Skip to content

chore: merge master into develop#7397

Draft
thepastaclaw wants to merge 10 commits into
dashpay:developfrom
thepastaclaw:chore/merge-master-into-develop-20260701
Draft

chore: merge master into develop#7397
thepastaclaw wants to merge 10 commits into
dashpay:developfrom
thepastaclaw:chore/merge-master-into-develop-20260701

Conversation

@thepastaclaw

Copy link
Copy Markdown

chore: merge master into develop

Issue being fixed or feature implemented

Merge the v23.1.7 release branch history from master back into develop
after the release.

What was done?

  • Merged upstream/master (01fc719f90, chore: prepare v23.1.7 release) into upstream/develop (547bf5eee2).
  • Resolved merge conflicts in release metadata/manpages, DKG hardening,
    InstantSend queue bounding, and BLS test coverage.
  • Preserved the v23.1.7 release updates and the hardening/build-fix commits now
    present on master.
  • Applied review fixes for the merge result:
    • kept DKG peer-misbehavior reason strings required by the new functional
      test coverage;
    • removed the stale duplicate CDKGPrematureCommitment::GetSignHash()
      definition after dkgmessages.h introduced inline message helpers;
    • fixed the new BLS unit test to start its local worker with an explicit
      worker count;
    • relaxed DKG intake structural checks to enforce safe upper bounds while
      leaving exact reduced-quorum member counts to the DKG session.

How Has This Been Tested?

  • git diff --check HEAD^1..HEAD
  • rg '^(<<<<<<<|>>>>>>>)'
  • code-review dashpay/dash upstream/develop chore/merge-master-into-develop-20260701

No local compile was run because this worktree has no configured build directory.

Breaking Changes

None expected. This is a release merge-back from master to develop.

Checklist

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have made corresponding changes to the documentation
  • I have assigned this pull request to a milestone (for repository
    code-owners and collaborators only)
PastaPastaPasta and others added 9 commits June 30, 2026 09:43
… crashes

Harden the pushed DKG message path (QCONTRIB/QCOMPLAINT/QJUSTIFICATION/QPCOMMITMENT):

- Require the sending peer to be MNAuth-verified (qwatch is unauthenticated and does not bypass this).

- Reject oversized DKG payloads (per-type MaxDKGMessageSize) before deserialization/retention.

- Structurally pre-validate (param-only checks, on a copy) before retention.

- Never feed an invalid BLS signature to CBLSSignature::AggregateInsecure(): the batch verifier skips invalid sigs and per-type PreVerifyMessage rejects them.
…ector

A validly-signed DKG self-complaint + justification can reach CBLSWorker::AsyncVerifyContributionShare() with a null BLSVerificationVectorPtr (when the member's contribution was never received), which the singular overload dereferenced with no null check, crashing observers/non-member masternodes. Treat a null vvec as a failed verification, matching the plural path. Includes a bls_tests regression case.
Inbound ISDLOCK messages from any peer are deserialized, hashed and retained before BLS signature verification, with three unbounded dimensions an attacker could exploit.

Oversized lock: NetInstantSend::ProcessMessage now rejects locks whose input count exceeds InstantSendLock::MAX_INPUTS immediately after deserialization -- before ::SerializeHash() and the O(n) dedup in TriviallyValid() -- so an oversized lock no longer forces a second full serialize+hash before being scored. MAX_INPUTS is derived as MaxBlockSize() / 41 (~48,780): a consensus-valid transaction must fit in a block and each CTxIn is >=41 bytes on the wire, so no valid transaction -- and therefore no valid islock -- can exceed it. Deriving from MaxBlockSize() (now constexpr) keeps the cap correct if the maximum block size ever changes. The cap is also kept in TriviallyValid() as defense-in-depth.

Unbounded received queue: EnqueueInstantSendLock() drops new locks once pendingInstantSendLocks reaches MAX_PENDING_INSTANTSEND_LOCKS (1024).

Unbounded awaiting-tx queue: pendingNoTxInstantSendLocks holds BLS-verified locks whose transaction has not yet arrived; a peer with quorum-signing power could fill it with locks for transactions that never appear. It is now bounded by the same ceiling. Honest islocks are re-relayed, so dropping under flood is not fatal.
The per-object MNGOVERNANCESYNC vote-sync path passes a peer-supplied CBloomFilter to GetSyncableVoteInvs(), which calls filter.contains() on every cached vote; contains() loops nHashFuncs times. nHashFuncs is deserialized without bounds, so a ~43-byte request with nHashFuncs=0xFFFFFFFF forces ~4.3 billion MurmurHash3 evaluations per cached vote while g_msgproc_mutex is held, stalling all P2P message processing.

Reject filters that violate CBloomFilter::IsWithinSizeConstraints() (vData <= 36000 bytes, nHashFuncs <= 50) right after deserialization, with Misbehaving(100), mirroring the existing filterload handler. Legitimate filters are constructed within these bounds, so this only rejects abusive requests.
ThreadSocketHandler uses a Dash-specific edge-triggered scheme: when mapReceivableNodes is non-empty it polls with a zero timeout (the only_poll fast path) instead of waiting SELECT_TIMEOUT_MILLISECONDS, so sockets that still have buffered data keep getting drained. A node enters mapReceivableNodes when its socket signals readable (fHasRecvData=true) and only leaves once SocketRecvData() drains it and clears fHasRecvData. A receive-paused peer (fPauseRecv, set once its queued message bytes exceed -maxreceivebuffer, ~5 MB by default) is skipped by both GenerateWaitSockets() and SocketHandlerConnected() and is therefore never drained, so fHasRecvData stays set and it lingers in mapReceivableNodes. only_poll then stays true and ThreadSocketHandler spins at 100% CPU for the entire pause window. A remote, unauthenticated peer can trigger and sustain this by sending data faster than the node processes it (resending periodically to stay paused and to reset the 20-minute inactivity timer), pinning the single socket-handler thread and degrading network I/O for all peers.

Pull the receivable-node check into HasUnpausedReceivableNode() and count a receivable node as work only when it is not paused; while only paused nodes remain receivable, fall back to the normal select/poll wait. The paused peer is still drained promptly once the message handler pops enough messages to clear fPauseRecv. This finishes the partial backport of bitcoin#27981 (commit 8c986d6), which was noted to need revisiting alongside bitcoin#24356.

Add net_tests/socket_handler_skips_receive_paused_nodes covering the predicate directly: a lone receive-paused node must not count as work (the regression), while genuinely drainable nodes still do. The busy-loop only manifests under sustained receive-pause, which requires the message-handler thread to fall behind the receive path; that is not reliably reproducible from a functional test without expensive or ban-triggering traffic, so the regression is guarded at the unit level.
c93513b Merge bitcoin#30633: Fixes for GCC 15 compatibility (merge-script)

Pull request description:

  ## Issue being fixed or feature implemented
  Dash Core is failed to get compiled with warnings enabled on gcc-16

  ## What was done?
  Backport bitcoin#30633

  ## How Has This Been Tested?
  Build passes _these_ relevant errors

  ## Breaking Changes
  N/A

  ## Checklist:
  - [x] I have performed a self-review of my own code
  - [ ] I have commented my code, particularly in hard-to-understand areas
  - [ ] I have added or updated relevant unit/integration/functional/e2e tests
  - [ ] I have made corresponding changes to the documentation
  - [x] I have assigned this pull request to a milestone

ACKs for top commit:
  UdjinM6:
    utACK c93513b

Tree-SHA512: c9b5537ff911b7fbc3eacd0517e7c67ccac907ce2d6983a1671c3a28196e460234d87e4b947536b71b310b44a1cbeb0341c3dc36c3bc6b98075c41de58b92238
…b subtree

75b19b3 fix: compilation error with modern gcc for leveldb subtree (Konstantin Akimov)

Pull request description:

  ## Issue being fixed or feature implemented
  Dash Core's build fails with gcc-16:

      In copy constructor 'constexpr leveldb::DBImpl::CompactionState::Output::Output(const leveldb::DBImpl::CompactionState::Output&)',
          inlined from 'constexpr _Tp* std::construct_at(_Tp*, _Args&& ...) [with _Tp = leveldb::DBImpl::CompactionState::Output; _Args = {const leveldb::DBImpl::CompactionState::Output&}]' at /usr/include/c++/16/bits/stl_construct.h:110:9,
          inlined from 'static constexpr void std::allocator_traits<std::allocator<_Up> >::construct(allocator_type&, _Up*, _Args&& ...) [with _Up = leveldb::DBImpl::CompactionState::Output; _Args = {const leveldb::DBImpl::CompactionState::Output&}; _Tp = leveldb::DBImpl::CompactionState::Output]' at /usr/include/c++/16/bits/alloc_traits.h:716:21,
          inlined from 'constexpr void std::vector<_Tp, _Alloc>::_M_realloc_append(_Args&& ...) [with _Args = {const leveldb::DBImpl::CompactionState::Output&}; _Tp = leveldb::DBImpl::CompactionState::Output; _Alloc = std::allocator<leveldb::DBImpl::CompactionState::Output>]' at /usr/include/c++/16/bits/vector.tcc:594:26,
          inlined from 'constexpr void std::vector<_Tp, _Alloc>::push_back(const value_type&) [with _Tp = leveldb::DBImpl::CompactionState::Output; _Alloc = std::allocator<leveldb::DBImpl::CompactionState::Output>]' at /usr/include/c++/16/bits/stl_vector.h:1417:21,
          inlined from 'leveldb::Status leveldb::DBImpl::OpenCompactionOutputFile(CompactionState*)' at leveldb/db/db_impl.cc:808:31:
      leveldb/db/db_impl.cc:57:10: error: 'out.leveldb::DBImpl::CompactionState::Output::file_size' may be used uninitialized [-Werror=maybe-uninitialized]
         57 |   struct Output {
            |          ^~~~~~
      leveldb/db/db_impl.cc: In member function 'leveldb::Status leveldb::DBImpl::OpenCompactionOutputFile(CompactionState*)':
      leveldb/db/db_impl.cc:804:29: note: 'out' declared here
        804 |     CompactionState::Output out;

  ## What was done?
  Original leveldb's commit is ad9b1c989380538bfb19c5c65df0d3f72d8ed62b Backported to Bitcoin Core by bitcoin#34470 Though, that too many unrelated changes meanwhile. That's temporary fix until leveldb's version won't be properly updated.

  ## How Has This Been Tested?
  Together with dashpay#7392 I finally compile dash core with gcc 16 again.

  ## Breaking Changes
  N/A

  ## Checklist:
  - [x] I have performed a self-review of my own code
  - [ ] I have commented my code, particularly in hard-to-understand areas
  - [ ] I have added or updated relevant unit/integration/functional/e2e tests
  - [ ] I have made corresponding changes to the documentation
  - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_

ACKs for top commit:
  UdjinM6:
    utACK 75b19b3

Tree-SHA512: 985042f04a4df7b20aaa773d302401af948099ae8c29d6669f0441e654b9c8847942e75574c52d1652411e321b80b1861f93c163792636d1246bea9edc99c249
Resolves conflicts caused by master's DKG intake hardening and instantsend
queue-cap fixes landing while develop had refactored the same code paths
into src/llmq/net_dkg.cpp and src/instantsend/net_instantsend.cpp.

- src/llmq/dkgsession.h: adopt master's split, include llmq/dkgmessages.h
  instead of inlining the four DKG message classes.
- src/llmq/dkgmessages.h: use util/std23.h / std23::to_underlying to match
  develop's convention (master used util/underlying.h).
- src/active/dkgsessionhandler.cpp, src/llmq/dkgsessionmgr.cpp: keep
  develop's layout (the ProcessMessage / BatchVerify / HandleDKGRound path
  now lives in net_dkg.cpp).
- src/llmq/net_dkg.cpp: port master's hardening into develop's layout:
  * BatchVerifyMessageSigs skips messages with invalid signatures before
    AggregateInsecure(), bails when no valid pubkeys were accumulated,
    and defends the single-verification fallback against null members
    and invalid sigs.
  * NetDKG::ProcessMessage rejects non-MNAuth-verified peers, oversized
    payloads (MaxDKGMessageSize) and structurally-invalid payloads
    (CheckDKGMessageStructure) before retention.
- src/instantsend/instantsend.cpp: keep develop's PreVerifyIsLock, and
  extend AddPendingISLock with the pendingNoTxInstantSendLocks queue cap
  from master.
- src/test/bls_tests.cpp: combine both sides' new includes.
@thepastaclaw

Copy link
Copy Markdown
Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

✅ No Merge Conflicts Detected

This PR currently has no conflicts with other open PRs.

@thepastaclaw

thepastaclaw commented Jul 1, 2026

Copy link
Copy Markdown
Author

✅ Review complete (commit 2dd6190)

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a2ac12f2-d2b0-4b73-a5e5-c7bec517b6f3

📥 Commits

Reviewing files that changed from the base of the PR and between 11cb440 and 2dd6190.

📒 Files selected for processing (1)
  • src/llmq/dkgsession.h
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/llmq/dkgsession.h

Walkthrough

This PR updates Dash Core version metadata to v23.1.7, refreshes man pages and release notes, and adds a new v23.1.5 release-notes document. It also introduces DKG message types in a new header and adds validation for BLS verification inputs, governance bloom filters, InstantSend lock sizes, DKG message size/structure/signatures, and receive-paused socket handling. New unit and functional tests cover the added validation paths.

Estimated code review effort: 4 (Complex) | ~60 minutes

Possibly related PRs

  • dashpay/dash#7299: Shares the src/governance/net_governance.cpp ProcessMessage path and related governance message handling.
  • dashpay/dash#7314: Overlaps with the DKG networking/session flow in src/llmq/net_dkg.cpp and related validation logic.
  • dashpay/dash#7379: Also updates version/build metadata and downstream release artifacts around configure.ac.

Suggested reviewers: UdjinM6, PastaPastaPasta, knst

Sequence Diagram(s)

sequenceDiagram
  participant Peer
  participant NetDKG
  participant CDKGSession
  Peer->>NetDKG: push DKG message
  NetDKG->>NetDKG: verify GetVerifiedProRegTxHash()
  NetDKG->>NetDKG: check size vs MaxDKGMessageSize
  NetDKG->>NetDKG: CheckDKGMessageStructure(msg)
  NetDKG->>CDKGSession: PreVerifyMessage(msg)
  CDKGSession->>CDKGSession: validate sig.IsValid()
  CDKGSession-->>NetDKG: accept or mark peer bad
Loading
sequenceDiagram
  participant Peer
  participant NetInstantSend
  participant CInstantSendManager
  Peer->>NetInstantSend: ISDLOCK message
  NetInstantSend->>NetInstantSend: check inputs.size() > MAX_INPUTS
  NetInstantSend-->>Peer: reject and misbehave if oversized
  NetInstantSend->>CInstantSendManager: enqueue lock
  CInstantSendManager->>CInstantSendManager: check pending queue size
  CInstantSendManager-->>NetInstantSend: drop or store
Loading
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 21.05% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the change set: this is a merge-back from master into develop after the v23.1.7 release.
Description check ✅ Passed The description directly explains the merge-back, conflicts resolved, and follow-up fixes, so it is clearly on-topic.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
test/functional/p2p_govsync_bloom.py (1)

48-70: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Solid coverage of the nHashFuncs boundary; consider also covering vData size.

The test validates the nHashFuncs bound but not the vData (36000-byte) bound also enforced by IsWithinSizeConstraints(). Optional addition for completeness.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/functional/p2p_govsync_bloom.py` around lines 48 - 70, The
GovsyncBloomCapTest currently checks only the nHashFuncs limit in
msg_govsync/IsWithinSizeConstraints(), but it does not cover the vData
36000-byte limit. Extend run_test in GovsyncBloomCapTest to add a case that
sends a govsync request with an oversized vData bloom filter payload and verify
the peer is disconnected, keeping the existing good_peer and bad_peer boundary
checks intact.
test/functional/feature_llmq_dkg_intake.py (1)

107-119: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Add the QWATCH-then-push regression here.

The new gate in src/llmq/net_dkg.cpp explicitly says unauthenticated QWATCH must not bypass MN verification, but this test only covers a plain unverified sender. A peer that sends QWATCH first and then pushes qcontrib/qpcommit is the edge case most likely to regress this hardening, so it should be asserted alongside this case.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/functional/feature_llmq_dkg_intake.py` around lines 107 - 119, Add a
regression check in test_unverified_sender_rejected for the QWATCH-first path:
alongside the existing unverified peer loop, use the same P2PInterface peer to
send an unauthenticated QWATCH before any push message, then verify subsequent
DKG_PUSH_TYPES still trigger the “DKG message from non-verified peer” debug log
and ban score increments. Keep the assertion in the same test helper flow so the
coverage explicitly exercises the new net_dkg.cpp gate against QWATCH followed
by qcontrib/qpcommit pushes.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/instantsend/instantsend.h`:
- Around line 57-63: The current MAX_PENDING_INSTANTSEND_LOCKS cap in
InstantSend only limits item count, but each pending lock can carry many
outpoints, so memory can still grow far beyond the intended bound. Update the
pending-queue limit logic in the InstantSend codepath (using
MAX_PENDING_INSTANTSEND_LOCKS and the
pendingInstantSendLocks/pendingNoTxInstantSendLocks handling) to enforce a
total-byte budget instead of, or in addition to, a simple count. Make the
rejection/drain logic account for InstantSendLock::MAX_INPUTS so a single queue
cannot retain near-gigabyte outpoint storage under flood conditions.

In `@src/llmq/dkgsession.h`:
- Line 8: The dkgsession header is no longer self-contained because
ReceiveMessageState and the std::optional<CInv> APIs still rely on CInv, but the
current include set does not guarantee that type. Restore the direct protocol.h
include in src/llmq/dkgsession.h alongside llmq/dkgmessages.h so the
declarations that use CInv remain valid regardless of transitive includes.

---

Nitpick comments:
In `@test/functional/feature_llmq_dkg_intake.py`:
- Around line 107-119: Add a regression check in test_unverified_sender_rejected
for the QWATCH-first path: alongside the existing unverified peer loop, use the
same P2PInterface peer to send an unauthenticated QWATCH before any push
message, then verify subsequent DKG_PUSH_TYPES still trigger the “DKG message
from non-verified peer” debug log and ban score increments. Keep the assertion
in the same test helper flow so the coverage explicitly exercises the new
net_dkg.cpp gate against QWATCH followed by qcontrib/qpcommit pushes.

In `@test/functional/p2p_govsync_bloom.py`:
- Around line 48-70: The GovsyncBloomCapTest currently checks only the
nHashFuncs limit in msg_govsync/IsWithinSizeConstraints(), but it does not cover
the vData 36000-byte limit. Extend run_test in GovsyncBloomCapTest to add a case
that sends a govsync request with an oversized vData bloom filter payload and
verify the peer is disconnected, keeping the existing good_peer and bad_peer
boundary checks intact.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8e1878a2-215b-4781-a210-4fe522da45a9

📥 Commits

Reviewing files that changed from the base of the PR and between 547bf5e and 11cb440.

📒 Files selected for processing (32)
  • configure.ac
  • contrib/flatpak/org.dash.dash-core.metainfo.xml
  • doc/man/dash-cli.1
  • doc/man/dash-qt.1
  • doc/man/dash-tx.1
  • doc/man/dash-util.1
  • doc/man/dash-wallet.1
  • doc/man/dashd.1
  • doc/release-notes.md
  • doc/release-notes/dash/release-notes-23.1.5.md
  • src/Makefile.am
  • src/bls/bls_worker.cpp
  • src/consensus/consensus.h
  • src/governance/net_governance.cpp
  • src/instantsend/instantsend.cpp
  • src/instantsend/instantsend.h
  • src/instantsend/lock.cpp
  • src/instantsend/lock.h
  • src/instantsend/net_instantsend.cpp
  • src/llmq/dkgmessages.h
  • src/llmq/dkgsession.cpp
  • src/llmq/dkgsession.h
  • src/llmq/dkgsessionmgr.cpp
  • src/llmq/net_dkg.cpp
  • src/net.cpp
  • src/net.h
  • src/test/bls_tests.cpp
  • src/test/evo_islock_tests.cpp
  • src/test/net_tests.cpp
  • test/functional/feature_llmq_dkg_intake.py
  • test/functional/p2p_govsync_bloom.py
  • test/functional/test_runner.py
💤 Files with no reviewable changes (1)
  • src/llmq/dkgsessionmgr.cpp
Comment thread src/instantsend/instantsend.h
Comment thread src/llmq/dkgsession.h

@thepastaclaw thepastaclaw left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

Clean release merge-back of v23.1.7 from master into develop. Both agents independently confirmed the conflict resolution is coherent: DKG hardening ported into develop's split net_dkg.cpp/net_instantsend.cpp layout, dkgmessages.h wired into Makefile.am, functional tests registered in test_runner.py, no conflict markers, and no consensus semantics altered.

Two new CodeRabbit inline findings were reviewed and found out of scope: (1) the item-count MAX_PENDING_INSTANTSEND_LOCKS cap in instantsend.h landed on master via commit 0a681db and shipped in v23.1.7 — a byte-budget refinement critiques already-released master design, not the merge resolution; (2) the dkgsession.h include swap to <llmq/dkgmessages.h> was master's own change (dkgmessages.h on master likewise omits <protocol.h>) and CInv reaches the header transitively — a header-hygiene nit inherited from a shipped release, not a build-breaking merge defect.

Posted as a COMMENT review because GitHub does not allow APPROVE on my own PR.

@thepastaclaw

Copy link
Copy Markdown
Author

CodeRabbit's two inline findings are already withdrawn after the merge-back scope check. The two remaining review-level items are useful test-coverage ideas, but they both target code/tests that landed on master and shipped in v23.1.7; I don't want this merge-back PR to diverge from the released branch just to add extra coverage. Treating them as nonblocking follow-ups for develop/master, not changes for this PR.

@thepastaclaw

Copy link
Copy Markdown
Author

Correction to my earlier triage: CI proved the dkgsession.h self-containment finding was a real build blocker, not just a hygiene nit. The source builds fail on missing CInv when compiling active/dkgsession.cpp through this header.

Fixed in 2dd61907ea by restoring the direct <protocol.h> include. CodeRabbit was right on that one; the remaining test-coverage suggestions are still nonblocking merge-back follow-ups.

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

@thepastaclaw Thanks for confirming and fixing this in 2dd61907ea — glad the <protocol.h> include restoration resolved the CInv build failure in active/dkgsession.cpp. Triggering a fresh review now.

(๑•̀ㅂ•́)و good catch confirmed!


✏️ Learnings added
Learnt from: thepastaclaw
URL: https://github.com/dashpay/dash/pull/7397

Timestamp: 2026-07-01T17:24:45.856Z
Learning: In the dashpay/dash repository, `src/llmq/dkgsession.h` must directly include `<protocol.h>` (not rely on transitive includes) because `active/dkgsession.cpp` depends on `CInv` from that header when compiled through `dkgsession.h`. Removing the direct include causes a build failure due to missing `CInv`.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@thepastaclaw thepastaclaw left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

Latest delta is a one-line #include <protocol.h> in src/llmq/dkgsession.h, which is required because the header exposes CInv as a member and in four ReceiveMessage return signatures. This fixes the previously out-of-scope CodeRabbit self-containment note. No new defects were introduced; the merge-back correctly preserves master's DKG intake hardening, InstantSend queue caps, BLS null-vvec guard, governance bloom bound, and socket-handler busy-loop fix in develop's refactored layout.

Posted as a COMMENT review because GitHub does not allow approving my own PR.

Prior review reconciliation: the previous automated review at 11cb440f had no in-scope findings to carry forward. The earlier out-of-scope CodeRabbit dkgsession.h self-containment note is now fixed/outdated by the direct #include <protocol.h> restoration in this head, and CodeRabbit has no active inline findings to react to on 2dd61907.

No in-scope findings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants