docs: fix transfer endpoint field names in bash example by Async777 · Pull Request #763 · Scottcjn/Rustchain

Async777 · 2026-03-09T17:30:27Z

Fixes #724

Changed canonical message format in bash example to use correct field names:

from → from_address
to → to_address
amount → amount_rtc

This matches the actual /wallet/transfer/signed endpoint requirements.

Wallet: RTCc29259460d01e6aca70b16f044852dddd0369c0d

Fixes Scottcjn#724 Changed canonical message format to use correct field names: - from -> from_address - to -> to_address - amount -> amount_rtc This matches the actual /wallet/transfer/signed endpoint requirements.

github-actions

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

Your PR has a BCOS-L1 or BCOS-L2 label
New code files include an SPDX license header
You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

Scottcjn

Signing Contract Mismatch — This PR Would Break Transfers

The HTTP payload fields ARE from_address/to_address/amount_rtc, but the canonical signing message uses different field names. The server reconstructs the signed message at line 5801-5808:

tx_data = {
    "from": from_address,      # NOT "from_address"
    "to": to_address,          # NOT "to_address"  
    "amount": amount_rtc,      # NOT "amount_rtc"
    "memo": memo,
    "nonce": nonce
}
message = json.dumps(tx_data, sort_keys=True, separators=(",", ":")).encode()

Your change modifies the bash example's canonical message (the thing being signed) to use from_address/to_address/amount_rtc. Anyone following these docs would produce signatures the server rejects as invalid.

The original docs were correct for the signing step. The comment in the original code even says: # note: uses from/to/amount, not from_address/to_address/amount_rtc

What to do

Close this PR as-is. If you want to improve the docs, add a note clarifying the distinction:

HTTP payload: from_address, to_address, amount_rtc
Canonical signing message: from, to, amount

🤖 Caught by GPT-5.4 xhigh reasoning + Claude Opus verification against server source

Scottcjn · 2026-03-09T21:09:29Z

Thanks for the docs fix attempt.

I couldn't merge this as-is because the node still verifies signatures over the canonical JSON {"from","to","amount","memo","nonce"} even though the outer /wallet/transfer/signed request body uses from_address, to_address, and amount_rtc. Changing the signed message in the bash example to the outer field names would produce invalid signatures.

I pushed a maintainer fix directly to main in d9efd97 (docs: clarify signed transfer canonical message) to make that distinction explicit, so I'm closing this PR as superseded.

18287452845 · 2026-03-09T17:44:46Z

docs/DEVELOPER_QUICKSTART.md

Code Review

Great fix! The field names now correctly match the /wallet/transfer/signed endpoint requirements.

Suggestion: The comment on line 302 should also be updated. Currently it says:

# Create canonical message to sign (note: uses from/to/amount, not from_address/to_address/amount_rtc)

But after this PR, the code now uses from_address/to_address/amount_rtc, so the comment is now misleading. Consider updating or removing this note to avoid confusion.

RTC wallet: RTC6Tgh1gZE6XyxqbngX2Egz7mACCqUCk6vwQFoGruk

Thanks for the contribution! 🦀

* feat(rip-0002): On-Chain Governance System — proposal creation, voting, lifecycle, Sophia AI analysis Implements RIP-0002 governance spec with: - POST /api/governance/propose — Create proposal (active miner required) - GET /api/governance/proposals — List proposals with status filter - GET /api/governance/proposal/<n> — Proposal details + vote history - POST /api/governance/vote — Cast/change vote (antiquity-weighted) - GET /api/governance/results/<n> — Final results + quorum status - POST /api/governance/veto/<n> — Founder veto (2-year window, env-key) - GET /api/governance/stats — Governance statistics Features: - 3 proposal types: parameter_change, feature_activation, emergency - 3 vote choices: for, against, abstain (vote changes allowed) - 7-day voting window with automatic settlement - 33% quorum threshold of active miners - Antiquity-weighted votes (from miners table) - Sophia AI lightweight risk analysis (HIGH/LOW) - Founder veto for security-critical proposals (first 2 years) - Anti-spam: max 10 active proposals per miner - 19 passing tests covering all scenarios Bounty: Scottcjn/rustchain-bounties#761 Wallet: nox-ventures * feat: pip install rustchainnode — installable RustChain attestation node Implements bounty Scottcjn#757: package the RustChain node as a pip-installable PyPI package. pip install rustchainnode rustchainnode init --wallet my-wallet-name rustchainnode start Features: - CLI commands: init, start, stop, status, config, dashboard, install-service - Auto-configuration: detects CPU arch, thread count, antiquity multiplier - Cross-platform: Linux x86_64/aarch64/ppc64, macOS x86/ARM64 - Systemd (Linux) + launchd (macOS) service generation - TUI dashboard: rustchainnode dashboard - Programmatic API: from rustchainnode import RustChainNode - Zero external dependencies (stdlib only) - Python 3.9+ compatible Bounty: Scottcjn/rustchain-bounties#757 Wallet: nox-ventures * feat: cross-node ledger verification tool (Scottcjn#763) Queries all 3 RustChain nodes, compares state, alerts on mismatches. Features: - Query /health, /epoch, /api/stats, /wallet/balance, /api/miners - Merkle root computation over sorted active miners list - SQLite historical tracking (~/.rustchain/ledger_verify.db) - Webhook alerting on mismatch (--webhook URL) - CI mode: --ci exits non-zero on any mismatch - Watch mode: --watch N runs every N seconds - History viewer: --history shows recent checks Sample output: Node 1 (Primary): v2.2.1-rip200 ✅ epoch=94 slot=13601 Node 2: v1.2.0 ✅ epoch=94 slot=13601 Node 3 (Ryan): ❌ unreachable (Tailscale) Merkle roots: node1=e318be4c... (both match ✅) Result: ✅ ALL NODES IN SYNC GitHub Actions: runs every 6h, CI mode, webhook on mismatch. Bounty: Scottcjn/rustchain-bounties#763 Wallet: nox-ventures * chore: remove workflow (scope issue, add manually)

…Scottcjn#643) * feat(rip-0002): On-Chain Governance System — proposal creation, voting, lifecycle, Sophia AI analysis Implements RIP-0002 governance spec with: - POST /api/governance/propose — Create proposal (active miner required) - GET /api/governance/proposals — List proposals with status filter - GET /api/governance/proposal/<n> — Proposal details + vote history - POST /api/governance/vote — Cast/change vote (antiquity-weighted) - GET /api/governance/results/<n> — Final results + quorum status - POST /api/governance/veto/<n> — Founder veto (2-year window, env-key) - GET /api/governance/stats — Governance statistics Features: - 3 proposal types: parameter_change, feature_activation, emergency - 3 vote choices: for, against, abstain (vote changes allowed) - 7-day voting window with automatic settlement - 33% quorum threshold of active miners - Antiquity-weighted votes (from miners table) - Sophia AI lightweight risk analysis (HIGH/LOW) - Founder veto for security-critical proposals (first 2 years) - Anti-spam: max 10 active proposals per miner - 19 passing tests covering all scenarios Bounty: Scottcjn/rustchain-bounties#761 Wallet: nox-ventures * feat: pip install rustchainnode — installable RustChain attestation node Implements bounty Scottcjn#757: package the RustChain node as a pip-installable PyPI package. pip install rustchainnode rustchainnode init --wallet my-wallet-name rustchainnode start Features: - CLI commands: init, start, stop, status, config, dashboard, install-service - Auto-configuration: detects CPU arch, thread count, antiquity multiplier - Cross-platform: Linux x86_64/aarch64/ppc64, macOS x86/ARM64 - Systemd (Linux) + launchd (macOS) service generation - TUI dashboard: rustchainnode dashboard - Programmatic API: from rustchainnode import RustChainNode - Zero external dependencies (stdlib only) - Python 3.9+ compatible Bounty: Scottcjn/rustchain-bounties#757 Wallet: nox-ventures * feat: cross-node ledger verification tool (Scottcjn#763) Queries all 3 RustChain nodes, compares state, alerts on mismatches. Features: - Query /health, /epoch, /api/stats, /wallet/balance, /api/miners - Merkle root computation over sorted active miners list - SQLite historical tracking (~/.rustchain/ledger_verify.db) - Webhook alerting on mismatch (--webhook URL) - CI mode: --ci exits non-zero on any mismatch - Watch mode: --watch N runs every N seconds - History viewer: --history shows recent checks Sample output: Node 1 (Primary): v2.2.1-rip200 ✅ epoch=94 slot=13601 Node 2: v1.2.0 ✅ epoch=94 slot=13601 Node 3 (Ryan): ❌ unreachable (Tailscale) Merkle roots: node1=e318be4c... (both match ✅) Result: ✅ ALL NODES IN SYNC GitHub Actions: runs every 6h, CI mode, webhook on mismatch. Bounty: Scottcjn/rustchain-bounties#763 Wallet: nox-ventures * chore: remove workflow (scope issue, add manually) * feat: attestation fuzz harness (Scottcjn#762) Property-based fuzz testing for POST /attest/submit. Mutation strategies (11 total): - missing_field: Remove required fields at any nesting level - wrong_type: Replace field with wrong type (None, int, list, dict, float) - unknown_field: Inject unknown keys at any nesting level - nested_bomb: Create deeply nested structures (100-500 levels) - array_overflow: Huge MAC address arrays (1000-10000 entries) - float_edge: inf, nan, -inf, 1e308 in fingerprint data - unicode_miner: null bytes, RTL override, emoji, path traversal, SQLi - huge_miner: wallet names up to 1MB - null_miner: explicit null value - empty_payload: {} - not_json: random binary garbage with wrong Content-Type Crash detection: - HTTP 5xx = server error - Timeout (>90% of TIMEOUT) = potential DoS - Traceback/exception in response body - Connection refused (server crash) Features: - --count N: configurable iteration count (default 1000) - --save-corpus: save all generated payloads to fuzz_corpus/ - --ci: exit non-zero on crash found - --report: show saved crash report - --url: override target URL Bounty: Scottcjn/rustchain-bounties#762 Wallet: nox-ventures

* feat(rip-0002): On-Chain Governance System — proposal creation, voting, lifecycle, Sophia AI analysis Implements RIP-0002 governance spec with: - POST /api/governance/propose — Create proposal (active miner required) - GET /api/governance/proposals — List proposals with status filter - GET /api/governance/proposal/<n> — Proposal details + vote history - POST /api/governance/vote — Cast/change vote (antiquity-weighted) - GET /api/governance/results/<n> — Final results + quorum status - POST /api/governance/veto/<n> — Founder veto (2-year window, env-key) - GET /api/governance/stats — Governance statistics Features: - 3 proposal types: parameter_change, feature_activation, emergency - 3 vote choices: for, against, abstain (vote changes allowed) - 7-day voting window with automatic settlement - 33% quorum threshold of active miners - Antiquity-weighted votes (from miners table) - Sophia AI lightweight risk analysis (HIGH/LOW) - Founder veto for security-critical proposals (first 2 years) - Anti-spam: max 10 active proposals per miner - 19 passing tests covering all scenarios Bounty: Scottcjn/rustchain-bounties#761 Wallet: nox-ventures * feat: pip install rustchainnode — installable RustChain attestation node Implements bounty Scottcjn#757: package the RustChain node as a pip-installable PyPI package. pip install rustchainnode rustchainnode init --wallet my-wallet-name rustchainnode start Features: - CLI commands: init, start, stop, status, config, dashboard, install-service - Auto-configuration: detects CPU arch, thread count, antiquity multiplier - Cross-platform: Linux x86_64/aarch64/ppc64, macOS x86/ARM64 - Systemd (Linux) + launchd (macOS) service generation - TUI dashboard: rustchainnode dashboard - Programmatic API: from rustchainnode import RustChainNode - Zero external dependencies (stdlib only) - Python 3.9+ compatible Bounty: Scottcjn/rustchain-bounties#757 Wallet: nox-ventures * feat: cross-node ledger verification tool (Scottcjn#763) Queries all 3 RustChain nodes, compares state, alerts on mismatches. Features: - Query /health, /epoch, /api/stats, /wallet/balance, /api/miners - Merkle root computation over sorted active miners list - SQLite historical tracking (~/.rustchain/ledger_verify.db) - Webhook alerting on mismatch (--webhook URL) - CI mode: --ci exits non-zero on any mismatch - Watch mode: --watch N runs every N seconds - History viewer: --history shows recent checks Sample output: Node 1 (Primary): v2.2.1-rip200 ✅ epoch=94 slot=13601 Node 2: v1.2.0 ✅ epoch=94 slot=13601 Node 3 (Ryan): ❌ unreachable (Tailscale) Merkle roots: node1=e318be4c... (both match ✅) Result: ✅ ALL NODES IN SYNC GitHub Actions: runs every 6h, CI mode, webhook on mismatch. Bounty: Scottcjn/rustchain-bounties#763 Wallet: nox-ventures * chore: remove workflow (scope issue, add manually)

…Scottcjn#643) * feat(rip-0002): On-Chain Governance System — proposal creation, voting, lifecycle, Sophia AI analysis Implements RIP-0002 governance spec with: - POST /api/governance/propose — Create proposal (active miner required) - GET /api/governance/proposals — List proposals with status filter - GET /api/governance/proposal/<n> — Proposal details + vote history - POST /api/governance/vote — Cast/change vote (antiquity-weighted) - GET /api/governance/results/<n> — Final results + quorum status - POST /api/governance/veto/<n> — Founder veto (2-year window, env-key) - GET /api/governance/stats — Governance statistics Features: - 3 proposal types: parameter_change, feature_activation, emergency - 3 vote choices: for, against, abstain (vote changes allowed) - 7-day voting window with automatic settlement - 33% quorum threshold of active miners - Antiquity-weighted votes (from miners table) - Sophia AI lightweight risk analysis (HIGH/LOW) - Founder veto for security-critical proposals (first 2 years) - Anti-spam: max 10 active proposals per miner - 19 passing tests covering all scenarios Bounty: Scottcjn/rustchain-bounties#761 Wallet: nox-ventures * feat: pip install rustchainnode — installable RustChain attestation node Implements bounty Scottcjn#757: package the RustChain node as a pip-installable PyPI package. pip install rustchainnode rustchainnode init --wallet my-wallet-name rustchainnode start Features: - CLI commands: init, start, stop, status, config, dashboard, install-service - Auto-configuration: detects CPU arch, thread count, antiquity multiplier - Cross-platform: Linux x86_64/aarch64/ppc64, macOS x86/ARM64 - Systemd (Linux) + launchd (macOS) service generation - TUI dashboard: rustchainnode dashboard - Programmatic API: from rustchainnode import RustChainNode - Zero external dependencies (stdlib only) - Python 3.9+ compatible Bounty: Scottcjn/rustchain-bounties#757 Wallet: nox-ventures * feat: cross-node ledger verification tool (Scottcjn#763) Queries all 3 RustChain nodes, compares state, alerts on mismatches. Features: - Query /health, /epoch, /api/stats, /wallet/balance, /api/miners - Merkle root computation over sorted active miners list - SQLite historical tracking (~/.rustchain/ledger_verify.db) - Webhook alerting on mismatch (--webhook URL) - CI mode: --ci exits non-zero on any mismatch - Watch mode: --watch N runs every N seconds - History viewer: --history shows recent checks Sample output: Node 1 (Primary): v2.2.1-rip200 ✅ epoch=94 slot=13601 Node 2: v1.2.0 ✅ epoch=94 slot=13601 Node 3 (Ryan): ❌ unreachable (Tailscale) Merkle roots: node1=e318be4c... (both match ✅) Result: ✅ ALL NODES IN SYNC GitHub Actions: runs every 6h, CI mode, webhook on mismatch. Bounty: Scottcjn/rustchain-bounties#763 Wallet: nox-ventures * chore: remove workflow (scope issue, add manually) * feat: attestation fuzz harness (Scottcjn#762) Property-based fuzz testing for POST /attest/submit. Mutation strategies (11 total): - missing_field: Remove required fields at any nesting level - wrong_type: Replace field with wrong type (None, int, list, dict, float) - unknown_field: Inject unknown keys at any nesting level - nested_bomb: Create deeply nested structures (100-500 levels) - array_overflow: Huge MAC address arrays (1000-10000 entries) - float_edge: inf, nan, -inf, 1e308 in fingerprint data - unicode_miner: null bytes, RTL override, emoji, path traversal, SQLi - huge_miner: wallet names up to 1MB - null_miner: explicit null value - empty_payload: {} - not_json: random binary garbage with wrong Content-Type Crash detection: - HTTP 5xx = server error - Timeout (>90% of TIMEOUT) = potential DoS - Traceback/exception in response body - Connection refused (server crash) Features: - --count N: configurable iteration count (default 1000) - --save-corpus: save all generated payloads to fuzz_corpus/ - --ci: exit non-zero on crash found - --report: show saved crash report - --url: override target URL Bounty: Scottcjn/rustchain-bounties#762 Wallet: nox-ventures

docs: fix transfer endpoint field names in bash example

81a5f46

Fixes Scottcjn#724 Changed canonical message format to use correct field names: - from -> from_address - to -> to_address - amount -> amount_rtc This matches the actual /wallet/transfer/signed endpoint requirements.

github-actions bot added documentation Improvements or additions to documentation size/XS PR: 1-10 lines labels Mar 9, 2026

github-actions bot reviewed Mar 9, 2026

View reviewed changes

Scottcjn requested changes Mar 9, 2026

View reviewed changes

Scottcjn closed this Mar 9, 2026

18287452845 reviewed Mar 10, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

docs: fix transfer endpoint field names in bash example#763

docs: fix transfer endpoint field names in bash example#763
Async777 wants to merge 1 commit intoScottcjn:mainfrom
Async777:fix-transfer-docs-724

Async777 commented Mar 9, 2026

Uh oh!

github-actions bot left a comment

Uh oh!

Scottcjn left a comment

Uh oh!

Scottcjn commented Mar 9, 2026

Uh oh!

18287452845 Mar 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

Async777 commented Mar 9, 2026

Uh oh!

github-actions bot left a comment

Choose a reason for hiding this comment

Uh oh!

Scottcjn left a comment

Choose a reason for hiding this comment

Signing Contract Mismatch — This PR Would Break Transfers

What to do

Uh oh!

Scottcjn commented Mar 9, 2026

Uh oh!

18287452845 Mar 9, 2026

Choose a reason for hiding this comment

Code Review

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants