Add ENR v5 bootnodes support for DiscV5 discovery#9970
Merged
Conversation
Use discovery protocol version flag to determine bootnode format instead of prefix detection. Add discovery.v5Bootnodes section to mainnet.json and hoodi.json with ENR entries from eth-clients repos. Add DiscoveryOptions.getV5BootNodes() and unit tests. Signed-off-by: Usman Saleem <usman@usmans.info>
- EthNetworkConfig.getNetworkConfig() now reads bootnodes (V4) and v5Bootnodes (V5) separately instead of detecting format by prefix - Remove dead MAINNET fallback null-checks in RunnerBuilder (record constructor enforces non-null) - Clear both enode and ENR bootnode lists for custom genesis files - Fix DiscoveryOptions V5_BOOTNODES_KEY to lowercase (GenesisReader normalizeKeys lowercases all JSON keys) - Add enrBootNodes assertions to EthNetworkConfigTest Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds explicit ENR (DiscV5) bootnode support alongside existing enode (DiscV4) bootnodes, wiring parsing through config and CLI so both formats can be configured and cleared correctly.
Changes:
- Introduces
v5Bootnodesgenesis config support and parsing viaDiscoveryOptions.getV5BootNodes() - Loads ENR bootnodes for mainnet/hoodi and validates via updated tests
- Updates CLI/network config plumbing to keep enode vs ENR bootnodes separate and clearable
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| config/src/main/java/org/hyperledger/besu/config/DiscoveryOptions.java | Adds parsing for v5 (ENR) bootnodes |
| config/src/test/java/org/hyperledger/besu/config/DiscoveryOptionsTest.java | Adds unit tests covering v5bootnodes parsing behavior |
| config/src/main/resources/mainnet.json | Adds ENR bootnodes list for DiscV5 |
| config/src/main/resources/hoodi.json | Adds ENR bootnodes list for DiscV5 |
| app/src/main/java/org/hyperledger/besu/cli/config/EthNetworkConfig.java | Loads enode and ENR bootnodes independently from genesis |
| app/src/main/java/org/hyperledger/besu/cli/BesuCommand.java | Simplifies bootnode parsing based on DiscV5 flag; clears both lists on explicit empty |
| app/src/main/java/org/hyperledger/besu/RunnerBuilder.java | Removes MAINNET fallback null-checks; logs enode+ENR bootnodes |
| app/src/test/java/org/hyperledger/besu/cli/config/EthNetworkConfigTest.java | Asserts ENR bootnodes load for mainnet/hoodi |
| app/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java | Asserts empty --bootnodes clears both enode and ENR lists |
Only one discovery protocol (V4 or V5) is active at a time. Clear the non-applicable bootnode list when setting bootnodes to avoid carrying stale defaults that would never be used. Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
…otnodeIdentifiers - Only clear the non-applicable bootnode list when --bootnodes is explicitly provided via CLI; genesis defaults keep both lists intact - Replace heuristic fallback in getBootnodeIdentifiers() with explicit discoveryV5Enabled flag check Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Now that mainnet.json includes v5Bootnodes, use getNetworkConfig(MAINNET) instead of hardcoding empty ENR bootnode list in test expectation. Signed-off-by: Usman Saleem <usman@usmans.info>
Use getNetworkConfig(MAINNET) instead of hardcoding empty ENR list. Signed-off-by: Usman Saleem <usman@usmans.info>
usmansaleem
force-pushed
the
fix/9968-enr-bootnodes
branch
from
dc0ebca to
6756407
Compare
ENR identity scheme v4 always encodes public keys using secp256k1, regardless of the node's configured signature algorithm. Use a static SECP256K1 instance instead of SignatureAlgorithmFactory.getInstance() which returns the globally active algorithm (could be secp256r1). This fixes startup failure with "Invalid point compression" when Besu is configured with secp256r1 and mainnet ENR bootnodes are loaded. Signed-off-by: Usman Saleem <usman@usmans.info>
|
|
||
| // ENR identity scheme v4 always uses secp256k1, independent of the node's signature algorithm | ||
| private static final SignatureAlgorithm SECP256K1 = | ||
| SignatureAlgorithmType.DEFAULT_SIGNATURE_ALGORITHM_TYPE.get(); |
There was a problem hiding this comment.
The comment says ENR identity scheme v4 always uses secp256k1, but the code initializes SECP256K1 using DEFAULT_SIGNATURE_ALGORITHM_TYPE. If the default signature algorithm is ever changed/configurable, ENR public-key decompression would use the wrong curve. Use an explicit secp256k1 algorithm/type (e.g., a dedicated SECP256K1/SECP256K1 enum constant or factory selector) rather than the default.
Suggested change
| SignatureAlgorithmType.DEFAULT_SIGNATURE_ALGORITHM_TYPE.get(); | |
| SignatureAlgorithmType.SECP256K1.get(); |
Contributor
Author
There was a problem hiding this comment.
will not fix. Default Ethereum signature will remain secp256k1. If it ever changes to a different algorithm, the ENR would also reflect the same.
| var curve = SignatureAlgorithmFactory.getInstance().getCurve(); | ||
| var ecPoint = curve.getCurve().decodePoint(keyBytes.toArrayUnsafe()); | ||
| // ENR identity scheme v4 always uses secp256k1 for the public key | ||
| var ecPoint = SECP256K1.getCurve().getCurve().decodePoint(keyBytes.toArrayUnsafe()); |
There was a problem hiding this comment.
The comment says ENR identity scheme v4 always uses secp256k1, but the code initializes SECP256K1 using DEFAULT_SIGNATURE_ALGORITHM_TYPE. If the default signature algorithm is ever changed/configurable, ENR public-key decompression would use the wrong curve. Use an explicit secp256k1 algorithm/type (e.g., a dedicated SECP256K1/SECP256K1 enum constant or factory selector) rather than the default.
macfarla
reviewed
Mar 5, 2026
Contributor
macfarla
left a comment
macfarla
left a comment
There was a problem hiding this comment.
think it's worth noting somewhere that while you can specify both types of bootnodes in the genesis, they can't be both used simultaneously
| bootNodeElement -> { | ||
| if (!bootNodeElement.isTextual()) { | ||
| throw new IllegalArgumentException( | ||
| V5_BOOTNODES_KEY + " does not contain a string: " + bootNodeElement); |
Contributor
There was a problem hiding this comment.
think it would be more helpful to say "must contain strings of the form enr:-xyz"
Contributor
Author
There was a problem hiding this comment.
I followed how bootnodes were parsed from the genesis configuration file in getBootNodes in the same file.
Signed-off-by: Usman Saleem <usman@usmans.info>
Contributor
Author
Do you mean in the documentation? https://besu.hyperledger.org/public-networks/reference/genesis-items#discovery-configuration-items |
Signed-off-by: Usman Saleem <usman@usmans.info>
Contributor
now you can specify v4 and v5 bootnodes in the genesis - as long as we doc it so it makes sense for users |
usmansaleem
added
the
doc-change-required
Contributor
Author
Added the |
macfarla
approved these changes
Mar 6, 2026
Contributor
macfarla
left a comment
macfarla
left a comment
There was a problem hiding this comment.
should this have a changelog entry?
Also a couple of validations that could be added, otherwise LGTM
Missing validation of ENR strings from CLI — When isV5 && cliBootnodesProvided, the raw strings go through BootnodeResolver.resolve() then EthereumNodeRecord.fromEnr(). If the user passes enode URLs with --Xv5-discovery-enabled, they'll get a parse error from fromEnr(). A more helpful error message saying "ENR format expected when V5 discovery is enabled" would improve UX.
No test for CLI --bootnodes with V5 enabled — The BesuCommandTest changes verify empty bootnodes behavior, but there's no test covering the isV5 = true path where --bootnodes enr:... is provided via CLI. This is the main new code path.
…tests - Catch RuntimeException (including DecodeException from discovery lib) for invalid ENR parsing, in addition to IllegalArgumentException - Add "Invalid bootnode format:" prefix for non-IAE runtime errors - Add tests: valid single ENR, valid comma-separated ENRs, and parameterized invalid ENR values with V5 discovery enabled Signed-off-by: Usman Saleem <usman@usmans.info>
Wrap individual ENR parsing with a clear error that includes the offending value and expected format, e.g.: Invalid ENR bootnode: 'extra'. ENR bootnodes must start with 'enr:'. Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
- Add calculateECDHKeyAgreementCompressed through the crypto stack (SignatureAlgorithm, SecurityModule, NodeKey) to return the full compressed EC point (33 bytes) required by DiscV5 HKDF key derivation. - Handle compressed public keys (33-byte 0x02/0x03 prefix) in the NodeKeySigner.deriveECDHKeyAgreement used by the discovery library. - Fix candidatePeers() to use isListening() instead of isReadyForConnections(), which required DiscV4 bonding status that is never set for DiscV5-discovered peers. - Filter out the local node record from candidate peers returned by streamLiveNodes(). Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info> # Conflicts: # plugin-api/build.gradle # plugin-api/src/main/java/org/hyperledger/besu/plugin/services/securitymodule/SecurityModule.java
Instead of relying on DEFAULT_SIGNATURE_ALGORITHM_TYPE, explicitly create a secp256k1 instance since ENR identity scheme v4 always uses secp256k1 regardless of the node's signature algorithm. Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
alexandratran
removed
the
doc-change-required
daniellehrner
pushed a commit
to daniellehrner/besu
that referenced
this pull request
Mar 23, 2026
Add ENR (enr:) bootnode support for DiscV5 discovery by introducing a new v5Bootnodes section in genesis config alongside the existing bootnodes (enode) section.
Genesis config changes:
- Add v5Bootnodes to config.discovery for ENR-format bootnodes
- Add getV5BootNodes() to DiscoveryOptions to parse the new section
- Populate mainnet.json with 17 ENR bootnodes and hoodi.json with 9
Bootnode parsing simplification:
- Use --Xv5-discovery-enabled flag to determine expected format (ENR vs enode) instead of prefix detection heuristic
- EthNetworkConfig reads bootnodes and v5Bootnodes independently
- CLI --bootnodes overrides the active protocol's list and clears
the unused protocol's list; genesis defaults keep both intact
- Replace heuristic fallback in getBootnodeIdentifiers() with
explicit discoveryV5Enabled flag check
DiscV5 peer connection pipeline fixes:
- Handle compressed public keys (33-byte SEC1) in
NodeKeySigner.deriveECDHKeyAgreement
- Fix candidatePeers() to use isListening() instead of
isReadyForConnections() which requires DiscV4 bonding status
- Filter out the local node record from streamLiveNodes()
- Explicitly use secp256k1 for ENR identity scheme v4
Cleanup:
- Remove dead MAINNET fallback null-checks in RunnerBuilder
---------
Signed-off-by: Usman Saleem <usman@usmans.info>
daniellehrner
pushed a commit
to daniellehrner/besu
that referenced
this pull request
Mar 23, 2026
Add ENR (enr:) bootnode support for DiscV5 discovery by introducing a new v5Bootnodes section in genesis config alongside the existing bootnodes (enode) section.
Genesis config changes:
- Add v5Bootnodes to config.discovery for ENR-format bootnodes
- Add getV5BootNodes() to DiscoveryOptions to parse the new section
- Populate mainnet.json with 17 ENR bootnodes and hoodi.json with 9
Bootnode parsing simplification:
- Use --Xv5-discovery-enabled flag to determine expected format (ENR vs enode) instead of prefix detection heuristic
- EthNetworkConfig reads bootnodes and v5Bootnodes independently
- CLI --bootnodes overrides the active protocol's list and clears
the unused protocol's list; genesis defaults keep both intact
- Replace heuristic fallback in getBootnodeIdentifiers() with
explicit discoveryV5Enabled flag check
DiscV5 peer connection pipeline fixes:
- Handle compressed public keys (33-byte SEC1) in
NodeKeySigner.deriveECDHKeyAgreement
- Fix candidatePeers() to use isListening() instead of
isReadyForConnections() which requires DiscV4 bonding status
- Filter out the local node record from streamLiveNodes()
- Explicitly use secp256k1 for ENR identity scheme v4
Cleanup:
- Remove dead MAINNET fallback null-checks in RunnerBuilder
---------
Signed-off-by: Usman Saleem <usman@usmans.info>
daniellehrner
added a commit
that referenced
this pull request
Mar 23, 2026
* Add -Pcases to jmh (#9982) e.g. ./gradlew --no-daemon :ethereum:core:jmh -Pincludes=Mod -Pexcludes=Mul,Add,SMod -Pcases=MOD_256_128,MOD_256_192 Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * Preserve caller-provided gas pricing in eth_simulateV1 results (#9972) * preserve caller-provided gas prices in TransactionSimulator When isAllowExceedingBalance is true but the caller explicitly provided non-zero gas pricing parameters, preserve them and the block header's baseFee so effective gas price is computed correctly during execution. This ensures gas fees are actually charged so that stateRoot and block hash are correct in eth_simulateV1 results. When gas params are absent or zero (typical eth_call, or explicitly zero maxFeePerGas), behavior is unchanged - all fields stay zero and baseFee is zeroed to avoid validation failures. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix edge cases for MOD variants (#9934) This commit fixes 2 issues: - in mulSubOverflow there was no addBack in case of limb overflow; - reductions were too few in the case that the higher limb exceeds modulus. Co-authored-by: Luis Pinto <luis.pinto@consensys.net> Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * Removing memoize from the signature algorithm (#8619) (#9777) Removing memoize from the signature algorithm (#8619) Signed-off-by: mamoralesiob <miguelangel@io.builders> Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * Benchmarking docs (#9998) * Update benchmarking docs with -Pcases Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * CHANGELOG for #9982 Signed-off-by: Simon Dudley <simon.dudley@consensys.net> --------- Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * Disconnect reason (#9901) * return the correct disconnect reason Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net> Signed-off-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> * Migrate JSR305 nullness annotations to JSpecify (#9995) - Replace javax.annotation.Nullable and javax.annotation.CheckForNull with org.jspecify.annotations.Nullable across 18 Java files - Update platform constraint to org.jspecify:jspecify:1.0.0 - Replace compileOnly com.google.code.findbugs:jsr305 with compileOnly org.jspecify:jspecify in affected modules Signed-off-by: Mykim <38449976+Apisapple@users.noreply.github.com> Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: Mykim <kimminyong2034@gmail.com> * Fix flaky BundleSelectorPluginTest on slow CI runners (#9999) Increase poa-block-txs-selection-max-time to 95% for the bundle failure tests so the plugin has ~712ms instead of ~562ms to process transactions. The failure tests are not testing timeout behaviour, so the tighter budget was only causing intermittent PLUGIN_SELECTION_TIMEOUT events on loaded CI machines before the invalid transaction could be reached. Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix flaky BackwardSyncContextTest on slow CI runners (#10000) shouldSyncUntilHash and shouldSyncUntilRemoteBranch used isCompleted() inside untilAsserted, which only passes for normal completion. On slow CI machines the backward sync occasionally completes the future exceptionally, causing isCompleted() to fail on every retry until the 30s Awaitility timeout, which then rethrows the AssertionError. Change to isDone() inside the Awaitility block (matching the fix applied to shouldAddExpectedBlock in #9856) so Awaitility exits as soon as the future reaches any terminal state. The subsequent future.get() will then surface the real exception if the sync failed. Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * potential fix for race condidion affecting ATs (#9929) Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Use sha256 hardware implementation (#9924) * use sha256 hardware implementation if available, if not fall back to sun.security.provider.SHA2$SHA256 Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> --------- Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * Log ENR URL at startup alongside enode URL (#10003) When discovery produces a local ENR, log it at INFO level right after the enode URL so operators can easily find both identifiers. Closes #9967 Signed-off-by: Usman Saleem <usman@usmans.info> * fix(metrics): prevent duplicate OTel callback registration (#9653) (#9957) Signed-off-by: kkaur01 <kanchan.kaur@consensys.net> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Kanchan Kaur <87459628+kkaur01@users.noreply.github.com> * disable forest TraceJsonRpcHttpBySpecTest (#10005) Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Add config option for max blobs per block (#9983) * add max-blobs-per-block CLI option Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update GitHub repository references from hyperledger/besu to besu-eth/besu (#10015) Prepare for org migration by updating all GitHub repository references to the new besu-eth organization. External service URLs (Docker Hub, Artifactory, docs site, homebrew, wiki, email) are intentionally left unchanged for a separate rebranding phase. Closes #9911 (Phase 1 final step) Signed-off-by: jflo <justin+github@florentine.us> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Justin Florentine <justin+github@florentine.us> * 26.3.0-rc0 prep (#10017) * Update GitHub repository references from hyperledger/besu to besu-eth/besu Prepare for org migration by updating all GitHub repository references to the new besu-eth organization. External service URLs (Docker Hub, Artifactory, docs site, homebrew, wiki, email) are intentionally left unchanged for a separate rebranding phase. Closes #9911 (Phase 1 final step) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: jflo <justin+github@florentine.us> * Update platform/build.gradle Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Justin Florentine <justin+github@florentine.us> * updated changelog and version Signed-off-by: jflo <justin+github@florentine.us> --------- Signed-off-by: jflo <justin+github@florentine.us> Signed-off-by: Justin Florentine <justin+github@florentine.us> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * enable local gradle caching (#10008) * enable gradle caching and configureondemand Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * comment Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * add comment and remove configureondemand Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Use existing RLP methods in trie log prune batch files (#10009) * feat: replace Java serialization with RLP in trie log prune batch files Replace saveTrieLogsInFile/readTrieLogsFromFile with the existing RLP-based saveTrieLogsAsRlpInFile/readTrieLogsAsRlpFromFile methods. Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * Add compressed ECDH key agreement to SecurityModule (#10007) Add `calculateECDHKeyAgreementCompressed` to the `SecurityModule` plugin API and its implementations, returning the full SEC1 compressed EC point (33 bytes) instead of just the x-coordinate. This is needed by the DiscV5 handshake which requires the compressed shared secret. Changes: - Add `calculateECDHKeyAgreementCompressed` default method to `SecurityModule` - Implement in `KeyPairSecurityModule` and expose via `NodeKey` - Extract shared `ecdhScalarMultiply` helper in `AbstractSECP256` to eliminate duplication between the x-only and compressed ECDH variants - Use `ECAlgorithms.cleanPoint` for EC point validation (curve membership check) - Add unit tests for ECDH key agreement across SECP256K1, SECP256R1, KeyPairSecurityModule, and NodeKey - Update plugin-api known checksum --------- Signed-off-by: Usman Saleem <usman@usmans.info> * Delay chain download if no peers, and handle cancellation ex (#9979) * delay snap chain download if zero peers * handle cancellation eg if no peers Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Add ENR v5 bootnodes support for DiscV5 discovery (#9970) Add ENR (enr:) bootnode support for DiscV5 discovery by introducing a new v5Bootnodes section in genesis config alongside the existing bootnodes (enode) section. Genesis config changes: - Add v5Bootnodes to config.discovery for ENR-format bootnodes - Add getV5BootNodes() to DiscoveryOptions to parse the new section - Populate mainnet.json with 17 ENR bootnodes and hoodi.json with 9 Bootnode parsing simplification: - Use --Xv5-discovery-enabled flag to determine expected format (ENR vs enode) instead of prefix detection heuristic - EthNetworkConfig reads bootnodes and v5Bootnodes independently - CLI --bootnodes overrides the active protocol's list and clears the unused protocol's list; genesis defaults keep both intact - Replace heuristic fallback in getBootnodeIdentifiers() with explicit discoveryV5Enabled flag check DiscV5 peer connection pipeline fixes: - Handle compressed public keys (33-byte SEC1) in NodeKeySigner.deriveECDHKeyAgreement - Fix candidatePeers() to use isListening() instead of isReadyForConnections() which requires DiscV4 bonding status - Filter out the local node record from streamLiveNodes() - Explicitly use secp256k1 for ENR identity scheme v4 Cleanup: - Remove dead MAINNET fallback null-checks in RunnerBuilder --------- Signed-off-by: Usman Saleem <usman@usmans.info> * Remove Clique RPC APIs and remaining DSL test infrastructure (Phase 2) (#9992) Delete the Clique JSON-RPC method implementations (clique_getSigners, clique_propose, clique_discard, clique_proposals, clique_getSignerMetrics, clique_getSignersAtHash) and all supporting classes: - consensus/clique/.../jsonrpc/ (production + test, 12 files) - CliqueQueryPluginServiceFactory (replaced with NoopPluginServiceFactory) - Acceptance-test DSL: condition/clique/ and transaction/clique/ packages - NodeRequests: drop CliqueRequestFactory field and clique() accessor - AcceptanceTestBase: drop clique/cliqueTransactions fields - BesuNode: remove CliqueRequestFactory from NodeRequests construction - NodeConfigurationFactory: remove createJsonRpcWithCliqueEnabledConfig() - BftConditions / AwaitValidatorSetChange: inline "latest" constant Remove RpcMethod entries CLIQUE_* and RpcApis.CLIQUE enum value. CliqueBesuControllerBuilder no longer overrides createAdditionalJsonRpcMethodFactory. Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Implement EIP-7975: eth/70 - partial block receipt lists (#9910) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Remove pre-eth/68 transaction announcement support and limit pooled tx requests by size (#9990) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> * Fix addMod case in Modulus256 (#10001) Fixes case in addMod for 256bit modulus, changes some strange logic in 64bit modulus for reduceNormalised with UInt256 and UInt257 dividends and refactor of unit tests to use parameterized tests. Signed-off-by: Luis Pinto <luis.pinto@consensys.net> * Use VarHandle in UInt256::fromBytesBE and uInt256::toBytesBE (#9976) Signed-off-by: Luis Pinto <luis.pinto@consensys.net> * Update --bootnodes description and throw exception is mixed enode and ENR bootnodes are present (#9955) * Update --bootnodes description and throw exception is mixed enode and ENR bootnodes are present Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Fix BesuCommandTest Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Revert changes to BesuCommand Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Revert changes to BesuCommand Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Apply suggestion from @macfarla Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Matilda-Clerke <matilda.clerke@consensys.net> --------- Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> Signed-off-by: Matilda-Clerke <matilda.clerke@consensys.net> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> * Remove Peer Task System feature toggle from DownloadBodiesStep (#9952) * Remove Peer Task System feature toggle from DownloadBodiesStep Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Fix FullSyncChainDownloaderForkTest Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Remove invalid test Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * spotless Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Fix FullSyncChainDownloaderTotalTerminalDifficultyTest Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Remove unneeded old code Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> * Fix infinite loop in CompleteBlocksWithPeerTask and add unit test Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> --------- Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> Signed-off-by: Matilda-Clerke <matilda.clerke@consensys.net> * Support IPv6 subnets in --net-restrict (#10028) * Replace commons-net SubnetUtils with IPAddress library for IPv6 subnet support Apache Commons Net SubnetUtils only supports IPv4 CIDR notation, causing --net-restrict to fail at CLI parse time for IPv6 subnets (e.g. fd00::/64). Replace it with the IPAddress library (com.github.seancfoley:ipaddress) which supports both IPv4 and IPv6 CIDR notation natively. Closes #10026 Signed-off-by: Usman Saleem <usman@usmans.info> * Address PR review: rename SubnetInfoConverter and add mixed IPv4+IPv6 test - Rename SubnetInfoConverter to SubnetCidrConverter to match new IPAddress return type - Add mixed IPv4+IPv6 test case ("127.0.0.0/24,fd00::/64") to BesuCommandTest parameterized net-restrict tests Signed-off-by: Usman Saleem <usman@usmans.info> * Add changelog entry for IPv6 --net-restrict support Signed-off-by: Usman Saleem <usman@usmans.info> --------- Signed-off-by: Usman Saleem <usman@usmans.info> * Implement `txpool_status` RPC method (#10002) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> * fix: add missing return for failed future in TransactionPool SaveRest… (#10020) * fix: add missing return for failed future in TransactionPool SaveRestoreManager The serializeAndDedupOperation() method creates a CompletableFuture.failedFuture() when the disk access lock times out, but does not return it. Execution falls through to return CompletableFuture.completedFuture(null), silently swallowing the timeout error. This can cause the transaction pool save/restore to silently fail, leading to loss of all pending transactions during sync state transitions. Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> * test: add test verifying timeout failure is propagated in SaveRestoreManager Add diskLockTimeoutIsPropagatedNotSwallowed test that acquires the disk access lock to simulate contention, then verifies that loadFromDisk() returns a failed future with TimeoutException rather than silently returning completedFuture(null). Also adds @VisibleForTesting accessors for getSaveRestoreManager() and getDiskAccessLock() to support the test. Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> * refactor: make SaveRestoreManager lock timeout configurable and simplify test assertion Address PR review feedback: make the disk access lock timeout configurable via a package-private setter so tests can use a short timeout (100ms) instead of blocking for 60 seconds. Simplify the test assertion to use assertThatThrownBy for cleaner style. Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> * refactor: expose save-restore lock timeout as unstable CLI option Add --Xtx-pool-save-restore-timeout as a hidden unstable option in TransactionPoolOptions, wired through TransactionPoolConfiguration, so SaveRestoreManager reads the timeout from config instead of using a @VisibleForTesting setter. This avoids modifying production code solely for testing and allows operators to tune the timeout for special use cases. Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> --------- Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> Signed-off-by: Cyrus <sridharpanigrahi2006@gmail.com> * Remove deprecation warning from `--block-txs-selection-max-time` still used in PoS networks (#10037) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> * Change log level to debug (#10023) Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> * Throw RLPException that is handled correctly instead of IllegalArgumentException (#10025) * throw RLPException that is handled correctly instead of IllegalArgumentException Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net> Signed-off-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * remove invalid warning pre glamsterdam (#10049) Signed-off-by: Karim Taam <karim.t2am@gmail.com> * Remove Clique block production and mining infrastructure (Phase 3) (#10035) Delete the blockcreation sub-package (6 production files + 6 test files): CliqueBlockCreator, CliqueBlockMiner, CliqueBlockScheduler, CliqueMinerExecutor, CliqueMiningCoordinator, CliqueProposerSelector, and CliqueMiningTracker. CliqueBesuControllerBuilder.createMiningCoordinator() now returns NoopMiningCoordinator. The overrideMiningConfiguration() override is removed (no longer forcing mining on). The localAddress field is removed as it was only needed for mining setup. CliqueProposerSelector is moved from blockcreation/ to the main clique package since it is still needed by CliqueHelpers.getProposerForBlockAfter(), which is called by CliqueDifficultyCalculator for block validation on Clique→PoS chains. EthStatsService no longer special-cases CliqueMiningCoordinator for isMining reporting; it falls through to the standard miningCoordinator.isMining() path. Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: use block's own hash for balance lookup in eth_estimateGas (#10042) calculateGasLimitUpperBound() was using blockHeader.getParentHash() to look up the sender's account balance. For historical and "latest" blocks this queries the state one block behind the state actually used by the transaction simulator, which can produce wrong gas estimates or spurious TRANSACTION_UPFRONT_COST_EXCEEDS_BALANCE errors when the sender's balance changed in the target block. Use the block's own hash (BlockHeader.getHash()) for concrete headers, keeping getParentHash() only for synthetic pending headers whose block does not yet exist. Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> Co-authored-by: Fabio Di Fabio <fabio.difabio@consensys.net> Signed-off-by: Cyrus <sridharpanigrahi2006@gmail.com> * Amsterdam: EIP-8037: State Creation Gas Cost Increase (#9815) * EIP-8037: multidimensional gas metering - EVM core Implement state gas tracking in the EVM layer: - StateGasCostCalculator and Eip8037StateGasCostCalculator for cost-per-state-byte - AmsterdamGasCalculator with split regular/state gas costs - MessageFrame state gas reservoir, spill, and collision tracking - State gas charging in SSTORE, CREATE, CALL, and SELFDESTRUCT operations Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * EIP-8037: protocol-level 2D gas accounting integration Wire state gas into transaction processing, block building, and validation: - MainnetTransactionProcessor: intrinsic state gas, reservoir init, spill handling - BlockGasAccountingStrategy.AMSTERDAM: 2D gas metering (max of regular, state) - BlockGasUsedValidator.AMSTERDAM: pre-refund 2D validation - OsakaTargetingGasLimitCalculator: Amsterdam constructor with uncapped tx gas limit - Block creation: 2D headroom checks for transaction selection - TransactionProcessingResult: carry state gas used Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * EIP-8037: update execution spec tests for bal-devnet-3 Update reference test fixtures to bal@v5.2.0 for EIP-8037 compatibility. Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * EIP-8037: extract TransactionGasAccounting and add test coverage Extract gas accounting logic from MainnetTransactionProcessor into a testable TransactionGasAccounting class with builder pattern. Add tests for SSTORE state gas, block gas accounting strategy, state gas spill, and regular gas limit enforcement. Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * trigger DCO re-check Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * Add -Pcases to jmh (#9982) e.g. ./gradlew --no-daemon :ethereum:core:jmh -Pincludes=Mod -Pexcludes=Mul,Add,SMod -Pcases=MOD_256_128,MOD_256_192 Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * Preserve caller-provided gas pricing in eth_simulateV1 results (#9972) * preserve caller-provided gas prices in TransactionSimulator When isAllowExceedingBalance is true but the caller explicitly provided non-zero gas pricing parameters, preserve them and the block header's baseFee so effective gas price is computed correctly during execution. This ensures gas fees are actually charged so that stateRoot and block hash are correct in eth_simulateV1 results. When gas params are absent or zero (typical eth_call, or explicitly zero maxFeePerGas), behavior is unchanged - all fields stay zero and baseFee is zeroed to avoid validation failures. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * trigger DCO re-check Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * spotless Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * update to BAL v5.3.0 spec tests Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * remove referenceTestDevnet test compilation from the referenceTest gradle task Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * addressed comments Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * renamed BlockGasAccountingStrategy.calculateBlockGas to calculateTransactionRegularGas Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * 1. use BlockGasAccountingStrategy.hasBlockCapacity() in AbstractBlockProcessor.java, AbstractBlockProcessorTest.java 2. move handleStateGasSpill into its own method 3. Added CREATE state gas underflow guard 4. Improved failCodeDepositWithoutRollback documentation Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> --------- Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> Signed-off-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * snap server - log enabled/disabled in config overview (#10039) * log snap server enabled/disabled in config overview * starting snapserver msg at info Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * fix: avoid TOCTOU race in eth_getBlockByNumber latestResult (#10051) * fix: avoid TOCTOU race in eth_getBlockByNumber latestResult getSyncStatus() was being called twice in latestResult() — once to check isEmpty() and again to call .get(). If sync completed between those two calls (clearSyncTarget() fires on the sync thread), the second call returned Optional.empty() and .get() threw NoSuchElementException, crashing the RPC handler. Fixed by capturing the result in a local variable so both the check and the read operate on the same snapshot. Added a test that reproduces the race: getSyncStatus() returns a present Optional on the first call and an empty one on the second, confirming the handler no longer throws. Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> --------- Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Cyrus <sridharpanigrahi2006@gmail.com> * reduce number of scenarios tested (#10055) Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * PeerTaskValidation accept NO_RESULTS_RETURNED (#10056) Per the ETH spec, a peer may return an empty response to GetBlockHeaders if it does not have the requested block. This is not a protocol violation. Treating it as a useless response causes the peer to be disconnected and denylisted after 5 retries, which is particularly harmful when only one server peer is available (e.g. during snap sync pivot selection). A server that is slightly behind the current safe block will always return empty for pivot header requests. The client should wait for the next safe block announcement rather than disconnecting its only peer. Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * reduce the number of iterations (#10057) Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * BySpecTests: run setup once instead of for each spec file (#10059) * run setup once instead of for each spec file * volatile boolean Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Fix eth_simulateV1 to accept both input and data fields with differen… (#9996) * Fix eth_simulateV1 to accept both input and data fields with different values * Added details of the fix to changelog Signed-off-by: kkaur01 <kanchan.kaur@consensys.net> --------- Signed-off-by: kkaur01 <kanchan.kaur@consensys.net> Signed-off-by: Kanchan Kaur <87459628+kkaur01@users.noreply.github.com> * logging improvements for breach of protocol for rlp (#10038) Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> * Plugin API: pass pending block header when creating selectors (#10034) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> * Use cache locality to improve Shift opcodes (#9878) * Use CPU cache locality and avoid on-CPU cache misses Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> * refactor stateroot commiter (#9879) Signed-off-by: Karim Taam <karim.t2am@gmail.com> * Deprecate `--min-block-occupancy-ratio` for removal and make it noop (#10036) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> * Add max used gas to eth_simulateV1 (#10066) * add max-gas-used to eth_simulateV1 results * pre-refund gas amounts for EIP-7702 delegation transactions Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * fix: send slim account encoding in snap AccountRange responses (#9877) * fix: send slim account encoding in snap AccountRange responses The snap protocol spec requires accounts to be sent in slim RLP encoding on the wire, where empty storageRoot and codeHash fields are encoded as 0x80 (RLP empty bytes) rather than the full 32-byte default hashes. Besu was sending the full encoding, causing response sizes to be larger than expected and failing hive snap protocol AccountRange tests. * test: verify AccountRangeMessage uses slim encoding on wire Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> * Fix typed receipt encoding in putSyncTransactionReceipts (#10044) * Fix typed receipt encoding in putSyncTransactionReceipts Receipts received via snap sync (eth/68) arrive through ReceiptsMessage.deserializeReceiptLists() which calls readBytes(), stripping the outer RLP bytes-element wrapper and leaving raw typeCode||rlp_body bytes (first byte in 0x01-0x7f). When these were passed directly to SimpleNoCopyRlpEncoder.encodeList(), the single-byte type code (e.g. 0x02 for EIP-1559) was stored as a standalone RLP item and the rlp_body as another, splitting one receipt into two items. On read-back, TransactionReceiptDecoder.readFrom() saw only the 1-byte type code, called slice(1) producing Bytes.EMPTY, and enterList() threw RLPException -- causing the server to disconnect peers with BREACH_OF_PROTOCOL_MALFORMED_MESSAGE_RECEIVED. Fix by checking if the raw bytes start with a byte < 0x80 (raw EIP-2718 type code with no RLP wrapper) and, if so, encoding them as a proper RLP bytes element via NO_COPY_RLP_ENCODER.encode(). Receipts that already carry a valid RLP element header (>= 0x80: either a string prefix 0x80-0xbf or list prefix 0xc0-0xff) are stored unchanged. Adds a test that simulates the network receive path (readBytes() stripping the outer wrapper) for EIP-1559 and ACCESS_LIST receipts. Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * review comments Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> * fix: add blockchain-head guard to handleBlockTimerExpiry (#10052) * fix: add blockchain-head guard to handleBlockTimerExpiry Signed-off-by: Qian-Cheng-nju <Qian-Cheng-nju@users.noreply.github.com> Signed-off-by: Qian Cheng <91401632+Qian-Cheng-nju@users.noreply.github.com> * Fix eth/69 receipt encoding for Frontier tx (#9900) * test: combine snap fixes and enable Besu-to-Besu snap sync test Cherry-pick all snap fixes (#9876, #9877, #9855) and Fabio's CliqueToPoSTest from #9852 with the snap sync section uncommented. * allow pivot distance to be customized for test * request tracking bug * Frontier receipts were never detected as Frontier Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * fix: use getEthSerializedType in SyncTransactionReceiptDecoder for Frontier receipts The decoder was storing Frontier type code as getSerializedType() (0xf8) but the encoder checks getEthSerializedType() (0x00). When a peer sends Frontier receipts with empty type bytes (e.g. reth), the decoder stored 0xf8, the encoder didn't recognize it as Frontier, and encoded it as a typed receipt - producing wrong receipt roots and disconnecting the peer. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * logging improvements for breach of protocol for rlp * Fix typed receipt encoding in putSyncTransactionReceipts Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fallback to resync (#10019) Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Revert tracer aggregator (#10068) * Revert "Tracer aggregator (#9745)" This reverts commit 219b28e. TracerAggregator iterates a List<OperationTracer> on every per-opcode call (tracePreExecution, tracePostExecution, traceContextEnter, etc.), which is a performance hit on the hot path. The InterruptibleOperationTracer single-delegate pattern is preferred for tracer composition. EthTransferLogOperationTracer and custom tracers remain mutually exclusive in BlockSimulator for now (isTraceTransfers will go away with Glamsterdam). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Add tests for parallel block processing (optimistic and BAL) (#10010) Signed-off-by: Karim Taam <karim.t2am@gmail.com> * report 10 slowest tests (#10063) * report slowest tests once from unittests-passed, not per-runner * report total test and class counts in summary * suppress Gradle job summaries from unit test matrix runners on success Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * reduce volume of chain data pruner test (#10062) * reduce volume of chain data pruner test * address matkt review: restore timeline comments and fix loop boundary - Restore the detailed pruning timeline explanation in pruningWithFrequency and balPruningWithTwoBatches, adapted to use derived variable names - Fix forkBlocksRemovedInBalOnlyMode: the second loop was starting at 45 instead of 25; pruningMark = 280 - 256 = 24, so block 25 is the first unpruned block. Also fix stale comment "i <= 44" -> "i <= 24" and extend the upper bound to 280 (the full canonical chain length) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * EIP-8159: eth/71 - Block Access List Exchange (#9966) Signed-off-by: Miroslav Kovar <miroslavkovar@protonmail.com> Signed-off-by: Miroslav Kovář <miroslavkovar@protonmail.com> * Implement div sdiv with long limbs (#9923) Signed-off-by: Luis Pinto <luis.pinto@consensys.net> * Bonsai archive seperate column families (#10058) Signed-off-by: Jason Frame <jason.frame@consensys.net> * fix: prevent unsigned underflow in eth_feeHistory reward bounds (#10060) * fix: prevent unsigned underflow in eth_feeHistory reward bounds Wei.subtract() wraps around on underflow since Wei is unsigned 256-bit. In boundRewards(), when nextBaseFee exceeds gasPriceLowerBound (happens when querying historical blocks from a higher-fee period), the subtraction produces a near-2^256 value. This corrupts every reward entry in the response, causing wallets to suggest absurd gas prices. Floor the priority fee delta at zero when nextBaseFee is larger. Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> * test: address review feedback on eth_feeHistory underflow fix - Shorten verbose comment in boundRewards to a single line - Replace indirect <= 2L assertion with exact expected reward values - Add equal-case test (nextBaseFee == lowerBoundGasPrice) confirming lowerBoundPriorityFee is Wei.ZERO and rewards are correct Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> --------- Signed-off-by: Shridhar Panigrahi <sridharpanigrahi2006@gmail.com> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Cyrus <sridharpanigrahi2006@gmail.com> * Log block number/hash on receipts root mismatch for debugging (#10071) When GetSyncReceiptsFromPeerTask returns RESULTS_DO_NOT_MATCH_QUERY, log the block number, hash, expected receiptsRoot, and calculated receiptsRoot at DEBUG level so the failing blocks can be identified without enabling TRACE logging. Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix UInt256: Take result from addBack in mulSubOverflow (#10078) Signed-off-by: Luis Pinto <luis.pinto@consensys.net> * BlockchainUtilParameterizedTest - reduce key-pair generations (#10072) * reduce key-pair generations Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Pre-size ArrayList instances in BlockchainUtilParameterizedTest Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * minimize setup for BesuCommandTest (#10074) * minimize setup for BesuCommandTest Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Defer Snappy decompression of P2P messages until worker thread processing (#10048) * Defer Snappy decompression of P2P messages until worker thread processing RawMessage now supports a compressed constructor that defers Snappy decompression until getData() is first called on the worker thread. Messages stay in their compressed form while queued in the tx worker pool. Additionally, worker threads now skip processing for messages from already-disconnected peers, and decompression/deserialization failures disconnect the peer with BREACH_OF_PROTOCOL. Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> * return -38015 when tx gas exceeds block gas limit (#10073) * return -38015 when tx gas exceeds block gas limit * added tets for mid-block partial consumption Signed-off-by: kkaur01 <kanchan.kaur@consensys.net> --------- Signed-off-by: kkaur01 <kanchan.kaur@consensys.net> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Kanchan Kaur <87459628+kkaur01@users.noreply.github.com> * Reduce memory usage of debug_trace* calls #9584 (#9938) * use latest snapshot if no memory wright op Signed-off-by: Ali <alijakparov.kz@gmail.com> Co-authored-by: ahamlat <ameziane.hamlat@consensys.net> Signed-off-by: Ali Zhagparov <alijakparov.kz@gmail.com> * Update Amsterdam to bal@v5.4.0 spec (#10075) * update devnet test Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * oversized code no longer charges state gas Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * do not force-charge state gas when code deposit state gas is insufficient When charge_state_gas fails (OutOfGasError), the spec modifies nothing: no reservoir drain, no stateGasUsed increment. Remove consumeStateGasForced which was incorrectly inflating stateGasUsed on failure, fixing short_one_gas reference tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * Track collision-burned gas in regular_gas_used so 2D block gas accounting correctly reflects gas consumed on EIP-684 address collisions Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * addressed pr comments Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> --------- Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * oversized code no longer charges state gas Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * charge SSTORE regular gas before state gas per EIP-8037 ordering requirement EIP-8037 specifies that regular gas must be deducted before state gas so the reservoir/gasRemaining split is correct when state gas overflows. Also updates devnet reference tests to bal@v5.5.1. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * charge SELFDESTRUCT and CREATE regular gas before state gas per EIP-8037 ordering requirement Same fix as the prior SSTORE commit: deduct regular gas before charging state gas so the reservoir/gasRemaining split is correct. Fixes the remaining 6 failing amsterdam devnet reference tests (bal@v5.5.1). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> * spotless Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> --------- Signed-off-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: daniellehrner <daniel.lehrner@consensys.net> Signed-off-by: mamoralesiob <miguelangel@io.builders> Signed-off-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> Signed-off-by: Mykim <kimminyong2034@gmail.com> Signed-off-by: Usman Saleem <usman@usmans.info> Signed-off-by: Kanchan Kaur <87459628+kkaur01@users.noreply.github.com> Signed-off-by: Justin Florentine <justin+github@florentine.us> Signed-off-by: jflo <justin+github@florentine.us> Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> Signed-off-by: Luis Pinto <luis.pinto@consensys.net> Signed-off-by: Matilda Clerke <matilda.clerke@consensys.net> Signed-off-by: Matilda-Clerke <matilda.clerke@consensys.net> Signed-off-by: Cyrus <sridharpanigrahi2006@gmail.com> Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net> Signed-off-by: Karim Taam <karim.t2am@gmail.com> Signed-off-by: kkaur01 <kanchan.kaur@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> Signed-off-by: Qian Cheng <91401632+Qian-Cheng-nju@users.noreply.github.com> Signed-off-by: Miroslav Kovář <miroslavkovar@protonmail.com> Signed-off-by: Jason Frame <jason.frame@consensys.net> Signed-off-by: Ali Zhagparov <alijakparov.kz@gmail.com> Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: mamoralesiob <miguelangel@io.builders> Co-authored-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> Co-authored-by: Mykim <kimminyong2034@gmail.com> Co-authored-by: Usman Saleem <usman@usmans.info> Co-authored-by: Kanchan Kaur <87459628+kkaur01@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Justin Florentine <justin+github@florentine.us> Co-authored-by: Fabio Di Fabio <fabio.difabio@consensys.net> Co-authored-by: Luis Pinto <luis.pinto@consensys.net> Co-authored-by: Matilda-Clerke <matilda.clerke@consensys.net> Co-authored-by: Cyrus <sridharpanigrahi2006@gmail.com> Co-authored-by: Karim Taam <karim.t2am@gmail.com> Co-authored-by: ahamlat <ameziane.hamlat@consensys.net> Co-authored-by: Qian Cheng <91401632+Qian-Cheng-nju@users.noreply.github.com> Co-authored-by: Miroslav Kovář <miroslavkovar@protonmail.com> Co-authored-by: Jason Frame <jason.frame@consensys.net> Co-authored-by: Ali Zhagparov <alijakparov.kz@gmail.com>
ahamlat
pushed a commit
to daniellehrner/besu
that referenced
this pull request
Mar 25, 2026
Add ENR (enr:) bootnode support for DiscV5 discovery by introducing a new v5Bootnodes section in genesis config alongside the existing bootnodes (enode) section.
Genesis config changes:
- Add v5Bootnodes to config.discovery for ENR-format bootnodes
- Add getV5BootNodes() to DiscoveryOptions to parse the new section
- Populate mainnet.json with 17 ENR bootnodes and hoodi.json with 9
Bootnode parsing simplification:
- Use --Xv5-discovery-enabled flag to determine expected format (ENR vs enode) instead of prefix detection heuristic
- EthNetworkConfig reads bootnodes and v5Bootnodes independently
- CLI --bootnodes overrides the active protocol's list and clears
the unused protocol's list; genesis defaults keep both intact
- Replace heuristic fallback in getBootnodeIdentifiers() with
explicit discoveryV5Enabled flag check
DiscV5 peer connection pipeline fixes:
- Handle compressed public keys (33-byte SEC1) in
NodeKeySigner.deriveECDHKeyAgreement
- Fix candidatePeers() to use isListening() instead of
isReadyForConnections() which requires DiscV4 bonding status
- Filter out the local node record from streamLiveNodes()
- Explicitly use secp256k1 for ENR identity scheme v4
Cleanup:
- Remove dead MAINNET fallback null-checks in RunnerBuilder
---------
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR description
Add ENR (
enr:) bootnode support for DiscV5 discovery by introducing a newv5Bootnodessection in genesis config alongside the existingbootnodes(enode) section.v5Bootnodessection to genesis config (config.discovery.v5Bootnodes) for ENR-format bootnodes used by DiscV5getV5BootNodes()toDiscoveryOptionsto parse the new sectionmainnet.jsonwith 17 ENR bootnodes from eth-clients/mainnet andhoodi.jsonwith 9 ENR bootnodes from eth-clients/hoodiBesuCommandbootnode parsing: use--Xv5-discovery-enabledflag to determine format (ENR vs enode) instead of prefix detectionEthNetworkConfig.getNetworkConfig()readsbootnodesandv5Bootnodesindependently instead of mixing formatsRunnerBuilder(record constructor enforces non-null)--bootnodesis provided, clear the unused protocol's bootnode list; genesis defaults keep both lists intactDiscoveryConfiguration.getBootnodeIdentifiers()with explicitdiscoveryV5Enabledflag checkDiscV5 peer connection pipeline fixes
NodeKeySigner.deriveECDHKeyAgreementused by the discovery librarycandidatePeers()to useisListening()instead ofisReadyForConnections()— the latter requires DiscV4 bonding status that is never set for DiscV5-discovered peers, causing all discovered peers to be filtered outstreamLiveNodes()Documentation change
Once this PR merges, the genesis file can take both discovery v4 bootnodes and discovery v5 bootnodes. Discovery v5 bootnodes will be utilized when
--Xv5-discovery-enabledis set to true. This flag is currently experimental, but it will marked as non-experimental in a future PR.https://besu.hyperledger.org/public-networks/reference/genesis-items#discovery-configuration-items
Example section from hoodi file:
Activity Diagram
Fixed Issue(s)
fixes #9968
Thanks for sending a pull request! Have you done the following?
doc-change-requiredlabel to this PR if updates are required.Locally, you can run these tests to catch failures early:
./gradlew spotlessApply./gradlew build./gradlew acceptanceTest./gradlew integrationTest./gradlew ethereum:referenceTests:referenceTests