Skip to content

Security release/candidate 1#4109

Open
lionakhnazarov wants to merge 192 commits into
threshold-network:mainfrom
lionakhnazarov:security-release/candidate-1
Open

Security release/candidate 1#4109
lionakhnazarov wants to merge 192 commits into
threshold-network:mainfrom
lionakhnazarov:security-release/candidate-1

Conversation

@lionakhnazarov

@lionakhnazarov lionakhnazarov commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Summary

Integration candidate for the coordinated security release (sr-candidate-1).

Merges:

Head: dd2c87360
tss-lib pin: github.com/threshold-network/tss-lib@v0.0.0-20260615180949-86bd1a375cc0 (86bd1a3)

Sepolia smoke on this commit: PASS (SR-1, SR-2 full @ groupSize=3, SR-4 live SPV proof, SR-5 rollback). Details below.


⚠️ Coordinated upgrade required

All operators in a DKG or signing ceremony must run the same build. Mixed old/new nodes will fail TSS rounds (session IDs, proof transcripts, wire formats differ).

Do not roll out node-by-node during an in-flight ceremony. Upgrade when idle; rollback only when idle.


Breaking changes (operator-visible)

ID Change Action
BC-1..BC-5 tss-lib hardening + session ID binding (GG20 proofs, DKG/signing session formats) Simultaneous upgrade of all ceremony participants
BC-6..BC-8 ECDH/HKDF, G1HashToPoint, PrepareForSigning API changes Rebuild integrators; no in-tree keep-core callers found for BC-8
BC-9 Bootstrap removal (#3909) + embedded well-known peers Remove custom bootstrap config; metric connected_wellknown_peers_count
BC-10 RandomBeacon reentrancy guard (new storage slot) Only if beacon proxy upgraded in same train
OV-1 Metrics/diagnostics opt-in (port 0 default) Enable [clientinfo] Port explicitly if scraping /metrics
OV-2 connected_bootstrap_countconnected_wellknown_peers_count Update dashboards/alerts
OV-3 --network.bootstrap=true deprecated Remove when convenient

Full table: see epic CHANGELOG.md and SECURITY-BREAKING-CHANGES.md on keep-core-security.


Conflict resolution (vs main + epic)

Area Resolution
libp2p transport Kept main #4008 (applyHandshakeDeadline / SetDeadline)
bitcoin / SPV / tbtc / tecdsa Epic hardening + OOB guards
SPV proof headers Cherry-pick DIFF1 getProofInfo fix (testnet4 minimum-difficulty blocks)
Legacy dirs Kept main removal of solidity-v1, dashboard, token-stakedrop
tss-lib Pin 86bd1a3 via go.mod replace

Dependencies

github.com/bnb-chain/tss-lib => github.com/threshold-network/tss-lib v0.0.0-20260615180949-86bd1a375cc0
github.com/threshold-network/keep-common v1.7.1-tlabs.1
go 1.25.7 / toolchain go1.25.10

Local regression (pre-merge)

go test ./pkg/tecdsa/dkg ./pkg/tecdsa/signing ./pkg/maintainer/spv ./pkg/net/libp2p ./pkg/tbtc  → PASS

Sepolia validation (security-candidate-1 @ dd2c87360)

Droplet: 162.243.170.240 · Image: keep-client:security-candidate-1

Scenario Result Evidence
SR-1 Operator mesh PASS 31/31 containers; libp2p mesh stable; metrics when [clientinfo] enabled
SR-2 DKG + wallet FULL PASS (groupSize=3) WalletCreated @ Sepolia block 11130388; wallet PKH 0xa8abdbaa…
SR-2 (30-op, groupSize=100) PARTIAL 100/100 announcement quorum + keygen; on-chain timeout (4-vCPU droplet)
SR-3 Deposit + mint WAIVED Out of smoke scope
SR-4 SPV deposit sweep proof PASS Live path: reveal → operator sweep (123c75b8…) → submitDepositSweepProof 0x0d5de901… @ block 11136453 (status=1)
SR-5 Rollback PASS Revert to prior image; mesh recovered in ~3 min

Baseline replay: prior image sepolia-dev-forklev-btcdiff-idle-flag vs candidate — no mesh/metrics/rollback regression; candidate proves new crypto + live SPV.


Docker image

docker build --platform linux/amd64 -f Dockerfile --target runtime-docker \
  --build-arg ENVIRONMENT=sepolia \
  --build-arg VERSION=security-candidate-1 \
  --build-arg REVISION=dd2c87360 \
  -t keep-client:security-candidate-1 .

Important: default Dockerfile final stage (output-bins) is not runnable — use --target runtime-docker.


Operator upgrade checklist

  1. Build/pull image for all operators in the same ceremony.
  2. Rebuild config from current samples (metrics opt-in, no bootstrap flag).
  3. Start nodes; verify peer mesh (connected_wellknown_peers_count).
  4. SPV maintainer: ensure LightRelayMaintainerProxy.authorize + authorizeSpvMaintainer after fresh deploy; fund maintainer gas for btcdiff catch-up.
  5. Observe first DKG/signing on new build before mainnet rollout.

Rollback: revert image tag when chain/ceremony is idle only.


Review focus

  • Epic merge completeness vs keep-core-security#41 CHANGELOG
  • tss-lib pin 86bd1a3 matches intended release
  • libp2p fix(libp2p): bound Keep authentication handshake with SetDeadline #4008 preserved; epic transport changes not regressed
  • SPV getProofInfo DIFF1 logic matches Bridge
  • Breaking-change docs / operator samples consistent (metrics opt-in, session IDs)
  • CI green on this branch

Related


Test plan

  • CI / go test on changed packages
  • Spot-check CHANGELOG [Unreleased] vs epic
  • Confirm coordinated-upgrade callout in operator docs
  • (Optional) Re-run Sepolia SR-1/SR-2/SR-4 on fresh image after merge

mswilkison and others added 30 commits May 4, 2026 18:41
- Remove stale comment in KeepRandomBeaconOperator that incorrectly
  described the gas cap as a protection against compromised service
  contracts; the require now enforces success instead
- Add missing enabled-path test for clientinfo.Initialize
- Add breaking-change callout to docs warning operators that the metrics
  server is now opt-in (port 0 by default)
… default

Closes residual references to port 9601 as a default in operator-facing
samples and docs so operators copying the canonical configs do not silently
re-enable the now-disabled-by-default metrics/diagnostics HTTP server.

- configs/config.toml.SAMPLE: comment the [clientInfo] section and
  Port = 9601 with an inline note that the section is opt-in.
- docs/resources/client-start-help: regenerate the help capture to
  "Disabled by default." matching the new flag default in cmd/flags.go.
- docs/resources/docker-start-{mainnet,testnet}-sample: drop the
  -p 9601:9601 host-port mapping that re-exposed the diagnostics port.
- docs-v1/run-random-beacon.adoc, bundle-guide.adoc: replace literal
  localhost:9601 example with a configurable-port placeholder.

Also resolves the docs/run-keep-node.adoc contradiction with the new
trusted-network guidance: the Ports section instructed operators to
expose the Diagnostics Port publicly for Rewards Allocation, which
conflicts with the Client Info section's "trusted network only"
requirement. Rewritten to require a trusted network path and added a
cross-reference to the Client Info section.

Adds infrastructure/kube/keep-dev/eth-tx-rpc-ws-networkpolicy.yaml
restricting ingress to the dev geth StatefulSet (8545/8546) to
in-namespace pods, defense-in-depth against future cross-namespace
exposure given the StatefulSet binds 0.0.0.0 with --rpcvhosts=* and
--wsorigins=*.
Adds security/ directory with structured analysis for external
pentesters covering the keep-core Go client and Solidity contracts.

Files:
- security/README.md: index, scope, and quick orientation
- security/architecture.md: components, trust boundaries, actor roles
- security/attack-surface.md: P2P, chain events, RPC, key ingestion, CLI
- security/critical-paths.md: DKG, signing, beacon, tBTC minting/redemption
- security/crypto-review.md: primitives, custom constructions, flagged issues
- security/smart-contracts.md: contract inventory, proxies, privilege functions
- security/threat-model.md: assets, threat actors, STRIDE mapping

Also adds a security/ callout to the directory structure in README.adoc.
- Add 15 individual finding files (F-01 through F-15) covering Critical,
  High, Medium, and Low/Informational severity issues
- Add 4 detailed strix vuln reports (vuln-0001 through vuln-0004) with
  PoC scripts and exploit walkthroughs
- Add vulnerabilities.csv summary
- Add .envrc and .envrc.* to .gitignore
- Merge strix vuln reports into the analyst-written findings
- Promote F-07/vuln-0004 (WalletRegistry upgrade) to High (CVSS 8.2,
  confirmed exploit) and renumber as F-05
- Promote F-12/vuln-0002 (unauthenticated metrics) to Medium (CVSS 5.3)
  with full technical detail absorbed from strix report
- Add F-13 (tBTC dedup race, TOCTOU, CVSS 6.5) and F-14 (legacy beacon
  reward withdrawal, CVSS 5.3) from strix unique findings
- Drop vulnerabilities.csv (redundant with individual files)
Each finding now has a ## Verification section with:
- STATUS: CONFIRMED / REQUIRES_EXTERNAL_REVIEW
- Evidence from actual source code at the referenced location
- Notes on mitigations, intent, or caveats where relevant

16/17 CONFIRMED. F-10 (encryption.Box) requires review of the
threshold-network/keep-common fork which is not in this repo.
F-04: marked Invalid -- tss-lib fork is a known internal fork, not
unreviewed third-party code.

F-05: updated to Valid/Mitigated by Design -- intentional bytecode
tradeoff documented in-code as Audit ISSUE #2; onlyGovernance cannot
be used due to ProxyAdmin call-chain; reinitializer(2) + atomic
upgradeToAndCall + Timelock provide equivalent protection.
F-02: correct timing claim -- counter-based approach bounds but does not
normalize timing (loop exits on first valid point)

F-03: note test helper fix (nil info -> labeled) and new regression test
TestEcdhNilInfoDiffersFromLabeled in symmetric_key_test.go

F-05: mark as known issue, link tracking issue
tlabs-xyz/keep-core-security#6
dorny/paths-filter@v2 calls the GitHub API to list changed PR files.
The GITHUB_TOKEN default scope was tightened; explicit permission is
required to avoid 'Resource not accessible by integration' errors.
- architecture.md: fix cache-expiry wording (negative -> positive) and
  add language tags / blank lines around tables for markdownlint
- attack-surface.md: correct V3 keystore wrong-password behavior
  (returns ErrDecrypt via MAC check, not silent wrong key material);
  add language tag to BroadcastNetworkMessage block
- F-04: align severity formatting with other invalidated findings
- F-05: restructure Remediation so the onlyGovernance diff is framed
  as why the obvious fix fails (msg.sender is ProxyAdmin under
  upgradeToAndCall); operational controls listed as primary mitigation
- F-06: reword description so it does not contradict the on-chain
  safety-net conclusion
- F-07: canonicalize on approveResult() (matches the cited library
  location); add challengeResult range to Verified-against
- F-09: label pre-fix narrative explicitly; note callback execution
  now runs under the reentrancy guard
- F-12: add CVSS v3.1 vector strings for original (5.3) and revised
  (3.1) scores; revised vector arithmetically matches 3.1
- F-14: add verification date and reproduction hint for the
  TokenStakingEscrow zero-balance claim
… bounded counter-based approach

G1HashToPoint previously used try-and-increment (compute SHA-256(m), then
increment x until a quadratic residue is found). Iteration count varied
with the hash output, creating a measurable timing side channel.

Replace with a counter-based hash-and-try: SHA-256(m || counter) for
counter 0..63. Each attempt does identical work (one SHA-256 + one
modular sqrt), bounding and normalising timing. Failure probability is
(1/2)^64 ≈ 5e-20.

NOTE: this changes the output of G1HashToPoint for the same input.
Deployment requires a coordinated network upgrade.

Follow-up: implement constant-time RFC 9380 SWU.
See: tlabs-xyz/keep-core-security#4

Adds three determinism, distinctness, and on-curve validity tests.

Closes: F-02 (partial -- bounded, not constant-time)
piotr-roslaniec and others added 18 commits June 17, 2026 11:08
…twork-tss-lib-digest' into epic-consolidation
…cal-networks-config-0.x-lockfile' into epic-consolidation
…o epic-consolidation

# Conflicts:
#	CHANGELOG.md
#	go.mod
#	go.sum
Integration fix: threshold-network#38's signing harness used message.Text(16) as the session ID,
which is <16 bytes for small test messages. Combined with the hardened tss-lib
session-nonce enforcement landed in #8, this panicked ("session ID must be at
least 16 bytes"). Prefix the ID with a fixed label so it always clears the floor
while preserving per-message uniqueness and cross-member agreement.
…erials' into epic-consolidation

# Conflicts:
#	CHANGELOG.md
…in epic

Combine the per-PR Keep a Changelog entries (threshold-network#36, threshold-network#37, threshold-network#34, threshold-network#38, threshold-network#39, threshold-network#40, #8,
#2, threshold-network#14) into shared Added/Changed/Fixed/Security sections under [Unreleased].
…from epic

The threshold-network#26 lockfile refresh floated @ethersproject/abi from 5.4.1 to 5.8.0
(via hardhat-etherscan@3.1.8's ^5.1.2 range). The newer ABI coder decodes
uint256[] event args into BigNumbers that fail the chai deep-equal in
random-beacon test/utils/dkg.ts against the pinned-ethers expected values,
deterministically failing 15 'RandomBeacon - Group Creation' tests.

hardhat-etherscan is a deploy/verify-only plugin with no functional value
for this security consolidation; exclude threshold-network#26 like the other broken bumps
(threshold-network#20/threshold-network#21/threshold-network#22). This restores solidity/random-beacon/yarn.lock to pre-threshold-network#26.
Merge tlabs-xyz/keep-core-security @ epic-consolidation (ac63328) onto
threshold-network/main for security-release/candidate-1.

Conflict resolution:
- Keep main's libp2p handshake deadline (threshold-network#4008) in transport.go
- Take epic hardening for bitcoin/spv/tbtc/tecdsa paths
- Retain main's removal of legacy solidity-v1/dashboard and token-stakedrop
- tss-lib pin: 86bd1a375cc0

Co-authored-by: Cursor <cursoragent@cursor.com>
getProofInfo assumed every proof header carries the relay epoch difficulty,
so with txProofDifficultyFactor=1 it assembled single-header proofs. On
testnet4 (BIP94), sweeps mined in minimum-difficulty blocks produced proofs
containing only a DIFF1 header, which the Bridge rejects with "Not at
current or previous difficulty".

Mirror the Bridge's BitcoinTx logic instead: skip leading DIFF1 headers
when both relay epochs are above minimum, bind the requested difficulty to
the first decisive header matching the relay's current or previous epoch
difficulty, and accumulate headers until their total observed difficulty
covers requestedDifficulty * txProofDifficultyFactor.
Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown

Important

Review skipped

Too many files!

This PR contains 177 files, which is 27 over the limit of 150.

To get a review, narrow the scope:
• coderabbit review --type committed # exclude uncommitted changes
• coderabbit review --dir # limit to a subdirectory
• coderabbit review --base # compare against a closer base

Upgrade to a paid plan to raise the limit.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 18265c7a-bde7-45c8-b0f0-d5cbfbd86145

📥 Commits

Reviewing files that changed from the base of the PR and between 4137b34 and 0224fdb.

⛔ Files ignored due to path filters (2)
  • go.sum is excluded by !**/*.sum
  • solidity/ecdsa/.yarn/install-state.gz is excluded by !**/.yarn/**, !**/*.gz
📒 Files selected for processing (177)
  • .clusterfuzzlite/Dockerfile
  • .clusterfuzzlite/README.md
  • .clusterfuzzlite/build.sh
  • .clusterfuzzlite/check_targets.sh
  • .clusterfuzzlite/project.yaml
  • .dockerignore
  • .github/workflows/cflite_batch.yml
  • .github/workflows/cflite_pr.yml
  • .github/workflows/client.yml
  • .github/workflows/contracts-ecdsa-docs.yml
  • .github/workflows/contracts-random-beacon-docs.yml
  • .gitignore
  • .golangci-ruleguard.rules.go
  • .golangci.yml
  • .ubsignore
  • CHANGELOG.md
  • Dockerfile
  • README.adoc
  • SECURITY-BREAKING-CHANGES.md
  • cmd/flags.go
  • cmd/flags_test.go
  • configs/config.toml.SAMPLE
  • docs-v1/run-random-beacon.adoc
  • docs/performance-metrics.adoc
  • docs/resources/client-start-help
  • docs/resources/docker-start-mainnet-sample
  • docs/resources/docker-start-testnet-sample
  • docs/run-keep-node.adoc
  • go.mod
  • infrastructure/eth-networks/private-testnet/bundles/bundle-guide.adoc
  • infrastructure/kube/keep-dev/eth-miner-ropsten-statefulset.yaml
  • infrastructure/kube/keep-dev/eth-tx-ropsten-rpc-ws-service.yaml
  • infrastructure/kube/keep-dev/eth-tx-ropsten-statefulset.yaml
  • infrastructure/kube/keep-dev/eth-tx-rpc-ws-networkpolicy.yaml
  • infrastructure/kube/keep-prd/monitoring/monitoring-ingress.yaml
  • keep-core-release/threshold-network/keep-common/16.md
  • keep-core-release/threshold-network/keep-common/17.md
  • keep-core-release/threshold-network/keep-core/3945.md
  • keep-core-release/threshold-network/keep-core/3948.md
  • keep-core-release/threshold-network/keep-core/3952.md
  • keep-core-release/threshold-network/tss-lib/4.md
  • keep-core-release/threshold-network/tss-lib/5.md
  • keep-core-release/threshold-network/tss-lib/6.md
  • keep-core-release/tlabs-xyz/keep-core-security/10.md
  • keep-core-release/tlabs-xyz/keep-core-security/11.md
  • keep-core-release/tlabs-xyz/keep-core-security/13.md
  • keep-core-release/tlabs-xyz/keep-core-security/2.md
  • keep-core-release/tlabs-xyz/keep-core-security/8.md
  • keep-core-release/tlabs-xyz/keep-core-security/9.md
  • pkg/altbn128/altbn128.go
  • pkg/altbn128/altbn128_test.go
  • pkg/beacon/dkg/result/fuzz_test.go
  • pkg/beacon/entry/fuzz_test.go
  • pkg/beacon/event/deduplicator.go
  • pkg/beacon/event/deduplicator_test.go
  • pkg/beacon/gjkr/byzantine_strategy_integration_test.go
  • pkg/beacon/gjkr/export_test.go
  • pkg/beacon/gjkr/fuzz_test.go
  • pkg/beacon/gjkr/integration_test.go
  • pkg/beacon/gjkr/message_test.go
  • pkg/beacon/gjkr/protocol.go
  • pkg/beacon/gjkr/protocol_ecdh_info_test.go
  • pkg/beacon/gjkr/protocol_ecdh_test.go
  • pkg/beacon/gjkr/protocol_nilguard_test.go
  • pkg/bitcoin/block.go
  • pkg/bitcoin/block_test.go
  • pkg/bitcoin/electrum/electrum.go
  • pkg/bitcoin/fuzz_test.go
  • pkg/bitcoin/testdata/fuzz/FuzzTransactionDeserialize/73d4d7631f5b3691
  • pkg/bitcoin/testdata/fuzz/FuzzTransactionDeserialize/ed2e47109acbcdc8
  • pkg/bitcoin/transaction.go
  • pkg/bitcoin/transaction_bounds_test.go
  • pkg/bitcoin/transaction_builder.go
  • pkg/bitcoin/transaction_builder_test.go
  • pkg/chain/ethereum/tbtc.go
  • pkg/chain/ethereum/tbtc_redemption_event_property_test.go
  • pkg/chain/ethereum/tbtc_redemption_event_test.go
  • pkg/clientinfo/clientinfo_test.go
  • pkg/crypto/ephemeral/full_ecdh_test.go
  • pkg/crypto/ephemeral/symmetric_key.go
  • pkg/crypto/ephemeral/symmetric_key_test.go
  • pkg/internal/byzantine/strategy.go
  • pkg/internal/byzantine/strategy_test.go
  • pkg/internal/dkgtest/assertions.go
  • pkg/internal/dkgtest/capturing_logger.go
  • pkg/internal/dkgtest/capturing_logger_test.go
  • pkg/internal/dkgtest/determinism_probe_test.go
  • pkg/internal/dkgtest/dkgtest.go
  • pkg/internal/interception/interception.go
  • pkg/internal/interception/strategy_test.go
  • pkg/internal/signingtest/assertions.go
  • pkg/internal/signingtest/signingtest.go
  • pkg/maintainer/spv/bitcoin_chain_test.go
  • pkg/maintainer/spv/deposit_sweep.go
  • pkg/maintainer/spv/moved_funds_sweep.go
  • pkg/maintainer/spv/moving_funds.go
  • pkg/maintainer/spv/oob_regression_test.go
  • pkg/maintainer/spv/redemptions.go
  • pkg/maintainer/spv/spv.go
  • pkg/maintainer/spv/spv_test.go
  • pkg/net/libp2p/authenticated_connection.go
  • pkg/net/libp2p/bootstrap_test.go
  • pkg/net/libp2p/fuzz_test.go
  • pkg/net/libp2p/libp2p.go
  • pkg/net/retransmission/retransmission_test.go
  • pkg/net/retransmission/ticker.go
  • pkg/net/retransmission/ticker_test.go
  • pkg/net/security/handshake/fuzz_test.go
  • pkg/protocol/announcer/fuzz_test.go
  • pkg/protocol/group/group.go
  • pkg/protocol/group/member_index_test.go
  • pkg/protocol/inactivity/fuzz_test.go
  • pkg/tbtc/coordination_byzantine_test.go
  • pkg/tbtc/deduplicator.go
  • pkg/tbtc/deduplicator_test.go
  • pkg/tbtc/dkg.go
  • pkg/tbtc/dkg_loop.go
  • pkg/tbtc/dkg_loop_test.go
  • pkg/tbtc/fuzz_test.go
  • pkg/tbtc/moved_funds_sweep.go
  • pkg/tbtc/signing.go
  • pkg/tbtc/signing_done.go
  • pkg/tbtc/signing_loop.go
  • pkg/tbtc/signing_loop_test.go
  • pkg/tbtc/wallet.go
  • pkg/tbtc/wallet_test.go
  • pkg/tecdsa/dkg/fuzz_test.go
  • pkg/tecdsa/dkg/member.go
  • pkg/tecdsa/dkg/protocol.go
  • pkg/tecdsa/dkg/protocol_ecdh_info_test.go
  • pkg/tecdsa/dkg/protocol_test.go
  • pkg/tecdsa/retry/retry_property_test.go
  • pkg/tecdsa/signing/fuzz_test.go
  • pkg/tecdsa/signing/integration_test.go
  • pkg/tecdsa/signing/member.go
  • pkg/tecdsa/signing/protocol.go
  • pkg/tecdsa/signing/protocol_ecdh_info_test.go
  • pkg/tecdsa/signing/protocol_test.go
  • renovate.json
  • security/README.md
  • security/architecture.md
  • security/attack-surface.md
  • security/critical-paths.md
  • security/crypto-review.md
  • security/findings/F-01.md
  • security/findings/F-02.md
  • security/findings/F-03.md
  • security/findings/F-04.md
  • security/findings/F-05.md
  • security/findings/F-06.md
  • security/findings/F-07.md
  • security/findings/F-08.md
  • security/findings/F-09.md
  • security/findings/F-10.md
  • security/findings/F-11.md
  • security/findings/F-12.md
  • security/findings/F-13.md
  • security/findings/F-14.md
  • security/findings/F-15.md
  • security/findings/F-16.md
  • security/findings/F-17.md
  • security/smart-contracts.md
  • security/threat-model.md
  • solidity-v1/contracts/KeepRandomBeaconOperator.sol
  • solidity-v1/contracts/KeepRandomBeaconServiceImplV1.sol
  • solidity-v1/contracts/stubs/RelayEntryServiceStub.sol
  • solidity-v1/test/random_beacon_operator/TestRelayEntryTimeout.js
  • solidity-v1/test/random_beacon_service/TestSelectOperator.js
  • solidity/random-beacon/contracts/RandomBeacon.sol
  • solidity/random-beacon/contracts/RandomBeaconGovernance.sol
  • solidity/random-beacon/contracts/test/ReentrantBeaconConsumer.sol
  • solidity/random-beacon/hardhat.config.ts
  • solidity/random-beacon/test/RandomBeacon.Reentrancy.test.ts
  • solidity/random-beacon/test/RandomBeacon.StorageLayout.test.ts
  • solidity/random-beacon/test/RandomBeaconGovernance.test.ts
  • solidity/random-beacon/test/fixtures/index.ts
  • tools.go

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@lionakhnazarov lionakhnazarov marked this pull request as ready for review June 30, 2026 18:26
The getScript refactor onto Transaction.OutputAt changed the out-of-range
error wording to "output index [N] is out of range ...", but this test still
expected the pre-refactor wording, leaving the pkg/bitcoin package red at the
release head. Align the expected substring so the suite builds green.
BlockHeader.Difficulty divided the maximum target by the header target without
guarding a zero target. A malformed zero-mantissa Bits field, reachable from
attacker-supplied headers on the SPV proof walk, made the division panic. Return
zero difficulty for a non-positive target so such a header contributes nothing
and fails downstream proof-difficulty checks gracefully instead of panicking.
NotifyDKGStarted performed a separate Has() check followed by Add(), so two
goroutines racing on the same seed could both observe it as absent and both
proceed, admitting a duplicate DKG execution. Use the mutex-serialized cache
Add, which returns true only for the first inserter, mirroring the tbtc event
deduplicator, to close the time-of-check-to-time-of-use race.
…elay update

finalizeAuthorizationDecreaseDelayUpdate destructured authorizationParameters()
into the wrong tuple position: it bound the returned authorization decrease
delay into the change-period variable and discarded the actual change period,
then wrote that value back, overwriting the stored change period with the old
delay on finalize. Skip the delay position and bind the change period, mirroring
the sibling change-period finalizer. The delay-finalize test used equal values
and so could not detect the swap; it now uses a distinct change period and
asserts the change period is preserved.
…ader-cap comment

The DIFF1 rewrite replaced epoch-length arithmetic with a forward walk over
actual header difficulties, leaving difficultyEpochLength unused and tripping the
staticcheck CI job. Remove it, and correct the maxProofHeaders comment, which
described the beyond-cap outcome as merely deferred when the walk is anchored to
the transaction's block and the skip is permanent absent a reorg.
…rade requirement

Document that the counter-based G1HashToPoint also diverges permanently from the
immutable on-chain g1HashToPoint (the verifyBytes / reportUnauthorizedSigning
path), which no in-repo code calls, so the operational consumer is the off-chain
GJKR Pedersen H generator. Make the flag-day requirement explicit: the breaking
key-derivation, session-ID, and hash-to-point changes have no version gate, so a
ceremony's whole node set must upgrade atomically. Note the clientInfo metrics
port default change from 9601 to 0. Correct the altbn128 test comment that
claimed G1HashToPoint participates in relay-entry signing; it does not.
lionakhnazarov and others added 2 commits July 3, 2026 15:23
…wups

fix: review follow-ups for security-release/candidate-1 (CI unblock + verified fixes)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants