tempo_revm/

handler.rs

//! Tempo EVM Handler implementation.

use std::{
    cmp::Ordering,
    fmt::Debug,
    sync::{Arc, OnceLock},
};

use alloy_primitives::{Address, TxKind, U256};
use reth_evm::{EvmError, EvmInternals};
use revm::{
    Database,
    context::{
        Block, Cfg, ContextTr, JournalTr, LocalContextTr, Transaction, TransactionType,
        journaled_state::account::JournaledAccountTr,
        result::{EVMError, ExecutionResult, InvalidTransaction, ResultGas},
        transaction::{AccessListItem, AccessListItemTr},
    },
    context_interface::cfg::{GasId, GasParams},
    handler::{
        EvmTr, FrameResult, FrameTr, Handler, MainnetHandler, post_execution,
        pre_execution::{self, apply_auth_list, calculate_caller_fee},
        precompile_output_to_interpreter_result, validation,
    },
    inspector::{Inspector, InspectorHandler},
    interpreter::{
        CallOutcome, CreateOutcome, Gas, InitialAndFloorGas,
        gas::{
            COLD_SLOAD_COST, STANDARD_TOKEN_COST, WARM_SSTORE_RESET,
            get_tokens_in_calldata_istanbul,
        },
        interpreter::EthInterpreter,
    },
    precompile::PrecompileError,
};
use tempo_chainspec::constants::gas::STORAGE_CREDIT_VALUE;
use tempo_contracts::precompiles::{
    IAccountKeychain::SignatureType as PrecompileSignatureType, TIPFeeAMMError,
};
use tempo_precompiles::{
    ECRECOVER_GAS,
    account_keychain::{
        AccountKeychain, AuthorizedKey, CallScope as PrecompileCallScope, KeyRestrictions,
        SelectorRule as PrecompileSelectorRule, TokenLimit,
    },
    error::TempoPrecompileError,
    nonce::{
        EXPIRING_NONCE_MAX_EXPIRY_SECS, EXPIRING_NONCE_SET_CAPACITY, INonce::getNonceCall,
        NonceManager,
    },
    storage::{
        Handler as _, PrecompileStorageProvider, StorageActions, StorageCtx,
        evm::EvmPrecompileStorageProvider,
    },
    tip_fee_manager::TipFeeManager,
    tip20::{ITIP20::InsufficientBalance, TIP20Error, TIP20Token},
    tip20_channel_reserve::TIP20ChannelReserve,
};
use tempo_primitives::{
    TempoAddressExt,
    transaction::{
        PrimitiveSignature, SignatureType, TEMPO_EXPIRING_NONCE_KEY, TempoSignature,
        calc_gas_balance_spending, validate_calls,
    },
};

use crate::{
    TempoBatchCallEnv, TempoEvm, TempoInvalidTransaction, TempoTxEnv,
    common::TempoStateAccess,
    error::{FeePaymentError, TempoHaltReason},
    evm::TempoContext,
    gas_credits,
};

/// Additional gas for P256 signature verification
/// P256 precompile cost (6900 from EIP-7951) + 1100 for 129 bytes extra signature size - ecrecover savings (3000)
const P256_VERIFY_GAS: u64 = 5_000;

/// Additional gas for Keychain signatures (key validation overhead: COLD_SLOAD_COST + 900 processing)
const KEYCHAIN_VALIDATION_GAS: u64 = COLD_SLOAD_COST + 900;

/// Base gas for KeyAuthorization (22k storage + 5k buffer), signature gas added at runtime
const KEY_AUTH_BASE_GAS: u64 = 27_000;

/// Gas per spending limit in KeyAuthorization
const KEY_AUTH_PER_LIMIT_GAS: u64 = 22_000;

/// Rounded buffer for each extra LOG3/no-data event emitted by key authorizations.
const KEY_AUTH_EXTRA_EVENT_BUFFER: u64 = 1_500;

/// Gas cost for expiring nonce transactions (replay check + insert).
///
/// See [TIP-1009] for full specification.
///
/// [TIP-1009]: <https://docs.tempo.xyz/protocol/tips/tip-1009>
///
/// Operations charged:
/// - 2 cold SLOADs: `seen[tx_hash]`, `ring[idx]` (unique slots per tx)
/// - 1 warm SLOAD: `seen[old_hash]` (warm because we just read `ring[idx]` which points to it)
/// - 3 SSTOREs at RESET price: `seen[old_hash]=0`, `ring[idx]=tx_hash`, `seen[tx_hash]=valid_before`
///
/// Excluded from gas calculation:
/// - `ring_ptr` SLOAD/SSTORE: Accessed by almost every expiring nonce tx in a block, so
///   amortized cost approaches ~200 gas. May be moved out of EVM storage in the future.
///
/// Why SSTORE_RESET (2,900) instead of SSTORE_SET (20,000) for `seen[tx_hash]`:
/// - SSTORE_SET cost exists to penalize permanent state growth
/// - Expiring nonce data is ephemeral: evicted within 30 seconds, fixed-size buffer (300k)
/// - No permanent state growth, so the 20k penalty doesn't apply
///
/// Total: 2*2100 + 100 + 3*2900 = 13,000 gas
pub const EXPIRING_NONCE_GAS: u64 = 2 * COLD_SLOAD_COST + 100 + 3 * WARM_SSTORE_RESET;

/// Calculates the gas cost for verifying a primitive signature.
///
/// Returns the additional gas required beyond the base transaction cost:
/// - Secp256k1: 0 (already included in base 21k)
/// - P256: 5000 gas
/// - WebAuthn: 5000 gas + calldata cost for webauthn_data
#[inline]
fn primitive_signature_verification_gas(signature: &PrimitiveSignature) -> u64 {
    match signature {
        PrimitiveSignature::Secp256k1(_) => 0,
        PrimitiveSignature::P256(_) => P256_VERIFY_GAS,
        PrimitiveSignature::WebAuthn(webauthn_sig) => {
            let tokens = get_tokens_in_calldata_istanbul(&webauthn_sig.webauthn_data);
            P256_VERIFY_GAS + tokens * STANDARD_TOKEN_COST
        }
    }
}

/// Calculates the gas cost for verifying an AA signature.
///
/// For Keychain signatures, adds key validation overhead to the inner signature cost
/// Returns the additional gas required beyond the base transaction cost.
#[inline]
fn tempo_signature_verification_gas(signature: &TempoSignature) -> u64 {
    match signature {
        TempoSignature::Primitive(prim_sig) => primitive_signature_verification_gas(prim_sig),
        TempoSignature::Keychain(keychain_sig) => {
            // Keychain = inner signature + key validation overhead (SLOAD + processing)
            primitive_signature_verification_gas(&keychain_sig.signature) + KEYCHAIN_VALIDATION_GAS
        }
    }
}

#[derive(Debug, Clone)]
struct LoadedTxAccessKey {
    key_id: Address,
    key: AuthorizedKey,
}

/// Counts the scope storage rows that pay the dynamic SSTORE-set path for the active spec.
///
/// T3 keeps the broader all-persisted-rows accounting from current main. T4 narrows this to rows
/// that actually create storage, so repeated same-tx set length rewrites no longer count as fresh
/// SSTORE-set rows. The helper bookkeeping around scope persistence is charged separately via a
/// rounded surcharge.
fn call_scope_storage_slots(
    auth: &tempo_primitives::transaction::KeyAuthorization,
    spec: tempo_chainspec::hardfork::TempoHardfork,
) -> u64 {
    match auth.allowed_calls.as_ref() {
        None => 0,
        Some(scopes) if scopes.is_empty() => 1,
        Some(scopes) => {
            let is_t4 = spec.is_t4();
            let mut selector_sets = 0u64;
            let mut selectors = 0u64;
            let mut constrained_selectors = 0u64;
            let mut recipients = 0u64;

            for scope in scopes {
                if is_t4 && !scope.selector_rules.is_empty() {
                    selector_sets += 1;
                }

                selectors += scope.selector_rules.len() as u64;
                for rule in &scope.selector_rules {
                    if !rule.recipients.is_empty() {
                        constrained_selectors += 1;
                        recipients += rule.recipients.len() as u64;
                    }
                }
            }

            if is_t4 {
                // Storage-creating rows only:
                // - account mode write: 1
                // - target set values+positions: +2 per target, plus one length slot for the set
                // - selector set values+positions: +2 per selector, plus one length slot per
                //   target that persists selectors
                // - recipient-constrained selectors persist one recipient set length slot each
                // - recipient set values+positions: +2 per recipient
                1 + scopes.len() as u64 * 2
                    + 1
                    + selectors * 2
                    + selector_sets
                    + constrained_selectors
                    + recipients * 2
            } else {
                // All persisted rows:
                // - account mode write: 1
                // - each target insertion: 3
                // - each selector insertion: 3
                // - recipient-constrained selectors also write recipient set length: +1 per
                //   selector
                // - recipient set values+positions: +2 per recipient
                1 + scopes.len() as u64 * 3 + selectors * 3 + constrained_selectors + recipients * 2
            }
        }
    }
}

/// Charges the unpriced scope-helper bookkeeping for T4 key authorizations.
/// The dynamic SSTORE rows are already counted by `call_scope_storage_slots()`. What remains is the
/// helper work around them: clearing the empty scope tree for fresh keys, target/set maintenance,
/// selector/set maintenance, and recipient-set writes. We use rounded constants here because the
/// goal is to stop the undercharge without mirroring every storage helper exactly.
///
/// The chosen values intentionally round upward:
/// - base 5k covers the always-run empty-tree clear and restricted/unrestricted mode bookkeeping,
/// - 7k per target and 7k per selector cover the set-maintenance work around each scope layer,
/// - 5k per recipient covers the extra recipient-set persistence.
///
/// The objective is to stay roughly aligned with authorization pricing while avoiding materially low
/// charges on larger scope trees, even if that means slight overcharging in simpler cases.
///
/// TODO: Refactor intrinsic gas accounting so this and the other intrinsic surcharges come from one
/// shared model instead of per-feature heuristics.
fn call_scope_extra_gas(auth: &tempo_primitives::transaction::KeyAuthorization) -> u64 {
    const BASE_SCOPE_GAS: u64 = 5_000;
    const TARGET_SCOPE_GAS: u64 = 7_000;
    const SELECTOR_SCOPE_GAS: u64 = 7_000;
    const RECIPIENT_SCOPE_GAS: u64 = 5_000;

    let Some(scopes) = auth.allowed_calls.as_ref() else {
        return BASE_SCOPE_GAS;
    };

    let num_targets = scopes.len() as u64;
    let num_selectors = scopes
        .iter()
        .map(|scope| scope.selector_rules.len() as u64)
        .sum::<u64>();
    let num_recipients = scopes
        .iter()
        .flat_map(|scope| &scope.selector_rules)
        .map(|rule| rule.recipients.len() as u64)
        .sum::<u64>();

    BASE_SCOPE_GAS
        + TARGET_SCOPE_GAS.saturating_mul(num_targets)
        + SELECTOR_SCOPE_GAS.saturating_mul(num_selectors)
        + RECIPIENT_SCOPE_GAS.saturating_mul(num_recipients)
}

/// Rewrites a failed batch step's gas accounting to match whole-transaction semantics.
///
/// `frame_result` initially only reflects the final failed step. For atomic AA batches we surface
/// one top-level transaction result instead, so the gas field must be normalized to the full tx
/// budget. Reverts preserve the exact gas spent across prior successful steps plus the failed step,
/// while halts such as OOG consume the entire remaining transaction budget.
///
/// NOTE: in AA batches, non-refundable state-gas charges that are known upfront, are already
/// included in `initial_state_gas`, so this only refunds per-step execution state gas on failure.
fn normalize_failed_batch_result_gas(
    frame_result: &mut FrameResult,
    final_gas_limit: u64,
    accumulated_state_gas_spent: i64,
) {
    // Create new Gas with correct limit, because Gas does not have a set_limit method
    // (the frame_result limit only covers the failed step).
    let mut corrected_gas = Gas::new_spent_with_reservoir(final_gas_limit, 0);
    if frame_result.instruction_result().is_revert() {
        corrected_gas.erase_cost(frame_result.gas().remaining());
    }
    // No refunds when batch fails and all state is reverted.
    corrected_gas.set_refund(0);
    // No state gas spending for failed calls
    corrected_gas.set_state_gas_spent(0);
    // Reservoir and state gas are refunded on failure
    corrected_gas.set_reservoir(
        frame_result
            .gas()
            .reservoir()
            .saturating_add_signed(accumulated_state_gas_spent)
            .saturating_add_signed(frame_result.gas().state_gas_spent()),
    );
    *frame_result.gas_mut() = corrected_gas;
}

fn translate_allowed_calls_for_precompile(
    key_auth: &tempo_primitives::transaction::SignedKeyAuthorization,
) -> Vec<PrecompileCallScope> {
    let Some(scopes) = key_auth.allowed_calls.as_ref() else {
        return Vec::new();
    };

    scopes
        .iter()
        .map(|scope| PrecompileCallScope {
            target: scope.target,
            selectorRules: scope
                .selector_rules
                .iter()
                .map(|rule| PrecompileSelectorRule {
                    selector: rule.selector.into(),
                    recipients: rule.recipients.clone(),
                })
                .collect(),
        })
        .collect()
}

/// Calculates the intrinsic gas cost for a KeyAuthorization.
///
/// This is charged before execution as part of transaction validation.
///
/// Pre-T1B: Gas = BASE (27k) + signature verification + (22k per spending limit)
///   On T1/T1A this was double-charged alongside the gas-metered precompile call.
///
/// T1B+: Gas = signature verification + SLOAD (existing key check) +
///   SSTORE (write key) + N × SSTORE (per spending limit)
///   This is the sole gas accounting — the precompile runs with unlimited gas.
///
/// Returns `(total_gas, state_gas)` where `total_gas` includes the state gas portion.
/// On T4+, each storage-creating SSTORE contributes `sstore_set_state_gas` to state gas
/// per TIP-1016.
#[inline]
fn calculate_key_authorization_gas(
    key_auth: &tempo_primitives::transaction::SignedKeyAuthorization,
    gas_params: &GasParams,
    spec: tempo_chainspec::hardfork::TempoHardfork,
) -> (u64, u64) {
    // All signature types pay ECRECOVER_GAS (3k) as the baseline since
    // primitive_signature_verification_gas assumes ecrecover is already in base 21k.
    // For KeyAuthorization, we're doing an additional signature verification.
    let sig_gas = ECRECOVER_GAS + primitive_signature_verification_gas(&key_auth.signature);

    let num_limits = key_auth
        .authorization
        .limits
        .as_ref()
        .map(|limits| limits.len() as u64)
        .unwrap_or(0);

    if spec.is_t1b() {
        // T1B+: Accurate gas matching actual precompile storage operations.
        // authorize_key does: 1 SLOAD (read existing key) + 1 SSTORE (write key)
        //   + N SSTOREs (one per spending limit) + 2k buffer (TSTORE + keccak + event)
        // T5 witness and T6 admin authorizations emit additional LOG3 events with no data.
        const BUFFER: u64 = 2_000;
        let sload_cost =
            gas_params.warm_storage_read_cost() + gas_params.cold_storage_additional_cost();

        let limit_slots = if spec.is_t3() {
            // T3 periodic limits write 2 storage slots per token:
            // spending_limits[token].remaining + packed {max, period, period_end}
            num_limits.saturating_mul(2)
        } else {
            num_limits
        };

        let has_t5_witness = key_auth.has_witness();
        let mut num_sstores = 1 + limit_slots;

        if spec.is_t3() {
            num_sstores += call_scope_storage_slots(&key_auth.authorization, spec);
        }

        let mut sstore_cost = gas_params.get(GasId::sstore_set_without_load_cost());
        if spec.is_t7() {
            // T7 exposes only the SSTORE residual in the gas table. Since key-auth storage is
            // intrinsic-only, we must also add the creditable portion here.
            sstore_cost = sstore_cost.saturating_add(STORAGE_CREDIT_VALUE);
        }
        let mut regular_gas = sig_gas + sload_cost + sstore_cost * num_sstores + BUFFER;

        if has_t5_witness {
            regular_gas += sload_cost + KEY_AUTH_EXTRA_EVENT_BUFFER;
        }

        if spec.is_t6() && key_auth.is_admin() {
            regular_gas += KEY_AUTH_EXTRA_EVENT_BUFFER;
        }

        // T4+: include extra gas for call scopes configuration
        if spec.is_t4() {
            regular_gas += call_scope_extra_gas(&key_auth.authorization);
        }

        // TIP-1016: each storage-creating SSTORE also incurs state gas.
        let state_gas = gas_params
            .get(GasId::sstore_set_state_gas())
            .saturating_mul(num_sstores);

        (regular_gas, state_gas)
    } else {
        // Pre-T1B: Original heuristic constants
        (
            KEY_AUTH_BASE_GAS + sig_gas + num_limits * KEY_AUTH_PER_LIMIT_GAS,
            0,
        )
    }
}

/// Tempo EVM [`Handler`] implementation with Tempo specific modifications:
///
/// Fees are paid in fee tokens instead of account balance.
#[derive(Debug)]
pub struct TempoEvmHandler<DB, I> {
    /// Phantom data to avoid type inference issues.
    _phantom: core::marker::PhantomData<(DB, I)>,
}

impl<DB, I> TempoEvmHandler<DB, I> {
    /// Create a new [`TempoEvmHandler`] handler instance
    pub fn new() -> Self {
        Self {
            _phantom: core::marker::PhantomData,
        }
    }
}

impl<DB: alloy_evm::Database, I> TempoEvmHandler<DB, I> {
    fn seed_precompile_tx_context(
        &self,
        evm: &mut TempoEvm<DB, I>,
    ) -> Result<(), EVMError<DB::Error, TempoInvalidTransaction>> {
        let ctx = evm.ctx_mut();
        let channel_open_context_hash = ctx.tx.channel_open_context_hash();

        // Seed transient precompile transaction context for both regular execution and RPC
        // simulations (`eth_call` / `eth_estimateGas`) that go through handler execution.
        StorageCtx::enter_evm(
            &mut ctx.journaled_state,
            &ctx.block,
            &ctx.cfg,
            &ctx.tx,
            StorageActions::disabled(),
            || {
                let mut keychain = AccountKeychain::new();
                keychain.set_tx_origin(ctx.tx.caller())?;

                if let Some(channel_open_context_hash) = channel_open_context_hash {
                    let mut channel_reserve = TIP20ChannelReserve::new();
                    channel_reserve.set_channel_open_context_hash(channel_open_context_hash)?;
                }

                Ok::<(), TempoPrecompileError>(())
            },
        )
        .map_err(|e| EVMError::Custom(e.to_string()))
    }
}

impl<DB, I> TempoEvmHandler<DB, I>
where
    DB: alloy_evm::Database,
{
    fn prevalidate_keychain_call_scopes(
        &self,
        evm: &mut TempoEvm<DB, I>,
        calls: &[tempo_primitives::transaction::Call],
        remaining_gas: &mut u64,
        reservoir: u64,
    ) -> Result<Option<FrameResult>, EVMError<DB::Error, TempoInvalidTransaction>> {
        let spec = *evm.ctx().cfg().spec();
        if !spec.is_t3() {
            return Ok(None);
        }

        // Call-scope matching scales with batch size, so it runs under a metered storage provider.
        // This keeps unpaid transaction validation bounded while still failing before the first
        // user call executes.

        let (access_key_addr, user_address) = {
            let ctx = evm.ctx();
            let tx = ctx.tx();
            let Some(tempo_tx_env) = tx.tempo_tx_env.as_ref() else {
                return Ok(None);
            };
            let Some(keychain_sig) = tempo_tx_env.signature.as_keychain() else {
                return Ok(None);
            };

            let access_key_addr = if let Some(override_key_id) = tempo_tx_env.override_key_id {
                override_key_id
            } else {
                keychain_sig
                    .key_id(&tempo_tx_env.signature_hash)
                    .map_err(|_| {
                        EVMError::Custom(
                            "keychain access key recovery failed after validation".into(),
                        )
                    })?
            };

            (access_key_addr, keychain_sig.user_address)
        };
        let Some(kind) = calls.first().map(|call| call.to) else {
            return Err(EVMError::Custom(
                "AA transactions must contain at least one call".into(),
            ));
        };

        // It's fine to set reservoir to 0 because this won't create any state.
        let actions = evm.actions.clone();
        let (validation, gas_used) = StorageCtx::enter_ctx_with_gas_limit(
            evm.ctx_mut(),
            *remaining_gas,
            reservoir,
            actions,
            || {
                let keychain = AccountKeychain::default();
                for call in calls {
                    keychain.validate_call_scope_for_transaction(
                        user_address,
                        access_key_addr,
                        &call.to,
                        call.input.as_ref(),
                    )?;
                }
                Ok::<(), TempoPrecompileError>(())
            },
        );

        match validation {
            Ok(()) => {
                *remaining_gas = remaining_gas.saturating_sub(gas_used);
                Ok(None)
            }
            Err(err) => match err.into_precompile_result(gas_used, reservoir) {
                Ok(output) => {
                    let interpreter_result =
                        precompile_output_to_interpreter_result(output, *remaining_gas);

                    let frame_result = if kind.is_call() {
                        FrameResult::Call(CallOutcome::new(interpreter_result, 0..0))
                    } else {
                        FrameResult::Create(CreateOutcome::new(interpreter_result, None))
                    };

                    Ok(Some(frame_result))
                }
                Err(PrecompileError::Fatal(err)) => Err(EVMError::Custom(err)),
                Err(err) => Err(EVMError::Custom(err.to_string())),
            },
        }
    }

    /// Generic single-call execution that works with both standard and inspector exec loops.
    ///
    /// This is the core implementation that both `execute_single_call` and inspector-aware
    /// execution can use by providing the appropriate exec loop function.
    fn execute_single_call_with<F>(
        &mut self,
        evm: &mut TempoEvm<DB, I>,
        gas_limit: u64,
        reservoir: u64,
        mut run_loop: F,
    ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>>
    where
        F: FnMut(
            &mut Self,
            &mut TempoEvm<DB, I>,
            <<TempoEvm<DB, I> as EvmTr>::Frame as FrameTr>::FrameInit,
        ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>>,
    {
        // Create first frame action
        let first_frame_input = self.first_frame_input(evm, gas_limit, reservoir)?;

        // Run execution loop (standard or inspector)
        let mut frame_result = run_loop(self, evm, first_frame_input)?;

        // Handle last frame result
        self.last_frame_result(evm, reservoir, &mut frame_result)?;

        Ok(frame_result)
    }

    /// Executes a standard single-call transaction using the default handler logic.
    ///
    /// This calls the same helper methods used by the default [`Handler::execution`] implementation.
    fn execute_single_call(
        &mut self,
        evm: &mut TempoEvm<DB, I>,
        gas_limit: u64,
        reservoir: u64,
    ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>> {
        self.execute_single_call_with(evm, gas_limit, reservoir, Self::run_exec_loop)
    }

    /// Generic multi-call execution that works with both standard and inspector exec loops.
    ///
    /// This is the core implementation for atomic batch execution that both `execute_multi_call`
    /// and inspector-aware execution can use by providing the appropriate single-call function.
    ///
    /// Provides atomic batch execution for AA transactions with multiple calls:
    /// 1. Creates a checkpoint before executing any calls
    /// 2. Executes each call sequentially, updating gas tracking
    /// 3. If ANY call fails, reverts ALL state changes atomically
    /// 4. If all calls succeed, commits ALL state changes atomically
    ///
    /// The atomicity is guaranteed by the checkpoint/revert/commit mechanism:
    /// - Each individual call creates its own internal checkpoint
    /// - The outer checkpoint (created here) captures state before any calls execute
    /// - Reverting the outer checkpoint undoes all nested changes
    ///
    /// This checkpoint only covers user-call execution. Inline key authorization attached to the
    /// transaction is applied earlier during validation/pre-execution and intentionally remains
    /// persisted if scope prevalidation fails here or if a later user call reverts the batch.
    fn execute_multi_call_with<F>(
        &mut self,
        evm: &mut TempoEvm<DB, I>,
        mut remaining_gas: u64,
        mut reservoir: u64,
        calls: Vec<tempo_primitives::transaction::Call>,
        mut execute_single: F,
    ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>>
    where
        F: FnMut(
            &mut Self,
            &mut TempoEvm<DB, I>,
            u64,
            u64,
        ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>>,
    {
        // Create checkpoint for atomic execution - captures state before any calls
        let checkpoint = evm.ctx().journal_mut().checkpoint();
        let mut accumulated_gas_refund = 0i64;
        let mut accumulated_state_gas_spent = 0i64;

        // Store original TxEnv values to restore after batch execution
        let original_kind = evm.ctx().tx().kind();
        let original_value = evm.ctx().tx().value();
        let original_data = evm.ctx().tx().input().clone();
        let original_gas_limit = evm.ctx().tx().gas_limit();

        let mut final_result = None;

        if let Some(mut frame_result) =
            self.prevalidate_keychain_call_scopes(evm, &calls, &mut remaining_gas, reservoir)?
        {
            // This path only runs for keychain batches that already passed the structural CREATE
            // rejection in validation, so there is no first-call CREATE nonce to preserve here.
            normalize_failed_batch_result_gas(
                &mut frame_result,
                evm.ctx().tx().gas_limit(),
                accumulated_state_gas_spent,
            );
            return Ok(frame_result);
        }

        for call in calls.iter() {
            // Update TxEnv to point to this specific call
            {
                let tx = &mut evm.ctx().tx;
                tx.inner.kind = call.to;
                tx.inner.value = call.value;
                tx.inner.data = call.input.clone();
                tx.inner.gas_limit = remaining_gas;
            }

            // Execute call with NO additional initial gas (already deducted upfront in validation)
            let frame_result = execute_single(self, evm, remaining_gas, reservoir);

            // Restore original TxEnv immediately after execution, even if execution failed
            {
                let tx = &mut evm.ctx().tx;
                tx.inner.kind = original_kind;
                tx.inner.value = original_value;
                tx.inner.data = original_data.clone();
                tx.inner.gas_limit = original_gas_limit;
            }

            let mut frame_result = frame_result?;

            // Check if call succeeded
            if !frame_result.instruction_result().is_ok() {
                // Revert checkpoint - rolls back ALL state changes from all executed calls.
                evm.ctx().journal_mut().checkpoint_revert(checkpoint);

                // For AA transactions with CREATE as the first call, the nonce was bumped by
                // make_create_frame during execution. Since checkpoint_revert rolled that back,
                // we need to manually bump the nonce here to ensure it persists even on failure.
                //
                // However, this only applies when using the protocol nonce (nonce_key == 0).
                // When using 2D nonces (nonce_key != 0), replay protection is handled by the
                // NonceManager, and the protocol nonce is only used for CREATE address derivation.
                // Since the CREATE reverted, no contract was deployed, so the address wasn't
                // "claimed" and we don't need to burn the protocol nonce.
                let uses_protocol_nonce = evm
                    .ctx()
                    .tx()
                    .tempo_tx_env
                    .as_ref()
                    .map(|aa| aa.nonce_key.is_zero())
                    .unwrap_or(true);

                if uses_protocol_nonce && calls.first().map(|c| c.to.is_create()).unwrap_or(false) {
                    let caller = evm.ctx().tx().caller();
                    if let Ok(mut caller_acc) =
                        evm.ctx().journal_mut().load_account_with_code_mut(caller)
                    {
                        caller_acc.data.bump_nonce();
                    }
                }

                normalize_failed_batch_result_gas(
                    &mut frame_result,
                    evm.ctx().tx().gas_limit(),
                    accumulated_state_gas_spent,
                );

                return Ok(frame_result);
            }

            // Call succeeded - accumulate gas usage, refunds, and state gas
            accumulated_gas_refund =
                accumulated_gas_refund.saturating_add(frame_result.gas().refunded());
            accumulated_state_gas_spent =
                accumulated_state_gas_spent.saturating_add(frame_result.gas().state_gas_spent());

            // Update gas limit and reservoir to remaining values
            remaining_gas = frame_result.gas().remaining();
            reservoir = frame_result.gas().reservoir();

            final_result = Some(frame_result);
        }

        // All calls succeeded - commit checkpoint to finalize ALL state changes
        evm.ctx().journal_mut().checkpoint_commit();

        // Fix gas accounting for the entire batch
        let mut result =
            final_result.ok_or_else(|| EVMError::Custom("No calls executed".into()))?;

        // Create new Gas with correct limit, because Gas does not have a set_limit method
        // (the frame_result has the limit from just the last call)
        let mut corrected_gas = Gas::new(evm.ctx().tx().gas_limit());
        corrected_gas.set_remaining(result.gas().remaining());
        corrected_gas.set_refund(accumulated_gas_refund);
        corrected_gas.set_state_gas_spent(accumulated_state_gas_spent);
        corrected_gas.set_reservoir(reservoir);

        *result.gas_mut() = corrected_gas;

        Ok(result)
    }

    /// Executes a multi-call AA transaction atomically.
    fn execute_multi_call(
        &mut self,
        evm: &mut TempoEvm<DB, I>,
        gas_limit: u64,
        reservoir: u64,
        calls: Vec<tempo_primitives::transaction::Call>,
    ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>> {
        self.execute_multi_call_with(evm, gas_limit, reservoir, calls, Self::execute_single_call)
    }

    /// Executes a standard single-call transaction with inspector support.
    ///
    /// This is the inspector-aware version of execute_single_call that uses
    /// inspect_run_exec_loop instead of run_exec_loop.
    fn inspect_execute_single_call(
        &mut self,
        evm: &mut TempoEvm<DB, I>,
        gas_limit: u64,
        reservoir: u64,
    ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>>
    where
        I: Inspector<TempoContext<DB>, EthInterpreter>,
    {
        self.execute_single_call_with(evm, gas_limit, reservoir, Self::inspect_run_exec_loop)
    }

    /// Executes a multi-call AA transaction atomically with inspector support.
    ///
    /// This is the inspector-aware version of execute_multi_call that uses
    /// inspect_execute_single_call instead of execute_single_call.
    fn inspect_execute_multi_call(
        &mut self,
        evm: &mut TempoEvm<DB, I>,
        gas_limit: u64,
        reservoir: u64,
        calls: Vec<tempo_primitives::transaction::Call>,
    ) -> Result<FrameResult, EVMError<DB::Error, TempoInvalidTransaction>>
    where
        I: Inspector<TempoContext<DB>, EthInterpreter>,
    {
        self.execute_multi_call_with(
            evm,
            gas_limit,
            reservoir,
            calls,
            Self::inspect_execute_single_call,
        )
    }
}

impl<DB, I> Default for TempoEvmHandler<DB, I> {
    fn default() -> Self {
        Self::new()
    }
}

impl<DB, I> Handler for TempoEvmHandler<DB, I>
where
    DB: alloy_evm::Database,
{
    type Evm = TempoEvm<DB, I>;
    type Error = EVMError<DB::Error, TempoInvalidTransaction>;
    type HaltReason = TempoHaltReason;

    /// Overridden execution method that handles AA vs standard transactions.
    ///
    /// Dispatches based on transaction type:
    /// - AA transactions (type 0x5): Use batch execution path with calls field
    /// - All other transactions: Use standard single-call execution
    #[inline]
    fn execution(
        &mut self,
        evm: &mut Self::Evm,
        init_and_floor_gas: &InitialAndFloorGas,
    ) -> Result<FrameResult, Self::Error> {
        let spec = evm.ctx_ref().cfg().spec();
        let tx = evm.tx();

        if let Some(oog) = check_gas_limit(*spec, tx, init_and_floor_gas) {
            return Ok(oog);
        }

        let (gas_limit, reservoir) = evm.initial_gas_and_reservoir(init_and_floor_gas);

        if let Some(tempo_tx_env) = evm.ctx().tx().tempo_tx_env.as_ref() {
            let calls = tempo_tx_env.aa_calls.clone();
            self.execute_multi_call(evm, gas_limit, reservoir, calls)
        } else {
            self.execute_single_call(evm, gas_limit, reservoir)
        }
    }

    /// Applies Tempo-specific post-execution accounting before the standard gas refund flow.
    #[inline]
    fn post_execution(
        &self,
        evm: &mut Self::Evm,
        exec_result: &mut FrameResult,
        init_and_floor_gas: InitialAndFloorGas,
        eip7702_gas_refund: i64,
    ) -> Result<ResultGas, Self::Error> {
        if exec_result.instruction_result().is_ok() {
            gas_credits::apply_refund(evm, exec_result.gas_mut())?;
        }
        self.refund(evm, exec_result, eip7702_gas_refund);

        let result_gas = post_execution::build_result_gas(
            exec_result.instruction_result().is_halt(),
            exec_result.gas(),
            init_and_floor_gas,
        );

        self.eip7623_check_gas_floor(evm, exec_result, init_and_floor_gas);
        self.reimburse_caller(evm, exec_result)?;
        self.reward_beneficiary(evm, exec_result)?;

        Ok(result_gas)
    }

    /// Applies gas refunds, dropping the EIP-3529 one-fifth refund cap on T7+.
    ///
    /// TIP-1060 removes the standard EVM refund cap: the `Refund`-mode
    /// storage-credit settlement refund and the preserved baseline SSTORE
    /// refunds are credited to the transaction's gas refund counter in full,
    /// regardless of the transaction's gas used. Pre-T7 keeps the standard
    /// capped behavior (`Gas::set_final_refund`).
    #[inline]
    fn refund(&self, evm: &mut Self::Evm, exec_result: &mut FrameResult, eip7702_refund: i64) {
        let spec = evm.ctx.cfg.spec;
        let gas = exec_result.gas_mut();
        if spec.is_t7() {
            // No cap: leave the accumulated refund counter untouched after
            // recording the EIP-7702 auth refund.
            gas.record_refund(eip7702_refund);
        } else {
            post_execution::refund(spec.into(), gas, eip7702_refund);
        }
    }

    /// Take logs from the Journal if outcome is Halt Or Revert.
    #[inline]
    fn execution_result(
        &mut self,
        evm: &mut Self::Evm,
        result: <<Self::Evm as EvmTr>::Frame as FrameTr>::FrameResult,
        result_gas: ResultGas,
    ) -> Result<ExecutionResult<Self::HaltReason>, Self::Error> {
        evm.clear();

        MainnetHandler::default()
            .execution_result(evm, result, result_gas)
            .map(|result| result.map_haltreason(Into::into))
    }

    /// Override apply_eip7702_auth_list to support AA transactions with authorization lists.
    ///
    /// The default implementation only processes authorization lists for TransactionType::Eip7702 (0x04).
    /// This override extends support to AA transactions (type 0x76) by checking for the presence
    /// of an aa_authorization_list in the tempo_tx_env.
    #[inline]
    fn apply_eip7702_auth_list(
        &self,
        evm: &mut Self::Evm,
        _init_and_floor_gas: &mut InitialAndFloorGas,
    ) -> Result<u64, Self::Error> {
        let ctx = &mut evm.ctx;
        let spec = ctx.cfg.spec;

        // Check if this is an AA transaction with an authorization list
        let has_aa_auth_list = ctx
            .tx
            .tempo_tx_env
            .as_ref()
            .map(|aa_env| !aa_env.tempo_authorization_list.is_empty())
            .unwrap_or(false);

        let refunded_accounts = if has_aa_auth_list {
            let tempo_tx_env = ctx.tx.tempo_tx_env.as_ref().unwrap();

            apply_auth_list::<_, Self::Error>(
                ctx.cfg.chain_id,
                tempo_tx_env
                    .tempo_authorization_list
                    .iter()
                    // T0 hardfork: skip keychain signatures in auth list processing
                    .filter(|auth| !(spec.is_t0() && auth.signature().is_keychain())),
                &mut ctx.journaled_state,
            )?
            .0
        } else {
            apply_auth_list::<_, Self::Error>(
                ctx.cfg.chain_id,
                ctx.tx.authorization_list(),
                &mut ctx.journaled_state,
            )?
            .0
        };

        let refunded_gas = ctx
            .cfg
            .gas_params
            .tx_eip7702_auth_refund_regular()
            .saturating_mul(refunded_accounts);

        Ok(refunded_gas)
    }

    #[inline]
    fn validate_against_state_and_deduct_caller(
        &self,
        evm: &mut Self::Evm,
        init_gas: &mut InitialAndFloorGas,
    ) -> Result<(), Self::Error> {
        self.seed_precompile_tx_context(evm)?;

        let actions = evm.actions.clone();
        let block = &evm.inner.ctx.block;
        let tx = &evm.inner.ctx.tx;
        let cfg = &evm.inner.ctx.cfg;
        let journal = &mut evm.inner.ctx.journaled_state;

        let fee_payer = tx.fee_payer().expect("pre-validated in `validate_env`");
        let fee_token = journal
            .get_fee_token(tx, fee_payer, cfg.spec, actions.clone())
            .map_err(|err| EVMError::Custom(err.to_string()))?;

        evm.fee_token = Some(fee_token);

        // Always validate TIP20 prefix to prevent panics in get_token_balance.
        // This is a protocol-level check since validators could bypass initial validation.
        if !fee_token.is_tip20() {
            return Err(TempoInvalidTransaction::FeeTokenNotTip20 { address: fee_token }.into());
        }

        // Skip USD currency check for cases when the transaction is free and is not a part of a subblock.
        // Since we already validated the TIP20 prefix above, we only need to check the USD currency.
        if !tx.max_balance_spending()?.is_zero() || tx.is_subblock_transaction() {
            journal.ensure_tip20_usd(cfg.spec, fee_token, actions.clone())?;
        }

        // Load the fee payer balance
        let account_balance = get_token_balance(journal, fee_token, fee_payer)?;

        // Load caller's account
        let mut caller_account = journal.load_account_with_code_mut(tx.caller())?.data;

        let nonce_key = tx
            .tempo_tx_env
            .as_ref()
            .map(|aa| aa.nonce_key)
            .unwrap_or_default();

        let spec = cfg.spec();

        // Only treat as expiring nonce if T1 is active, otherwise treat as regular 2D nonce
        let is_expiring_nonce = nonce_key == TEMPO_EXPIRING_NONCE_KEY && spec.is_t1();

        // Validate account nonce and code (EIP-3607) using upstream helper
        pre_execution::validate_account_nonce_and_code(
            &caller_account.account().info,
            tx.nonce(),
            cfg.is_eip3607_disabled(),
            // skip nonce check if 2D nonce or expiring nonce is used
            cfg.is_nonce_check_disabled() || !nonce_key.is_zero(),
        )?;

        // modify account nonce and touch the account.
        caller_account.touch();

        // add additional gas for CREATE tx with 2d nonce and account nonce is 0.
        // This case would create a new account for caller.
        // We only check first call of the transaction because CREATE is only allowed
        // to appear as the first call in the batch (validated in `validate_calls`)
        if !nonce_key.is_zero()
            && tx.first_call().is_some_and(|(kind, _)| kind.is_create())
            && caller_account.nonce() == 0
        {
            init_gas.initial_regular_gas += cfg.gas_params.get(GasId::new_account_cost());
            init_gas.initial_state_gas += cfg.gas_params.new_account_state_gas();

            // do the gas limit check again (include state gas for T4+).
            if tx.gas_limit() < init_gas.initial_total_gas() {
                return Err(InvalidTransaction::CallGasCostMoreThanGasLimit {
                    gas_limit: tx.gas_limit(),
                    initial_gas: init_gas.initial_total_gas(),
                }
                .into());
            }

            // Validate that regular gas does not exceed the cap.
            if cfg.is_amsterdam_eip8037_enabled()
                && init_gas.initial_regular_gas().max(init_gas.floor_gas) > cfg.tx_gas_limit_cap()
            {
                return Err(InvalidTransaction::GasFloorMoreThanGasLimit {
                    gas_floor: init_gas.initial_regular_gas(),
                    gas_limit: cfg.tx_gas_limit_cap(),
                }
                .into());
            }
        }

        if is_expiring_nonce {
            // Expiring nonce transaction replay protection:
            // - Pre-T1B: use tx_hash for backwards-compatible behavior.
            // - T1B+: use the sender-scoped tx identifier (keccak256(encode_for_signing || sender))
            //   to prevent replay via different fee payer signatures.
            let tempo_tx_env = tx
                .tempo_tx_env
                .as_ref()
                .ok_or(TempoInvalidTransaction::ExpiringNonceMissingTxEnv)?;

            // Expiring nonce txs must have nonce == 0
            if tx.nonce() != 0 {
                return Err(TempoInvalidTransaction::ExpiringNonceNonceNotZero.into());
            }

            let replay_hash = if spec.is_t1b() {
                tx.unique_tx_identifier()
                    .ok_or(TempoInvalidTransaction::ExpiringNonceMissingTxEnv)?
            } else {
                tempo_tx_env.tx_hash
            };
            let valid_before = tempo_tx_env
                .valid_before
                .ok_or(TempoInvalidTransaction::ExpiringNonceMissingValidBefore)?;

            let block_timestamp = block.timestamp().saturating_to::<u64>();
            StorageCtx::enter_evm_without_tip1060_accounting(
                journal,
                block,
                cfg,
                tx,
                actions.clone(),
                || {
                    let mut nonce_manager = NonceManager::new();

                    let prev_ptr = if let Some(expiring_nonce_idx) = tempo_tx_env.expiring_nonce_idx
                    {
                        let ptr = nonce_manager
                            .expiring_nonce_ring_ptr
                            .read()
                            .map_err(|err| EVMError::Custom(err.to_string()))?;

                        let next = (ptr + expiring_nonce_idx as u32) % EXPIRING_NONCE_SET_CAPACITY;

                        nonce_manager
                            .expiring_nonce_ring_ptr
                            .write(next)
                            .map_err(|err| EVMError::Custom(err.to_string()))?;

                        Some(ptr)
                    } else {
                        None
                    };

                    nonce_manager
                    .check_and_mark_expiring_nonce(replay_hash, valid_before)
                    .map_err(|err| match err {
                        TempoPrecompileError::Fatal(err) => EVMError::Custom(err),
                        TempoPrecompileError::NonceError(
                            tempo_contracts::precompiles::NonceError::InvalidExpiringNonceExpiry(_),
                        ) => {
                            let max_allowed =
                                block_timestamp.saturating_add(EXPIRING_NONCE_MAX_EXPIRY_SECS);
                            if valid_before <= block_timestamp {
                                TempoInvalidTransaction::NonceManagerError(format!(
                                    "expiring nonce transaction expired: valid_before ({valid_before}) <= block timestamp ({block_timestamp})"
                                ))
                                .into()
                            } else {
                                TempoInvalidTransaction::NonceManagerError(format!(
                                    "expiring nonce valid_before ({valid_before}) too far in the future: must be within {EXPIRING_NONCE_MAX_EXPIRY_SECS}s of block timestamp ({block_timestamp}), max allowed is {max_allowed}"
                                ))
                                .into()
                            }
                        }
                        err => TempoInvalidTransaction::NonceManagerError(err.to_string()).into(),
                    })?;

                    if let Some(prev_ptr) = prev_ptr {
                        nonce_manager
                            .expiring_nonce_ring_ptr
                            .write(prev_ptr)
                            .map_err(|err| EVMError::Custom(err.to_string()))?;
                    }

                    Ok::<_, EVMError<DB::Error, TempoInvalidTransaction>>(())
                },
            )?;
        } else if !nonce_key.is_zero() {
            // 2D nonce transaction
            StorageCtx::enter_evm_without_tip1060_accounting(
                journal,
                block,
                cfg,
                tx,
                actions.clone(),
                || {
                    let mut nonce_manager = NonceManager::new();

                    if !cfg.is_nonce_check_disabled() {
                        let tx_nonce = tx.nonce();
                        let state = nonce_manager
                            .get_nonce(getNonceCall {
                                account: tx.caller(),
                                nonceKey: nonce_key,
                            })
                            .map_err(|err| match err {
                                TempoPrecompileError::Fatal(err) => EVMError::Custom(err),
                                err => TempoInvalidTransaction::NonceManagerError(err.to_string())
                                    .into(),
                            })?;

                        match tx_nonce.cmp(&state) {
                            Ordering::Greater => {
                                return Err(InvalidTransaction::NonceTooHigh {
                                    tx: tx_nonce,
                                    state,
                                }
                                .into());
                            }
                            Ordering::Less => {
                                return Err(InvalidTransaction::NonceTooLow {
                                    tx: tx_nonce,
                                    state,
                                }
                                .into());
                            }
                            _ => {}
                        }
                    }

                    // Always increment nonce for AA transactions with non-zero nonce keys.
                    nonce_manager
                        .increment_nonce(tx.caller(), nonce_key)
                        .map_err(|err| match err {
                            TempoPrecompileError::Fatal(err) => EVMError::Custom(err),
                            err => {
                                TempoInvalidTransaction::NonceManagerError(err.to_string()).into()
                            }
                        })?;

                    Ok::<_, EVMError<DB::Error, TempoInvalidTransaction>>(())
                },
            )?;
        } else {
            // Protocol nonce (nonce_key == 0)
            // Bump the nonce for calls. Nonce for CREATE will be bumped in `make_create_frame`.
            // This applies uniformly to both standard and AA transactions - we only bump here
            // for CALLs, letting make_create_frame handle the nonce for CREATE operations.
            if tx.kind().is_call() {
                caller_account.bump_nonce();
            }
        }

        // calculate the new balance after the fee is collected.
        let new_balance = calculate_caller_fee(account_balance, tx, block, cfg)?;
        // doing max to avoid underflow as new_balance can be more than account
        // balance if `cfg.is_balance_check_disabled()` is true.
        let gas_balance_spending = core::cmp::max(account_balance, new_balance) - new_balance;

        // Note: Signature verification happens during recover_signer() before entering the pool
        // Note: Transaction parameter validation (priority fee, time window) happens in validate_env()

        // For Keychain signatures, validate the acting access key before fee collection when it
        // already exists. Same-tx auth+use is the exception: that key is registered only after fees
        // are collected, so fee-limit validation uses the inline authorization payload instead.
        let mut loaded_tx_access_key = None;
        let mut same_tx_key_authorization_use = false;
        if let Some(tempo_tx_env) = tx.tempo_tx_env.as_ref()
            && let Some(keychain_sig) = tempo_tx_env.signature.as_keychain()
        {
            // The user_address is the root account this transaction is being executed for.
            // This should match tx.caller (which comes from recover_signer on the outer signature).
            let user_address = &keychain_sig.user_address;

            // Sanity check: user_address should match tx.caller
            if *user_address != tx.caller {
                return Err(TempoInvalidTransaction::KeychainUserAddressMismatch {
                    user_address: *user_address,
                    caller: tx.caller,
                }
                .into());
            }

            // Use override_key_id if provided (for gas estimation), otherwise recover from signature.
            let access_key_addr = if let Some(override_key_id) = tempo_tx_env.override_key_id {
                override_key_id
            } else {
                keychain_sig
                    .key_id(&tempo_tx_env.signature_hash)
                    .map_err(|_| TempoInvalidTransaction::AccessKeyRecoveryFailed)?
            };

            let key_auth = tempo_tx_env.key_authorization.as_ref();
            // Classify whether this keychain-signed tx is using the same access key that the
            // inline authorization registers.
            same_tx_key_authorization_use =
                key_auth.is_some_and(|key_auth| access_key_addr == key_auth.key_id);

            if same_tx_key_authorization_use {
                let key_auth = key_auth.expect("same-tx auth/use requires inline authorization");

                // Same-tx auth+use path: the access key does not exist in storage yet, so the fee
                // check must use the inline limits directly. `collectFeePreTx` cannot enforce this
                // because `transaction_key` is intentionally not set until after authorization.
                if !gas_balance_spending.is_zero()
                    && fee_payer == tx.caller
                    && let Some(limits) = key_auth.limits.as_ref()
                {
                    let remaining = limits
                        .iter()
                        .rev()
                        .find(|limit| limit.token == fee_token)
                        .map(|limit| limit.limit)
                        .unwrap_or_default();

                    if gas_balance_spending > remaining {
                        return Err(
                            FeePaymentError::Other("SpendingLimitExceeded".to_string()).into()
                        );
                    }
                }
            } else {
                // Existing-key path:
                // - ordinary keychain txs must validate the acting access key before fees are paid
                // - T6 delegated key authorizations also validate the acting key here, then reuse
                //   the loaded admin/signature-type facts below when the sidecar signer is the same key
                let loaded_key = StorageCtx::enter_precompile(
                    journal,
                    block,
                    cfg,
                    tx,
                    actions.clone(),
                    |mut keychain: AccountKeychain| {
                        // Extract the signature type from the inner signature to validate it matches
                        // the key_type stored in the keychain. This prevents using a signature of one
                        // type to authenticate as a key registered with a different type.
                        // Only validate signature type on T1+ to maintain backward compatibility
                        // with historical blocks during re-execution.
                        let tx_sig_type = keychain_sig.signature.signature_type().into();
                        let sig_type = (key_auth.is_some() || spec.is_t1()).then_some(tx_sig_type);

                        let key = keychain
                            .validate_keychain_authorization(
                                *user_address,
                                access_key_addr,
                                block.timestamp().to::<u64>(),
                                sig_type,
                            )
                            .map_err(|e| TempoInvalidTransaction::KeychainValidationFailed {
                                reason: format!("{e:?}"),
                            })?;

                        // T6 adds admin delegation: a keychain signer may authorize a different
                        // child key only if the acting transaction key is itself an active admin key.
                        if key_auth.is_some() && !key.is_admin {
                            return Err(
                                TempoInvalidTransaction::AccessKeyCannotAuthorizeOtherKeys.into()
                            );
                        }

                        // Set the transaction key in the keychain precompile.
                        // The TIP20 precompile will read this during fee collection and
                        // execution to enforce spending limits for existing keys.
                        keychain
                            .set_transaction_key(access_key_addr)
                            .map_err(|e| EVMError::Custom(e.to_string()))?;

                        Ok::<_, EVMError<_, TempoInvalidTransaction>>(LoadedTxAccessKey {
                            key_id: access_key_addr,
                            key,
                        })
                    },
                )?;

                evm.key_expiry = Some(loaded_key.key.expiry);
                loaded_tx_access_key = Some(loaded_key);
            }
        }

        // T6 stateless signer/account checks run in `validate_env`. This state-aware phase only
        // proves that a non-root sidecar signer is an active admin key for the caller account.
        if cfg.spec.is_t6()
            && let Some(tempo_tx_env) = tx.tempo_tx_env.as_ref()
            && let Some(key_auth) = tempo_tx_env.key_authorization.as_ref()
        {
            let auth_signer = key_auth
                .recover_signer()
                .map_err(|_| TempoInvalidTransaction::KeyAuthorizationSignatureRecoveryFailed)?;

            if auth_signer != tx.caller {
                let key_auth_sig_type: u8 = key_auth.signature.signature_type().into();
                let signer_is_admin = match loaded_tx_access_key {
                    Some(loaded_key)
                        if loaded_key.key_id == auth_signer
                            && (loaded_key.key.signature_type as u8) == key_auth_sig_type =>
                    {
                        loaded_key.key.is_admin
                    }
                    Some(_) | None => {
                        return Err(TempoInvalidTransaction::KeychainValidationFailed {
                            reason:
                                "admin-signed key authorization must be signed by transaction key"
                                    .to_string(),
                        }
                        .into());
                    }
                };

                if !signer_is_admin {
                    return Err(TempoInvalidTransaction::KeyAuthorizationNotSignedByRoot {
                        expected: tx.caller,
                        actual: auth_signer,
                    }
                    .into());
                }
            }
        }

        // Collect fees for the transaction.
        if !gas_balance_spending.is_zero() {
            let checkpoint = journal.checkpoint();

            let skip_liquidity_check = evm.skip_liquidity_check;
            let result = StorageCtx::enter_evm_without_tip1060_accounting(
                journal,
                &block,
                cfg,
                tx,
                actions.clone(),
                || {
                    TipFeeManager::new().collect_fee_pre_tx(
                        fee_payer,
                        fee_token,
                        gas_balance_spending,
                        block.beneficiary(),
                        skip_liquidity_check,
                    )
                },
            );

            if let Err(err) = result {
                // Revert the journal to checkpoint before `collectFeePreTx` call if something went wrong.
                journal.checkpoint_revert(checkpoint);

                // Map fee collection errors to transaction validation errors since they
                // indicate the transaction cannot be included (e.g., insufficient liquidity
                // in FeeAMM pool for fee swaps)
                return Err(match err {
                    TempoPrecompileError::TIPFeeAMMError(
                        TIPFeeAMMError::InsufficientLiquidity(_),
                    ) => FeePaymentError::InsufficientAmmLiquidity {
                        fee: gas_balance_spending,
                    }
                    .into(),

                    TempoPrecompileError::TIP20(TIP20Error::InsufficientBalance(
                        InsufficientBalance { available, .. },
                    )) => FeePaymentError::InsufficientFeeTokenBalance {
                        fee: gas_balance_spending,
                        balance: available,
                    }
                    .into(),

                    TempoPrecompileError::TIP20(TIP20Error::ContractPaused(_)) => {
                        TempoInvalidTransaction::FeeTokenPaused { address: fee_token }.into()
                    }

                    TempoPrecompileError::Fatal(e) => EVMError::Custom(e),

                    _ => FeePaymentError::Other(err.to_string()).into(),
                });
            }

            journal.checkpoint_commit();
            evm.collected_fee = gas_balance_spending;
        }

        // If the transaction includes a KeyAuthorization, validate and authorize the key
        // only after fee collection has succeeded. This pre-execution write is deliberately
        // outside the later user-call batch checkpoint, so same-transaction authorize-and-use
        // keeps the newly registered key even if scoped-call prevalidation or execution fails.
        if let Some(tempo_tx_env) = tx.tempo_tx_env.as_ref()
            && let Some(key_auth) = &tempo_tx_env.key_authorization
        {
            let keychain_checkpoint = if spec.is_t1() {
                Some(journal.checkpoint())
            } else {
                None
            };

            let amsterdam_eip8037_enabled = cfg.enable_amsterdam_eip8037;
            let internals = EvmInternals::new(journal, block, cfg, tx);

            // T1/T1A: Apply gas metering for the keychain precompile call.
            // Pre-T1 and T1B+: Use unlimited gas.
            // T1B+ disables gas metering here because gas is already accounted for
            // in intrinsic gas via `calculate_key_authorization_gas`. Running with
            // unlimited gas also eliminates the OOG path that caused the CREATE
            // nonce replay vulnerability (protocol nonce not bumped on OOG).
            let gas_limit = if spec.is_t1() && !spec.is_t1b() {
                tx.gas_limit() - init_gas.initial_total_gas()
            } else {
                u64::MAX
            };

            // Create gas_params with only sstore increase for key authorization
            let gas_params = if spec.is_t1() {
                static TABLE: OnceLock<GasParams> = OnceLock::new();
                // only enabled SSTORE and warm storage read gas params for T1 fork in keychain.
                TABLE
                    .get_or_init(|| {
                        let mut table = [0u64; 256];
                        table[GasId::sstore_set_without_load_cost().as_usize()] =
                            cfg.gas_params.get(GasId::sstore_set_without_load_cost());
                        table[GasId::warm_storage_read_cost().as_usize()] =
                            cfg.gas_params.get(GasId::warm_storage_read_cost());
                        GasParams::new(Arc::new(table))
                    })
                    .clone()
            } else {
                cfg.gas_params.clone()
            };

            // It's ok to set reservoir to 0 because pre-T1B it doesn't matter and post-T1B we have unlimited gas anyway.
            let mut provider = EvmPrecompileStorageProvider::new(
                internals,
                gas_limit,
                0,
                cfg.spec,
                amsterdam_eip8037_enabled,
                false,
                gas_params,
            )
            .with_actions(actions.clone());
            provider.set_tip1060_storage_credits(false);

            // The core logic of setting up thread-local storage is here.
            let out_of_gas = StorageCtx::enter(&mut provider, || {
                let mut keychain = AccountKeychain::default();
                let access_key_addr = key_auth.key_id;

                // Convert signature type to precompile SignatureType enum
                // Use the key_type field which specifies the type of key being authorized
                let signature_type = match key_auth.key_type {
                    SignatureType::Secp256k1 => PrecompileSignatureType::Secp256k1,
                    SignatureType::P256 => PrecompileSignatureType::P256,
                    SignatureType::WebAuthn => PrecompileSignatureType::WebAuthn,
                };

                // Handle expiry: None means never expires (store as u64::MAX)
                let expiry = key_auth.expiry.map_or(u64::MAX, |expiry| expiry.get());

                // Handle limits: None means unlimited spending (enforce_limits=false)
                // Some([]) means no spending allowed (enforce_limits=true)
                // Some([...]) means specific limits (enforce_limits=true)
                let enforce_limits = key_auth.limits.is_some();
                let precompile_limits: Vec<TokenLimit> = key_auth
                    .limits
                    .as_ref()
                    .map(|limits| {
                        limits
                            .iter()
                            .map(|limit| TokenLimit {
                                token: limit.token,
                                amount: limit.limit,
                                period: limit.period,
                            })
                            .collect()
                    })
                    .unwrap_or_default();

                let allow_any_calls = key_auth.allowed_calls.is_none();
                let precompile_allowed_calls = translate_allowed_calls_for_precompile(key_auth);

                let config = KeyRestrictions {
                    expiry,
                    enforceLimits: enforce_limits,
                    limits: precompile_limits,
                    allowAnyCalls: allow_any_calls,
                    allowedCalls: precompile_allowed_calls,
                };

                // Call precompile to authorize the key (same phase as nonce increment).
                let result = if key_auth.is_admin() {
                    keychain.authorize_admin_key(
                        tx.caller,
                        access_key_addr,
                        signature_type,
                        key_auth.witness(),
                    )
                } else {
                    keychain.authorize_key(
                        tx.caller,
                        access_key_addr,
                        signature_type,
                        config,
                        key_auth.witness(),
                    )
                };

                match result {
                    // all is good, we can do execution.
                    Ok(_) => Ok(false),
                    // on out of gas we are skipping execution but not invalidating the transaction.
                    Err(TempoPrecompileError::OutOfGas) => Ok(true),
                    Err(TempoPrecompileError::Fatal(err)) => Err(EVMError::Custom(err)),
                    Err(err) => Err(TempoInvalidTransaction::KeychainPrecompileError {
                        reason: err.to_string(),
                    }
                    .into()),
                }
            })?;

            let gas_used = provider.gas_used();
            drop(provider);

            // Cache inline key authorization expiry.
            if let Some(expiry) = key_auth.expiry {
                evm.key_expiry = Some(expiry.get());
            }

            // activated only on T1/T1A fork.
            // T1B+: Skip adding precompile gas to initial_gas since it is already
            // accounted for in intrinsic gas. The precompile runs with unlimited gas
            // on T1B+ so out_of_gas is never true.
            if let Some(keychain_checkpoint) = keychain_checkpoint {
                if spec.is_t1b() {
                    journal.checkpoint_commit();
                } else if out_of_gas {
                    init_gas.initial_regular_gas = u64::MAX;
                    journal.checkpoint_revert(keychain_checkpoint);
                } else {
                    init_gas.initial_regular_gas += gas_used;
                    journal.checkpoint_commit();
                };
            }

            // If this is a same tx auth+use, set the transient key_id to the newly authorized
            // key and decrement the fee from its spending limit. Admin delegation must keep the
            // actual signer as the transaction key.
            if same_tx_key_authorization_use {
                StorageCtx::enter_evm_without_tip1060_accounting(
                    journal,
                    block,
                    cfg,
                    tx,
                    actions,
                    || {
                        let mut keychain = AccountKeychain::new();
                        keychain
                            .set_transaction_key(key_auth.key_id)
                            .map_err(|e| EVMError::Custom(e.to_string()))?;

                        if evm.collected_fee.is_zero() {
                            return Ok(());
                        }

                        keychain
                            .authorize_transfer(fee_payer, fee_token, evm.collected_fee)
                            .map_err(|err| match err {
                                TempoPrecompileError::Fatal(err) => EVMError::Custom(err),
                                err => FeePaymentError::Other(err.to_string()).into(),
                            })
                    },
                )?;
            }
        }

        Ok(())
    }

    fn reimburse_caller(
        &self,
        evm: &mut Self::Evm,
        exec_result: &mut FrameResult,
    ) -> Result<(), Self::Error> {
        let actions = evm.actions.clone();
        // Call collectFeePostTx on TipFeeManager precompile
        let context = &mut evm.inner.ctx;
        let tx = context.tx();
        let basefee = u128::from(context.block().basefee());
        let effective_gas_price = tx.effective_gas_price(basefee);
        let gas = exec_result.gas();

        let actual_spending = calc_gas_balance_spending(
            gas.used().saturating_sub(gas.reservoir()),
            effective_gas_price,
        );
        let refund_amount = tx.effective_balance_spending(
            context.block.basefee.into(),
            context.block.blob_gasprice().unwrap_or_default(),
        )? - tx.value
            - actual_spending;

        // Skip `collectFeePostTx` call if the initial fee collected in
        // `collectFeePreTx` was zero, but spending is non-zero.
        //
        // This is normally unreachable unless the gas price was increased mid-transaction,
        // which is only possible when there are some EVM customizations involved (e.g Foundry EVM).
        if context.cfg.disable_fee_charge
            && evm.collected_fee.is_zero()
            && !actual_spending.is_zero()
        {
            return Ok(());
        }

        // Create storage provider and fee manager
        let (journal, block, tx) = (&mut context.journaled_state, &context.block, &context.tx);
        let beneficiary = context.block.beneficiary();

        let credited = StorageCtx::enter_evm_without_tip1060_accounting(
            &mut *journal,
            block,
            &context.cfg,
            tx,
            actions,
            || {
                let mut fee_manager = TipFeeManager::new();

                if !actual_spending.is_zero() || !refund_amount.is_zero() {
                    let fee_payer = tx.fee_payer().expect("pre-validated in `validate_env`");
                    let fee_token = evm
                        .fee_token
                        .expect("set in `validate_against_state_and_deduct_caller`");
                    // Call collectFeePostTx (handles both refund and fee queuing)
                    fee_manager
                        .collect_fee_post_tx(
                            fee_payer,
                            actual_spending,
                            refund_amount,
                            fee_token,
                            beneficiary,
                        )
                        .map_err(|e| EVMError::Custom(format!("{e:?}")))
                } else {
                    Ok(U256::ZERO)
                }
            },
        )?;

        // Stash the per-tx credit so `TempoBlockExecutor` can surface it on `TempoTxResult`
        // for payload scoring. Reset to zero on every tx entry below in `validate_env`.
        evm.validator_fee = credited;
        Ok(())
    }

    #[inline]
    fn reward_beneficiary(
        &self,
        _evm: &mut Self::Evm,
        _exec_result: &mut <<Self::Evm as EvmTr>::Frame as FrameTr>::FrameResult,
    ) -> Result<(), Self::Error> {
        // Fee handling (refunds and swaps) are done in `reimburse_caller()` via `collectFeePostTx`.
        // Validators call distributeFees() to claim their accumulated fees.
        Ok(())
    }

    /// Validates transaction environment with custom handling for AA transactions.
    ///
    /// Performs standard validation plus AA-specific checks:
    /// - Priority fee validation (EIP-1559)
    /// - Time window validation (validAfter/validBefore)
    #[inline]
    fn validate_env(&self, evm: &mut Self::Evm) -> Result<(), Self::Error> {
        // Reset per-tx fee state.
        evm.collected_fee = U256::ZERO;
        evm.validator_fee = U256::ZERO;

        // Validate the fee payer signature
        let fee_payer = evm.ctx.tx.fee_payer()?;

        if evm.ctx.cfg.spec.is_t2()
            && evm.ctx.tx.has_fee_payer_signature()
            && fee_payer == evm.ctx.tx.caller()
        {
            return Err(TempoInvalidTransaction::SelfSponsoredFeePayer.into());
        }

        // All accounts have zero balance so transfer of value is not possible.
        // Check added in https://github.com/tempoxyz/tempo/pull/759
        if !evm.ctx.tx.value().is_zero() {
            return Err(TempoInvalidTransaction::ValueTransferNotAllowed.into());
        }

        // First perform standard validation (header + transaction environment)
        // This validates: prevrandao, excess_blob_gas, chain_id, gas limits, tx type support, etc.
        validation::validate_env::<_, Self::Error>(evm.ctx())?;

        // AA-specific validations
        let cfg = &evm.inner.cfg;
        let tx = &evm.inner.tx;

        if let Some(aa_env) = tx.tempo_tx_env.as_ref() {
            // Validate AA transaction structure (calls list, CREATE rules)
            validate_calls(
                &aa_env.aa_calls,
                !aa_env.tempo_authorization_list.is_empty(),
            )
            .map_err(TempoInvalidTransaction::from)?;

            // Access-key CREATE is a cheap structural rejection that does not depend on any
            // per-call scope walk or state mutation. Rejecting it here keeps validation work
            // constant and avoids entering CREATE execution paths that require special protocol-
            // nonce preservation on failure.
            if cfg.spec().is_t3()
                && aa_env.signature.is_keychain()
                && aa_env
                    .aa_calls
                    .first()
                    .is_some_and(|call| call.to.is_create())
            {
                return Err(TempoInvalidTransaction::CallsValidation(
                    "access-key transactions cannot use CREATE as the first call",
                )
                .into());
            }

            // Validate keychain signature version (outer + authorization list).
            aa_env
                .signature
                .validate_version(cfg.spec().is_t1c())
                .map_err(TempoInvalidTransaction::from)?;
            for auth in &aa_env.tempo_authorization_list {
                auth.signature()
                    .validate_version(cfg.spec().is_t1c())
                    .map_err(TempoInvalidTransaction::from)?;
            }

            let has_keychain_fields =
                aa_env.key_authorization.is_some() || aa_env.signature.is_keychain();

            if aa_env.subblock_transaction && has_keychain_fields {
                return Err(TempoInvalidTransaction::KeychainOpInSubblockTransaction.into());
            }

            if let Some(key_auth) = &aa_env.key_authorization {
                // Check if this TX is using a Keychain signature (access key). Non-admin access
                // keys cannot authorize other keys; T6 admin keys can.
                let mut same_tx_auth_use = false;
                if let Some(keychain_sig) = aa_env.signature.as_keychain() {
                    // Use override_key_id if provided (for gas estimation), otherwise recover from signature
                    let access_key_addr = if let Some(override_key_id) = aa_env.override_key_id {
                        override_key_id
                    } else {
                        // Get the access key address (recovered during Tx->TxEnv conversion and cached)
                        keychain_sig
                            .key_id(&aa_env.signature_hash)
                            .map_err(|_| TempoInvalidTransaction::AccessKeyRecoveryFailed)?
                    };

                    same_tx_auth_use = access_key_addr == key_auth.key_id;
                    if !same_tx_auth_use && !cfg.spec.is_t6() {
                        return Err(
                            TempoInvalidTransaction::AccessKeyCannotAuthorizeOtherKeys.into()
                        );
                    }

                    if same_tx_auth_use
                        && cfg.spec.is_t3()
                        && key_auth.key_type != keychain_sig.signature.signature_type()
                    {
                        return Err(TempoInvalidTransaction::KeychainValidationFailed {
                                reason: "key authorization key_type does not match the keychain signature type"
                                    .to_string(),
                            }
                            .into());
                    }
                }

                if (key_auth.is_admin || key_auth.account.is_some()) && !cfg.spec.is_t6() {
                    return Err(TempoInvalidTransaction::KeychainValidationFailed {
                        reason: "T6 key authorization fields are not active before T6".to_string(),
                    }
                    .into());
                }

                if cfg.spec.is_t6() && key_auth.account.is_some_and(|account| account != tx.caller)
                {
                    // T6 allows existing admin keys to sign `KeyAuthorization`s for an
                    // account. Any named account must match the transaction caller so the
                    // signed payload cannot be replayed against another account where the
                    // same admin key is also authorized.
                    let reason = if key_auth.is_admin() {
                        "admin key authorization account mismatch"
                    } else {
                        "key authorization account mismatch"
                    };

                    return Err(TempoInvalidTransaction::KeychainValidationFailed {
                        reason: reason.to_string(),
                    }
                    .into());
                }

                if key_auth.is_admin()
                    && (key_auth.expiry.is_some()
                        || key_auth.limits.is_some()
                        || key_auth.allowed_calls.is_some())
                {
                    return Err(TempoInvalidTransaction::KeychainValidationFailed {
                        reason:
                            "admin key authorizations cannot carry expiry, limits, or call scopes"
                                .to_string(),
                    }
                    .into());
                }

                if !cfg.spec.is_t6() {
                    let auth_signer = key_auth.recover_signer().map_err(|_| {
                        TempoInvalidTransaction::KeyAuthorizationSignatureRecoveryFailed
                    })?;

                    if auth_signer != tx.caller {
                        return Err(TempoInvalidTransaction::KeyAuthorizationNotSignedByRoot {
                            expected: tx.caller,
                            actual: auth_signer,
                        }
                        .into());
                    }
                }

                // Validate KeyAuthorization chain_id.
                // T1C+: chain_id must exactly match (wildcard 0 is no longer allowed).
                // Pre-T1C: chain_id == 0 allows replay on any chain (wildcard).
                key_auth
                    .validate_chain_id(cfg.chain_id(), cfg.spec.is_t1c())
                    .map_err(TempoInvalidTransaction::from)?;

                if key_auth.has_witness() && !cfg.spec.is_t5() {
                    return Err(TempoInvalidTransaction::KeychainValidationFailed {
                        reason: "key authorization witnesses are not active before T5".to_string(),
                    }
                    .into());
                }

                // T3 gates all TIP-1011 fields. Before activation, transaction semantics must stay
                // unchanged, so periodic limits and call scopes are rejected.
                if !cfg.spec.is_t3() {
                    if key_auth.has_periodic_limits() {
                        return Err(TempoInvalidTransaction::KeychainValidationFailed {
                            reason: "periodic token limits are not active before T3".to_string(),
                        }
                        .into());
                    }

                    if key_auth.has_call_scopes() {
                        return Err(TempoInvalidTransaction::KeychainValidationFailed {
                            reason: "call scopes are not active before T3".to_string(),
                        }
                        .into());
                    }
                }

                if cfg.spec.is_t6() {
                    let auth_signer = key_auth.recover_signer().map_err(|_| {
                        TempoInvalidTransaction::KeyAuthorizationSignatureRecoveryFailed
                    })?;
                    if auth_signer != tx.caller && key_auth.account.is_none() {
                        return Err(TempoInvalidTransaction::KeychainValidationFailed {
                            reason: "admin-signed key authorization account mismatch".to_string(),
                        }
                        .into());
                    }

                    if auth_signer == tx.caller
                        && aa_env.signature.is_keychain()
                        && !same_tx_auth_use
                    {
                        return Err(TempoInvalidTransaction::KeychainValidationFailed {
                            reason:
                                "root-signed key authorization must use root transaction signature"
                                    .to_string(),
                        }
                        .into());
                    }

                    if auth_signer != tx.caller {
                        let Some(keychain_sig) = aa_env.signature.as_keychain() else {
                            return Err(TempoInvalidTransaction::KeychainValidationFailed {
                                reason:
                                    "admin-signed key authorization must be signed by transaction key"
                                        .to_string(),
                            }
                            .into());
                        };

                        let access_key_addr = if let Some(override_key_id) = aa_env.override_key_id
                        {
                            override_key_id
                        } else {
                            keychain_sig
                                .key_id(&aa_env.signature_hash)
                                .map_err(|_| TempoInvalidTransaction::AccessKeyRecoveryFailed)?
                        };

                        if access_key_addr != auth_signer {
                            return Err(TempoInvalidTransaction::KeychainValidationFailed {
                                reason:
                                    "admin-signed key authorization must be signed by transaction key"
                                        .to_string(),
                            }
                            .into());
                        }

                        if key_auth.signature.signature_type()
                            != keychain_sig.signature.signature_type()
                        {
                            return Err(TempoInvalidTransaction::KeychainValidationFailed {
                                reason:
                                    "admin-signed key authorization signature type does not match transaction key signature type"
                                        .to_string(),
                            }
                            .into());
                        }
                    }
                }

                // Cache inline key authorization expiry.
                if let Some(expiry) = key_auth.expiry {
                    evm.key_expiry = Some(expiry.get());
                }
            }

            // Validate priority fee for AA transactions using revm's validate_priority_fee_tx
            let base_fee = if cfg.is_base_fee_check_disabled() {
                None
            } else {
                Some(u128::from(evm.ctx_ref().block().basefee()))
            };

            validation::validate_priority_fee_tx(
                tx.max_fee_per_gas(),
                tx.max_priority_fee_per_gas().unwrap_or_default(),
                base_fee,
                cfg.is_priority_fee_check_disabled(),
            )?;

            // Validate time window for AA transactions
            let block_timestamp = evm.ctx_ref().block().timestamp().saturating_to();
            let valid_after = aa_env.valid_after.filter(|_| !evm.skip_valid_after_check);
            validate_time_window(valid_after, aa_env.valid_before, block_timestamp)?;
        }

        Ok(())
    }

    /// Calculates initial gas costs with custom handling for AA transactions.
    ///
    /// AA transactions have variable intrinsic gas based on signature type:
    /// - secp256k1 (64/65 bytes): Standard 21k base
    /// - P256 (129 bytes): 21k base + 5k for P256 verification
    /// - WebAuthn (>129 bytes): 21k base + 5k + calldata gas for variable data
    #[inline]
    fn validate_initial_tx_gas(
        &self,
        evm: &mut Self::Evm,
    ) -> Result<InitialAndFloorGas, Self::Error> {
        let tx = evm.ctx_ref().tx();
        let spec = evm.ctx_ref().cfg().spec();
        let gas_params = evm.ctx_ref().cfg().gas_params();
        let gas_limit = tx.gas_limit();

        // Route to appropriate gas calculation and validation based on transaction type
        let mut init_gas = if tx.tempo_tx_env.is_some() {
            // AA transaction - use batch gas calculation (includes validation)
            validate_aa_initial_tx_gas(evm)?
        } else {
            let mut acc = 0;
            let mut storage = 0;
            // legacy is only tx type that does not have access list.
            if tx.tx_type() != TransactionType::Legacy {
                (acc, storage) = tx
                    .access_list()
                    .map(|al| {
                        al.fold((0, 0), |(acc, storage), item| {
                            (acc + 1, storage + item.storage_slots().count())
                        })
                    })
                    .unwrap_or_default();
            };
            let mut init_gas = gas_params.initial_tx_gas(
                tx.input(),
                tx.kind().is_create(),
                acc as u64,
                storage as u64,
                tx.authorization_list_len() as u64,
            );
            // TIP-1000: Storage pricing updates for launch
            // EIP-7702 authorisation list entries with `auth_list.nonce == 0` require an additional 250,000 gas.
            // no need for v1 fork check as gas_params would be zero
            for auth in tx.authorization_list() {
                if spec.is_t1() && auth.nonce == 0 {
                    init_gas.initial_regular_gas += gas_params.get(GasId::new_account_cost());
                    init_gas.initial_state_gas += gas_params.new_account_state_gas();
                }
            }

            // TIP-1000: Storage pricing updates for launch
            // Transactions with any `nonce_key` and `nonce == 0` require an additional 250,000 gas.
            if spec.is_t1() && tx.nonce == 0 {
                // Add both execution and state portions to initial_total_gas
                // (revm's invariant: initial_total_gas >= initial_state_gas)
                init_gas.initial_regular_gas += gas_params.get(GasId::new_account_cost());
                init_gas.initial_state_gas += gas_params.new_account_state_gas();
            }

            // Validate gas limit is sufficient for initial gas
            if gas_limit < init_gas.initial_total_gas() {
                return Err(InvalidTransaction::CallGasCostMoreThanGasLimit {
                    gas_limit,
                    initial_gas: init_gas.initial_total_gas(),
                }
                .into());
            }

            init_gas
        };

        if evm.ctx.cfg.is_eip7623_disabled() {
            init_gas.floor_gas = 0u64;
        }

        // Validate floor gas (Prague+)
        if gas_limit < init_gas.floor_gas {
            return Err(InvalidTransaction::GasFloorMoreThanGasLimit {
                gas_limit,
                gas_floor: init_gas.floor_gas,
            }
            .into());
        }

        // Validate that regular gas does not exceed the cap.
        if evm.ctx.cfg.is_amsterdam_eip8037_enabled()
            && init_gas.initial_regular_gas().max(init_gas.floor_gas)
                > evm.ctx.cfg.tx_gas_limit_cap()
        {
            return Err(InvalidTransaction::GasFloorMoreThanGasLimit {
                gas_floor: init_gas.initial_regular_gas(),
                gas_limit: evm.ctx.cfg.tx_gas_limit_cap(),
            }
            .into());
        }

        Ok(init_gas)
    }

    fn catch_error(
        &self,
        evm: &mut Self::Evm,
        error: Self::Error,
    ) -> Result<ExecutionResult<Self::HaltReason>, Self::Error> {
        evm.clear();

        // For subblock transactions that failed `collectFeePreTx` call we catch error and treat such transactions as valid.
        if evm.ctx.tx.is_subblock_transaction()
            && let Some(
                TempoInvalidTransaction::CollectFeePreTx(_)
                | TempoInvalidTransaction::FeeTokenPaused { .. }
                | TempoInvalidTransaction::EthInvalidTransaction(
                    InvalidTransaction::LackOfFundForMaxFee { .. },
                ),
            ) = error.as_invalid_tx_err()
        {
            // Commit the transaction.
            //
            // `collectFeePreTx` call will happen after the nonce bump so this will only commit the nonce increment.
            evm.ctx.journaled_state.commit_tx();

            evm.ctx().local_mut().clear();
            evm.frame_stack().clear();

            // On fee payment failure, treat the transaction as a halt that consumed entire regular gas limit.
            let total_spent = core::cmp::min(evm.ctx.tx.gas_limit, evm.ctx.cfg.tx_gas_limit_cap());

            Ok(ExecutionResult::Halt {
                reason: TempoHaltReason::SubblockTxFeePayment,
                logs: Default::default(),
                gas: ResultGas::new_with_state_gas(total_spent, 0, 0, 0),
            })
        } else {
            MainnetHandler::default()
                .catch_error(evm, error)
                .map(|result| result.map_haltreason(Into::into))
        }
    }
}

impl<DB, I> TempoEvmHandler<DB, I>
where
    DB: alloy_evm::Database,
{
    /// Runs the full transaction validation pipeline without executing the transaction.
    ///
    /// Returns a [`ValidationContext`] with context relevant for the transaction pool.
    pub fn validate_transaction(
        &mut self,
        evm: &mut TempoEvm<DB, I>,
    ) -> Result<ValidationContext, EVMError<DB::Error, TempoInvalidTransaction>> {
        let mut init_and_floor_gas = self.validate(evm)?;
        self.pre_execution(evm, &mut init_and_floor_gas)?;
        let result = ValidationContext {
            fee_token: evm
                .fee_token
                .expect("set in `validate_against_state_and_deduct_caller`"),
            key_expiry: evm.key_expiry,
        };
        evm.clear();
        Ok(result)
    }
}

/// Context returned by [`TempoEvmHandler::validate_transaction`] with resolved
/// fee token and key expiry information for use by the transaction pool.
#[derive(Debug, Clone)]
pub struct ValidationContext {
    /// The resolved fee token address used to pay for this transaction.
    pub fee_token: Address,
    /// The expiry timestamp of the access key used by this transaction.
    /// Populated for keychain-signed transactions or transactions carrying a KeyAuthorization.
    pub key_expiry: Option<u64>,
}

/// Calculates intrinsic gas for an AA transaction batch using revm helpers.
///
/// This includes:
/// - Base 21k stipend (once for the transaction)
/// - Signature verification gas (P256: 5k, WebAuthn: 5k + webauthn_data)
/// - Per-call account access cost (COLD_ACCOUNT_ACCESS_COST * calls.len())
/// - Per-call input data gas (calldata tokens * 4 gas)
/// - Per-call CREATE costs (if applicable):
///   - Additional 32k base (CREATE constant)
///   - Initcode analysis gas (2 per 32-byte chunk, Shanghai+)
/// - Check that value transfer is zero.
/// - Access list costs (shared across batch)
/// - Key authorization costs (if present):
///   - Pre-T1B: 27k base + 3k ecrecover + 22k per spending limit
///   - T1B+: ecrecover + SLOAD + SSTORE × (1 + N limits)
/// - Floor gas calculation (EIP-7623, Prague+)
pub fn calculate_aa_batch_intrinsic_gas<'a>(
    aa_env: &TempoBatchCallEnv,
    gas_params: &GasParams,
    access_list: Option<impl Iterator<Item = &'a AccessListItem>>,
    spec: tempo_chainspec::hardfork::TempoHardfork,
) -> Result<InitialAndFloorGas, TempoInvalidTransaction> {
    let calls = &aa_env.aa_calls;
    let signature = &aa_env.signature;
    let authorization_list = &aa_env.tempo_authorization_list;
    let key_authorization = aa_env.key_authorization.as_ref();
    let mut gas = InitialAndFloorGas::default();

    // 1. Base stipend (21k, once per transaction)
    gas.initial_regular_gas += gas_params.tx_base_stipend();

    // 2. Signature verification gas
    gas.initial_regular_gas += tempo_signature_verification_gas(signature);

    let cold_account_cost =
        gas_params.warm_storage_read_cost() + gas_params.cold_account_additional_cost();

    // 3. Per-call overhead: cold account access
    // if the `to` address has not appeared in the call batch before.
    gas.initial_regular_gas += cold_account_cost * calls.len().saturating_sub(1) as u64;

    // 4. Authorization list costs (EIP-7702)
    let num_auths = authorization_list.len() as u64;
    gas.initial_regular_gas +=
        num_auths * gas_params.get(GasId::tx_eip7702_per_empty_account_cost());
    // TIP-1016: Track state gas portion of per-auth cost (225k on T4, 0 pre-T4).
    gas.initial_state_gas += num_auths * gas_params.tx_eip7702_state_gas();

    // Add signature verification costs for each authorization
    // No need for v1 fork check as gas_params would be zero
    for auth in authorization_list {
        gas.initial_regular_gas += tempo_signature_verification_gas(auth.signature());
        // TIP-1000: Storage pricing updates for launch
        // EIP-7702 authorisation list entries with `auth_list.nonce == 0` require an additional 250,000 gas.
        if spec.is_t1() && auth.nonce == 0 {
            gas.initial_regular_gas += gas_params.get(GasId::new_account_cost());
            gas.initial_state_gas += gas_params.new_account_state_gas();
        }
    }

    // 5. Key authorization costs (if present)
    if let Some(key_auth) = key_authorization {
        let (key_auth_regular_gas, key_auth_state_gas) =
            calculate_key_authorization_gas(key_auth, gas_params, spec);
        gas.initial_regular_gas += key_auth_regular_gas;
        gas.initial_state_gas += key_auth_state_gas;
    }

    // 6. Per-call costs
    let mut total_tokens = 0u64;

    for call in calls {
        // 4a. Calldata gas using revm helper
        let tokens = get_tokens_in_calldata_istanbul(&call.input);
        total_tokens += tokens;

        // 4b. CREATE-specific costs
        if call.to.is_create() {
            // CREATE costs 500,000 gas in TIP-1000 (T1), 32,000 before
            gas.initial_regular_gas += gas_params.create_cost();

            // EIP-3860: Initcode analysis gas using revm helper
            gas.initial_regular_gas += gas_params.tx_initcode_cost(call.input.len());

            // TIP-1016: Track predictable state gas for CREATE calls
            gas.initial_state_gas += gas_params.create_state_gas();
        }

        // Note: Transaction value is not allowed in AA transactions as there is no balances in accounts yet.
        // Check added in https://github.com/tempoxyz/tempo/pull/759
        if !call.value.is_zero() {
            return Err(TempoInvalidTransaction::ValueTransferNotAllowedInAATx);
        }

        // 4c. Value transfer cost using revm constant
        // left here for future reference.
        if !call.value.is_zero() && call.to.is_call() {
            gas.initial_regular_gas += gas_params.get(GasId::transfer_value_cost()); // 9000 gas
        }
    }

    gas.initial_regular_gas += total_tokens * gas_params.tx_token_cost();

    // 5. Access list costs using revm constants
    if let Some(access_list) = access_list {
        let (accounts, storages) = access_list.fold((0, 0), |(acc_count, storage_count), item| {
            (acc_count + 1, storage_count + item.storage_slots().count())
        });
        gas.initial_regular_gas += accounts * gas_params.tx_access_list_address_cost(); // 2400 per account
        gas.initial_regular_gas += storages as u64 * gas_params.tx_access_list_storage_key_cost(); // 1900 per storage
    }

    // 6. Floor gas using revm helper
    gas.floor_gas = gas_params.tx_floor_cost_with_tokens(total_tokens); // tokens * 10 + 21000

    Ok(gas)
}

/// Validates and calculates initial transaction gas for AA transactions.
///
/// Calculates intrinsic gas based on:
/// - Signature type (secp256k1: 21k, P256: 26k, WebAuthn: 26k + calldata)
/// - Batch call costs (per-call overhead, calldata, CREATE, value transfers)
fn validate_aa_initial_tx_gas<DB, I>(
    evm: &TempoEvm<DB, I>,
) -> Result<InitialAndFloorGas, EVMError<DB::Error, TempoInvalidTransaction>>
where
    DB: alloy_evm::Database,
{
    let (_, tx, cfg, _, _, _, _) = evm.ctx_ref().all();
    let gas_limit = tx.gas_limit();
    let gas_params = cfg.gas_params();
    let spec = *cfg.spec();

    // This function should only be called for AA transactions
    let aa_env = tx
        .tempo_tx_env
        .as_ref()
        .expect("validate_aa_initial_tx_gas called for non-AA transaction");

    let calls = &aa_env.aa_calls;

    // Validate all CREATE calls' initcode size upfront (EIP-3860)
    let max_initcode_size = evm.ctx_ref().cfg().max_initcode_size();
    for call in calls {
        if call.to.is_create() && call.input.len() > max_initcode_size {
            return Err(InvalidTransaction::CreateInitCodeSizeLimit.into());
        }
    }

    // Calculate batch intrinsic gas using helper
    let mut batch_gas =
        calculate_aa_batch_intrinsic_gas(aa_env, gas_params, tx.access_list(), spec)?;

    let mut nonce_2d_gas = 0;

    // Calculate 2D nonce gas if nonce_key is non-zero
    // If tx nonce is 0, it's a new key (0 -> 1 transition), otherwise existing key
    if spec.is_t1() {
        if aa_env.nonce_key == TEMPO_EXPIRING_NONCE_KEY {
            // Calculate nonce gas based on nonce type:
            // - Expiring nonce (nonce_key == MAX, T1 active): ring buffer + seen mapping operations
            // - 2D nonce (nonce_key != 0): SLOAD + SSTORE for nonce increment
            // - Regular nonce (nonce_key == 0): no additional gas
            batch_gas.initial_regular_gas += EXPIRING_NONCE_GAS;
        } else if tx.nonce == 0 {
            // TIP-1000: Storage pricing updates for launch
            // Tempo transactions with any `nonce_key` and `nonce == 0` require an additional 250,000 gas
            batch_gas.initial_regular_gas += gas_params.get(GasId::new_account_cost());
            batch_gas.initial_state_gas += gas_params.new_account_state_gas();
        } else if !aa_env.nonce_key.is_zero() {
            // Existing 2D nonce key usage (nonce > 0)
            // TIP-1000 Invariant 3: existing state updates must charge +5,000 gas
            batch_gas.initial_regular_gas += spec.gas_existing_nonce_key();
        }
    } else if let Some(aa_env) = &tx.tempo_tx_env
        && !aa_env.nonce_key.is_zero()
    {
        nonce_2d_gas = if tx.nonce() == 0 {
            spec.gas_new_nonce_key()
        } else {
            spec.gas_existing_nonce_key()
        };
    };

    // For T0+, include 2D nonce gas in validation (charged upfront)
    // For pre-T0 (Genesis), 2D nonce gas is added AFTER validation to allow transactions
    // with gas_limit < intrinsic + nonce_2d_gas to pass validation, but the gas is still
    // charged during execution via init_and_floor_gas (not evm.initial_gas)
    if spec.is_t0() {
        batch_gas.initial_regular_gas += nonce_2d_gas;
    }

    // Validate gas limit is sufficient for initial gas.
    // initial_total_gas already includes initial_state_gas as a subset,
    // so no need to add state gas separately.
    if gas_limit < batch_gas.initial_total_gas() {
        return Err(InvalidTransaction::CallGasCostMoreThanGasLimit {
            gas_limit,
            initial_gas: batch_gas.initial_total_gas(),
        }
        .into());
    }

    // For pre-T0 (Genesis), add 2D nonce gas after validation
    // This gas will be charged via init_and_floor_gas, not evm.initial_gas
    if !spec.is_t0() {
        batch_gas.initial_regular_gas += nonce_2d_gas;
    }

    Ok(batch_gas)
}

/// IMPORTANT: the caller must ensure `token` is a valid TIP20Token address.
pub fn get_token_balance<JOURNAL>(
    journal: &mut JOURNAL,
    token: Address,
    sender: Address,
) -> Result<U256, <JOURNAL::Database as Database>::Error>
where
    JOURNAL: JournalTr,
{
    // Address has already been validated as having TIP20 prefix
    journal.load_account(token)?;
    let balance_slot = TIP20Token::from_address(token)
        .expect("TIP20 prefix already validated")
        .balances[sender]
        .slot();
    let balance = journal.sload(token, balance_slot)?.data;

    Ok(balance)
}

impl<DB, I> InspectorHandler for TempoEvmHandler<DB, I>
where
    DB: alloy_evm::Database,
    I: Inspector<TempoContext<DB>>,
{
    type IT = EthInterpreter;

    /// Overridden execution method with inspector support that handles AA vs standard transactions.
    #[inline]
    fn inspect_execution(
        &mut self,
        evm: &mut Self::Evm,
        init_and_floor_gas: &InitialAndFloorGas,
    ) -> Result<FrameResult, Self::Error> {
        let spec = evm.ctx_ref().cfg().spec();
        let tx = evm.tx();

        if let Some(oog) = check_gas_limit(*spec, tx, init_and_floor_gas) {
            return Ok(oog);
        }

        let (gas_limit, reservoir) = evm.initial_gas_and_reservoir(init_and_floor_gas);

        if let Some(tempo_tx_env) = evm.ctx().tx().tempo_tx_env.as_ref() {
            let calls = tempo_tx_env.aa_calls.clone();
            self.inspect_execute_multi_call(evm, gas_limit, reservoir, calls)
        } else {
            self.inspect_execute_single_call(evm, gas_limit, reservoir)
        }
    }
}

/// Helper function to create a frame result for an out of gas error.
///
/// Use native fn when new revm version is released.
#[inline]
fn oog_frame_result(kind: TxKind, gas_limit: u64) -> FrameResult {
    if kind.is_call() {
        FrameResult::new_call_oog(gas_limit, 0..0, 0)
    } else {
        FrameResult::new_create_oog(gas_limit, 0)
    }
}

/// Checks if gas limit is sufficient and returns OOG frame result if not.
///
/// For T0+, validates gas limit covers intrinsic gas. For pre-T0, skips check
/// to maintain backward compatibility.
#[inline]
fn check_gas_limit(
    spec: tempo_chainspec::hardfork::TempoHardfork,
    tx: &TempoTxEnv,
    adjusted_gas: &InitialAndFloorGas,
) -> Option<FrameResult> {
    if spec.is_t0() && tx.gas_limit() < adjusted_gas.initial_total_gas() {
        let kind = *tx
            .first_call()
            .expect("we already checked that there is at least one call in aa tx")
            .0;
        return Some(oog_frame_result(kind, tx.gas_limit()));
    }
    None
}

/// Validates time window for AA transactions
///
/// AA transactions can have optional validBefore and validAfter fields:
/// - validAfter: Transaction can only be included after this timestamp
/// - validBefore: Transaction can only be included before this timestamp
///
/// This ensures transactions are only valid within a specific time window.
pub fn validate_time_window(
    valid_after: Option<u64>,
    valid_before: Option<u64>,
    block_timestamp: u64,
) -> Result<(), TempoInvalidTransaction> {
    // Validate validAfter constraint
    if let Some(after) = valid_after
        && block_timestamp < after
    {
        return Err(TempoInvalidTransaction::ValidAfter {
            current: block_timestamp,
            valid_after: after,
        });
    }

    // Validate validBefore constraint
    // IMPORTANT: must be aligned with `RecoveredSubBlock::has_expired_transactions`.
    if let Some(before) = valid_before
        && block_timestamp >= before
    {
        return Err(TempoInvalidTransaction::ValidBefore {
            current: block_timestamp,
            valid_before: before,
        });
    }

    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::{
        TempoBlockEnv, TempoTxEnv, evm::TempoEvm, gas_params::tempo_gas_params,
        tx::TempoBatchCallEnv,
    };
    use alloy_primitives::{Address, B256, Bytes, TxKind, U256};
    use proptest::prelude::*;
    use revm::{
        Context, Journal, MainContext,
        context::CfgEnv,
        database::{CacheDB, EmptyDB},
        handler::Handler,
        interpreter::{
            InstructionResult, InterpreterResult, gas::COLD_ACCOUNT_ACCESS_COST,
            instructions::utility::IntoU256,
        },
        primitives::hardfork::SpecId,
    };
    use tempo_chainspec::hardfork::TempoHardfork;
    use tempo_contracts::precompiles::DEFAULT_FEE_TOKEN;
    use tempo_precompiles::{
        PATH_USD_ADDRESS, TIP_FEE_MANAGER_ADDRESS, storage::ContractStorage, test_util::TIP20Setup,
    };
    use tempo_primitives::transaction::{
        Call, RecoveredTempoAuthorization, TempoSignature, TempoSignedAuthorization,
        tt_signature::{P256SignatureWithPreHash, WebAuthnSignature},
    };

    fn create_test_journal() -> Journal<CacheDB<EmptyDB>> {
        let db = CacheDB::new(EmptyDB::default());
        Journal::new(db)
    }

    type TestHandlerEvmResult<T> =
        Result<T, EVMError<<CacheDB<EmptyDB> as revm::Database>::Error, TempoInvalidTransaction>>;

    struct TestHandlerEvm {
        evm: TempoEvm<CacheDB<EmptyDB>, ()>,
        handler: TempoEvmHandler<CacheDB<EmptyDB>, ()>,
    }

    impl TestHandlerEvm {
        fn tx(spec: TempoHardfork, configure_tx_env: impl FnOnce(&mut TempoTxEnv)) -> Self {
            let mut tx_env = TempoTxEnv::default();
            configure_tx_env(&mut tx_env);
            Self::new(spec, tx_env)
        }

        fn aa(
            spec: TempoHardfork,
            aa_env: TempoBatchCallEnv,
            configure_tx_env: impl FnOnce(&mut TempoTxEnv),
        ) -> Self {
            let mut tx_env = TempoTxEnv {
                tempo_tx_env: Some(Box::new(aa_env)),
                ..Default::default()
            };
            configure_tx_env(&mut tx_env);
            Self::new(spec, tx_env)
        }

        fn new(spec: TempoHardfork, tx_env: TempoTxEnv) -> Self {
            Self::with_cfg(spec, tx_env, |_| {})
        }

        fn with_cfg(
            spec: TempoHardfork,
            tx_env: TempoTxEnv,
            configure: impl FnOnce(&mut CfgEnv<TempoHardfork>),
        ) -> Self {
            let mut cfg = CfgEnv::<TempoHardfork>::default();
            cfg.spec = spec;
            cfg.gas_params = tempo_gas_params(spec);
            configure(&mut cfg);

            let ctx = Context::mainnet()
                .with_db(CacheDB::new(EmptyDB::default()))
                .with_block(TempoBlockEnv::default())
                .with_cfg(cfg)
                .with_tx(tx_env)
                .with_new_journal(create_test_journal());

            Self {
                evm: TempoEvm::new(ctx, ()),
                handler: TempoEvmHandler::new(),
            }
        }

        fn cfg(&mut self) -> &CfgEnv<TempoHardfork> {
            &self.evm.ctx().cfg
        }

        fn gas_params(&mut self) -> &GasParams {
            &self.cfg().gas_params
        }

        fn validate_env(&mut self) -> TestHandlerEvmResult<()> {
            self.handler.validate_env(&mut self.evm)
        }

        fn validate_initial_tx_gas(&mut self) -> InitialAndFloorGas {
            self.handler
                .validate_initial_tx_gas(&mut self.evm)
                .expect("initial gas validation should succeed")
        }

        fn validate_against_state_and_deduct_caller(&mut self) -> TestHandlerEvmResult<()> {
            self.handler
                .validate_against_state_and_deduct_caller(&mut self.evm, &mut Default::default())
        }

        fn execute(&mut self, init_gas: &InitialAndFloorGas) -> FrameResult {
            self.handler
                .execution(&mut self.evm, init_gas)
                .expect("execution should return a frame result")
        }
    }

    #[test]
    fn test_invalid_fee_token_rejected() {
        // Test that an invalid fee token (non-TIP20 address) is rejected with a typed error
        // rather than panicking. This validates the check in validate_against_state_and_deduct_caller that
        // guards against invalid tokens reaching get_token_balance.
        let invalid_token = Address::random(); // Random address won't have TIP20 prefix
        assert!(
            !invalid_token.is_tip20(),
            "Test requires a non-TIP20 address"
        );

        let mut test = TestHandlerEvm::tx(TempoHardfork::default(), |tx_env| {
            tx_env.fee_token = Some(invalid_token);
        });

        let result = test.validate_against_state_and_deduct_caller();

        assert!(
            matches!(
                result,
                Err(EVMError::Transaction(TempoInvalidTransaction::FeeTokenNotTip20 { address })) if address == invalid_token
            ),
            "Should reject non-TIP20 fee token with FeeTokenNotTip20 error"
        );
    }

    #[test]
    fn test_non_usd_fee_token_rejected() {
        let admin = Address::random();
        let mut test = TestHandlerEvm::tx(TempoHardfork::default(), |tx_env| {
            tx_env.inner.gas_limit = 100_000;
            tx_env.inner.gas_price = 1_000_000_000;
            tx_env.inner.gas_priority_fee = Some(1_000_000_000);
        });

        let fee_token =
            StorageCtx::enter_ctx(&mut test.evm.inner.ctx, StorageActions::disabled(), || {
                TIP20Setup::create("Euro", "EUR", admin)
                    .currency("EUR")
                    .apply()
                    .map(|token| token.address())
            })
            .expect("EUR token setup succeeds");

        test.evm.inner.ctx.tx.fee_token = Some(fee_token);

        let result = test.validate_against_state_and_deduct_caller();

        assert!(
            matches!(
                result,
                Err(EVMError::Transaction(TempoInvalidTransaction::FeeTokenNotUsdCurrency {
                    address,
                    currency,
                })) if address == fee_token && currency == "EUR"
            ),
            "Should reject non-USD fee token with FeeTokenNotUsdCurrency error"
        );
    }

    #[test]
    fn test_paused_fee_token_rejected() {
        let admin = Address::random();
        let fee_payer = Address::random();
        let fee = U256::from(100_000_000_000_000_u64);
        let mut test = TestHandlerEvm::tx(TempoHardfork::default(), |tx_env| {
            tx_env.inner.caller = fee_payer;
            tx_env.inner.gas_limit = 100_000;
            tx_env.inner.gas_price = 1_000_000_000;
            tx_env.inner.gas_priority_fee = Some(1_000_000_000);
        });

        let fee_token =
            StorageCtx::enter_ctx(&mut test.evm.inner.ctx, StorageActions::disabled(), || {
                let mut token = TIP20Setup::create("Paused USD", "PUSD", admin)
                    .with_issuer(admin)
                    .with_role(admin, *tempo_precompiles::tip20::PAUSE_ROLE)
                    .with_mint(fee_payer, fee)
                    .apply()?;
                token.pause(admin, tempo_precompiles::tip20::ITIP20::pauseCall {})?;
                Ok::<_, TempoPrecompileError>(token.address())
            })
            .expect("paused USD token setup succeeds");

        test.evm.inner.ctx.tx.fee_token = Some(fee_token);

        let result = test.validate_against_state_and_deduct_caller();

        assert!(
            matches!(
                result,
                Err(EVMError::Transaction(TempoInvalidTransaction::FeeTokenPaused { address })) if address == fee_token
            ),
            "Should reject paused fee token with FeeTokenPaused error"
        );
    }

    #[test]
    fn test_self_sponsored_fee_payer_rejected_post_t2() {
        let caller = Address::random();
        let invalid_token = Address::random();

        let mut test = TestHandlerEvm::tx(TempoHardfork::T2, |tx_env| {
            tx_env.inner.caller = caller;
            tx_env.fee_token = Some(invalid_token);
            tx_env.fee_payer = Some(Some(caller));
        });

        let result = test.validate_env();
        assert!(matches!(
            result,
            Err(EVMError::Transaction(
                TempoInvalidTransaction::SelfSponsoredFeePayer
            ))
        ));
    }

    #[test]
    fn test_self_sponsored_fee_payer_not_rejected_pre_t4() {
        let caller = Address::random();
        let invalid_token = Address::random();

        let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::default();
        let mut cfg = CfgEnv::<TempoHardfork>::default();
        cfg.spec = TempoHardfork::T1C;

        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                caller,
                ..Default::default()
            },
            fee_token: Some(invalid_token),
            fee_payer: Some(Some(caller)),
            ..Default::default()
        };

        let mut evm: TempoEvm<CacheDB<EmptyDB>, ()> = TempoEvm::new(
            Context::mainnet()
                .with_db(CacheDB::new(EmptyDB::default()))
                .with_block(TempoBlockEnv::default())
                .with_cfg(cfg)
                .with_tx(tx_env),
            (),
        );

        let result = handler.validate_env(&mut evm);
        assert!(result.is_ok());
    }

    #[test]
    fn test_get_token_balance() -> eyre::Result<()> {
        let mut journal = create_test_journal();
        // Use PATH_USD_ADDRESS which has the TIP20 prefix
        let token = PATH_USD_ADDRESS;
        let account = Address::random();
        let expected_balance = U256::random();

        // Set up initial balance
        let balance_slot = TIP20Token::from_address(token)?.balances[account].slot();
        journal.load_account(token)?;
        journal
            .sstore(token, balance_slot, expected_balance)
            .unwrap();

        let balance = get_token_balance(&mut journal, token, account)?;
        assert_eq!(balance, expected_balance);

        Ok(())
    }

    #[test]
    fn test_get_fee_token() -> eyre::Result<()> {
        let journal = create_test_journal();
        let mut ctx: TempoContext<_> = Context::mainnet()
            .with_db(CacheDB::new(EmptyDB::default()))
            .with_block(TempoBlockEnv::default())
            .with_cfg(Default::default())
            .with_tx(TempoTxEnv::default())
            .with_new_journal(journal);
        let user = Address::random();
        ctx.tx.inner.caller = user;
        let validator = Address::random();
        ctx.block.beneficiary = validator;
        let user_fee_token = Address::random();
        let validator_fee_token = Address::random();
        let tx_fee_token = Address::random();

        // Set validator token
        let validator_slot = TipFeeManager::new().validator_tokens[validator].slot();
        ctx.journaled_state.load_account(TIP_FEE_MANAGER_ADDRESS)?;
        ctx.journaled_state
            .sstore(
                TIP_FEE_MANAGER_ADDRESS,
                validator_slot,
                validator_fee_token.into_u256(),
            )
            .unwrap();

        {
            let fee_token = ctx.journaled_state.get_fee_token(
                &ctx.tx,
                user,
                ctx.cfg.spec,
                tempo_precompiles::storage::StorageActions::disabled(),
            )?;
            assert_eq!(DEFAULT_FEE_TOKEN, fee_token);
        }

        // Set user token
        let user_slot = TipFeeManager::new().user_tokens[user].slot();
        ctx.journaled_state
            .sstore(
                TIP_FEE_MANAGER_ADDRESS,
                user_slot,
                user_fee_token.into_u256(),
            )
            .unwrap();

        {
            let fee_token = ctx.journaled_state.get_fee_token(
                &ctx.tx,
                user,
                ctx.cfg.spec,
                tempo_precompiles::storage::StorageActions::disabled(),
            )?;
            assert_eq!(user_fee_token, fee_token);
        }

        // Set tx fee token
        ctx.tx.fee_token = Some(tx_fee_token);
        let fee_token = ctx.journaled_state.get_fee_token(
            &ctx.tx,
            user,
            ctx.cfg.spec,
            tempo_precompiles::storage::StorageActions::disabled(),
        )?;
        assert_eq!(tx_fee_token, fee_token);

        Ok(())
    }

    #[test]
    fn test_aa_gas_single_call_vs_normal_tx() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{Bytes, TxKind};
        use revm::interpreter::gas::calculate_initial_tx_gas;
        use tempo_primitives::transaction::{Call, TempoSignature};
        let gas_params = GasParams::default();

        // Test that AA tx with secp256k1 and single call matches normal tx + per-call overhead
        let calldata = Bytes::from(vec![1, 2, 3, 4, 5]); // 5 non-zero bytes
        let to = Address::random();

        // Single call for AA
        let call = Call {
            to: TxKind::Call(to),
            value: U256::ZERO,
            input: calldata.clone(),
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )), // dummy secp256k1 sig
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        // Calculate AA gas
        let spec = tempo_chainspec::hardfork::TempoHardfork::default();
        let aa_gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>, // no access list
            spec,
        )
        .unwrap();

        // Calculate expected gas using revm's function for equivalent normal tx
        let normal_tx_gas = calculate_initial_tx_gas(
            spec.into(),
            &calldata,
            false, // not create
            0,     // no access list accounts
            0,     // no access list storage
            0,     // no authorization list
        );

        // AA with secp256k1 + single call should match normal tx exactly
        assert_eq!(
            aa_gas.initial_total_gas(),
            normal_tx_gas.initial_total_gas()
        );
    }

    #[test]
    fn test_aa_gas_multiple_calls_overhead() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{Bytes, TxKind};
        use revm::interpreter::gas::calculate_initial_tx_gas;
        use tempo_primitives::transaction::{Call, TempoSignature};

        let calldata = Bytes::from(vec![1, 2, 3]); // 3 non-zero bytes

        let calls = vec![
            Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: calldata.clone(),
            },
            Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: calldata.clone(),
            },
            Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: calldata.clone(),
            },
        ];

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: calls,
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let spec = tempo_chainspec::hardfork::TempoHardfork::default();
        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            spec,
        )
        .unwrap();

        // Calculate base gas for a single normal tx
        let base_tx_gas = calculate_initial_tx_gas(spec.into(), &calldata, false, 0, 0, 0);

        // For 3 calls: base (21k) + 3*calldata + 2*per-call overhead (calls 2 and 3)
        // = 21k + 2*(calldata cost) + 2*COLD_ACCOUNT_ACCESS_COST
        let expected = base_tx_gas.initial_total_gas()
            + 2 * (calldata.len() as u64 * 16)
            + 2 * COLD_ACCOUNT_ACCESS_COST;
        // Should charge per-call overhead for calls beyond the first
        assert_eq!(gas.initial_total_gas(), expected,);
    }

    #[test]
    fn test_aa_gas_p256_signature() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{B256, Bytes, TxKind};
        use revm::interpreter::gas::calculate_initial_tx_gas;
        use tempo_primitives::transaction::{
            Call, TempoSignature, tt_signature::P256SignatureWithPreHash,
        };

        let spec = SpecId::CANCUN;
        let calldata = Bytes::from(vec![1, 2]);

        let call = Call {
            to: TxKind::Call(Address::random()),
            value: U256::ZERO,
            input: calldata.clone(),
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::P256(
                P256SignatureWithPreHash {
                    r: B256::ZERO,
                    s: B256::ZERO,
                    pub_key_x: B256::ZERO,
                    pub_key_y: B256::ZERO,
                    pre_hash: false,
                },
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        )
        .unwrap();

        // Calculate base gas for normal tx
        let base_gas = calculate_initial_tx_gas(spec, &calldata, false, 0, 0, 0);

        // Expected: normal tx + P256_VERIFY_GAS
        let expected = base_gas.initial_total_gas() + P256_VERIFY_GAS;
        assert_eq!(gas.initial_total_gas(), expected,);
    }

    #[test]
    fn test_aa_gas_create_call() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{Bytes, TxKind};
        use revm::interpreter::gas::calculate_initial_tx_gas;
        use tempo_primitives::transaction::{Call, TempoSignature};

        let spec = SpecId::CANCUN; // Post-Shanghai
        let initcode = Bytes::from(vec![0x60, 0x80]); // 2 bytes

        let call = Call {
            to: TxKind::Create,
            value: U256::ZERO,
            input: initcode.clone(),
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        )
        .unwrap();

        // Calculate expected using revm's function for CREATE tx
        let base_gas = calculate_initial_tx_gas(
            spec, &initcode, true, // is_create = true
            0, 0, 0,
        );

        // AA CREATE should match normal CREATE exactly
        assert_eq!(gas.initial_total_gas(), base_gas.initial_total_gas(),);
    }

    #[test]
    fn test_aa_gas_value_transfer() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{Bytes, TxKind};
        use tempo_primitives::transaction::{Call, TempoSignature};

        let calldata = Bytes::from(vec![1]);

        let call = Call {
            to: TxKind::Call(Address::random()),
            value: U256::from(1000), // Non-zero value
            input: calldata,
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let res = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        );

        assert_eq!(
            res.unwrap_err(),
            TempoInvalidTransaction::ValueTransferNotAllowedInAATx
        );
    }

    #[test]
    fn test_aa_gas_access_list() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{Bytes, TxKind};
        use revm::interpreter::gas::calculate_initial_tx_gas;
        use tempo_primitives::transaction::{Call, TempoSignature};

        let spec = SpecId::CANCUN;
        let calldata = Bytes::from(vec![]);

        let call = Call {
            to: TxKind::Call(Address::random()),
            value: U256::ZERO,
            input: calldata.clone(),
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        // Test without access list
        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        )
        .unwrap();

        // Calculate expected using revm's function
        let base_gas = calculate_initial_tx_gas(spec, &calldata, false, 0, 0, 0);

        // Expected: normal tx
        assert_eq!(gas.initial_total_gas(), base_gas.initial_total_gas(),);
    }

    #[test]
    fn test_key_authorization_rlp_encoding() {
        use alloy_primitives::{Address, U256};
        use tempo_primitives::transaction::{
            SignatureType, TokenLimit, key_authorization::KeyAuthorization,
        };

        // Create test data
        let chain_id = 1u64;
        let key_type = SignatureType::Secp256k1;
        let key_id = Address::random();
        let expiry = 1000u64;
        let limits = vec![
            TokenLimit {
                token: Address::random(),
                limit: U256::from(100),
                period: 0,
            },
            TokenLimit {
                token: Address::random(),
                limit: U256::from(200),
                period: 0,
            },
        ];

        // Compute hash using the helper function
        let hash1 = KeyAuthorization::unrestricted(chain_id, key_type, key_id)
            .with_expiry(expiry)
            .with_limits(limits.clone())
            .signature_hash();

        // Compute again to verify consistency
        let hash2 = KeyAuthorization::unrestricted(chain_id, key_type, key_id)
            .with_expiry(expiry)
            .with_limits(limits.clone())
            .signature_hash();

        assert_eq!(hash1, hash2, "Hash computation should be deterministic");

        // Verify that different chain_id produces different hash
        let hash3 = KeyAuthorization::unrestricted(2, key_type, key_id)
            .with_expiry(expiry)
            .with_limits(limits)
            .signature_hash();
        assert_ne!(
            hash1, hash3,
            "Different chain_id should produce different hash"
        );
    }

    #[test]
    fn test_aa_gas_floor_gas_prague() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{Bytes, TxKind};
        use revm::interpreter::gas::calculate_initial_tx_gas;
        use tempo_primitives::transaction::{Call, TempoSignature};

        let spec = SpecId::PRAGUE;
        let calldata = Bytes::from(vec![1, 2, 3, 4, 5]); // 5 non-zero bytes

        let call = Call {
            to: TxKind::Call(Address::random()),
            value: U256::ZERO,
            input: calldata.clone(),
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        )
        .unwrap();

        // Calculate expected floor gas using revm's function
        let base_gas = calculate_initial_tx_gas(spec, &calldata, false, 0, 0, 0);

        // Floor gas should match revm's calculation for same calldata
        assert_eq!(
            gas.floor_gas, base_gas.floor_gas,
            "Should calculate floor gas for Prague matching revm"
        );
    }

    /// This test will start failing once we get the balance transfer enabled
    /// PR that introduced [`TempoInvalidTransaction::ValueTransferNotAllowed`] https://github.com/tempoxyz/tempo/pull/759
    #[test]
    fn test_zero_value_transfer() -> eyre::Result<()> {
        use crate::TempoEvm;

        // Create a test context with a transaction that has a non-zero value
        let ctx = Context::mainnet()
            .with_db(CacheDB::new(EmptyDB::default()))
            .with_block(Default::default())
            .with_cfg(Default::default())
            .with_tx(TempoTxEnv::default());
        let mut evm = TempoEvm::new(ctx, ());

        // Set a non-zero value on the transaction
        evm.ctx.tx.inner.value = U256::from(1000);

        // Create the handler
        let handler = TempoEvmHandler::<_, ()>::new();

        // Call validate_env and expect it to fail with ValueTransferNotAllowed
        let result = handler.validate_env(&mut evm);

        if let Err(EVMError::Transaction(err)) = result {
            assert_eq!(err, TempoInvalidTransaction::ValueTransferNotAllowed);
        } else {
            panic!("Expected ValueTransferNotAllowed error");
        }

        Ok(())
    }

    #[test]
    fn test_key_authorization_gas_with_limits() {
        use tempo_primitives::transaction::{
            KeyAuthorization, SignatureType, SignedKeyAuthorization, TokenLimit,
        };

        // Helper to create key auth with N limits
        let create_key_auth = |num_limits: usize| -> SignedKeyAuthorization {
            let mut auth =
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random());
            if num_limits > 0 {
                auth = auth.with_limits(
                    (0..num_limits)
                        .map(|_| TokenLimit {
                            token: Address::random(),
                            limit: U256::from(1000),
                            period: 0,
                        })
                        .collect(),
                );
            }
            auth.into_signed(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            ))
        };

        // Test 0 limits: base (27k) + ecrecover (3k) = 30,000
        let (gas_0, state_0) = calculate_key_authorization_gas(
            &create_key_auth(0),
            &GasParams::default(),
            tempo_chainspec::hardfork::TempoHardfork::default(),
        );
        assert_eq!(
            gas_0,
            KEY_AUTH_BASE_GAS + ECRECOVER_GAS,
            "0 limits should be 30,000"
        );
        assert_eq!(state_0, 0, "pre-T1B has no state gas");

        // Test 1 limit: 30,000 + 22,000 = 52,000
        let (gas_1, state_1) = calculate_key_authorization_gas(
            &create_key_auth(1),
            &GasParams::default(),
            tempo_chainspec::hardfork::TempoHardfork::default(),
        );
        assert_eq!(
            gas_1,
            KEY_AUTH_BASE_GAS + ECRECOVER_GAS + KEY_AUTH_PER_LIMIT_GAS,
            "1 limit should be 52,000"
        );
        assert_eq!(state_1, 0, "pre-T1B has no state gas");

        // Test 2 limits: 30,000 + 44,000 = 74,000
        let (gas_2, _) = calculate_key_authorization_gas(
            &create_key_auth(2),
            &GasParams::default(),
            tempo_chainspec::hardfork::TempoHardfork::default(),
        );
        assert_eq!(
            gas_2,
            KEY_AUTH_BASE_GAS + ECRECOVER_GAS + 2 * KEY_AUTH_PER_LIMIT_GAS,
            "2 limits should be 74,000"
        );

        // Test 3 limits: 30,000 + 66,000 = 96,000
        let (gas_3, _) = calculate_key_authorization_gas(
            &create_key_auth(3),
            &GasParams::default(),
            tempo_chainspec::hardfork::TempoHardfork::default(),
        );
        assert_eq!(
            gas_3,
            KEY_AUTH_BASE_GAS + ECRECOVER_GAS + 3 * KEY_AUTH_PER_LIMIT_GAS,
            "3 limits should be 96,000"
        );

        // T1B branch: gas = sig_gas + SLOAD + SSTORE * (1 + num_limits) + buffer
        let t1b_gas_params = crate::gas_params::tempo_gas_params(TempoHardfork::T1B);
        let sstore =
            t1b_gas_params.get(revm::context_interface::cfg::GasId::sstore_set_without_load_cost());
        let sload =
            t1b_gas_params.warm_storage_read_cost() + t1b_gas_params.cold_storage_additional_cost();
        const BUFFER: u64 = 2_000;

        for num_limits in 0..=3 {
            let (gas, state_gas) = calculate_key_authorization_gas(
                &create_key_auth(num_limits),
                &t1b_gas_params,
                TempoHardfork::T1B,
            );
            let expected = ECRECOVER_GAS + sload + sstore * (1 + num_limits as u64) + BUFFER;
            assert_eq!(gas, expected, "T1B with {num_limits} limits");
            assert_eq!(state_gas, 0, "T1B has no state gas");
        }

        let t3_gas_params = crate::gas_params::tempo_gas_params(TempoHardfork::T3);
        let t3_sstore =
            t3_gas_params.get(revm::context_interface::cfg::GasId::sstore_set_without_load_cost());
        let t3_sload =
            t3_gas_params.warm_storage_read_cost() + t3_gas_params.cold_storage_additional_cost();

        for num_limits in 0..=3 {
            let num_sstores = 1 + 2 * num_limits as u64;
            let (gas, state_gas) = calculate_key_authorization_gas(
                &create_key_auth(num_limits),
                &t3_gas_params,
                TempoHardfork::T3,
            );
            let expected = ECRECOVER_GAS + t3_sload + t3_sstore * num_sstores + BUFFER;
            assert_eq!(gas, expected, "T3 with {num_limits} limits");
            assert_eq!(state_gas, 0, "T3 has no state gas");
        }

        // T4 with T4 gas params: regular sstore = 19,900, state gas = 230,000 per SSTORE
        let t4_gas_params = crate::gas_params::tempo_gas_params(TempoHardfork::T4);
        let t4_sstore =
            t4_gas_params.get(revm::context_interface::cfg::GasId::sstore_set_without_load_cost());
        let t4_sload =
            t4_gas_params.warm_storage_read_cost() + t4_gas_params.cold_storage_additional_cost();
        let t4_sstore_state =
            t4_gas_params.get(revm::context_interface::cfg::GasId::sstore_set_state_gas());

        for num_limits in 0..=3 {
            let num_sstores = 1 + 2 * num_limits as u64;
            let (gas, state_gas) = calculate_key_authorization_gas(
                &create_key_auth(num_limits),
                &t4_gas_params,
                TempoHardfork::T4,
            );
            let expected_state = t4_sstore_state * num_sstores;
            let expected = ECRECOVER_GAS
                + t4_sload
                + t4_sstore * num_sstores
                + BUFFER
                + 5_000
                + expected_state;
            assert_eq!(gas, expected, "T4 with {num_limits} limits");
            assert_eq!(
                state_gas, expected_state,
                "T4 state gas with {num_limits} limits"
            );
        }

        let t5_gas_params = crate::gas_params::tempo_gas_params(TempoHardfork::T5);
        let t5_sload =
            t5_gas_params.warm_storage_read_cost() + t5_gas_params.cold_storage_additional_cost();
        let base_t5_key_auth = create_key_auth(0);
        let mut witness_t5_key_auth = create_key_auth(0);
        witness_t5_key_auth.authorization = witness_t5_key_auth
            .authorization
            .with_witness(B256::repeat_byte(0x53));

        let (base_t5_gas, base_t5_state_gas) =
            calculate_key_authorization_gas(&base_t5_key_auth, &t5_gas_params, TempoHardfork::T5);
        let (witness_t5_gas, witness_t5_state_gas) = calculate_key_authorization_gas(
            &witness_t5_key_auth,
            &t5_gas_params,
            TempoHardfork::T5,
        );

        assert_eq!(
            witness_t5_gas - base_t5_gas,
            t5_sload + KEY_AUTH_EXTRA_EVENT_BUFFER,
            "T5 witness adds one burned-witness SLOAD and one event"
        );
        assert_eq!(
            witness_t5_state_gas - base_t5_state_gas,
            0,
            "T5 witness authorization does not add state gas"
        );

        let t6_gas_params = crate::gas_params::tempo_gas_params(TempoHardfork::T6);
        let base_t6_key_auth = create_key_auth(0);
        let mut account_bound_t6_key_auth = create_key_auth(0);
        account_bound_t6_key_auth.authorization = account_bound_t6_key_auth
            .authorization
            .with_account(Address::random());
        let mut admin_t6_key_auth = create_key_auth(0);
        admin_t6_key_auth.authorization = admin_t6_key_auth
            .authorization
            .into_admin(Address::random());
        let mut unbound_admin_t6_key_auth = create_key_auth(0);
        unbound_admin_t6_key_auth.authorization.is_admin = true;

        let (base_t6_gas, base_t6_state_gas) =
            calculate_key_authorization_gas(&base_t6_key_auth, &t6_gas_params, TempoHardfork::T6);
        let (account_bound_t6_gas, account_bound_t6_state_gas) = calculate_key_authorization_gas(
            &account_bound_t6_key_auth,
            &t6_gas_params,
            TempoHardfork::T6,
        );
        let (admin_t6_gas, admin_t6_state_gas) =
            calculate_key_authorization_gas(&admin_t6_key_auth, &t6_gas_params, TempoHardfork::T6);
        let (unbound_admin_t6_gas, unbound_admin_t6_state_gas) = calculate_key_authorization_gas(
            &unbound_admin_t6_key_auth,
            &t6_gas_params,
            TempoHardfork::T6,
        );

        assert_eq!(
            account_bound_t6_gas - base_t6_gas,
            0,
            "T6 account-bound authorization does not add key authorization gas"
        );
        assert_eq!(
            admin_t6_gas - base_t6_gas,
            KEY_AUTH_EXTRA_EVENT_BUFFER,
            "T6 account-bound admin authorization charges one extra event buffer"
        );
        assert_eq!(
            admin_t6_gas - account_bound_t6_gas,
            KEY_AUTH_EXTRA_EVENT_BUFFER,
            "T6 admin authorization pays one extra event buffer over non-admin account-bound authorization"
        );
        assert_eq!(
            unbound_admin_t6_gas - base_t6_gas,
            KEY_AUTH_EXTRA_EVENT_BUFFER,
            "T6 root-signed admin authorization without account charges only the extra event buffer"
        );
        assert_eq!(
            account_bound_t6_state_gas, base_t6_state_gas,
            "T6 account binding does not add state gas"
        );
        assert_eq!(
            admin_t6_state_gas, base_t6_state_gas,
            "T6 admin authorization event buffer does not add state gas"
        );
        assert_eq!(
            unbound_admin_t6_state_gas, base_t6_state_gas,
            "T6 unbound admin authorization does not add state gas"
        );

        let scoped = KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random())
            .with_allowed_calls(vec![tempo_primitives::transaction::CallScope {
                target: Address::random(),
                selector_rules: vec![tempo_primitives::transaction::SelectorRule {
                    selector: [0xa9, 0x05, 0x9c, 0xbb],
                    recipients: vec![Address::random(), Address::random()],
                }],
            }])
            .into_signed(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            ));

        let (gas, state_gas) =
            calculate_key_authorization_gas(&scoped, &t3_gas_params, TempoHardfork::T3);
        let expected = ECRECOVER_GAS + t3_sload + t3_sstore * (1 + 12) + BUFFER;
        assert_eq!(
            gas, expected,
            "T3 scope writes should keep current main accounting"
        );
        assert_eq!(state_gas, 0, "T3 has no state gas");

        let (gas, state_gas) =
            calculate_key_authorization_gas(&scoped, &t4_gas_params, TempoHardfork::T4);
        // 1 key write + 12 scope slots = 13 SSTOREs:
        // account mode(1) + target insertion rows(3) + selector insertion rows(3)
        // + constrained selector recipient-length(1) + recipients values+positions(2*2).
        // The rounded surcharge adds 5k base + 7k per target + 7k per selector + 5k per
        // recipient, which keeps larger scope trees from being materially underpriced.
        let num_sstores = 1 + 12;
        let expected_state = t4_sstore_state * num_sstores;
        let expected =
            ECRECOVER_GAS + t4_sload + t4_sstore * num_sstores + BUFFER + 29_000 + expected_state;
        assert_eq!(gas, expected, "T4 scope writes should be fully charged");
        assert_eq!(state_gas, expected_state, "T4 scope state gas");
        let multi_scope =
            KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random())
                .with_allowed_calls(vec![
                    tempo_primitives::transaction::CallScope {
                        target: Address::random(),
                        selector_rules: vec![
                            tempo_primitives::transaction::SelectorRule {
                                selector: [0xa9, 0x05, 0x9c, 0xbb],
                                recipients: vec![],
                            },
                            tempo_primitives::transaction::SelectorRule {
                                selector: [0x09, 0x5e, 0xa7, 0xb3],
                                recipients: vec![],
                            },
                        ],
                    },
                    tempo_primitives::transaction::CallScope {
                        target: Address::random(),
                        selector_rules: vec![],
                    },
                ])
                .into_signed(PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ));

        let (gas, state_gas) =
            calculate_key_authorization_gas(&multi_scope, &t3_gas_params, TempoHardfork::T3);
        let expected = ECRECOVER_GAS + t3_sload + t3_sstore * 14 + BUFFER;
        assert_eq!(
            gas, expected,
            "T3 scope writes should keep current main accounting"
        );
        assert_eq!(state_gas, 0, "T3 has no state gas");

        let (gas, state_gas) =
            calculate_key_authorization_gas(&multi_scope, &t4_gas_params, TempoHardfork::T4);
        let expected_state = t4_sstore_state * 12;
        let expected = ECRECOVER_GAS + t4_sload + t4_sstore * 12 + BUFFER + 33_000 + expected_state;
        assert_eq!(
            gas, expected,
            "T4 scope writes should only charge storage-creating rows"
        );
        assert_eq!(state_gas, expected_state, "T4 scope state gas");
    }

    #[test]
    fn test_t4_key_authorization_matches_tip1016_sstore_regular_cost() {
        use tempo_primitives::transaction::{KeyAuthorization, SignatureType};

        let key_auth =
            KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random())
                .into_signed(PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ));

        // TIP-1016 is opt-in via amsterdam_eip8037; manually enable for this test.
        let gas_params =
            crate::gas_params::tempo_gas_params_with_amsterdam(TempoHardfork::T4, true);

        let sig_gas = ECRECOVER_GAS + primitive_signature_verification_gas(&key_auth.signature);
        let sload = gas_params.warm_storage_read_cost() + gas_params.cold_storage_additional_cost();
        let scope_extra_gas = call_scope_extra_gas(&key_auth.authorization);
        let (regular_gas, state_gas) =
            calculate_key_authorization_gas(&key_auth, &gas_params, TempoHardfork::T4);
        let helper_sstore_regular = regular_gas - sig_gas - sload - 2_000 - scope_extra_gas;

        assert_eq!(helper_sstore_regular, 20_000);
        assert_eq!(state_gas, 230_000);
    }

    #[test]
    fn test_t7_key_authorization_intrinsic_includes_storage_credit_value() {
        use tempo_chainspec::constants::gas::SSTORE_CREATE_COST;
        use tempo_primitives::transaction::{KeyAuthorization, SignatureType};

        let key_auth =
            KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random())
                .into_signed(PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ));

        let gas_params = crate::gas_params::tempo_gas_params(TempoHardfork::T7);
        let sig_gas = ECRECOVER_GAS + primitive_signature_verification_gas(&key_auth.signature);
        let sload = gas_params.warm_storage_read_cost() + gas_params.cold_storage_additional_cost();
        let scope_extra_gas = call_scope_extra_gas(&key_auth.authorization);
        let (regular_gas, state_gas) =
            calculate_key_authorization_gas(&key_auth, &gas_params, TempoHardfork::T7);
        let helper_sstore_regular = regular_gas - sig_gas - sload - 2_000 - scope_extra_gas;

        assert_eq!(
            gas_params.get(GasId::sstore_set_without_load_cost()),
            SSTORE_CREATE_COST - STORAGE_CREDIT_VALUE,
            "T7 gas table should expose only the SSTORE residual"
        );
        assert_eq!(
            helper_sstore_regular, SSTORE_CREATE_COST,
            "key authorization intrinsic gas must include the TIP-1060 creditable portion"
        );
        assert_eq!(state_gas, 0, "T7 without TIP-1016 has no state gas split");
    }

    #[test]
    fn test_translate_allowed_calls_for_precompile_preserves_empty_nested_allow_all_lists() {
        use tempo_primitives::transaction::{
            CallScope, KeyAuthorization, SelectorRule, SignatureType,
        };

        let empty_selector_rules =
            KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random())
                .with_allowed_calls(vec![CallScope {
                    target: Address::random(),
                    selector_rules: vec![],
                }])
                .into_signed(PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ));

        let translated = translate_allowed_calls_for_precompile(&empty_selector_rules);
        assert_eq!(translated.len(), 1);
        assert!(translated[0].selectorRules.is_empty());

        let empty_recipients =
            KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random())
                .with_allowed_calls(vec![CallScope {
                    target: Address::random(),
                    selector_rules: vec![SelectorRule {
                        selector: [0xa9, 0x05, 0x9c, 0xbb],
                        recipients: vec![],
                    }],
                }])
                .into_signed(PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ));

        let translated = translate_allowed_calls_for_precompile(&empty_recipients);
        assert_eq!(translated.len(), 1);
        assert_eq!(translated[0].selectorRules.len(), 1);
        assert!(translated[0].selectorRules[0].recipients.is_empty());
    }

    #[test]
    fn test_key_authorization_gas_in_batch() {
        use crate::TempoBatchCallEnv;
        use alloy_primitives::{Bytes, TxKind};
        use revm::interpreter::gas::calculate_initial_tx_gas;
        use tempo_primitives::transaction::{
            Call, KeyAuthorization, SignatureType, SignedKeyAuthorization, TempoSignature,
            TokenLimit,
        };

        let calldata = Bytes::from(vec![1, 2, 3]);

        let call = Call {
            to: TxKind::Call(Address::random()),
            value: U256::ZERO,
            input: calldata.clone(),
        };

        // Create key authorization with 2 limits
        let key_auth: SignedKeyAuthorization =
            KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::random())
                .with_limits(vec![
                    TokenLimit {
                        token: Address::random(),
                        limit: U256::from(1000),
                        period: 0,
                    },
                    TokenLimit {
                        token: Address::random(),
                        limit: U256::from(2000),
                        period: 0,
                    },
                ])
                .into_signed(PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ));

        let aa_env_with_key_auth = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call.clone()],
            key_authorization: Some(key_auth),
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let aa_env_without_key_auth = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        // Calculate gas WITH key authorization
        let gas_with_key_auth = calculate_aa_batch_intrinsic_gas(
            &aa_env_with_key_auth,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        )
        .unwrap();

        // Calculate gas WITHOUT key authorization
        let gas_without_key_auth = calculate_aa_batch_intrinsic_gas(
            &aa_env_without_key_auth,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        )
        .unwrap();

        // Expected key auth gas: 30,000 (base + ecrecover) + 2 * 22,000 (limits) = 74,000
        let expected_key_auth_gas = KEY_AUTH_BASE_GAS + ECRECOVER_GAS + 2 * KEY_AUTH_PER_LIMIT_GAS;

        assert_eq!(
            gas_with_key_auth.initial_total_gas() - gas_without_key_auth.initial_total_gas(),
            expected_key_auth_gas,
            "Key authorization should add exactly {expected_key_auth_gas} gas to batch",
        );

        // Also verify absolute values
        let spec = tempo_chainspec::hardfork::TempoHardfork::default();
        let base_tx_gas = calculate_initial_tx_gas(spec.into(), &calldata, false, 0, 0, 0);
        let expected_without = base_tx_gas.initial_total_gas(); // no cold access for single call
        let expected_with = expected_without + expected_key_auth_gas;

        assert_eq!(
            gas_without_key_auth.initial_total_gas(),
            expected_without,
            "Gas without key auth should match expected"
        );
        assert_eq!(
            gas_with_key_auth.initial_total_gas(),
            expected_with,
            "Gas with key auth should match expected"
        );
    }

    #[test]
    fn test_2d_nonce_gas_in_intrinsic_gas() {
        use crate::gas_params::tempo_gas_params;
        use revm::{context_interface::cfg::GasId, handler::Handler};

        const BASE_INTRINSIC_GAS: u64 = 21_000;

        for spec in [
            TempoHardfork::Genesis,
            TempoHardfork::T0,
            TempoHardfork::T1,
            TempoHardfork::T1A,
            TempoHardfork::T1B,
            TempoHardfork::T2,
        ] {
            let gas_params = tempo_gas_params(spec);

            let make_evm = |nonce: u64, nonce_key: U256| {
                let journal = Journal::new(CacheDB::new(EmptyDB::default()));
                let mut cfg = CfgEnv::<TempoHardfork>::default();
                cfg.spec = spec;
                cfg.gas_params = gas_params.clone();
                let ctx = Context::mainnet()
                    .with_db(CacheDB::new(EmptyDB::default()))
                    .with_block(TempoBlockEnv::default())
                    .with_cfg(cfg)
                    .with_tx(TempoTxEnv {
                        inner: revm::context::TxEnv {
                            gas_limit: 1_000_000,
                            nonce,
                            ..Default::default()
                        },
                        tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                            aa_calls: vec![Call {
                                to: TxKind::Call(Address::random()),
                                value: U256::ZERO,
                                input: Bytes::new(),
                            }],
                            nonce_key,
                            ..Default::default()
                        })),
                        ..Default::default()
                    })
                    .with_new_journal(journal);
                TempoEvm::<_, ()>::new(ctx, ())
            };

            let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();

            // Case 1: Protocol nonce (nonce_key == 0, nonce > 0) - no additional gas
            {
                let mut evm = make_evm(5, U256::ZERO);
                let gas = handler.validate_initial_tx_gas(&mut evm).unwrap();
                assert_eq!(
                    gas.initial_total_gas(),
                    BASE_INTRINSIC_GAS,
                    "{spec:?}: protocol nonce (nonce_key=0, nonce>0) should have no extra gas"
                );
            }

            // Case 2: nonce_key != 0, nonce == 0
            {
                let expected = if spec.is_t1() {
                    // T1+: any nonce==0 charges new_account_cost (250k)
                    BASE_INTRINSIC_GAS + gas_params.get(GasId::new_account_cost())
                } else {
                    // Pre-T1: charges gas_new_nonce_key for new 2D key
                    BASE_INTRINSIC_GAS + spec.gas_new_nonce_key()
                };
                let mut evm = make_evm(0, U256::ONE);
                let gas = handler.validate_initial_tx_gas(&mut evm).unwrap();
                assert_eq!(
                    gas.initial_total_gas(),
                    expected,
                    "{spec:?}: nonce_key!=0, nonce==0 gas mismatch"
                );
            }

            // Case 3: Existing 2D nonce key (nonce_key != 0, nonce > 0)
            {
                let mut evm = make_evm(5, U256::ONE);
                let gas = handler.validate_initial_tx_gas(&mut evm).unwrap();
                assert_eq!(
                    gas.initial_total_gas(),
                    BASE_INTRINSIC_GAS + spec.gas_existing_nonce_key(),
                    "{spec:?}: existing 2D nonce key gas mismatch"
                );
            }
        }
    }

    #[test]
    fn test_2d_nonce_gas_limit_validation() {
        use crate::gas_params::tempo_gas_params;
        use revm::{context_interface::cfg::GasId, handler::Handler};

        const BASE_INTRINSIC_GAS: u64 = 21_000;

        for spec in [
            TempoHardfork::Genesis,
            TempoHardfork::T0,
            TempoHardfork::T1,
            TempoHardfork::T2,
        ] {
            let gas_params = tempo_gas_params(spec);

            // Build spec-specific test cases: (gas_limit, nonce, expected_result)
            let nonce_zero_gas = if spec.is_t1() {
                gas_params.get(GasId::new_account_cost())
            } else {
                spec.gas_new_nonce_key()
            };
            let nonce_zero_state_gas = gas_params.new_account_state_gas();
            let nonce_zero_total = nonce_zero_gas + nonce_zero_state_gas;

            let cases = if spec.is_t0() {
                let mut cases = vec![
                    (BASE_INTRINSIC_GAS + nonce_zero_total, 0, true), // Exactly sufficient for nonce==0 (exec + state)
                    (BASE_INTRINSIC_GAS + spec.gas_existing_nonce_key(), 1, true), // Exactly sufficient for existing key
                ];
                // Insufficient: below total required for nonce==0
                cases.push((BASE_INTRINSIC_GAS + nonce_zero_total - 1, 0u64, false));
                cases
            } else {
                // Genesis: nonce gas is added AFTER validation, so lower gas_limit still passes
                vec![
                    (BASE_INTRINSIC_GAS + 10_000, 0u64, true), // Passes validation (nonce gas added after)
                    (BASE_INTRINSIC_GAS + nonce_zero_gas, 0, true), // Also passes
                    (BASE_INTRINSIC_GAS + spec.gas_existing_nonce_key(), 1, true), // Also passes
                    (BASE_INTRINSIC_GAS - 1, 0, false),        // Below base intrinsic gas
                ]
            };

            for (gas_limit, nonce, should_succeed) in cases {
                let journal = Journal::new(CacheDB::new(EmptyDB::default()));
                let mut cfg = CfgEnv::<TempoHardfork>::default();
                cfg.spec = spec;
                cfg.gas_params = gas_params.clone();
                let ctx = Context::mainnet()
                    .with_db(CacheDB::new(EmptyDB::default()))
                    .with_block(TempoBlockEnv::default())
                    .with_cfg(cfg)
                    .with_tx(TempoTxEnv {
                        inner: revm::context::TxEnv {
                            gas_limit,
                            nonce,
                            ..Default::default()
                        },
                        tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                            aa_calls: vec![Call {
                                to: TxKind::Call(Address::random()),
                                value: U256::ZERO,
                                input: Bytes::new(),
                            }],
                            nonce_key: U256::ONE,
                            ..Default::default()
                        })),
                        ..Default::default()
                    })
                    .with_new_journal(journal);

                let mut evm: TempoEvm<_, ()> = TempoEvm::new(ctx, ());
                let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();
                let result = handler.validate_initial_tx_gas(&mut evm);

                if should_succeed {
                    assert!(
                        result.is_ok(),
                        "{spec:?}: gas_limit={gas_limit}, nonce={nonce}: expected success but got error"
                    );
                } else {
                    let err = result.expect_err(&format!(
                        "{spec:?}: gas_limit={gas_limit}, nonce={nonce}: should fail"
                    ));
                    assert!(
                        matches!(
                            err.as_invalid_tx_err(),
                            Some(TempoInvalidTransaction::EthInvalidTransaction(
                                InvalidTransaction::CallGasCostMoreThanGasLimit { .. }
                            ))
                        ),
                        "Expected CallGasCostMoreThanGasLimit, got: {err:?}"
                    );
                }
            }
        }
    }

    #[test]
    fn test_t3_scope_validation_moves_to_execution() {
        const CALL_SCOPE_SELECTOR: [u8; 4] = [0xde, 0xad, 0xbe, 0xef];

        let caller = Address::repeat_byte(0x11);
        let access_key = Address::repeat_byte(0x22);
        let target = DEFAULT_FEE_TOKEN;

        let signature =
            TempoSignature::Keychain(tempo_primitives::transaction::KeychainSignature::new(
                caller,
                tempo_primitives::transaction::PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ),
            ));

        let mut cfg = CfgEnv::<TempoHardfork>::default();
        cfg.spec = TempoHardfork::T3;

        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                caller,
                gas_limit: 1_000_000,
                kind: TxKind::Call(target),
                ..Default::default()
            },
            fee_token: Some(DEFAULT_FEE_TOKEN),
            tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                signature,
                aa_calls: vec![Call {
                    to: TxKind::Call(target),
                    value: U256::ZERO,
                    input: Bytes::from_static(&CALL_SCOPE_SELECTOR),
                }],
                signature_hash: B256::ZERO,
                override_key_id: Some(access_key),
                ..Default::default()
            })),
            ..Default::default()
        };

        let mut test = TestHandlerEvm::with_cfg(TempoHardfork::T3, tx_env, |cfg_override| {
            *cfg_override = cfg;
        });

        StorageCtx::enter_ctx(&mut test.evm.inner.ctx, StorageActions::disabled(), || {
            let mut keychain = AccountKeychain::new();

            keychain.initialize().expect("keychain initialized");
            keychain
                .set_transaction_key(Address::ZERO)
                .expect("root key setup succeeds");
            keychain
                .set_tx_origin(caller)
                .expect("tx.origin setup succeeds");
            keychain
                .authorize_key(
                    caller,
                    access_key,
                    PrecompileSignatureType::Secp256k1,
                    KeyRestrictions {
                        expiry: u64::MAX,
                        enforceLimits: false,
                        limits: vec![],
                        allowAnyCalls: false,
                        allowedCalls: vec![PrecompileCallScope {
                            target,
                            selectorRules: vec![PrecompileSelectorRule {
                                selector: CALL_SCOPE_SELECTOR.into(),
                                recipients: vec![],
                            }],
                        }],
                    },
                    None,
                )
                .expect("access key authorization succeeds");
        });

        let init_gas = test.validate_initial_tx_gas();
        assert!(
            init_gas.floor_gas <= init_gas.initial_total_gas(),
            "test requires floor gas to not exceed intrinsic gas"
        );

        test.evm.inner.ctx.tx.inner.gas_limit = init_gas.initial_total_gas();

        test.validate_against_state_and_deduct_caller()
            .expect("scope validation no longer runs during state validation");

        let result = test.execute(&init_gas);

        assert!(
            matches!(
                result.instruction_result(),
                revm::interpreter::InstructionResult::PrecompileOOG
            ),
            "expected scope validation to fail during execution with OOG, got: {:?}",
            result.instruction_result()
        );
        assert_eq!(
            result.gas().limit(),
            init_gas.initial_total_gas(),
            "batch OOG should report the full tx gas budget"
        );
        assert_eq!(
            result.gas().total_gas_spent(),
            init_gas.initial_total_gas(),
            "batch OOG should consume the full tx gas budget"
        );
        assert_eq!(result.gas().refunded(), 0);
    }

    #[test]
    fn test_t3_scope_validation_returns_call_not_allowed_revert_data() {
        use alloy_sol_types::SolInterface;
        use tempo_contracts::precompiles::AccountKeychainError;

        const ALLOWED_SELECTOR: [u8; 4] = [0xde, 0xad, 0xbe, 0xef];
        const DENIED_SELECTOR: [u8; 4] = [0xca, 0xfe, 0xba, 0xbe];

        let caller = Address::repeat_byte(0x11);
        let access_key = Address::repeat_byte(0x22);
        let target = DEFAULT_FEE_TOKEN;

        let signature =
            TempoSignature::Keychain(tempo_primitives::transaction::KeychainSignature::new(
                caller,
                tempo_primitives::transaction::PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ),
            ));

        let mut cfg = CfgEnv::<TempoHardfork>::default();
        cfg.spec = TempoHardfork::T3;

        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                caller,
                gas_limit: 1_000_000,
                kind: TxKind::Call(target),
                ..Default::default()
            },
            fee_token: Some(DEFAULT_FEE_TOKEN),
            tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                signature,
                aa_calls: vec![Call {
                    to: TxKind::Call(target),
                    value: U256::ZERO,
                    input: Bytes::from_static(&DENIED_SELECTOR),
                }],
                signature_hash: B256::ZERO,
                override_key_id: Some(access_key),
                ..Default::default()
            })),
            ..Default::default()
        };

        let ctx = Context::mainnet()
            .with_db(CacheDB::new(EmptyDB::default()))
            .with_block(TempoBlockEnv::default())
            .with_cfg(cfg)
            .with_tx(tx_env.clone())
            .with_new_journal(create_test_journal());

        let mut evm: TempoEvm<_, ()> = TempoEvm::new(ctx, ());
        let mut handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();

        StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
            let mut keychain = AccountKeychain::new();

            keychain.initialize().expect("keychain initialized");
            keychain
                .set_transaction_key(Address::ZERO)
                .expect("root key setup succeeds");
            keychain
                .set_tx_origin(caller)
                .expect("tx.origin setup succeeds");
            keychain
                .authorize_key(
                    caller,
                    access_key,
                    PrecompileSignatureType::Secp256k1,
                    KeyRestrictions {
                        expiry: u64::MAX,
                        enforceLimits: false,
                        limits: vec![],
                        allowAnyCalls: false,
                        allowedCalls: vec![PrecompileCallScope {
                            target,
                            selectorRules: vec![PrecompileSelectorRule {
                                selector: ALLOWED_SELECTOR.into(),
                                recipients: vec![],
                            }],
                        }],
                    },
                    None,
                )
                .expect("access key authorization succeeds");
        });

        let init_gas = handler
            .validate_initial_tx_gas(&mut evm)
            .expect("initial gas validation should succeed");

        handler
            .validate_against_state_and_deduct_caller(&mut evm, &mut Default::default())
            .expect("scope validation no longer runs during state validation");

        let result = handler
            .execution(&mut evm, &init_gas)
            .expect("execution should return a frame result");

        let expected_revert: Bytes = AccountKeychainError::call_not_allowed().abi_encode().into();

        assert_eq!(result.instruction_result(), InstructionResult::Revert);
        assert_eq!(result.output().data(), &expected_revert);
        assert!(
            result.gas().total_gas_spent() < tx_env.gas_limit,
            "prevalidate revert must not consume the full gas_limit"
        );
    }

    #[test]
    fn test_t3_scope_validation_empty_calls_returns_custom_error() {
        let caller = Address::repeat_byte(0x11);
        let access_key = Address::repeat_byte(0x22);

        let signature =
            TempoSignature::Keychain(tempo_primitives::transaction::KeychainSignature::new(
                caller,
                tempo_primitives::transaction::PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ),
            ));

        let mut cfg = CfgEnv::<TempoHardfork>::default();
        cfg.spec = TempoHardfork::T3;

        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                caller,
                gas_limit: 1_000_000,
                ..Default::default()
            },
            tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                signature,
                aa_calls: vec![],
                signature_hash: B256::ZERO,
                override_key_id: Some(access_key),
                ..Default::default()
            })),
            ..Default::default()
        };

        let ctx = Context::mainnet()
            .with_db(CacheDB::new(EmptyDB::default()))
            .with_block(TempoBlockEnv::default())
            .with_cfg(cfg)
            .with_tx(tx_env)
            .with_new_journal(create_test_journal());

        let mut evm: TempoEvm<_, ()> = TempoEvm::new(ctx, ());
        let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();
        let mut remaining_gas = 100_000;

        let err = handler
            .prevalidate_keychain_call_scopes(&mut evm, &[], &mut remaining_gas, 0)
            .expect_err("empty calls should return an error instead of panicking");

        match err {
            EVMError::Custom(msg) => {
                assert_eq!(msg, "AA transactions must contain at least one call");
            }
            other => panic!("expected custom error, got: {other:?}"),
        }
    }

    /// TIP-1060: T7 removes the EIP-3529 one-fifth refund cap; pre-T7 keeps it.
    #[test]
    fn test_refund_cap_removed_on_t7() {
        use revm::{
            Context, Journal,
            context::CfgEnv,
            database::{CacheDB, EmptyDB},
            handler::FrameResult,
            interpreter::{CallOutcome, Gas, InstructionResult, InterpreterResult},
        };

        // Refund (50k) deliberately exceeds one fifth of the gas used (100k / 5 = 20k).
        const SPENT: u64 = 100_000;
        const REFUND: i64 = 50_000;
        const CAPPED: i64 = (SPENT / 5) as i64;

        let refunded_for_spec = |spec: TempoHardfork| -> i64 {
            let mut cfg = CfgEnv::<TempoHardfork>::default();
            cfg.spec = spec;
            let ctx = Context::mainnet()
                .with_db(CacheDB::new(EmptyDB::default()))
                .with_block(TempoBlockEnv::default())
                .with_cfg(cfg)
                .with_tx(TempoTxEnv::default())
                .with_new_journal(Journal::new(CacheDB::new(EmptyDB::default())));
            let mut evm: TempoEvm<_, ()> = TempoEvm::new(ctx, ());
            let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();

            let mut gas = Gas::new(SPENT);
            gas.set_spent(SPENT);
            gas.record_refund(REFUND);
            let mut frame_result = FrameResult::Call(CallOutcome::new(
                InterpreterResult::new(InstructionResult::Stop, Bytes::new(), gas),
                0..0,
            ));

            handler.refund(&mut evm, &mut frame_result, 0);
            frame_result.gas().refunded()
        };

        assert_eq!(
            refunded_for_spec(TempoHardfork::T6),
            CAPPED,
            "pre-T7 must cap the refund at one fifth of gas used"
        );
        assert_eq!(
            refunded_for_spec(TempoHardfork::T7),
            REFUND,
            "T7 must credit the full refund, with no EIP-3529 cap"
        );
    }

    #[test]
    fn test_multicall_gas_refund_accounting() {
        use crate::evm::TempoEvm;
        use alloy_primitives::{Bytes, TxKind};
        use revm::{
            Context, Journal,
            context::CfgEnv,
            database::{CacheDB, EmptyDB},
            handler::FrameResult,
            interpreter::{CallOutcome, Gas, InstructionResult, InterpreterResult},
        };
        use tempo_primitives::transaction::Call;

        const GAS_LIMIT: u64 = 1_000_000;
        const INTRINSIC_GAS: u64 = 21_000;
        // Mock call's gas: (CALL_0, CALL_1)
        const SPENT: (u64, u64) = (1000, 500);
        const REFUND: (i64, i64) = (100, 50);

        // Create minimal EVM context
        let db = CacheDB::new(EmptyDB::default());
        let journal = Journal::new(db);
        let ctx = Context::mainnet()
            .with_db(CacheDB::new(EmptyDB::default()))
            .with_block(TempoBlockEnv::default())
            .with_cfg(CfgEnv::default())
            .with_tx(TempoTxEnv {
                inner: revm::context::TxEnv {
                    gas_limit: GAS_LIMIT,
                    ..Default::default()
                },
                ..Default::default()
            })
            .with_new_journal(journal);

        let mut evm: TempoEvm<_, ()> = TempoEvm::new(ctx, ());
        let mut handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();

        // Create mock calls
        let calls = vec![
            Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: Bytes::new(),
            },
            Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: Bytes::new(),
            },
        ];

        let (mut call_idx, calls_gas) = (0, [(SPENT.0, REFUND.0), (SPENT.1, REFUND.1)]);
        let result = handler.execute_multi_call_with(
            &mut evm,
            GAS_LIMIT - INTRINSIC_GAS,
            0,
            calls,
            |_handler, _evm, gas, _reservoir| {
                let (spent, refund) = calls_gas[call_idx];
                call_idx += 1;

                // Create gas with specific spent and refund values
                let mut gas = Gas::new(gas);
                gas.set_spent(spent);
                gas.record_refund(refund);

                // Mock successful frame result
                Ok(FrameResult::Call(CallOutcome::new(
                    InterpreterResult::new(InstructionResult::Stop, Bytes::new(), gas),
                    0..0,
                )))
            },
        );

        let result = result.expect("execute_multi_call_with should succeed");
        let final_gas = result.gas();

        assert_eq!(
            final_gas.total_gas_spent(),
            INTRINSIC_GAS + SPENT.0 + SPENT.1,
            "Total spent should be intrinsic_gas + sum of all calls' spent values"
        );
        assert_eq!(
            final_gas.refunded(),
            REFUND.0 + REFUND.1,
            "Total refund should be sum of all calls' refunded values"
        );
        assert_eq!(
            final_gas.used(),
            INTRINSIC_GAS + SPENT.0 + SPENT.1 - (REFUND.0 + REFUND.1) as u64,
            "used() should be spent - refund"
        );
    }

    /// Strategy for optional u64 timestamps.
    fn arb_opt_timestamp() -> impl Strategy<Value = Option<u64>> {
        prop_oneof![Just(None), any::<u64>().prop_map(Some)]
    }

    /// Helper to create a secp256k1 signature for testing gas calculations.
    ///
    /// Note: We use a test signature rather than real valid/invalid signatures because
    /// these gas calculation functions only depend on the signature *type* (Secp256k1,
    /// P256, WebAuthn), not on cryptographic validity. Signature verification happens
    /// separately during `recover_signer()` before transactions enter the pool.
    fn secp256k1_sig() -> TempoSignature {
        TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
            alloy_primitives::Signature::test_signature(),
        ))
    }

    /// Helper to create a TempoBatchCallEnv with specified calls.
    fn make_aa_env(calls: Vec<Call>) -> TempoBatchCallEnv {
        TempoBatchCallEnv {
            signature: secp256k1_sig(),
            aa_calls: calls,
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        }
    }

    /// Helper to create a single-call TempoBatchCallEnv with given calldata.
    fn make_single_call_env(calldata: Bytes) -> TempoBatchCallEnv {
        make_aa_env(vec![Call {
            to: TxKind::Call(Address::ZERO),
            value: U256::ZERO,
            input: calldata,
        }])
    }

    /// Helper to create a multi-call TempoBatchCallEnv with N empty calls.
    fn make_multi_call_env(num_calls: usize) -> TempoBatchCallEnv {
        make_aa_env(
            (0..num_calls)
                .map(|_| Call {
                    to: TxKind::Call(Address::ZERO),
                    value: U256::ZERO,
                    input: Bytes::new(),
                })
                .collect(),
        )
    }

    /// Helper to compute AA batch gas with no access list.
    fn compute_aa_gas(env: &TempoBatchCallEnv) -> InitialAndFloorGas {
        calculate_aa_batch_intrinsic_gas(
            env,
            &GasParams::default(),
            None::<std::iter::Empty<&AccessListItem>>,
            tempo_chainspec::hardfork::TempoHardfork::default(),
        )
        .unwrap()
    }

    proptest! {
        #![proptest_config(ProptestConfig::with_cases(500))]

        /// Property: validate_time_window returns Ok if (after <= ts < before)
        #[test]
        fn proptest_validate_time_window_correctness(
            valid_after in arb_opt_timestamp(),
            valid_before in arb_opt_timestamp(),
            block_timestamp in any::<u64>(),
        ) {
            let result = validate_time_window(valid_after, valid_before, block_timestamp);

            let after_ok = valid_after.is_none_or(|after| block_timestamp >= after);
            let before_ok = valid_before.is_none_or(|before| block_timestamp < before);
            let expected_valid = after_ok && before_ok;

            prop_assert_eq!(result.is_ok(), expected_valid,
                "valid_after={:?}, valid_before={:?}, block_ts={}, result={:?}",
                valid_after, valid_before, block_timestamp, result);
        }

        /// Property: validate_time_window with None constraints always succeeds
        #[test]
        fn proptest_validate_time_window_none_always_valid(block_timestamp in any::<u64>()) {
            prop_assert!(validate_time_window(None, None, block_timestamp).is_ok());
        }

        /// Property: validate_time_window with valid_after=0 is equivalent to None
        ///
        /// This tests the equivalence property: Some(0) and None for valid_after should produce
        /// identical results regardless of what valid_before is. We intentionally don't constrain
        /// valid_before because we're testing that the equivalence holds in all cases (both when
        /// valid_before causes success and when it causes failure).
        #[test]
        fn proptest_validate_time_window_zero_after_equivalent_to_none(
            valid_before in arb_opt_timestamp(),
            block_timestamp in any::<u64>(),
        ) {
            let with_zero = validate_time_window(Some(0), valid_before, block_timestamp);
            let with_none = validate_time_window(None, valid_before, block_timestamp);
            prop_assert_eq!(with_zero.is_ok(), with_none.is_ok());
        }

        /// Property: validate_time_window - if before <= after, the window is empty
        #[test]
        fn proptest_validate_time_window_empty_window(
            valid_after in 1u64..=u64::MAX,
            offset in 0u64..1000u64,
        ) {
            let valid_before = valid_after.saturating_sub(offset);
            let result = validate_time_window(Some(valid_after), Some(valid_before), valid_after);
            prop_assert!(result.is_err(), "Empty window should reject all timestamps");
        }

        /// Property: signature gas ordering is consistent: secp256k1 <= p256 <= webauthn
        #[test]
        fn proptest_signature_gas_ordering(webauthn_data_len in 0usize..1000) {
            let secp_sig = PrimitiveSignature::Secp256k1(alloy_primitives::Signature::test_signature());
            let p256_sig = PrimitiveSignature::P256(P256SignatureWithPreHash {
                r: B256::ZERO, s: B256::ZERO, pub_key_x: B256::ZERO, pub_key_y: B256::ZERO, pre_hash: false,
            });
            let webauthn_sig = PrimitiveSignature::WebAuthn(WebAuthnSignature {
                r: B256::ZERO, s: B256::ZERO, pub_key_x: B256::ZERO, pub_key_y: B256::ZERO,
                webauthn_data: Bytes::from(vec![0u8; webauthn_data_len]),
            });

            let secp_gas = primitive_signature_verification_gas(&secp_sig);
            let p256_gas = primitive_signature_verification_gas(&p256_sig);
            let webauthn_gas = primitive_signature_verification_gas(&webauthn_sig);

            prop_assert!(secp_gas <= p256_gas, "secp256k1 should be <= p256");
            prop_assert!(p256_gas <= webauthn_gas, "p256 should be <= webauthn");
        }

        /// Property: gas calculation monotonicity - more calldata means more gas (non-zero bytes)
        /// Non-zero bytes cost 16 gas each, so monotonicity holds for uniform non-zero calldata.
        #[test]
        fn proptest_gas_monotonicity_calldata_nonzero(
            calldata_len1 in 0usize..1000,
            calldata_len2 in 0usize..1000,
        ) {
            let gas1 = compute_aa_gas(&make_single_call_env(Bytes::from(vec![1u8; calldata_len1])));
            let gas2 = compute_aa_gas(&make_single_call_env(Bytes::from(vec![1u8; calldata_len2])));

            if calldata_len1 <= calldata_len2 {
                prop_assert!(gas1.initial_total_gas() <= gas2.initial_total_gas(),
                    "More calldata should mean more gas: len1={}, gas1={}, len2={}, gas2={}",
                    calldata_len1, gas1.initial_total_gas(), calldata_len2, gas2.initial_total_gas());
            } else {
                prop_assert!(gas1.initial_total_gas() >= gas2.initial_total_gas(),
                    "Less calldata should mean less gas: len1={}, gas1={}, len2={}, gas2={}",
                    calldata_len1, gas1.initial_total_gas(), calldata_len2, gas2.initial_total_gas());
            }
        }

        /// Property: gas calculation monotonicity - more calldata means more gas (zero bytes)
        /// Zero bytes cost 4 gas each, so monotonicity holds for uniform zero calldata.
        #[test]
        fn proptest_gas_monotonicity_calldata_zero(
            calldata_len1 in 0usize..1000,
            calldata_len2 in 0usize..1000,
        ) {
            let gas1 = compute_aa_gas(&make_single_call_env(Bytes::from(vec![0u8; calldata_len1])));
            let gas2 = compute_aa_gas(&make_single_call_env(Bytes::from(vec![0u8; calldata_len2])));

            if calldata_len1 <= calldata_len2 {
                prop_assert!(gas1.initial_total_gas() <= gas2.initial_total_gas(),
                    "More zero-byte calldata should mean more gas: len1={}, gas1={}, len2={}, gas2={}",
                    calldata_len1, gas1.initial_total_gas(), calldata_len2, gas2.initial_total_gas());
            } else {
                prop_assert!(gas1.initial_total_gas() >= gas2.initial_total_gas(),
                    "Less zero-byte calldata should mean less gas: len1={}, gas1={}, len2={}, gas2={}",
                    calldata_len1, gas1.initial_total_gas(), calldata_len2, gas2.initial_total_gas());
            }
        }

        /// Property: zero-byte calldata costs less gas than non-zero byte calldata of same length.
        /// Zero bytes cost 4 gas each, non-zero bytes cost 16 gas each.
        #[test]
        fn proptest_zero_bytes_cheaper_than_nonzero(calldata_len in 1usize..1000) {
            let zero_gas = compute_aa_gas(&make_single_call_env(Bytes::from(vec![0u8; calldata_len])));
            let nonzero_gas = compute_aa_gas(&make_single_call_env(Bytes::from(vec![1u8; calldata_len])));

            prop_assert!(zero_gas.initial_total_gas() < nonzero_gas.initial_total_gas(),
                "Zero-byte calldata should cost less: len={}, zero_gas={}, nonzero_gas={}",
                calldata_len, zero_gas.initial_total_gas(), nonzero_gas.initial_total_gas());
        }

        /// Property: mixed calldata gas is bounded by all-zero and all-nonzero extremes.
        /// Gas for mixed calldata should be between gas for all-zero and all-nonzero of same length.
        #[test]
        fn proptest_mixed_calldata_gas_bounded(
            calldata_len in 1usize..500,
            nonzero_ratio in 0u8..=100,
        ) {
            // Create mixed calldata where nonzero_ratio% of bytes are non-zero
            let calldata: Vec<u8> = (0..calldata_len)
                .map(|i| if (i * 100 / calldata_len) < nonzero_ratio as usize { 1u8 } else { 0u8 })
                .collect();

            let mixed_gas = compute_aa_gas(&make_single_call_env(Bytes::from(calldata)));
            let zero_gas = compute_aa_gas(&make_single_call_env(Bytes::from(vec![0u8; calldata_len])));
            let nonzero_gas = compute_aa_gas(&make_single_call_env(Bytes::from(vec![1u8; calldata_len])));

            prop_assert!(mixed_gas.initial_total_gas() >= zero_gas.initial_total_gas(),
                "Mixed calldata gas should be >= all-zero gas: mixed={}, zero={}",
                mixed_gas.initial_total_gas(), zero_gas.initial_total_gas());
            prop_assert!(mixed_gas.initial_total_gas() <= nonzero_gas.initial_total_gas(),
                "Mixed calldata gas should be <= all-nonzero gas: mixed={}, nonzero={}",
                mixed_gas.initial_total_gas(), nonzero_gas.initial_total_gas());
        }

        /// Property: gas calculation monotonicity - more calls means more gas
        #[test]
        fn proptest_gas_monotonicity_call_count(
            num_calls1 in 1usize..10,
            num_calls2 in 1usize..10,
        ) {
            let gas1 = compute_aa_gas(&make_multi_call_env(num_calls1));
            let gas2 = compute_aa_gas(&make_multi_call_env(num_calls2));

            if num_calls1 <= num_calls2 {
                prop_assert!(gas1.initial_total_gas() <= gas2.initial_total_gas(),
                    "More calls should mean more gas: calls1={}, gas1={}, calls2={}, gas2={}",
                    num_calls1, gas1.initial_total_gas(), num_calls2, gas2.initial_total_gas());
            } else {
                prop_assert!(gas1.initial_total_gas() >= gas2.initial_total_gas(),
                    "Fewer calls should mean less gas: calls1={}, gas1={}, calls2={}, gas2={}",
                    num_calls1, gas1.initial_total_gas(), num_calls2, gas2.initial_total_gas());
            }
        }

        /// Property: AA batch gas with Secp256k1 signature equals exactly 21k base + cold access
        ///
        /// For minimal AA transactions (Secp256k1 sig, no calldata, no access list):
        /// - Base: 21,000 (same base stipend as regular transactions)
        /// - Plus: COLD_ACCOUNT_ACCESS_COST per additional call beyond the first
        ///
        /// AA transactions use the same 21k base as regular transactions because
        /// Secp256k1 signature verification adds 0 extra gas. Other signature types
        /// (P256, WebAuthn) add 5,000+ gas beyond this base.
        #[test]
        fn proptest_gas_aa_secp256k1_exact_bounds(num_calls in 1usize..5) {
            let gas = compute_aa_gas(&make_multi_call_env(num_calls));

            // Expected exactly: 21k base + cold account access for each additional call
            let expected = 21_000 + COLD_ACCOUNT_ACCESS_COST * (num_calls.saturating_sub(1) as u64);
            prop_assert_eq!(gas.initial_total_gas(), expected,
                "Gas {} should equal expected {} for {} calls (21k + {}*COLD_ACCOUNT_ACCESS_COST)",
                gas.initial_total_gas(), expected, num_calls, num_calls.saturating_sub(1));
        }

        /// Property: first_call returns the first call for AA transactions with any number of calls
        #[test]
        fn proptest_first_call_returns_first_for_aa(num_calls in 1usize..10) {
            let calls: Vec<Call> = (0..num_calls)
                .map(|i| Call {
                    to: TxKind::Call(Address::with_last_byte(i as u8)),
                    value: U256::ZERO,
                    input: Bytes::from(vec![i as u8; i + 1]),
                })
                .collect();

            let expected_addr = Address::with_last_byte(0);
            let expected_input = vec![0u8; 1];

            let tx_env = TempoTxEnv {
                inner: revm::context::TxEnv::default(),
                tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                    aa_calls: calls,
                    signature: secp256k1_sig(),
                    signature_hash: B256::ZERO,
                    ..Default::default()
                })),
                ..Default::default()
            };

            let first = tx_env.first_call();
            prop_assert!(first.is_some(), "first_call should return Some for non-empty AA calls");

            let (kind, input) = first.unwrap();
            prop_assert_eq!(*kind, TxKind::Call(expected_addr), "Should return first call's address");
            prop_assert_eq!(input, expected_input.as_slice(), "Should return first call's input");
        }

        /// Property: first_call returns None for AA transaction with zero calls
        #[test]
        fn proptest_first_call_empty_aa(_dummy in 0u8..1) {
            let tx_env = TempoTxEnv {
                inner: revm::context::TxEnv::default(),
                tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                    aa_calls: vec![],
                    signature: secp256k1_sig(),
                    signature_hash: B256::ZERO,
                    ..Default::default()
                })),
                ..Default::default()
            };

            prop_assert!(tx_env.first_call().is_none(), "first_call should return None for empty AA calls");
        }

        /// Property: first_call returns inner tx data for non-AA transactions
        #[test]
        fn proptest_first_call_non_aa(calldata_len in 0usize..100) {
            let calldata = Bytes::from(vec![0xab_u8; calldata_len]);
            let target = Address::random();

            let tx_env = TempoTxEnv {
                inner: revm::context::TxEnv {
                    kind: TxKind::Call(target),
                    data: calldata.clone(),
                    ..Default::default()
                },
                tempo_tx_env: None,
                ..Default::default()
            };

            let first = tx_env.first_call();
            prop_assert!(first.is_some(), "first_call should return Some for non-AA tx");

            let (kind, input) = first.unwrap();
            prop_assert_eq!(*kind, TxKind::Call(target), "Should return inner tx kind");
            prop_assert_eq!(input, calldata.as_ref(), "Should return inner tx data");
        }

        /// Property: calculate_key_authorization_gas is monotonic in number of limits
        #[test]
        fn proptest_key_auth_gas_monotonic_limits(
            num_limits1 in 0usize..10,
            num_limits2 in 0usize..10,
        ) {
            use tempo_primitives::transaction::{
                SignatureType, SignedKeyAuthorization,
                key_authorization::KeyAuthorization,
                TokenLimit as PrimTokenLimit,
            };

            let make_key_auth = |num_limits: usize| -> SignedKeyAuthorization {
                let mut auth =
                    KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::ZERO);
                if num_limits > 0 {
                    auth = auth.with_limits((0..num_limits).map(|i| PrimTokenLimit {
                        token: Address::with_last_byte(i as u8),
                        limit: U256::from(1000),
                        period: 0,
                    }).collect());
                }
                auth.into_signed(PrimitiveSignature::Secp256k1(
                    alloy_primitives::Signature::test_signature(),
                ))
            };

            // Test both pre-T1B and T1B branches
            for (gas_params, spec) in [
                (GasParams::default(), tempo_chainspec::hardfork::TempoHardfork::default()),
                (crate::gas_params::tempo_gas_params(TempoHardfork::T1B), TempoHardfork::T1B),
            ] {
                let (gas1, _) = calculate_key_authorization_gas(&make_key_auth(num_limits1), &gas_params, spec);
                let (gas2, _) = calculate_key_authorization_gas(&make_key_auth(num_limits2), &gas_params, spec);

                if num_limits1 <= num_limits2 {
                    prop_assert!(gas1 <= gas2,
                        "{spec:?}: More limits should mean more gas: limits1={}, gas1={}, limits2={}, gas2={}",
                        num_limits1, gas1, num_limits2, gas2);
                } else {
                    prop_assert!(gas1 >= gas2,
                        "{spec:?}: Fewer limits should mean less gas: limits1={}, gas1={}, limits2={}, gas2={}",
                        num_limits1, gas1, num_limits2, gas2);
                }
            }
        }

        /// Property: calculate_key_authorization_gas minimum is KEY_AUTH_BASE_GAS + ECRECOVER_GAS
        #[test]
        fn proptest_key_auth_gas_minimum(
            sig_type in 0u8..3,
            num_limits in 0usize..5,
        ) {
            use tempo_primitives::transaction::{
                SignatureType, TokenLimit as PrimTokenLimit, key_authorization::KeyAuthorization,
            };

            let signature = match sig_type {
                0 => PrimitiveSignature::Secp256k1(alloy_primitives::Signature::test_signature()),
                1 => PrimitiveSignature::P256(P256SignatureWithPreHash {
                    r: B256::ZERO, s: B256::ZERO, pub_key_x: B256::ZERO, pub_key_y: B256::ZERO, pre_hash: false,
                }),
                _ => PrimitiveSignature::WebAuthn(WebAuthnSignature {
                    r: B256::ZERO, s: B256::ZERO, pub_key_x: B256::ZERO, pub_key_y: B256::ZERO,
                    webauthn_data: Bytes::new(),
                }),
            };

            let mut auth =
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, Address::ZERO);
            if num_limits > 0 {
                auth = auth.with_limits((0..num_limits).map(|i| PrimTokenLimit {
                    token: Address::with_last_byte(i as u8),
                    limit: U256::from(1000),
                    period: 0,
                }).collect());
            }
            let key_auth = auth.into_signed(signature);

            // Pre-T1B: minimum is KEY_AUTH_BASE_GAS + ECRECOVER_GAS
            let (gas, _) = calculate_key_authorization_gas(&key_auth, &GasParams::default(), tempo_chainspec::hardfork::TempoHardfork::default());
            let min_gas = KEY_AUTH_BASE_GAS + ECRECOVER_GAS;
            prop_assert!(gas >= min_gas,
                "Pre-T1B: Key auth gas should be at least {min_gas}, got {gas}");

            // T1B: minimum is ECRECOVER_GAS + sload + sstore (0 limits)
            let t1b_params = crate::gas_params::tempo_gas_params(TempoHardfork::T1B);
            let (gas_t1b, _) = calculate_key_authorization_gas(&key_auth, &t1b_params, TempoHardfork::T1B);
            let sstore = t1b_params.get(revm::context_interface::cfg::GasId::sstore_set_without_load_cost());
            let sload = t1b_params.warm_storage_read_cost() + t1b_params.cold_storage_additional_cost();
            let min_t1b = ECRECOVER_GAS + sload + sstore;
            prop_assert!(gas_t1b >= min_t1b,
                "T1B: Key auth gas should be at least {min_t1b}, got {gas_t1b}");
        }
    }

    /// Test that T1 hardfork correctly charges 250k gas for nonce == 0.
    ///
    /// This test validates [TIP-1000]'s requirement:
    /// "Tempo transactions with any `nonce_key` and `nonce == 0` require an additional 250,000 gas"
    ///
    /// The test proves the audit finding (claiming only 22,100 gas is charged) is a false positive
    /// by using delta-based assertions: gas(nonce=0) - gas(nonce>0) == new_account_cost.
    ///
    /// [TIP-1000]: <https://docs.tempo.xyz/protocol/tips/tip-1000>
    #[test]
    fn test_t1_2d_nonce_key_charges_250k_gas() {
        use crate::gas_params::tempo_gas_params;
        use revm::{context_interface::cfg::GasId, handler::Handler};

        // Deterministic test addresses
        const TEST_TARGET: Address = Address::new([0xAA; 20]);
        const TEST_NONCE_KEY: U256 = U256::from_limbs([42, 0, 0, 0]);
        const SPEC: TempoHardfork = TempoHardfork::T1;
        const NEW_NONCE_KEY_GAS: u64 = SPEC.gas_new_nonce_key();
        const EXISTING_NONCE_KEY_GAS: u64 = SPEC.gas_existing_nonce_key();

        // Create T1 config with TIP-1000 gas params
        let mut cfg = CfgEnv::<TempoHardfork>::default();
        cfg.spec = SPEC;
        cfg.gas_params = tempo_gas_params(TempoHardfork::T1);

        // Get the expected new_account_cost dynamically from gas params
        let new_account_cost = cfg.gas_params.get(GasId::new_account_cost());
        assert_eq!(
            new_account_cost, 250_000,
            "T1 gas params should have 250k new_account_cost"
        );

        // Helper to create EVM context for testing
        let make_evm = |cfg: CfgEnv<TempoHardfork>, nonce: u64, nonce_key: U256| {
            let journal = Journal::new(CacheDB::new(EmptyDB::default()));
            let ctx = Context::mainnet()
                .with_db(CacheDB::new(EmptyDB::default()))
                .with_block(TempoBlockEnv::default())
                .with_cfg(cfg)
                .with_tx(TempoTxEnv {
                    inner: revm::context::TxEnv {
                        gas_limit: 1_000_000,
                        nonce,
                        ..Default::default()
                    },
                    tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                        aa_calls: vec![Call {
                            to: TxKind::Call(TEST_TARGET),
                            value: U256::ZERO,
                            input: Bytes::new(),
                        }],
                        nonce_key,
                        ..Default::default()
                    })),
                    ..Default::default()
                })
                .with_new_journal(journal);
            TempoEvm::<_, ()>::new(ctx, ())
        };

        // Case 1: nonce == 0 with 2D nonce key -> should include new_account_cost
        let mut evm_nonce_zero = make_evm(cfg.clone(), 0, TEST_NONCE_KEY);
        let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();
        let gas_nonce_zero = handler
            .validate_initial_tx_gas(&mut evm_nonce_zero)
            .unwrap();

        // Case 2: nonce > 0 with same 2D nonce key -> should charge EXISTING_NONCE_KEY_GAS (5k)
        // This tests that existing 2D nonce keys are charged 5k gas per TIP-1000 Invariant 3
        let mut evm_nonce_five = make_evm(cfg.clone(), 5, TEST_NONCE_KEY);
        let gas_nonce_five = handler
            .validate_initial_tx_gas(&mut evm_nonce_five)
            .unwrap();

        // Delta-based assertion: the difference should be new_account_cost - EXISTING_NONCE_KEY_GAS
        // nonce=0 charges 250k (new account), nonce>0 charges 5k (existing key update)
        let gas_delta = gas_nonce_zero.initial_total_gas() - gas_nonce_five.initial_total_gas();
        let expected_delta = new_account_cost - EXISTING_NONCE_KEY_GAS;
        assert_eq!(
            gas_delta, expected_delta,
            "T1 gas difference between nonce=0 and nonce>0 should be {expected_delta} (new_account_cost - EXISTING_NONCE_KEY_GAS), got {gas_delta}"
        );

        // Verify it's NOT using the pre-T1 NEW_NONCE_KEY_GAS (22,100)
        assert_ne!(
            gas_delta, NEW_NONCE_KEY_GAS,
            "T1 should NOT use pre-T1 NEW_NONCE_KEY_GAS ({NEW_NONCE_KEY_GAS}) for nonce=0 transactions"
        );

        // Case 3: nonce == 0 with regular nonce (nonce_key=0) -> same +250k charge
        let mut evm_regular_nonce = make_evm(cfg, 0, U256::ZERO);
        let gas_regular = handler
            .validate_initial_tx_gas(&mut evm_regular_nonce)
            .unwrap();

        assert_eq!(
            gas_nonce_zero.initial_total_gas(),
            gas_regular.initial_total_gas(),
            "nonce=0 should charge the same regardless of nonce_key (2D vs regular)"
        );
    }

    /// Test that T1 hardfork correctly charges 5k gas for existing 2D nonce keys (nonce > 0).
    ///
    /// This test validates [TIP-1000] Invariant 3:
    /// "SSTORE operations that modify existing non-zero state (non-zero to non-zero)
    /// MUST continue to charge 5,000 gas"
    ///
    /// When using an existing 2D nonce key (nonce_key != 0 && nonce > 0), the nonce value
    /// transitions from N to N+1 (non-zero to non-zero), which must charge EXISTING_NONCE_KEY_GAS.
    ///
    /// [TIP-1000]: <https://docs.tempo.xyz/protocol/tips/tip-1000>
    #[test]
    fn test_t1_existing_2d_nonce_key_charges_5k_gas() {
        use crate::gas_params::tempo_gas_params;
        use revm::handler::Handler;

        const BASE_INTRINSIC_GAS: u64 = 21_000;
        const TEST_TARGET: Address = Address::new([0xBB; 20]);
        const TEST_NONCE_KEY: U256 = U256::from_limbs([99, 0, 0, 0]);
        const SPEC: TempoHardfork = TempoHardfork::T1;
        const EXISTING_NONCE_KEY_GAS: u64 = SPEC.gas_existing_nonce_key();

        let mut cfg = CfgEnv::<TempoHardfork>::default();
        cfg.spec = SPEC;
        cfg.gas_params = tempo_gas_params(TempoHardfork::T1);

        let make_evm = |cfg: CfgEnv<TempoHardfork>, nonce: u64, nonce_key: U256| {
            let journal = Journal::new(CacheDB::new(EmptyDB::default()));
            let ctx = Context::mainnet()
                .with_db(CacheDB::new(EmptyDB::default()))
                .with_block(TempoBlockEnv::default())
                .with_cfg(cfg)
                .with_tx(TempoTxEnv {
                    inner: revm::context::TxEnv {
                        gas_limit: 1_000_000,
                        nonce,
                        ..Default::default()
                    },
                    tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                        aa_calls: vec![Call {
                            to: TxKind::Call(TEST_TARGET),
                            value: U256::ZERO,
                            input: Bytes::new(),
                        }],
                        nonce_key,
                        ..Default::default()
                    })),
                    ..Default::default()
                })
                .with_new_journal(journal);
            TempoEvm::<_, ()>::new(ctx, ())
        };

        let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();

        // Case 1: Existing 2D nonce key (nonce > 0) should charge EXISTING_NONCE_KEY_GAS
        let mut evm_existing_key = make_evm(cfg.clone(), 5, TEST_NONCE_KEY);
        let gas_existing = handler
            .validate_initial_tx_gas(&mut evm_existing_key)
            .unwrap();

        assert_eq!(
            gas_existing.initial_total_gas(),
            BASE_INTRINSIC_GAS + EXISTING_NONCE_KEY_GAS,
            "T1 existing 2D nonce key (nonce>0) should charge BASE + EXISTING_NONCE_KEY_GAS ({EXISTING_NONCE_KEY_GAS})"
        );

        // Case 2: Regular nonce (nonce_key = 0) with nonce > 0 should NOT charge extra gas
        let mut evm_regular = make_evm(cfg, 5, U256::ZERO);
        let gas_regular = handler.validate_initial_tx_gas(&mut evm_regular).unwrap();

        assert_eq!(
            gas_regular.initial_total_gas(),
            BASE_INTRINSIC_GAS,
            "T1 regular nonce (nonce_key=0, nonce>0) should only charge BASE intrinsic gas"
        );

        // Verify the delta between 2D and regular nonce is exactly EXISTING_NONCE_KEY_GAS
        let gas_delta = gas_existing.initial_total_gas() - gas_regular.initial_total_gas();
        assert_eq!(
            gas_delta, EXISTING_NONCE_KEY_GAS,
            "Difference between existing 2D nonce and regular nonce should be EXISTING_NONCE_KEY_GAS ({EXISTING_NONCE_KEY_GAS})"
        );
    }

    mod keychain {
        use super::*;
        use alloy_signer::SignerSync;
        use alloy_signer_local::PrivateKeySigner;
        use tempo_precompiles::ACCOUNT_KEYCHAIN_ADDRESS;
        use tempo_primitives::transaction::{
            KeychainSignature, KeychainVersion, SignatureType,
            key_authorization::{KeyAuthorization, TokenLimit as PrimTokenLimit},
        };

        fn generate_keypair() -> (PrivateKeySigner, Address) {
            let signer = PrivateKeySigner::random();
            let addr = signer.address();
            (signer, addr)
        }

        fn sign_key_auth(
            signer: &PrivateKeySigner,
            key_auth: KeyAuthorization,
        ) -> tempo_primitives::transaction::SignedKeyAuthorization {
            let sig = signer
                .sign_hash_sync(&key_auth.signature_hash())
                .expect("signing failed");
            key_auth.into_signed(PrimitiveSignature::Secp256k1(sig))
        }

        fn test_sig() -> PrimitiveSignature {
            PrimitiveSignature::Secp256k1(alloy_primitives::Signature::test_signature())
        }

        /// Build EVM + handler with a keychain-signature AA tx.
        ///
        /// - `signature`: outer keychain signature; when `None` a default V2
        ///   keychain sig for `user` is used.
        /// - `seed_key`: when `true` the access key is pre-authorized in
        ///   keychain storage (existing-key path).
        fn make_evm(
            user: Address,
            access_key: Address,
            key_auth: Option<tempo_primitives::transaction::SignedKeyAuthorization>,
            spec: TempoHardfork,
            signature: Option<TempoSignature>,
            seed_key: bool,
        ) -> (
            TempoEvm<CacheDB<EmptyDB>, ()>,
            TempoEvmHandler<CacheDB<EmptyDB>, ()>,
        ) {
            let sig = signature.unwrap_or_else(|| {
                TempoSignature::Keychain(KeychainSignature::new(user, test_sig()))
            });
            let mut cfg = CfgEnv::<TempoHardfork>::default();
            cfg.spec = spec;

            let tx = TempoTxEnv {
                inner: revm::context::TxEnv {
                    caller: user,
                    gas_limit: 1_000_000,
                    kind: TxKind::Call(Address::ZERO),
                    ..Default::default()
                },
                fee_token: Some(DEFAULT_FEE_TOKEN),
                tempo_tx_env: Some(Box::new(TempoBatchCallEnv {
                    signature: sig,
                    aa_calls: vec![Call {
                        to: TxKind::Call(Address::ZERO),
                        value: U256::ZERO,
                        input: Bytes::new(),
                    }],
                    key_authorization: key_auth,
                    signature_hash: B256::ZERO,
                    override_key_id: Some(access_key),
                    ..Default::default()
                })),
                ..Default::default()
            };

            let ctx = Context::mainnet()
                .with_db(CacheDB::new(EmptyDB::default()))
                .with_block(TempoBlockEnv::default())
                .with_cfg(cfg)
                .with_tx(tx)
                .with_new_journal(create_test_journal());

            let mut evm: TempoEvm<_, ()> = TempoEvm::new(ctx, ());

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let mut kc = AccountKeychain::new();
                kc.initialize().unwrap();
                kc.set_transaction_key(Address::ZERO).unwrap();
                kc.set_tx_origin(user).unwrap();
                if seed_key {
                    kc.authorize_key(
                        user,
                        access_key,
                        PrecompileSignatureType::Secp256k1,
                        KeyRestrictions {
                            expiry: u64::MAX,
                            enforceLimits: false,
                            limits: vec![],
                            allowAnyCalls: true,
                            allowedCalls: vec![],
                        },
                        None,
                    )
                    .unwrap();
                }
            });

            (evm, TempoEvmHandler::new())
        }

        #[test]
        fn test_key_authorization_invalid_signature_rejected() {
            let (_, user) = generate_keypair();
            let key = Address::random();
            let (bad_signer, _) = generate_keypair();

            let signed = sign_key_auth(
                &bad_signer,
                KeyAuthorization::unrestricted(1337, SignatureType::Secp256k1, key),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T2, None, true);

            assert!(matches!(
                h.validate_env(&mut evm),
                Err(EVMError::Transaction(
                    TempoInvalidTransaction::KeyAuthorizationNotSignedByRoot { .. }
                ))
            ));
        }

        #[test]
        fn test_key_authorization_mismatched_key_id_rejected() {
            let (signer, user) = generate_keypair();
            let wrong_key = Address::random();
            let tx_key = Address::random();

            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1337, SignatureType::Secp256k1, wrong_key),
            );
            let (mut evm, h) = make_evm(user, tx_key, Some(signed), TempoHardfork::T2, None, true);

            assert!(matches!(
                h.validate_env(&mut evm),
                Err(EVMError::Transaction(
                    TempoInvalidTransaction::AccessKeyCannotAuthorizeOtherKeys
                ))
            ));
        }

        #[test]
        fn test_key_authorization_chain_id_wildcard() {
            for spec in [TempoHardfork::T1B, TempoHardfork::T2] {
                let (signer, user) = generate_keypair();
                let key = Address::random();
                let signed = sign_key_auth(
                    &signer,
                    KeyAuthorization::unrestricted(0, SignatureType::Secp256k1, key),
                );
                let (mut evm, h) = make_evm(user, key, Some(signed), spec, None, false);

                if !spec.is_t1c()
                    && let Some(aa_env) = evm.tx.tempo_tx_env.as_mut()
                    && let TempoSignature::Keychain(keychain_sig) = &mut aa_env.signature
                {
                    // Overwrite the signature version pre-T1C to bypass the version check.
                    keychain_sig.version = KeychainVersion::V1;
                }
                let result = h.validate_env(&mut evm);
                if !spec.is_t1c() {
                    assert!(
                        result.is_ok(),
                        "{spec:?}: chain_id=0 wildcard should be accepted pre-T1C, got: {result:?}"
                    );
                } else {
                    assert!(
                        result.is_err(),
                        "{spec:?}: chain_id=0 wildcard should be rejected post-T1C, got: {result:?}"
                    );
                }
            }
        }

        #[test]
        fn test_key_authorization_chain_id_wrong_and_matching() {
            // Both pre-T1C and post-T1C: wrong chain_id rejected, matching accepted.
            for spec in [TempoHardfork::T1B, TempoHardfork::T2] {
                // Wrong chain_id → rejected
                let (signer, user) = generate_keypair();
                let key = Address::random();
                let signed = sign_key_auth(
                    &signer,
                    KeyAuthorization::unrestricted(99999, SignatureType::Secp256k1, key),
                );
                let (mut evm, h) = make_evm(user, key, Some(signed), spec, None, true);
                assert!(
                    h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default())
                        .is_err(),
                    "{spec:?}: wrong chain_id should be rejected"
                );

                // Matching chain_id (1 = default CfgEnv) → accepted
                let (signer, user) = generate_keypair();
                let key = Address::random();
                let signed = sign_key_auth(
                    &signer,
                    KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key),
                );
                let (mut evm, h) = make_evm(user, key, Some(signed), spec, None, true);
                let result =
                    h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
                assert!(
                    !matches!(&result, Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason })) if reason.contains("chain_id")),
                    "{spec:?}: matching chain_id should be accepted, got: {result:?}"
                );
            }
        }

        #[test]
        fn test_key_authorization_expiry_cached_for_pool_maintenance() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let expiry = u64::MAX - 1;

            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key)
                    .with_expiry(expiry),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T2, None, false);

            let _ = h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert_eq!(evm.key_expiry, Some(expiry));
        }

        #[test]
        fn test_key_authorization_witness_rejected_before_t5() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key)
                    .with_witness(B256::repeat_byte(0x53)),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T4, None, false);

            let result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("before T5")
                ),
                "witness-bearing key authorization should be rejected before T5, got: {result:?}"
            );
        }

        #[test]
        fn test_t5_key_authorization_witness_is_not_burned_in_state() {
            use tempo_precompiles::account_keychain::isKeyAuthorizationWitnessBurnedCall;

            let (signer, user) = generate_keypair();
            let key = Address::random();
            let witness = B256::repeat_byte(0x54);
            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key)
                    .with_witness(witness),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T5, None, false);

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                result.is_ok(),
                "T5 witness authorization should pass: {result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let keychain = AccountKeychain::new();
                assert!(
                    !keychain
                        .is_key_authorization_witness_burned(isKeyAuthorizationWitnessBurnedCall {
                            account: user,
                            witness,
                        })
                        .expect("witness read succeeds"),
                    "T5 key authorization must not burn its witness"
                );
            });
        }

        #[test]
        fn test_t6_admin_key_authorization_fields_rejected_before_t6() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key).into_admin(user),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T5, None, false);

            let result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("not active before T6")
                ),
                "admin key authorization fields should be rejected before T6, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_admin_key_authorization_rejects_account_mismatch() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let wrong_account = Address::random();
            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key)
                    .into_admin(wrong_account),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T6, None, false);

            let result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("account mismatch")
                ),
                "admin key authorization should be bound to tx.caller, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_root_admin_key_authorization_allows_omitted_account() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let mut key_auth = KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key);
            key_auth.is_admin = true;
            assert_eq!(key_auth.account, None);

            let signed = sign_key_auth(&signer, key_auth);
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T6, None, false);

            let env_result = h.validate_env(&mut evm);
            assert!(
                env_result.is_ok(),
                "root-signed admin key authorization should pass stateless validation, got: {env_result:?}"
            );

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                result.is_ok(),
                "root-signed admin key authorization should not require account, got: {result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let keychain = AccountKeychain::new();
                assert!(
                    keychain
                        .is_admin_key(user, key)
                        .expect("admin key status read succeeds"),
                    "root-signed admin key should be registered as admin"
                );
            });
        }

        #[test]
        fn test_t6_root_signed_key_authorization_rejects_admin_keychain_submission() {
            let (root_signer, user) = generate_keypair();
            let (_, admin_key) = generate_keypair();
            let child_key = Address::random();
            let signed = sign_key_auth(
                &root_signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, child_key),
            );
            let (mut evm, h) = make_evm(
                user,
                admin_key,
                Some(signed),
                TempoHardfork::T6,
                None,
                false,
            );

            let env_result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &env_result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("root transaction signature")
                ),
                "root-signed key authorization should require a root transaction signature, got: {env_result:?}"
            );
        }

        #[test]
        fn test_t6_root_key_authorization_rejects_account_mismatch() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let wrong_account = Address::random();
            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key)
                    .with_account(wrong_account),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T6, None, false);

            let result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("key authorization account mismatch")
                ),
                "root-signed key authorization should be bound to tx.caller, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_admin_key_authorization_rejects_restrictions() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key)
                    .with_expiry(u64::MAX)
                    .into_admin(user),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T6, None, false);

            let result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("cannot carry expiry")
                ),
                "admin key authorization should reject restrictions, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_admin_access_key_can_authorize_different_admin_key() {
            let (admin_signer, admin_key) = generate_keypair();
            let user = Address::random();
            let child_key = Address::random();
            let signed = sign_key_auth(
                &admin_signer,
                KeyAuthorization::unrestricted(1, SignatureType::WebAuthn, child_key)
                    .into_admin(user),
            );
            let (mut evm, h) = make_evm(
                user,
                admin_key,
                Some(signed),
                TempoHardfork::T6,
                None,
                false,
            );

            let env_result = h.validate_env(&mut evm);
            assert!(
                env_result.is_ok(),
                "admin access key authorization should pass stateless validation, got: {env_result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let mut keychain = AccountKeychain::new();
                keychain
                    .authorize_admin_key(user, admin_key, PrecompileSignatureType::Secp256k1, None)
                    .expect("root authorizes admin key");
            });

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                result.is_ok(),
                "admin access key should authorize a different admin key, got: {result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let keychain = AccountKeychain::new();
                assert!(
                    keychain
                        .is_admin_key(user, child_key)
                        .expect("admin key status read succeeds"),
                    "child key should be registered as admin"
                );
            });
        }

        #[test]
        fn test_t6_admin_key_authorization_rejects_different_transaction_admin_key() {
            let (authorization_signer, authorization_admin_key) = generate_keypair();
            let (_, tx_admin_key) = generate_keypair();
            let user = Address::random();
            let child_key = Address::random();
            let signed = sign_key_auth(
                &authorization_signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, child_key)
                    .with_account(user),
            );
            let (mut evm, h) = make_evm(
                user,
                tx_admin_key,
                Some(signed),
                TempoHardfork::T6,
                None,
                false,
            );

            let result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("must be signed by transaction key")
                ),
                "admin-signed key authorization must use the transaction admin key; auth signer {authorization_admin_key}, tx signer {tx_admin_key}, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_admin_access_key_non_admin_authorization_requires_account_binding() {
            let (admin_signer, admin_key) = generate_keypair();
            let user = Address::random();
            let child_key = Address::random();
            let signed = sign_key_auth(
                &admin_signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, child_key),
            );
            let (mut evm, h) = make_evm(
                user,
                admin_key,
                Some(signed),
                TempoHardfork::T6,
                None,
                false,
            );

            let result = h.validate_env(&mut evm);
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("admin-signed key authorization account mismatch")
                ),
                "admin-signed non-admin authorization without account binding should fail in validate_env, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_admin_key_authorization_rejects_admin_signature_type_mismatch() {
            let (admin_signer, admin_key) = generate_keypair();
            let user = Address::random();
            let child_key = Address::random();
            let signed = sign_key_auth(
                &admin_signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, child_key)
                    .with_account(user),
            );
            let (mut evm, h) = make_evm(
                user,
                admin_key,
                Some(signed),
                TempoHardfork::T6,
                None,
                false,
            );

            let env_result = h.validate_env(&mut evm);
            assert!(
                env_result.is_ok(),
                "admin-signed key authorization should pass stateless validation, got: {env_result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let mut keychain = AccountKeychain::new();
                keychain
                    .authorize_admin_key(user, admin_key, PrecompileSignatureType::WebAuthn, None)
                    .expect("root authorizes WebAuthn admin key");
            });

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("SignatureTypeMismatch")
                ),
                "admin-signed key authorization should reject sidecar signature type mismatch, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_admin_access_key_non_admin_authorization_rejects_account_replay() {
            use tempo_precompiles::account_keychain::getKeyCall;

            let (admin_signer, admin_key) = generate_keypair();
            let alice = Address::random();
            let bob = Address::random();
            let child_key = Address::random();
            let signed = sign_key_auth(
                &admin_signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, child_key)
                    .with_account(alice),
            );

            let (mut alice_evm, alice_handler) = make_evm(
                alice,
                admin_key,
                Some(signed.clone()),
                TempoHardfork::T6,
                None,
                false,
            );
            let alice_env_result = alice_handler.validate_env(&mut alice_evm);
            assert!(
                alice_env_result.is_ok(),
                "account-bound authorization should pass Alice stateless validation, got: {alice_env_result:?}"
            );

            StorageCtx::enter_ctx(&mut alice_evm.inner.ctx, StorageActions::disabled(), || {
                let mut keychain = AccountKeychain::new();
                keychain
                    .authorize_admin_key(alice, admin_key, PrecompileSignatureType::Secp256k1, None)
                    .expect("root authorizes Alice admin key");
            });

            let alice_result = alice_handler
                .validate_against_state_and_deduct_caller(&mut alice_evm, &mut Default::default());
            assert!(
                alice_result.is_ok(),
                "account-bound admin-signed non-admin authorization should pass for Alice, got: {alice_result:?}"
            );
            StorageCtx::enter_ctx(&mut alice_evm.inner.ctx, StorageActions::disabled(), || {
                let keychain = AccountKeychain::new();
                let key = keychain
                    .get_key(getKeyCall {
                        account: alice,
                        keyId: child_key,
                    })
                    .expect("child key read succeeds");
                assert_eq!(key.keyId, child_key, "child key should be registered");
                assert!(
                    !keychain
                        .is_admin_key(alice, child_key)
                        .expect("admin key status read succeeds"),
                    "child key should not be admin"
                );
            });

            let (mut bob_evm, bob_handler) =
                make_evm(bob, admin_key, Some(signed), TempoHardfork::T6, None, false);

            let bob_result = bob_handler.validate_env(&mut bob_evm);
            assert!(
                matches!(
                    &bob_result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::KeychainValidationFailed { reason }))
                        if reason.contains("key authorization account mismatch")
                ),
                "Alice-bound authorization should not replay for Bob, got: {bob_result:?}"
            );
        }

        #[test]
        fn test_t6_admin_delegation_does_not_apply_child_fee_limit() {
            let (admin_signer, admin_key) = generate_keypair();
            let user = Address::random();
            let child_key = Address::random();
            let gas_limit = 100_000;
            let fee = U256::from(gas_limit);
            let child_spending_limit = fee - U256::ONE;

            let signed = sign_key_auth(
                &admin_signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, child_key)
                    .with_limits(vec![PrimTokenLimit {
                        token: DEFAULT_FEE_TOKEN,
                        limit: child_spending_limit,
                        period: 60,
                    }])
                    .with_account(user),
            );
            let (mut evm, h) = make_evm(
                user,
                admin_key,
                Some(signed),
                TempoHardfork::T6,
                None,
                false,
            );
            evm.inner.ctx.tx.inner.gas_limit = gas_limit;
            evm.inner.ctx.tx.inner.gas_price = 1_000_000_000_000;
            evm.inner.ctx.tx.inner.gas_priority_fee = Some(1_000_000_000_000);

            let env_result = h.validate_env(&mut evm);
            assert!(
                env_result.is_ok(),
                "admin delegation should pass stateless validation, got: {env_result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                TIP20Setup::path_usd(user)
                    .with_issuer(user)
                    .with_mint(user, fee * U256::from(2))
                    .apply()
                    .expect("pathUSD setup succeeds");

                let mut keychain = AccountKeychain::new();
                keychain
                    .authorize_admin_key(user, admin_key, PrecompileSignatureType::Secp256k1, None)
                    .expect("root authorizes admin key");
            });

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                result.is_ok(),
                "admin delegation should not precharge fees against child key limits, got: {result:?}"
            );
        }

        #[test]
        fn test_t6_admin_delegation_preserves_admin_transaction_key() {
            use tempo_precompiles::account_keychain::getTransactionKeyCall;

            let (admin_signer, admin_key) = generate_keypair();
            let user = Address::random();
            let child_key = Address::random();
            let signed = sign_key_auth(
                &admin_signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, child_key)
                    .with_account(user),
            );
            let (mut evm, h) = make_evm(
                user,
                admin_key,
                Some(signed),
                TempoHardfork::T6,
                None,
                false,
            );

            let env_result = h.validate_env(&mut evm);
            assert!(
                env_result.is_ok(),
                "admin delegation should pass stateless validation, got: {env_result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let mut keychain = AccountKeychain::new();
                keychain
                    .authorize_admin_key(user, admin_key, PrecompileSignatureType::Secp256k1, None)
                    .expect("root authorizes admin key");
            });

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                result.is_ok(),
                "admin delegation should pass, got: {result:?}"
            );

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                let keychain = AccountKeychain::new();
                let transaction_key = keychain
                    .get_transaction_key(getTransactionKeyCall {}, user)
                    .expect("transaction key read succeeds");
                assert_eq!(
                    transaction_key, admin_key,
                    "admin delegation must preserve the signer key as transaction key"
                );
            });
        }

        #[test]
        fn test_keychain_signature_with_valid_authorized_key() {
            let (mut evm, h) = make_evm(
                Address::repeat_byte(0x11),
                Address::repeat_byte(0x22),
                None,
                TempoHardfork::T2,
                None,
                true,
            );

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                !matches!(
                    result,
                    Err(EVMError::Transaction(
                        TempoInvalidTransaction::KeychainValidationFailed { .. }
                    ))
                ),
                "Valid authorized key should pass, got: {result:?}"
            );
        }

        #[test]
        fn test_keychain_version_rejection() {
            let caller = Address::random();

            // V1 (legacy) rejected post-T1C
            let v1 = TempoSignature::Keychain(KeychainSignature::new_v1(caller, test_sig()));
            let (mut evm, h) = make_evm(
                caller,
                Address::ZERO,
                None,
                TempoHardfork::T2,
                Some(v1),
                false,
            );
            assert!(matches!(
                h.validate_env(&mut evm),
                Err(EVMError::Transaction(
                    TempoInvalidTransaction::LegacyKeychainSignature
                ))
            ));

            // V2 rejected pre-T1C
            let v2 = TempoSignature::Keychain(KeychainSignature::new(caller, test_sig()));
            let (mut evm, h) = make_evm(
                caller,
                Address::ZERO,
                None,
                TempoHardfork::T1B,
                Some(v2),
                false,
            );
            assert!(matches!(
                h.validate_env(&mut evm),
                Err(EVMError::Transaction(
                    TempoInvalidTransaction::V2KeychainBeforeActivation
                ))
            ));
        }

        #[test]
        fn test_key_authorization_without_existing_key_passes() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T2, None, false);

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());
            assert!(
                !matches!(
                    result,
                    Err(EVMError::Transaction(
                        TempoInvalidTransaction::KeychainValidationFailed { .. }
                            | TempoInvalidTransaction::AccessKeyCannotAuthorizeOtherKeys
                            | TempoInvalidTransaction::KeyAuthorizationNotSignedByRoot { .. }
                            | TempoInvalidTransaction::KeychainPrecompileError { .. }
                    ))
                ),
                "Same-tx auth+use should pass when key does not exist, got: {result:?}"
            );
        }

        #[test]
        fn test_same_tx_key_authorization_rejects_fee_above_new_limit_before_auth() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let gas_limit = 100_000;
            let fee = U256::from(gas_limit);
            let spending_limit = fee - U256::ONE;

            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key).with_limits(vec![
                    PrimTokenLimit {
                        token: DEFAULT_FEE_TOKEN,
                        limit: spending_limit,
                        period: 60,
                    },
                ]),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T3, None, false);
            evm.inner.ctx.tx.inner.gas_limit = gas_limit;
            evm.inner.ctx.tx.inner.gas_price = 1_000_000_000_000;
            evm.inner.ctx.tx.inner.gas_priority_fee = Some(1_000_000_000_000);

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                TIP20Setup::path_usd(user)
                    .with_issuer(user)
                    .with_mint(user, fee * U256::from(2))
                    .apply()
                    .expect("pathUSD setup succeeds");
            });

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());

            assert!(
                matches!(
                    &result,
                    Err(EVMError::Transaction(TempoInvalidTransaction::CollectFeePreTx(
                        FeePaymentError::Other(reason)
                    ))) if reason.contains("SpendingLimitExceeded")
                ),
                "same-tx auth+use should reject fee above the new key limit before auth, got: {result:?}"
            );
            assert_eq!(evm.collected_fee, U256::ZERO);
            assert!(
                evm.inner
                    .ctx
                    .journaled_state
                    .inner
                    .logs
                    .iter()
                    .all(|log| log.address != ACCOUNT_KEYCHAIN_ADDRESS),
                "fee-limit rejection must happen before key authorization emits events"
            );
        }

        #[test]
        fn test_stale_collected_fee_not_charged_to_zero_fee_same_tx_auth_use() {
            let (signer, user) = generate_keypair();
            let key = Address::random();
            let stale_fee = U256::from(100_000);
            let spending_limit = stale_fee - U256::ONE;

            let signed = sign_key_auth(
                &signer,
                KeyAuthorization::unrestricted(1, SignatureType::Secp256k1, key).with_limits(vec![
                    PrimTokenLimit {
                        token: DEFAULT_FEE_TOKEN,
                        limit: spending_limit,
                        period: 60,
                    },
                ]),
            );
            let (mut evm, h) = make_evm(user, key, Some(signed), TempoHardfork::T3, None, false);
            evm.collected_fee = stale_fee;
            evm.inner.ctx.tx.inner.gas_limit = 100_000;
            evm.inner.ctx.tx.inner.gas_price = 0;
            evm.inner.ctx.tx.inner.gas_priority_fee = Some(0);

            StorageCtx::enter_ctx(&mut evm.inner.ctx, StorageActions::disabled(), || {
                TIP20Setup::path_usd(user)
                    .with_issuer(user)
                    .with_mint(user, stale_fee * U256::from(2))
                    .apply()
                    .expect("pathUSD setup succeeds");
            });

            h.validate_env(&mut evm)
                .expect("zero-fee same-tx auth/use env validation should pass");
            assert_eq!(evm.collected_fee, U256::ZERO);

            let result =
                h.validate_against_state_and_deduct_caller(&mut evm, &mut Default::default());

            assert!(
                result.is_ok(),
                "zero-fee same-tx auth/use must not charge stale fee, got: {result:?}"
            );
            assert_eq!(evm.collected_fee, U256::ZERO);
        }
    }

    /// TIP-1016: Standard CREATE tx should populate initial_state_gas with
    /// create_state_gas when state gas is enabled (T4+).
    /// Note: new_account_state_gas for the caller (nonce==0 with 2D nonce) is added
    /// later in validate_against_state_and_deduct_caller, not in upstream initial_tx_gas.
    #[test]
    fn test_state_gas_standard_create_tx_populates_initial_state_gas() {
        // TIP-1016 is opt-in via amsterdam_eip8037; manually enable for this test.
        let gas_params =
            crate::gas_params::tempo_gas_params_with_amsterdam(TempoHardfork::T4, true);
        let initcode = Bytes::from(vec![0x60, 0x80]);

        let init_gas = gas_params.initial_tx_gas(
            &initcode, true, // is_create
            0, 0, 0,
        );

        let expected_state_gas = gas_params.create_state_gas();

        assert!(
            expected_state_gas > 0,
            "State gas constants should be non-zero"
        );
        assert_eq!(
            init_gas.initial_state_gas,
            expected_state_gas,
            "CREATE tx should have initial_state_gas = create_state_gas ({})",
            gas_params.create_state_gas()
        );
    }

    /// TIP-1016: Standard CALL tx should have zero initial_state_gas.
    #[test]
    fn test_state_gas_standard_call_tx_zero_initial_state_gas() {
        let gas_params = tempo_gas_params(TempoHardfork::T4);
        let calldata = Bytes::from(vec![1, 2, 3]);

        let init_gas = gas_params.initial_tx_gas(
            &calldata, false, // not create
            0, 0, 0,
        );

        assert_eq!(
            init_gas.initial_state_gas, 0,
            "CALL tx should have zero initial_state_gas"
        );
    }

    /// TIP-1016: AA CREATE tx should populate initial_state_gas.
    #[test]
    fn test_state_gas_aa_create_tx_populates_initial_state_gas() {
        let gas_params = tempo_gas_params(TempoHardfork::T4);
        let initcode = Bytes::from(vec![0x60, 0x80]);

        let call = Call {
            to: TxKind::Create,
            value: U256::ZERO,
            input: initcode,
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T4,
        )
        .unwrap();

        let expected_state_gas = gas_params.create_state_gas();

        assert_eq!(
            gas.initial_state_gas, expected_state_gas,
            "AA CREATE tx should have initial_state_gas = create_state_gas"
        );
    }

    /// TIP-1016: AA CALL tx should have zero initial_state_gas.
    #[test]
    fn test_state_gas_aa_call_tx_zero_initial_state_gas() {
        let gas_params = tempo_gas_params(TempoHardfork::T4);
        let calldata = Bytes::from(vec![1, 2, 3]);

        let call = Call {
            to: TxKind::Call(Address::random()),
            value: U256::ZERO,
            input: calldata,
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T4,
        )
        .unwrap();

        assert_eq!(
            gas.initial_state_gas, 0,
            "AA CALL tx should have zero initial_state_gas"
        );
    }

    /// TIP-1016: validate_initial_tx_gas for standard CREATE tx should set
    /// initial_state_gas when T4 is active and state gas is enabled.
    #[test]
    fn test_state_gas_validate_initial_tx_gas_create_t4() {
        let initcode = Bytes::from(vec![0x60, 0x80]);
        let mut test = TestHandlerEvm::tx(TempoHardfork::T4, |tx_env| {
            tx_env.inner.gas_limit = 60_000_000;
            tx_env.inner.kind = TxKind::Create;
            tx_env.inner.data = initcode;
        });
        let init_gas = test.validate_initial_tx_gas();

        // create_state_gas (from upstream initial_tx_gas for CREATE) +
        // new_account_state_gas (from Tempo's nonce==0 check for the caller)
        let expected_state_gas =
            test.gas_params().create_state_gas() + test.gas_params().new_account_state_gas();

        assert_eq!(
            init_gas.initial_state_gas, expected_state_gas,
            "T4 CREATE tx with nonce==0 should have create_state_gas + new_account_state_gas"
        );
    }

    /// TIP-1016: When enable_amsterdam_eip8037 is true, tx gas limit can exceed the cap
    /// (upstream revm validation skips the cap check).
    #[test]
    fn test_state_gas_tx_gas_limit_above_cap_allowed() {
        let calldata = Bytes::from(vec![1, 2, 3]);

        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                gas_limit: 60_000_000,
                kind: TxKind::Call(Address::random()),
                data: calldata,
                ..Default::default()
            },
            ..Default::default()
        };

        // TIP-1016 is opt-in via amsterdam_eip8037; manually enable for this test.
        let mut test = TestHandlerEvm::with_cfg(TempoHardfork::T4, tx_env, |cfg| {
            cfg.tx_gas_limit_cap = Some(30_000_000);
            cfg.enable_amsterdam_eip8037 = true;
            cfg.gas_params =
                crate::gas_params::tempo_gas_params_with_amsterdam(TempoHardfork::T4, true);
        });

        // validate_env should pass even though gas_limit > cap
        let result = test.validate_env();
        assert!(
            result.is_ok(),
            "With enable_amsterdam_eip8037=true, tx gas limit above cap should be allowed, got: {:?}",
            result.err()
        );
    }

    /// TIP-1016: When enable_amsterdam_eip8037 is false (pre-T4), tx gas limit above cap is rejected.
    #[test]
    fn test_state_gas_tx_gas_limit_above_cap_rejected_pre_t4() {
        let calldata = Bytes::from(vec![1, 2, 3]);

        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                gas_limit: 60_000_000, // Double the cap
                kind: TxKind::Call(Address::random()),
                data: calldata,
                ..Default::default()
            },
            ..Default::default()
        };

        let mut test = TestHandlerEvm::with_cfg(TempoHardfork::T1, tx_env, |cfg| {
            cfg.tx_gas_limit_cap = Some(30_000_000);
        });

        // validate_env should reject: gas_limit > cap with state gas disabled
        let result = test.validate_env();
        assert!(
            result.is_err(),
            "With enable_amsterdam_eip8037=false, tx gas limit above cap should be rejected"
        );
    }

    /// TIP-1016 regression: subblock fee-payment halt must not exceed the gas cap.
    #[test]
    fn test_subblock_fee_payment_halt_clamps_to_gas_cap_t4() {
        const CAP: u64 = 30_000_000;
        const TX_GAS_LIMIT: u64 = 60_000_000;

        let aa_env = TempoBatchCallEnv {
            subblock_transaction: true,
            ..Default::default()
        };
        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                gas_limit: TX_GAS_LIMIT,
                kind: TxKind::Call(Address::random()),
                ..Default::default()
            },
            tempo_tx_env: Some(Box::new(aa_env)),
            ..Default::default()
        };

        let mut test = TestHandlerEvm::with_cfg(TempoHardfork::T4, tx_env, |cfg| {
            cfg.tx_gas_limit_cap = Some(CAP);
            cfg.enable_amsterdam_eip8037 = true;
            cfg.gas_params =
                crate::gas_params::tempo_gas_params_with_amsterdam(TempoHardfork::T4, true);
        });

        // Sanity: T4 must actually have the cap-skip enabled so tx_gas_limit > cap is legal.
        assert!(
            test.cfg().enable_amsterdam_eip8037,
            "T4 must enable enable_amsterdam_eip8037 for this regression to apply"
        );

        let err = EVMError::Transaction(TempoInvalidTransaction::EthInvalidTransaction(
            InvalidTransaction::LackOfFundForMaxFee {
                fee: Box::new(U256::ZERO),
                balance: Box::new(U256::ZERO),
            },
        ));

        let result = test
            .handler
            .catch_error(&mut test.evm, err)
            .expect("subblock fee-payment failure must be converted to a halt, not a hard error");

        match result {
            ExecutionResult::Halt { reason, gas, .. } => {
                assert!(
                    matches!(reason, TempoHaltReason::SubblockTxFeePayment),
                    "expected SubblockTxFeePayment halt, got {reason:?}"
                );
                assert_eq!(
                    gas.total_gas_spent(),
                    CAP,
                    "regular gas charged on subblock fee-payment halt must be clamped to \
                     tx_gas_limit_cap (got {} for tx.gas_limit={} cap={})",
                    gas.total_gas_spent(),
                    TX_GAS_LIMIT,
                    CAP,
                );
                assert_eq!(
                    gas.state_gas_spent_final(),
                    0,
                    "halt reports zero state gas"
                );
            }
            other => panic!("expected ExecutionResult::Halt, got {other:?}"),
        }
    }

    #[test]
    fn test_subblock_paused_fee_token_halts_as_fee_payment_failure() {
        let aa_env = TempoBatchCallEnv {
            subblock_transaction: true,
            ..Default::default()
        };
        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                gas_limit: 100_000,
                kind: TxKind::Call(Address::random()),
                ..Default::default()
            },
            tempo_tx_env: Some(Box::new(aa_env)),
            ..Default::default()
        };

        let mut test = TestHandlerEvm::with_cfg(TempoHardfork::T4, tx_env, |cfg| {
            cfg.tx_gas_limit_cap = Some(30_000_000);
            cfg.enable_amsterdam_eip8037 = true;
            cfg.gas_params =
                crate::gas_params::tempo_gas_params_with_amsterdam(TempoHardfork::T4, true);
        });

        let err = EVMError::Transaction(TempoInvalidTransaction::FeeTokenPaused {
            address: PATH_USD_ADDRESS,
        });

        let result = test
            .handler
            .catch_error(&mut test.evm, err)
            .expect("subblock paused fee-token failure must be converted to a halt");

        match result {
            ExecutionResult::Halt { reason, gas, .. } => {
                assert!(
                    matches!(reason, TempoHaltReason::SubblockTxFeePayment),
                    "expected SubblockTxFeePayment halt, got {reason:?}"
                );
                assert_eq!(gas.total_gas_spent(), 100_000);
                assert_eq!(
                    gas.state_gas_spent_final(),
                    0,
                    "halt reports zero state gas"
                );
            }
            other => panic!("expected ExecutionResult::Halt, got {other:?}"),
        }
    }

    /// TIP-1016: Pre-T4 behavior unchanged - initial_state_gas is still populated
    /// by upstream revm for CREATE txs (it's a property of gas_params, not gating).
    /// But enable_amsterdam_eip8037=false means the reservoir won't be used.
    #[test]
    fn test_state_gas_backward_compat_t1_no_state_gas_enabled() {
        let mut cfg = CfgEnv::<TempoHardfork>::default();
        cfg.spec = TempoHardfork::T1;
        cfg.gas_params = tempo_gas_params(TempoHardfork::T1);

        assert!(
            !cfg.enable_amsterdam_eip8037,
            "Pre-T4 should NOT have enable_amsterdam_eip8037"
        );

        let calldata = Bytes::from(vec![1, 2, 3]);

        let journal = Journal::new(CacheDB::new(EmptyDB::default()));
        let tx_env = TempoTxEnv {
            inner: revm::context::TxEnv {
                gas_limit: 1_000_000,
                kind: TxKind::Call(Address::random()),
                data: calldata,
                ..Default::default()
            },
            ..Default::default()
        };

        let ctx = Context::mainnet()
            .with_db(CacheDB::new(EmptyDB::default()))
            .with_block(TempoBlockEnv::default())
            .with_cfg(cfg)
            .with_tx(tx_env)
            .with_new_journal(journal);
        let mut evm = TempoEvm::<_, ()>::new(ctx, ());
        let handler: TempoEvmHandler<CacheDB<EmptyDB>, ()> = TempoEvmHandler::new();

        let init_gas = handler.validate_initial_tx_gas(&mut evm).unwrap();

        // CALL tx - no state gas in either case
        assert_eq!(init_gas.initial_state_gas, 0);
    }

    /// TIP-1016: AA batch with multiple calls including CREATE should track
    /// state gas for the CREATE call only.
    #[test]
    fn test_state_gas_aa_mixed_batch_create_and_call() {
        let gas_params = tempo_gas_params(TempoHardfork::T4);
        let calldata = Bytes::from(vec![1, 2, 3]);
        let initcode = Bytes::from(vec![0x60, 0x80]);

        let calls = vec![
            Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: calldata,
            },
            Call {
                to: TxKind::Create,
                value: U256::ZERO,
                input: initcode,
            },
        ];

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: calls,
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T4,
        )
        .unwrap();

        // Only the CREATE call contributes state gas
        let expected_state_gas = gas_params.create_state_gas();

        assert_eq!(
            gas.initial_state_gas, expected_state_gas,
            "Mixed batch should have state gas only from CREATE call"
        );
    }

    /// TIP-1016: AA batch with multiple CREATE calls accumulates state gas.
    #[test]
    fn test_state_gas_aa_multiple_create_calls() {
        let gas_params = tempo_gas_params(TempoHardfork::T4);
        let initcode = Bytes::from(vec![0x60, 0x80]);

        let calls = vec![
            Call {
                to: TxKind::Create,
                value: U256::ZERO,
                input: initcode.clone(),
            },
            Call {
                to: TxKind::Create,
                value: U256::ZERO,
                input: initcode,
            },
        ];

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: calls,
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T4,
        )
        .unwrap();

        // Two CREATE calls should accumulate state gas
        let per_create_state_gas = gas_params.create_state_gas();

        assert_eq!(
            gas.initial_state_gas,
            per_create_state_gas * 2,
            "Multiple CREATE calls should accumulate initial_state_gas"
        );
    }

    /// TIP-1016: In multi-call execution, per-call init gas uses
    /// `InitialAndFloorGas::new(0, 0)` so state gas is only deducted once
    /// upfront via `calculate_aa_batch_intrinsic_gas`, not per call.
    #[test]
    fn test_state_gas_multi_call_per_call_init_has_zero_state_gas() {
        let zero_init_gas = InitialAndFloorGas::new(0, 0);
        assert_eq!(
            zero_init_gas.initial_state_gas, 0,
            "Per-call init gas in multi-call must have zero initial_state_gas; \
             state gas is deducted once upfront, not per call"
        );
    }

    /// TIP-1016: Multi-call corrected gas (success path) must use flattened
    /// reconstruction (Gas::new_spent + erase_cost) to be robust under the
    /// EIP-8037 reservoir model, and must preserve accumulated state_gas_spent.
    #[test]
    fn test_state_gas_multi_call_corrected_gas_success_preserves_state_gas() {
        let gas_limit: u64 = 1_000_000;
        let total_gas_spent: u64 = 400_000;
        let accumulated_state_gas: i64 = 150_000;
        let accumulated_refund: i64 = 5_000;

        // Simulate flattened gas reconstruction (same pattern as execute_multi_call_with)
        let mut corrected_gas = Gas::new_spent_with_reservoir(gas_limit, 0);
        corrected_gas.erase_cost(gas_limit - total_gas_spent);
        corrected_gas.set_refund(accumulated_refund);
        corrected_gas.set_state_gas_spent(accumulated_state_gas);

        assert_eq!(
            corrected_gas.total_gas_spent(),
            total_gas_spent,
            "Flattened gas must have correct spent"
        );
        assert_eq!(
            corrected_gas.used(),
            total_gas_spent - accumulated_refund as u64,
            "Flattened gas must have correct used (spent - refunded)"
        );
        assert_eq!(
            corrected_gas.state_gas_spent(),
            accumulated_state_gas,
            "Corrected gas must preserve accumulated state_gas_spent"
        );
        assert_eq!(
            corrected_gas.reservoir(),
            0,
            "Flattened gas must have zero reservoir"
        );
    }

    /// TIP-1016: AA auth list entries with nonce==0 should track state gas.
    #[test]
    fn test_state_gas_aa_auth_list_nonce_zero() {
        // TIP-1016 is opt-in via amsterdam_eip8037; manually enable for this test.
        let gas_params =
            crate::gas_params::tempo_gas_params_with_amsterdam(TempoHardfork::T4, true);

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: Bytes::from(vec![1, 2, 3]),
            }],
            tempo_authorization_list: vec![RecoveredTempoAuthorization::new(
                TempoSignedAuthorization::new_unchecked(
                    alloy_eips::eip7702::Authorization {
                        chain_id: U256::ONE,
                        address: Address::random(),
                        nonce: 0,
                    },
                    TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                        alloy_primitives::Signature::test_signature(),
                    )),
                ),
            )],
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T4,
        )
        .unwrap();

        // State gas = per-auth state gas (225k) + nonce==0 account creation state gas (225k)
        // Use hard-coded expected values to catch missing gas_params overrides.
        assert_eq!(
            gas.initial_state_gas,
            225_000 + 225_000,
            "Auth list entry should track per-auth state gas (225k) + nonce==0 account creation state gas (225k)"
        );
    }

    /// TIP-1016: AA nonce==0 new account should track state gas in T4.
    #[test]
    fn test_state_gas_aa_nonce_zero_new_account() {
        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: Bytes::from(vec![1, 2, 3]),
            }],
            nonce_key: U256::ONE,
            ..Default::default()
        };

        let mut test = TestHandlerEvm::aa(TempoHardfork::T4, aa_env, |tx_env| {
            tx_env.inner.gas_limit = 60_000_000;
            tx_env.inner.nonce = 0;
        });
        let init_gas = test.validate_initial_tx_gas();

        assert_eq!(
            init_gas.initial_state_gas,
            test.gas_params().new_account_state_gas(),
            "AA tx with nonce==0 should track new_account_state_gas in T4"
        );
    }

    /// TIP-1016: Auth list state gas (GasId 254) must be zero on T1.
    #[test]
    fn test_state_gas_auth_list_zero_on_t1() {
        let gas_params = tempo_gas_params(TempoHardfork::T1);
        assert_eq!(
            gas_params.new_account_state_gas(),
            0,
            "Auth account creation state gas must be zero on T1"
        );

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: Bytes::from(vec![1, 2, 3]),
            }],
            tempo_authorization_list: vec![RecoveredTempoAuthorization::new(
                TempoSignedAuthorization::new_unchecked(
                    alloy_eips::eip7702::Authorization {
                        chain_id: U256::ONE,
                        address: Address::random(),
                        nonce: 0,
                    },
                    TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                        alloy_primitives::Signature::test_signature(),
                    )),
                ),
            )],
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T1,
        )
        .unwrap();

        assert_eq!(
            gas.initial_state_gas, 0,
            "T1 auth list nonce==0 should have zero initial_state_gas"
        );
    }

    /// TIP-1016: Standard tx with nonce==0 should track state gas on T4 only.
    #[test]
    fn test_state_gas_standard_tx_nonce_zero_t4() {
        let calldata = Bytes::from(vec![1, 2, 3]);
        let mut test = TestHandlerEvm::tx(TempoHardfork::T4, |tx_env| {
            tx_env.inner.gas_limit = 60_000_000;
            tx_env.inner.kind = TxKind::Call(Address::random());
            tx_env.inner.nonce = 0;
            tx_env.inner.data = calldata;
        });
        let init_gas = test.validate_initial_tx_gas();

        assert_eq!(
            init_gas.initial_state_gas,
            test.gas_params().new_account_state_gas(),
            "T4 standard tx with nonce==0 should track new_account_state_gas"
        );
    }

    /// TIP-1016: Standard tx with nonce==0 should NOT track state gas on T1.
    #[test]
    fn test_state_gas_standard_tx_nonce_zero_t1_no_state_gas() {
        let calldata = Bytes::from(vec![1, 2, 3]);

        let mut test = TestHandlerEvm::tx(TempoHardfork::T1, |tx_env| {
            tx_env.inner.gas_limit = 60_000_000;
            tx_env.inner.kind = TxKind::Call(Address::random());
            tx_env.inner.nonce = 0;
            tx_env.inner.data = calldata;
        });
        let init_gas = test.validate_initial_tx_gas();

        assert_eq!(
            init_gas.initial_state_gas, 0,
            "T1 standard tx with nonce==0 must NOT track state gas"
        );
    }

    /// TIP-1016: `initial_total_gas >= initial_state_gas` invariant must hold for
    /// AA CREATE calls. Without this, `execute_multi_call_with()` computes
    /// `regular_initial_gas = initial_total_gas.saturating_sub(initial_state_gas)` as 0,
    /// giving the transaction its full gas_limit for free.
    #[test]
    fn test_state_gas_aa_create_total_gas_includes_state_gas() {
        let gas_params = tempo_gas_params(TempoHardfork::T4);
        let initcode = Bytes::from(vec![0x60, 0x80]);

        let call = Call {
            to: TxKind::Create,
            value: U256::ZERO,
            input: initcode,
        };

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![call],
            key_authorization: None,
            signature_hash: B256::ZERO,
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T4,
        )
        .unwrap();

        assert!(
            gas.initial_total_gas() >= gas.initial_state_gas,
            "invariant violated: initial_total_gas ({}) < initial_state_gas ({})",
            gas.initial_total_gas(),
            gas.initial_state_gas,
        );
    }

    /// TIP-1016: `initial_total_gas >= initial_state_gas` invariant must hold for
    /// AA auth list entries with nonce==0.
    #[test]
    fn test_state_gas_aa_auth_nonce_zero_total_gas_includes_state_gas() {
        let gas_params = tempo_gas_params(TempoHardfork::T4);

        let aa_env = TempoBatchCallEnv {
            signature: TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                alloy_primitives::Signature::test_signature(),
            )),
            aa_calls: vec![Call {
                to: TxKind::Call(Address::random()),
                value: U256::ZERO,
                input: Bytes::from(vec![1, 2, 3]),
            }],
            tempo_authorization_list: vec![RecoveredTempoAuthorization::new(
                TempoSignedAuthorization::new_unchecked(
                    alloy_eips::eip7702::Authorization {
                        chain_id: U256::ONE,
                        address: Address::random(),
                        nonce: 0,
                    },
                    TempoSignature::Primitive(PrimitiveSignature::Secp256k1(
                        alloy_primitives::Signature::test_signature(),
                    )),
                ),
            )],
            ..Default::default()
        };

        let gas = calculate_aa_batch_intrinsic_gas(
            &aa_env,
            &gas_params,
            None::<std::iter::Empty<&AccessListItem>>,
            TempoHardfork::T4,
        )
        .unwrap();

        assert!(
            gas.initial_total_gas() >= gas.initial_state_gas,
            "invariant violated: initial_total_gas ({}) < initial_state_gas ({})",
            gas.initial_total_gas(),
            gas.initial_state_gas,
        );
    }

    /// TIP-1016: CREATE state gas is charged upfront and must be spent even if a later AA step reverts.
    #[test]
    fn test_state_gas_failed_batch_preserves_upfront_create_intrinsic_gas() {
        let tx_gas_limit = 1_000_000u64;
        let (calls, call_results) = (
            vec![
                Call {
                    to: TxKind::Create,
                    value: U256::ZERO,
                    input: Bytes::from(vec![0x60, 0x80]),
                },
                Call {
                    to: TxKind::Call(Address::random()),
                    value: U256::ZERO,
                    input: Bytes::new(),
                },
            ],
            [
                (InstructionResult::Stop, 10_000u64),
                (InstructionResult::Revert, 7_000u64),
            ],
        );

        let aa_env = make_aa_env(calls.clone());
        let mut test = TestHandlerEvm::aa(TempoHardfork::T4, aa_env, |tx_env| {
            tx_env.inner.caller = Address::random();
            tx_env.inner.gas_limit = tx_gas_limit;
            // Keep nonce != 0 so this isolates CREATE state gas from caller account-creation gas.
            tx_env.inner.nonce = 1;
        });

        let init_gas = test.validate_initial_tx_gas();
        assert_eq!(
            init_gas.initial_state_gas,
            test.gas_params().create_state_gas(),
            "first-call CREATE should contribute create_state_gas to AA intrinsic gas"
        );
        let (gas_limit, reservoir) = test.evm.initial_gas_and_reservoir(&init_gas);

        let mut call_idx = 0usize;
        let result = test
            .handler
            .execute_multi_call_with(
                &mut test.evm,
                gas_limit,
                reservoir,
                calls,
                |_handler, _evm, gas, _reservoir| {
                    // Feed the batch executor deterministic per-call outcomes without running real EVM code.
                    let (instruction_result, spent) = call_results[call_idx];
                    call_idx += 1;

                    let mut gas = Gas::new(gas);
                    gas.set_spent(spent);

                    Ok(FrameResult::Call(CallOutcome::new(
                        InterpreterResult::new(instruction_result, Bytes::new(), gas),
                        0..0,
                    )))
                },
            )
            .expect("execute_multi_call_with should return a failed frame result");

        let expected_spent =
            init_gas.initial_total_gas() + call_results.iter().map(|(_, spent)| spent).sum::<u64>();

        // Pays CREATE state gas + both call costs. CREATE is charged upfront via intrinsic gas, and NOT refunded.
        assert_eq!(result.instruction_result(), InstructionResult::Revert);
        assert_eq!(result.gas().total_gas_spent(), expected_spent);
        assert_eq!(result.gas().remaining(), tx_gas_limit - expected_spent);
        assert_eq!(result.gas().state_gas_spent(), 0);
        assert_eq!(result.gas().reservoir(), 0);
    }
}