fix(sdm): stabilize PostExec consensus surface (Verify 0x7D guard + opt-in TOCTOU)#21502
Merged
Conversation
nonsense
force-pushed
the
ae/sdm/prework-consensus-surface
branch
2 times, most recently
from
f5d767f to
72be2f3
Compare
Reject Verify blocks that claim refunds without the trailing post-exec tx, and snapshot PostExecMode once per payload build so EVM setup and 0x7D appending agree.
nonsense
force-pushed
the
ae/sdm/prework-consensus-surface
branch
from
72be2f3 to
85837ca
Compare
The reth-codec opt-in change (#21483) added reth-optimism-primitives as a dependency of reth-optimism-post-exec-replay but only updated the main rust workspace lockfile. The op-rbuilder and rollup-boost workspaces depend on that crate via path, so their Cargo.lock files went stale and the Docker builds (which run `cargo chef cook --locked`) failed with "cannot update the lock file because --locked was passed". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
einar-oplabs
approved these changes
Jun 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two consensus-surface pre-work fixes for the SDM PostExec (
0x7D) machinery, landed ahead of the SDM → optimism-premium extraction (the §4 Pre-work (remaining) items: snapshotPostExecModeonce, and enforcesaw_post_exec_txinfinish()). Both are small, independently reviewable, and behavior-preserving for valid blocks.1.
fix(alloy-op-evm): reject Verify blocks missing the trailing0x7DReject verifier executions that consume an out-of-band post-exec payload without seeing its 0x7D carrier tx
2.
fix(op-reth): snapshotPostExecModeonce per build (opt-in TOCTOU)build()read the runtime-mutable SDM production opt-in twice — once insideblock_builder()(mode selection) and again when deciding to append the0x7D. An admin-RPC toggle between the reads could yield a block with refunded state but no0x7D(or vice versa).post_exec_mode()is now resolved once and threaded through the newblock_builder_with_mode(); the append decision derives from the same snapshot (matches!(mode, Produce)), which is exactly equivalent to the old!force_empty() && sdm_production_enabled()predicate.Testing
test_finish_rejects_verify_block_missing_post_exec_tx(alloy-op-evm) — reproduces the hole on baseline, passes with the guard. Full suite 73/73.block_builder_with_mode_honors_snapshot_over_live_opt_in(reth-optimism-payload-builder) — asserts the builder honors the passed snapshot regardless of the live opt-in. Suite 23/23.just fmt-fixclean ·clippy --workspace --all-features --all-targetsclean.Notes
optimism_rev.🤖 Generated with Claude Code