Skip to content

Merge release 2.2.2 into dev#5429

Draft
sacherjj wants to merge 122 commits into
casper-network:devfrom
sacherjj:merge-release-2.2.2-into-dev
Draft

Merge release 2.2.2 into dev#5429
sacherjj wants to merge 122 commits into
casper-network:devfrom
sacherjj:merge-release-2.2.2-into-dev

Conversation

@sacherjj

@sacherjj sacherjj commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

meta_transaction had dev refactor of TransactionLaneDefinition to new constructor and deprecating public fields and 2.2.2 from_transaction to &Chainspec. Want another set of eyes to look this over.

node/src/testing/fake_transaction_acceptor.rs and node/src/reactor/main_reactor/tests/transactions.rs silently merge conflicted with renames and matching arms that needed synced.

darthsiroftardis and others added 30 commits May 12, 2026 14:20
…go_deb

Correcting issue with cargo-deb install via fixed fork.
Assert that reward distribution updates the resolved new-key unbond,
does not create a duplicate old-key unbond, and survives unbond
processing after the delay.
Write validator rewards back to the resolved unbond record after a bid
public key change, and assert the unbond is updated without creating a
duplicate old-key record.

Co-authored-by: Karan Dhareshwar <karan@casper.network>
Co-authored-by: Jakub Zajkowski <ja.zajko@gmail.com>
…redux

Fix issue in tracking validator bridge records
`verify_rejects_extra_approvals_hashes` and
`verify_rejects_missing_approvals_hashes` in
`storage/src/block_store/types/approvals_hashes.rs` exercise the
`zip`-based deploy/transaction id construction. With extra supplied
approvals hashes, `verify` currently returns Ok because the iterator
silently truncates to the block transaction count, leaving the trailing
hashes to slip into stored metadata. See
`audit-confirmed-02-approvals-hashes-length-mismatch.md`.
Add `ensure_approvals_hashes_len` and call it at the entry of both
`deploy_ids` and `transaction_ids`, plus a new
`ApprovalsHashesLengthMismatch` error variant. This makes peer-supplied
ApprovalsHashes with extra or missing entries fail validation up front
instead of being silently truncated by `zip` and stored, which would
later stall executable-block construction. See
`audit-confirmed-02-approvals-hashes-length-mismatch.md`; regression in
6bfc3c3.
`rejects_nested_sync_response_signed_message_from_wrong_instance` and
`rejects_nested_sync_response_evidence_from_wrong_instance` in
`node/src/components/consensus/protocols/zug/tests.rs` wrap a wrong-
instance signed Zug message inside a current-instance `SyncResponse`
and check that the peer is disconnected without mutating the current
round's vote/fault state. Without the fix, the signed message is
accepted (the evidence variant even drives `FttExceeded`). See
`audit-confirmed-03-zug-nested-instance-replay.md`.
Reject nested `SignedMessage`s and evidence carried in a `SyncResponse`
unless their `instance_id` matches the current consensus instance, in
both `handle_signed_message` and `handle_evidence`. Without this guard a
peer can wrap signatures from a different consensus instance inside a
current-instance `SyncResponse` and have them inserted as current-round
votes/echoes/evidence, in the worst case driving `FttExceeded`. See
`audit-confirmed-03-zug-nested-instance-replay.md`; regression in
bf9ad4d.
…tall

`make_executable_block_applies_finalized_approvals` in
`node/src/components/storage/tests.rs` stores a transaction with one
approval set, a `TransactionFinalizedApprovals` entry with a different
set, and an `ApprovalsHashes` row computed from the finalized set, then
calls `make_executable_block`. Without the fix `make_executable_block`
pushes the original (non-finalized) transaction into the executable
list, the block-level approvals-hash check fails, and it returns Ok(None)
- stalling executable-block construction. See
`audit-confirmed-81-storage-finalized-approvals-executable-block-stall.md`.
`read_block_and_finalized_transactions_by_hash` now overlays any stored
`TransactionFinalizedApprovals` onto the original transaction via
`Transaction::with_approvals` before pushing it into the executable
transaction list. Without this overlay the block-level
`ApprovalsHashes` check compares the finalized approvals hash against
the original stored transaction's hash, fails, and stalls
`make_executable_block` with Ok(None) for any node that saw the
transaction earlier with a different approval set. See
`audit-confirmed-81-storage-finalized-approvals-executable-block-stall.md`;
regression in 38dc71c.
`system_key_rewards_must_not_mint_sustain_share` in
`execution_engine_testing/tests/src/test/system_contracts/auction/distribute.rs`
sets up a sustain-enabled era, then calls `distribute_with_rewards_handling`
with a rewards map containing only `PublicKey::System`. Without the fix the
sustain purse is credited (and total supply increased) by the sustain share
of the system-key amount, even though the per-validator processing later
filters `PublicKey::System` out and pays no validator reward. See
`audit-confirmed-123-contract-runtime-system-reward-mints-sustain-share.md`.
`Auction::distribute` now skips `PublicKey::System` when computing the
`total` reward used for the sustain-share calculation, matching the
existing filter applied to per-validator reward processing. Without
this fix a rewards map containing only `PublicKey::System` mints a
sustain share (and increases total supply) even though no validator or
delegator reward is distributed. See
`audit-confirmed-123-contract-runtime-system-reward-mints-sustain-share.md`;
regression in 0cf0b4d.
mpapierski and others added 28 commits June 12, 2026 18:41
…ate a MetaTransaction based from a VM2 targetting Transaction in an environment where vm2 is disabled
…call vm1 contract. Removed the possibility of gossiping a chainspec-violating gas_price_tolerance in a transaction
…vm2_transaction_smuggling_via_bogus_proposal

Changing the MetaTransaction code so that it fails when trying to cre…
…it-out

Use transaction acceptor when fetching proposed transactions
…on-update

Updating versions for crates using updated casper-types.
…ase-2.2.2-into-dev

Silent merge conflicts with:
node/src/testing/fake_transaction_acceptor.rs
node/src/reactor/main_reactor/tests/transactions.rs

5 tests failing.
# Conflicts:
#	.github/workflows/casper-node.yml
#	Makefile
#	execution_engine_testing/tests/src/test/regression/mod.rs
#	node/src/components/contract_runtime/operations.rs
#	node/src/components/storage/tests.rs
#	node/src/reactor/main_reactor/event.rs
#	node/src/reactor/main_reactor/tests/fixture.rs
#	node/src/types/transaction/meta_transaction.rs
#	node/src/types/transaction/meta_transaction/meta_transaction_v1.rs
#	node/src/utils/specimen.rs
…egraph.

Bumped crossbeam-epoch and pprof for other audit issues.
@EdHastingsCasperAssociation

Copy link
Copy Markdown
Collaborator

preemptive approval so you are unblocked to merge when the ci issues are ironed out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants