Skip to content

[equiv-check · DO NOT MERGE] trunk ≡ audit-fixes (0 files changed)#273

Closed
0xNilesh wants to merge 95 commits into
audit-fixesfrom
trunk
Closed

[equiv-check · DO NOT MERGE] trunk ≡ audit-fixes (0 files changed)#273
0xNilesh wants to merge 95 commits into
audit-fixesfrom
trunk

Conversation

@0xNilesh

@0xNilesh 0xNilesh commented Jul 9, 2026

Copy link
Copy Markdown
Member

Equivalence check only — do not merge.

trunk = branched from main, then audit-fixes merged in with the merge commit's tree set to exactly audit-fixes.

Because audit-fixes is now a parent (ancestor) of trunk, GitHub's three-dot diff collapses to tip-to-tip → 0 files changed, +0/−0.

  • trunk tree SHA == audit-fixes tree SHA = 20029218… (byte-identical content)
  • the ~95 commits listed are main's history + the merge commit; the net file diff is zero
  • merge-base(trunk, audit-fixes) == audit-fixes tip, which is why the diff is empty

Aman035 and others added 30 commits April 3, 2026 13:09
feat: execute payload deploys UEA if UEA has non-zero balance
feat: added dynamic gas limit changes in fund migration
* add: fund to transfer is req

* fix: sessionManager

* add: sessionManager stores the fund migration amount too

* add: pass fund migration for broadcasting
Mirrors release.yml for the puniversald binary. Triggers on tags
matching puniversald/v* (independent from chain releases on v*) and
supports manual dispatch. Builds linux/amd64, linux/arm64, and
darwin/arm64 with Apple signing + notarization.
puniversald links libgodkls (via universalClient/tss/dkls) but the
workspace-root cargo build skips the go-dkls crate. Mirror the Linux
build by entering wrapper/go-dkls and adding the hd-migration path
patch so the local garbling tree is used (no GitHub auth in cargo).
cd-ing into wrapper/go-dkls picks up a .cargo/config.toml that
injects `-Wl,-soname=...` (Linux-only ld flag) into every link
command — including build-script compiles — failing on macOS.
Use `cargo build -p go-dkls --release` from dkls23-rs root so the
wrapper config stays out of scope.
Drop the branch, commit_id, and compare_from inputs from both
pchaind and puniversald release workflows. The dispatch form now
shows just the version tag and pre-release toggle alongside the
built-in 'Use workflow from' branch dropdown.

Removed the resolve-ref steps (checkout uses github.ref by default)
and dropped commit_id plumbing from the tag-creation step (tags
HEAD of the dispatched branch). Changelog still auto-detects the
prior tag.
Companion to the previous dispatch-UI simplification. Removed the
COMMIT_REF plumbing but missed the git tag -a line that still
referenced the now-undefined variable, breaking workflow_dispatch.
Each pchaind release now publishes a ready-to-paste JSON payload
matching the format expected by `--upgrade-info` on a software-upgrade
governance proposal. URLs are constructed from the actual release tag
and the existing .sha256 companion files (single source of truth for
checksums), covering linux/amd64, linux/arm64, and darwin/arm64.
0xNilesh and others added 25 commits June 10, 2026 15:01
New gov software-upgrade 'security-audit-fixes' appended to the Upgrades slice
(main's existing handlers untouched). RunMigrations drives two state migrations:

- uexecutor v6 -> v7: PendingInbounds KeySet -> variant-aware Map reshape at
  prefix 2 (F-2026-16642). Legacy bare keys rewritten as PendingInboundEntry.
- uregistry v3 -> v4: re-key TokenConfigs under canonical (EIP-55) keys and
  backfill the PRC20 reverse index (F-2026-17022).

utss/uvalidator changes are additive (TransitionReason defaults, new msgs) so
their consensus versions are unchanged. Staking-hook wiring for F-16991 came in
via app/app.go with that commit. Reserved system-contract deploy (F-17025, 41
slots) intentionally deferred to fresh-genesis/mainnet.
v1.0 CallEVM added a gasCap *big.Int param after commit; the ported
balanceOf assertion used the v0.2.1 arg order.
…224)

* add: opts in svm rpc client

* add: pagination in GetSignaturesForAddress, fix: slot sig order issue

* chore: tc

(cherry picked from commit 35bd9b6)
* remove: initial config log

* fix: remove logging rpc url in pushcore

* refactor: pushsigner logger

* refactor: core logs, remove unnecessary info logs

* fix: common chain logs

* fix: push client logs

* fix: chains log refactor

* fix: tss logs

(cherry picked from commit a00e7d6)
* add: MaxFrameSize to p2p network

* refactor: move coordinator check up so malicious peer req are rejected sooner

* chore: fix tc

(cherry picked from commit 9524142)
… chain client is not attached

(cherry picked from commit 634e234)
…ecution success

* add: evm event confirmation check receipt status

* add: svm tx confirmation check err status

* chore: tc

(cherry picked from commit ed82cbe)
…RPC fails

* add: cache with staleness

* chore: tc

(cherry picked from commit 7d748bd)
…st retry storm after peer already migrated funds

* F-2026-16962 | fund migration vote races on balance re-query

Brings PR #209 (pushchain/push-chain-node) onto audit-fixes for audit
review.

The migration sweep amount is computed at signing time from the old
vault's balance, but the broadcast path was re-querying the balance —
racing with another validator's successful sweep would produce a
different sweep amount and a different signed tx hash.

- UnsignedSigningReq: add TSSFundMigrationAmount carried alongside Nonce
  from signing to broadcast (both are signing-time-decided values that
  must reach broadcast unchanged)
- EVM tx_builder: store maxTransfer in the signing request; broadcast
  reuses it verbatim instead of recomputing
- sessionmanager: persist and forward TSSFundMigrationAmount through
  the signing session
- txbroadcaster: pass the stored amount to the broadcast call

* add: tc

(cherry picked from commit 58ed01b)
…Tx not found” as reverted

* feat: added tss signing deadline in chainConfig and pendingOutboundEntry

* tests: added tests for deadline changes

* feat: added signingDeadline in OutboundCreated event

* fix: parse signatureDeadline

* fix: tx builder tss msg creation

* add: check for queryTime

* fix: add deadline check in broadcast

* fix: handle deadline = 0 , legacy tx

* fix: svm revert logic

* fix: tc

* fix: simulation tc

* fix: evm revert logic when tx is not found

* fix: log binding

* remove unused fn

* chore: tc

* fix: nonce handling + refactor

---------

Co-authored-by: Nilesh Gupta <guptanilesh2312@gmail.com>
(cherry picked from commit 78a44a4)
* refactor: return last error

* remove: best effort approach

* fix: tx builder

* feat: add rent reclaimer for orphan pdas

* revert: rpc fn

* fix: lazy handling in tx builder

* fix: add temp retires approach in svm

* skip svm chains in coordinator to prevent slowness from svm retires

* fix: orphan pda closure

* fix: txBuilder ref finalize account write status

* fix: tc

* fix: storeRefundRecipient

(cherry picked from commit 2882a17)
…tuck due to architecture (failure visibility limited to signer set)

* feat: added tss signing deadline in chainConfig and pendingOutboundEntry

* tests: added tests for deadline changes

* feat: added signingDeadline in OutboundCreated event

* fix: parse signatureDeadline

* fix: tx builder tss msg creation

* add: check for queryTime

* fix: add deadline check in broadcast

* fix: handle deadline = 0 , legacy tx

* fix: svm revert logic

* fix: tc

* fix: simulation tc

* fix: evm revert logic when tx is not found

* fix: log binding

* remove unused fn

* chore: tc

* fix: nonce handling + refactor

* route internal messages via sessionManager

* fix: log level

* remove: deprecated doc

* chore: fix formating

* fix: allow balance to be added to query for verification and avoiding query

* feat: add ack with sig & coordinator verification

* fix: msgHandler validation

* fix: add broadcasting and handling to increase set

* minor error logs + tc

* persist signature

* mark found tx as braodcasted

---------

Co-authored-by: Nilesh Gupta <guptanilesh2312@gmail.com>
(cherry picked from commit 83a0528)
…EVERT based on push chain state, not observed chain state and can result into false voting

* feat: added tss signing deadline in chainConfig and pendingOutboundEntry

* tests: added tests for deadline changes

* feat: added signingDeadline in OutboundCreated event

* fix: parse signatureDeadline

* fix: tx builder tss msg creation

* add: check for queryTime

* fix: add deadline check in broadcast

* fix: handle deadline = 0 , legacy tx

* fix: svm revert logic

* fix: tc

* fix: simulation tc

* fix: evm revert logic when tx is not found

* fix: log binding

* remove unused fn

* chore: tc

* fix: nonce handling + refactor

* route internal messages via sessionManager

* fix: log level

* remove: deprecated doc

* chore: fix formating

* fix: allow balance to be added to query for verification and avoiding query

* feat: add ack with sig & coordinator verification

* fix: msgHandler validation

* fix: add broadcasting and handling to increase set

* minor error logs + tc

* change to hard delete

* fix: attach eventCleaners to external chains

* removed artifical expiry and fixed sweeper

* fix: event cleaner closing

* fix: tc

---------

Co-authored-by: Nilesh Gupta <guptanilesh2312@gmail.com>
(cherry picked from commit 65b529a)
…tuck due to architecture (failure visibility limited to signer set)

* fix: inprogress settlement

* fix: solana tx resolving

(cherry picked from commit 1fa5a61)
…e endpoint under concurrent load

(cherry picked from commit 4706e90)
fix: port remaining audit-fixes commits onto security-audit-fixes
Makes the Push-origin UTX id robust by contract (mirrors GetInboundUniversalTxKey, normalizes case/0x); no behavior change for real EVM receipt hashes. Adds Pc UTX key tests.
fix: merge security-audit-fixes audit fixes into main
@0xNilesh 0xNilesh changed the title [equiv-check · DO NOT MERGE] trunk ≡ audit-fixes [equiv-check · DO NOT MERGE] trunk ≡ audit-fixes (0 files changed) Jul 9, 2026
@0xNilesh 0xNilesh closed this Jul 9, 2026
@0xNilesh 0xNilesh deleted the trunk branch July 9, 2026 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants