fix: proper statedb isolation in nibiru bank_extension (#2357)

* fix: non tx statedb isolation in nibiru bank_extension

* fix: typo

* test: coverage of the statedb corruption fixes

* chore: lint

* chore: changelog

Author: onikonychev

CHANGELOG.md

@@ -54,7 +54,7 @@ See https://github.com/dangoslen/changelog-enforcer.
 - [#2348](https://github.com/NibiruChain/nibiru/pull/2348) - fix(oracle): max expiration a label rather than an invalidation for additional query liveness
 - [#2350](https://github.com/NibiruChain/nibiru/pull/2350) - fix(simapp): sim tests with empty validator set panic
 - [#2352](https://github.com/NibiruChain/nibiru/pull/2352) - chore(token-registry): Add bank coin versions of USDC and USDT from Stargate and LayerZero, and update ErisEvm.sol to fix redeem
-- [#2354](https://github.com/NibiruChain/nibiru/pull/2354) - chore: linter upgrade to v2
+- [#2357](https://github.com/NibiruChain/nibiru/pull/2357) - fix: proper statedb isolation in nibiru bank_extension
 
 ### Dependencies
 - Bump `form-data` from 4.0.1 to 4.0.4 ([#2347](https://github.com/NibiruChain/nibiru/pull/2347))

evm-e2e/contracts/IFunToken.sol

@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: MIT
+pragma solidity >=0.8.19;
+
+address constant FUNTOKEN_PRECOMPILE_ADDRESS = 0x0000000000000000000000000000000000000800;
+IFunToken constant FUNTOKEN_PRECOMPILE = IFunToken(FUNTOKEN_PRECOMPILE_ADDRESS);
+
+import "./NibiruEvmUtils.sol";
+
+/// @notice Implements the functionality for sending ERC20 tokens and bank
+/// coins to various Nibiru accounts using either the Nibiru Bech32 address
+/// using the "FunToken" mapping between the ERC20 and bank.
+interface IFunToken is INibiruEvm {
+    /// @notice sendToBank sends ERC20 tokens as coins to a Nibiru base account
+    /// @param erc20 - the address of the ERC20 token contract
+    /// @param amount - the amount of tokens to send
+    /// @param to - the receiving Nibiru base account address as a string
+    /// @return sentAmount - amount of tokens received by the recipient. This may
+    /// not be equal to `amount` if the corresponding ERC20 contract has a fee or
+    /// deduction on transfer.
+    function sendToBank(
+        address erc20,
+        uint256 amount,
+        string calldata to
+    ) external returns (uint256 sentAmount);
+
+    /// @notice Retrieves the ERC20 contract address associated with a given bank denomination.
+    /// @param bankDenom The bank denomination string (e.g., "unibi", "erc20/0x...", "ibc/...").
+    /// @return erc20Address The corresponding ERC20 contract address, or address(0) if no mapping exists.
+    function getErc20Address(
+        string memory bankDenom
+    ) external view returns (address erc20Address);
+
+    struct NibiruAccount {
+        address ethAddr;
+        string bech32Addr;
+    }
+    struct FunToken {
+        address erc20;
+        string bankDenom;
+    }
+
+    /// @notice Method "balance" returns the ERC20 balance and Bank Coin balance
+    /// of some fungible token held by the given account.
+    function balance(
+        address who,
+        address funtoken
+    )
+        external
+        view
+        returns (
+            uint256 erc20Balance,
+            uint256 bankBalance,
+            FunToken memory token,
+            NibiruAccount memory whoAddrs
+        );
+
+    /// @notice Method "bankBalance" returns the Bank Coin balance of some
+    /// fungible token held by the given account.
+    function bankBalance(
+        address who,
+        string calldata bankDenom
+    )
+        external
+        view
+        returns (uint256 bankBalance, NibiruAccount memory whoAddrs);
+
+    /// @notice Method "whoAmI" performs address resolution for the given address
+    /// string
+    /// @param who Ethereum hexadecimal (EVM) address or nibi-prefixed Bech32
+    /// (non-EVM) address
+    /// @return whoAddrs Addresses of "who" in EVM and non-EVM formats
+    function whoAmI(
+        string calldata who
+    ) external view returns (NibiruAccount memory whoAddrs);
+
+    /// @notice sendToEvm transfers the caller's Bank Coins specified by `denom`
+    /// to the corresponding ERC-20 representation on the EVM side. The `to`
+    /// argument must be either an Ethereum hex address (0x...) or a Bech32
+    /// address.
+    ///
+    /// The underlying logic mints (or un-escrows) the ERC-20 tokens to the `to` address if
+    /// the funtoken mapping was originally minted from a coin.
+    ///
+    /// @param bankDenom The bank denom of the coin to send from the caller to the EVM side.
+    /// @param amount The number of coins to send.
+    /// @param to The Ethereum hex or bech32 address receiving the ERC-20.
+    /// @return sentAmount The number of ERC-20 tokens minted or un-escrowed.
+    function sendToEvm(
+        string calldata bankDenom,
+        uint256 amount,
+        string calldata to
+    ) external returns (uint256 sentAmount);
+
+    /// @notice bankMsgSend performs a `cosmos.bank.v1beta1.MsgSend` transaction
+    /// message to transfer Bank Coin funds to the given address.
+    ///
+    /// @param to The recipient address (hex or bech32).
+    /// @param bankDenom The bank coin denom to send.
+    /// @param amount The number of coins to send.
+    /// @return success True if the bank send succeeded, false otherwise.
+    function bankMsgSend(
+        string calldata to,
+        string calldata bankDenom,
+        uint256 amount
+    ) external returns (bool success);
+}

evm-e2e/contracts/NibiruEvmUtils.sol

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: MIT
+pragma solidity >=0.8.19;
+
+/// @notice Interface defining the AbciEvent for interoperability between
+/// Ethereum and the ABCI (Application Blockchain Interface).
+interface INibiruEvm {
+    struct BankCoin {
+        string denom;
+        uint256 amount;
+    }
+
+    /// @notice Event emitted to in precompiled contracts to relay information
+    /// from the ABCI to the EVM logs and indexers. Consumers of this event should
+    /// decode the `attrs` parameter based on the `eventType` context.
+    ///
+    /// @param eventType An identifier type of the event, used for indexing.
+    /// Event types indexable with CometBFT indexer are in snake case like
+    /// "pending_ethereum_tx" or "message", while protobuf typed events use the
+    /// proto message name as their event type (e.g.
+    /// "eth.evm.v1.EventEthereumTx").
+    /// @param abciEvent JSON object string with the event type and fields of an
+    /// ABCI event.
+    event AbciEvent(string indexed eventType, string abciEvent);
+}

evm-e2e/test/precompile_statedb.test.ts

@@ -0,0 +1,101 @@
+import { describe, expect, it } from "@jest/globals"
+import { Contract, Wallet } from "ethers"
+import * as fs from "fs"
+
+import { account, provider, TEST_TIMEOUT } from "./setup"
+
+// Load the full ABI from the artifact file
+const contractArtifact = JSON.parse(
+  fs.readFileSync('./artifacts/contracts/IFunToken.sol/IFunToken.json', 'utf8')
+)
+
+const FUNTOKEN_PRECOMPILE = "0x0000000000000000000000000000000000000800"
+
+describe("StateDB corruption test", () => {
+  it(
+    "concurrent simulations don't corrupt StateDB during transactions",
+    async () => {
+      const contract = new Contract(FUNTOKEN_PRECOMPILE, contractArtifact.abi, account)
+      const recipient = Wallet.createRandom()
+
+      // Get initial balances
+      const senderBalanceBefore = await provider.getBalance(account.address)
+      const recipientBalanceBefore = await provider.getBalance(recipient.address)
+
+      const SIMULATION_COUNT = 100
+      const TX_COUNT = 10
+      const TX_AMOUNT = 1 // 1 unibi
+      const SIMULATION_AMOUNT = 1000 // 1000 unibi
+
+      // Run aggressive simulations
+      const runSimulations = async (): Promise<void> => {
+        const promises = []
+
+        for (let i = 0; i < SIMULATION_COUNT; i++) {
+          if (i % 2 === 0) {
+            promises.push(
+              contract.bankMsgSend.estimateGas(recipient.address, "unibi", SIMULATION_AMOUNT)
+                .catch(() => {})
+            )
+          } else {
+            promises.push(
+              contract.bankMsgSend.staticCall(recipient.address, "unibi", SIMULATION_AMOUNT)
+                .catch(() => {})
+            )
+          }
+        }
+
+        await Promise.all(promises)
+      }
+
+      // Start continuous simulations
+      let simulationRunning = true
+      const simulationPromise = (async () => {
+        while (simulationRunning) {
+          await runSimulations()
+          await new Promise(resolve => setTimeout(resolve, 1))
+        }
+      })()
+
+      // Wait for simulations to start
+      await new Promise(resolve => setTimeout(resolve, 50))
+
+      // Send real transactions
+      const currentNonce = await provider.getTransactionCount(account.address, 'pending')
+      const txPromises = []
+
+      for (let i = 0; i < TX_COUNT; i++) {
+        const tx = contract.bankMsgSend(
+          recipient.address,
+          "unibi",
+          TX_AMOUNT,
+          {
+            gasLimit: 1000000,
+            nonce: currentNonce + i
+          }
+        )
+
+        txPromises.push(tx)
+      }
+
+      const transactions = await Promise.all(txPromises)
+      const receipts = await Promise.all(transactions.map(tx => tx.wait()))
+
+      // Stop simulations
+      simulationRunning = false
+      await simulationPromise
+
+      // Get final balances
+      const senderBalanceAfter = await provider.getBalance(account.address)
+      const recipientBalanceAfter = await provider.getBalance(recipient.address)
+
+      // Assert balances - expecting 10 unibi = 10 * 10^12 wei
+      const totalSentWei = BigInt(TX_AMOUNT * TX_COUNT) * BigInt(10 ** 12) // 10 unibi in wei
+      expect(recipientBalanceAfter - recipientBalanceBefore).toEqual(totalSentWei)
+
+      // Sender balance should be reduced by 10 * 10^12 wei + gas fees
+      expect(senderBalanceBefore - senderBalanceAfter).toBeGreaterThan(totalSentWei)
+    },
+    TEST_TIMEOUT * 3,
+  )
+})

x/evm/keeper/bank_extension.go

@@ -235,7 +235,7 @@ func (bk *NibiruBankKeeper) SyncStateDBWithAccount(
 	ctx sdk.Context, acc sdk.AccAddress,
 ) {
 	// If there's no StateDB set, it means we're not in an EthereumTx.
-	if bk.StateDB == nil {
+	if bk.StateDB == nil || !IsDeliverTx(ctx) {
 		return
 	}
 

x/evm/keeper/bank_extension_test.go

@@ -3,6 +3,7 @@ package keeper_test
 import (
 	"encoding/json"
 	"fmt"
+	"math/big"
 
 	sdkmath "cosmossdk.io/math"
 	sdk "github.com/cosmos/cosmos-sdk/types"
@@ -11,6 +12,9 @@ import (
 	gethparams "github.com/ethereum/go-ethereum/params"
 	"github.com/rs/zerolog/log"
 
+	"github.com/NibiruChain/nibiru/v2/eth"
+	"github.com/NibiruChain/nibiru/v2/x/evm/keeper"
+
 	"github.com/NibiruChain/nibiru/v2/x/common/testutil/testapp"
 	"github.com/NibiruChain/nibiru/v2/x/evm"
 	"github.com/NibiruChain/nibiru/v2/x/evm/embeds"
@@ -425,3 +429,82 @@ func (s *Suite) TestStateDBReadonlyInvariant() {
 		s.True(first == db.StateDB, db.Explanation)
 	}
 }
+
+// TestSyncStateDBWithAccount_DeliverTxCheck ensures that SyncStateDBWithAccount
+// only syncs during DeliverTx, not during CheckTx, ReCheckTx, or simulations
+func (s *Suite) TestSyncStateDBWithAccount_DeliverTxCheck() {
+	deps := evmtest.NewTestDeps()
+
+	testAddr := evmtest.NewEthPrivAcc()
+
+	// Fund the account with some NIBI
+	fundCoins := sdk.NewCoins(sdk.NewInt64Coin(evm.EVMBankDenom, 1000))
+	s.NoError(testapp.FundAccount(deps.App.BankKeeper, deps.Ctx, testAddr.NibiruAddr, fundCoins))
+
+	testCases := []struct {
+		name            string
+		setupContext    func(ctx sdk.Context) sdk.Context
+		shouldSync      bool
+		expectedBalance string
+	}{
+		{
+			name: "DeliverTx context - should sync",
+			setupContext: func(ctx sdk.Context) sdk.Context {
+				// Default context is DeliverTx
+				return ctx
+			},
+			shouldSync:      true,
+			expectedBalance: evm.NativeToWei(fundCoins[0].Amount.BigInt()).String(),
+		},
+		{
+			name: "CheckTx context - should NOT sync",
+			setupContext: func(ctx sdk.Context) sdk.Context {
+				return ctx.WithIsCheckTx(true)
+			},
+			shouldSync:      false,
+			expectedBalance: "0", // Should remain 0 as sync is skipped
+		},
+		{
+			name: "ReCheckTx context - should NOT sync",
+			setupContext: func(ctx sdk.Context) sdk.Context {
+				return ctx.WithIsReCheckTx(true)
+			},
+			shouldSync:      false,
+			expectedBalance: "0",
+		},
+		{
+			name: "Simulation context - should NOT sync",
+			setupContext: func(ctx sdk.Context) sdk.Context {
+				// Mark context as simulation using SimulationContextKey
+				return ctx.WithValue(keeper.SimulationContextKey, true)
+			},
+			shouldSync:      false,
+			expectedBalance: "0",
+		},
+	}
+
+	for _, tc := range testCases {
+		s.Run(tc.name, func() {
+			// Create a fresh StateDB for each test
+			deps.EvmKeeper.Bank.StateDB = deps.NewStateDB()
+
+			// Set initial balance to 0 in StateDB
+			ethAddr := eth.NibiruAddrToEthAddr(testAddr.NibiruAddr)
+			deps.EvmKeeper.Bank.StateDB.SetBalanceWei(ethAddr, big.NewInt(0))
+
+			// Apply context modifications
+			testCtx := tc.setupContext(deps.Ctx)
+
+			// Call SyncStateDBWithAccount
+			deps.EvmKeeper.Bank.SyncStateDBWithAccount(testCtx, testAddr.NibiruAddr)
+
+			// Check if balance was synced
+			actualBalance := deps.EvmKeeper.Bank.StateDB.GetBalance(ethAddr)
+			s.Equal(tc.expectedBalance, actualBalance.String(),
+				"Balance sync behavior incorrect for %s", tc.name)
+
+			// Clean up
+			deps.EvmKeeper.Bank.StateDB = nil
+		})
+	}
+}

x/evm/keeper/grpc_query.go

@@ -265,6 +265,7 @@ func (k *Keeper) EthCall(
 	}
 
 	ctx := sdk.UnwrapSDKContext(goCtx)
+	ctx = ctx.WithValue(SimulationContextKey, true)
 
 	var args evm.JsonTxArgs
 	err := json.Unmarshal(req.Args, &args)
@@ -325,6 +326,7 @@ func (k Keeper) EstimateGasForEvmCallType(
 	}
 
 	ctx := sdk.UnwrapSDKContext(goCtx)
+	ctx = ctx.WithValue(SimulationContextKey, true)
 	evmCfg := k.GetEVMConfig(ctx)
 
 	if req.GasCap < gethparams.TxGas {
@@ -480,6 +482,7 @@ func (k Keeper) TraceTx(
 	contextHeight := max(req.BlockNumber, 1)
 
 	ctx := sdk.UnwrapSDKContext(goCtx)
+	ctx = ctx.WithValue(SimulationContextKey, true)
 	ctx = ctx.WithBlockHeight(contextHeight)
 	ctx = ctx.WithBlockTime(req.BlockTime)
 	ctx = ctx.WithHeaderHash(gethcommon.Hex2Bytes(req.BlockHash))
@@ -576,6 +579,7 @@ func (k Keeper) TraceCall(
 	contextHeight := max(req.BlockNumber, 1)
 
 	ctx := sdk.UnwrapSDKContext(goCtx)
+	ctx = ctx.WithValue(SimulationContextKey, true)
 	ctx = ctx.WithBlockHeight(contextHeight)
 	ctx = ctx.WithBlockTime(req.BlockTime)
 	ctx = ctx.WithHeaderHash(gethcommon.Hex2Bytes(req.BlockHash))
@@ -665,6 +669,7 @@ func (k Keeper) TraceBlock(
 		WithConsensusParams(&cmtproto.ConsensusParams{
 			Block: &cmtproto.BlockParams{MaxGas: req.BlockMaxGas},
 		})
+	ctx = ctx.WithValue(SimulationContextKey, true)
 
 	evmCfg := k.GetEVMConfig(ctx)