DigiDollar v1: Formal Review PR for develop#414
Open
DigiSwarm wants to merge 1532 commits into
Open
Conversation
Plain-English summary: - The overview widget created Pending DD labels and values, but light and dark themes had no explicit selectors for them. - That let the Pending row fall back to generic label styling while adjacent balance rows had fixed spacing, alignment, font size, and colors. - Added matching theme rules for ddPendingLabel and ddPendingValue without changing pending-balance calculation. - Added a Qt CSS regression that failed before the theme selectors and now passes. Tests: ./src/qt/test/test_digibyte-qt -platform offscreen
Plain-English summary: - Added root release notes for DigiByte Core v9.26.0-rc41. - Summarized the RC41 fixes in simple tester-facing terms, including mint validation, no-wallet build safety, receive amount validation, Dandelion cleanup, Qt polish, and the documentation audit. - Kept the testnet24 network values and unchanged-behavior notes aligned with RC38-RC40.
Plain-English summary: - Moved the mainnet DigiDollar BIP9 signaling window to June 1, 2026 through June 1, 2027. - Kept the existing mainnet 70% threshold over the 40,320-block one-week window because threshold/window are network-global BIP9 parameters in this codebase. - Updated the red-team activation-parameter test to read mainnet chainparams directly and pin the new one-year window. Tests: - make -C src -j"32" test/test_digibyte - ./src/test/test_digibyte --run_test=digidollar_redteam_tests/redteam_t7_04b_bip9_mainnet_parameters_safety --log_level=error --report_level=short - ./src/test/test_digibyte --run_test=digidollar_activation_wave12_tests/wave12_mainnet_bip9_minheight_matches_nDDActivationHeight --log_level=error --report_level=short - ./src/test/test_digibyte --run_test=digidollar_consensus_tests/chainparams_digidollar_integration_test --log_level=error --report_level=short - ./src/test/test_digibyte --run_test=digidollar_activation_tests --log_level=error --report_level=short
Plain-English summary: - Updated mainnet DigiDollar activation docs from the old May 2026 to May 2028 window to June 1, 2026 through June 1, 2027. - Kept the documented 70% threshold over 40,320 blocks, matching current chainparams. - Corrected the activation explainer's pre-activation block behavior to match current validation: mempool rejects DD markers, while pre-activation blocks preserve base-chain compatibility and do not apply DD semantics. Validation: - rg old activation dates across target docs and chainparams returned no matches. - git diff --check passed for the edited docs.
Plain-English summary: - Added the June 1, 2026 through June 1, 2027 mainnet DigiDollar BIP9 window to the RC41 release notes. - Documented that the mainnet signaling threshold remains 70% over 40,320 blocks. - Added the focused activation-parameter validation commands and new commits to the RC41 notes. Validation: - rg old activation dates across release notes, docs, chainparams, and activation tests returned no matches. - git diff --check passed for RELEASE_v9.26.0-rc41.md.
Plain-English summary: - Sets RC41 mainnet/testnet launch parameters: mainnet activation floor 23,627,520, testnet25 datadir, port 12032, new magic bytes, and mined testnet25 genesis. - Reserves 35 oracle slots with 17 active launch slots and a 9-signature quorum, while allowing inactive reserve slots to be activated by future releases. - Updates consensus validation, oracle constants, RPC range comments, unit/functional coverage, and the multi-oracle test script so the code and tests agree on the 9-of-35 model. - Proved by make, unit tests, Qt tests, normal functional tests, fuzz smoke, and the 223/223 multi-oracle testnet25 run.
Plain-English summary: - Changes the DigiDollar overview wording from Network to Blockchain where the data comes from chain state. - Keeps the health text short: System Health shows values such as 592% Collateralized and the green bar shows 592.0% Collateralization. - Widens and regression-tests the blockchain DD supply and DGB locked totals so launch-scale values fit, including 999,000,000.00 DD, 11,000,000,000.00 DD, and 21,000,000,000.00 DGB. - Proved by Qt tests, including overviewHealthUsesCollateralizedLanguage and overviewBlockchainTotalsFitLaunchScaleValues.
Plain-English summary: - Refreshes RC41 release notes with the final testnet25 genesis, corrected Collateralization wording, validation logs, and the new split commit list. - Updates DigiDollar architecture, activation, oracle, wallet, exchange, setup, operator, and repo-map docs to match the RC41 9-of-35 oracle reserve and testnet25 configuration. - Keeps the docs aligned with current code: mainnet activation window/floor, 35-slot roster with inactive reserves, testnet25 P2P port 12032, and the current validation status. - Does not change production code.
Plain-English summary: - Launches each Qt wallet in its own session so KEEP_QT_OPEN=1 leaves the eight wallet windows alive after the parent shell exits. - Uses setsid without forking so the script still tracks the real Qt process IDs for restart, reindex, and cleanup paths. - Proved by rerunning KEEP_QT_OPEN=1 ./test_multi_oracle_testnet.sh: 223/223 passed and all eight digibyte-qt processes remained alive.
Plain-English summary: - Adds RC34-style Read This First guidance for the RC41 testnet reset. - Calls out testnet24 to testnet25, P2P 12031 to 12032, magic byte and genesis changes, stale oracle messages, and operator slot/key checks. - Updates validation references to the final keep-open multi-oracle run and records the harness commit.
Plain-English summary: - Adds RC40_ISSUES.md and RC40_FIXES.md to the local ignore list beside the existing RC39 issue note. - Prevents local RC40 audit scratch files from being accidentally swept into release or protocol commits. - No production, test, or documentation behavior changes.
Plain-English summary: - Makes the top DigiDollar navigation button and every DigiDollar subtab page use a scoped green theme so users can visually distinguish DigiDollar from the blue DigiByte wallet area. - Adds object names for the DigiDollar toolbar button, tab root, subtab widget, and stacked page so the theme rules stay scoped to DigiDollar. - Updates the receive-address primary button from the old blue style to green and adds green coverage for DigiDollar coin-control/edit/action buttons. - Adds a Qt widget test that verifies both light and dark CSS include the DigiDollar green-theme selectors. - Proved with the multi-oracle testnet script, Qt test suite, and Bob wallet visual QA screenshots.
Plain-English summary: - Adds the green DigiDollar Qt theme work to the RC41 notes. - Corrects the post-RC40 commit summary to match the actual tag range. - Updates validation references and removes a stale tooltip risk note after final QA.
Add a functional guard proving a DigiDollar mint keeps wallet-controlled DGB change visible, confirmed, and spendable after the mint confirms. The RC41 report did not reproduce as an implementation bug, so this commit preserves the expected behavior as regression coverage.
Route RPC and Qt DigiDollar mint submission through CWallet::CommitTransaction as the single mempool relay point. CommitTransaction now returns mempool relay failure details so the callers can report rejection without pre-broadcasting the same transaction and then committing an already-in-mempool wallet tx.
Change automatic DigiDollar mint consolidation to build independent disjoint batches from the original fragment set, then retry the mint from the resulting consolidation outputs. This avoids the old final sweep that chained an unconfirmed consolidation output into another consolidation transaction and left large fragmented wallets unable to mint.
Validate the RC41 literal <qt> tooltip report with a Qt guard that failed while OverviewPage and TransactionOverviewWidget escaped the full Qt rich-text envelope. Add GUIUtil::TooltipToHtml so custom styled tooltip renderers strip Qt rich-text envelopes, preserve wrapped plain text, and continue escaping user-visible content before drawing the black-on-yellow dark-mode tooltip.
Validate the RC41 DD Send Label report with a Qt guard that failed while the note field claimed it added address-book labels. Update the visible label, placeholder, and tooltips so the UI matches the actual send path, which stores the text as a local transaction note.
Validate the RC41 overview double-click report with a Qt guard that failed while recent rows had no details slot or activation path. Store row metadata on recent transaction items, enable activation, emit the overview details message through DigiDollarTab, and cover txid/type/amount/status/note detail content.
Validate the RC41 DD send/status stall with a Qt guard that failed while WalletModel had no DigiDollar-specific refresh signal and the transactions table only updated on timers. Emit digiDollarChanged after successful DD send/mint/redeem, connect DD overview and transactions widgets to it, and bypass overview throttling for explicit DD wallet-state changes.
Validate the RC41 minimum mint copy path with a Qt guard that failed while a numeric below-min amount displayed Invalid amount format. Classify numeric out-of-range values separately from malformed input so the warning uses the active chain-param minimum.
Validate the RC41 tier-0 mint report with a wallet unit test that failed while ValidateMintParams rejected the 1-hour tier. Allow lock tier 0 through wallet mint parameter validation and make the Qt mint confirmation copy distinguish the nominal lock period from the 100-block confirmation buffer and redeem-available height.
Validate the RC41 chainstate-not-ready report as expected startup behavior with a real stale-state risk: skipped position reconciliation had no explicit retry marker. Track deferred position-state validation, retry it on later chain tip updates, and guard the retry wiring with a wallet unit source check because the node readiness transition is not directly forceable in the wallet fixture.
Validate the RC41 rapid batch mint report against wallet state and UI code: unconfirmed local DD transactions were displayed like ordinary pending transactions even when they were not in mempool. Expose transient DD wallet_state/in_mempool fields, show local unrelayed rows as Local in overview/history, and add txid-tagged lock-tier-duration logging for batch diagnostics.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
JaredTate
requested review from
DGBNOOB,
JaredTate,
SmartArray,
digicontributer,
gto90 and
ycagel
|
I've been running the DigiDollar release candidates and appreciate the amount of work that's gone into getting to this point. Excited to see the formal review begin. Thanks to everyone who contributed to making this possible. DGB4L. This will change the world! |
ycagel
previously approved these changes
Jun 26, 2026
ycagel
left a comment
ycagel
left a comment
Member
There was a problem hiding this comment.
Fantastic work! After 46 test candidate releases and hours of bug bashing, this looks ready to go!
ACK
|
ACK. It was a pleasure to help test this momentous change. DigiDollar represents a huge step forward for DigiByte and WE the people! The thorough testing, detailed docs, and rock-solid validation work in this release are impressive. Excited to see miner signaling and mainnet activation move forward. This is how real decentralized innovation happens! 🚀 |
JaredTate
previously approved these changes
Jun 26, 2026
JaredTate
left a comment
JaredTate
left a comment
There was a problem hiding this comment.
ACK.
This is the most comprehensive testing & development we have ever done for DigiByte. I want to thank everyone who helped make DigiDollar a reality. We have been working on this for over 2 years, and we have been talking about it for 8 years.
We ended up with 100+ people in the developer chat, many of whom were involved with testing & development & I want to sincerely thank everyone involved in the creation of DigiDollar. Without you and everyone who supports DGB, this all would not have been possible. Thank you all!
CodeQL flagged several functional tests using assert_raises_rpc_error as a context manager even though the helper is a plain function. Those paths either never ran or were swallowed by broad exception handlers, creating false-green validation coverage.\n\nReplace the context-manager misuse with direct assert_raises_rpc_error calls, align the mint validation checks with regtest DigiDollar limits, and keep the dormant RPC validation helpers syntactically correct.
CodeQL treats logical-not expressions combined with bitwise & as suspicious, but libsecp256k1 intentionally uses bitwise masks to avoid short-circuiting validity checks.\n\nSpell the same masks with explicit equality comparisons instead of !/!! so CodeQL no longer reports high-severity 'incorrect not operator usage' alerts. This preserves the eager bitwise evaluation semantics and keeps the vendored ECDH helper consistent with ElligatorSwift.
Address low-risk CodeQL findings in DigiDollar functional tests without changing tested behavior.\n\nUse explicit block/mempool sync in the Wave 20 relay test to avoid a bound-method arity false positive, replace unnecessary pass/lambda wrappers with direct control flow, and remove dead transaction-history code that was intentionally skipped after redemption state was already verified.
|
This is a massive milestone — congratulations to @DigiSwarm and everyone who contributed to this enormous PR. As one of the oracle operators, I've been actively testing the DigiDollar system through the various PRE rehearsal builds. I’ve gone through the full oracle wallet setup, key generation on mainnet, the isolated PRE chain testing, wallet migrations, and running The work involved here is impressive (over 350k lines changed is no small feat). From an operator’s perspective, the oracle integration, MuSig2 handling, and wallet behavior have felt solid during testing. LGTM — happy to give my approval as someone who has been hands-on with the oracle side of things. |
CodeQL warned that these DigiDollar tests override setup_network with a narrower callable signature than the framework may dispatch.\n\nAccept the optional split argument used by older functional-test topology helpers while keeping the custom network layouts unchanged. Targeted network relay, mempool/miner parity, and activation multinode tests pass.
CodeQL warned that the ecmult_gen recoding loop contained an always-true comparison in the default comb configuration.\n\nPreserve the original min(8, recoded_words) behavior with a compile-time branch so exhaustive-test configurations still use their smaller recoded arrays, while the default build clearly copies only the low 256 scalar bits. Verified with libsecp256k1's native test suite.
|
I am proud to have been part of DigiDollar’s development since RC1 and to have contributed to this groundbreaking achievement. A special thank you to Jared, who worked tirelessly to make this a reality and believed in the project. |
GitHub's security UI was surfacing high-severity Python alerts from test/test_old_v26.2_mergev1, an archived merge/debug snapshot retained for reference rather than live release code.\n\nExclude that snapshot from CodeQL analysis so historical fixture/demo code does not pollute PR code-scanning gates for the active DigiDollar release tree.
CodeQL flagged the CI workflow for relying on default GITHUB_TOKEN permissions.\n\nSet the workflow-level permissions to contents: read, which is sufficient for checkout/build/test jobs and avoids granting broader write scopes to the default token.
The live functional-test log combiner renders node/test log lines through Jinja2. Even though it is a local developer utility, explicitly enabling autoescape avoids XSS-style CodeQL findings and is safer for generated HTML logs that may contain arbitrary test output.
CodeQL reported the unrolled ChaCha20 aligned block function as poorly documented because the hot path is intentionally large.\n\nAdd explanatory comments around the unrolled RFC 8439 block processing, double-rounds, counter increment, and XOR/write steps without changing behavior. Verified with the crypto_tests unit suite including ChaCha20 vectors.
|
Appreciate all of the efforts that went into reviewing/revising with each iteration. Thank you to all of you have committed to supporting this release into the future with your time, skills and resources. As far as I'm concerned, we're good for launch. |
|
A small step for DigiByte… One giant leap for sound money... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rationale
This PR opens the full DigiDollar v1 branch for formal team review before merge into
develop.DigiDollar is a soft-forked, native USD-denominated asset system built into DigiByte Core. It adds consensus rules, wallet support, oracle signing, mining-template support, RPCs, Qt UI updates, documentation, and tests needed to activate and operate DigiDollar on DigiByte.
This PR is for review. It is not a direct mainnet activation by itself. Mainnet activation still follows the configured BIP9 miner-signaling process.
Mainnet Scope
The final v9.26.2 release path restores normal DigiByte mainnet behavior after the isolated pre-mainnet oracle test:
Major Changes
getblocktemplatewith thedigidollar-oraclerule.Mainnet Activation Parameters
digidollar232026-06-01 00:00:00 UTC2027-06-01 00:00:00 UTC40,320blocks28,224blocks (70%)23,627,52023,627,520Activation can be monitored at:
https://digibyte.io/activation
Miner and Pool Notes
Miners and pools that want to include DigiDollar oracle commitments after activation must request the DigiDollar oracle rule in
getblocktemplate.Example:
digibyte-cli getblocktemplate '{"rules":["segwit","digidollar-oracle"]}' scryptThe returned template supplies the consensus-valid coinbase commitment data. Miners and pools should build from the returned template instead of inventing their own DigiDollar oracle output.
More detail is documented in:
DIGIDOLLAR_MINING_INTEGRATION_GUIDE.mdOracle Peer Notes
Oracle seed peers for the initial formal release are:
These peers help oracle nodes find each other. They do not replace normal DigiByte mainnet peer discovery.
Validation
Validation completed on the DigiDollar branch before opening this review PR:
make -j$(nproc)./src/test/test_digibyte --show_progresstest/functional/test_runner.py --jobs=8Latest unit and functional evidence from this release prep:
Review Focus
Please review carefully:
getblocktemplate