tempo_revm/

error.rs

//! Tempo-specific transaction validation errors.

use alloy_evm::error::InvalidTxError;
use alloy_primitives::{Address, U256};
use revm::context::result::{EVMError, ExecutionResult, HaltReason, InvalidTransaction};
use tempo_primitives::transaction::{KeyAuthorizationChainIdError, KeychainVersionError};

/// Tempo-specific invalid transaction errors.
///
/// This enum extends the standard Ethereum [`InvalidTransaction`] with Tempo-specific
/// validation errors that occur during transaction processing.
#[derive(Debug, Clone, PartialEq, Eq, Hash, thiserror::Error)]
pub enum TempoInvalidTransaction {
    /// Standard Ethereum transaction validation error.
    #[error(transparent)]
    EthInvalidTransaction(#[from] InvalidTransaction),

    /// System transaction must be a call (not a create).
    #[error("system transaction must be a call, not a create")]
    SystemTransactionMustBeCall,

    /// System transaction execution failed.
    #[error("system transaction execution failed, result: {_0:?}")]
    SystemTransactionFailed(Box<ExecutionResult<TempoHaltReason>>),

    /// Fee payer signature recovery failed.
    ///
    /// This error occurs when a transaction specifies a fee payer but the
    /// signature recovery for the fee payer fails.
    #[error("fee payer signature recovery failed")]
    InvalidFeePayerSignature,

    /// Fee payer cannot resolve to the sender address.
    #[error("fee payer cannot resolve to sender")]
    SelfSponsoredFeePayer,

    // Tempo transaction errors
    /// Transaction cannot be included before validAfter timestamp.
    ///
    /// Tempo transactions can specify a validAfter field to restrict when they can be included.
    #[error(
        "transaction not valid yet: current block timestamp {current} < validAfter {valid_after}"
    )]
    ValidAfter {
        /// The current block timestamp.
        current: u64,
        /// The validAfter constraint from the transaction.
        valid_after: u64,
    },

    /// Transaction cannot be included after validBefore timestamp.
    ///
    /// Tempo transactions can specify a validBefore field to restrict when they can be included.
    #[error("transaction expired: current block timestamp {current} >= validBefore {valid_before}")]
    ValidBefore {
        /// The current block timestamp.
        current: u64,
        /// The validBefore constraint from the transaction.
        valid_before: u64,
    },

    /// P256 signature verification failed.
    ///
    /// The P256 signature could not be verified against the transaction hash.
    #[error("P256 signature verification failed")]
    InvalidP256Signature,

    /// WebAuthn signature verification failed.
    ///
    /// The WebAuthn signature validation failed (could be authenticatorData, clientDataJSON, or P256 verification).
    #[error("WebAuthn signature verification failed: {reason}")]
    InvalidWebAuthnSignature {
        /// Specific reason for failure.
        reason: String,
    },

    /// Nonce manager error.
    #[error("nonce manager error: {0}")]
    NonceManagerError(String),

    /// Expiring nonce transaction missing tempo_tx_env.
    #[error("expiring nonce transaction requires tempo_tx_env")]
    ExpiringNonceMissingTxEnv,

    /// Expiring nonce transaction missing valid_before.
    #[error("expiring nonce transaction requires valid_before to be set")]
    ExpiringNonceMissingValidBefore,

    /// Expiring nonce transaction must have nonce == 0.
    #[error("expiring nonce transaction must have nonce == 0")]
    ExpiringNonceNonceNotZero,

    /// Subblock transaction must have zero fee.
    #[error("subblock transaction must have zero fee")]
    SubblockTransactionMustHaveZeroFee,

    /// Invalid fee token fallback.
    #[error("invalid fee token: {0}")]
    InvalidFeeToken(Address),

    /// Fee token address is not a TIP-20 token.
    #[error("fee token {address} is not a TIP-20 token; fee tokens must be TIP-20 tokens")]
    FeeTokenNotTip20 {
        /// Invalid fee token address.
        address: Address,
    },

    /// Fee token is not USD-denominated.
    #[error(
        "fee token {address} uses currency {currency:?}; fee tokens must be USD-denominated TIP-20 tokens"
    )]
    FeeTokenNotUsdCurrency {
        /// Invalid fee token address.
        address: Address,
        /// Token currency read from TIP-20 metadata.
        currency: String,
    },

    /// Fee token is paused.
    #[error("fee token {address} is paused and cannot be used for fees")]
    FeeTokenPaused {
        /// Paused fee token address.
        address: Address,
    },

    /// Value transfer not allowed.
    #[error("value transfer not allowed")]
    ValueTransferNotAllowed,

    /// Value transfer in Tempo Transaction not allowed.
    #[error("value transfer in Tempo Transaction not allowed")]
    ValueTransferNotAllowedInAATx,

    /// Failed to recover access key address from signature.
    ///
    /// This error occurs when attempting to recover the access key address from a Keychain signature fails.
    #[error("failed to recover access key address from signature")]
    AccessKeyRecoveryFailed,

    /// Access keys cannot authorize other keys.
    ///
    /// Only the root key can authorize new access keys. An access key can only authorize itself
    /// in a same-transaction authorization flow.
    #[error("access keys cannot authorize other keys, only the root key can authorize new keys")]
    AccessKeyCannotAuthorizeOtherKeys,

    /// Failed to recover signer from KeyAuthorization signature.
    ///
    /// This error occurs when signature recovery from the KeyAuthorization fails.
    #[error("failed to recover signer from KeyAuthorization signature")]
    KeyAuthorizationSignatureRecoveryFailed,

    /// KeyAuthorization not signed by root account.
    ///
    /// The KeyAuthorization must be signed by the root account (transaction caller),
    /// but was signed by a different address.
    #[error(
        "KeyAuthorization must be signed by root account {expected}, but was signed by {actual}"
    )]
    KeyAuthorizationNotSignedByRoot {
        /// The expected signer (root account).
        expected: Address,
        /// The actual signer recovered from the signature.
        actual: Address,
    },

    /// Access key expiry is in the past.
    ///
    /// An access key cannot be authorized with an expiry timestamp that has already passed.
    #[error("access key expiry {expiry} is in the past (current timestamp: {current_timestamp})")]
    AccessKeyExpiryInPast {
        /// The expiry timestamp from the KeyAuthorization.
        expiry: u64,
        /// The current block timestamp.
        current_timestamp: u64,
    },

    /// AccountKeychain precompile error during key authorization.
    ///
    /// This error occurs when the AccountKeychain precompile rejects the key authorization
    /// (e.g., key already exists, invalid parameters).
    #[error("keychain precompile error: {reason}")]
    KeychainPrecompileError {
        /// The error message from the precompile.
        reason: String,
    },

    /// Keychain user address does not match transaction caller.
    ///
    /// For Keychain signatures, the user_address field must match the transaction caller.
    #[error("keychain user_address {user_address} does not match transaction caller {caller}")]
    KeychainUserAddressMismatch {
        /// The user_address from the Keychain signature.
        user_address: Address,
        /// The transaction caller.
        caller: Address,
    },

    /// Keychain validation failed.
    ///
    /// The access key is not authorized in the AccountKeychain precompile for this user,
    /// or the key has expired, or spending limits are exceeded.
    #[error("keychain validation failed: {reason}")]
    KeychainValidationFailed {
        /// The validation error details.
        reason: String,
    },

    /// KeyAuthorization chain_id does not match the current chain.
    #[error("KeyAuthorization chain_id mismatch: expected {expected}, got {got}")]
    KeyAuthorizationChainIdMismatch {
        /// The expected chain ID (current chain).
        expected: u64,
        /// The chain ID from the KeyAuthorization.
        got: u64,
    },

    /// Legacy V1 keychain signature is no longer accepted (deprecated at T1C).
    ///
    /// V1 keychain signatures do not bind the user address into the signature hash.
    /// Use V2 keychain signatures instead.
    #[error("legacy V1 keychain signature is no longer accepted, use V2 (type 0x04)")]
    LegacyKeychainSignature,

    /// V2 keychain signature used before T1C activation.
    ///
    /// V2 signatures (type 0x04) are only valid after the T1C hardfork activates.
    /// Rejecting them before activation prevents chain splits between upgraded and
    /// non-upgraded nodes.
    ///
    /// TODO(tanishk): This variant can be removed after T1C activation on all networks.
    #[error("V2 keychain signature (type 0x04) is not valid before T1C activation")]
    V2KeychainBeforeActivation,

    /// Keychain operations are not supported in subblock transactions.
    #[error("keychain operations are not supported in subblock transactions")]
    KeychainOpInSubblockTransaction,

    /// Fee payment error.
    #[error(transparent)]
    CollectFeePreTx(#[from] FeePaymentError),

    /// Tempo transaction validation error from validate_calls().
    ///
    /// This wraps validation errors from the shared validate_calls function.
    #[error("{0}")]
    CallsValidation(&'static str),
}

impl TempoInvalidTransaction {
    /// Returns `true` if this error is deterministic — i.e. the transaction is inherently
    /// malformed and will never become valid regardless of state changes.
    ///
    /// Returns `false` for state-dependent errors (balance, nonce, expiry, liquidity)
    /// that may resolve as state advances.
    pub fn is_bad_transaction(&self) -> bool {
        match self {
            Self::EthInvalidTransaction(eth) => match eth {
                InvalidTransaction::PriorityFeeGreaterThanMaxFee
                | InvalidTransaction::CallGasCostMoreThanGasLimit { .. }
                | InvalidTransaction::GasFloorMoreThanGasLimit { .. }
                | InvalidTransaction::CreateInitCodeSizeLimit
                | InvalidTransaction::InvalidChainId
                | InvalidTransaction::MissingChainId
                | InvalidTransaction::AccessListNotSupported
                | InvalidTransaction::MaxFeePerBlobGasNotSupported
                | InvalidTransaction::BlobVersionedHashesNotSupported
                | InvalidTransaction::EmptyBlobs
                | InvalidTransaction::BlobCreateTransaction
                | InvalidTransaction::TooManyBlobs { .. }
                | InvalidTransaction::BlobVersionNotSupported
                | InvalidTransaction::AuthorizationListNotSupported
                | InvalidTransaction::AuthorizationListInvalidFields
                | InvalidTransaction::EmptyAuthorizationList
                | InvalidTransaction::Eip2930NotSupported
                | InvalidTransaction::Eip1559NotSupported
                | InvalidTransaction::Eip4844NotSupported
                | InvalidTransaction::Eip7702NotSupported
                | InvalidTransaction::Eip7873NotSupported
                | InvalidTransaction::Eip7873MissingTarget
                | InvalidTransaction::OverflowPaymentInTransaction
                | InvalidTransaction::NonceOverflowInTransaction
                | InvalidTransaction::TxGasLimitGreaterThanCap { .. } => true,

                InvalidTransaction::GasPriceLessThanBasefee
                | InvalidTransaction::CallerGasLimitMoreThanBlock
                | InvalidTransaction::RejectCallerWithCode
                | InvalidTransaction::LackOfFundForMaxFee { .. }
                | InvalidTransaction::NonceTooHigh { .. }
                | InvalidTransaction::NonceTooLow { .. }
                | InvalidTransaction::BlobGasPriceGreaterThanMax { .. }
                | InvalidTransaction::Str(_) => false,
            },

            // Deterministic: tx is inherently malformed.
            Self::SystemTransactionMustBeCall
            | Self::SystemTransactionFailed(_)
            | Self::InvalidFeePayerSignature
            | Self::SelfSponsoredFeePayer
            | Self::InvalidP256Signature
            | Self::InvalidWebAuthnSignature { .. }
            | Self::AccessKeyRecoveryFailed
            | Self::AccessKeyCannotAuthorizeOtherKeys
            | Self::KeyAuthorizationSignatureRecoveryFailed
            | Self::KeyAuthorizationNotSignedByRoot { .. }
            | Self::KeychainUserAddressMismatch { .. }
            | Self::KeyAuthorizationChainIdMismatch { .. }
            | Self::ValueTransferNotAllowed
            | Self::ValueTransferNotAllowedInAATx
            | Self::ExpiringNonceMissingTxEnv
            | Self::ExpiringNonceMissingValidBefore
            | Self::ExpiringNonceNonceNotZero
            | Self::SubblockTransactionMustHaveZeroFee
            | Self::KeychainOpInSubblockTransaction
            | Self::LegacyKeychainSignature
            | Self::CallsValidation(_) => true,

            // State-dependent: may resolve as state advances.
            Self::ValidAfter { .. }
            | Self::ValidBefore { .. }
            | Self::InvalidFeeToken(_)
            | Self::FeeTokenNotTip20 { .. }
            | Self::FeeTokenNotUsdCurrency { .. }
            | Self::FeeTokenPaused { .. }
            | Self::AccessKeyExpiryInPast { .. }
            | Self::KeychainPrecompileError { .. }
            | Self::KeychainValidationFailed { .. }
            | Self::CollectFeePreTx(_)
            | Self::NonceManagerError(_)
            | Self::V2KeychainBeforeActivation => false,
        }
    }
}

impl InvalidTxError for TempoInvalidTransaction {
    fn is_nonce_too_low(&self) -> bool {
        match self {
            Self::EthInvalidTransaction(err) => err.is_nonce_too_low(),
            _ => false,
        }
    }

    fn as_invalid_tx_err(&self) -> Option<&InvalidTransaction> {
        match self {
            Self::EthInvalidTransaction(err) => Some(err),
            _ => None,
        }
    }
}

impl<DBError> From<TempoInvalidTransaction> for EVMError<DBError, TempoInvalidTransaction> {
    fn from(err: TempoInvalidTransaction) -> Self {
        Self::Transaction(err)
    }
}

impl From<&'static str> for TempoInvalidTransaction {
    fn from(err: &'static str) -> Self {
        Self::CallsValidation(err)
    }
}

impl From<KeychainVersionError> for TempoInvalidTransaction {
    fn from(err: KeychainVersionError) -> Self {
        match err {
            KeychainVersionError::LegacyPostT1C => Self::LegacyKeychainSignature,
            KeychainVersionError::V2BeforeActivation => Self::V2KeychainBeforeActivation,
        }
    }
}

/// Error type for fee payment errors.
#[derive(Debug, Clone, PartialEq, Eq, Hash, thiserror::Error)]
pub enum FeePaymentError {
    /// Insufficient liquidity in the FeeAMM pool to perform fee token swap.
    ///
    /// This indicates the user's fee token cannot be swapped for the native token
    /// because there's insufficient liquidity in the AMM pool.
    #[error("insufficient liquidity in FeeAMM pool to swap fee tokens (required: {fee})")]
    InsufficientAmmLiquidity {
        /// The required fee amount that couldn't be swapped.
        fee: U256,
    },

    /// Insufficient fee token balance to pay for transaction fees.
    ///
    /// This is distinct from the Ethereum `LackOfFundForMaxFee` error because
    /// it applies to custom fee tokens, not native balance.
    #[error("insufficient fee token balance: required {fee}, but only have {balance}")]
    InsufficientFeeTokenBalance {
        /// The required fee amount.
        fee: U256,
        /// The actual balance available.
        balance: U256,
    },

    /// Other error.
    #[error("{0}")]
    Other(String),
}

impl From<KeyAuthorizationChainIdError> for TempoInvalidTransaction {
    fn from(err: KeyAuthorizationChainIdError) -> Self {
        Self::KeyAuthorizationChainIdMismatch {
            expected: err.expected,
            got: err.got,
        }
    }
}

impl<DBError> From<FeePaymentError> for EVMError<DBError, TempoInvalidTransaction> {
    fn from(err: FeePaymentError) -> Self {
        TempoInvalidTransaction::from(err).into()
    }
}

/// Tempo-specific halt reason.
///
/// Used to extend basic [`HaltReason`] with an edge case of a subblock transaction fee payment error.
#[derive(Debug, Clone, PartialEq, Eq, Hash, derive_more::From)]
pub enum TempoHaltReason {
    /// Basic Ethereum halt reason.
    #[from]
    Ethereum(HaltReason),
    /// Subblock transaction failed to pay fees.
    SubblockTxFeePayment,
}

#[cfg(feature = "rpc")]
impl reth_rpc_eth_types::error::api::FromEvmHalt<TempoHaltReason>
    for reth_rpc_eth_types::EthApiError
{
    fn from_evm_halt(halt_reason: TempoHaltReason, gas_limit: u64) -> Self {
        match halt_reason {
            TempoHaltReason::Ethereum(halt_reason) => Self::from_evm_halt(halt_reason, gas_limit),
            TempoHaltReason::SubblockTxFeePayment => {
                Self::EvmCustom("subblock transaction failed to pay fees".to_string())
            }
        }
    }
}
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_error_display() {
        let err = TempoInvalidTransaction::SystemTransactionMustBeCall;
        assert_eq!(
            err.to_string(),
            "system transaction must be a call, not a create"
        );

        let err = FeePaymentError::InsufficientAmmLiquidity {
            fee: U256::from(1000),
        };
        assert!(
            err.to_string()
                .contains("insufficient liquidity in FeeAMM pool")
        );

        let err = FeePaymentError::InsufficientFeeTokenBalance {
            fee: U256::from(1000),
            balance: U256::from(500),
        };
        assert!(err.to_string().contains("insufficient fee token balance"));
    }

    #[test]
    fn test_from_invalid_transaction() {
        let eth_err = InvalidTransaction::PriorityFeeGreaterThanMaxFee;
        let tempo_err: TempoInvalidTransaction = eth_err.into();
        assert!(matches!(
            tempo_err,
            TempoInvalidTransaction::EthInvalidTransaction(_)
        ));
    }

    #[test]
    fn test_fee_token_errors_are_not_bad_transactions() {
        let address = Address::repeat_byte(0x20);
        let cases = [
            TempoInvalidTransaction::InvalidFeeToken(address),
            TempoInvalidTransaction::FeeTokenNotTip20 { address },
            TempoInvalidTransaction::FeeTokenNotUsdCurrency {
                address,
                currency: "EUR".to_string(),
            },
            TempoInvalidTransaction::FeeTokenPaused { address },
        ];

        for err in cases {
            assert!(!err.is_bad_transaction(), "{err} should not be bad");
        }
    }

    #[test]
    fn test_is_nonce_too_low() {
        let err = TempoInvalidTransaction::EthInvalidTransaction(InvalidTransaction::NonceTooLow {
            tx: 1,
            state: 0,
        });
        assert!(err.is_nonce_too_low());
        assert!(err.as_invalid_tx_err().is_some());

        let err = TempoInvalidTransaction::InvalidFeePayerSignature;
        assert!(!err.is_nonce_too_low());
        assert!(err.as_invalid_tx_err().is_none());

        let err = TempoInvalidTransaction::SelfSponsoredFeePayer;
        assert!(!err.is_nonce_too_low());
        assert!(err.as_invalid_tx_err().is_none());
    }

    #[test]
    fn test_fee_payment_error() {
        let _: EVMError<(), TempoInvalidTransaction> = FeePaymentError::InsufficientAmmLiquidity {
            fee: U256::from(1000),
        }
        .into();
    }
}