evmigration fixes

Author: akobrin1

.gitignore

@@ -31,4 +31,5 @@ supernode/__debug*
 /data
 /release
 AGENTS.md
-analysis
+analysis
+.claude/settings.json

docs/evm-migration.md

@@ -14,7 +14,8 @@ delegations, supernode registration, and optionally validator state — to a new
 address derived from the same mnemonic under the EVM HD path.
 
 The migration is:
-- **One-time**: runs automatically at supernode startup when a legacy key is detected
+
+- **One-time**: runs automatically at superno0de startup when a legacy key is detected
 - **Rerunnable**: safe to retry if interrupted at any point
 - **Self-authenticating**: uses dual signatures (legacy + new key) embedded in the
   message, so no Cosmos-level tx signing is needed
@@ -24,57 +25,59 @@ The migration is:
 ### Prerequisites
 
 1. Your supernode binary must be the EVM-compatible version.
-2. The connected Lumera chain must have the `evm` module active.
-3. You need the **mnemonic** used to create your original supernode key.
+2. The connected Lumera chain must have the`evm` module active.
+3. You need the**mnemonic** used to create your original supernode key.
 
 ### Migration Steps
 
 1. **Derive your new EVM key** from the same mnemonic:
+
    ```bash
    supernode keys recover --name evm-key --mnemonic "your twelve or twenty four words ..."
    ```
+
    This creates an `eth_secp256k1` key under the name `evm-key` using HD path
    `m/44'/60'/0'/0/0`. The resulting address will be different from your legacy
    address — this is expected.
-
 2. **Add `evm_key_name` to your config.yaml** under the `supernode` section:
+
    ```yaml
    supernode:
      key_name: mykey           # your existing legacy key name
      evm_key_name: evm-key     # the name you used in step 1
      identity: lumera1...      # your current legacy address
    ```
-
 3. **Restart the supernode**. On startup it will:
-   - Detect the legacy `secp256k1` key under `key_name`
-   - Validate that `evm_key_name` points to a valid `eth_secp256k1` key
+
+   - Detect the legacy`secp256k1` key under`key_name`
+   - Validate that`evm_key_name` points to a valid`eth_secp256k1` key
    - Query the chain for an existing migration record (handles reruns)
-   - Run a pre-flight `MigrationEstimate` to check if the migration would succeed
+   - Run a pre-flight`MigrationEstimate` to check if the migration would succeed
    - Sign the migration payload with both keys
-   - Broadcast `MsgClaimLegacyAccount` (or `MsgMigrateValidator` for validators)
+   - Broadcast`MsgClaimLegacyAccount` (or`MsgMigrateValidator` for validators)
    - Wait for block confirmation (DeliverTx)
    - Delete the legacy key from the keyring
-   - Update `config.yaml`: `key_name` -> `evm-key`, `identity` -> new address,
-     `evm_key_name` cleared
-
+   - Update`config.yaml`:`key_name` ->`evm-key`,`identity` -> new address,`evm_key_name` cleared
 4. **After migration completes**, your config will look like:
+
    ```yaml
    supernode:
      key_name: evm-key
      identity: lumera1<new-evm-address>
    ```
+
    The `evm_key_name` field is automatically removed. No further action is needed.
 
 ### Troubleshooting
 
-| Error | Cause | Fix |
-| ----- | ----- | --- |
-| `no evm_key_name configured` | Legacy key detected but config missing `evm_key_name` | Add `evm_key_name` to config and restart |
-| `not an eth_secp256k1 key` | `evm_key_name` points to a secp256k1 key (wrong derivation) | Re-derive using `supernode keys recover` (uses coin type 60) |
-| `new address mismatch` | On-chain migration record has a different destination address than your local EVM key | Your `evm_key_name` doesn't match the key originally used for migration; fix the config |
-| `migration estimate indicates migration would fail` | Chain rejected the pre-flight check | Check `rejection_reason` in logs; migration may be disabled or account may not exist |
-| `migration tx was not confirmed` | Tx was not included in a block within 60s | Restart to retry; the check is idempotent |
-| `failed to save updated config` | Config file write error after successful migration | Manually update config as instructed in the error message |
+| Error                                                 | Cause                                                                                 | Fix                                                                                       |
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
+| `no evm_key_name configured`                        | Legacy key detected but config missing `evm_key_name`                               | Add `evm_key_name` to config and restart                                                |
+| `not an eth_secp256k1 key`                          | `evm_key_name` points to a secp256k1 key (wrong derivation)                         | Re-derive using `supernode keys recover` (uses coin type 60)                            |
+| `new address mismatch`                              | On-chain migration record has a different destination address than your local EVM key | Your `evm_key_name` doesn't match the key originally used for migration; fix the config |
+| `migration estimate indicates migration would fail` | Chain rejected the pre-flight check                                                   | Check `rejection_reason` in logs; migration may be disabled or account may not exist    |
+| `migration tx was not confirmed`                    | Tx was not included in a block within 60s                                             | Restart to retry; the check is idempotent                                                 |
+| `failed to save updated config`                     | Config file write error after successful migration                                    | Manually update config as instructed in the error message                                 |
 
 ## Chain-Side Reference
 
@@ -106,12 +109,12 @@ validator operators with `ErrUseValidatorMigration`.
 
 ### Migration parameters (chain-side)
 
-| Param | Default | Description |
-| ----- | ------- | ----------- |
-| `enable_migration` | `true` | Master switch |
-| `migration_end_time` | `0` | Unix timestamp deadline (0 = no deadline) |
-| `max_migrations_per_block` | `50` | Rate limit |
-| `max_validator_delegations` | `2000` | Max delegators for validator migration |
+| Param                         | Default  | Description                               |
+| ----------------------------- | -------- | ----------------------------------------- |
+| `enable_migration`          | `true` | Master switch                             |
+| `migration_end_time`        | `0`    | Unix timestamp deadline (0 = no deadline) |
+| `max_migrations_per_block`  | `50`   | Rate limit                                |
+| `max_validator_delegations` | `2000` | Max delegators for validator migration    |
 
 ### Fee waiving
 
@@ -175,29 +178,60 @@ Update config (key_name, identity, evm_key_name) and save
 The chain expects different signing protocols for each key type:
 
 **Legacy (secp256k1):**
+
 ```
 supernode:  hash = SHA256(payload)
             sig  = kr.Sign(hash)        -- internally: Sign(SHA256(hash))
 chain:      VerifySignature(hash, sig)   -- internally: verify(SHA256(hash), sig)
 ```
 
 **EVM (eth_secp256k1):**
+
 ```
 supernode:  sig = kr.Sign(payload)       -- internally: Sign(Keccak256(payload))
 chain:      VerifySignature(payload, sig) -- internally: verify(Keccak256(payload), sig)
 ```
 
-### Key Architectural Decisions
+### P2P Bootstrap Refresh After Migration
 
-- **No `kr.Rename`**: The Cosmos SDK `Rename` method uses amino armor export/import
-  internally, which doesn't support `eth_secp256k1` keys. Instead, after migration
-  the EVM key keeps its original name and `config.yaml key_name` is updated to point
-  to it.
+When an EVM migration occurs, all supernodes change their on-chain addresses
+simultaneously. Without intervention, the P2P layer would keep stale addresses
+in its routing table for up to 10 minutes (the normal bootstrap refresh
+interval), causing handshake failures.
 
-- **SYNC broadcast + polling**: `BROADCAST_MODE_SYNC` only waits for `CheckTx`.
-  Local state (keyring, config) is only mutated after `waitForTxConfirmation` polls
-  `GetTx` and confirms block inclusion via `DeliverTx`.
+Three mechanisms work together to resolve this:
+
+1. **Immediate bootstrap refresh**: After migration completes and the Lumera
+   client is reloaded, `start.go` calls `p2pService.NotifyEVMMigration()`.
+   This triggers an immediate `SyncBootstrapOnce()` which re-queries
+   `ListSuperNodes()` from the chain and updates the routing table with
+   current addresses.
+
+2. **Accelerated refresh window**: After the migration signal, the bootstrap
+   refresher switches from the normal 10-minute interval to a **1-minute
+   interval for 5 cycles**. This catches peers that migrate slightly later
+   (staggered startup, network delays). After 5 accelerated cycles it
+   automatically reverts to the normal 10-minute cadence.
+
+3. **Staggered startup (devnet)**: In the devnet startup script, validator N
+   waits `(N-1) * 5` seconds before starting the supernode when EVM migration
+   is pending. This spreads migrations across ~20 seconds so that by the time
+   later validators query the chain, earlier validators have already committed
+   their migration records.
 
+**Code locations:**
+
+| Component | File | Key symbol |
+| --- | --- | --- |
+| Migration notify channel | `p2p/kademlia/dht.go` | `migrationNotify` field |
+| Accelerated refresher | `p2p/kademlia/bootstrap.go` | `StartBootstrapRefresher()`, `NotifyEVMMigration()` |
+| P2P interface method | `p2p/p2p.go` | `NotifyEVMMigration()` |
+| Startup integration | `supernode/cmd/start.go` | `evmMigrationOccurred` flag |
+
+### Key Architectural Decisions
+
+- **SYNC broadcast + polling**: `BROADCAST_MODE_SYNC` only waits for `CheckTx`.
+- Local state (keyring, config) is only mutated after `waitForTxConfirmation` polls `GetTx` and confirms block inclusion via `DeliverTx`.
 - **`migrationChainClient` interface**: Chain interactions (queries + broadcast) are
   abstracted behind an interface, enabling comprehensive unit testing without a live
   gRPC connection.
@@ -206,26 +240,26 @@ chain:      VerifySignature(payload, sig) -- internally: verify(Keccak256(payloa
 
 ### New Files
 
-| File | Description |
-| ---- | ----------- |
-| `supernode/cmd/evmigration.go` | Core migration logic: chain detection, key validation, dual signing, broadcast, config update |
-| `supernode/cmd/evmigration_test.go` | Unit tests with mock chain client |
-| `tests/integration/evmigration/evmigration_test.go` | Integration tests for keyring lifecycle, signing protocol, config persistence |
+| File                                                  | Description                                                                                   |
+| ----------------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| `supernode/cmd/evmigration.go`                      | Core migration logic: chain detection, key validation, dual signing, broadcast, config update |
+| `supernode/cmd/evmigration_test.go`                 | Unit tests with mock chain client                                                             |
+| `tests/integration/evmigration/evmigration_test.go` | Integration tests for keyring lifecycle, signing protocol, config persistence                 |
 
 ### Modified Files
 
-| File | Changes |
-| ---- | ------- |
-| `pkg/keyring/keyring.go` | Switched to EVM defaults: `DefaultHDPath = "m/44'/60'/0'/0/0"`, `EthSecp256k1Option()`, `evmcryptocodec.RegisterInterfaces()` |
-| `pkg/keyring/keyring_test.go` | Added 10 tests for EVM key creation, derivation, signing, legacy-vs-EVM address differences |
-| `pkg/lumera/codec/encoding.go` | Registers `evmcryptocodec` and `evmigrationtypes` interfaces |
-| `pkg/lumera/interface.go` | Added `Conn() *grpc.ClientConn` to Client interface |
-| `pkg/lumera/client.go` | Implemented `Conn()` method |
-| `pkg/lumera/lumera_mock.go` | Added `Conn()` to mock client |
-| `pkg/testutil/lumera.go` | Added `Conn()` to `MockLumeraClient` |
-| `supernode/config/config.go` | Added `EVMKeyName string` field to `SupernodeConfig` |
-| `supernode/cmd/start.go` | Integrated `requireEVMChain()` and `ensureLegacyAccountMigrated()` at startup |
-| `go.mod` / `go.sum` | Added `github.com/cosmos/evm` dependency |
+| File                             | Changes                                                                                                                            |
+| -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
+| `pkg/keyring/keyring.go`       | Switched to EVM defaults:`DefaultHDPath = "m/44'/60'/0'/0/0"`, `EthSecp256k1Option()`, `evmcryptocodec.RegisterInterfaces()` |
+| `pkg/keyring/keyring_test.go`  | Added 10 tests for EVM key creation, derivation, signing, legacy-vs-EVM address differences                                        |
+| `pkg/lumera/codec/encoding.go` | Registers `evmcryptocodec` and `evmigrationtypes` interfaces                                                                   |
+| `pkg/lumera/interface.go`      | Added `Conn() *grpc.ClientConn` to Client interface                                                                              |
+| `pkg/lumera/client.go`         | Implemented `Conn()` method                                                                                                      |
+| `pkg/lumera/lumera_mock.go`    | Added `Conn()` to mock client                                                                                                    |
+| `pkg/testutil/lumera.go`       | Added `Conn()` to `MockLumeraClient`                                                                                           |
+| `supernode/config/config.go`   | Added `EVMKeyName string` field to `SupernodeConfig`                                                                           |
+| `supernode/cmd/start.go`       | Integrated `requireEVMChain()` and `ensureLegacyAccountMigrated()` at startup                                                  |
+| `go.mod` / `go.sum`          | Added `github.com/cosmos/evm` dependency                                                                                         |
 
 ### Key Types and Functions
 

p2p/kademlia/bootstrap.go

@@ -16,8 +16,10 @@ import (
 )
 
 const (
-	bootstrapRefreshInterval     = 10 * time.Minute
-	defaultSuperNodeP2PPort  int = 4445
+	bootstrapRefreshInterval          = 10 * time.Minute
+	bootstrapAcceleratedInterval      = 1 * time.Minute
+	bootstrapAcceleratedCycles        = 5
+	defaultSuperNodeP2PPort       int = 4445
 )
 
 // seed a couple of obviously bad addrs (unless in integration tests)
@@ -301,6 +303,10 @@ func (s *DHT) SyncBootstrapOnce(ctx context.Context, bootstrapNodes string) erro
 
 // StartBootstrapRefresher runs SyncBootstrapOnce every 10 minutes (idempotent upserts).
 // This keeps replication_info and routing table current as the validator set changes.
+//
+// When NotifyEVMMigration is called, the refresher immediately runs a sync and
+// temporarily switches to an accelerated 1-minute interval for 5 cycles so that
+// peer address changes from EVM migration are picked up quickly.
 func (s *DHT) StartBootstrapRefresher(ctx context.Context, bootstrapNodes string) {
 	go func() {
 		// Initial sync
@@ -310,25 +316,78 @@ func (s *DHT) StartBootstrapRefresher(ctx context.Context, bootstrapNodes string
 				logtrace.FieldError:  err.Error(),
 			})
 		}
-		t := time.NewTicker(bootstrapRefreshInterval)
+
+		acceleratedRemaining := 0
+		currentInterval := bootstrapRefreshInterval
+		t := time.NewTicker(currentInterval)
 		defer t.Stop()
 
 		for {
 			select {
 			case <-ctx.Done():
 				return
+			case <-s.migrationNotify:
+				// EVM migration detected — immediate sync + accelerated refresh
+				logtrace.Info(ctx, "EVM migration notified — running immediate bootstrap sync and switching to accelerated refresh", logtrace.Fields{
+					logtrace.FieldModule: "p2p",
+					"accelerated_cycles": bootstrapAcceleratedCycles,
+					"accelerated_interval": bootstrapAcceleratedInterval.String(),
+				})
+				if err := s.SyncBootstrapOnce(ctx, bootstrapNodes); err != nil {
+					logtrace.Warn(ctx, "post-migration bootstrap sync failed", logtrace.Fields{
+						logtrace.FieldModule: "p2p",
+						logtrace.FieldError:  err.Error(),
+					})
+				}
+				acceleratedRemaining = bootstrapAcceleratedCycles
+				currentInterval = bootstrapAcceleratedInterval
+				t.Reset(currentInterval)
 			case <-t.C:
 				if err := s.SyncBootstrapOnce(ctx, bootstrapNodes); err != nil {
 					logtrace.Warn(ctx, "periodic bootstrap sync failed", logtrace.Fields{
 						logtrace.FieldModule: "p2p",
 						logtrace.FieldError:  err.Error(),
 					})
 				}
+				if acceleratedRemaining > 0 {
+					acceleratedRemaining--
+					if acceleratedRemaining == 0 {
+						logtrace.Info(ctx, "Accelerated bootstrap refresh complete — reverting to normal interval", logtrace.Fields{
+							logtrace.FieldModule: "p2p",
+						})
+						currentInterval = bootstrapRefreshInterval
+						t.Reset(currentInterval)
+					}
+				}
 			}
 		}
 	}()
 }
 
+// NotifyEVMMigration flushes stale P2P state (credential cache and pooled
+// connections) and signals the bootstrap refresher to immediately re-sync the
+// peer list from the chain with temporarily accelerated refresh interval.
+// This must be called after an EVM account migration completes so that the
+// new local identity is used for all subsequent handshakes.
+func (s *DHT) NotifyEVMMigration() {
+	// 1. Clear the global KeyExchanger cache so new handshakes use the
+	//    post-migration local identity in HKDF key derivation.
+	ltc.ClearKeyExchangerCache()
+
+	// 2. Close all pooled connections — they were established with the old
+	//    identity and will fail authentication if reused.
+	if s.network != nil {
+		s.network.connPool.Release()
+	}
+
+	// 3. Signal the bootstrap refresher to re-sync peers immediately.
+	select {
+	case s.migrationNotify <- struct{}{}:
+	default:
+		// already pending — no need to double-signal
+	}
+}
+
 // ConfigureBootstrapNodes wires to the new sync/refresher (no pings here).
 func (s *DHT) ConfigureBootstrapNodes(ctx context.Context, bootstrapNodes string) error {
 	// One-time sync; start refresher in the background

p2p/kademlia/dht.go

@@ -77,6 +77,11 @@ type DHT struct {
 	routingAllow      map[[32]byte]struct{} // blake3(peerID) -> exists
 	routingAllowReady atomic.Bool
 	routingAllowCount atomic.Int64
+
+	// migrationNotify is signalled by NotifyEVMMigration to trigger an
+	// immediate bootstrap refresh and temporarily accelerate the refresh
+	// interval (1 min for the first 5 cycles after migration).
+	migrationNotify chan struct{}
 }
 
 // bootstrapIgnoreList seeds the in-memory ignore list with nodes that are
@@ -280,15 +285,16 @@ func NewDHT(ctx context.Context, store Store, metaStore MetaStore, options *Opti
 	}
 
 	s := &DHT{
-		metaStore:      metaStore,
-		store:          store,
-		options:        options,
-		done:           make(chan struct{}),
-		cache:          memory.NewKeyValue(),
-		bsConnected:    &sync.Map{},
-		ignorelist:     NewBanList(ctx),
-		replicationMtx: sync.RWMutex{},
-		rqstore:        rqstore,
+		metaStore:       metaStore,
+		store:           store,
+		options:         options,
+		done:            make(chan struct{}),
+		cache:           memory.NewKeyValue(),
+		bsConnected:     &sync.Map{},
+		ignorelist:      NewBanList(ctx),
+		replicationMtx:  sync.RWMutex{},
+		rqstore:         rqstore,
+		migrationNotify: make(chan struct{}, 1),
 	}
 
 	// Check that keyring is provided