fix: allow preinstall in case account has a balance

[thomas-nguy]

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

• Bug Fixes

  • Fixed an issue preventing preinstall functionality when an account has a balance.

• Chores

  • Updated Go toolchain and core dependencies to maintain compatibility and stability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR updates Go dependencies to latest versions (toolchain from 1.23.12 to 1.25.0, multiple golang.org/x packages bumped), changes the ethermint dependency source to a forked version, synchronizes Nix module metadata with go.mod changes, documents a preinstall fix in the changelog, and extends integration tests with transaction verification logic.

Changes

Cohort / File(s)	Summary
Changelog CHANGELOG.md	Added new entry documenting fix: "allow preinstall in case account has a balance"
Dependency Management go.mod, gomod2nix.toml	Updated Go toolchain from 1.23.12 to 1.25.0; bumped golang.org/x/crypto, golang.org/x/net, golang.org/x/sync, golang.org/x/sys, golang.org/x/term, golang.org/x/text, and google.golang.org/protobuf to newer versions; changed ethermint dependency source from evmos to thomas-nguy fork; synchronized Nix module hashes and metadata
Integration Tests integration_tests/test_preinstall.py	Extended test_preinstalls to validate on-chain transaction from validator address (value 5) with receipt status and gas usage assertions before existing Create2 preinstall checks

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Ethermint fork source change requires verification of replacement intent and compatibility
• Multiple coordinated dependency version bumps across go.mod and gomod2nix.toml should be cross-checked for consistency

Possibly related PRs

• Problem: conflict of index uniqueness constrain violation on trace api #1753 — Both PRs modify go.mod and gomod2nix with ethermint and other module version/source updates
• feat: support preinstalls #1875 — Both PRs extend the integration_tests/test_preinstall.py test file with preinstall-related changes

Suggested labels

cronos

Suggested reviewers

• calvinaco
• XinyuCRO
• songgaoye

Poem

🐰 Dependencies climb so high and bright,
Ethermint forks to new delight,
Preinstalls now hold balance true,
Gas and receipts verified through and through! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: allow preinstall in case account has a balance' directly aligns with the main change visible in the PR: a changelog entry documenting a fix for allowing preinstall when an account has a balance, plus supporting code changes in integration tests that validate this behavior.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​golang.org/​x/​crypto@​v0.41.0 ⏵ v0.44.0	+1
	golang/​github.com/​thomas-nguy/​ethermint@​v0.4.2-0.20251216120354-91058302724d
	golang/​google.golang.org/​protobuf@​v1.36.10 ⏵ v1.36.11	+1

View full report

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

integration_tests/test_preinstall.py (1)

14-23: Excellent test coverage for the fix!

This test logic effectively validates the PR's objective by:

1. Sending funds to the Create2 address (giving it a balance)
2. Verifying the transaction succeeds
3. Later confirming that preinstall code can still be registered at that address

The assertion for gasUsed == 21000 is correct for a simple ETH transfer.

Optional: Add explicit balance verification for clarity.

Consider adding a balance check after the transaction to make the test intent more explicit:

 receipt = w3.eth.wait_for_transaction_receipt(txhash)
 assert receipt.status == 1
 assert receipt.gasUsed == 21000
+
+# Verify the address now has a balance
+balance = w3.eth.get_balance(create2address)
+assert balance == 5

This would make it explicit that the address has a balance before attempting the preinstall, further documenting the test's purpose.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 63b6a38 and 398b200.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• CHANGELOG.md (1 hunks)
• go.mod (4 hunks)
• gomod2nix.toml (3 hunks)
• integration_tests/test_preinstall.py (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: Build

go.mod

[error] 1-1: Command: nix develop .#rocksdb -c make test failed. go.mod specifies Go version 1.25.0, but no compatible Go attribute could be found.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run golangci-lint

🔇 Additional comments (4)

integration_tests/test_preinstall.py (1)

5-5: LGTM!

The ADDRS import is necessary for accessing the validator address in the new test logic.

CHANGELOG.md (1)

10-10: LGTM!

The changelog entry is properly formatted and correctly placed in the UNRELEASED section.

gomod2nix.toml (1)

327-329: Dependency metadata updates are consistent with go.mod.

The changes to this file reflect the dependency updates made in go.mod, including:

• Ethermint source change to the personal fork (line 327-329)
• Multiple golang.org/x/* version and hash updates (lines 759-782)
• google.golang.org/protobuf update (lines 801-802)

Note that if the issues identified in go.mod (Go version and Ethermint fork) are addressed, this file will need to be regenerated using gomod2nix to reflect the corrected dependencies.

Also applies to: 759-782, 801-802

go.mod (1)

3-3: Go 1.25.0 is a valid, released version; verify that Go 1.25+ is installed in your build environment.

Go 1.25.0 is a major release officially released on August 12, 2025. The error indicates a build environment configuration issue rather than an invalid version. Go 1.25.5 (the latest stable version as of December 2, 2025) is available and stable. Ensure your CI/CD pipeline and build environment have Go 1.25+ installed.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's check the go.mod file to see all the dependency changes
echo "=== Checking go.mod file around line 42 and 45 ==="
sed -n '35,55p' go.mod

echo ""
echo "=== Checking go.mod file around line 263-268 ==="
sed -n '255,275p' go.mod

echo ""
echo "=== Searching for golang.org/x/crypto usage in Go files ==="
rg -n "golang.org/x/crypto" --type=go -C 1 | head -30

echo ""
echo "=== Searching for google.golang.org/protobuf usage in Go files ==="
rg -n "google.golang.org/protobuf" --type=go -C 1 | head -30

Repository: crypto-org-chain/cronos

Length of output: 2584

---

Consider upgrading golang.org/x/crypto to v0.45.0 or later.

The current version v0.44.0 contains security vulnerabilities (CVE-2025-58181, CVE-2025-47914) that are fixed in v0.45.0 and later. The google.golang.org/protobuf v1.36.11 update is a stable patch release with no breaking changes.

🤖 Prompt for AI Agents

In go.mod around line 42, upgrade the module golang.org/x/crypto from v0.44.0 to
v0.45.0 (or later) to pick up security fixes; update the version in go.mod, run
`go get golang.org/x/[email protected]` (or `@latest`), then run `go mod tidy` to
refresh go.sum and resolve dependencies, and finally run the project's
tests/build to verify there are no regressions.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Search for references to both ethermint sources and any documentation explaining the fork choice
rg -i "(thomas-nguy|ethermint fork|archived)" --type=md -C 3

Repository: crypto-org-chain/cronos

Length of output: 49

---

🏁 Script executed:

# Check git history for when and why this change was made
cd "$(git rev-parse --show-toplevel)" 2>/dev/null || true
git log --oneline -20 -- go.mod | head -20

Repository: crypto-org-chain/cronos

Length of output: 88

---

🏁 Script executed:

# Look for any comments in go.mod or related files explaining the fork
grep -n -B 5 -A 5 "thomas-nguy/ethermint" go.mod

Repository: crypto-org-chain/cronos

Length of output: 872

---

🏁 Script executed:

# Check if there are any CHANGELOG, README, or docs explaining this choice
find . -type f \( -name "CHANGELOG*" -o -name "README*" -o -name "*.md" \) | xargs grep -l "ethermint\|fork" 2>/dev/null | head -10

Repository: crypto-org-chain/cronos

Length of output: 348

---

🏁 Script executed:

grep -i "fork\|ethermint\|maintain\|upstream" README.md CONTRIBUTING.md 2>/dev/null | head -20

Repository: crypto-org-chain/cronos

Length of output: 1527

---

🏁 Script executed:

# Check the specific commit referenced in the fork to understand what customizations exist
# The version is v0.4.2-0.20251216120354-91058302724d
# Try to find any code or comments explaining why this fork is used
rg -i "thomas-nguy\|ethermint.*custom\|ethermint.*fork" . --type=go -C 2 | head -30

Repository: crypto-org-chain/cronos

Length of output: 49

---

🏁 Script executed:

# Check if there's a CHANGELOG or release notes explaining the fork
cat CHANGELOG.md 2>/dev/null | grep -i "ethermint\|fork" -C 2 | head -20

Repository: crypto-org-chain/cronos

Length of output: 1197

---

🏁 Script executed:

# Look for any architecture decision records (ADR) or design docs explaining fork usage
fd -t f "ADR|adr|architecture|decision" docs/ 2>/dev/null | xargs grep -l "ethermint\|fork" 2>/dev/null

Repository: crypto-org-chain/cronos

Length of output: 182

---

🏁 Script executed:

# Check if there's a crypto-org-chain/ethermint fork mentioned in CHANGELOG or elsewhere
rg "crypto-org-chain.*ethermint" . -C 2 | head -40

Repository: crypto-org-chain/cronos

Length of output: 3604

---

🏁 Script executed:

# Check the git history for the ethermint dependency to understand when/why it changed to thomas-nguy
git log --all --oneline -- go.mod | grep -i "ethermint" | head -5

Repository: crypto-org-chain/cronos

Length of output: 319

---

🏁 Script executed:

# Look for any issues or PRs mentioning the ethermint fork choice
git log -p -- go.mod | grep -B 10 -A 10 "thomas-nguy\|ethermint" | head -50

Repository: crypto-org-chain/cronos

Length of output: 49

---

🏁 Script executed:

# Get more detailed git log for go.mod to see when thomas-nguy fork was introduced
git log --all -p -- go.mod | grep -B 30 -A 5 "thomas-nguy/ethermint" | head -60

Repository: crypto-org-chain/cronos

Length of output: 2110

---

🏁 Script executed:

# Check when the switch to thomas-nguy happened and what the commit message says
git log --all --format="%H %s" -- go.mod | head -3 | while read commit msg; do echo "=== $msg ==="; git show "$commit" | grep -A 5 -B 5 "ethermint" | head -20; done

Repository: crypto-org-chain/cronos

Length of output: 2572

---

🏁 Script executed:

# Look for any references to crypto-org-chain/ethermint vs thomas-nguy in recent commits
git log --all -S "ethermint" --oneline -- go.mod | head -10

Repository: crypto-org-chain/cronos

Length of output: 624

---

🏁 Script executed:

# Check the specific commit that changed to thomas-nguy/ethermint
git show 398b200 --stat | head -20

Repository: crypto-org-chain/cronos

Length of output: 1086

---

🏁 Script executed:

# Look for commit messages explaining the change from crypto-org-chain to thomas-nguy
git log --all --format="%H %ai %s" -- go.mod | head -20

Repository: crypto-org-chain/cronos

Length of output: 2569

---

🏁 Script executed:

# Check if there are any PRs or issues referencing the fork change
git log --all -S "thomas-nguy/ethermint" --oneline | head -5

Repository: crypto-org-chain/cronos

Length of output: 153

---

🏁 Script executed:

# Find the commit that introduced thomas-nguy/ethermint and show its full message
git log --all -S "thomas-nguy/ethermint" --format="%H %s %b" | head -100

Repository: crypto-org-chain/cronos

Length of output: 153

---

Document the maintenance plan and rationale for switching to the personal Ethermint fork.

The upstream github.com/evmos/ethermint was archived on April 4, 2024 and is now read-only, which justifies using a fork for continued development. However, the recent switch from github.com/crypto-org-chain/ethermint to github.com/thomas-nguy/ethermint lacks explanation in documentation or comments. Add clarification in the codebase about:

• Why the fork was switched (was crypto-org-chain/ethermint no longer maintained?)
• Whether thomas-nguy/ethermint is actively maintained or if this is temporary
• Long-term maintenance responsibilities and update frequency

🤖 Prompt for AI Agents

In go.mod around line 306, the swap to the personal fork
github.com/thomas-nguy/ethermint lacks documented rationale and maintenance
plan; add a brief comment in the repo (adjacent to the go.mod entry or in a new
docs/DEPENDENCIES.md or MAINTAINERS.md) stating why we switched from the
archived upstream (evmos/ethermint), whether the previous crypto-org-chain fork
was unmaintained, whether thomas-nguy/ethermint is actively maintained or
temporary, who owns long‑term maintenance responsibilities, how often
updates/security pulls will be applied, and a contact or issue link for
follow-up. Ensure the note includes version pin justification and a plan for
reverting to upstream or adopting another fork in future.