Skip to content

fix(p2p): update testnet seed node addresses#6

Merged
8lecramm merged 1 commit into
DEROFDN:community-devfrom
moralpriest:fix/testnet-seed-addresses
Mar 5, 2026
Merged

fix(p2p): update testnet seed node addresses#6
8lecramm merged 1 commit into
DEROFDN:community-devfrom
moralpriest:fix/testnet-seed-addresses

Conversation

@moralpriest

@moralpriest moralpriest commented Mar 5, 2026

Copy link
Copy Markdown

Summary

  • replace unreachable legacy testnet seed 212.8.242.60:40401
  • add official testnet seeds 69.30.234.163:40401 and testnet.derofoundation.co:40401
  • keep change scoped to peer discovery config only (no consensus logic changes)

Forward-looking discovery improvements (separate follow-up work)

  1. Move from static IP seeds to DNS bootstrap records under derofoundation.org
    • e.g. bootstrap-testnet.derofoundation.org, bootstrap-mainnet.derofoundation.org
  2. Increase seed diversity (multiple operators/providers/regions + low TTL failover)
  3. Improve peer manager scoring/backoff/diversity to reduce repeated dead-end dialing
  4. Add signed bootstrap peer records (optional HTTPS/DNS-delivered)
  5. Long-term: evaluate DHT-based discovery to reduce seed dependency further

@moralpriest moralpriest force-pushed the fix/testnet-seed-addresses branch from d38006c to 418db0f Compare March 5, 2026 03:05
@moralpriest moralpriest changed the base branch from main to community-dev March 5, 2026 03:06
@8lecramm 8lecramm self-assigned this Mar 5, 2026
@8lecramm 8lecramm merged commit c525867 into DEROFDN:community-dev Mar 5, 2026
@moralpriest moralpriest deleted the fix/testnet-seed-addresses branch April 23, 2026 04:07
DHEBP added a commit to DHEBP/derohe that referenced this pull request Jun 24, 2026
…l scrub test

Addresses the DEROFDN#21 six-perspective review:

- Self-send sites set SenderVerified=true + RingSize (both decode arms): a
  wallet-authored tx has a certain sender at any ring size, so a contract-
  following consumer no longer distrusts the user's own sends. (review DEROFDN#2)
- Add Test_Attribution_Scrub_Behavior: drives the real receiver decode on a
  sim chain and asserts the scrub effect (ring2 keeps Sender+Data[0]; ring>2
  blanks Sender + zeroes Data[0]). Rebuilds until the receiver lands in a
  non-zero ring slot so the Data[0]==0 assertion has teeth. Mutation-checked.
  The source-grep guard is kept as a tripwire. (review DEROFDN#3)
- Document the (RingSize, SenderVerified, Sender) renderer truth table on the
  field; drop the redundant exported_payload[:] slice. (review DEROFDN#6, DEROFDN#9)

The <=->< bounds guard is sufficient: rpc.NewAddress panics on an
undecompressable ring key before the Publickeylist rebuild, so
len(Publickeylist)==RingSize holds and the index cannot go out of range. (review #1)
DHEBP added a commit to DHEBP/derohe that referenced this pull request Jul 2, 2026
…etroactive scrub (review #1/DEROFDN#4/DEROFDN#5/DEROFDN#6)

DEROFDN#6 — Entry.String() printed "Sender: %s" unconditionally: a scrubbed ring>2
transfer rendered a bare "Sender: " line that reads as a decode bug — the
exact "looks broken" outcome the design meant to avoid, contradicting the
truth table documented on SenderVerified in the same file. The Sender line
now follows the table: verified -> the address; scrubbed (no payload
error) -> "unknown (unverifiable, ring size N)"; decode failure -> a
distinct "unknown (payload decode failed)". Blast radius: two CLI debug
dumps (%+v in show_transfers error paths); JSON marshalling untouched.
Pinned by rpc/wallet_rpc_test.go (offline, sub-second): all three arms,
plus forbids the bare line and scrub/decode-failure conflation.

DEROFDN#4/DEROFDN#5 — the non-retroactive caveat lived only in commit 4e9de56's message.
Now in the docs consumers read: SenderVerified's doc comment states the
scrub is decode-time only (pre-upgrade entries keep their guessed Sender
and unscrubbed Data[0], served as-is by Get_Transfers; the guarantee holds
only for blocks decoded post-upgrade), the upgrade is one-way for the
privacy property, and pre-upgrade entries deserialize
SenderVerified=false, RingSize=0 — indistinguishable from a scrub without
re-decoding, so a migration MUST re-derive RingSize from chain data (a
read-path scrub keyed on persisted fields would wrongly blank the wallet's
own verified sends — why the rescan is a follow-up, not this commit).
RingSize's doc gains the "0 = pre-upgrade/unknown, not a real ring" note;
the GetTransfers handler doc points RPC consumers at the contract.

#1 hardening — both decode arms bounded sender_idx against
Statement.RingSize while indexing Statement.Publickeylist. Safe today
(len(Publickeylist)==RingSize holds at that point), but the guard now
bounds against the slice actually indexed, so it survives any future break
of that invariant.

Existing pins green: the scrub-behavior sim test and the source-grep guard
(its regexes key on the scrub lines, untouched here).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants