }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/ev-revm/src/deploy.rs` around lines 97 - 137, Add a test that covers
the activation-height boundary by creating DeployAllowlistSettings with
activation_height > 0 (e.g., 10) and verifying behavior before activation:
construct a caller not in the allowlist, build settings with
DeployAllowlistSettings::new(vec![allowed_addr], 10), call
check_deploy_allowed(Some(&settings), caller, true, /*current_height*/ 0) and
assert it returns Ok (or equivalently that settings.is_allowed is not applied
pre-activation); this ensures the allowlist is ignored until activation_height
is reached and guards against regressions.

crates/node/src/txpool.rs (1)

908-972: Optional: consolidate repeated tx construction/state boilerplate in these tests.

A small helper for (validator, pooled_tx, sender_balance, state) setup would make future scenario additions faster and less error-prone.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/node/src/txpool.rs` around lines 908 - 972, Extract the repeated setup
in evnode_create_allowed_when_allowlist_is_none,
evnode_create_allowed_for_allowlisted_caller, and
evnode_call_allowed_for_non_allowlisted_caller into a small test helper that
returns the prepared validator, pooled tx, sender_balance and state; e.g. add a
function (used by tests) like prepare_evnode_test(settings:
Option<DeployAllowlistSettings>, signer: Address, is_create: bool, gas_limit:
u64, max_fee_per_gas: u128) -> (ValidatorType, PooledTxType, U256,
Option<Box<dyn AccountInfoReader + Send>>) that calls create_test_validator,
create_non_sponsored_evnode_create_tx/create_non_sponsored_evnode_tx,
create_pooled_tx and computes sender_balance = *pooled.cost() + U256::from(1)
and state = None, then update each test to call this helper and assert on
validator.validate_evnode(&pooled, sender_balance, &mut state).

crates/ev-revm/src/handler.rs (1)

1342-1426: Optional: factor repeated context setup into a small test helper.

The new tests are clear, but a shared builder/helper would reduce maintenance noise and keep intent-focused assertions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/ev-revm/src/handler.rs` around lines 1342 - 1426, Several tests repeat
the same Context/EvEvm/handler setup (e.g., in tests
allow_deploy_when_allowlist_is_empty, allow_deploy_when_allowlist_is_none,
allow_deploy_for_allowlisted_caller,
call_tx_allowed_for_non_allowlisted_caller); factor that into a small test
helper like build_test_env or TestEnv::new that accepts parameters (caller:
Address, tx_kind: TxKind, allowlist: Option<DeployAllowlistSettings>, gas_limit:
u64, gas_price: u128) and returns the initialized Context (or EvEvm and
TestHandler) so tests call that helper instead of duplicating
Context::mainnet().with_db(EmptyDB::default()), setting
ctx.block.number/spec/disable_nonce_check/tx fields, creating EvEvm::new and
EvHandler::new; update each test to use the helper and assert on
handler.validate_against_state_and_deduct_caller() as before.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@crates/ev-revm/src/deploy.rs`:
- Around line 97-137: Add a test that covers the activation-height boundary by
creating DeployAllowlistSettings with activation_height > 0 (e.g., 10) and
verifying behavior before activation: construct a caller not in the allowlist,
build settings with DeployAllowlistSettings::new(vec![allowed_addr], 10), call
check_deploy_allowed(Some(&settings), caller, true, /*current_height*/ 0) and
assert it returns Ok (or equivalently that settings.is_allowed is not applied
pre-activation); this ensures the allowlist is ignored until activation_height
is reached and guards against regressions.

In `@crates/ev-revm/src/handler.rs`:
- Around line 1342-1426: Several tests repeat the same Context/EvEvm/handler
setup (e.g., in tests allow_deploy_when_allowlist_is_empty,
allow_deploy_when_allowlist_is_none, allow_deploy_for_allowlisted_caller,
call_tx_allowed_for_non_allowlisted_caller); factor that into a small test
helper like build_test_env or TestEnv::new that accepts parameters (caller:
Address, tx_kind: TxKind, allowlist: Option<DeployAllowlistSettings>, gas_limit:
u64, gas_price: u128) and returns the initialized Context (or EvEvm and
TestHandler) so tests call that helper instead of duplicating
Context::mainnet().with_db(EmptyDB::default()), setting
ctx.block.number/spec/disable_nonce_check/tx fields, creating EvEvm::new and
EvHandler::new; update each test to use the helper and assert on
handler.validate_against_state_and_deduct_caller() as before.

In `@crates/node/src/txpool.rs`:
- Around line 908-972: Extract the repeated setup in
evnode_create_allowed_when_allowlist_is_none,
evnode_create_allowed_for_allowlisted_caller, and
evnode_call_allowed_for_non_allowlisted_caller into a small test helper that
returns the prepared validator, pooled tx, sender_balance and state; e.g. add a
function (used by tests) like prepare_evnode_test(settings:
Option<DeployAllowlistSettings>, signer: Address, is_create: bool, gas_limit:
u64, max_fee_per_gas: u128) -> (ValidatorType, PooledTxType, U256,
Option<Box<dyn AccountInfoReader + Send>>) that calls create_test_validator,
create_non_sponsored_evnode_create_tx/create_non_sponsored_evnode_tx,
create_pooled_tx and computes sender_balance = *pooled.cost() + U256::from(1)
and state = None, then update each test to call this helper and assert on
validator.validate_evnode(&pooled, sender_balance, &mut state).

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb7f870 and 1db8f94.

📒 Files selected for processing (3)

• crates/ev-revm/src/deploy.rs
• crates/ev-revm/src/handler.rs
• crates/node/src/txpool.rs

[coderabbitai]

🧹 Nitpick comments (1)

crates/tests/src/test_deploy_allowlist.rs (1)

187-200: Consider asserting exact child runtime bytecode (not only non-empty code).

is_empty() confirms deployment happened, but matching expected runtime makes the CREATE2 verification stricter.

♻️ Optional hardening diff

 const CREATE2_CHILD_INITCODE: [u8; 22] = alloy_primitives::hex!(
     "600a600c600039600a6000f3"  // initcode: copies 10-byte runtime to memory and returns it
     "604260005260206000f3"      // runtime: returns 0x42
 );
+const CREATE2_CHILD_RUNTIME: [u8; 10] = alloy_primitives::hex!("604260005260206000f3");
@@
     let child_code =
         EthApiClient::<TransactionRequest, Transaction, Block, Receipt, Header, Bytes>::get_code(
             &env.node_clients[0].rpc,
             expected_child_address,
             Some(BlockId::latest()),
         )
         .await?;
-    assert!(
-        !child_code.is_empty(),
-        "child contract should be deployed via CREATE2 despite caller not being on the allowlist"
-    );
+    assert_eq!(
+        child_code.as_ref(),
+        &CREATE2_CHILD_RUNTIME[..],
+        "unexpected runtime at expected CREATE2 address"
+    );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/tests/src/test_deploy_allowlist.rs` around lines 187 - 200, Replace
the loose non-empty check on the deployed child contract with an exact
runtime-bytecode match: compute the expected runtime bytecode (derived from
CREATE2_CHILD_INITCODE or the known compiled runtime for the child), fetch the
on-chain code via EthApiClient::get_code (as in the existing call returning
child_code) and assert equality between child_code and the expected runtime
bytes (or their hash) instead of using child_code.is_empty(); update the
assertion message accordingly and keep references to CREATE2_CHILD_INITCODE,
init_code_hash, expected_child_address, get_code, and child_code to locate where
to change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@crates/tests/src/test_deploy_allowlist.rs`:
- Around line 187-200: Replace the loose non-empty check on the deployed child
contract with an exact runtime-bytecode match: compute the expected runtime
bytecode (derived from CREATE2_CHILD_INITCODE or the known compiled runtime for
the child), fetch the on-chain code via EthApiClient::get_code (as in the
existing call returning child_code) and assert equality between child_code and
the expected runtime bytes (or their hash) instead of using
child_code.is_empty(); update the assertion message accordingly and keep
references to CREATE2_CHILD_INITCODE, init_code_hash, expected_child_address,
get_code, and child_code to locate where to change.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1db8f94 and 3dced50.

📒 Files selected for processing (3)

• crates/tests/src/e2e_tests.rs
• crates/tests/src/lib.rs
• crates/tests/src/test_deploy_allowlist.rs

[coderabbitai]

🧹 Nitpick comments (2)

crates/tests/src/test_deploy_allowlist.rs (2)

97-110: Consider extracting a shared TransactionRequest builder for repeated EIP-1559 fields.

The same gas/fee/chain/value/input scaffold is repeated three times. A small helper makes intent clearer and reduces drift risk.

Proposed refactor sketch

+let make_tx = |nonce: u64, to: TxKind, data: Bytes| TransactionRequest {
+    nonce: Some(nonce),
+    gas: Some(1_000_000),
+    max_fee_per_gas: Some(20_000_000_000),
+    max_priority_fee_per_gas: Some(2_000_000_000),
+    chain_id: Some(chain_id),
+    value: Some(U256::ZERO),
+    to: Some(to),
+    input: TransactionInput { input: None, data: Some(data) },
+    ..Default::default()
+};
+
-let denied_deploy_tx = TransactionRequest { ... };
+let denied_deploy_tx =
+    make_tx(0, TxKind::Create, Bytes::from_static(&CREATE2_FACTORY_INITCODE));

Also applies to: 155-168, 204-217

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/tests/src/test_deploy_allowlist.rs` around lines 97 - 110, Extract the
repeated EIP-1559 scaffold into a small helper that returns a base
TransactionRequest populated with the common fields
(nonce/gas/max_fee_per_gas/max_priority_fee_per_gas/chain_id/value and the
TransactionInput with CREATE2_FACTORY_INITCODE), then use that helper to create
denied_deploy_tx and the other two requests by overriding only the differing
fields (e.g., to/input if needed). Reference the TransactionRequest struct and
CREATE2_FACTORY_INITCODE when naming the helper (e.g., build_eip1559_tx or
base_transaction_request) so callers replace the duplicated blocks with calls to
the helper and apply per-case changes.

---

112-139: Assert denied deployment by tx hash/receipt instead of requiring an empty block.

Line 127–139 currently assumes the whole block has zero transactions. That can become brittle if unrelated/system txs are ever present. It’s more direct to assert the denied tx was not included.

Proposed change

 let denied_envelope =
     TransactionTestContext::sign_tx(non_allowlisted.clone(), denied_deploy_tx).await;
 let denied_raw: Bytes = denied_envelope.encoded_2718().into();
+let denied_tx_hash = *denied_envelope.tx_hash();

 build_block_with_transactions(
@@
 )
 .await?;

-let latest_block = env.node_clients[0]
-    .get_block_by_number(BlockNumberOrTag::Latest)
-    .await?
-    .expect("latest block available after denied deploy");
-let denied_tx_count = match latest_block.transactions {
-    BlockTransactions::Full(ref txs) => txs.len(),
-    BlockTransactions::Hashes(ref hashes) => hashes.len(),
-    BlockTransactions::Uncle => 0,
-};
-assert_eq!(
-    denied_tx_count, 0,
-    "non-allowlisted top-level CREATE should be excluded from the block"
-);
+let denied_receipt = EthApiClient::<
+    TransactionRequest,
+    Transaction,
+    Block,
+    Receipt,
+    Header,
+    Bytes,
+>::transaction_receipt(&env.node_clients[0].rpc, denied_tx_hash)
+.await?;
+assert!(
+    denied_receipt.is_none(),
+    "non-allowlisted top-level CREATE should be excluded from the chain"
+);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crates/tests/src/test_deploy_allowlist.rs` around lines 112 - 139, The test
currently asserts the whole block is empty which is brittle; instead compute the
denied transaction's hash from denied_envelope/denied_raw and assert that
latest_block.transactions does not contain that hash (or call the node client's
get_transaction_receipt for that tx hash and assert it returns None/no receipt).
Update the assertion area after
build_block_with_transactions/get_block_by_number to search
latest_block.transactions for the denied tx hash (or query receipt via
get_transaction_receipt) and fail if the denied tx is present, leaving other
transactions unaffected; use the existing symbols denied_envelope, denied_raw,
latest_block, and the node client get_transaction_receipt/get_block_by_number
helpers to locate and check the denied transaction.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@crates/tests/src/test_deploy_allowlist.rs`:
- Around line 97-110: Extract the repeated EIP-1559 scaffold into a small helper
that returns a base TransactionRequest populated with the common fields
(nonce/gas/max_fee_per_gas/max_priority_fee_per_gas/chain_id/value and the
TransactionInput with CREATE2_FACTORY_INITCODE), then use that helper to create
denied_deploy_tx and the other two requests by overriding only the differing
fields (e.g., to/input if needed). Reference the TransactionRequest struct and
CREATE2_FACTORY_INITCODE when naming the helper (e.g., build_eip1559_tx or
base_transaction_request) so callers replace the duplicated blocks with calls to
the helper and apply per-case changes.
- Around line 112-139: The test currently asserts the whole block is empty which
is brittle; instead compute the denied transaction's hash from
denied_envelope/denied_raw and assert that latest_block.transactions does not
contain that hash (or call the node client's get_transaction_receipt for that tx
hash and assert it returns None/no receipt). Update the assertion area after
build_block_with_transactions/get_block_by_number to search
latest_block.transactions for the denied tx hash (or query receipt via
get_transaction_receipt) and fail if the denied tx is present, leaving other
transactions unaffected; use the existing symbols denied_envelope, denied_raw,
latest_block, and the node client get_transaction_receipt/get_block_by_number
helpers to locate and check the denied transaction.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3dced50 and 70eb304.

📒 Files selected for processing (1)

• crates/tests/src/test_deploy_allowlist.rs