fix: replace sender to timelock address during error decoding#775
Merged
Conversation
Signed-off-by: Pablo <pablo.estrada@smartcontract.com>
Signed-off-by: Pablo <pablo.estrada@smartcontract.com>
Signed-off-by: Pablo <pablo.estrada@smartcontract.com>
Signed-off-by: Pablo <pablo.estrada@smartcontract.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
gustavogama-cll
previously approved these changes
Jun 5, 2026
Signed-off-by: Pablo <pablo.estrada@smartcontract.com>
gustavogama-cll
approved these changes
Jun 5, 2026
|
ecPablo
pushed a commit
that referenced
this pull request
Jun 5, 2026
🤖 I have created a release *beep* *boop* --- ## [0.46.0](v0.45.1...v0.46.0) (2026-06-05) ### Features * **canton:** integrate Canton support ([#613](#613)) ([d1e8d62](d1e8d62)) ### Bug Fixes * replace sender to timelock address during error decoding ([#775](#775)) ([7da8a8e](7da8a8e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: app-token-issuer-ops-platform[bot] <275822481+app-token-issuer-ops-platform[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.




Timelock execution failures through a CallProxy were decoded with the wrong underlying revert. CI reported
OnlyCallableByOwner()on WorkflowRegistry, but the real failure wasNodeDoesNotSupportCapability(...).Root cause
When
mcms.WithCallProxyis used, the EVM executor sends the tx to theCallProxy,not theRBACTimelock. On failure,BuildExecutionErrorreplayed the inner timelock call withFromset to that execution address (the proxy). That synthetic path is not what happens on chain: CallProxy forwards to the timelock, and the target seesmsg.senderas the timelock. Replaying from the proxy made Ownable targets revert withOnlyCallableByOwner()even when the real execution had already passed ownership and failed for a different reason.Fix
EVM-only change in
sdk/evm/execution_error.go: before underlying-call replay, resolve the real sender. If the execution address is a generated CallProxy (runtime bytecode fingerprint from bindings.CallProxy), extract the embedded timelock target and use it as From for eth_call replay. Otherwise behavior is unchanged.AI Summary
This pull request enhances the handling of execution errors for EVM timelock transactions, especially when transactions are routed through a CallProxy contract. The main improvement is the ability to correctly identify and replay the underlying call from the true sender (the embedded timelock) even when a proxy is involved, providing more accurate revert reasons. The changes also add robust testing for CallProxy bytecode fingerprinting and sender resolution logic.
Enhancements to CallProxy handling and error replay:
sdk/evm/execution_error.go) [1] [2]resolveUnderlyingCallSenderfunction, which determines the true sender for replaying failed calls, handling both proxy and non-proxy cases. (sdk/evm/execution_error.go)Testing and validation improvements:
sdk/evm/execution_error_test.go)sdk/evm/timelock_executor_test.go) [1] [2] [3]Other changes:
sdk/evm/execution_error.go,sdk/evm/execution_error_test.go,sdk/evm/timelock_executor_test.go) [1] [2] [3]These changes significantly improve the reliability and transparency of error handling for timelock operations, especially in the presence of proxy contracts.