chore: merge main into develop #4512
Merged
+10,416
−12,724
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* fix: ratelimiting race condition vuln * fix: ratelimiting race condition vuln - Fix race condition in RateLimiter.Release() function - Replace non-atomic check-then-act with atomic decrement and bounds checking - Add comprehensive test suite to verify the fix - Update changelog with PR #4072 * fix: correct atomic implementation to prevent underflow - Replace flawed Add(-1) approach with proper CompareAndSwap - Fix underflow detection issue where uint32 wrap-around was missed - Add TestRateLimiterUnderflowProtection to verify the fix - Ensure Release() never causes negative counters or semaphore over-release * refactor: simplify rate limiter Release() implementation - Remove unnecessary infinite loop in CAS operation - Single CAS attempt is sufficient for race condition protection - Maintains thread-safety while being more efficient - All tests still pass with simplified implementation * fix: correct order of operations in rate limiter Release() - Fix race condition by decrementing counter before releasing semaphore - Ensure pending counter accurately reflects semaphore state - Simplify implementation by using correct operation order - All tests pass with cleaner, more logical approach * test: add tests that reproduce the original race condition vulnerability - Add BuggyRateLimiter that implements the original vulnerable code - Add TestBuggyRateLimiterRaceCondition to demonstrate the race condition - Add TestBuggyRateLimiterStressTest to stress test the vulnerability - Add TestVulnerabilityDemonstration to show before/after comparison - Add TestBuggyRateLimiterExcessiveReleases to show excessive release issues - These tests demonstrate the theoretical vulnerability even if timing makes it hard to reproduce consistently * fix: address race condition and underflow issues in RateLimiter - Fix race condition in Release() by reordering operations (decrement pending first, then release semaphore) - Fix Pending() function to handle negative atomic.Int32 values correctly - Add comprehensive tests to verify fixes - Remove buggy code from tests as requested by reviewers - Document original vulnerability in test comments The original race condition allowed multiple goroutines to release more permits than acquired. The Pending() function could return incorrect values due to negative atomic.Int32 conversion. Fixes: #4072 * refactor: rename test and update changelog to reflect actual improvements - Rename TestVulnerabilityDemonstration to TestRateLimiterRobustness - Update test description to reflect code quality improvements rather than vulnerability fixes - Update changelog entry to match actual changes - Tests still pass, confirming the improvements are working correctly The reviewer correctly pointed out that if tests pass on develop without fixes, then we're improving robustness rather than fixing vulnerabilities.
* remove support for v1 revert address for BTC * add changelog --------- Co-authored-by: Lucas Bertrand <lucas.bertrand.22@gmail.com>
* update go mod * add a new message for migrating funds * add migrate funds to e2e * rebase from develop * add v2 e2e test to check flow * add zeta gateway deposit to zetaclient * add github workflow * update comments * fix code formating * fix code formating * fix code formating * fix unit tests * fix unit tests * revert to old command to start e2e test * remove message for migration and refactor to using contract directly * add changelog * generate files after removing new message * update generated files * update generated files * update go mod * update deposit * add unit tests * add unit tests * generate files * generate files * undo changes based on develop * update deposit and revert smart contract call * rename zeta deposit test file * rename zeta deposit test file * add abort and revert tests * add TestZetaDepositAndCallNoMessage * add TestZetaDepositAndCallNoMessage * remove payable from TestAbort contract * rename to LegacyZETADepositAndCallContract * improve unit test coverage * fix unit tests * add some delay in TestZetacore_SubscribeNewBlocks * update comment for handling zeta token zrc20 * add e2e test * add e2e test for withdraw * refactor ProcessZEVMInboundV2 * add core registry to setup * refactor e2e test helper functions * add unit test for zeta withdraw * add unit test for withdraw and call * resolve comments 1 * add unit test for ProcessRevert * add unit test for ProcessRevert * add unit test for ProcessRevert * improve abort tests * improve abort tests * resolve comments * resolve comments 2 * update upgrade height to 280 to allow the first test to run the entire cycle * wrap zeta mints in tmp context * wrap zeta mint in temp context * rebase * add changelog * add changelog * adjust comments * Update cmd/zetae2e/config/contracts.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix gas pool zeta calcualation * add unit test for executeWithMintedZeta * fix comments 1 * add unit tests * update test dapp to use zeta token for consuming gas * add core registry to zeta e2e post upgrade handler * revert legacy test * update changes based on comments 1 --------- Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…4090) * print error message detail when memo decoding failed * add changelog entry * keep invalid memo log on Info level --------- Co-authored-by: Lucas Bertrand <lucas.bertrand.22@gmail.com>
* update go mod * add a new message for migrating funds * add migrate funds to e2e * rebase from develop * add v2 e2e test to check flow * add zeta gateway deposit to zetaclient * add github workflow * update comments * fix code formating * fix code formating * fix code formating * fix unit tests * fix unit tests * revert to old command to start e2e test * remove message for migration and refactor to using contract directly * add changelog * generate files after removing new message * update generated files * update generated files * update go mod * update deposit * add unit tests * add unit tests * generate files * generate files * undo changes based on develop * update deposit and revert smart contract call * rename zeta deposit test file * rename zeta deposit test file * add abort and revert tests * add TestZetaDepositAndCallNoMessage * add TestZetaDepositAndCallNoMessage * remove payable from TestAbort contract * rename to LegacyZETADepositAndCallContract * improve unit test coverage * fix unit tests * add some delay in TestZetacore_SubscribeNewBlocks * update comment for handling zeta token zrc20 * add e2e test * add e2e test for withdraw * refactor ProcessZEVMInboundV2 * add core registry to setup * refactor e2e test helper functions * add unit test for zeta withdraw * add unit test for withdraw and call * resolve comments 1 * add unit test for ProcessRevert * add unit test for ProcessRevert * add unit test for ProcessRevert * improve abort tests * improve abort tests * resolve comments * resolve comments 2 * update upgrade height to 280 to allow the first test to run the entire cycle * wrap zeta mints in tmp context * wrap zeta mint in temp context * rebase * add changelog * add changelog * adjust comments * Update cmd/zetae2e/config/contracts.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix gas pool zeta calcualation * add unit test for executeWithMintedZeta * fix comments 1 * add unit tests * update admin * revert unncessary changes * disable account balance verification for admin tests * improve naming for deposit functions * add changelog * update comments * update test legacy test zeta to use EVMAddress * remove skipping admin in upgrade setup --------- Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* check balance after eth deposit test * fix typo * fix import
* fix flaky solana depositAndCall tests * add changelog entry * add wait logic inside AssertTestDAppEVMCalled
…sgUpdateParams (#4094) * update zeta evm * update commit * fix: use evm chain id from eth config in rpc backend (#4096) * fix: cancel solana WaC if tx size is too large (#4098) * cancel solana WaC if tx size is too large * align the comments with the code * fix: nil reference in trace block (#4093) * update to commit be548f7691876e656ec61aa46e31ed337be92f4e , on branch release/v34 --------- Co-authored-by: skosito <skostic9242@gmail.com> Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: morde08 <peter@zetachain.com>
* dont return err if tx is not found in get tx receipt * fix tests * changelog
…nect to zetacore (#4068) * save initial work to remote * add unit test and live test for zetacore hostname support * add changelog entry; fix gosec and clean unused code * fix CI upgrade test --------- Co-authored-by: Tanmay <tanmay@zetachain.com>
* fix dbg trace by block * PR comments * changelog
* cancel solana WaC if tx size is too large * add changelog entry
… digest (#4116) * inbound * . * changelog
… deltas on startup. (#4097) * update 1 * add start-skip-consensus-overwrite-test * generate files * update tests * add unit tests * add unit tests for GenesisChainID * add unit tests for GenesisChainID * rename genesisChainID * fix typo * remove testnet from overwrite check
Signed-off-by: yinwenyu6 <yinwenyu6@outlook.com>
* re-enable sui authenticated call * integrate message context ID as dynamic field * add changelog entry * make issueMessageContext function self-contained * fix unit test * remove --skip-dependency-verification in sui gateway upgrade test * cancel withdrawAndCall on invalid payload * adopt new increase_nonce signature to adopt gas refund logic when cancelling a CCTX * apply stringent check on Sui transaction's checkpoint * apply status check on Sui inbound * fix CI upgrade test * fix unit test
Signed-off-by: pxwanglu <pxwanglu@icloud.com>
* fix solana e2e SPL balance check by waiting maximum 30 seconds * add changelog entry
* refactor: remove intx and outtx deprecated queries * fixes in e2e
Signed-off-by: wmypku <wmypku@outlook.com>
Signed-off-by: tzchenxixi <tzchenxixi@icloud.com>
* add back precompiles * add abci field to proposal * test * enable back * test no creating proposasl * disable zeta-ante * cleanup v33 upgrade helper * add v35 as reference * remove gas stability pool temporary * update to v36 and disable fast confirmation test * bitcoin fast confirmation * increase ersion for zeta * remove erc20 init handler * disable zevm to evm revert for older version * disable zevm to evm revert abort for older version * increase upgrade height
…e parameter (#4153) * add GatewayGasLimit to state * refactor function name from MustGetGatewayGasLimit to GetGatewayGasLimitSafe * update unit tests * update unit tests * update proto files * replace big int with uint64 * changelog * add check of older value * add v4 migration back for authority module * update setup handler to remove setting erc20 module * test changes * revert to using v32 as base branch for upgrades --------- Co-authored-by: lumtis <lucas.bertrand.22@gmail.com>
* do not deploy example contract in e2e tests, use pre-deployed example dapp V2 instead * add changelog entry * clean up debugging log * remove commented code * add back extra zrc20 SPL balance check
…4165) * fix flaky depositAndCall caused by sender assertion * add changelog entry
kingpinXD
commented
Dec 26, 2025
kingpinXD
commented
Dec 26, 2025
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
hazim1093
approved these changes
Jan 2, 2026
morde08
approved these changes
Jan 2, 2026
ws4charlie
reviewed
Jan 2, 2026
ws4charlie
approved these changes
Jan 2, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Steps followed for the Merge
8cda400 (mostly fixed related to unit tests )
8d81a07 (most changes from main for zetaclient )
6bd0328 (fixes for e2e upgrade tests)
d4aecf4 (minor fixes )
bca8e6f (minor fixes )
04b549c ( zetacore fix for removing pending nonces)
The following comit has been ignored for now
d41507c
Develop was priotized for the following changes,as both main and develop had conflicts
#4218
#4274
Important zetacored changes
#3734 ( refund a portion of unused gas to the user )
#4479 : Remove an observer and test TSS migration with a reduced observer set
start-tss-migration-add-observer:andstart-tss-migration-remove-observerwhich test both the flows .#4486 (Add v2 ZETA deposits and withdraws , and add a flag to toggle it on and off)
Note
Aligns develop with main, updating APIs, docs, e2e tooling/tests, and build/CI scripts.
whitelist-erc20towhitelist-asset; remove several deprecated query endpoints/types; add fields likeInbound.error_message,InboundStatus.EXCESSIVE_NOASSETCALL_FUNDS,Outbound.userGasFeePaid,ChainParams.stabilityPoolPercentage; refresh CLI docs; add gas fee and unused-fee management docsTransferZETAOnEvm,Deposit*ToDeployer), enable ZETA token workflow tests, add Bitcoin→ZEVM call tests, improve keygen wait/status, allow multiple TSS generations in migration, switch toSetupZEVM/SetupZRC20, update chain params flowCoreRegistryto e2e configs; wire incoreregistryclient; removecontextappcontract and related wiring; updateTestDAppV2ABI/bin (constructor includeszetatoken, payableonRevert, new getters)priv_validator_state.jsonin devnet; add test filter and extra logs in upgrade script; force snapshot download in Makefile; new e2e make targets/env flagsstart-upgrade-test-zetaclient-light; minor semgrep comment cleanupWritten by Cursor Bugbot for commit 838b011. Configure here.