Skip to content

fix(simulator): add genesis wallet documentation and fix logger name#3

Merged
8lecramm merged 2 commits into
DEROFDN:community-devfrom
moralpriest:fix/simulator-genesis-docs
Feb 5, 2026
Merged

fix(simulator): add genesis wallet documentation and fix logger name#3
8lecramm merged 2 commits into
DEROFDN:community-devfrom
moralpriest:fix/simulator-genesis-docs

Conversation

@moralpriest

Copy link
Copy Markdown

Description

This PR adds documentation to the simulator CLI output to help developers understand and access the genesis wallet.

Problem:
When running the simulator in mainnet mode (default), users couldn't easily identify:

  • Which wallet has funds (genesis wallet with ~1.12 DERO)
  • How to restore the genesis wallet using dero-wallet-cli
  • Why other wallets only have 0.002 DERO (registration bonus only in mainnet)

Solution:

  • Changed logger name from 'derod' to 'simulator' for clarity
  • Added genesis wallet display showing:
    • Full address for reference
    • Hex seed for restoration
    • Status with balance information
    • Complete restore command example

This helps developers understand the simulator's wallet setup and access the funded genesis wallet to perform transfers and tests.

Type of change:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • This will require a HardFork to be enabled

Which part is impacted:

  • Wallet
  • Daemon
  • Miner
  • Explorer
  • Simulator
  • Misc (documentation, comments, text...)

Checklist:

  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • My changes generate no new warnings

License:
I am contributing & releasing the code under DERO Research License.

- Changed logger name from 'derod' to 'simulator' for clarity
- Added genesis wallet address, seed, and restore command display
- Helps developers access the funded genesis wallet (~1.12 DERO)
- Other 22 wallets only get 0.002 DERO registration bonus in mainnet

The genesis wallet is the only one with significant funds in mainnet
simulator mode since the premine list is skipped for mainnet.
@moralpriest moralpriest force-pushed the fix/simulator-genesis-docs branch from 9b5a9a4 to 5ab061f Compare February 4, 2026 14:46
@8lecramm 8lecramm self-assigned this Feb 5, 2026
@8lecramm 8lecramm merged commit 7acb5ee into DEROFDN:community-dev Feb 5, 2026
@moralpriest moralpriest deleted the fix/simulator-genesis-docs branch February 5, 2026 15:40
DHEBP added a commit to DHEBP/derohe that referenced this pull request Jun 24, 2026
…l scrub test

Addresses the DEROFDN#21 six-perspective review:

- Self-send sites set SenderVerified=true + RingSize (both decode arms): a
  wallet-authored tx has a certain sender at any ring size, so a contract-
  following consumer no longer distrusts the user's own sends. (review DEROFDN#2)
- Add Test_Attribution_Scrub_Behavior: drives the real receiver decode on a
  sim chain and asserts the scrub effect (ring2 keeps Sender+Data[0]; ring>2
  blanks Sender + zeroes Data[0]). Rebuilds until the receiver lands in a
  non-zero ring slot so the Data[0]==0 assertion has teeth. Mutation-checked.
  The source-grep guard is kept as a tripwire. (review DEROFDN#3)
- Document the (RingSize, SenderVerified, Sender) renderer truth table on the
  field; drop the redundant exported_payload[:] slice. (review DEROFDN#6, DEROFDN#9)

The <=->< bounds guard is sufficient: rpc.NewAddress panics on an
undecompressable ring key before the Publickeylist rebuild, so
len(Publickeylist)==RingSize holds and the index cannot go out of range. (review #1)
DHEBP added a commit to DHEBP/derohe that referenced this pull request Jun 24, 2026
…anon

Addresses the DEROFDN#22 review:

- curatedRingCandidates canonicalizes the sender, recipient, and every
  preferred decoy to its base address before the distinctness/dedup checks,
  and the ring carries the base form. A ring member is identified by its
  pubkey, not its address string, so an integrated/payment-id encoding of an
  account already in the ring (sender, recipient, or another decoy) no longer
  slips the string-keyed checks and lands a duplicate pubkey that consensus
  rejects AFTER signing. Test_CuratedRing_AltEncoding_NoDuplicate_A2 covers
  recipient / sender / decoy-vs-decoy / cross-network, each mutation-proven. (review #1)
- Anonymous attribution now fails closed at ring size < 4 (no decoy slot)
  instead of silently falling through to honest attribution. (review DEROFDN#8)
- Port the unverified-attribution export scrub + self-send flag into the decode
  arms (this stack predates it); behavioral scrub test + an honest-byte guard
  that asserts honest mode writes the receiver slot (closes the grep guard's
  reassignment blind spot). (review DEROFDN#3, DEROFDN#9)

The bounds guard is sufficient for the same reason as DEROFDN#21: bad ring keys panic
at NewAddress before the Publickeylist rebuild, so len==RingSize. (review DEROFDN#4)
DHEBP added a commit to DHEBP/derohe that referenced this pull request Jun 25, 2026
…s (review DEROFDN#13/DEROFDN#14/DEROFDN#15)

Addresses Dirtybird99's re-review of DEROFDN#22:

- DEROFDN#13 (correctness): curated-decoy distinctness was string-keyed, so a deroproof
  (Proof-flag) encoding of an in-ring account rendered a distinct base string and
  slipped the dedup, landing a duplicate pubkey that consensus rejects after the
  user signs. Key the dedup on the raw 33-byte pubkey
  (hex(addr.PublicKey.EncodeCompressed())) — the identity consensus dedups on — so
  Mainnet, Proof, and integrated axes all collapse to one key; clear Proof on the
  emitted base so a deroproof-supplied decoy resolves to a registered base address.
  Removes the now-dead caller-side recipient Mainnet pin (was only needed to keep
  the string canon in lockstep). New deroproof-decoy-alt vector mutation-proves it
  (revert canon.Proof=false -> RED "axis is OPEN").

- DEROFDN#14 (maintainability): the unverified-attribution scrub and the self-authored
  trust block were copy-pasted across the CBOR/CBOR_V2 decode arms; a future
  one-arm edit could silently reopen the DEROFDN#3 sender-deanonymization leak. Factor
  scrubExportedPayload() + markSelfAuthored() as the single source of truth, called
  from every arm. Byte-identical behavior; scrub behavioral test unchanged + green.

- DEROFDN#15 (test): wgenesis reused the receiver's temp DB; give it its own path + cleanup.

Build + vet clean. Alt-encoding suite (6 vectors incl. 2 deroproof) and scrub
behavioral test green (no -race per the pre-existing sim-daemon flake). Pre-existing
flaky sim tests (Test_Creation_TX_morecheck, Test_Payload_TX) fail on the unmodified
DEROFDN#22 head too — unrelated to this change.
DHEBP added a commit to DHEBP/derohe that referenced this pull request Jul 2, 2026
…ecoy-probe failures (review DEROFDN#2/DEROFDN#3)

DEROFDN#2 — at ring 2 the assembly loop ("for ringsize != 2") never runs, so
curatedRingCandidates — the only decoy validator — is never invoked:
Strict garbage decoys built and could broadcast while the identical input
at ring 4 hard-errors. Fixed with a fail-closed guard beside the anon
ring-2 guard (after effective-ringsize resolution — the wallet default
can legally be 2 — and before any daemon call, so it validates offline).
Strict-only: lenient has no ring-2/ring-4 asymmetry, and its documented
silent-drop contract is load-bearing for the DEROFDN#23 CLI (Strict:false,
ambient session decoys, any ring size). Lenient ring-2 drops feed the
funnel below.

DEROFDN#3 — the registration probe treated EVERY failure as "decoy invalid":
for a decoy address the daemon's "Account Unregistered" verdict and a
transport failure return as the same opaque error (the unregistered
special-cases require self or non-zero SCID), so a transient blip in
lenient mode silently stripped all curation — the user signed a fully
random ring believing it curated. Probe errors are now classified via
isUnregisteredError (the repo's existing detection idiom): unregistered
verdict -> unchanged (Strict errors, lenient skips); any other failure ->
hard error in BOTH modes ("could not verify … — retry the send"). No
in-probe retry (Keep_Connectivity heals on ~5s; retry belongs at the send
layer). A daemon that rewords the verdict fails closed. Strict's
transient-failure message changes from "not registered" to "could not
verify" (nothing pinned the old text).

O9, same surface — decoy slot capacity: a ring holds at most ringsize-2
curated decoys, but nothing checked the supplied count: valid decoys
beyond capacity were probed, then silently never placed. Strict
over-supply is now a hard error (pre-guarded on the supplied count before
any RPC, re-checked in the validator); lenient surplus drops through the
funnel with a "no decoy slot left" record. Lenient ring-2 gets the same
upgrade, so the former log-only residual now gets the default-verbosity
summary. The guard caught an in-repo instance: the A2 finalization
fixture supplied 8 Strict decoys at ring 8; two validated and were never
placed — it now supplies exactly ring-2.

Two hardenings on the same surface:

- Lenient drops are never invisible: all four drop reasons (unparseable /
  own address / duplicate / unregistered verdict) funnel through one
  recorder — a per-decoy V(1) log and a default-verbosity reduced-curation
  summary before signing. Recording only the daemon-verdict class would
  keep the bug alive for the wallet-side classes (an all-duplicate ambient
  list from the hardcoded-lenient DEROFDN#23 CLI signs a random ring with zero
  signal on a healthy chain). TRUST NOTE on RingPreference: a malicious
  daemon can still veto lenient curation by lying "unregistered" —
  visible, not preventable wallet-side (it already controls random member
  selection); Strict is the fail-closed mode.

- Probe cost bounded and flat: registration verdicts are memoized per
  build (canonical-base-address key, shared by both call sites) — one
  probe per distinct decoy per build instead of O(decoys) per pass under
  transfer_mutex. Sound: registration is permanent; a stale unregistered
  verdict only defers the decoy to the next send. PreferredDecoys is
  capped at 256 (2x max ringsize) — hard error in both modes; list length
  is caller cost, not decoy quality.

Tests, each red pre-fix: curated_ring2_guard_test (offline: Strict
garbage at ring 2 passed every validation pre-fix);
curated_probe_classification_test (sim; client websocket killed so
IsDaemonOnline() stays true and the failure lands inside the probe's RPC
— pre-fix lenient returned curated=0, err=nil); curated_slot_cap_test
(offline, memo-seeded: lenient surplus records, Strict surplus errors at
guard and validator); curated_drop_signal_test (offline: all three
wallet-side drops recorded with reasons, no double-count across passes,
Strict records nothing); rpc_call_timeout_test gains the classification
leg (a hung daemon's probe deadline -> "could not verify", never a silent
drop). Keep_Connectivity deliberately not started in the probe test (no
quit path). RingPreference / curatedRingCandidates docs updated where the
fixes falsified them.

Test_Payload_TX / Test_Creation_TX_morecheck fail identically at base
(pre-existing), as does attribution_self_behavior_test.go's gofmt drift.
DHEBP added a commit to DHEBP/derohe that referenced this pull request Jul 2, 2026
… review DEROFDN#3

A registration probe that FAILS (daemon/transport fault — no verdict) now
hard-errors the build even under Strict:false (engine review DEROFDN#3 fix), so
the two comments pinning lenient silent-drop needed the caveat: silent
skip applies only to the daemon's unregistered verdict.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants