feat(evm): support in-process evm via geth

[julienrbrt]

Attempt to embed geth in evnode.
90% AI.

friday fun project. not meant to be merged at any time.

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Jan 23, 2026, 5:05 PM

[claude]

Claude finished @julienrbrt's task in 2m 18s —— View job

---

Comprehensive Code Review

I've completed a thorough review of this in-process Geth integration PR. This is an impressive piece of work that embeds Geth directly into ev-node, eliminating the need for an external execution client. Below is my detailed analysis across multiple dimensions.

---

1. Code Quality & Architecture ⭐⭐⭐⭐

Strengths

• Clean abstraction: The implementation properly implements existing EngineRPCClient and EthRPCClient interfaces, making it a drop-in replacement for the RPC-based client
• Modular design: Well-organized into separate files (engine_geth.go, engine_geth_db.go, engine_geth_consensus.go, engine_geth_rpc.go)
• Interface compliance: Properly implements ethdb.KeyValueStore through the wrapper pattern in engine_geth_db.go:17

Issues & Recommendations

🔴 CRITICAL: Ignored Error Returns in Command Flag Parsing

Location: apps/evm/cmd/run.go:63,72,272,287

The code silently ignores errors when getting flag values:

useGeth, _ := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
genesisPath, _ := cmd.Flags().GetString(evm.FlagEVMGenesisPath)

Impact: Silent failures if flags are misconfigured, leading to unexpected behavior with default/empty values

Fix: Handle all flag errors explicitly:

useGeth, err := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
if err != nil {
    return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMInProcessGeth, err)
}
if useGeth {
    genesisPath, err := cmd.Flags().GetString(evm.FlagEVMGenesisPath)
    if err != nil {
        return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMGenesisPath, err)
    }
    if genesisPath == "" {
        return nil, fmt.Errorf("genesis path must be provided when using in-process Geth")
    }
    // ...
}

Fix this issue →

🟡 MEDIUM: Payload ID Generation Weakness

Location: execution/evm/engine_geth.go:250

p.id = engine.PayloadID{byte(time.Now().UnixNano() & 0xFF)}

Issues:

• Only uses the lowest byte, leading to collisions every 256 nanoseconds (~4 microseconds per cycle)
• Predictable and not cryptographically secure
• Comment says "simple sequential" but it's neither sequential nor unique

Recommendation: Use proper random ID generation or increment a counter:

// Option 1: Random
var id engine.PayloadID
rand.Read(id[:])
p.id = id

// Option 2: Counter (thread-safe)
p.id = engine.PayloadID{byte(atomic.AddUint64(&g.backend.payloadCounter, 1))}

🟡 MEDIUM: Missing Context Propagation

Location: Throughout engine_geth_db.go

All datastore operations use context.Background() instead of accepting/propagating contexts:

func (w *wrapper) Get(key []byte) ([]byte, error) {
    val, err := w.ds.Get(context.Background(), toKey(key))
    // ...
}

Impact: Cannot cancel long-running operations, no request tracing, no timeout control

Recommendation: While the ethdb.KeyValueStore interface doesn't include contexts (Geth's design), consider adding timeout controls internally for long operations.

---

2. Error Handling & Resilience ⭐⭐⭐

Strengths

• Proper error wrapping with fmt.Errorf(..., %w, err) throughout
• Graceful shutdown in GethBackend.Close() with timeout context

Issues & Recommendations

🟡 MEDIUM: Silent Transaction Failures in Block Building

Location: execution/evm/engine_geth.go:421-440

for _, txBytes := range p.transactions {
    if len(txBytes) == 0 {
        continue
    }
    var tx types.Transaction
    if err := tx.UnmarshalBinary(txBytes); err != nil {
        continue  // ⚠️ Silently skips invalid transactions
    }
    // ...
    if err != nil {
        g.logger.Debug().Str("tx", tx.Hash().Hex()).Err(err).Msg("tx failed")
        continue  // ⚠️ Only debug logging for failed transactions
    }
}

Issues:

• Invalid or failed transactions are silently dropped
• Only debug-level logging makes troubleshooting difficult
• No metrics/counters for skipped transactions

Recommendation:

var skippedInvalid, skippedFailed int
for _, txBytes := range p.transactions {
    // ... unmarshal ...
    if err := tx.UnmarshalBinary(txBytes); err != nil {
        g.logger.Warn().Err(err).Msg("invalid transaction encoding")
        skippedInvalid++
        continue
    }
    // ... apply ...
    if err != nil {
        g.logger.Info().Str("tx", tx.Hash().Hex()).Err(err).Msg("transaction execution failed")
        skippedFailed++
        continue
    }
}
if skippedInvalid > 0 || skippedFailed > 0 {
    g.logger.Info().
        Int("invalid", skippedInvalid).
        Int("failed", skippedFailed).
        Msg("transactions skipped during block building")
}

🟡 MEDIUM: Insufficient Validation in NewPayload

Location: execution/evm/engine_geth.go:500-523

The validation logic returns SYNCING for missing parent but should distinguish between:

• Parent truly not synced yet (SYNCING)
• Parent will never exist (INVALID)

Recommendation: Add timeout/depth checks to detect permanently missing parents.

---

3. Security ⭐⭐⭐⭐

Strengths

• No credentials or secrets hardcoded
• Proper input validation on genesis configuration
• Safe handling of external transaction data

Issues & Recommendations

🟡 MEDIUM: Zero Transaction Pool Price Limit

Location: execution/evm/engine_geth.go:168

txPool, err := txpool.New(0, blockchain, []txpool.SubPool{legacyPool})

The priceLimit of 0 disables minimum gas price enforcement.

Impact:

• Mempool spam with zero-price transactions
• Potential DoS vector if mempool grows unbounded
• May be intentional for rollup environments where gas pricing is handled differently

Recommendation:

• If this is intentional, add a comment explaining the rationale
• Consider making this configurable via flag
• Document this behavior as it differs from standard Ethereum nodes

🟢 GOOD: CORS Headers in RPC Handler

Location: execution/evm/engine_geth_rpc.go:96

The wildcard CORS (Access-Control-Allow-Origin: *) is appropriate for a local development RPC server, but should be configurable for production deployments.

---

4. Performance & Resource Efficiency ⭐⭐

Critical Performance Issues

🔴 CRITICAL: O(N) DeleteRange Implementation

Location: execution/evm/engine_geth_db.go:59-79

func (w *wrapper) DeleteRange(start, end []byte) error {
    ctx := context.Background()
    results, err := w.ds.Query(ctx, query.Query{KeysOnly: true})  // ⚠️ Queries ALL keys
    if err != nil {
        return err
    }
    defer results.Close()

    for result := range results.Next() {
        if result.Error != nil {
            return result.Error
        }
        keyBytes := fromKey(result.Key)
        if bytes.Compare(keyBytes, start) >= 0 && bytes.Compare(keyBytes, end) < 0 {
            if err := w.ds.Delete(ctx, datastore.NewKey(result.Key)); err != nil {
                return err
            }
        }
    }
    return nil
}

Issues:

• Queries entire database to find keys in range
• O(N) complexity where N = total keys in database
• Individual delete operations (not batched)
• Geth uses range deletions frequently during state pruning/cleanup

Impact: This will become a severe performance bottleneck as the database grows. With millions of keys, this could take minutes or hours.

Recommendation:

1. If go-datastore supports range iteration, use it with prefix queries
2. Otherwise, maintain a secondary index for range operations
3. As a minimum, batch the deletions

🔴 CRITICAL: Inefficient Iterator Implementation

Location: execution/evm/engine_geth_db.go:229-264

func newIterator(ds datastore.Batching, prefix, start []byte) *iterator {
    q := query.Query{}
    if len(prefix) > 0 {
        q.Prefix = "/" + string(prefix)
    }

    results, err := ds.Query(context.Background(), q)
    // ...
    
    var entries []query.Entry
    for result := range results.Next() {
        // ...
        if len(start) > 0 && bytes.Compare(keyBytes, start) < 0 {
            continue  // ⚠️ Filters AFTER retrieval, not during
        }
        entries = append(entries, query.Entry{Key: result.Key, Value: result.Value})
    }
    // ...
    
    // Sort for deterministic ordering
    sort.Slice(entries, func(i, j int) bool {
        return bytes.Compare(fromKey(entries[i].Key), fromKey(entries[j].Key)) < 0
    })

Issues:

• Loads ALL matching entries into memory at once
• Filters by start key AFTER retrieving all data
• Requires full in-memory sort
• No streaming/lazy evaluation

Impact:

• High memory usage with large datasets
• Slow iteration over large key spaces
• Defeats the purpose of iterators

Recommendation:

// If go-datastore supports ordered iteration with start key:
q := query.Query{
    Prefix: "/" + string(prefix),
    Offset: string(start),  // If supported
    Orders: []query.Order{query.OrderByKey{}},
}
// Then stream results instead of loading all into memory

🟡 MEDIUM: Batch DeleteRange Still Queries All Keys

Location: execution/evm/engine_geth_db.go:140-162

Same O(N) issue as the wrapper's DeleteRange.

---

5. Testing Coverage & Quality ⭐⭐⭐⭐

Strengths

• Good unit test coverage for basic functionality
• Tests verify error conditions (nil DB, nil genesis)
• Uses proper test helpers and assertions

Recommendations

🟡 Add Integration Tests

• Test full block production and validation flow
• Test concurrent payload building
• Test database persistence and recovery
• Test RPC server functionality
• Test transaction pool behavior with zero price limit

🟡 Add Performance Benchmarks

• Benchmark DeleteRange with varying dataset sizes
• Benchmark iterator performance
• Benchmark block building with many transactions

---

6. Documentation & Developer Experience ⭐⭐⭐

Strengths

• Clear function signatures and naming
• Exported types are documented
• Flag constants are well-named

Issues & Recommendations

🟡 MEDIUM: Missing Package Documentation

Add package-level documentation explaining:

• When to use in-process Geth vs RPC client
• Performance characteristics
• Limitations (sub-second blocks via custom consensus)
• Configuration requirements

🟡 Missing Architecture Documentation

Location: Throughout new files

Key design decisions that need documentation:

• Why sovereignBeacon allows equal timestamps (explained in code but should be in package docs)
• Database wrapper performance limitations
• RPC server scope (minimal for block explorers)
• Transaction pool configuration rationale

🟡 Configuration Examples

Provide example configurations showing:

• Minimal Geth setup
• RPC server configuration
• Genesis file format requirements

---

7. Specific Code Observations

Good Practices ✅

• execution/evm/engine_geth_consensus.go: Well-documented consensus modifications for sub-second blocks
• Proper mutex usage for concurrent access to pending payload
• Clean separation of Engine API and ETH RPC implementations
• Graceful HTTP server shutdown with timeout

Concerning Patterns ⚠️

Type Assertions Without Error Checking

Location: execution/evm/engine_geth.go:253-330

Multiple type assertions in parsePayloadAttributes lack comprehensive error handling for unexpected types.

Memory Allocation in Hot Path

Location: execution/evm/engine_geth.go:466-468

txData := make([][]byte, len(txs))
for i, tx := range txs {
    txData[i], _ = tx.MarshalBinary()  // ⚠️ Error ignored
}

Errors from MarshalBinary are silently discarded.

---

Summary & Recommendations

Must Fix Before Production (Critical) 🔴

1. Handle flag parsing errors in apps/evm/cmd/run.go:63,72,272,287
2. Fix O(N) DeleteRange implementation - this will cause severe performance degradation
3. Fix inefficient iterator - loads entire dataset into memory

Should Fix (High Priority) 🟡

1. Improve payload ID generation (collision risk)
2. Add context propagation for cancellation support
3. Improve transaction failure logging and metrics
4. Add comprehensive integration tests
5. Add performance benchmarks
6. Document architecture decisions and limitations

Nice to Have (Medium Priority) 🔵

1. Make transaction pool price limit configurable
2. Make CORS settings configurable
3. Add package-level documentation
4. Provide configuration examples

Questions for Team Discussion 💬

1. Is the zero transaction pool price limit intentional for rollup economics?
2. What are the expected database sizes and key counts?
3. Are there plans to support database backends other than go-datastore?
4. Should sub-second blocks (equal timestamps) be more prominently documented?

---

This is impressive work for a "Friday fun project"! The architecture is solid, but the database wrapper needs performance optimization before production use. The flag error handling issues should be fixed regardless of merge plans.

Overall Assessment: ⭐⭐⭐ (3/5) - Good foundation with critical performance issues that must be addressed.

---

[gemini-code-assist]

Summary of Changes

Hello @julienrbrt, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the EVM execution capabilities by introducing an in-process Geth client. This architectural shift allows the application to perform Ethereum Virtual Machine operations directly, bypassing the need for an external execution client via RPC. The change aims to streamline development, simplify deployment, and potentially improve performance by reducing inter-process communication overhead. It includes the necessary data storage adaptations and new configuration options to enable this embedded functionality.

Highlights

• In-Process Geth Integration: Introduced an in-process Geth execution client, allowing direct EVM execution within the application without requiring an external RPC connection to a Geth or Reth node.
• Flexible Execution Client Creation: Modified the execution client creation logic to conditionally instantiate either the existing RPC-based client or the new in-process Geth client based on command-line flags.
• Datastore Abstraction for Geth: Implemented a wrapper to adapt the go-datastore.Batching interface to go-ethereum's ethdb.KeyValueStore, enabling the in-process Geth to utilize the application's existing data storage.
• Logger Standardization: Refactored the EngineClient constructor to directly accept a zerolog.Logger, removing the need for a separate SetLogger method and ensuring consistent logging practices.
• New Configuration Flags: Added new command-line flags (--evm.geth and --evm.geth.genesis-path) to control the activation and configuration of the in-process Geth client.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: the ability to run an in-process Geth instance as the execution client. This is a great addition that will simplify setup, testing, and deployment for users by removing the need for an external execution client process. The implementation is extensive, including a new ethdb wrapper for go-datastore and the core logic for the in-process Geth backend. My review focuses on some critical areas for improvement, particularly around error handling in flag parsing and potential performance bottlenecks in the new database wrapper. I've also included a comment on the transaction pool configuration for consideration.

[gemini-code-assist]

The errors returned by cmd.Flags().GetBool() and cmd.Flags().GetString() are being ignored. This can lead to silent failures and unexpected behavior if the flags are not parsed correctly (e.g., due to a typo or incorrect type). The program might proceed with default values (e.g., an empty genesisPath), causing issues later on. It's crucial to handle these errors to make the command-line interface more robust.

Suggested change

	useGeth, _ := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
	if useGeth {
	genesisPath, _ := cmd.Flags().GetString(evm.FlagEVMGenesisPath)
	if len(genesisPath) == 0 {
	return nil, fmt.Errorf("genesis path must be provided when using in-process Geth")
	}
	useGeth, err := cmd.Flags().GetBool(evm.FlagEVMInProcessGeth)
	if err != nil {
	return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMInProcessGeth, err)
	}
	if useGeth {
	genesisPath, err := cmd.Flags().GetString(evm.FlagEVMGenesisPath)
	if err != nil {
	return nil, fmt.Errorf("failed to get '%s' flag: %w", evm.FlagEVMGenesisPath, err)
	}
	if len(genesisPath) == 0 {
	return nil, fmt.Errorf("genesis path must be provided when using in-process Geth")
	}

[gemini-code-assist]

The DeleteRange implementation queries all keys from the datastore and then iterates through them to find keys within the specified range. This approach has a time complexity of O(N), where N is the total number of keys in the datastore. This can be very inefficient and cause significant performance degradation, especially with a large database, as Geth may use range deletions frequently. A more efficient implementation would leverage the underlying database's ability to iterate over a specific range, which is typically O(M) where M is the number of keys in the range. While the go-datastore interface is limited, this implementation could become a serious performance bottleneck.

[gemini-code-assist]

The iterator's Next method filters keys by comparing them to the start key after retrieving them. This means it may iterate over many keys before the start key, which is inefficient. A more performant iterator would seek to the start key directly. This implementation could lead to performance issues when iterating over large datasets with a start key set far from the beginning. Given that database iterators are a core part of Geth's performance, this could be a significant bottleneck.

[gemini-code-assist]

The transaction pool is initialized with a priceLimit of 0. This disables the minimum gas price enforcement in the transaction pool, which could potentially allow for spamming the mempool with zero-price transactions. While this might be intentional for a rollup environment where gas pricing is handled differently, it's important to ensure this is the desired behavior. Consider making this configurable if there are scenarios where a price limit is needed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.89%. Comparing base (9a91394) to head (1bf3cd5).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2986      +/-   ##
==========================================
- Coverage   57.99%   57.89%   -0.11%     
==========================================
  Files         110      110              
  Lines       10526    10526              
==========================================
- Hits         6105     6094      -11     
- Misses       3770     3781      +11     
  Partials      651      651              

Flag	Coverage Δ
combined	57.89% <ø> (-0.11%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.