Celestia v3.7.6 #29
Celestia v3.7.6 #29
Conversation
Try NOT running the nitro CodeQL build in parallel
…tylus-tests Increase EVM Call timeout to avoid flaky CI
…rchived-repo Bring in Missing BoLD PRs
Upgrade the GitHub Actions
fix gas accounting for eth_call
…_calldata Blob prices should not be used if parent chain doesn't return blob price
…nfirmed assertion
There was a bug where if a duplicate message was processed at a segment boundary, then it would cause an empty segment to be inserted, which broke the invariants of the backlog data structure. The invariants being violated wer: 1. Monotonic sequence number order 2. Segment Continuity: segment[n].End() + 1 == segment[n+1].Start() 3. Non-empty Segments: All segments should contain messages 4. Lookup Uniqueness: Each sequence number maps to exactly one segment 5. Cumulative Size Ordering: Later messages have higher cumulative sizes This bug would break most operations on the backlog (eg Get() which uses a binary search) and cause them to have unpredictable behavior.
…rGlobalStateNotInChain
…rGlobalStateNotInChain
…lstate-not-in-chain-should-be-a-fatal-error-for Return a fatal error instead of stopping the StopWaiter in case of Er…
Pull the changes from OffchainLabs/go-ethereum#519 Close NIT-3769
…ize-multigas-3.7.0-backport Improve CPU performance when processing blocks
Also removed deprecated v42-rc.1 since no one should ever use it
…ckport backport adding consensus v41 to Dockerfile
…3596) * Test Genesis assertion on nitro init * revert go.mod changes
(cherry picked from commit 6f3d900)
…firm_backport Make sure to retry fast confirmation on failure
…port stylus target: infer support of previous sse versions from more advanced ones
The tests which use the releases package were failing because we have had more than 50 non-prerelease releases since the last consensus release, and it was only fetching the first 50 pages from the GitHub API.
* remove support for pre-stylus validation pre-stylus validation is no longer needed, and does create problems. * fail if stylus support not found instead of assuming pre-stylus * ckerfile changes --------- Co-authored-by: Tsahi Zidenberg <65945052+tsahee@users.noreply.github.com>
This change adds support for the new beacon chain endpoint
`/eth/v1/beacon/blobs/{block_id}` introduced in Fusaka while maintaining
backward compatibility with the legacy endpoint
`/eth/v1/beacon/blob_sidecars/{slot}`. block_id can be a slot so Nitro
just uses slot.
The new endpoint supports server-side filtering by versioned hash via
query parameters. Since the Arbitrum sequencer inbox message contains
the versioned hashes of the blobs that were posted, we can include those
in the query.
Key changes:
- Added `UseLegacyEndpoint` flag to BlobClientConfig to control which
endpoint to use
- Created new `GetBlobsBySlot()` public method for direct slot-based
blob fetching
- Implemented `getBlobs()` method for the new endpoint with versioned
hash verification
- Updated `beaconRequest()` to support query parameters for filtering
- Added KZG commitment verification when versioned hashes are provided
Created `blobtool` CLI utility for testing both endpoints:
```
# Fetch specific blob using new endpoint (default)
blobtool fetch --beacon-url=<url> --slot=<slot> --versioned-hashes=<hash>
# Fetch using legacy endpoint (requires versioned hashes)
blobtool fetch --beacon-url=<url> --slot=<slot> --versioned-hashes=<hash> --use-legacy-endpoint
# Compare both endpoints side-by-side
blobtool fetch --beacon-url=<url> --slot=<slot> --versioned-hashes=<hash> --compare-endpoints
```
The new endpoint is used by default, with automatic fallback behavior
maintained through the existing secondary beacon URL mechanism.
Spec reference: https://github.com/ethereum/beacon-APIs/blob/master/apis/beacon/blobs/blobs.yaml
…ts-support-beacon-blob-api Add support for new beacon chain /blobs endpoint
* Toggle rpc endpoint used on errors When there is a failure fetching blobs from `blob_sidecars` switch to `blobs` (and vice-versa.) This makes sense because a node can start syncing before the fusaka fork, and we can automatically switch to the new `blobs` endpoint when the legacy endpoint fails (because it was strongly deprecated and removed in 2 clients.) * Also, add a dangerous flag to skip blob proof verification --------- Co-authored-by: Pepper Lebeck-Jobe <eljobe@gmail.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Build and Test Bold | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code into the Go module directory | ||
| uses: actions/checkout@v5 | ||
| with: | ||
| submodules: true | ||
|
|
||
| - name: Setup node/yarn | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '24' | ||
| cache: 'yarn' | ||
| cache-dependency-path: "**/yarn.lock" | ||
|
|
||
| - name: Install go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: 1.24.x | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
| with: | ||
| cache: false | ||
| version: v1.0.0 | ||
|
|
||
| - name: AbiGen (nitro) | ||
| run: make contracts | ||
|
|
||
| - name: Get dependencies | ||
| working-directory: ./bold | ||
| run: | | ||
| go get -v -t -d ./... | ||
| - name: Build | ||
| working-directory: ./bold | ||
| run: go build -v ./... | ||
|
|
||
| - name: Test | ||
| working-directory: ./bold | ||
| run: ANVIL=$(which anvil) go test -v -covermode=atomic -coverprofile=coverage.out -timeout=20m ./... | ||
|
|
||
| - name: Upload coverage reports to Codecov | ||
| uses: codecov/codecov-action@v5 | ||
| env: | ||
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To fix the problem, we need to add an explicit permissions block to the workflow, restricting the default token permissions to the minimum necessary. In nearly all cases, including for code checkout and uploading coverage reports, contents: read is sufficient. Add a permissions: block to the top level of the workflow file (above jobs:). This will apply the permissions to all jobs (unless jobs specify their own permissions). If any job requires additional permissions in future, its own block can be added and justified. No other changes are necessary.
| @@ -9,6 +9,8 @@ | ||
| - master | ||
| - develop | ||
|
|
||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| # formatting: | ||
| # name: Formatting |
| go-version: 1.24.x | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| run: ANVIL=$(which anvil) go test -v -covermode=atomic -coverprofile=coverage.out -timeout=20m ./... | ||
|
|
||
| - name: Upload coverage reports to Codecov | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v2 | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| restore-keys: ${{ runner.os }}-buildx- | ||
| - name: Build nitro-node docker | ||
| uses: docker/build-push-action@v5 | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | ||
| - name: Build nitro-node-dev docker | ||
| uses: docker/build-push-action@v5 | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| with: | ||
| go-version: "stable" | ||
| - id: list | ||
| uses: shogo82148/actions-go-fuzz/list@v1 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: "stable" | ||
| - uses: shogo82148/actions-go-fuzz/run@v1 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v2 | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| - name: Upload coverage to Codecov | ||
| if: steps.changed-files.outputs.any_changed == 'true' | ||
| uses: codecov/codecov-action@v2 | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
20 participants
Overview
Updates the main branch to a v3.7.6 compatible release