Problem: currently used go-ethereum contains a known vulnerability

[yihuang]

Closes: #142 #102

Solution:

• update to ethermint's recent main branch
• add feemarket module, have to do this together.

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

[tomtau]

probably the more precise problem is: "Problem: currently used go-ethereum contains a known vulnerability" :)

I guess also a changelog entry can be added?

If the current testnet is to be upgraded via a state export -- I guess it'd also need genesis migrations to add the new module (or are there any other breaking changes?)?

[tomtau]

is this IAVL line necessary? it should be by default in 0.44.1?

[yihuang]

https://github.com/tendermint/tendermint/blob/v0.34.13/go.mod#L16

it seems still needed, tendermint still depends on the old iavl

[JayT106]

submitted tendermint/tendermint#7089, I think it can be backported to v0.34.x.

[thomas-nguy]

Let's wait until we have a more stable version of ethermint before upgrading and adding a Changelog entry? (unless we are planning release soon)

It seems the bump to 1.10.9 is still work in progress and might take few more days to complete
evmos/ethermint#624

[yihuang]

Currently there's a panic here: https://github.com/tharsis/ethermint/blob/main/rpc/ethereum/backend/utils.go#L53, because the head.BaseFee is nil.

[codecov]

Codecov Report

Merging #143 (30ed5dc) into main (3ea70c5) will increase coverage by 4.82%.
The diff coverage is 48.17%.

@@            Coverage Diff             @@
##             main     #143      +/-   ##
==========================================
+ Coverage   21.51%   26.33%   +4.82%     
==========================================
  Files          27       33       +6     
  Lines        1729     2407     +678     
==========================================
+ Hits          372      634     +262     
- Misses       1324     1729     +405     
- Partials       33       44      +11     

Impacted Files	Coverage Δ
app/prefix.go	0.00% <0.00%> (ø)
app/test_helpers.go	0.00% <0.00%> (ø)
x/cronos/keeper/gravity_hooks.go	0.00% <0.00%> (ø)
x/cronos/keeper/grpc_query.go	0.00% <0.00%> (ø)
x/cronos/keeper/msg_server.go	5.00% <0.00%> (-1.46%)	⬇️
x/cronos/module.go	59.64% <0.00%> (-2.17%)	⬇️
x/cronos/types/codec.go	0.00% <0.00%> (ø)
x/cronos/types/events.go	0.00% <ø> (ø)
x/cronos/types/messages.go	20.22% <ø> (+20.22%)	⬆️
x/cronos/types/params.go	57.35% <ø> (+3.78%)	⬆️
... and 19 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7ff1cb9...30ed5dc. Read the comment docs.

[thomas-nguy]

maybe specify upgrade ethermint

[yihuang]

done

[tomtau]

not sure if changelog should also comment on breaking changes?

[yihuang]

copied some ethermint changelog.

[thomas-nguy]

on hold

[yihuang]

ethermint has upgraded, we just need to update to ethermint main branch later.