rpc sharding by tx sender for autobahn

[pompon0]

For giga testnet we need every account to send transaction only to a single lane, so that they are included in nonce order. In this pr we are adding proxying of transactions to the correct lane (validator). How it works:

• only evmrpc endpoint is handled
• it is using http evmrpc connections for proxying (ws connections are also supported, but with the current impl they would be inefficient - see the comments in code)
• [evm account -> lane] mapping is deterministic and defined by autobahn committee
• evmrpc urls of validators of each lane are specified in autobahn config
• whenever user calls sendRawTransaction or getTransactionCount rpcs to a node, the lane of the evm account is computed. If the lane is produced by the local node, it is added to the mempool. Otherwise url of the lane owner is fetched and the same evmrpc is called on that url.
• If autobahn is not enabled, we fallback to the previous semantics.

---

Note

Medium Risk
Introduces request redirection for eth_sendRawTransaction and pending eth_getTransactionCount, which changes transaction submission/nonce semantics and adds cross-validator HTTP RPC dependencies driven by config.

Overview
Adds sender-based RPC sharding for Autobahn by introducing LocalClient.EvmProxy(sender) and wiring it through the Tendermint local client/environment and GigaRouter (deterministic shard selection via Committee.EvmShard).

evmrpc now redirects eth_sendRawTransaction and pending eth_getTransactionCount to the shard owner’s EVM RPC HTTP endpoint when the sender maps to a different validator, with a fallback to existing local behavior when no proxy is configured or Autobahn isn’t active. Adds a new OpenTelemetry counter evmrpc_redirected_requests_total.

Extends Autobahn config generation/consumption to include per-validator evmrpc URLs (new evmrpc_url.txt in localnode init, new evmrpc field in config with URL marshal/unmarshal) and updates/expands tests to cover proxy behavior and the shard→URL mapping.

^{Reviewed by Cursor Bugbot for commit 33794ff. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	May 19, 2026, 4:12 PM

[codecov]

Codecov Report

❌ Patch coverage is 58.22785% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.31%. Comparing base (25a36cb) to head (ce8109f).

Files with missing lines	Patch %	Lines
evmrpc/send.go	60.00%	6 Missing and 4 partials ⚠️
...int/cmd/tendermint/commands/gen_autobahn_config.go	0.00%	7 Missing ⚠️
evmrpc/tx.go	60.00%	2 Missing and 2 partials ⚠️
sei-tendermint/config/autobahn.go	63.63%	2 Missing and 2 partials ⚠️
sei-tendermint/internal/rpc/core/mempool.go	0.00%	4 Missing ⚠️
evmrpc/tests/mock_client.go	0.00%	2 Missing ⚠️
sei-tendermint/rpc/client/local/local.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3438      +/-   ##
==========================================
+ Coverage   59.30%   59.31%   +0.01%     
==========================================
  Files        2127     2127              
  Lines      175830   175943     +113     
==========================================
+ Hits       104268   104369     +101     
- Misses      62477    62479       +2     
- Partials     9085     9095      +10     

Flag	Coverage Δ
sei-chain-pr	68.39% <58.22%> (?)
sei-db	70.41% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
evmrpc/metrics.go	96.00% <100.00%> (+0.65%)	⬆️
sei-cosmos/client/context.go	86.07% <ø> (ø)
...ei-tendermint/internal/autobahn/types/committee.go	96.42% <100.00%> (+0.35%)	⬆️
sei-tendermint/internal/p2p/giga_router.go	69.75% <100.00%> (+0.75%)	⬆️
sei-tendermint/node/setup.go	69.67% <100.00%> (+0.09%)	⬆️
evmrpc/tests/mock_client.go	56.66% <0.00%> (-0.77%)	⬇️
sei-tendermint/rpc/client/local/local.go	55.17% <0.00%> (-0.78%)	⬇️
evmrpc/tx.go	84.68% <60.00%> (-0.80%)	⬇️
sei-tendermint/config/autobahn.go	44.00% <63.63%> (+15.42%)	⬆️
sei-tendermint/internal/rpc/core/mempool.go	63.82% <0.00%> (-2.84%)	⬇️
... and 2 more

... and 32 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 9c3516e. Configure here.}

[wen-coding]

nit: would be nice if both ports come from a common config

[pompon0]

these are preexisting configs. Merging them would be backward incompatible.

[wen-coding]

nit: can you clarify whether this is request you forwarded to someone else or it is request you received from redirection?

[pompon0]

reworded to "forwarded to another validator"

[wen-coding]

Would we see one error log per tx when one validator is down? That would be too spammy

[pompon0]

I'm not sure if we log all evmrpc RPC errors, but this will be consistent with the current behavior - we return error if tx does not land in the correct mempool

[wen-coding]

What's our plan for handling the case where one validator is down?

[pompon0]

for testnet - some accounts will be censored. We need to implement a proper solution afterwards.

[wen-coding]

Would we always have NewEIP155Signer in tx.Protected()? Would ethtypes.LatestSignerForChainID(chainID)) be better? So we accept non-1559 transactions?

[pompon0]

I have just copied over what simulateTx did. Is this not correct?

[wen-coding]

I think LatestSignerForChainID(chainID) is a better approach guaranteed in go-ethereum library to handle all cases. I think the current code has a gap, but it only affected simulateTx's gas estimate, now we are skipping the proxy for it.

[pompon0]

make sense, switched to LatestSignerForChainID

[wen-coding]

We don't have that many validators so maybe we can use a cheaper algorithm?

i := int(binary.BigEndian.Uint64(addr[:8]) % uint64(c.replicas.Len()))

I suppose we will have a different algorithm when Autobahn hits mainnet, so we don't need to worry about attacker reverse-engineering this algorithm for now?

[pompon0]

good point, although imo it will not be a bottleneck and eventually it will be even more expensive.

[cursor]

PR Summary

High Risk
High risk because it changes eth_sendRawTransaction and pending eth_getTransactionCount behavior to optionally forward requests over HTTP to other validators based on sender sharding, impacting transaction acceptance/nonce semantics and introducing new network failure modes.

Overview
Implements RPC sharding by EVM sender for Autobahn: nodes now deterministically map a sender address to a committee “lane” and, when the lane owner is another validator with an evmrpc URL configured, HTTP-proxy eth_sendRawTransaction and pending eth_getTransactionCount to that validator instead of handling locally.

Extends Autobahn config generation and node setup to carry per-validator evmrpc endpoints (evmrpc_url.txt, new AutobahnValidator.EVMRPC + URL wrapper), adds EvmProxy plumbing through the local Tendermint client and GigaRouter, and introduces a new metric evmrpc_redirected_requests_total plus tests covering proxy and fallback paths.

^{Reviewed by Cursor Bugbot for commit ce8109f. Bugbot is set up for automated code reviews on this repo. Configure here.}