fix(dpp): reduce max_shielded_transition_actions from 100 to 16 (#3411)#3498
Merged
QuantumExplorer merged 3 commits intov3.1-devfrom Apr 21, 2026
Merged
fix(dpp): reduce max_shielded_transition_actions from 100 to 16 (#3411)#3498QuantumExplorer merged 3 commits intov3.1-devfrom
QuantumExplorer merged 3 commits intov3.1-devfrom
Conversation
The previous limit of 100 actions allowed state transitions up to ~46 KB, far exceeding the 20 KiB max_state_transition_size. Each SerializedAction is 408 bytes; at 16 actions the total is ~12 KB with comfortable margin. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
✅ Files skipped from review due to trivial changes (3)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughUpdated the Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Collaborator
|
⏳ Review in progress (commit 5de5f7a) |
Contributor
There was a problem hiding this comment.
Pull request overview
Reduces the maximum number of shielded Orchard actions permitted in shielded state transitions so transitions are rejected early with a deterministic consensus error rather than failing later due to state transition size limits.
Changes:
- Lowered
max_shielded_transition_actionsinSystemLimitsfrom 100 to 16 (with sizing rationale). - Updated the
TEST_PLATFORM_V2mock limits to match the new value. - Updated Drive ABCI shielded transition tests to exceed the new limit (17 actions) instead of the old one (101 actions), and refreshed related inline comments.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/rs-platform-version/src/version/system_limits/v1.rs | Decreases the consensus limit for shielded actions to 16 and documents the size math. |
| packages/rs-platform-version/src/version/mocks/v2_test.rs | Aligns the V2 test platform mock with the new shielded actions limit. |
| packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/unshield/tests.rs | Updates “too many actions” test to use 17 actions (over the new limit). |
| packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/shielded_withdrawal/tests.rs | Updates “too many actions” test to use 17 actions (over the new limit). |
| packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/shielded_transfer/tests.rs | Updates “too many actions” test to use 17 actions (over the new limit). |
| packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/shield_from_asset_lock/tests.rs | Updates “too many actions” test to use 17 actions (over the new limit). |
| packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/shield/tests.rs | Updates “too many actions” test to use 17 actions (over the new limit). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## v3.1-dev #3498 +/- ##
============================================
- Coverage 84.84% 84.83% -0.01%
============================================
Files 2476 2476
Lines 267915 267733 -182
============================================
- Hits 227303 227123 -180
+ Misses 40612 40610 -2
🚀 New features to boost your workflow:
|
…ests Replace the outdated "17 actions could exceed 20KB" explanation — per the sizing math documented alongside max_shielded_transition_actions=16, 17 actions is ~12KB, well under the 20 KiB state transition size cap. The real reason for calling validate_structure directly is to exercise the action-count check in isolation from the full processing pipeline. Addresses Copilot PR review on #3498.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
lklimek
added
the
ready for final review
QuantumExplorer
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue being fixed or feature implemented
Fixes #3411 — Shielded unshield rejected as "Tx too large" when spending many notes.
Related: #3399 (same root cause for asset lock transactions, fixed separately in #3491).
User Story
Imagine you are a user who has shielded credits in multiple small operations (e.g., 10× 0.1 DASH). When you try to unshield the full accumulated balance, the operation fails with a cryptic "Tx too large" error at the gRPC layer — leaving you wondering if your funds are stuck.
What was done?
Reduced
max_shielded_transition_actionsfrom 100 to 16 inSystemLimits.Why the old limit was wrong
Each
SerializedActionis 408 bytes (nullifier 32 + rk 32 + cmx 32 + encrypted_note 216 + cv_net 32 + spend_auth_sig 64). The bundle overhead (Halo 2 proof ~5,000 bytes, anchor 32, value_balance 8, flags 1, binding_sig 64, state transition envelope ~200) totals ~5,305 bytes.With the new limit, the validation layer (
validate_actions_count+ShieldedTooManyActionsError) rejects oversized transitions early with a clear error, instead of letting them hit the gRPC transport limit.Cross-reference: PR #3491 (asset locks)
PR #3491 separately limits asset lock transaction inputs to 100. That limit is correct for its context: each asset lock input is ~184 bytes, so 100 × 184 + 477 = 18,877 bytes (fits in 20 KiB with 8% margin). Different transaction type, different math, both correct.
How Has This Been Tested?
cargo test -p dpp --lib -- common_validation— 16 tests pass (existing validation tests)Breaking Changes
Consensus-breaking: Transitions with 17–100 actions that were previously accepted will now be rejected. This is intentional — such transitions would have been rejected at the gRPC transport layer anyway with "Tx too large".
Checklist:
🤖 Co-authored by Claudius the Magnificent AI Agent
Summary by CodeRabbit