fix(runtime): add fuel metering for engine-metered precompiles

[d1r1]

NITRO_VERIFIER, OAUTH2_VERIFIER, WASM_RUNTIME, and WEBAUTHN_VERIFIER were executing without charging gas because they don't self-meter via _charge_fuel syscall.

Changes:

• Add ENGINE_METERED_PRECOMPILES list and is_engine_metered_precompile()
• Create wasmtime engine with consume_fuel=true and syscall_fuel_params
• Pass consume_fuel flag through executor to SystemRuntime
• Set fuel limit before execution and read remaining fuel after

Summary by CodeRabbit

• New Features

  • Selective fuel metering per contract/precompile with engine‑metered vs self‑metered modes; remaining fuel reported only for engine‑metered runs.
  • Added public constants and a lookup to mark engine‑metered precompiles and EIP‑2935 window parameters.

• Bug Fixes / Behavior

  • EIP‑2935 flows updated with explicit gas‑charged reverts, stricter input validation, and consistent block‑window semantics.
  • Token module messaging and public surface cleaned up.

• Tests

  • New end‑to‑end fuel measurement test for the verifier; tests made gas‑aware.

• Chores

  • Testing context exposes consumed_fuel accessor; docs updated.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Per-contract fuel metering added: types expose engine‑metered precompiles; build sets per-contract consume_fuel; executor forwards consume_fuel to SystemRuntime; SystemRuntime compiles/instantiates with or without engine fuel metering and exposes conditional remaining_fuel; tests and contracts updated for fuel‑aware accounting. (47 words)

Changes

Cohort / File(s)	Summary
Types & Genesis crates/types/src/genesis.rs, crates/types/src/eip2935.rs	Add ENGINE_METERED_PRECOMPILES and is_engine_metered_precompile(); add EIP‑2935 window constants and related docs.
Build script crates/genesis/build.rs	Iterate (address, contract) and set per-contract consume_fuel via is_engine_metered_precompile(address) in compilation config (applies to consume_fuel and builtins_consume_fuel).
Executor crates/runtime/src/executor.rs	Plumb consume_fuel through BytecodeOrHash resolution; update call site to SystemRuntime::new(..., consume_fuel); Hash path returns tuple including consume flag.
System Runtime crates/runtime/src/runtime/system_runtime.rs	Add consume_fuel field/param; compile/cache modules keyed by (code_hash, consume_fuel); select engine via wasmtime_engine_with_consume_fuel() when engine‑metered; reset/apply fuel on execute; map OutOfFuel traps; remaining_fuel() conditional.
EIP‑2935 runtime logic crates/revm/src/eip2935.rs	Move input length and non‑zero checks to top; simplify storage key computation using history window; unify return shape.
Contracts: EIP‑2935 contracts/eip2935/lib.rs, contracts/eip2935/tests.rs	Introduce GAS_* branch constants and charge_and_panic; charge gas on revert branches; refactor tests and harness to assert consumed fuel and return gas usage.
Testing & e2e crates/testing/src/host.rs, e2e/src/lib.rs, e2e/src/fuel.rs, e2e/src/universal_token.rs	Add TestingContextImpl::consumed_fuel(); new e2e fuel timing test; adjust module wiring/imports; tighten e2e import surface and update revert assertions.
Contracts: universal-token contracts/universal-token/lib.rs	Remove #[inline(never)] from deploy_entry; minor comment/text edits.
Misc / Manifests & Tests Cargo.toml, assorted test files	Register new tests/modules; imports/exports adjustments across tests and harness helpers.

sequenceDiagram
    participant Build as Build Process
    participant Types as Types/Genesis
    participant Executor as Runtime Executor
    participant SysRT as SystemRuntime
    participant WasmEngine as Wasmtime Engine

    Build->>Types: is_engine_metered_precompile(address)
    Types-->>Build: consume_fuel (bool)
    Build->>Build: set per-contract compilation config (consume_fuel)

    Executor->>Executor: resolve BytecodeOrHash (address/hash)
    Executor->>SysRT: SystemRuntime::new(module, import_linker, code_hash, ctx, consume_fuel)
    SysRT->>SysRT: compiled_module(code_hash, rwasm_module, consume_fuel)
    alt consume_fuel = true
        SysRT->>WasmEngine: use wasmtime_engine_with_consume_fuel()
    else consume_fuel = false
        SysRT->>WasmEngine: use wasmtime_engine()
    end

    SysRT->>WasmEngine: execute (reset/apply fuel if engine‑metered)
    WasmEngine-->>SysRT: result or OutOfFuel trap
    SysRT-->>Executor: return result / trap mapping

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I hopped through genesis, flag in paw,
I set each contract’s tiny law,
Some engines sip while others store,
Tests ran, meters ticked—then more,
A rabbit grins: fuel counted, hoora!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: adding fuel metering support for engine-metered precompiles through runtime modifications.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/charge-fuel-precompiles

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Criterion results (vs baseline)

Heads-up: runner perf is noisy; treat deltas as a smoke check.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

crates/runtime/src/runtime/system_runtime.rs (2)

123-155: ⚠️ Potential issue | 🟡 Minor

Cache key should include consume_fuel.
COMPILED_MODULES is keyed only by code_hash. If a module is ever compiled with different consume_fuel settings, the cached module could be reused with the wrong engine, leading to incorrect metering or a panic when setting fuel.

🔧 Suggested fix

-        static COMPILED_MODULES: OnceLock<RwLock<HashMap<B256, Module>>> = OnceLock::new();
+        static COMPILED_MODULES: OnceLock<RwLock<HashMap<(B256, bool), Module>>> = OnceLock::new();
         let compiled_modules = COMPILED_MODULES.get_or_init(|| RwLock::new(HashMap::new()));
+        let cache_key = (code_hash, consume_fuel);

         // Fast path: read lock lookup.
         {
             let guard = compiled_modules.read().unwrap();
-            if let Some(module) = guard.get(&code_hash) {
+            if let Some(module) = guard.get(&cache_key) {
                 return module.clone();
             }
         }

         // Slow path: compile and insert under write lock (with re-check).
         let mut guard = compiled_modules.write().unwrap();
-        if let Some(module) = guard.get(&code_hash) {
+        if let Some(module) = guard.get(&cache_key) {
             return module.clone();
         }

         ...
-        guard.insert(code_hash, module.clone());
+        guard.insert(cache_key, module.clone());

---

262-293: ⚠️ Potential issue | 🟡 Minor

Remove debug logging from the hot execution path.
eprintln! on every execution will be noisy and adds overhead. Prefer a feature‑gated or structured logger.

🔧 Suggested fix

-            eprintln!("DEBUG: consume fuel");

🤖 Fix all issues with AI agents

In `@crates/genesis/build.rs`:
- Around line 89-101: The cache key must include the fuel instrumentation flag
so compiled artifacts for the same wasm bytecode but different fuel modes don't
clash: change the lookup and insertion on cache for GENESIS_CONTRACTS to use a
composite key of (contract.wasm_bytecode, should_charge_fuel) instead of only
contract.wasm_bytecode, compute should_charge_fuel via
is_engine_metered_precompile(address) before checking cache, and then continue
to call
default_compilation_config().with_consume_fuel(should_charge_fuel).with_builtins_consume_fuel(should_charge_fuel)
when compiling and store that compiled result under the composite key.

In `@crates/runtime/src/runtime/system_runtime.rs`:
- Around line 409-414: The remaining_fuel method currently prints a debug
eprintln! on the hot path; remove that eprintln! (or gate it behind a
non-hot-path debug facility) so remaining_fuel only returns the fuel.
Specifically, edit remaining_fuel to stop calling eprintln! with
compiled_runtime.store.data().fuel_limit and fuel; instead either drop the print
entirely or replace it with a conditional debug log (e.g., log::trace! or
cfg!(debug_assertions)) so compiled_runtime, store.get_fuel, and
store.data().fuel_limit are not written to stderr on every call.

In `@e2e/src/fuel.rs`:
- Around line 29-32: The seed balance uses a float-to-int cast which can lose
precision: replace U256::from(1e18 as u128) with an integer literal or other
integer constructor to avoid going through f64; update the call at
ctx.add_balance(caller, U256::from(...)) (related symbols: caller, ctx,
add_balance, U256, Address::ZERO) to use a precise integer like
1000000000000000000u128 (or construct the U256 via a safe helper) so the balance
is exact.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Include fuel mode in the compile cache key.
The cache is keyed only by contract.wasm_bytecode, but consume_fuel depends on the address. If the same bytecode is ever reused by both engine‑metered and self‑metered precompiles, the first compiled variant would be reused with the wrong fuel settings. Consider keying by (bytecode, should_charge_fuel) and updating the later lookup accordingly.

🔧 Suggested fix

-    let mut cache = HashMap::new();
+    let mut cache: HashMap<(&'static [u8], bool), (B256, Bytes)> = HashMap::new();

-    for (address, contract) in GENESIS_CONTRACTS {
-        if cache.contains_key(contract.wasm_bytecode) {
+    for (address, contract) in GENESIS_CONTRACTS {
+        let should_charge_fuel = is_engine_metered_precompile(address);
+        let cache_key = (contract.wasm_bytecode, should_charge_fuel);
+        if cache.contains_key(&cache_key) {
             continue;
         }
-        // Most system precompiles manage fuel internally via `_charge_fuel` syscall.
-        // However, some precompiles (NITRO_VERIFIER, OAUTH2_VERIFIER, WASM_RUNTIME,
-        // WEBAUTHN_VERIFIER) don't self-meter, so they need fuel instrumentation.
-        let should_charge_fuel = is_engine_metered_precompile(address);
+        // Most system precompiles manage fuel internally via `_charge_fuel` syscall.
+        // However, some precompiles (NITRO_VERIFIER, OAUTH2_VERIFIER, WASM_RUNTIME,
+        // WEBAUTHN_VERIFIER) don't self-meter, so they need fuel instrumentation.

         let config = default_compilation_config()
             .with_consume_fuel(should_charge_fuel)
             .with_builtins_consume_fuel(should_charge_fuel);

         ...
-        cache.insert(contract.wasm_bytecode, result.clone());
+        cache.insert(cache_key, result.clone());

-        let (rwasm_bytecode_hash, rwasm_bytecode) =
-            rwasm_artifacts.get(contract.wasm_bytecode).unwrap().clone();
+        let should_charge_fuel = is_engine_metered_precompile(address);
+        let (rwasm_bytecode_hash, rwasm_bytecode) = rwasm_artifacts
+            .get(&(contract.wasm_bytecode, should_charge_fuel))
+            .unwrap()
+            .clone();

🤖 Prompt for AI Agents

In `@crates/genesis/build.rs` around lines 89 - 101, The cache key must include
the fuel instrumentation flag so compiled artifacts for the same wasm bytecode
but different fuel modes don't clash: change the lookup and insertion on cache
for GENESIS_CONTRACTS to use a composite key of (contract.wasm_bytecode,
should_charge_fuel) instead of only contract.wasm_bytecode, compute
should_charge_fuel via is_engine_metered_precompile(address) before checking
cache, and then continue to call
default_compilation_config().with_consume_fuel(should_charge_fuel).with_builtins_consume_fuel(should_charge_fuel)
when compiling and store that compiled result under the composite key.

[dmitry123]

Can be an issue, potentially

[coderabbitai]

@dmitry123, thanks for confirming! Since this could affect correctness if the same bytecode is ever shared between differently-metered precompiles, would you like to address it in this PR, or would you prefer to track it as a follow-up issue?

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid float‑to‑int cast for the seed balance.
1e18 as u128 goes through f64 and can lose precision. Use an integer literal instead.

🐛 Suggested fix

-    ctx.add_balance(caller, U256::from(1e18 as u128));
+    ctx.add_balance(caller, U256::from(1_000_000_000_000_000_000u128));

🤖 Prompt for AI Agents

In `@e2e/src/fuel.rs` around lines 29 - 32, The seed balance uses a float-to-int
cast which can lose precision: replace U256::from(1e18 as u128) with an integer
literal or other integer constructor to avoid going through f64; update the call
at ctx.add_balance(caller, U256::from(...)) (related symbols: caller, ctx,
add_balance, U256, Address::ZERO) to use a precise integer like
1000000000000000000u128 (or construct the U256 via a safe helper) so the balance
is exact.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/runtime/src/runtime/system_runtime.rs (1)

123-156: ⚠️ Potential issue | 🟠 Major

Include consume_fuel in the compiled-module cache key.

COMPILED_MODULES is keyed only by code_hash, but the compiled module’s engine configuration differs based on consume_fuel. If the same code_hash is ever used in both modes, the cache can return a module built with the wrong fuel configuration, disabling (or incorrectly enabling) engine metering.

🔧 Proposed fix (separate cache entries by mode)

-        static COMPILED_MODULES: OnceLock<RwLock<HashMap<B256, Module>>> = OnceLock::new();
+        static COMPILED_MODULES: OnceLock<RwLock<HashMap<(B256, bool), Module>>> = OnceLock::new();

-        if let Some(module) = guard.get(&code_hash) {
+        if let Some(module) = guard.get(&(code_hash, consume_fuel)) {
             return module.clone();
         }

-        if let Some(module) = guard.get(&code_hash) {
+        if let Some(module) = guard.get(&(code_hash, consume_fuel)) {
             return module.clone();
         }

-        guard.insert(code_hash, module.clone());
+        guard.insert((code_hash, consume_fuel), module.clone());

🤖 Fix all issues with AI agents

In `@crates/runtime/src/runtime/system_runtime.rs`:
- Around line 504-531: The engine is built with syscall_fuel_params derived from
a static import_linker_v1_preview() inside wasmtime_engine_with_consume_fuel(),
which can diverge from the import_linker passed into SystemRuntime::new();
change the design so syscall_fuel_params are computed from the same ImportLinker
used for instantiation: either (a) move the engine construction out of
wasmtime_engine_with_consume_fuel() into code that receives the ImportLinker
from SystemRuntime::new() and call build_syscall_fuel_params(import_linker)
there, or (b) add an explicit assertion in SystemRuntime::new() that the passed
import_linker equals import_linker_v1_preview() and document this invariant;
update references to build_syscall_fuel_params,
wasmtime_engine_with_consume_fuel, and SystemRuntime::new accordingly so the
engine and instantiation always use the same ImportLinker for fuel parameter
calculation.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for all SystemRuntime::new call sites and related linker usage
rg -n -C5 'SystemRuntime::new\(' --type rust

Repository: fluentlabs-xyz/fluentbase

Length of output: 927

---

🏁 Script executed:

#!/bin/bash
# Search for import_linker_v1_preview usage across the codebase
rg -n -C3 'import_linker_v1_preview' --type rust

Repository: fluentlabs-xyz/fluentbase

Length of output: 4490

---

🏁 Script executed:

#!/bin/bash
# Find the SystemRuntime::new signature to understand its parameters
rg -n 'fn new\(' crates/runtime/src/runtime/system_runtime.rs -A 10

Repository: fluentlabs-xyz/fluentbase

Length of output: 528

---

🏁 Script executed:

#!/bin/bash
# Get the full context around wasmtime_engine_with_consume_fuel function and its usage
cat -n crates/runtime/src/runtime/system_runtime.rs | sed -n '504,531p'

Repository: fluentlabs-xyz/fluentbase

Length of output: 1581

---

🏁 Script executed:

#!/bin/bash
# Check if SystemRuntime::new stores or uses the passed import_linker parameter
ast-grep --pattern 'fn new($_,  import_linker: $_) {
  $$$
}'

Repository: fluentlabs-xyz/fluentbase

Length of output: 51

---

🏁 Script executed:

#!/bin/bash
# Get the full SystemRuntime::new implementation
cat -n crates/runtime/src/runtime/system_runtime.rs | sed -n '180,240p'

Repository: fluentlabs-xyz/fluentbase

Length of output: 2859

---

🏁 Script executed:

#!/bin/bash
# Check if import_linker is stored or used in SystemRuntime struct
rg -n 'struct SystemRuntime' crates/runtime/src/runtime/system_runtime.rs -A 20

Repository: fluentlabs-xyz/fluentbase

Length of output: 1091

---

🏁 Script executed:

#!/bin/bash
# Check how import_linker is used after being passed to new()
rg -n 'import_linker' crates/runtime/src/runtime/system_runtime.rs -B 2 -A 2

Repository: fluentlabs-xyz/fluentbase

Length of output: 2284

---

🏁 Script executed:

#!/bin/bash
# Check what RuntimeFactoryExecutor stores and how it's initialized
cat -n crates/runtime/src/executor.rs | sed -n '100,140p'

Repository: fluentlabs-xyz/fluentbase

Length of output: 1490

---

Ensure syscall fuel params match the actual ImportLinker.

The engine's syscall_fuel_params are computed from a static import_linker_v1_preview() at engine creation time (line 517), while SystemRuntime::new() accepts a separate import_linker parameter for instantiation. If the two differ, fuel metering will charge incorrect costs. Currently all callers pass import_linker_v1_preview(), but this coupling is fragile: derive syscall_fuel_params from the linker passed to SystemRuntime::new(), or guarantee via documentation/assertion that the linker is always import_linker_v1_preview().

🤖 Prompt for AI Agents

In `@crates/runtime/src/runtime/system_runtime.rs` around lines 504 - 531, The
engine is built with syscall_fuel_params derived from a static
import_linker_v1_preview() inside wasmtime_engine_with_consume_fuel(), which can
diverge from the import_linker passed into SystemRuntime::new(); change the
design so syscall_fuel_params are computed from the same ImportLinker used for
instantiation: either (a) move the engine construction out of
wasmtime_engine_with_consume_fuel() into code that receives the ImportLinker
from SystemRuntime::new() and call build_syscall_fuel_params(import_linker)
there, or (b) add an explicit assertion in SystemRuntime::new() that the passed
import_linker equals import_linker_v1_preview() and document this invariant;
update references to build_syscall_fuel_params,
wasmtime_engine_with_consume_fuel, and SystemRuntime::new accordingly so the
engine and instantiation always use the same ImportLinker for fuel parameter
calculation.

[dmitry123]

Remove println(s) from the code

[dmitry123]

Can be an issue, potentially

[dmitry123]

Hm, yes, but we should guarantee that it never happens inside stateful runtimes (evm, svm, etc). Maybe it's better to add a comment here indicating that this is true only for stateless contracts. Statefullness means it stores intermediary state inside memory (aka can do interurptions).

[dmitry123]

Why not reuse an existing method but with an extra consume_fuel flag?

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

contracts/eip2935/tests.rs (1)

69-89: ⚠️ Potential issue | 🟡 Minor

Comment claims no mutation, but clone() shares state.
TestingContextImpl::clone uses Rc<RefCell<...>>, so input/caller/block updates mutate the shared context. Either update the comment or deep-clone if isolation is intended.

📝 Suggested doc update

-/// This helper does **not** mutate the provided `sdk` in-place. Instead, it clones it,
-/// configures the call parameters (input/caller/block number), runs the entrypoint, and then
-/// extracts the output.
+/// This helper clones the context handle (shared `Rc`), so it mutates shared state.
+/// Each call overwrites input/caller/block_number on the shared context before execution,
+/// then runs the entrypoint and extracts the output.

🧹 Nitpick comments (1)

crates/testing/src/host.rs (1)

87-89: Clarify fuel vs gas units for consumed_fuel.
This accessor returns raw fuel units; a short doc note helps prevent misuse as gas.

📝 Suggested doc clarification

+    /// Returns fuel consumed in fuel units (not gas). Divide by FUEL_DENOM_RATE to get gas.
     pub fn consumed_fuel(&self) -> u64 {
         self.inner.borrow().consumed_fuel
     }

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

crates/runtime/src/runtime/system_runtime.rs (2)

128-156: ⚠️ Potential issue | 🔴 Critical

Cache key must include consume_fuel to avoid returning wrong module.

The COMPILED_MODULES cache uses only code_hash as the key, but modules are now compiled differently based on consume_fuel. If the same code_hash is first compiled with consume_fuel=false and later requested with consume_fuel=true, the cache will return the wrong module (without fuel metering enabled).

🐛 Proposed fix to use composite cache key

-    pub fn compiled_module(
-        code_hash: B256,
-        rwasm_module: RwasmModule,
-        consume_fuel: bool,
-    ) -> Module {
-        static COMPILED_MODULES: OnceLock<RwLock<HashMap<B256, Module>>> = OnceLock::new();
+    pub fn compiled_module(
+        code_hash: B256,
+        rwasm_module: RwasmModule,
+        consume_fuel: bool,
+    ) -> Module {
+        static COMPILED_MODULES: OnceLock<RwLock<HashMap<(B256, bool), Module>>> = OnceLock::new();
         let compiled_modules = COMPILED_MODULES.get_or_init(|| RwLock::new(HashMap::new()));
+        let cache_key = (code_hash, consume_fuel);
 
         // Fast path: read lock lookup.
         {
             let guard = compiled_modules.read().unwrap();
-            if let Some(module) = guard.get(&code_hash) {
+            if let Some(module) = guard.get(&cache_key) {
                 return module.clone();
             }
         }
 
         // Slow path: compile and insert under write lock (with re-check).
         let mut guard = compiled_modules.write().unwrap();
-        if let Some(module) = guard.get(&code_hash) {
+        if let Some(module) = guard.get(&cache_key) {
             return module.clone();
         }
 
         // ... compilation logic ...
 
-        guard.insert(code_hash, module.clone());
+        guard.insert(cache_key, module.clone());
         module
     }

---

100-107: ⚠️ Potential issue | 🔴 Critical

Thread-local runtime cache also needs consume_fuel in key.

Same issue as COMPILED_MODULES: the COMPILED_RUNTIMES cache uses only code_hash as the key. If the same code is executed with different consume_fuel settings, the cached runtime with the wrong fuel configuration will be returned.

🐛 Proposed fix

 thread_local! {
-    pub static COMPILED_RUNTIMES: RefCell<HashMap<B256, Rc<RefCell<CompiledRuntime>>>> =
+    pub static COMPILED_RUNTIMES: RefCell<HashMap<(B256, bool), Rc<RefCell<CompiledRuntime>>>> =
         RefCell::new(HashMap::new());
 }

And update the lookup/insert in new():

         let compiled_runtime = COMPILED_RUNTIMES.with_borrow_mut(|compiled_runtimes| {
-            if let Some(compiled_runtime) = compiled_runtimes.get(&code_hash).cloned() {
+            let cache_key = (code_hash, consume_fuel);
+            if let Some(compiled_runtime) = compiled_runtimes.get(&cache_key).cloned() {
                 return compiled_runtime;
             }
             // ... instantiation logic ...
-            compiled_runtimes.insert(code_hash, compiled_runtime.clone());
+            compiled_runtimes.insert(cache_key, compiled_runtime.clone());
             compiled_runtime
         });

Also applies to: 187-226

🤖 Fix all issues with AI agents

In `@e2e/src/universal_token.rs`:
- Around line 493-497: The test assertion uses hex! with a "0x" prefix which the
hex-literal macro rejects; update the hex literal in the assertion comparing
result.output() to remove the "0x" prefix inside the hex!("...") call (i.e.,
change hex!("0x4e48...") to hex!("4e48...") in the assert_eq! that compares
result.output().unwrap_or_default().as_ref()) so it matches other hex! usages in
universal_token.rs.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

hex! macro Rust hex literals 0x prefix support

💡 Result:

• hex_literal::hex! (RustCrypto “hex-literal”) does not support a 0x prefix. Its input strings may contain only hex digits plus a small set of ignored formatting characters (e.g., whitespace; in newer versions also :). Any other character (like x) is unsupported and will cause a compile-time error. [1], [2]

  • So write hex!("DEADBEEF"), not hex!("0xDEADBEEF"). [1], [2]

• If you specifically want 0x...-prefixed hex strings, use a different macro/crate that supports it, e.g.:

  • hexlit::hex!, which shows hex!("0xDEADBEEF") working in its docs. [3]
  • hexhex::hex_literal!, which also documents hex_literal!("0xc0ffee"). [4]

Sources:
[1] https://docs.rs/hex-literal/latest
[2] https://docs.rs/hex-literal/
[3] https://docs.rs/hexlit
[4] https://docs.rs/hexhex

---

🏁 Script executed:

# Find the file and check other hex! usages
fd -t f universal_token.rs -x wc -l {}

Repository: fluentlabs-xyz/fluentbase

Length of output: 148

---

🏁 Script executed:

# Search for other hex! macro usages in the file to see the pattern
rg "hex!\(" e2e/src/universal_token.rs -A 1 | head -40

Repository: fluentlabs-xyz/fluentbase

Length of output: 764

---

Remove the 0x prefix from the hex literal—it will cause a compile-time error.

The hex! macro from hex-literal does not support the 0x prefix. All other usages in this file omit it (e.g., hex!("000000...")); this is the only occurrence with the prefix.

Fix

-        hex!("0x4e487b7100000000000000000000000000000000000000000000000000000000e450d38c")
+        hex!("4e487b7100000000000000000000000000000000000000000000000000000000e450d38c")

🤖 Prompt for AI Agents

In `@e2e/src/universal_token.rs` around lines 493 - 497, The test assertion uses
hex! with a "0x" prefix which the hex-literal macro rejects; update the hex
literal in the assertion comparing result.output() to remove the "0x" prefix
inside the hex!("...") call (i.e., change hex!("0x4e48...") to hex!("4e48...")
in the assert_eq! that compares result.output().unwrap_or_default().as_ref()) so
it matches other hex! usages in universal_token.rs.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@contracts/eip2935/lib.rs`:
- Around line 124-128: The comment above the error-return is wrong: change the
comment referring to "Storage write" to correctly indicate that sdk.storage() is
a read operation (e.g., "Storage read can't fail..."). Also fix the fuel units
when charging on success: multiply GAS_RETRIEVE_SUCCESS_BRANCH by
FUEL_DENOM_RATE when calling sdk.charge_fuel (i.e., use result.fuel_consumed +
GAS_RETRIEVE_SUCCESS_BRANCH * FUEL_DENOM_RATE) so units match; update the
sdk.charge_fuel call accordingly.
- Line 86: The code adds GAS_SUBMIT_SUCCESS_BRANCH (EVM gas units) directly to
result.fuel_consumed (already in fuel units), causing under-charging; update the
call to sdk.charge_fuel so the gas constant is converted by FUEL_DENOM_RATE
(i.e., add GAS_SUBMIT_SUCCESS_BRANCH * FUEL_DENOM_RATE or use the same
conversion helper pattern as charge_and_panic) and ensure any necessary
casts/checked multiplication to match the fuel type; adjust within the scope of
the sdk.charge_fuel(...) invocation that references result.fuel_consumed and
GAS_SUBMIT_SUCCESS_BRANCH.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Same unit mismatch and incorrect comment.

Two issues in this block:

1. Line 125: Comment says "Storage write" but sdk.storage() is a read operation (copy-paste from line 83).

2. Line 128: Same unit mismatch as line 86 — GAS_RETRIEVE_SUCCESS_BRANCH should be multiplied by FUEL_DENOM_RATE.

🐛 Proposed fix

     let result = sdk.storage(&slot);
     if !result.status.is_ok() {
-        // Storage write here can't fail, even if it fails, it causes trap and charges all gas available
+        // Storage read here can't fail, even if it fails, it causes trap and charges all gas available
         return Err(result.status);
     }
-    sdk.charge_fuel(result.fuel_consumed + GAS_RETRIEVE_SUCCESS_BRANCH);
+    sdk.charge_fuel(result.fuel_consumed + GAS_RETRIEVE_SUCCESS_BRANCH * FUEL_DENOM_RATE);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if !result.status.is_ok() {
	// Storage write here can't fail, even if it fails, it causes trap and charges all gas available
	return Err(result.status);
	}
	// Load the hash.
	let hash_key = user_requested_block_number % U256::from(EIP2935_HISTORY_SERVE_WINDOW);
	let hash_value = sdk.storage(&hash_key).ok()?;
	sdk.write(hash_value.to_be_bytes::<{ U256::BYTES }>());
	sdk.charge_fuel(result.fuel_consumed + GAS_RETRIEVE_SUCCESS_BRANCH);
	if !result.status.is_ok() {
	// Storage read here can't fail, even if it fails, it causes trap and charges all gas available
	return Err(result.status);
	}
	sdk.charge_fuel(result.fuel_consumed + GAS_RETRIEVE_SUCCESS_BRANCH * FUEL_DENOM_RATE);

🤖 Prompt for AI Agents

In `@contracts/eip2935/lib.rs` around lines 124 - 128, The comment above the
error-return is wrong: change the comment referring to "Storage write" to
correctly indicate that sdk.storage() is a read operation (e.g., "Storage read
can't fail..."). Also fix the fuel units when charging on success: multiply
GAS_RETRIEVE_SUCCESS_BRANCH by FUEL_DENOM_RATE when calling sdk.charge_fuel
(i.e., use result.fuel_consumed + GAS_RETRIEVE_SUCCESS_BRANCH * FUEL_DENOM_RATE)
so units match; update the sdk.charge_fuel call accordingly.

[Haxatron]

https://ethereum.org/developers/docs/evm/opcodes/

GAS_BAD_BLOCK_INPUT_BRANCH = 21 + 21 + 5 = 47
GAS_INVALID_BLOCK_BRANCH = 21 + 21 + 32 + 5 = 79
GAS_BLOCK_TOO_OLD_BRANCH = 21 + 21 + 32 + 27 + 5 = 106
GAS_RETRIEVE_SUCCESS_BRANCH = 21 + 21 + 32 + 27 + 24 = 125
GAS_SUBMIT_SUCCESS_BRANCH = 21 + 22 = 43

; --- prefix gate: if caller == 0xffff..fffe jump to write-path @0x46 ---
caller                               ; 2
push20 0xfffffffffffffffffffffffffffffffffffffffe ; 3
eq                                   ; 3
push1 0x46                            ; 3
jumpi                                 ; 10
; prefix subtotal = 21


; --- read-path length gate: if (calldatasize - 0x20) != 0 then revert @0x42 ---
push1 0x20                            ; 3
calldatasize                          ; 2
sub                                   ; 3
push1 0x42                            ; 3
jumpi                                 ; 10
; length-check subtotal = 21


; --- load arg (slot selector / block number) from calldata[0:32] ---
push0                                 ; 2
calldataload                           ; 3

; --- future-block gate: if arg > (number - 1) then revert @0x42 ---
push1 0x01                            ; 3
number                                 ; 2
sub                                    ; 3
dup2                                   ; 3
gt                                     ; 3
push1 0x42                             ; 3
jumpi                                  ; 10
; future-check subtotal = 32


; --- too-old gate: if (number - arg) > 0x1fff then revert @0x42 ---
push2 0x1fff                           ; 3
dup2                                   ; 3
number                                 ; 2
sub                                    ; 3
gt                                     ; 3
push1 0x42                             ; 3
jumpi                                  ; 10
; too-old subtotal = 27


; --- read: sload[(arg mod 0x1fff)] and return it as 32 bytes ---
push2 0x1fff                           ; 3
swap1                                  ; 3
mod                                    ; 5
sload                                  ; syscall
push0                                  ; 2
mstore                                 ; 3 + memory expansion (3)            
push1 0x20                             ; 3
push0                                  ; 2
return                                 ; 0  + memory expansion (0) 


; --- revert handler @0x42 ---
jumpdest                               ; 1
push0                                  ; 2
push0                                  ; 2
revert                                 ; 0
; throw-tail subtotal = 5


; --- write-path @0x46: store (arg mod (number-1) mod 0x1fff) into s[ (number-1) mod 0x1fff ] ---
jumpdest                               ; 1
push0                                  ; 2
calldataload                           ; 3
push2 0x1fff                           ; 3
push1 0x01                             ; 3
number                                 ; 2
sub                                    ; 3
mod                                    ; 5
sstore                                 ; syscall
stop                                   ; 0

[dmitry123]

Fixed

[Haxatron]

Note that fuel_consumed is always 0 for system precompiles

impl<API: NativeAPI + CryptoAPI> StorageAPI for SystemContextImpl<API> {
    fn write_storage(&mut self, slot: U256, value: U256) -> SyscallResult<()> {
        self.state.storage.write_storage(slot, value);
        // Note: Storage write here can't fail, that's why we always return `Ok`
        SyscallResult::default()
    }

    fn storage(&self, slot: &U256) -> SyscallResult<U256> {
        if let Some(value) = self.state.storage.storage(slot) {
            return SyscallResult::new(*value, 0, 0, ExitCode::Ok);
        };
        debug_log!("a missing storage slot detected at: {}", slot);
        // We return here a `MissingStorageSlot`, but this error should be at user-level, because
        // an attacker might intentionally pass incorrect params into the function
        SyscallResult::new(U256::ZERO, 0, 0, ExitCode::MissingStorageSlot)
    }
}

[Haxatron]

This also means that universal token runtime do not charge for any SLOADs / SSTOREs performed as the slot reads / writes occur outside of the program (in the executor)

fluentbase/crates/revm/src/executor.rs

Line 604 in d978625

ctx.journal_mut().sstore(*target_address, k, v)?;

[Haxatron]

Ideally for sloads and sstores we should charge the gas in the executor, just before the sloads and sstore operations happen.

[dmitry123]

Fixed

[Haxatron]

How about the universal token runtime, the sloads and sstores there are not metered

[dmitry123]

We don't charge for Universal Token, because of 2 reasons:

1. it's cheap (~100 gas per storage read since the contract enforces access lists that makes all storage slots warm by default)
2. it's just an implementtion detail where we can change the way how storage is managed, for example, by using metadata storage that we already have (a linear storage)

Are there any real risks if we keep these storage ops free of charge?