feat(evm): support in-process evm via geth

[julienrbrt]

Attempt to embed geth in evnode.
90% AI.

friday fun project. not meant to be merged at any time.

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Jan 23, 2026, 12:09 PM

[claude]

Claude finished @julienrbrt's task in 2m 50s —— View job

---

Code Review Complete

I've performed a comprehensive review of the in-process Geth integration. Below are my findings organized by category, ranging from critical issues to suggestions for improvement.

---

Critical Issues

1. Missing Error Handling in Flag Parsing (apps/evm/cmd/run.go:63,273,288)

Severity: HIGH

The errors returned by cmd.Flags().GetBool() and cmd.Flags().GetString() are being silently ignored using blank identifiers. This can lead to:

• Silent failures if flags are misconfigured
• Program proceeding with zero values for critical paths
• Difficult-to-debug runtime issues

// Line 63 - CRITICAL: ignores error
useGeth, _ := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
// Line 273 - CRITICAL: ignores error  
genesisPath, _ := cmd.Flags().GetString(evm.FlagEVMGenesisPath)
// Line 288 - CRITICAL: ignores error
rpcAddress, _ := cmd.Flags().GetString(evm.FlagEVMRPCAddress)

Recommended Fix: Always handle flag parsing errors:

useGeth, err := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
if err != nil {
    return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMInProcessGeth, err)
}
if useGeth {
    genesisPath, err := cmd.Flags().GetString(evm.FlagEVMGenesisPath)
    if err != nil {
        return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMGenesisPath, err)
    }
    if len(genesisPath) == 0 {
        return nil, fmt.Errorf("genesis path must be provided when using in-process Geth")
    }
    // ...
}

Fix this →

2. O(N) DeleteRange Performance Bottleneck (execution/evm/engine_geth_db.go:49-71, 174-202)

Severity: HIGH

The DeleteRange implementation queries all keys from the datastore and then iterates through them to find keys within the range. This has O(N) complexity where N is the total number of keys in the database.

Problems:

• Geth uses range deletions frequently during state pruning and compaction
• With a large state database (millions of keys), this becomes extremely slow
• Memory pressure from loading all keys into memory
• No use of database's native range iteration capabilities

Impact: This will cause severe performance degradation as the chain grows, potentially making the node unusable after accumulating significant state.

Current Implementation:

func (w *wrapper) DeleteRange(start []byte, end []byte) error {
    // Query all keys - O(N) where N = total keys!
    q := query.Query{KeysOnly: true}
    results, err := w.ds.Query(context.Background(), q)
    // ... iterates through ALL keys to find matching range
}

Recommended Fix: Leverage range queries with prefix filtering if go-datastore supports it, or document performance limitations prominently. Consider implementing a more efficient approach using prefix-based queries if the key structure allows it.

Fix this →

3. Inefficient Iterator Implementation (execution/evm/engine_geth_db.go:299-333)

Severity: MEDIUM-HIGH

The iterator's Next() method filters keys by comparing them to the start key after retrieving them from the datastore. This means it may iterate over many keys before the start key, resulting in unnecessary I/O and CPU usage.

Current Implementation:

func (it *iteratorWrapper) Next() bool {
    for {
        result, ok := it.results.NextSync()
        // ...
        keyBytes := datastoreKeyToBytes(result.Entry.Key)
        
        // Filters AFTER retrieval - inefficient!
        if len(it.start) > 0 && bytes.Compare(keyBytes, it.start) < 0 {
            continue  // Skip keys before start
        }
        // ...
    }
}

Problem: If you need to iterate starting from key Z in a database with keys A-Z, this will retrieve and discard keys A-Y.

Recommended Fix: Seek directly to the start key using prefix queries or modify the query to include range bounds if go-datastore supports it.

Fix this →

---

High Priority Issues

4. Transaction Pool priceLimit Set to Zero (execution/evm/engine_geth.go:215)

Severity: MEDIUM

The transaction pool is initialized with priceLimit of 0, which disables minimum gas price enforcement:

txPool, err := txpool.New(0, blockchain, []txpool.SubPool{legacyPool})

Implications:

• Allows zero-price transactions into the mempool
• Potential for mempool spam attacks
• May be intentional for rollup environment, but needs consideration

Recommendation:

• If zero pricing is intentional for the rollup, add a comment explaining this design decision
• Consider making this configurable via a flag if different deployments need different policies
• Document the spam resistance strategy in this configuration

5. Mutex Held During Network I/O (execution/evm/engine_geth.go:267, 443, 670)

Severity: MEDIUM

The GethBackend.mu mutex is held while making potentially slow RPC-style calls to the blockchain:

func (g *gethEngineClient) ForkchoiceUpdated(ctx context.Context, ...) {
    g.backend.mu.Lock()
    defer g.backend.mu.Unlock()  // Held during blockchain.GetBlockByHash()
    
    headBlock := g.backend.blockchain.GetBlockByHash(fcState.HeadBlockHash)  // Could be slow
    // ... more operations under lock
}

Problem: If blockchain operations involve disk I/O or are slow, this blocks all other callers unnecessarily.

Recommendation: Minimize critical sections by releasing the mutex before expensive operations when safe to do so.

6. Missing Context Cancellation Checks (execution/evm/engine_geth.go:216-233, 277-323)

Severity: MEDIUM

Several operations don't check ctx.Err() before starting work or periodically during long operations:

• newGethBackend() - no context passed or checked (lines 154-222)
• ForkchoiceUpdated() checks context only at start, not during payload build state setup (lines 260-323)
• RPC server startup in goroutine has no cancellation mechanism (lines 123-128)

Recommendation: Add context checks before expensive operations and provide cancellation mechanisms for background goroutines.

---

Medium Priority Issues

7. Unsafe Concurrent Access to Batch Operations (execution/evm/engine_geth_db.go:136-262)

Severity: MEDIUM

The batchWrapper uses a mutex, but batch operations can be called from multiple goroutines in Geth's internals:

type batchWrapper struct {
    ds   datastore.Batching
    ops  []batchOp
    size int
    mu   sync.Mutex  // Good - has mutex
}

Concern: While the mutex protects the batch's internal state, the pattern of creating a batch, having multiple goroutines add to it, then writing is uncommon. Verify this usage pattern with Geth's batch semantics.

Recommendation: Add clear documentation about thread-safety guarantees and validate against Geth's expected usage patterns.

8. Iterator Not Checking Closed State (execution/evm/engine_geth_db.go:342-362)

Severity: LOW-MEDIUM

Key() and Value() check if the iterator is closed, but operations after Release() could still cause issues if the underlying results channel is closed:

func (it *iteratorWrapper) Key() []byte {
    it.mu.Lock()
    defer it.mu.Unlock()
    
    if !it.started || it.closed {
        return nil  // Good - checks closed
    }
    return datastoreKeyToBytes(it.current.Key)  // But current may be stale
}

Recommendation: Ensure it.current is cleared on Release() to prevent accessing stale data.

9. Hardcoded Timeouts in HTTP Server (execution/evm/engine_geth_rpc.go:117-121)

Severity: LOW

b.httpServer = &http.Server{
    Handler:      handler,
    ReadTimeout:  30 * time.Second,   // Hardcoded
    WriteTimeout: 30 * time.Second,   // Hardcoded
}

Problem: 30 seconds may be too short for complex RPC calls (like debug traces) or too long for simple ones.

Recommendation: Make timeouts configurable via flags or environment variables.

10. Wide-Open CORS Policy (execution/evm/engine_geth_rpc.go:135)

Severity: LOW-MEDIUM (Security)

w.Header().Set("Access-Control-Allow-Origin", "*")  // Allows ANY origin

Security Impact: Allows any website to make requests to the RPC server. While this may be acceptable for local development, it's risky for production deployments.

Recommendation: Make CORS origins configurable, default to localhost only, and document security implications.

---

Code Quality & Architecture

11. Missing Package-Level Documentation

The new packages lack godoc comments explaining their purpose:

• engine_geth.go - should explain the in-process Geth integration
• engine_geth_db.go - should explain the datastore adapter layer
• engine_geth_rpc.go - should explain the RPC server implementation

Recommendation: Add package comments following Go conventions:

// Package evm provides an in-process Geth execution client that allows
// ev-node to embed a full Ethereum execution layer without requiring
// an external Geth or Reth process.

12. Inconsistent Error Wrapping

Some errors use %w (wrapping), others use %v or string concatenation:

// Good:
return nil, fmt.Errorf("failed to create geth backend: %w", err)
// Inconsistent:
return fmt.Errorf("failed to setup genesis: %w", genesisErr)  // genesisErr is already descriptive

Recommendation: Consistently use %w for error wrapping to maintain error chains for debugging.

13. Magic Numbers Without Constants (execution/evm/engine_geth.go:39-41)

const (
    baseFeeChangeDenominator = 8  // Good - has constant
)
// But elsewhere:
txPool, err := txpool.New(0, blockchain, []txpool.SubPool{legacyPool})  // 0 is magic

Recommendation: Define named constants for magic numbers (price limit, timeouts, etc.) to improve readability and maintainability.

---

Testing Concerns

14. Limited Edge Case Coverage

The tests in engine_geth_test.go cover happy paths well but miss important edge cases:

Missing Test Cases:

• Transaction validation failures in buildPayload
• Context cancellation during payload build
• Concurrent payload builds
• Database errors during state transitions
• Iterator behavior at boundaries
• Large transaction sets (gas limit testing)
• Malformed genesis configurations

Recommendation: Add negative test cases and stress tests, especially for the database adapter layer which has known performance concerns.

15. No Integration Tests for Database Adapter

The database wrapper (engine_geth_db.go) has no dedicated unit tests despite being a critical performance component with known O(N) issues.

Recommendation: Add thorough tests for:

• DeleteRange with various key distributions
• Iterator behavior with different prefix/start combinations
• Concurrent batch operations
• Large dataset performance characteristics

---

Performance & Resource Efficiency

16. Unbounded Payload Map Growth (execution/evm/engine_geth.go:52, 471)

type GethBackend struct {
    // ...
    payloads      map[engine.PayloadID]*payloadBuildState  // Never pruned!
    // ...
}

// Deletes payload after GetPayload
delete(g.backend.payloads, payloadID)  // Good, but what if GetPayload never called?

Problem: If GetPayload is never called for a payload (due to errors or client bugs), the payload remains in memory forever.

Recommendation: Implement a TTL-based cleanup mechanism or maximum size limit for the payloads map.

17. No Resource Limits on Transaction Processing (execution/evm/engine_geth.go:548-598)

The buildPayload method processes transactions without limits on:

• Total transaction count
• Processing time per transaction
• Memory usage

Recommendation: Add safeguards:

• Maximum transaction count per block
• Timeout for transaction execution
• Circuit breaker for repeated failures

18. Inefficient Transaction Filtering (execution/evm/engine_geth.go:549-605)

for i, txBytes := range ps.transactions {
    if i%100 == 0 {  // Only checks context every 100 txs
        if err := ctx.Err(); err != nil {
            return nil, fmt.Errorf("context cancelled during tx execution: %w", err)
        }
    }
    // ...
}

Issues:

• Checking context only every 100 transactions is arbitrary
• No early termination if gas limit is approaching
• No prioritization of high-value transactions

Recommendation: Implement smarter batching and use gas-aware early termination.

---

Security Considerations

19. Genesis Configuration Validation (execution/evm/engine_geth.go:162-170)

The code auto-populates missing blob schedule configuration:

if genesis.Config.BlobScheduleConfig == nil {
    if genesis.Config.CancunTime != nil || genesis.Config.PragueTime != nil {
        genesis.Config.BlobScheduleConfig = &params.BlobScheduleConfig{
            Cancun: params.DefaultCancunBlobConfig,
            Prague: params.DefaultPragueBlobConfig,
        }
        logger.Debug().Msg("auto-populated blobSchedule config for Cancun/Prague forks")
    }
}

Concern: Silently modifying genesis configuration can lead to unexpected chain behavior and consensus issues.

Recommendation: Make this explicit with a WARNING log level, or require the configuration to be provided correctly.

20. No Rate Limiting on RPC Endpoints (execution/evm/engine_geth_rpc.go)

The RPC server has no rate limiting or request size limits, making it vulnerable to:

• Denial of service attacks
• Resource exhaustion
• Excessive memory usage from large requests

Recommendation: Implement rate limiting and request size limits for production deployments.

---

Documentation

21. Missing Configuration Examples

The PR adds new flags but provides no examples of how to use them:

• No example genesis file for in-process Geth
• No documentation on when to use in-process vs external client
• No migration guide from external to in-process Geth

Recommendation: Add:

• Example configuration in CLAUDE.md or a dedicated doc
• Migration guide
• Troubleshooting section for common issues

22. Unclear Concurrency Semantics

Several types have concurrent access but documentation doesn't clarify:

• Which methods of GethBackend are thread-safe?
• Can multiple ForkchoiceUpdated calls run concurrently?
• What's the expected concurrency model for the database wrapper?

Recommendation: Add clear concurrency documentation to exported types and methods.

---

Positive Observations

Despite the issues above, there are several well-implemented aspects:

1. Clean Interface Segregation: The RPC clients use interfaces (EngineRPCClient, EthRPCClient) which aids testing and modularity

2. Comprehensive Test Coverage for Core Logic: The engine_geth_test.go covers most happy paths well with table-driven tests

3. Proper Resource Cleanup: The Close() method properly shuts down components in order (lines 225-258 in engine_geth.go)

4. Good Error Context: Most errors include sufficient context about what failed and at what height/hash

5. Modular Design: The separation between database adapter, RPC server, and core engine logic is clean

6. Proper Bloom Filter Handling: The bloom filter calculation (lines 995-1005) correctly combines receipts

---

Summary & Recommendations

This PR represents a significant undertaking to embed Geth directly into ev-node. The implementation demonstrates good Go practices in many areas but has several critical issues that should be addressed before merging:

Must Fix Before Merge:

1. ❌ Error handling in flag parsing (apps/evm/cmd/run.go)
2. ❌ O(N) DeleteRange performance bottleneck (engine_geth_db.go)
3. ❌ Inefficient iterator implementation (engine_geth_db.go)

Should Fix Before Merge:
4. Transaction pool price limit configuration/documentation
5. Mutex granularity in ForkchoiceUpdated
6. Context cancellation in long-running operations
7. CORS security configuration

Can Address Post-Merge (with follow-up issues):

• Testing gaps (edge cases, database adapter tests)
• Performance optimizations (payload map cleanup, transaction processing)
• Documentation (examples, concurrency semantics)
• Security enhancements (rate limiting)

Given this is marked as a "friday fun project" not meant for merging, these findings can serve as a roadmap if/when this work is productionized.

---

Todo List

• Read repository guidelines (CLAUDE.md)
• Review main implementation files
• Review test coverage
• Review integration points
• Analyze code quality & architecture
• Evaluate error handling & resilience
• Check security considerations
• Assess performance & resource efficiency
• Review testing strategy
• Check documentation
• Compile comprehensive feedback

---

[gemini-code-assist]

Summary of Changes

Hello @julienrbrt, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the EVM execution capabilities by introducing an in-process Geth client. This architectural shift allows the application to perform Ethereum Virtual Machine operations directly, bypassing the need for an external execution client via RPC. The change aims to streamline development, simplify deployment, and potentially improve performance by reducing inter-process communication overhead. It includes the necessary data storage adaptations and new configuration options to enable this embedded functionality.

Highlights

• In-Process Geth Integration: Introduced an in-process Geth execution client, allowing direct EVM execution within the application without requiring an external RPC connection to a Geth or Reth node.
• Flexible Execution Client Creation: Modified the execution client creation logic to conditionally instantiate either the existing RPC-based client or the new in-process Geth client based on command-line flags.
• Datastore Abstraction for Geth: Implemented a wrapper to adapt the go-datastore.Batching interface to go-ethereum's ethdb.KeyValueStore, enabling the in-process Geth to utilize the application's existing data storage.
• Logger Standardization: Refactored the EngineClient constructor to directly accept a zerolog.Logger, removing the need for a separate SetLogger method and ensuring consistent logging practices.
• New Configuration Flags: Added new command-line flags (--evm.geth and --evm.geth.genesis-path) to control the activation and configuration of the in-process Geth client.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: the ability to run an in-process Geth instance as the execution client. This is a great addition that will simplify setup, testing, and deployment for users by removing the need for an external execution client process. The implementation is extensive, including a new ethdb wrapper for go-datastore and the core logic for the in-process Geth backend. My review focuses on some critical areas for improvement, particularly around error handling in flag parsing and potential performance bottlenecks in the new database wrapper. I've also included a comment on the transaction pool configuration for consideration.

[gemini-code-assist]

The errors returned by cmd.Flags().GetBool() and cmd.Flags().GetString() are being ignored. This can lead to silent failures and unexpected behavior if the flags are not parsed correctly (e.g., due to a typo or incorrect type). The program might proceed with default values (e.g., an empty genesisPath), causing issues later on. It's crucial to handle these errors to make the command-line interface more robust.

Suggested change

	useGeth, _ := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
	if useGeth {
	genesisPath, _ := cmd.Flags().GetString(evm.FlagEVMGenesisPath)
	if len(genesisPath) == 0 {
	return nil, fmt.Errorf("genesis path must be provided when using in-process Geth")
	}
	useGeth, err := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
	if err != nil {
	return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMInProcessGeth, err)
	}
	if useGeth {
	genesisPath, err := cmd.Flags().GetString(evm.FlagEVMGenesisPath)
	if err != nil {
	return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMGenesisPath, err)
	}
	if len(genesisPath) == 0 {
	return nil, fmt.Errorf("genesis path must be provided when using in-process Geth")
	}

[gemini-code-assist]

The DeleteRange implementation queries all keys from the datastore and then iterates through them to find keys within the specified range. This approach has a time complexity of O(N), where N is the total number of keys in the datastore. This can be very inefficient and cause significant performance degradation, especially with a large database, as Geth may use range deletions frequently. A more efficient implementation would leverage the underlying database's ability to iterate over a specific range, which is typically O(M) where M is the number of keys in the range. While the go-datastore interface is limited, this implementation could become a serious performance bottleneck.

[gemini-code-assist]

The iterator's Next method filters keys by comparing them to the start key after retrieving them. This means it may iterate over many keys before the start key, which is inefficient. A more performant iterator would seek to the start key directly. This implementation could lead to performance issues when iterating over large datasets with a start key set far from the beginning. Given that database iterators are a core part of Geth's performance, this could be a significant bottleneck.

[gemini-code-assist]

The transaction pool is initialized with a priceLimit of 0. This disables the minimum gas price enforcement in the transaction pool, which could potentially allow for spamming the mempool with zero-price transactions. While this might be intentional for a rollup environment where gas pricing is handled differently, it's important to ensure this is the desired behavior. Consider making this configurable if there are scenarios where a price limit is needed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.98%. Comparing base (73297c1) to head (8df657c).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2986   +/-   ##
=======================================
  Coverage   58.98%   58.98%           
=======================================
  Files         103      103           
  Lines        9902     9902           
=======================================
  Hits         5841     5841           
  Misses       3434     3434           
  Partials      627      627           

Flag	Coverage Δ
combined	58.98% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.