fix: allow preinstall in case account has a balance

[thomas-nguy]

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

• Bug Fixes

  • Fixed preinstall failing when an account already has a balance.

• Chores

  • Updated Go toolchain and refreshed core dependency versions and sources, including dependency graph and replacement mappings.

• Tests

  • Extended integration tests to perform an on-chain transaction and gas usage check before preinstall assertions.

• Documentation

  • Added an UNRELEASED changelog entry noting the preinstall fix.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated dependencies and Nix metadata, added an UNRELEASED changelog entry about preinstall behavior, and extended an integration test to send an on‑chain transaction and assert its receipt before existing Create2 preinstall checks.

Changes

Cohort / File(s)	Summary
Changelog CHANGELOG.md	Added UNRELEASED entry: "Fix: allow preinstall in case account has a balance"
Go module & deps go.mod	Bumped many dependencies (ibc-go, golang.org/x/*, grpc, protobuf, opentelemetry, indirects); replaced ethermint with github.com/thomas-nguy/ethermint and refreshed indirect versions
Nix metadata gomod2nix.toml	Synchronized module versions/hashes to match go.mod (multiple opentelemetry, google, golang.org/x/*, envoy, etc.); updated ethermint replacement entry
Integration tests integration_tests/test_preinstall.py	Test now sends a tx from ADDRS["validator"] (value 5), waits for receipt and asserts receipt.status == 1 and receipt.gasUsed == 21000 before existing Create2/preinstall assertions

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: support preinstalls #1875 — touches integration_tests/test_preinstall.py and preinstall test flows.
• feat: add preinstall in upgrade handler #1939 — addresses preinstall behavior and the changelog entry allowing preinstall when account has a balance.
• feat: support eip2935 #1882 — related preinstall/integration test updates and EIP‑2935/preinstall behavior.

Suggested labels

nix

Suggested reviewers

• calvinaco
• XinyuCRO
• songgaoye

Poem

🐇 I hopped through modules, quick and witty,
I bumped a fork and fixed a bitty,
Sent a tiny tx, receipts so bright,
Preinstall now behaves just right,
Carrots for CI — hop! 🥕

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: fixing preinstall behavior when an account has a balance, which aligns with the test additions and code adjustments shown in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8eb75bc and 3409435.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• go.mod
• gomod2nix.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: Run golangci-lint
• GitHub Check: build (ubuntu-latest)
• GitHub Check: gomod2nix
• GitHub Check: build (macos-14)
• GitHub Check: build (macos-latest)
• GitHub Check: unittest
• GitHub Check: integration_tests (gov)
• GitHub Check: integration_tests (ibc_timeout)
• GitHub Check: integration_tests (mint)
• GitHub Check: integration_tests (gas)
• GitHub Check: integration_tests (upgrade)
• GitHub Check: integration_tests (ica)
• GitHub Check: integration_tests (evm)
• GitHub Check: integration_tests (slow)
• GitHub Check: integration_tests (unmarked)
• GitHub Check: integration_tests (ibc_rly_evm)
• GitHub Check: integration_tests (ibc_update_client)
• GitHub Check: integration_tests (ibc_rly_gas)
• GitHub Check: integration_tests (ibc)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (2)

gomod2nix.toml (1)

1-820: LGTM! The Nix lock file is consistent with go.mod updates.

This file is auto-generated by gomod2nix and mirrors the dependency changes in go.mod. The version and hash updates align with the Go module updates.

go.mod (1)

1-313: Dependency updates reviewed; past comments still apply.

The dependency updates in this file have been reviewed. Two concerns were previously raised:

1. Line 42: golang.org/x/crypto v0.44.0 contains CVE-2025-58181 and CVE-2025-47914. Upgrade to v0.45.0+ is recommended (see past comment).
2. Line 306: The ethermint replacement changed to github.com/thomas-nguy/ethermint without documentation explaining the fork maintenance plan (see past comment).

The remaining dependency updates (ibc-go, grpc, protobuf, OpenTelemetry, golang.org/x/* indirects) appear to be routine version bumps consistent with maintenance practices.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​golang.org/​x/​crypto@​v0.41.0 ⏵ v0.44.0	+1
	golang/​google.golang.org/​grpc@​v1.75.1 ⏵ v1.78.0	+1
	golang/​google.golang.org/​protobuf@​v1.36.10 ⏵ v1.36.11	+1
	golang/​google.golang.org/​genproto/​googleapis/​api@​v0.0.0-20250707201910-8d1bb00bc6a7 ⏵ v0.0.0-20251029180050-ab9386a59fda
	golang/​github.com/​cosmos/​ibc-go/​v10@​v10.4.0 ⏵ v10.5.0

View full report

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

integration_tests/test_preinstall.py (1)

14-23: Excellent test coverage for the fix!

This test logic effectively validates the PR's objective by:

1. Sending funds to the Create2 address (giving it a balance)
2. Verifying the transaction succeeds
3. Later confirming that preinstall code can still be registered at that address

The assertion for gasUsed == 21000 is correct for a simple ETH transfer.

Optional: Add explicit balance verification for clarity.

Consider adding a balance check after the transaction to make the test intent more explicit:

 receipt = w3.eth.wait_for_transaction_receipt(txhash)
 assert receipt.status == 1
 assert receipt.gasUsed == 21000
+
+# Verify the address now has a balance
+balance = w3.eth.get_balance(create2address)
+assert balance == 5

This would make it explicit that the address has a balance before attempting the preinstall, further documenting the test's purpose.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 63b6a38 and 398b200.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• CHANGELOG.md (1 hunks)
• go.mod (4 hunks)
• gomod2nix.toml (3 hunks)
• integration_tests/test_preinstall.py (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: Build

go.mod

[error] 1-1: Command: nix develop .#rocksdb -c make test failed. go.mod specifies Go version 1.25.0, but no compatible Go attribute could be found.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run golangci-lint

🔇 Additional comments (4)

integration_tests/test_preinstall.py (1)

5-5: LGTM!

The ADDRS import is necessary for accessing the validator address in the new test logic.

CHANGELOG.md (1)

10-10: LGTM!

The changelog entry is properly formatted and correctly placed in the UNRELEASED section.

gomod2nix.toml (1)

327-329: Dependency metadata updates are consistent with go.mod.

The changes to this file reflect the dependency updates made in go.mod, including:

• Ethermint source change to the personal fork (line 327-329)
• Multiple golang.org/x/* version and hash updates (lines 759-782)
• google.golang.org/protobuf update (lines 801-802)

Note that if the issues identified in go.mod (Go version and Ethermint fork) are addressed, this file will need to be regenerated using gomod2nix to reflect the corrected dependencies.

Also applies to: 759-782, 801-802

go.mod (1)

3-3: Go 1.25.0 is a valid, released version; verify that Go 1.25+ is installed in your build environment.

Go 1.25.0 is a major release officially released on August 12, 2025. The error indicates a build environment configuration issue rather than an invalid version. Go 1.25.5 (the latest stable version as of December 2, 2025) is available and stable. Ensure your CI/CD pipeline and build environment have Go 1.25+ installed.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's check the go.mod file to see all the dependency changes
echo "=== Checking go.mod file around line 42 and 45 ==="
sed -n '35,55p' go.mod

echo ""
echo "=== Checking go.mod file around line 263-268 ==="
sed -n '255,275p' go.mod

echo ""
echo "=== Searching for golang.org/x/crypto usage in Go files ==="
rg -n "golang.org/x/crypto" --type=go -C 1 | head -30

echo ""
echo "=== Searching for google.golang.org/protobuf usage in Go files ==="
rg -n "google.golang.org/protobuf" --type=go -C 1 | head -30

Repository: crypto-org-chain/cronos

Length of output: 2584

---

Consider upgrading golang.org/x/crypto to v0.45.0 or later.

The current version v0.44.0 contains security vulnerabilities (CVE-2025-58181, CVE-2025-47914) that are fixed in v0.45.0 and later. The google.golang.org/protobuf v1.36.11 update is a stable patch release with no breaking changes.

🤖 Prompt for AI Agents

In go.mod around line 42, upgrade the module golang.org/x/crypto from v0.44.0 to
v0.45.0 (or later) to pick up security fixes; update the version in go.mod, run
`go get golang.org/x/[email protected]` (or `@latest`), then run `go mod tidy` to
refresh go.sum and resolve dependencies, and finally run the project's
tests/build to verify there are no regressions.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Search for references to both ethermint sources and any documentation explaining the fork choice
rg -i "(thomas-nguy|ethermint fork|archived)" --type=md -C 3

Repository: crypto-org-chain/cronos

Length of output: 49

---

🏁 Script executed:

# Check git history for when and why this change was made
cd "$(git rev-parse --show-toplevel)" 2>/dev/null || true
git log --oneline -20 -- go.mod | head -20

Repository: crypto-org-chain/cronos

Length of output: 88

---

🏁 Script executed:

# Look for any comments in go.mod or related files explaining the fork
grep -n -B 5 -A 5 "thomas-nguy/ethermint" go.mod

Repository: crypto-org-chain/cronos

Length of output: 872

---

🏁 Script executed:

# Check if there are any CHANGELOG, README, or docs explaining this choice
find . -type f \( -name "CHANGELOG*" -o -name "README*" -o -name "*.md" \) | xargs grep -l "ethermint\|fork" 2>/dev/null | head -10

Repository: crypto-org-chain/cronos

Length of output: 348

---

🏁 Script executed:

grep -i "fork\|ethermint\|maintain\|upstream" README.md CONTRIBUTING.md 2>/dev/null | head -20

Repository: crypto-org-chain/cronos

Length of output: 1527

---

🏁 Script executed:

# Check the specific commit referenced in the fork to understand what customizations exist
# The version is v0.4.2-0.20251216120354-91058302724d
# Try to find any code or comments explaining why this fork is used
rg -i "thomas-nguy\|ethermint.*custom\|ethermint.*fork" . --type=go -C 2 | head -30

Repository: crypto-org-chain/cronos

Length of output: 49

---

🏁 Script executed:

# Check if there's a CHANGELOG or release notes explaining the fork
cat CHANGELOG.md 2>/dev/null | grep -i "ethermint\|fork" -C 2 | head -20

Repository: crypto-org-chain/cronos

Length of output: 1197

---

🏁 Script executed:

# Look for any architecture decision records (ADR) or design docs explaining fork usage
fd -t f "ADR|adr|architecture|decision" docs/ 2>/dev/null | xargs grep -l "ethermint\|fork" 2>/dev/null

Repository: crypto-org-chain/cronos

Length of output: 182

---

🏁 Script executed:

# Check if there's a crypto-org-chain/ethermint fork mentioned in CHANGELOG or elsewhere
rg "crypto-org-chain.*ethermint" . -C 2 | head -40

Repository: crypto-org-chain/cronos

Length of output: 3604

---

🏁 Script executed:

# Check the git history for the ethermint dependency to understand when/why it changed to thomas-nguy
git log --all --oneline -- go.mod | grep -i "ethermint" | head -5

Repository: crypto-org-chain/cronos

Length of output: 319

---

🏁 Script executed:

# Look for any issues or PRs mentioning the ethermint fork choice
git log -p -- go.mod | grep -B 10 -A 10 "thomas-nguy\|ethermint" | head -50

Repository: crypto-org-chain/cronos

Length of output: 49

---

🏁 Script executed:

# Get more detailed git log for go.mod to see when thomas-nguy fork was introduced
git log --all -p -- go.mod | grep -B 30 -A 5 "thomas-nguy/ethermint" | head -60

Repository: crypto-org-chain/cronos

Length of output: 2110

---

🏁 Script executed:

# Check when the switch to thomas-nguy happened and what the commit message says
git log --all --format="%H %s" -- go.mod | head -3 | while read commit msg; do echo "=== $msg ==="; git show "$commit" | grep -A 5 -B 5 "ethermint" | head -20; done

Repository: crypto-org-chain/cronos

Length of output: 2572

---

🏁 Script executed:

# Look for any references to crypto-org-chain/ethermint vs thomas-nguy in recent commits
git log --all -S "ethermint" --oneline -- go.mod | head -10

Repository: crypto-org-chain/cronos

Length of output: 624

---

🏁 Script executed:

# Check the specific commit that changed to thomas-nguy/ethermint
git show 398b200 --stat | head -20

Repository: crypto-org-chain/cronos

Length of output: 1086

---

🏁 Script executed:

# Look for commit messages explaining the change from crypto-org-chain to thomas-nguy
git log --all --format="%H %ai %s" -- go.mod | head -20

Repository: crypto-org-chain/cronos

Length of output: 2569

---

🏁 Script executed:

# Check if there are any PRs or issues referencing the fork change
git log --all -S "thomas-nguy/ethermint" --oneline | head -5

Repository: crypto-org-chain/cronos

Length of output: 153

---

🏁 Script executed:

# Find the commit that introduced thomas-nguy/ethermint and show its full message
git log --all -S "thomas-nguy/ethermint" --format="%H %s %b" | head -100

Repository: crypto-org-chain/cronos

Length of output: 153

---

Document the maintenance plan and rationale for switching to the personal Ethermint fork.

The upstream github.com/evmos/ethermint was archived on April 4, 2024 and is now read-only, which justifies using a fork for continued development. However, the recent switch from github.com/crypto-org-chain/ethermint to github.com/thomas-nguy/ethermint lacks explanation in documentation or comments. Add clarification in the codebase about:

• Why the fork was switched (was crypto-org-chain/ethermint no longer maintained?)
• Whether thomas-nguy/ethermint is actively maintained or if this is temporary
• Long-term maintenance responsibilities and update frequency

🤖 Prompt for AI Agents

In go.mod around line 306, the swap to the personal fork
github.com/thomas-nguy/ethermint lacks documented rationale and maintenance
plan; add a brief comment in the repo (adjacent to the go.mod entry or in a new
docs/DEPENDENCIES.md or MAINTAINERS.md) stating why we switched from the
archived upstream (evmos/ethermint), whether the previous crypto-org-chain fork
was unmaintained, whether thomas-nguy/ethermint is actively maintained or
temporary, who owns long‑term maintenance responsibilities, how often
updates/security pulls will be applied, and a contact or issue link for
follow-up. Ensure the note includes version pin justification and a plan for
reverting to upstream or adopting another fork in future.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.51%. Comparing base (a3c2f70) to head (3409435).
⚠️ Report is 132 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1940      +/-   ##
==========================================
+ Coverage   16.87%   18.51%   +1.64%     
==========================================
  Files          72       75       +3     
  Lines        6163     5114    -1049     
==========================================
- Hits         1040      947      -93     
+ Misses       5000     4045     -955     
+ Partials      123      122       -1     

see 70 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.