fix: cosmwasm evm query path repeatable undercharged evm exec

[mattkii]

Description

Hardens the internal EVM call helper CallEVMWithData (x/vm/keeper/call_evm.go)
against undercharged, repeatable internal EVM execution triggered from the SDK side
(e.g. the KiiChain CosmWasm→EVM ERC20 query bindings).

Two compounding problems were addressed:

1. gasCap was ignored. CallEVMWithData always set the message GasLimit to
   config.DefaultGasCap (25M), regardless of the gasCap argument or the caller's
   remaining SDK gas budget. A caller passing a smaller cap (or relying on the
   remaining budget) could not constrain the internal execution.
2. The SDK meter was charged the post-refund amount. Internal calls run with a
   full gas refund (refundQuotient = 1) and skip the minimumGasUsed floor, so
   res.GasUsed can fall far below the real pre-refund compute (res.MaxUsedGas).
   ConsumeGas(res.GasUsed) therefore billed validators for a fraction of the work
   actually performed, enabling a refund-maximizing contract to repeat the same heavy
   workload while paying almost nothing.

Changes in CallEVMWithData:

• Bound GasLimit by the provided gasCap when set (min(gasCap, DefaultGasCap)),
  falling back to DefaultGasCap when nil — so callers can cap execution to their
  remaining budget.
• Charge the SDK gas meter for the actual pre-refund work: use res.MaxUsedGas when
  it exceeds res.GasUsed, for non-precompile calls. Precompile sub-calls keep their
  existing accounting to avoid disturbing precompile gas costs.

Most critical file to review: x/vm/keeper/call_evm.go.

This is the EVM-fork half of the fix; the companion change lives in
KiiChain/kiichain (wasmbinding/evm/queries.go), which passes a real
gasCap derived from the transaction's remaining SDK gas to these helpers.

---

Author Checklist

I have...

• tackled an existing issue or discussed with a team member — addresses audit
  report KCNL1DDA-89 (CosmWasm→EVM query path repeatable undercharged internal
  EVM execution).
• left instructions on how to review the changes — see "How to review" below.
• targeted the main branch — branch fix/wasm-repeatable-undercharged-internal-evm-exec was cut from and targets main.

How to review

1. Read x/vm/keeper/call_evm.go — confirm the gasCap bounding and the
   MaxUsedGas vs GasUsed charging logic (note the !callFromPrecompile guard).
2. Verify build + tests:

   go build ./x/vm/keeper/
   cd evmd && go test -tags=test -run 'TestKeeperTestSuite/TestCallEVM' ./tests/integration/
   

   Both pass locally (CallEVM and CallEVMWithData suites green).

[coderabbitai]

Warning

Review limit reached

@mattkii, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 47 minutes and 52 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 16fbbde2-27c5-411a-b917-71058ec39f0a

📥 Commits

Reviewing files that changed from the base of the PR and between 375d5dd and 2a567c7.

📒 Files selected for processing (2)

• CHANGELOG.md
• x/vm/keeper/call_evm.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/wasm-repeatable-undercharged-internal-evm-exec

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[jhelison]

Interesting to see that the gas cap was not being used after all.
They have changed this function to consider the gas cap in the recent version:

• cosmos/evm@0ca6371

Interesting finding

[jhelison]

Shouldn't we move this snipped to happen on the Kiichain side? Since it's related to Cosmos-SDK ctx gas handling instead of evm internal gas counters