Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Sigma strip #1677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Oct 14, 2025
Merged

Sigma strip #1677

merged 13 commits into from
Oct 14, 2025

Conversation

levonpetrosyan93
Copy link
Contributor

No description provided.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 24, 2025
edited
Loading

Walkthrough

Removed Sigma protocol and tests across core, wallet, RPC, build, and test suites; migrated many types/paths to Lelantus/Spark, adjusted regtest activation heights and test block counts, and updated wallet join-split APIs to drop sigma inputs.

Changes

Cohort / File(s) Summary
Build system & CI
src/CMakeLists.txt, src/Makefile.am, src/Makefile.bench.include, src/Makefile.qt.include, src/Makefile.qttest.include, src/Makefile.test.include, src/wallet/CMakeLists.txt, src/test/CMakeLists.txt, src/wallet/test/CMakeLists.txt		 Remove Sigma sources/libs/tests from build/link lists; add/adjust Lelantus sources and link deps; update test lists.
Core Sigma removal
src/sigma.h, src/sigma.cpp, src/sigma/* (coin.cpp, coinspend.cpp, params., r1_, sigmaplus_, sigma_primitives., spend_metadata.*)		 Delete full Sigma implementation: coin types, proofs, params, spend/mint validation, state, and public APIs.
Validation / miner / batch proofs
src/validation.h, src/validation.cpp, src/miner.cpp, src/batchproof_container.{h,cpp}, src/coin_containers.{h,cpp}, src/chain.h, src/chainparams.cpp		 Remove Sigma validation branches and batch_sigma(); convert containers/batch to Lelantus-only policies; adjust regtest start/end blocks and mempool serial hashing.
Wallet core & DB
src/wallet/wallet.h, src/wallet/wallet.cpp, src/wallet/walletdb.{h,cpp}, src/wallet/sigmaspendbuilder.{h,cpp} (removed), src/wallet/lelantusjoinsplitbuilder.{h,cpp}, src/hdmint/{wallet.{h,cpp}, tracker.{h,cpp}, mintpool.cpp, hdmint.h}		 Remove Sigma wallet plumbing and DB persistence methods; drop sigmaSpendCoins from join-split APIs; migrate hdmint/tracker/wallet paths to Lelantus types.
RPC & QA tests
src/wallet/rpcwallet.cpp, src/wallet/rpcdump.cpp, src/rpc/rawtransaction.cpp, src/rpc/misc.cpp, qa/pull-tester/rpc-tests.py, qa/rpc-tests/*		 Remove Sigma RPCs and TxToJSON Sigma handling; add/use Lelantus/Spark RPCs; update QA test lists and many rpc-tests (deletions/adjusted block counts and spends).
Qt / UI
src/qt/bitcoingui.cpp, src/qt/walletmodel.cpp, src/qt/walletmodeltransaction.{h,cpp}		 Gate incoming transaction notifications on blockchain sync; remove Sigma includes and sigmaSpendCoins accessor/storage.
Lelantus & liblelantus
src/liblelantus/*, src/lelantus.{cpp,h}, src/bip47/secretpoint.cpp, src/coin_containers.{h,cpp}		 Introduce/adjust liblelantus includes; move or adapt types from sigma→lelantus; update function signatures to Lelantus-only.
Spark tweaks
src/spark/{sparkwallet.{h,cpp}, state.cpp}, src/sparkname.h		 Minor include/header adjustments; small state cleanup; reduce GenerateBlocks counts in related tests.
Tests removed or updated
src/test/*sigma*, src/test/sigma_*, src/test/sigma_lelantus_transition.cpp, src/hdmint/test/hdmint_tests.cpp, many qa/rpc-tests/*		 Remove broad set of Sigma unit/integration tests and HDMint tests; shorten block-generation counts in multiple Lelantus/Spark tests; update test fixtures/includes.
Wallet tests & fixtures
src/test/fixtures.cpp, src/test/test_bitcoin.cpp, src/test/lelantus*_*.cpp, src/test/spark_*		 Replace sigma OpenSSL includes with liblelantus ones; remove sigma state resets; adjust test block counts and state setup.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Node
  participant Validation as CheckTransaction
  participant Lelantus as LelantusChecks
  participant Spark as SparkChecks
  Note over Validation: Sigma validation paths removed
  Node->>Validation: Submit tx (tx, hashTx, ...)
  alt Lelantus JoinSplit
    Validation->>Lelantus: CheckLelantusTransaction(tx, lelantusTxInfo)
    Lelantus-->>Validation: ok / error
  else Spark Spend
    Validation->>Spark: CheckSparkTransaction(tx, sparkTxInfo)
    Spark-->>Validation: ok / error
  else Standard tx
    Validation-->>Node: Standard checks
  end
  Validation-->>Node: Accept / Reject
Loading 
sequenceDiagram
  autonumber
  participant Wallet
  participant Builder as LelantusJoinSplitBuilder
  participant State as LelantusState
  participant Mempool

  Note over Wallet: API no longer accepts Sigma inputs
  Wallet->>Builder: CreateLelantusJoinSplit(recipients, coinControl)
  Builder->>State: Gather spendable Lelantus coins
  Builder-->>Wallet: spendCoins, mintCoins, tx, fee
  Wallet->>Mempool: Commit and broadcast tx
  Mempool-->>Wallet: Accepted / Rejected
Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120+ minutes

Possibly related PRs

Suggested reviewers

  • aleflm
  • psolstice

Poem

Hop-hop, I cleared a tangled den,
Sigma gone — Lelantus leads again.
Tests trimmed short, build files swept neat,
Spark warms the path with quicker feet.
A rabbit’s nibble: tidy code, sweet treat 🥕

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings, 1 inconclusive)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The pull request lacks any description and does not follow the repository’s required template. It is missing the “PR intention” section that explains the purpose and high-level changes and the “Code changes brief” section that summarizes key architectural or UX impacts. Without this information, reviewers cannot easily understand the goals or scope of the changes. Please complete the description using the provided template, adding a clear “PR intention” summary that describes what the PR does and why, and a “Code changes brief” section that highlights the main architectural or UX changes. Ensuring both sections are filled will give reviewers the context they need to evaluate the patch.
Docstring Coverage ⚠️ Warning Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
Title Check ❓ Inconclusive The title “Sigma strip” is a brief noun phrase that does not clearly summarize the main change. It lacks a verb and context to indicate what aspect of Sigma is being stripped and why. A teammate scanning history may not understand the scope of the removal or the intent from this sparse title alone. Please update the pull request title to a concise sentence that clearly describes the primary change, for example “Remove Sigma support from codebase” or “Strip Sigma integration and tests”. Using active phrasing with a verb and specifying what is being removed or updated will help teammates understand the change at a glance.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch sigma-strip

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 20

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (10)
src/hdmint/tracker.cpp (1)

96-102: Fix missing isArchived argument in AddLelantus call

AddLelantus takes four parameters. This new call only supplies three, which will fail to compile. Please pass the isArchived flag explicitly (e.g., false) as in the other call sites.

-        AddLelantus(walletdb, dMint, false);
+        AddLelantus(walletdb, dMint, false, false);
src/hdmint/wallet.cpp (2)

106-112: Update error text to reflect Lelantus.

Message still says "sigmamint".

Apply:

-        throw std::runtime_error("Unable to create sigmamint from seed in mint regeneration.");
+        throw std::runtime_error("Unable to create Lelantus mint from seed in mint regeneration.");

431-442: Fix typos in logs ("mind" -> "mint").

Small logging nits.

Apply:

-        LogPrintf("%s: Wallet not locked, creating mind seed..\n", __func__);
+        LogPrintf("%s: Wallet not locked, creating mint seed..\n", __func__);
...
-        LogPrintf("%s: Wallet locked, retrieving mind seed..\n", __func__);
+        LogPrintf("%s: Wallet locked, retrieving mint seed..\n", __func__);
src/batchproof_container.cpp (1)

125-131: Zero-thread bug when hardware_concurrency() returns 0

threadsMaxCount can become 0, causing an infinite loop (j += 0) and invalid thread pool size.

Apply:

-    std::size_t threadsMaxCount = std::min((unsigned int)lelantusSigmaProofs.size(), boost::thread::hardware_concurrency());
+    std::size_t threadsMaxCount = std::min<std::size_t>(
+        lelantusSigmaProofs.size(),
+        std::max(1u, boost::thread::hardware_concurrency())
+    );
src/validation.cpp (1)

2543-2555: Bug: Spark fee is overwrite, not accumulated (breaks fee accounting on disconnect).

In DisconnectBlock, Spark branch assigns instead of accumulates:
nFees = spark::ParseSparkSpend(tx).getFee();

This overwrites previous fees and corrupts total fee calculation for the block.

-        else if (tx.IsSparkSpend()) {
+        else if (tx.IsSparkSpend()) {
             try {
-                nFees = spark::ParseSparkSpend(tx).getFee();
+                nFees += spark::ParseSparkSpend(tx).getFee();
             }
             catch (const std::exception &) {
                 // do nothing
             }
         }
src/lelantus.cpp (1)

447-585: Do not short-circuit Sigma→Lelantus joinsplit processing.

This return makes every sigma→Lelantus joinsplit bypass the rest of the routine, so we never validate the proof, we skip duplicate-serial detection, and—critically—we never populate lelantusTxInfo->mints / spentSerials. During an initial sync (or any reorg that replays blocks prior to nSigmaEndBlock) the migration transactions will therefore fail to register their minted coins, leaving the anonymity-set state inconsistent and breaking subsequent Lelantus spends. It also opens the door to accepting an invalid historical block that contains a bogus migration proof. Please keep processing (and verifying) these joinsplits; only remove the parts that truly depended on sigmaTxInfo, but still execute the mint/serial handling below.

-    if (joinsplit->isSigmaToLelantus()) {
-        return true;
-    }
src/wallet/wallet.cpp (4)

1467-1506: Potential null dereferences: zwallet/sparkWallet used without checks in AbandonTransaction.

This block assumes zwallet and sparkWallet are always initialized. On watch-only or non-HD wallets these can be null, leading to crashes.

Guard usage:

-        if (wtx.tx->IsLelantusJoinSplit()) {
+        if (wtx.tx->IsLelantusJoinSplit() && zwallet) {
...
-        } else if (wtx.tx->IsSparkSpend()) {
+        } else if (wtx.tx->IsSparkSpend() && sparkWallet) {
...
-        if (wtx.tx->IsLelantusMint()) {
+        if (wtx.tx->IsLelantusMint() && zwallet) {
...
-        if (wtx.tx->IsSparkTransaction()) {
+        if (wtx.tx->IsSparkTransaction() && sparkWallet) {

Also consider early-continue if parsing fails rather than continue; from the outer loop where it may skip necessary cleanup.

3236-3249: Broken proof generation: using uninitialized secret key.

mint is never populated; ecdsaSecretKey = mint.ecdsaSecretKey; reads an empty key, making signing fail.

Fix by loading the mint from the serial and ensuring the wallet is unlocked:

-            CLelantusEntry mint;
-            uint256 hashSerial = primitives::GetSerialHash(serial);
-            std::vector<unsigned char> ecdsaSecretKey;
-            ecdsaSecretKey = mint.ecdsaSecretKey;
+            CLelantusEntry mint;
+            uint256 hashSerial = primitives::GetSerialHash(serial);
+            std::vector<unsigned char> ecdsaSecretKey;
+            if (!GetMint(hashSerial, mint /* forEstimation = */ false)) {
+                // Wallet locked or mint not found
+                return std::vector<unsigned char>();
+            }
+            ecdsaSecretKey = mint.ecdsaSecretKey;
+            if (ecdsaSecretKey.empty()) {
+                return std::vector<unsigned char>();
+            }

Optionally throw a clear error if locked: “Unlock wallet to generate ownership proof.”

4879-4886: Wrong precondition: Spark functions call EnsureMintWalletAvailable().

Spark spend/name creation should check Spark wallet, not HD mint wallet.

Fix:

-    // sanity check
-    EnsureMintWalletAvailable();
+    // sanity check
+    EnsureSparkWalletAvailable();

Apply to both CreateSparkSpendTransaction and CreateSparkNameTransaction.

@@
 CWalletTx CWallet::CreateSparkSpendTransaction(
@@
-    // sanity check
-    EnsureMintWalletAvailable();
+    // sanity check
+    EnsureSparkWalletAvailable();
@@
 CWalletTx CWallet::CreateSparkNameTransaction(
@@
-    // sanity check
-    EnsureMintWalletAvailable();
+    // sanity check
+    EnsureSparkWalletAvailable();

Also applies to: 4895-4901

4950-4966: Possible invalid iterator deref in LelantusToSpark.

After coins.erase(coin); the list can be empty, but the next line unconditionally uses coins.begin()->amount.

Guard against emptiness before accessing:

-             if ((spendValue + coins.begin()->amount) > Params().GetConsensus().nMaxValueLelantusSpendPerTransaction)
+             if (coins.empty() || (spendValue + coins.begin()->amount) > Params().GetConsensus().nMaxValueLelantusSpendPerTransaction)
                  break;
🧹 Nitpick comments (19)
src/qt/bitcoingui.cpp (1)

1156-1161: Gate incoming TX notifications on blockchain sync.

Intentional UX change to reduce noise during sync. Consider (optionally) queuing a subtle in-app badge for suppressed notifications to avoid missing early receipts.

src/wallet/lelantusjoinsplitbuilder.cpp (2)

200-203: Input limit check is now Lelantus-only.

Redundant with GetCoinsToJoinSplit enforcing the same limits; safe to keep as a guard, or drop for less duplication.

-        if ((spendCoins.size()) > consensusParams.nMaxLelantusInputPerTransaction)
-            throw std::invalid_argument(
-                    _("Number of inputs is bigger then limit."));
+        // Defensive: GetCoinsToJoinSplit enforces this; keep or remove per preference.
+        if (spendCoins.size() > consensusParams.nMaxLelantusInputPerTransaction)
+            throw std::invalid_argument(_("Number of inputs exceeds limit."));

405-409: Version gating simplified; consider centralizing payload/version selection.

You check nLelantusV3PayloadStartBlock here and earlier in Build. Factor into a small helper to avoid drift.

-    {
-        if (chainActive.Height() >= Params().GetConsensus().nLelantusV3PayloadStartBlock)
-            version = LELANTUS_TX_TPAYLOAD;
-        else
-            version = LELANTUS_TX_VERSION_4_5;
-    }
+    version = (chainActive.Height() >= Params().GetConsensus().nLelantusV3PayloadStartBlock)
+              ? LELANTUS_TX_TPAYLOAD
+              : LELANTUS_TX_VERSION_4_5;

Outside this hunk (for clarity), you could add:

// File-local helper (optional)
static inline bool UseLelantusV3Payload() {
    return chainActive.Height() >= Params().GetConsensus().nLelantusV3PayloadStartBlock;
}

And reuse it in both places.

src/Makefile.test.include (1)

205-207: Test linker inputs: deduplicate LIBBITCOIN_CONSENSUS
LIBBITCOIN_CONSENSUS is listed twice (lines 205 & 212); harmless but redundant—consider removing the duplicate.

src/qt/automintmodel.cpp (1)

74-92: Unused coin selection work (minor).

The CCoinControl with selected outputs isn’t used anymore after the refactor. Consider removing this block for clarity.

src/batchproof_container.h (2)

60-62: Key type changed; update comment and ensure all call sites match.

The containers now key on (id, afterFixes) only. The comment still references fIsSigmaToLelantus.

Apply:

-    // map ((id, afterFixes), fIsSigmaToLelantus) to (sigma proof, serial, set size, challenge)
+    // map (id, afterFixes) -> lelantus sigma proofs (Sigma->Lelantus path no longer batched)

Also verify corresponding .cpp logic and callers use std::map<std::pair<uint32_t, bool>, ...>.

Also applies to: 68-69

1-8: Header self-sufficiency (minor).

Consider explicitly including , , and <unordered_map> to make this header independent of transitive includes.

src/hdmint/wallet.cpp (1)

523-549: Prefer using the Lelantus commit helper and ensure secp context is included.

  • Consider using LelantusPrimitives::commit for clarity/consistency.
  • Verify OpenSSLContext header is included transitively; otherwise add the correct header for get_context().

Possible tweak:

-    commit =  coin.getParams()->get_g() * coin.getSerialNumber() + coin.getParams()->get_h0() * coin.getRandomness();
+    commit = LelantusPrimitives::commit(
+        coin.getParams()->get_g(),
+        coin.getSerialNumber(),
+        coin.getParams()->get_h0(),
+        coin.getRandomness());

And confirm include:

// if not already present via lelantus.h
#include "liblelantus/lelantus_primitives.h"
src/chain.h (1)

540-544: Serialized shape changed indirectly via key type

READWRITE(sigmaMintedPubCoins) and READWRITE(sigmaSpentSerials) persist to disk. With the new key and value types, verify that reindex is not required or gate deserialization by version/height if needed.

If backward compatibility is required, consider custom serializers to normalize the denom key to int32 on the wire.

src/batchproof_container.cpp (1)

59-63: Key tuple comment is stale

Comment references pair(pair(set id, fAfterFixes), isSigmaToLelantus) but the key is now (set id, fStartLelantusBlacklist).

Update the comment to reflect the actual key.

src/test/lelantus_tests.cpp (1)

598-600: Duplicate validation calls: intentional?

Two consecutive CheckLelantusTransaction calls with the same args populate info twice. If this is for idempotency, add a brief comment; otherwise, consider removing one to speed tests.

Also applies to: 613-615

src/hdmint/wallet.h (1)

47-47: API naming consistency and clarity (rename params).

  • Line 47: The param name bnValue no longer reflects its meaning; it’s a Pedersen commitment. Prefer commit for clarity.
  • Line 40: The param is named sigma but its type is CLelantusEntry. Rename to lelantusEntry or entry to avoid confusion.

Apply:

-    bool RegenerateMint(CWalletDB& walletdb, const CHDMint& dMint, CLelantusEntry& sigma, bool forEstimation = false);
+    bool RegenerateMint(CWalletDB& walletdb, const CHDMint& dMint, CLelantusEntry& lelantusEntry, bool forEstimation = false);

-    bool SeedToMint(const uint512& mintSeed, GroupElement& bnValue, lelantus::PrivateCoin& coin);
+    bool SeedToMint(const uint512& mintSeed, GroupElement& commit, lelantus::PrivateCoin& coin);

Also applies to: 40-40

src/validation.cpp (4)

1221-1229: Fix inconsistent error messages for Spark paths.

  • Lines 1225/1229: Spark branch says “joinsplit” in errors.
  • Lines 2338-2343: Spark branch error mentions Lelantus.
-                catch (CBadTxIn&) {
-                    return state.DoS(0, false, REJECT_INVALID, "unable to parse joinsplit");
+                catch (CBadTxIn&) {
+                    return state.DoS(0, false, REJECT_INVALID, "unable to parse spark spend");
                 }
                 catch (const std::exception &) {
-                    return state.DoS(0, false, REJECT_INVALID, "failed to deserialize joinsplit");
+                    return state.DoS(0, false, REJECT_INVALID, "failed to deserialize spark spend");
                 }
     } else if (tx.IsSparkSpend()) {
         if(tx.vin.size() > 1) {
             return state.DoS(
                     100, false,
                     REJECT_MALFORMED,
-                    " Can't mix Lelantus joinsplit input with regular ones or have more than one input");
+                    " Can't mix Spark spend input with regular ones or have more than one input");
         }
     }

Also applies to: 2331-2343

875-876: Clarify log: the value logged isn’t “IsSpend”.

You log “tx.IsSpend()” but pass IsLelantusJoinSplit(). Either change the label or log both Lelantus/Spark flags.

-    LogPrintf("AcceptToMemoryPoolWorker(), tx.IsSpend()=%s, fTestNet=%s\n", ptx->IsLelantusJoinSplit(), fTestNet);
+    LogPrintf("AcceptToMemoryPoolWorker(), IsLelantusJoinSplit=%s IsSparkSpend=%s, fTestNet=%s\n",
+              ptx->IsLelantusJoinSplit(), ptx->IsSparkSpend(), fTestNet);

2958-2960: Typos/stale references in comments (“signa”/“sigma”).

  • Line 2958: “signa/lelantus” -> “lelantus/spark”.
  • Line 3173: “sigma/lelantus” -> “lelantus/spark”.
-            // Check transaction against signa/lelantus state
+            // Check transaction against lelantus/spark state
-    // Erase conflicting sigma/lelantus txs from the mempool
+    // Erase conflicting lelantus/spark txs from the mempool

Also applies to: 3173-3177

1037-1041: Explicitly specify the new CheckTransaction parameters
Add the 8th (fStatefulZerocoinCheck) and info pointer args instead of relying on defaults:

-    if (!CheckTransaction(tx, state, true, hash, false, INT_MAX, isCheckWalletTransaction)) {
+    if (!CheckTransaction(tx, state, true, hash, false, INT_MAX, isCheckWalletTransaction,
+                          false /* fStatefulZerocoinCheck */, nullptr, nullptr)) {
src/coin_containers.h (1)

30-34: Unify Scalar typing and guard against ODR/namespace mismatches.

Header uses secp_primitives::Scalar while coin_containers.cpp shows unqualified Scalar. Provide a local alias to keep both consistent.

Also, add missing includes for serialization macros and uint256.

-// Custom hash for Scalar values.
-struct CScalarHash {
-    std::size_t operator()(const secp_primitives::Scalar& bn) const noexcept;
-};
+// Custom hash for Scalar values.
+using Scalar = secp_primitives::Scalar;
+struct CScalarHash {
+    std::size_t operator()(const Scalar& bn) const noexcept;
+};

Additionally add at the top of this header:

  • #include "serialize.h"
  • #include "uint256.h"

Please verify coin_containers.cpp is within namespace lelantus and matches the updated signature (CScalarHash::operator()(const Scalar&)). If not, adjust accordingly.

src/wallet/wallet.cpp (2)

4299-4306: EraseFromWallet should notify observers.

Erasing a tx from mapWallet without emitting NotifyTransactionChanged(..., CT_DELETED) can leave UI/consumers stale. Suggest:

     {
         LOCK(cs_wallet);
-        if (mapWallet.erase(hash))
-            CWalletDB(strWalletFile).EraseTx(hash);
+        if (mapWallet.erase(hash)) {
+            CWalletDB(strWalletFile).EraseTx(hash);
+            NotifyTransactionChanged(this, hash, CT_DELETED);
+        }
     }

6061-6061: Help text still references Sigma.

Optionally update "-zapwalletmints" description to reflect Lelantus/Spark instead of Sigma to avoid user confusion.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fcb12f1 and 9a6839c.

📒 Files selected for processing (133)
  • qa/pull-tester/rpc-tests.py (1 hunks)
  • qa/rpc-tests/bip47-sendreceive.py (1 hunks)
  • qa/rpc-tests/hdmint_mempool_zap.py (0 hunks)
  • qa/rpc-tests/lelantus_mint.py (0 hunks)
  • qa/rpc-tests/lelantus_mintspend.py (1 hunks)
  • qa/rpc-tests/lelantus_setmintstatus_validation.py (1 hunks)
  • qa/rpc-tests/lelantus_spend_gettransaction.py (1 hunks)
  • qa/rpc-tests/llmq-is-lelantus.py (0 hunks)
  • qa/rpc-tests/llmq-is-spark.py (1 hunks)
  • qa/rpc-tests/sigma_blocklimit.py (0 hunks)
  • qa/rpc-tests/sigma_listsigmamints_validation.py (0 hunks)
  • qa/rpc-tests/sigma_listsigmaspends_validation.py (0 hunks)
  • qa/rpc-tests/sigma_listunspentmints_sigma_validation.py (0 hunks)
  • qa/rpc-tests/sigma_meetspend.py (0 hunks)
  • qa/rpc-tests/sigma_mint_validation.py (0 hunks)
  • qa/rpc-tests/sigma_mintspend.py (0 hunks)
  • qa/rpc-tests/sigma_nonhd_wallet.py (0 hunks)
  • qa/rpc-tests/sigma_resetsigmamint_validation.py (0 hunks)
  • qa/rpc-tests/sigma_setsigmamintstatus_validation.py (0 hunks)
  • qa/rpc-tests/sigma_spend_extra_validation.py (0 hunks)
  • qa/rpc-tests/sigma_spend_gettransaction.py (0 hunks)
  • qa/rpc-tests/sigma_spend_validation.py (0 hunks)
  • qa/rpc-tests/sigma_zapwalletmints.py (0 hunks)
  • qa/rpc-tests/sigma_zapwalletmints_unconf_trans.py (0 hunks)
  • qa/rpc-tests/spark_mint.py (1 hunks)
  • qa/rpc-tests/spark_mintspend.py (3 hunks)
  • qa/rpc-tests/spark_setmintstatus_validation.py (1 hunks)
  • qa/rpc-tests/spark_spend_gettransaction.py (1 hunks)
  • qa/rpc-tests/transactions_verification_after_restart.py (2 hunks)
  • qa/rpc-tests/wallet_dumpsigma.py (0 hunks)
  • src/CMakeLists.txt (0 hunks)
  • src/Makefile.am (0 hunks)
  • src/Makefile.bench.include (0 hunks)
  • src/Makefile.qt.include (1 hunks)
  • src/Makefile.qttest.include (1 hunks)
  • src/Makefile.test.include (2 hunks)
  • src/batchproof_container.cpp (3 hunks)
  • src/batchproof_container.h (1 hunks)
  • src/bip47/secretpoint.cpp (1 hunks)
  • src/chain.h (4 hunks)
  • src/chainparams.cpp (2 hunks)
  • src/coin_containers.cpp (1 hunks)
  • src/coin_containers.h (1 hunks)
  • src/hdmint/hdmint.h (0 hunks)
  • src/hdmint/mintpool.cpp (1 hunks)
  • src/hdmint/test/hdmint_tests.cpp (0 hunks)
  • src/hdmint/tracker.cpp (3 hunks)
  • src/hdmint/tracker.h (1 hunks)
  • src/hdmint/wallet.cpp (4 hunks)
  • src/hdmint/wallet.h (1 hunks)
  • src/init.cpp (0 hunks)
  • src/lelantus.cpp (8 hunks)
  • src/lelantus.h (3 hunks)
  • src/liblelantus/coin.cpp (1 hunks)
  • src/liblelantus/coin.h (1 hunks)
  • src/liblelantus/joinsplit.cpp (1 hunks)
  • src/liblelantus/test/joinsplit_tests.cpp (1 hunks)
  • src/miner.cpp (0 hunks)
  • src/primitives/mint_spend.h (1 hunks)
  • src/qt/automintmodel.cpp (2 hunks)
  • src/qt/bitcoingui.cpp (1 hunks)
  • src/qt/sparkmodel.cpp (1 hunks)
  • src/qt/walletmodel.cpp (0 hunks)
  • src/qt/walletmodeltransaction.cpp (0 hunks)
  • src/qt/walletmodeltransaction.h (0 hunks)
  • src/rpc/misc.cpp (0 hunks)
  • src/rpc/rawtransaction.cpp (0 hunks)
  • src/sigma.cpp (0 hunks)
  • src/sigma.h (0 hunks)
  • src/sigma/coin.cpp (0 hunks)
  • src/sigma/coin.h (0 hunks)
  • src/sigma/coinspend.cpp (0 hunks)
  • src/sigma/coinspend.h (0 hunks)
  • src/sigma/params.cpp (0 hunks)
  • src/sigma/params.h (0 hunks)
  • src/sigma/r1_proof.h (0 hunks)
  • src/sigma/r1_proof_generator.h (0 hunks)
  • src/sigma/r1_proof_generator.hpp (0 hunks)
  • src/sigma/r1_proof_verifier.h (0 hunks)
  • src/sigma/r1_proof_verifier.hpp (0 hunks)
  • src/sigma/sigma_primitives.h (0 hunks)
  • src/sigma/sigma_primitives.hpp (0 hunks)
  • src/sigma/sigmaplus_proof.h (0 hunks)
  • src/sigma/sigmaplus_prover.h (0 hunks)
  • src/sigma/sigmaplus_prover.hpp (0 hunks)
  • src/sigma/sigmaplus_verifier.h (0 hunks)
  • src/sigma/sigmaplus_verifier.hpp (0 hunks)
  • src/sigma/spend_metadata.cpp (0 hunks)
  • src/sigma/spend_metadata.h (0 hunks)
  • src/sigma/test/coin_spend_tests.cpp (0 hunks)
  • src/sigma/test/coin_tests.cpp (0 hunks)
  • src/sigma/test/primitives_tests.cpp (0 hunks)
  • src/sigma/test/protocol_tests.cpp (0 hunks)
  • src/sigma/test/r1_test.cpp (0 hunks)
  • src/sigma/test/serialize_test.cpp (0 hunks)
  • src/sigma/test/sigma_primitive_types_test.cpp (0 hunks)
  • src/spark/sparkwallet.cpp (1 hunks)
  • src/spark/sparkwallet.h (1 hunks)
  • src/spark/state.cpp (0 hunks)
  • src/sparkname.h (0 hunks)
  • src/test/CMakeLists.txt (0 hunks)
  • src/test/evospork_tests.cpp (0 hunks)
  • src/test/fixtures.cpp (2 hunks)
  • src/test/lelantus_mintspend_test.cpp (3 hunks)
  • src/test/lelantus_state_tests.cpp (1 hunks)
  • src/test/lelantus_tests.cpp (9 hunks)
  • src/test/sigma_lelantus_transition.cpp (0 hunks)
  • src/test/sigma_manymintspend_test.cpp (0 hunks)
  • src/test/sigma_mintspend_numinputs.cpp (0 hunks)
  • src/test/sigma_mintspend_test.cpp (0 hunks)
  • src/test/sigma_partialspend_mempool_tests.cpp (0 hunks)
  • src/test/sigma_state_tests.cpp (0 hunks)
  • src/test/spark_mintspend_test.cpp (1 hunks)
  • src/test/spark_state_test.cpp (6 hunks)
  • src/test/spark_tests.cpp (5 hunks)
  • src/test/test_bitcoin.cpp (0 hunks)
  • src/txdb.cpp (0 hunks)
  • src/validation.cpp (13 hunks)
  • src/validation.h (1 hunks)
  • src/wallet/CMakeLists.txt (0 hunks)
  • src/wallet/lelantusjoinsplitbuilder.cpp (3 hunks)
  • src/wallet/lelantusjoinsplitbuilder.h (0 hunks)
  • src/wallet/rpcdump.cpp (1 hunks)
  • src/wallet/rpcwallet.cpp (1 hunks)
  • src/wallet/sigmaspendbuilder.cpp (0 hunks)
  • src/wallet/sigmaspendbuilder.h (0 hunks)
  • src/wallet/test/CMakeLists.txt (0 hunks)
  • src/wallet/test/lelantus_tests.cpp (2 hunks)
  • src/wallet/test/sigma_tests.cpp (0 hunks)
  • src/wallet/wallet.cpp (18 hunks)
  • src/wallet/wallet.h (3 hunks)
  • src/wallet/walletdb.cpp (0 hunks)
  • src/wallet/walletdb.h (0 hunks)
💤 Files with no reviewable changes (80)
  • src/spark/state.cpp
  • src/qt/walletmodeltransaction.h
  • src/txdb.cpp
  • src/sigma/test/coin_tests.cpp
  • src/sparkname.h
  • qa/rpc-tests/sigma_blocklimit.py
  • src/sigma/spend_metadata.h
  • src/sigma/coinspend.h
  • src/qt/walletmodeltransaction.cpp
  • src/qt/walletmodel.cpp
  • src/test/CMakeLists.txt
  • src/sigma/r1_proof.h
  • qa/rpc-tests/sigma_spend_extra_validation.py
  • src/sigma/r1_proof_generator.h
  • src/rpc/misc.cpp
  • src/Makefile.am
  • src/sigma/sigmaplus_prover.hpp
  • qa/rpc-tests/sigma_zapwalletmints.py
  • src/wallet/sigmaspendbuilder.h
  • src/sigma/sigmaplus_proof.h
  • src/miner.cpp
  • src/init.cpp
  • src/test/sigma_state_tests.cpp
  • src/sigma/test/coin_spend_tests.cpp
  • qa/rpc-tests/sigma_zapwalletmints_unconf_trans.py
  • qa/rpc-tests/lelantus_mint.py
  • src/wallet/walletdb.h
  • src/sigma/test/r1_test.cpp
  • src/CMakeLists.txt
  • src/wallet/test/CMakeLists.txt
  • qa/rpc-tests/sigma_nonhd_wallet.py
  • src/sigma/sigma_primitives.hpp
  • qa/rpc-tests/llmq-is-lelantus.py
  • src/sigma/test/serialize_test.cpp
  • src/wallet/lelantusjoinsplitbuilder.h
  • src/sigma/r1_proof_verifier.hpp
  • src/sigma/params.cpp
  • src/sigma/test/sigma_primitive_types_test.cpp
  • src/rpc/rawtransaction.cpp
  • src/test/sigma_partialspend_mempool_tests.cpp
  • src/test/sigma_manymintspend_test.cpp
  • src/sigma/params.h
  • qa/rpc-tests/sigma_meetspend.py
  • src/sigma/sigma_primitives.h
  • src/wallet/CMakeLists.txt
  • src/test/evospork_tests.cpp
  • src/wallet/test/sigma_tests.cpp
  • src/hdmint/test/hdmint_tests.cpp
  • qa/rpc-tests/wallet_dumpsigma.py
  • src/test/sigma_mintspend_numinputs.cpp
  • qa/rpc-tests/sigma_mint_validation.py
  • src/test/sigma_mintspend_test.cpp
  • src/sigma/r1_proof_verifier.h
  • src/wallet/sigmaspendbuilder.cpp
  • qa/rpc-tests/sigma_spend_gettransaction.py
  • qa/rpc-tests/sigma_spend_validation.py
  • qa/rpc-tests/sigma_listsigmamints_validation.py
  • src/sigma/sigmaplus_verifier.hpp
  • src/sigma/test/protocol_tests.cpp
  • src/sigma/spend_metadata.cpp
  • qa/rpc-tests/sigma_listsigmaspends_validation.py
  • qa/rpc-tests/sigma_setsigmamintstatus_validation.py
  • src/sigma/sigmaplus_prover.h
  • src/sigma/coin.cpp
  • src/sigma/coinspend.cpp
  • src/test/test_bitcoin.cpp
  • src/sigma/sigmaplus_verifier.h
  • qa/rpc-tests/hdmint_mempool_zap.py
  • qa/rpc-tests/sigma_resetsigmamint_validation.py
  • src/sigma/test/primitives_tests.cpp
  • src/hdmint/hdmint.h
  • src/sigma/r1_proof_generator.hpp
  • src/sigma.h
  • qa/rpc-tests/sigma_listunspentmints_sigma_validation.py
  • src/sigma.cpp
  • src/sigma/coin.h
  • src/Makefile.bench.include
  • qa/rpc-tests/sigma_mintspend.py
  • src/wallet/walletdb.cpp
  • src/test/sigma_lelantus_transition.cpp
👮 Files not reviewed due to content moderation or server errors (6)
  • src/liblelantus/joinsplit.cpp
  • src/Makefile.qttest.include
  • src/liblelantus/coin.cpp
  • qa/rpc-tests/bip47-sendreceive.py
  • src/test/spark_mintspend_test.cpp
  • src/test/spark_tests.cpp
🧰 Additional context used
🧬 Code graph analysis (19)
src/wallet/test/lelantus_tests.cpp (1)
src/test/fixtures.cpp (4)
  • GenerateBlocks (230-234)
  • GenerateBlocks (230-230)
  • GenerateBlocks (329-333)
  • GenerateBlocks (329-329)
src/test/spark_mintspend_test.cpp (1)
src/test/fixtures.cpp (4)
  • GenerateBlocks (230-234)
  • GenerateBlocks (230-230)
  • GenerateBlocks (329-333)
  • GenerateBlocks (329-329)
src/liblelantus/coin.h (2)
src/liblelantus/coin.cpp (2)
  • PublicCoin (13-14)
  • PublicCoin (16-18)
src/secp256k1/include/GroupElement.h (1)
  • GroupElement (16-122)
src/test/lelantus_mintspend_test.cpp (1)
src/test/fixtures.cpp (4)
  • GenerateBlocks (230-234)
  • GenerateBlocks (230-230)
  • GenerateBlocks (329-333)
  • GenerateBlocks (329-329)
src/lelantus.cpp (2)
src/secp256k1/src/cpp/Scalar.cpp (2)
  • i (65-68)
  • i (65-65)
src/test/lelantus_state_tests.cpp (8)
  • state (53-76)
  • state (53-53)
  • state (78-95)
  • state (78-79)
  • state (97-101)
  • state (97-97)
  • state (510-510)
  • state (555-555)
src/test/spark_tests.cpp (1)
src/test/fixtures.cpp (4)
  • GenerateBlocks (230-234)
  • GenerateBlocks (230-230)
  • GenerateBlocks (329-333)
  • GenerateBlocks (329-329)
src/validation.cpp (2)
src/test/lelantus_tests.cpp (4)
  • tx (79-98)
  • tx (79-81)
  • block (109-121)
  • block (109-112)
src/lelantus.cpp (6)
  • CheckLelantusTransaction (670-760)
  • CheckLelantusTransaction (670-678)
  • ConnectBlockLelantus (860-958)
  • ConnectBlockLelantus (860-865)
  • GetState (1674-1676)
  • GetState (1674-1674)
src/batchproof_container.cpp (1)
src/lelantus.cpp (2)
  • GetState (1674-1676)
  • GetState (1674-1674)
src/validation.h (3)
src/validation.cpp (2)
  • CheckTransaction (645-794)
  • CheckTransaction (645-645)
src/lelantus.h (2)
  • lelantus (19-309)
  • CLelantusTxInfo (22-42)
src/spark/state.h (2)
  • spark (18-275)
  • CSparkTxInfo (21-43)
src/coin_containers.h (1)
src/coin_containers.cpp (2)
  • bn (7-18)
  • bn (7-7)
src/hdmint/wallet.cpp (1)
src/liblelantus/lelantus_primitives.cpp (6)
  • commit (59-66)
  • commit (59-63)
  • commit (68-74)
  • commit (68-72)
  • commit (183-194)
  • commit (183-190)
src/test/lelantus_tests.cpp (2)
src/test/fixtures.cpp (4)
  • GenerateBlocks (230-234)
  • GenerateBlocks (230-230)
  • GenerateBlocks (329-333)
  • GenerateBlocks (329-329)
src/test/lelantus_state_tests.cpp (8)
  • state (53-76)
  • state (53-53)
  • state (78-95)
  • state (78-79)
  • state (97-101)
  • state (97-97)
  • state (510-510)
  • state (555-555)
src/hdmint/wallet.h (3)
src/hdmint/wallet.cpp (3)
  • SeedToMint (523-549)
  • SeedToMint (523-523)
  • coin (434-434)
src/liblelantus/coin.h (1)
  • PrivateCoin (93-137)
src/liblelantus/coin.cpp (2)
  • PrivateCoin (45-49)
  • PrivateCoin (51-64)
qa/rpc-tests/transactions_verification_after_restart.py (2)
src/rpc/mining.cpp (2)
  • generate (203-237)
  • generate (203-203)
src/wallet/rpcwallet.cpp (6)
  • getsparkdefaultaddress (3343-3365)
  • getsparkdefaultaddress (3343-3343)
  • mintspark (3577-3692)
  • mintspark (3577-3577)
  • spendspark (3730-3878)
  • spendspark (3730-3730)
src/lelantus.h (3)
src/liblelantus/coin.h (1)
  • lelantus (60-139)
src/coin_containers.h (1)
  • lelantus (9-49)
src/lelantus.cpp (2)
  • GetMempoolCoinSerials (1698-1701)
  • GetMempoolCoinSerials (1698-1698)
src/wallet/wallet.cpp (2)
src/lelantus.cpp (6)
  • ParseLelantusMintScript (160-184)
  • ParseLelantusMintScript (160-160)
  • ParseLelantusMintScript (218-228)
  • ParseLelantusMintScript (218-218)
  • GetState (1674-1676)
  • GetState (1674-1674)
src/wallet/walletdb.h (1)
  • CWalletDB (185-366)
src/chain.h (2)
src/liblelantus/coin.h (3)
  • sigma (10-57)
  • PublicCoin (11-37)
  • PublicCoin (62-91)
src/secp256k1/src/cpp/Scalar.cpp (6)
  • Scalar (21-24)
  • Scalar (26-40)
  • Scalar (42-45)
  • Scalar (47-50)
  • Scalar (52-55)
  • Scalar (57-59)
src/wallet/wallet.h (2)
src/wallet/wallet.cpp (4)
  • CommitLelantusTransaction (5041-5124)
  • CommitLelantusTransaction (5041-5041)
  • EstimateJoinSplitFee (4993-5039)
  • EstimateJoinSplitFee (4993-4997)
src/hdmint/hdmint.h (1)
  • CHDMint (16-68)
src/batchproof_container.h (2)
src/libspark/spend_transaction.h (1)
  • vector (57-97)
src/liblelantus/joinsplit.h (1)
  • lelantus (8-141)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
  • GitHub Check: build-guix-x86_64-apple-darwin
  • GitHub Check: build-guix-arm64-apple-darwin
  • GitHub Check: build-guix-x86_64-w64-mingw32
  • GitHub Check: build-guix-x86_64-linux-gnu
  • GitHub Check: build-guix-aarch64-linux-gnu
  • GitHub Check: build-mac-cmake
  • GitHub Check: build-windows-cmake
  • GitHub Check: build-linux-cmake
🔇 Additional comments (51)
src/liblelantus/test/joinsplit_tests.cpp (1)

3-3: Include path adjustment looks correct.

../openssl_context.h points at the relocated Lelantus OpenSSL context header, so the test suite should still compile once Sigma is gone.

src/bip47/secretpoint.cpp (1)

1-3: No action needed for include paths
Both liblelantus/coin.h and liblelantus/openssl_context.h are present in the repository; the existing includes are correct.

Likely an incorrect or invalid review comment.

src/test/fixtures.cpp (1)

19-19: Header update aligns with the relocated OpenSSLContext.

Including liblelantus/openssl_context.h keeps the OpenSSLContext symbol available after the Sigma removal. Looks good.

src/wallet/test/lelantus_tests.cpp (3)

363-365: LGTM: clear minted pubcoins before state update.

Prevents stale entries from leaking across index reuse.

39-39: 110 blocks satisfy coinbase maturity (100) and regtest nLelantusStartBlock = 1.

252-252: Spend test: verify coinbase maturity and activation heights
Ensure COINBASE_MATURITY (default 100) ≤ 150 and regtest consensus params—nLelantusStartBlock, nLelantusFixesStartBlock, nLelantusV3PayloadStartBlock—all ≤ 150.

src/test/lelantus_state_tests.cpp (1)

363-365: LGTM: explicit cleanup before AddMintsToStateAndBlockIndex.

Keeps index state deterministic for the test.

src/Makefile.test.include (2)

226-226: Fuzzy LDFLAGS simplified.

Looks fine; ensure no reliance on previously removed flags for fuzz target.

232-232: Add LIBBITCOIN_SERVER to fuzzy target—good catch.

Prevents missing symbols for server components used in fuzz harness.

src/wallet/lelantusjoinsplitbuilder.cpp (1)

129-129: Fee estimation restricted to Lelantus coins—LGTM.

Matches Sigma removal and keeps downstream logic consistent.

src/Makefile.qt.include (1)

510-512: Sigma library references removed; test static linking
No LIBFIRO_SIGMA usages remain in Makefile includes. Confirm a full -static/-pie build to ensure no unresolved symbols.

src/wallet/rpcdump.cpp (1)

579-583: Switch to Lelantus-only tracker listing verifiedListLelantusMints(false, false) is defined with fUpdateStatus=true by default, matching the prior ListMints(false, false) refresh behavior, and its return value isn’t used.

src/hdmint/mintpool.cpp (1)

6-6: Header swap looks fine.

Switching the include to lelantus.h aligns this mint pool with the rest of the Sigma→Lelantus migration.

src/qt/sparkmodel.cpp (1)

36-51: Looks good: faster LMint sum.

Replacing the manual loop with the wallet helper trims unnecessary work and keeps the locking discipline intact.

src/test/spark_state_test.cpp (2)

75-76: Block count tweak is fine.

Staying at 500 keeps the anonymity-set setup intact for this unit test.

330-368: sparkMintedCoins.clear() is necessary for the fresh state.

Clearing the cached coins on the block index avoids duplicating entries when the helper injects them again—nice catch.

src/chainparams.cpp (3)

1233-1233: Sigma activation window collapses to a single block; verify interval semantics.

With nSigmaStartBlock = 1 and nSigmaEndBlock = 1, Sigma is effectively disabled. If consensus checks expect start < end (or inclusive ranges), confirm no edge-case evaluation happens at height 1.

Also applies to: 1244-1245

1261-1261: Zerocoin→Sigma remint window size set to 1 for regtest.

Fine for fast tests. Confirm no tests depend on larger windows.

1239-1245: Verify no tests generate fewer than 100 blocks for Lelantus
rg output shows only generate(501) in Spark tests; no legacy generate patterns (801/1000/1001/601) or mintsigma/spendsigma calls found. Manually check that no test invokes generate(<100) for Lelantus activation.

qa/rpc-tests/transactions_verification_after_restart.py (3)

66-66: Pre-activate Spark on regtest (generate(401)).

Matches SparkStartBlock=400 and ensures RPCs won’t fail on “Spark is not activated yet”.

75-79: Switch to Spark mint API and default address usage is correct.

Using getsparkdefaultaddress()[0] and mintspark payloads is consistent with rpcwallet.cpp.

If you want extra safety, assert the array isn’t empty before indexing.

83-88: Updated spendspark payloads look correct.

The single-argument form with explicit subtractFee satisfies the RPC contract.

qa/rpc-tests/spark_mintspend.py (3)

17-17: Shortened pre-activation lead time (generate(401)).

Aligned with regtest SparkStartBlock=400. Good.

59-60: Remove extraneous second argument to spendspark.

Now matches spendspark’s single-argument RPC signature.

84-85: Same signature fix here.

Consistent usage retained.

src/test/lelantus_mintspend_test.cpp (1)

29-29: Confirm the 110-block pre-roll is still sufficient.

If regtest activation/maturity changed in this PR, validate 110 blocks cover Lelantus activation and coinbase maturity for this test.

src/hdmint/wallet.cpp (1)

165-169: LGTM: switched to lelantus::PrivateCoin here.

Change aligns with Sigma removal.

src/primitives/mint_spend.h (1)

13-13: Include switch to Lelantus coin is correct.

Public API now consistently references liblelantus types.

src/coin_containers.cpp (1)

6-35: Hasher/containers migration to Lelantus types looks consistent.

Signatures and namespace updates align with the broader Sigma removal.

src/validation.h (1)

422-422: CheckTransaction signature fully updated; no residual sigma::CSigmaTxInfo parameters in declarations or callers.

src/chain.h (2)

17-17: Header switch to liblelantus: OK

Including liblelantus/coin.h to provide sigma::PublicCoin/CSpendCoinInfo shims is consistent with the Sigma strip.

246-246: Confirm CoinDenomination serialization width before map key change
Changing src/chain.h:246 map key from (sigma::CoinDenomination,int) to (uint8_t,int) alters serialized width unless CoinDenomination was defined as uint8_t. Verify its underlying type and existing on-disk serialization format to ensure backward compatibility.

src/batchproof_container.cpp (1)

56-57: Dropping Sigma→Lelantus proofs: OK

Early-return for isSigmaToLelantus aligns with Sigma removal.

src/test/lelantus_tests.cpp (3)

145-150: Wallet API updates reflected correctly

CreateLelantusJoinSplitTransaction/CommitLelantusTransaction calls match the new signatures and ordering.

347-350: State Reset within test: verify intent

Calling lelantusState->Reset() between mint collection and AddMintsToStateAndBlockIndex changes prior behavior. Ensure this is intended (isolating state for this test) and doesn’t hide regressions relying on cumulative state.

567-571: CheckLelantusTransaction callsite updated: OK

Passing only CLelantusTxInfo* aligns with the signature change.

src/liblelantus/coin.h (1)

9-11: Compatibility guard note: OK

Keeping shim types in namespace sigma here to avoid index breakage is sensible. Ensure no ODR conflicts with removed Sigma headers.

src/lelantus.h (1)

110-110: Hasher switch validated
No lingering sigma::CScalarHash found; all CheckLelantusTransaction call sites remain correct.

src/validation.cpp (1)

751-755: LGTM: core Sigma removal plumbing is consistent.

  • Lelantus checks wired via CheckLelantusTransaction.
  • Sigma spend/mint blocked as intended.
  • New CheckTransaction invocations pass lelantusTxInfo/sparkTxInfo within ConnectBlock/DisconnectTip.
  • ConnectBlock delegates to lelantus::ConnectBlockLelantus and spark::ConnectBlockSpark.

Also applies to: 771-775, 2960-2962, 3091-3093, 3472-3473

src/coin_containers.h (1)

41-48: Approve code changes
No remaining unordered_map<sigma::PublicCoin, …> or sigma::CPublicCoinHash usages; migration to lelantus::PublicCoin is complete.

src/wallet/wallet.cpp (7)

777-777: Sigma mints treated as spent (intent check).

Returning true for Sigma mints effectively excludes them from balance. If the goal is to fully deprecate Sigma, this is fine. Please confirm no remaining flows depend on Sigma UTXOs being considered available.

1731-1738: LGTM: Lelantus mint ownership check with safe parsing.

Graceful parse failure and DB lookup are correct.

2924-2925: API contract check: CLelantusState::HasCoinTag signature.

HasCoinTag(dummyValue, hashForRecover) suggests an overload taking a value and a recovery tag. Please confirm the parameter order/types match the current API to avoid always-true/false results.

4839-4842: Lelantus-only joinsplit flow looks correct.

Signature simplification aligns with Sigma removal.

5024-5026: LGTM: fee size estimate constant updated.

The simplified fee estimate formula is consistent and contained.

5041-5124: LGTM: CommitLelantusTransaction API/flow.

Writing spend serial entries, tracker updates, and notifications appear correct post-Sigma removal.

7149-7154: LGTM: graceful Spark wallet shutdown.

Finishing Spark tasks on shutdown is a good addition.

qa/rpc-tests/spark_mint.py (1)

17-17: Adjusted activation wait looks good.

Mining 501 blocks cleanly pushes the cached regtest chain past the Spark activation threshold while still leaving ample matured coinbase outputs for the subsequent mint funding. 👍

src/spark/sparkwallet.cpp (1)

12-12: Needed include for chainActive.

Bringing in ../chain.h here resolves the direct usage of chainActive/consensus height helpers without relying on transitive includes. Looks right.

src/spark/sparkwallet.h (1)

14-14: Header dependency updated appropriately.

Syncing the header with the implementation by including ../chain.h keeps the declaration self-sufficient for chainActive references. Good call.

src/hdmint/tracker.h (1)

21-52: Lelantus tracker renames/readability win.

The switch to mapLelantusSerialHashes plus the consistent Lelantus-specific method signatures (GetLelantusMetaFromPubcoin, ListLelantusMints, etc.) lines up with the broader Sigma-to-Lelantus migration and keeps the public surface coherent.

coderabbitai[bot]
coderabbitai bot reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
src/Makefile.am (1)

157-157: Deduplicate headers in BITCOIN_CORE_H

threadinterrupt.h (Lines 157, 201) and sparkname.h (Lines 190, 246-247) are listed twice. Clean up to avoid noise in dist targets.

-  threadinterrupt.h \
+  threadinterrupt.h \
...
-  sparkname.h \
+  sparkname.h \
...
-  threadinterrupt.h \
...
-  sparkname.h \

Also applies to: 190-190, 201-201, 246-247

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2c82a27 and 15cd6ed.

📒 Files selected for processing (1)
  • src/Makefile.am (1 hunks)
🔇 Additional comments (2)
src/Makefile.am (2)

733-735: LGTM: liblelantus sources addition is consistent with OpenSSL flags/linking

liblelantus_a_CPPFLAGS pulls $(BITCOIN_INCLUDES) (Lines 693-694), which already includes $(SSL_CFLAGS)/$(CRYPTO_CFLAGS) (Lines 49-54). Final link adds $(SSL_LIBS)/$(CRYPTO_LIBS) for firod (Line 782). No action needed.

81-92: Sanity check passed: no Sigma references remain outside src/liblelantus.

coderabbitai[bot]
coderabbitai bot reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
src/Makefile.am (1)

150-260: Optional cleanup: remove duplicate headers in BITCOIN_CORE_H.

Minor tidy to avoid redundant entries (no behavior change):

  • threadinterrupt.h appears at Line 157 and Line 201
  • sparkname.h appears at Line 189 and Line 247
-  threadinterrupt.h \
+  threadinterrupt.h \
   masternode-utils.h \
@@
-  threadinterrupt.h \
+  /* removed duplicate: threadinterrupt.h */
@@
-  spark/state.h \
-  sparkname.h \
+  spark/state.h \
+  /* removed duplicate: sparkname.h */
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15cd6ed and b065d5f.

📒 Files selected for processing (2)
  • src/Makefile.am (1 hunks)
  • src/test/CMakeLists.txt (0 hunks)
💤 Files with no reviewable changes (1)
  • src/test/CMakeLists.txt
🔇 Additional comments (1)
src/Makefile.am (1)

733-735: Approve Lelantus additions
New files exist in src/liblelantus; openssl_context.h is referenced in fixtures and bip47; no stale Sigma build references in Makefiles; all tests and Qt targets link $(LIBLELANTUS). LGTM.

coderabbitai[bot]
coderabbitai bot reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)
src/wallet/wallet.cpp (3)

3223-3241: Bug: using uninitialized ECDSA secret; can cause out-of-bounds and invalid signatures.

mint is never populated before reading mint.ecdsaSecretKey, so &ecdsaSecretKey[0] is undefined. Load the mint by serial and validate key length before signing.

Apply:

         for (const auto& serial : serials) {
             CLelantusEntry mint;
             uint256 hashSerial = primitives::GetSerialHash(serial);
-            std::vector<unsigned char> ecdsaSecretKey;
-            ecdsaSecretKey = mint.ecdsaSecretKey;
+            // Load the mint metadata for this serial
+            if (!GetMint(hashSerial, mint, /*forEstimation=*/false)) {
+                return std::vector<unsigned char>(); // or throw; keep behavior consistent with earlier early-returns
+            }
+            const std::vector<unsigned char>& ecdsaSecretKey = mint.ecdsaSecretKey;
+            if (ecdsaSecretKey.size() != 32) {
+                return std::vector<unsigned char>(); // invalid key material
+            }

4946-4961: Possible UB: dereferencing coins.begin() after erasing last element.

After coins.erase(coin);, coins can become empty; coins.begin()->amount then UB. Guard emptiness before access.

-            if ((spendValue + coins.begin()->amount) > Params().GetConsensus().nMaxValueLelantusSpendPerTransaction)
-                break;
+            if (coins.empty())
+                break;
+            if ((spendValue + coins.begin()->amount) > Params().GetConsensus().nMaxValueLelantusSpendPerTransaction)
+                break;

4463-4471: Typo in mapMultiArgs key: will throw or ignore -change.

First access uses "change" (no leading dash) while size uses "-change". This can throw out_of_range or pick the wrong list.

-                            CBitcoinAddress address(
-                                    mapMultiArgs.at("change")[GetRandInt(mapMultiArgs.at("-change").size())]);
+                            CBitcoinAddress address(
+                                    mapMultiArgs.at("-change")[GetRandInt(mapMultiArgs.at("-change").size())]);
src/wallet/rpcwallet.cpp (2)

74-79: Spark availability check uses wrong wallet pointer and message

EnsureSparkWalletIsAvailable() checks pwalletMain->zwallet and throws a Lelantus-specific message. This will incorrectly block Spark RPCs on wallets that have Spark but no HDMint wallet.

Fix to check sparkWallet and update the error text.

 void EnsureSparkWalletIsAvailable()
 {
-    if (!pwalletMain || !pwalletMain->zwallet) {
-        throw JSONRPCError(RPC_WALLET_ERROR, "lelantus mint/joinsplit is not allowed for legacy wallet");
+    if (!pwalletMain || !pwalletMain->sparkWallet) {
+        throw JSONRPCError(RPC_WALLET_ERROR, "spark operations are not allowed for legacy wallets");
     }
 }

3175-3181: Help text still references Sigma and wrong RPC name

The help string says listunspentsigmamints and mentions “sigma”. Update to listunspentlelantusmints and remove Sigma wording.

-        throw std::runtime_error(
-            "listunspentsigmamints [minconf=1] [maxconf=9999999] \n"
+        throw std::runtime_error(
+            "listunspentlelantusmints [minconf=1] [maxconf=9999999]\n"
             "Returns array of unspent transaction outputs\n"
             "with between minconf and maxconf (inclusive) confirmations.\n"
             "Results are an array of Objects, each of which has:\n"
             "{txid, vout, scriptPubKey, amount, confirmations}");
🧹 Nitpick comments (7)
src/wallet/wallet.cpp (5)

1608-1623: Consider checking all serials, not only index 0.

Relying on the first serial may miss cases; checking any serial improves robustness with negligible cost.

-        if (db.HasLelantusSpendSerialEntry(joinsplit->getCoinSerialNumbers()[0])) {
-            return ISMINE_SPENDABLE;
-        }
+        for (const auto& s : joinsplit->getCoinSerialNumbers()) {
+            if (db.HasLelantusSpendSerialEntry(s)) {
+                return ISMINE_SPENDABLE;
+            }
+        }

6043-6043: Help text mentions Sigma; update to reflect current features.

Replace “sigma/lelantus” with “Lelantus” (and Spark where appropriate).

-    strUsage += HelpMessageOpt("-batching", _("In case of sync/reindex verifies sigma/lelantus proofs with batch verification, default: true"));
+    strUsage += HelpMessageOpt("-batching", _("In case of sync/reindex verifies Lelantus proofs with batch verification (default: true)"));

6049-6051: Help text for -zapwalletmints still says “Sigma mints”.

It now zaps Lelantus and Spark mints.

-    strUsage += HelpMessageOpt("-zapwalletmints", _("Delete all Sigma mints and only recover those parts of the blockchain through -reindex on startup"));
+    strUsage += HelpMessageOpt("-zapwalletmints", _("Delete all private mints (Lelantus/Spark) and only recover those parts of the blockchain through -reindex on startup"));

6069-6075: Startup message still references Sigma only.

Adjust init message to match actual behavior (zapping Lelantus and Spark).

-        uiInterface.InitMessage(_("Zapping all Sigma mints from wallet..."));
+        uiInterface.InitMessage(_("Zapping all private mints (Lelantus and Spark) from wallet..."));

112-117: Outdated error text.

EnsureMintWalletAvailable() throws “Sigma feature requires HD wallet” but this path backs Lelantus/Spark now.

-        throw std::logic_error("Sigma feature requires HD wallet");
+        throw std::logic_error("Lelantus/Spark features require an HD wallet");
src/wallet/wallet.h (1)

1074-1074: Avoid copying large coin lists in fee estimator

EstimateJoinSplitFee(..., std::list<CLelantusEntry> coins, ...) takes coins by value. This runs inside a fee loop and also calls GetCoinsToJoinSplit that itself takes a copy, causing unnecessary allocations.

Consider changing both signatures to take const std::list<CLelantusEntry>& and copy only when mutation is required in the callee.

Example header change:

-    std::pair<CAmount, unsigned int> EstimateJoinSplitFee(CAmount required, bool subtractFeeFromAmount, std::list<CLelantusEntry> coins, const CCoinControl *coinControl);
+    std::pair<CAmount, unsigned int> EstimateJoinSplitFee(CAmount required, bool subtractFeeFromAmount, const std::list<CLelantusEntry>& coins, const CCoinControl *coinControl);

Note: update the corresponding definitions in wallet.cpp as well.

src/wallet/rpcwallet.cpp (1)

3190-3191: Type check expects 3 params but RPC accepts 2

RPCTypeCheck(... VNUM, VNUM, VARR) lists a 3rd array param not supported/parsed here. Trim to the two numeric params to avoid confusion.

-    RPCTypeCheck(request.params, boost::assign::list_of(UniValue::VNUM)(UniValue::VNUM)(UniValue::VARR));
+    RPCTypeCheck(request.params, boost::assign::list_of(UniValue::VNUM)(UniValue::VNUM));
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b065d5f and 680643d.

📒 Files selected for processing (5)
  • src/batchproof_container.cpp (3 hunks)
  • src/test/lelantus_mintspend_test.cpp (3 hunks)
  • src/wallet/rpcwallet.cpp (1 hunks)
  • src/wallet/wallet.cpp (17 hunks)
  • src/wallet/wallet.h (2 hunks)
🧰 Additional context used
🧬 Code graph analysis (4)
src/test/lelantus_mintspend_test.cpp (1)
src/test/fixtures.cpp (4)
  • GenerateBlocks (230-234)
  • GenerateBlocks (230-230)
  • GenerateBlocks (329-333)
  • GenerateBlocks (329-329)
src/batchproof_container.cpp (1)
src/lelantus.cpp (2)
  • GetState (1674-1676)
  • GetState (1674-1674)
src/wallet/wallet.cpp (2)
src/lelantus.cpp (4)
  • ParseLelantusMintScript (160-184)
  • ParseLelantusMintScript (160-160)
  • ParseLelantusMintScript (218-228)
  • ParseLelantusMintScript (218-218)
src/wallet/walletdb.h (1)
  • CWalletDB (185-366)
src/wallet/wallet.h (2)
src/wallet/wallet.cpp (4)
  • CommitLelantusTransaction (5032-5115)
  • CommitLelantusTransaction (5032-5032)
  • EstimateJoinSplitFee (4984-5030)
  • EstimateJoinSplitFee (4984-4988)
src/hdmint/hdmint.h (1)
  • CHDMint (16-68)
🔇 Additional comments (10)
src/batchproof_container.cpp (4)

56-57: LGTM: Appropriate early return for Sigma-to-Lelantus transactions.

This early return prevents processing of Sigma-to-Lelantus transactions in the batch container, which aligns with the Sigma removal objectives.

77-78: Previous review concern addressed.

The removeLelantus method now correctly handles both key variants (id, false) and (id, true), addressing the previous review comment about incomplete erasure. This ensures all proofs are properly removed regardless of the fStartLelantusBlacklist flag.

144-152: Simplified anonymity set retrieval logic.

The batch_lelantus method has been streamlined to unconditionally use CLelantusState::GetState() for anonymity set retrieval, removing the previous Sigma-specific branching logic. This simplification aligns with the Sigma removal objectives.

61-61: BatchProofContainer key change has no serialization impact
BatchProofContainer is purely in-memory and not serialized or persisted; simplifying the map key to std::pair<uint32_t, bool> cannot break compatibility with existing stored data.

src/test/lelantus_mintspend_test.cpp (2)

29-29: Faster setup looks fine.

Reducing initial blocks to 110 improves test time without affecting later confirmations here.

79-81: Good: fee initialized and new JoinSplit API used.

Initializing fee = 0 avoids UB and matches the updated CreateLelantusJoinSplitTransaction/CommitLelantusTransaction signatures.

Also applies to: 107-109

src/wallet/wallet.cpp (2)

1458-1516: Abandon path properly reverts Lelantus/Spark state.

JoinSplit/Spark spend handling clears spend markers and unsets used mints as expected. Looks good.

777-779: Sigma mints treated as spent.

Explicitly short‑circuiting Sigma mints to “spent” is a simple way to deprecate them; OK if that’s intended.

Confirm this aligns with migration expectations (no attempts to spend legacy Sigma mints).

src/wallet/wallet.h (1)

1031-1031: Header/impl signature alignment looks good

CommitLelantusTransaction header matches the implementation and expected in/out semantics for mutating spend/mint vectors.

src/wallet/rpcwallet.cpp (1)

5266-5279: Restore RPC arg metadata for CLI help (names/arity)

These registrations omit the arg-name metadata, regressing help/getrpcinfo output. Add the argument vectors as used elsewhere in this file.

-    { "wallet",             "listunspentlelantusmints", &listunspentlelantusmints, false, {} },
+    { "wallet",             "listunspentlelantusmints", &listunspentlelantusmints, false, {"minconf","maxconf"} },
-    { "wallet",             "mintlelantus",             &mintlelantus,             false, {} },
+    { "wallet",             "mintlelantus",             &mintlelantus,             false, {"amount"} },
-    { "wallet",             "autoMintlelantus",         &autoMintlelantus,         false, {} },
+    { "wallet",             "autoMintlelantus",         &autoMintlelantus,         false, {} },
-    { "wallet",             "joinsplit",                &joinsplit,                false, {} },
+    { "wallet",             "joinsplit",                &joinsplit,                false, {"amounts","subtractfeefromamount","mints"} },
-    { "wallet",             "resetlelantusmint",        &resetlelantusmint,        false, {} },
+    { "wallet",             "resetlelantusmint",        &resetlelantusmint,        false, {} },
-    { "wallet",             "setlelantusmintstatus",    &setlelantusmintstatus,    false, {} },
+    { "wallet",             "setlelantusmintstatus",    &setlelantusmintstatus,    false, {"coinserial","isused"} },
-    { "wallet",             "listlelantusmints",        &listlelantusmints,        false, {} },
+    { "wallet",             "listlelantusmints",        &listlelantusmints,        false, {"all"} },
-    { "wallet",             "setmininput",              &setmininput,              false, {} },
+    { "wallet",             "setmininput",              &setmininput,              false, {"amount"} },
-    { "wallet",             "regeneratemintpool",       &regeneratemintpool,       false, {} },
+    { "wallet",             "regeneratemintpool",       &regeneratemintpool,       false, {} },
-    { "wallet",             "removetxmempool",          &removetxmempool,          false, {} },
+    { "wallet",             "removetxmempool",          &removetxmempool,          false, {"txid"} },
-    { "wallet",             "removetxwallet",           &removetxwallet,           false, {} },
+    { "wallet",             "removetxwallet",           &removetxwallet,           false, {"txid"} },
-    { "wallet",             "listlelantusjoinsplits",   &listlelantusjoinsplits,   false, {} },
+    { "wallet",             "listlelantusjoinsplits",   &listlelantusjoinsplits,   false, {"count","onlyunconfirmed"} },

psolstice
psolstice requested changes Oct 5, 2025
View reviewed changes
src/chain.h Outdated
//! Public coin values of mints in this block, ordered by serialized value of public coin
//! Maps <denomination,id> to vector of public coins
std::map<std::pair<sigma::CoinDenomination, int>, std::vector<sigma::PublicCoin>> sigmaMintedPubCoins;
std::map<std::pair<std::uint8_t, int>, std::vector<sigma::PublicCoin>> sigmaMintedPubCoins;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it'd be much safer to just leave sigma::CoinDenomination as is to be safe. It's not clear if std::uint8_t is always a good replacement

src/chain.h Outdated

//! Values of coin serials spent in this block
sigma::spend_info_container sigmaSpentSerials;
std::unordered_map<Scalar, sigma::CSpendCoinInfo> sigmaSpentSerials;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here, we could leave sigma::CScalarHash in the code. It's not immediately clear if this mismatch could create a problem, but the removal is simply not worth it

src/txdb.cpp

pindexNew->sigmaMintedPubCoins = diskindex.sigmaMintedPubCoins;
pindexNew->sigmaSpentSerials = diskindex.sigmaSpentSerials;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't do it here. Might cause side effects.

coderabbitai[bot]
coderabbitai bot reviewed Oct 10, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a4cb0b9 and 1b8cff6.

📒 Files selected for processing (1)
  • src/lelantus.cpp (7 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
src/lelantus.cpp (2)
src/test/lelantus_state_tests.cpp (8)
  • state (53-76)
  • state (53-53)
  • state (78-95)
  • state (78-79)
  • state (97-101)
  • state (97-97)
  • state (510-510)
  • state (555-555)
src/batchproof_container.cpp (2)
  • get_instance (11-18)
  • get_instance (11-11)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)
  • GitHub Check: build-guix-arm64-apple-darwin
  • GitHub Check: build-guix-x86_64-w64-mingw32
  • GitHub Check: build-guix-x86_64-apple-darwin
  • GitHub Check: build-guix-aarch64-linux-gnu
  • GitHub Check: build-linux-cmake
  • GitHub Check: build-windows-cmake
  • GitHub Check: build-mac-cmake
  • GitHub Check: build-guix-x86_64-linux-gnu
  • GitHub Check: Create Source Distribution
  • GitHub Check: build-guix-x86_64-linux-gnu
  • GitHub Check: build-guix-arm64-apple-darwin
  • GitHub Check: Create Source Distribution
  • GitHub Check: build-guix-x86_64-w64-mingw32
  • GitHub Check: build-guix-x86_64-apple-darwin
  • GitHub Check: build-guix-aarch64-linux-gnu
  • GitHub Check: build-windows-cmake
  • GitHub Check: build-mac-cmake
  • GitHub Check: build-linux-cmake
🔇 Additional comments (6)
src/lelantus.cpp (6)

368-368: LGTM!

The hash type change from sigma::CScalarHash to lelantus::CScalarHash is consistent with the migration from Sigma to Lelantus protocol.

478-554: LGTM!

The refactoring to handle only Lelantus verification is correct and consistent with the PR objective to remove Sigma protocol. The verification logic properly constructs anonymity sets and validates proofs for Lelantus transactions.

565-590: LGTM!

The simplification of serial checking and spend information handling is correct. Removing Sigma-specific logic makes the code cleaner and more maintainable while preserving all necessary Lelantus validation.

752-752: LGTM!

The removal of the sigmaTxInfo parameter is consistent with the updated function signature and the PR objective to remove Sigma protocol references.

32-32: nMinimumInputValue declaration is correct and used.
The variable is referenced in rpcwallet.cpp, wallet.cpp, and rpc/misc.cpp; its definition in src/lelantus.cpp is required.

1701-1704: LGTM: Return type migration to lelantus::CScalarHash is consistent and no external callers were found; no further changes required.

coderabbitai[bot]
coderabbitai bot reviewed Oct 10, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
src/wallet/wallet.cpp (2)

3223-3240: Fix: using uninitialized ECDSA secret key in ProvePrivateTxOwn causes invalid signing

mint.ecdsaSecretKey is read without populating mint; this can lead to empty vector/invalid pointer on secp256k1_ecdsa_sign. Retrieve the mint by serial and validate the key before signing.

Apply this diff:

-        for (const auto& serial : serials) {
-            CLelantusEntry mint;
-            uint256 hashSerial = primitives::GetSerialHash(serial);
-            std::vector<unsigned char> ecdsaSecretKey;
-            ecdsaSecretKey = mint.ecdsaSecretKey;
+        for (const auto& serial : serials) {
+            CLelantusEntry mint;
+            uint256 hashSerial = primitives::GetSerialHash(serial);
+            if (!GetMint(hashSerial, mint)) {
+                return std::vector<unsigned char>(); // mint not found
+            }
+            const std::vector<unsigned char>& ecdsaSecretKey = mint.ecdsaSecretKey;
+            if (ecdsaSecretKey.empty()) {
+                return std::vector<unsigned char>(); // no key available
             }

4940-4961: Fix: possible dereference of coins.begin() after erase in LelantusToSpark

After erasing from coins, it can become empty; the next line uses coins.begin()->amount without re-checking. Add an emptiness check before accessing.

Apply this diff:

-            if ((spendValue + coins.begin()->amount) > Params().GetConsensus().nMaxValueLelantusSpendPerTransaction)
+            if (coins.empty() || (spendValue + coins.begin()->amount) > Params().GetConsensus().nMaxValueLelantusSpendPerTransaction)
                 break;
♻️ Duplicate comments (1)
src/wallet/wallet.cpp (1)

4829-4833: Initialize fee before passing by reference

Initialize fee to a known value before calling CreateLelantusJoinSplitTransaction.

-    CAmount fee;
+    CAmount fee = 0;
     result = CreateLelantusJoinSplitTransaction(recipients, fee, newMints, spendCoins, mintCoins, coinControl);
🧹 Nitpick comments (2)
src/wallet/wallet.cpp (2)

1608-1623: Improve: consider all serials in IsMine for LelantusJoinSplit

Only the first serial is checked. If any input serial belongs to this wallet, the join-split should be considered ours.

Apply this diff:

-        if (db.HasLelantusSpendSerialEntry(joinsplit->getCoinSerialNumbers()[0])) {
-            return ISMINE_SPENDABLE;
-        }
+        for (const auto& s : joinsplit->getCoinSerialNumbers()) {
+            if (db.HasLelantusSpendSerialEntry(s)) {
+                return ISMINE_SPENDABLE;
+            }
+        }

6062-6074: Update zap message to match removed Sigma and current behavior

The UI message still references Sigma, but the code zaps Lelantus and Spark mints.

-        uiInterface.InitMessage(_("Zapping all Sigma mints from wallet..."));
+        uiInterface.InitMessage(_("Zapping all private mints (Lelantus/Spark) from wallet..."));
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1b8cff6 and fc21842.

📒 Files selected for processing (3)
  • src/init.cpp (0 hunks)
  • src/wallet/rpcdump.cpp (1 hunks)
  • src/wallet/wallet.cpp (17 hunks)
💤 Files with no reviewable changes (1)
  • src/init.cpp
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/wallet/rpcdump.cpp
🧰 Additional context used
🧬 Code graph analysis (1)
src/wallet/wallet.cpp (2)
src/lelantus.cpp (6)
  • ParseLelantusMintScript (160-184)
  • ParseLelantusMintScript (160-160)
  • ParseLelantusMintScript (218-228)
  • ParseLelantusMintScript (218-218)
  • GetState (1677-1679)
  • GetState (1677-1677)
src/wallet/walletdb.h (1)
  • CWalletDB (185-366)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: build-windows-cmake
  • GitHub Check: build-guix-arm64-apple-darwin
  • GitHub Check: build-linux-cmake
  • GitHub Check: build-guix-aarch64-linux-gnu
  • GitHub Check: build-guix-x86_64-linux-gnu

@reubenyap reubenyap merged commit a5c6457 into master Oct 14, 2025
29 checks passed
@reubenyap reubenyap deleted the sigma-strip branch October 14, 2025 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@psolstice psolstice psolstice requested changes

@aleflm aleflm Awaiting requested review from aleflm

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@levonpetrosyan93 @psolstice @reubenyap