chore: merge main into develop #4512
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* fix: ratelimiting race condition vuln * fix: ratelimiting race condition vuln - Fix race condition in RateLimiter.Release() function - Replace non-atomic check-then-act with atomic decrement and bounds checking - Add comprehensive test suite to verify the fix - Update changelog with PR #4072 * fix: correct atomic implementation to prevent underflow - Replace flawed Add(-1) approach with proper CompareAndSwap - Fix underflow detection issue where uint32 wrap-around was missed - Add TestRateLimiterUnderflowProtection to verify the fix - Ensure Release() never causes negative counters or semaphore over-release * refactor: simplify rate limiter Release() implementation - Remove unnecessary infinite loop in CAS operation - Single CAS attempt is sufficient for race condition protection - Maintains thread-safety while being more efficient - All tests still pass with simplified implementation * fix: correct order of operations in rate limiter Release() - Fix race condition by decrementing counter before releasing semaphore - Ensure pending counter accurately reflects semaphore state - Simplify implementation by using correct operation order - All tests pass with cleaner, more logical approach * test: add tests that reproduce the original race condition vulnerability - Add BuggyRateLimiter that implements the original vulnerable code - Add TestBuggyRateLimiterRaceCondition to demonstrate the race condition - Add TestBuggyRateLimiterStressTest to stress test the vulnerability - Add TestVulnerabilityDemonstration to show before/after comparison - Add TestBuggyRateLimiterExcessiveReleases to show excessive release issues - These tests demonstrate the theoretical vulnerability even if timing makes it hard to reproduce consistently * fix: address race condition and underflow issues in RateLimiter - Fix race condition in Release() by reordering operations (decrement pending first, then release semaphore) - Fix Pending() function to handle negative atomic.Int32 values correctly - Add comprehensive tests to verify fixes - Remove buggy code from tests as requested by reviewers - Document original vulnerability in test comments The original race condition allowed multiple goroutines to release more permits than acquired. The Pending() function could return incorrect values due to negative atomic.Int32 conversion. Fixes: #4072 * refactor: rename test and update changelog to reflect actual improvements - Rename TestVulnerabilityDemonstration to TestRateLimiterRobustness - Update test description to reflect code quality improvements rather than vulnerability fixes - Update changelog entry to match actual changes - Tests still pass, confirming the improvements are working correctly The reviewer correctly pointed out that if tests pass on develop without fixes, then we're improving robustness rather than fixing vulnerabilities.
* remove support for v1 revert address for BTC * add changelog --------- Co-authored-by: Lucas Bertrand <lucas.bertrand.22@gmail.com>
* update go mod * add a new message for migrating funds * add migrate funds to e2e * rebase from develop * add v2 e2e test to check flow * add zeta gateway deposit to zetaclient * add github workflow * update comments * fix code formating * fix code formating * fix code formating * fix unit tests * fix unit tests * revert to old command to start e2e test * remove message for migration and refactor to using contract directly * add changelog * generate files after removing new message * update generated files * update generated files * update go mod * update deposit * add unit tests * add unit tests * generate files * generate files * undo changes based on develop * update deposit and revert smart contract call * rename zeta deposit test file * rename zeta deposit test file * add abort and revert tests * add TestZetaDepositAndCallNoMessage * add TestZetaDepositAndCallNoMessage * remove payable from TestAbort contract * rename to LegacyZETADepositAndCallContract * improve unit test coverage * fix unit tests * add some delay in TestZetacore_SubscribeNewBlocks * update comment for handling zeta token zrc20 * add e2e test * add e2e test for withdraw * refactor ProcessZEVMInboundV2 * add core registry to setup * refactor e2e test helper functions * add unit test for zeta withdraw * add unit test for withdraw and call * resolve comments 1 * add unit test for ProcessRevert * add unit test for ProcessRevert * add unit test for ProcessRevert * improve abort tests * improve abort tests * resolve comments * resolve comments 2 * update upgrade height to 280 to allow the first test to run the entire cycle * wrap zeta mints in tmp context * wrap zeta mint in temp context * rebase * add changelog * add changelog * adjust comments * Update cmd/zetae2e/config/contracts.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix gas pool zeta calcualation * add unit test for executeWithMintedZeta * fix comments 1 * add unit tests * update test dapp to use zeta token for consuming gas * add core registry to zeta e2e post upgrade handler * revert legacy test * update changes based on comments 1 --------- Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…4090) * print error message detail when memo decoding failed * add changelog entry * keep invalid memo log on Info level --------- Co-authored-by: Lucas Bertrand <lucas.bertrand.22@gmail.com>
* update go mod * add a new message for migrating funds * add migrate funds to e2e * rebase from develop * add v2 e2e test to check flow * add zeta gateway deposit to zetaclient * add github workflow * update comments * fix code formating * fix code formating * fix code formating * fix unit tests * fix unit tests * revert to old command to start e2e test * remove message for migration and refactor to using contract directly * add changelog * generate files after removing new message * update generated files * update generated files * update go mod * update deposit * add unit tests * add unit tests * generate files * generate files * undo changes based on develop * update deposit and revert smart contract call * rename zeta deposit test file * rename zeta deposit test file * add abort and revert tests * add TestZetaDepositAndCallNoMessage * add TestZetaDepositAndCallNoMessage * remove payable from TestAbort contract * rename to LegacyZETADepositAndCallContract * improve unit test coverage * fix unit tests * add some delay in TestZetacore_SubscribeNewBlocks * update comment for handling zeta token zrc20 * add e2e test * add e2e test for withdraw * refactor ProcessZEVMInboundV2 * add core registry to setup * refactor e2e test helper functions * add unit test for zeta withdraw * add unit test for withdraw and call * resolve comments 1 * add unit test for ProcessRevert * add unit test for ProcessRevert * add unit test for ProcessRevert * improve abort tests * improve abort tests * resolve comments * resolve comments 2 * update upgrade height to 280 to allow the first test to run the entire cycle * wrap zeta mints in tmp context * wrap zeta mint in temp context * rebase * add changelog * add changelog * adjust comments * Update cmd/zetae2e/config/contracts.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix gas pool zeta calcualation * add unit test for executeWithMintedZeta * fix comments 1 * add unit tests * update admin * revert unncessary changes * disable account balance verification for admin tests * improve naming for deposit functions * add changelog * update comments * update test legacy test zeta to use EVMAddress * remove skipping admin in upgrade setup --------- Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* check balance after eth deposit test * fix typo * fix import
* fix flaky solana depositAndCall tests * add changelog entry * add wait logic inside AssertTestDAppEVMCalled
…sgUpdateParams (#4094) * update zeta evm * update commit * fix: use evm chain id from eth config in rpc backend (#4096) * fix: cancel solana WaC if tx size is too large (#4098) * cancel solana WaC if tx size is too large * align the comments with the code * fix: nil reference in trace block (#4093) * update to commit be548f7691876e656ec61aa46e31ed337be92f4e , on branch release/v34 --------- Co-authored-by: skosito <skostic9242@gmail.com> Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: morde08 <peter@zetachain.com>
* dont return err if tx is not found in get tx receipt * fix tests * changelog
…nect to zetacore (#4068) * save initial work to remote * add unit test and live test for zetacore hostname support * add changelog entry; fix gosec and clean unused code * fix CI upgrade test --------- Co-authored-by: Tanmay <tanmay@zetachain.com>
* fix dbg trace by block * PR comments * changelog
* cancel solana WaC if tx size is too large * add changelog entry
… digest (#4116) * inbound * . * changelog
… deltas on startup. (#4097) * update 1 * add start-skip-consensus-overwrite-test * generate files * update tests * add unit tests * add unit tests for GenesisChainID * add unit tests for GenesisChainID * rename genesisChainID * fix typo * remove testnet from overwrite check
Signed-off-by: yinwenyu6 <yinwenyu6@outlook.com>
* re-enable sui authenticated call * integrate message context ID as dynamic field * add changelog entry * make issueMessageContext function self-contained * fix unit test * remove --skip-dependency-verification in sui gateway upgrade test * cancel withdrawAndCall on invalid payload * adopt new increase_nonce signature to adopt gas refund logic when cancelling a CCTX * apply stringent check on Sui transaction's checkpoint * apply status check on Sui inbound * fix CI upgrade test * fix unit test
Signed-off-by: pxwanglu <pxwanglu@icloud.com>
* fix solana e2e SPL balance check by waiting maximum 30 seconds * add changelog entry
* refactor: remove intx and outtx deprecated queries * fixes in e2e
Signed-off-by: wmypku <wmypku@outlook.com>
Signed-off-by: tzchenxixi <tzchenxixi@icloud.com>
* add back precompiles * add abci field to proposal * test * enable back * test no creating proposasl * disable zeta-ante * cleanup v33 upgrade helper * add v35 as reference * remove gas stability pool temporary * update to v36 and disable fast confirmation test * bitcoin fast confirmation * increase ersion for zeta * remove erc20 init handler * disable zevm to evm revert for older version * disable zevm to evm revert abort for older version * increase upgrade height
…e parameter (#4153) * add GatewayGasLimit to state * refactor function name from MustGetGatewayGasLimit to GetGatewayGasLimitSafe * update unit tests * update unit tests * update proto files * replace big int with uint64 * changelog * add check of older value * add v4 migration back for authority module * update setup handler to remove setting erc20 module * test changes * revert to using v32 as base branch for upgrades --------- Co-authored-by: lumtis <lucas.bertrand.22@gmail.com>
* do not deploy example contract in e2e tests, use pre-deployed example dapp V2 instead * add changelog entry * clean up debugging log * remove commented code * add back extra zrc20 SPL balance check
…4165) * fix flaky depositAndCall caused by sender assertion * add changelog entry
kingpinXD
added
ADMIN_TESTS
|
!!!WARNING!!! Be very careful about using Only suppress a single rule (or a specific set of rules) within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within the #nosec annotation, e.g: /* #nosec G401 */ or //#nosec G201 G202 G203 Pay extra attention to the way |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## develop #4512 +/- ##
===========================================
- Coverage 64.72% 63.90% -0.82%
===========================================
Files 476 472 -4
Lines 28941 29303 +362
===========================================
- Hits 18731 18727 -4
- Misses 9183 9540 +357
- Partials 1027 1036 +9
🚀 New features to boost your workflow:
|
kingpinXD
changed the title
kingpinXD
removed
ADMIN_TESTS
kingpinXD
commented
Dec 26, 2025
| runs-on: ubuntu-22.04 | ||
| run: ${{ needs.matrix-conditionals.outputs.UPGRADE_TESTS == 'true' }} | ||
| - make-target: "start-upgrade-test-zetaclient" | ||
| - make-target: "start-upgrade-test-zetaclient-light" |
Member
Author
There was a problem hiding this comment.
We now have different versions of zetaclient and zetacore. We have an option to run zetae2e using either the current version or the older version, but both throw a different set of errors .
In my opinon for the zetaclient only migration we dont really need to test with both test runs as this only updates the zetaclient.
I don't think the regular start-upgrade-test-zetaclient test is needed at all
kingpinXD
commented
Dec 26, 2025
| echo "Running E2E command to setup the networks and populate the state..." | ||
| # Use light flag to ensure tests can complete before the upgrade height | ||
| zetae2e-ante local $E2E_ARGS --skip-setup --config "$deployed_config_path" --light ${COMMON_ARGS} | ||
| zetae2e-ante local $E2E_ARGS --skip-setup --config "$deployed_config_path" --light ${COMMON_ARGS} --test-filter '^(add_|bitcoin_|crosschain_|deposit_|erc20_|eth_|legacy_|zevm_)' |
Member
Author
There was a problem hiding this comment.
Filter out tests which are not running in the first e2e . The second e2e using the present binary still runs all the tests .
kingpinXD
commented
Dec 26, 2025
| github.com/libp2p/go-libp2p => github.com/zeta-chain/go-libp2p v0.0.0-20240710192637-567fbaacc2b4 | ||
|
|
||
| // protocol-contracts was renamed to protocol-contracts-evm; redirect to old module path | ||
| github.com/zeta-chain/protocol-contracts-evm => github.com/zeta-chain/protocol-contracts v0.0.0-20250909184950-6034c08e5870 |
Member
Author
There was a problem hiding this comment.
This wont be needed after we merge the changes for v2 conector into the main branch and create a new release
branch for refereance https://github.com/zeta-chain/protocol-contracts-evm/tree/feat/zeta-connector-v2
kingpinXD
commented
Dec 26, 2025
Member
Author
There was a problem hiding this comment.
Changelog still needs to be fixed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Steps followed for the Merge
8cda400 (mostly fixed related to unit tests )
8d81a07 (most changes from main for zetaclient )
6bd0328 (fixes for e2e upgrade tests)
d4aecf4 (minor fixes )
bca8e6f (minor fixes )
The following comit has been ignored for now
d41507c
Develop was used for the following changes ,as both main and develop had these
#4218
#4274