TOC

Oasis February 2025 Engineering update

Wallet and CLI Updates

Wallet

The Wallet team merged 6 PRs this month:

Migrate extension wallet to Manifest V3 architecture (#2120) ±499 by lukaw3d @ 2025-02-01.

Supersedes #2084

Built on top of #2118

Diff vs #2084: https://github.com/oasisprotocol/wallet/compare/ca34c34d91e928ad545445648bd8152bc459c5b9..76eb7677053b22541c332b21f38237882d2cbaeb

CHANGELOG:

Migrate extension wallet to Manifest V3 architecture
New limitations: extension users must create a profile while importing a wallet. And only one popup/tab can be opened at the same time.

Harden code against wrong imported account type (#2124) ±63 by lukaw3d @ 2025-02-21.

Part of #2114

CHANGELOG:

Harden code against wrong imported account type

Fix paratime transaction status in the first few seconds (#2123) ±36 by lukaw3d @ 2025-02-25.

Fixes #2113

CHANGELOG:

Fix paratime transaction status in the first few seconds

Remove comments about background page (removed after mv3) (#2125) ±13 by lukaw3d @ 2025-02-21.

CHANGELOG:

Remove comments about background page (removed after mv3)

Fix getting all validators from nexus (defaulted to first 100) (#2122) ±9 by lukaw3d @ 2025-02-19.

Matevž noticed missing validators

CHANGELOG:

Display all validators, not just first 100

Temporarily ignore transak console errors in E2E tests (#2126) ±6 by lukaw3d @ 2025-02-21.

CI on all pullrequests was failing because transak introduced at least 3 new errors

CHANGELOG:

Temporarily ignore transak console errors in E2E tests

1 new releases of wallet were made this month: In total, 6 pull requests were merged in February.

Cli

The Cli team merged 12 PRs this month:

docs: Update for TDX container-based ROFL apps (#373) ±238 by kostko @ 2025-02-19.
build/measurement/acpi: Compute memory offsets based on DSDT (#378) ±144 by kostko @ 2025-02-21.
feat(cmd/rofl): Use qcow2 images, enable stage 2 persistence flag (#354) ±139 by kostko @ 2025-02-07.
feat(cmd/rofl): Bump rofl-containers to 0.4.1 (#365) ±78 by kostko @ 2025-02-12.
feat(build/rofl): Bump latest oasis-boot to v0.4.0 (#376) ±12 by kostko @ 2025-02-20.
feat(build/rofl): Bump latest oasis-boot to v0.4.1 (#381) ±12 by kostko @ 2025-02-28.
fix(cmd/rofl): Refuse to overwrite app ID in create (#364) ±7 by kostko @ 2025-02-12.
4 new releases of cli were made this month: In total, 12 pull requests were merged in February.

Network Updates

Mainnet highlights

[2025-02-03] ami.dev: We have released Oasis Core 24.3.2 for MAINNET. This release improves security by bumping CometBFT to 0.37.15-oasis1. The upgrade is non-breaking and can be performed at any time by replacing the oasis-node binary and restarting your node. All node operators on MAINNET are encouraged to upgrade. For more information and links to releases see the updated MAINNET network parameters (https://docs.oasis.io/node/mainnet/). Thanks!

The number of daily transactions on Sapphire Mainnet fluctuated between 14,623 and 133,399. The monthly average in February was 36,283 transactions per day and was 2% higher compared to the last month (35,510 transactions). The daily maximum was 133,399 transactions on 7 February (compared to 93,609 the last month on 17 January).

dateall
2025-02-0120,529
2025-02-0219,603
2025-02-0317,937
2025-02-0417,558
2025-02-0520,559
2025-02-0662,353
2025-02-07133,399
2025-02-0837,163
2025-02-0920,108
2025-02-1017,260
2025-02-1118,674
2025-02-1214,623
2025-02-1383,975
2025-02-1453,965
2025-02-1557,135
2025-02-1621,255
2025-02-1720,121
2025-02-1821,044
2025-02-1915,082
2025-02-2016,947
2025-02-2198,745
2025-02-2222,314
2025-02-2321,323
2025-02-2422,384
2025-02-2518,068
2025-02-2618,429
2025-02-2792,242
2025-02-2833,127
2025-03-01663

The number of daily transactions on Emerald Mainnet fluctuated between 3,348 and 5,763. The monthly average in February was 3,872 transactions per day and was 13% higher compared to the last month (3,413 transactions). The daily maximum was 5,763 transactions on 3 February (compared to 5,567 the last month on 29 January).

dateall
2025-02-013,348
2025-02-024,141
2025-02-035,763
2025-02-044,626
2025-02-053,725
2025-02-063,564
2025-02-073,968
2025-02-083,696
2025-02-093,787
2025-02-103,849
2025-02-113,724
2025-02-124,063
2025-02-133,620
2025-02-143,814
2025-02-153,531
2025-02-163,638
2025-02-173,922
2025-02-183,700
2025-02-193,601
2025-02-203,972
2025-02-213,977
2025-02-223,518
2025-02-233,372
2025-02-243,601
2025-02-254,407
2025-02-263,940
2025-02-273,563
2025-02-283,995
2025-03-01140

{{NODE_STATS mainnet}}

No major outages were reported for Oasis foundation-provided services in February. A few-minutes downtimes were encountered by the ... You can check out the details on the Mainnet status page.

Testnet highlights

[2025-02-03] ami.dev: We have released Oasis Core 24.3.2 for TESTNET. This release improves security by bumping CometBFT to 0.37.15-oasis1. The upgrade is non-breaking and can be performed at any time by replacing the oasis-node binary and restarting your node. All node operators on TESTNET are encouraged to upgrade. For more information and links to releases see the updated TESTNET network parameters (https://docs.oasis.io/node/testnet/). Thanks!

[2025-02-08] ami.dev: We have released Oasis Core 25.0 for TESTNET. This release extends ROFL app support with persistent storage, introduces automatic runtime bundle upgrades without operator intervention, automatic bundle cleanup, dynamic upgrades without node restarts and other improvements. This release paves the way for the upcoming ROFL Compute Marketplace and beyond. The upgrade is non-breaking and can be performed at any time by replacing the oasis-node binary and restarting your node. All node operators on TESTNET are encouraged to upgrade. For more information and links to releases see the updated TESTNET network parameters (https://docs.oasis.io/node/testnet/). Thanks!

The number of daily transactions on Sapphire Testnet fluctuated between 8,308 and 14,129. The monthly average in February was 10,502 transactions per day and was 27% higher compared to the last month (8,241 transactions). The daily maximum was 14,129 transactions on 17 February (compared to 9,157 the last month on 22 January).

dateall
2025-02-018,308
2025-02-028,801
2025-02-039,003
2025-02-048,883
2025-02-058,898
2025-02-069,109
2025-02-079,198
2025-02-088,887
2025-02-099,111
2025-02-109,812
2025-02-1110,084
2025-02-129,643
2025-02-1310,405
2025-02-1413,844
2025-02-1512,885
2025-02-1612,907
2025-02-1714,129
2025-02-1812,486
2025-02-1911,622
2025-02-2011,764
2025-02-2111,591
2025-02-2210,896
2025-02-2310,550
2025-02-2410,975
2025-02-2510,575
2025-02-269,443
2025-02-2710,212
2025-02-2810,025
2025-03-01422

The number of daily transactions on Emerald Testnet fluctuated between 3,173 and 3,843. The monthly average in February was 3,548 transactions per day and was 12% higher compared to the last month (3,173 transactions). The daily maximum was 3,843 transactions on 15 February (compared to 3,511 the last month on 10 January).

dateall
2025-02-013,173
2025-02-023,480
2025-02-033,548
2025-02-043,393
2025-02-053,357
2025-02-063,326
2025-02-073,395
2025-02-083,654
2025-02-093,333
2025-02-103,340
2025-02-113,333
2025-02-123,339
2025-02-133,361
2025-02-143,804
2025-02-153,843
2025-02-163,820
2025-02-173,779
2025-02-183,529
2025-02-193,774
2025-02-203,563
2025-02-213,716
2025-02-223,643
2025-02-233,573
2025-02-243,607
2025-02-253,664
2025-02-263,694
2025-02-273,597
2025-02-283,705
2025-03-01160

{{NODE_STATS testnet}}

No major outages were reported for Oasis foundation-provided services in February. A few-minutes downtimes were encountered by the ... You can check out the details on the Testnet status page.

Oasis Nexus and Explorer

Nexus

The Nexus team merged 12 PRs this month:

evmverifier: Update sourcify to V2 API (#916) ±5091 by ptrus @ 2025-02-28.

Souricfy API requests have been timing out a lot in production. Also manually running the requests it appears that the API is quite unresponsive at times.

Sourcify V2 API seems to be much more responsive compared to the v1:

CHANGELOG:

evmverifier: Update Sourcify client to V2 API

Support efficient query for related account with method filter (#897) ±4504 by ptrus @ 2025-02-24.

Fixes: #896

Note: The migrations will likely take multiple hours Before this is released and deployed, it would be good to have "Nexus Blue " ready so that we can switch Nexus backend explorer uses during the update.

storage: split runtime events related accounts into a separate table (#809) ±1267 by ptrus @ 2025-02-17.

Fixes: #804 #786

This splits runtime_events.related_accounts into a separate table, because otherwise we are unable to support efficient queries for event related accounts ordered by round. Some more context in #804

Additionally, we need to introduce an event index (solves #786) because otherwise the new table cannot reference the existing runtime_events table, which currently has no primary key, so rows cannot be referenced uniquely.

Add endpoints for total and circulating supplies (#904) ±323 by ptrus @ 2025-02-15.

Fixes: #878

CHANGELOG:

Add endpoints for total and circulating supplies of consensus token
Added `/consensus/total_supply_raw` and `/consensus/circulating_supply_raw` API endpoints which return the total and circulating supply in plain text format.

runtime/evm_tokens: Support (partially) curated ordering (#903) ±209 by ptrus @ 2025-02-14.

Fixes: #900

CHANGELOG:

runtime/evm_tokens: Support (partially) curated ordering

api: harden file server security (#913) ±202 by ptrus @ 2025-02-28.

Fixes: #912

CHANGELOG:

api: harden file server security
- Metrics Middleware: Now validates metric names for valid UTF-8 to prevent Prometheus panics.
- Safe File Serving: Introduced a safeFileSystem wrapper that only serves regular files, rejecting symlinks and directories, and added some additional path validation.
- Added tests covering various edge cases, including invalid UTF-8, null byte injection, and attempts to access restricted paths.

changelog: Assemble changes for 0.6.0 release (#909) ±64 by ptrus @ 2025-02-25.
rofl: Add support for Instance Registered event (#917) ±60 by ptrus @ 2025-02-28.

Added in: oasisprotocol/oasis-sdk#2159

CHANGELOG:

rutnime/rofl: Handle Instance Registered event

api/runtime/evm_tokens: Support token-type filters (#914) ±58 by ptrus @ 2025-02-28.

Fixes: #908

CHANGELOG:

api/runtime/evm_tokens: Support token-type filters

changelog: Assemble changes for 0.6.1 release (#918) ±48 by ptrus @ 2025-02-28.
api/transactions: Filtering by multiple method types (#915) ±40 by ptrus @ 2025-02-28.

Fixes: #877

CHANGELOG:

api: Support filtering transaction by multiple method types

consensus/validator_history: Optimize validator history query (#906) ±29 by ptrus @ 2025-02-18.

Fixes: #905

CHANGELOG:

consensus/validator_history: Optimize validator history query

2 new releases of nexus were made this month: In total, 12 pull requests were merged in February.

Explorer

The Explorer team merged 18 PRs this month:

Display token name in TXs to/from smart contracts (#1773) ±261 by csillag @ 2025-02-26.

Implements #1719.

In TX details

Before:

image

After:

image

image

image

In List of TXs:

Before

image

After

image

CHANGELOG:

Display token name in TXs to/from smart contracts

Fix HMR in React components (#1741) ±145 by buberdds @ 2025-02-13.

I went through #1740 views and it seems like containers ids exports were messing with HMR.

CHANGELOG:

Fix HMR in React components

Update API bindings (#1747) ±127 by github-actions[bot] @ 2025-02-24.

Created by https://github.com/oasisprotocol/explorer/blob/master/.github/workflows/generate-openapi.yml

If CI actions and checks don't run in this PR: close it and reopen.
https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs

CHANGELOG:

Update API bindings

Emphasize end user focused articles in Learning materials (#1738) ±88 by buberdds @ 2025-02-24.

#1650

Part of #1625

CHANGELOG:

Emphasize end user focused articles in Learning materials

Remove duplicate titles inside labeled tabs (#1740) ±74 by lukaw3d @ 2025-02-15.

Fixes #1702

CHANGELOG:

Remove duplicate titles inside labeled tabs

Assemble changes for 1.16.0 release (#1726) ±62 by buberdds @ 2025-02-03.
Update API bindings (#1723) ±53 by github-actions[bot] @ 2025-02-03.

Created by https://github.com/oasisprotocol/explorer/blob/master/.github/workflows/generate-openapi.yml

If CI actions and checks don't run in this PR: close it and reopen.
https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs

CHANGELOG:

Update API bindings

Update some card header sizes (#1733) ±28 by lukaw3d @ 2025-02-07.

Part of #1702

cc @donouwens check if this changes the size of the correct headers

CHANGELOG:

Update some card header sizes

Assemble changes for 1.16.1 release (#1728) ±15 by buberdds @ 2025-02-04.
Don't attempt to get tokens on consensus (#1774) ±11 by csillag @ 2025-02-27.

Fix regression introduced in #1773

Remove old Nexus API transition workaround (#1775) ±11 by csillag @ 2025-02-27.

All known Nexus instances have been updated to run the new version of the API, so this compatibility wrapper is no longer necessary.

CHANGELOG:

Remove old Nexus API transition workaround

Remove bold style from table headers in account staked/debonding card (#1734) ±5 by lukaw3d @ 2025-02-10.

Design at #1588 (comment)

https://explorer.dev.oasis.io/mainnet/consensus/address/oasis1qq3xrq0urs8qcffhvmhfhz4p0mu7ewc8rscnlwxe

Before After
explorer dev oasis io_mainnet_consensus_address_oasis1qq3xrq0urs8qcffhvmhfhz4p0mu7ewc8rscnlwxe (1) localhost_1234_mainnet_consensus_address_oasis1qq3xrq0urs8qcffhvmhfhz4p0mu7ewc8rscnlwxe

CHANGELOG:

Remove bold style from table headers in account staked/debonding card

Use custom query key for validators map (#1727) ±4 by buberdds @ 2025-02-04.

From Slack thread

go to dashboard and trigger search with any addr in Consensus
master
https://explorer.dev.oasis.io/mainnet/consensus
vs
https://pr-1727.oasis-explorer.pages.dev/mainnet/consensus

sample search input -> oasis1qq3xrq0urs8qcffhvmhfhz4p0mu7ewc8rscnlwxe

note: custom server state was stored under the same key as default query and it could be overwritten at any time

CHANGELOG:

Use custom query key for validators map
- Avoid throwing t.normalize is not a function error

Add copy button for block number in transaction details (#1732) ±3 by lukaw3d @ 2025-02-07.

Fixes #1701

CHANGELOG:

Add copy button for block number in transaction details

Rely on validator address presence not name in ConsensusAccountLink (#1768) ±3 by buberdds @ 2025-02-20.

useGetConsensusValidatorsAddressNameMap returns a map of address and name.

'address': 'name'
'address': undefined // missing validator metadata, but still we need to render validator link

if name if undefined we render AccountLink instead of ValidatorLink.

CHANGELOG:

Rely on validator address presence not name in ConsensusAccountLink

2 new releases of explorer were made this month: In total, 18 pull requests were merged in February.

Developer Platform and ParaTime Updates

Oasis Sdk

The Oasis Sdk team merged 7 PRs this month:

runtime-sdk/modules/rofl: Add key scope in rofl.DeriveKey (#2148) ±2571 by kostko @ 2025-02-12.

Fixes #2141

docs/rofl: Rewrite ROFL docs to use TDX containers (#2153) ±1083 by kostko @ 2025-02-20.

Closes #2149

Bump Oasis Core to 25.0 (#2156) ±802 by kostko @ 2025-02-18.

Fixes #2155

rofl-appd: Optionally add the transaction endpoints (#2147) ±264 by kostko @ 2025-02-06.

Fixes #2146

rofl: Add Apps query and emit event on instance registration (#2159) ±120 by ptrus @ 2025-02-19.

Fixes: #2158 #2157

runtime-sdk/modules/rofl: Add watchdog task (#2145) ±93 by kostko @ 2025-02-05.

Fixes #2143

The watchdog task ensures that the app is successfully re-registering and terminates it if this is not the case.

rofl-appd: Set fee proxy in tx submission endpoint (#2151) ±9 by kostko @ 2025-02-12.
3 new releases of oasis-sdk were made this month: In total, 7 pull requests were merged in February.

Sapphire Paratime

The Sapphire Paratime team merged 21 PRs this month:

docs: rework Browser chapter (#503) ±416 by rube-de @ 2025-02-20.

PREVIEW

examples: Add Sapphire Hardhat example (#527) ±270 by aefhm @ 2025-02-27.

Description

Relates to #524 but only adds the examples/hardhat.

Initial work to implement Sapphire snap connection (#431) ±214 by CedarMist @ 2025-02-10.

fixes #389

This provides the decryption keys to snap.

Warning

If an RPC server pretends to implement the MetaMask snap protocol it could trick users into revealing the transaction encryption key.

For this reason, we have to explicitly enable Snap support in the dApp, by passing the enableSapphireSnap option.

Usage:

wrapEthereumProvider(window.ethereum, {enableSapphireSnap:true})
wrapEthersProvider(ethProvider, { enableSapphireSnap: true })

This must only be done if the dApp is sure that the provider it's connecting to is MetaMask.

Next PRs handled by Sapphire team:

docs: Update API reference links and SiweAuth contracts (#491) ±71 by matevz @ 2025-02-07.

Followup to #459

This PR:

PREVIEW

clients/go: Add e2e Go client test (#504) ±55 by aefhm @ 2025-02-18.

Description

Close #328 by using https://github.com/oasisprotocol/demo-starter-go as a submodule for end-to-end testing. The drawback is that approach is less consistent with current behavior inside examples/ but introduces less code.

contracts: Prepare 0.2.12 release (#490) ±35 by matevz @ 2025-02-03.

Merge after #489

Enable Snap connections for Wagmi and Viem integrations (#512) ±35 by buberdds @ 2025-02-19.

wrapEthereumProvider has params which are not accessible for Wagmi and Viem integrations. To allow Snap connections we need to pass wrap config.

Add SolDeer contracts upload to publish.yaml workflow (#513) ±29 by ZigaMr @ 2025-02-28.

This PR adds (issue):

TODO: We have to add the SOLDEER_ACCESS_TOKEN to github secrets.

contracts: Add error prefixes to SiweParser and A13e (#489) ±12 by matevz @ 2025-02-03.

Followup to #338

SiweAuth and A13e errors weren't prefixed, but should be too.

contracts: Remove Sapphire.randomBytes() obsolete warning (#492) ±12 by matevz @ 2025-02-04.

This should have been removed a year ago actually when Sapphire 0.6.x branch wasn't running on Mainnet anymore.

clients/js: Bump JS client to 2.1.0 (#522) ±12 by aefhm @ 2025-02-24.

Description

Release JS client.

TODO

docs: Summarize current NPM package release process (#523) ±9 by aefhm @ 2025-02-27.

Description

Close #242 by documenting crux of release process.

docs: Fix wording and link (#517) ±6 by aefhm @ 2025-02-21.

Description

Close #515 and #511.

integrations: Publish `sapphire-hardhat` 2.22.2 (#518) ±6 by aefhm @ 2025-02-22.

Description

Close #505.

Note. We are including this set of changes: #449, #411, #431 due to the non-branching publish process. Alternatively, we would cut at this point, and separately but also slightly more confusingly bump package.json that way.

TODO

Fix sapphire_py whl file naming (#525) ±4 by ZigaMr @ 2025-02-27.

Setuptools was updated in actions/setup-python@v5, which means dot (.) and dash (-) symbols in lib name are automatically changed to underscore ( _ ). This PR fixes it in the ci-test py workflow.

fix: link in Sapphire README (#485) ±2 by rube-de @ 2025-02-19.

Fixes broken link in Sapphire README to Develop on Sapphire README

docs/develop: Fix npm package link for sapphire-paratime in concept.mdx (#494) ±2 by anzoman @ 2025-02-06.

A small fix for linking the sapphire-paratime npm package properly.

fix: diagrams to Oasis color schema (#498) ±0 by rube-de @ 2025-02-13.

update flow digrams to Oasis color schema

needed for: oasisprotocol/docs#1138

In total, 21 pull requests were merged in February.

Oasis Web3 Gateway

The Oasis Web3 Gateway team merged 11 PRs this month:

fix(client): Support TLS for remote clients (#694) ±13 by ptrus @ 2025-02-10.

Fixes: #693

feat(localnet): Bump Explorer to 1.16.1 (#696) ±4 by ptrus @ 2025-02-14.
fix(ci): additionalProperties 'shadow' not allowed (#704) ±3 by ptrus @ 2025-02-21.
other: update migrations.go (#697) ±2 by eltociear @ 2025-02-21.

PostgresSQL -> PostgreSQL

1 new releases of oasis-web3-gateway were made this month: In total, 11 pull requests were merged in February.

Docs

The Docs team merged 14 PRs this month:

docs: add hyperlane example (#1120) ±1049 by rube-de @ 2025-02-10.

PREVIEW

docs: add cross-chain recommendation (#1142) ±78 by rube-de @ 2025-02-24.
docs: update flow diagrams to oasis color (#1138) ±50 by rube-de @ 2025-02-13.
docs: change to hyperlane registry mailbox (#1137) ±35 by rube-de @ 2025-02-12.

PREVIEW

docs/node/{testnet,mainnet}: Bump Oasis Core to 24.3.2 (#1117) ±20 by kostko @ 2025-02-03.
redirects: Add old ROFL redirects (#1156) ±17 by matevz @ 2025-02-24.

These seem to be left out in #1058.

Trigger warning on broken links on Netlify (#1146) ±15 by matevz @ 2025-02-18.

Fixes #1145

docs/node/testnet: Bump Oasis Core to 25.0 (#1126) ±10 by amela @ 2025-02-08.
docs/build/rofl: Update to TDX container-based ROFL apps (#1144) ±10 by kostko @ 2025-02-20.

Depends on:

docs: integrate browser chapter changes from sapphire-paratime (#1147) ±2 by rube-de @ 2025-02-20.

needed for oasisprotocol/sapphire-paratime#503

submodules: bump external/sapphire-paratime (#1160) ±2 by aefhm @ 2025-02-27.

Description

Follow oasisprotocol/sapphire-paratime#527

docs: Update technology scability image to draw.io SVG (#1127) ±0 by aefhm @ 2025-02-10.

Description

Close #1079 with some liberties in updating the diagram.

Dark mode:

Screenshot 2025-02-09 at 7 40 36 PM

Regular:

Screenshot 2025-02-09 at 7 40 27 PM
In total, 14 pull requests were merged in February.

Playground

The Playground team merged 2 PRs this month:

Add renovate config (#98) ±22 by buberdds @ 2025-02-13.
Keep hash on url rewrite (#97) ±3 by buberdds @ 2025-02-06.

From FE Sync
Fixes #96

Looks like we get selected project here https://github.com/oasisprotocol/playground/blob/main/src/components/ProjectList.tsx#L27, but in a next render cycle when useEffect triggers, hash is removed here https://github.com/oasisprotocol/playground/blob/main/src/components/ProjectList.tsx#L69

@kaja-osojnik can you test the fix please? I am not familiar with playground.

In total, 2 pull requests were merged in February.

Demo Starter

The Demo Starter team merged 5 PRs this month:

frontend: Use rainbowkit (#26) ±1245 by lubej @ 2025-02-24.

Closes #25

Add support for sapphire-paratime 2.x (#16) ±323 by matevz @ 2025-02-03.

This PR:

Merge after oasisprotocol/sapphire-paratime#332 and oasisprotocol/sapphire-paratime#303

TODO: Wait for sapphire-contracts to be deployed on npmjs (oasisprotocol/sapphire-paratime#490). Then update the lock file.

Add dAppwright testing (#22) ±229 by aefhm @ 2025-02-10.

Description

Close #20, but we may want the React code in #19.

frontend: Use wrapped signer for setMessage (#27) ±23 by lubej @ 2025-02-06.
docs: Update README.md (#28) ±2 by aefhm @ 2025-02-20.

Description

We are a React family now.

In total, 5 pull requests were merged in February.

Demo Starter Go

The Demo Starter Go team merged 1 PRs this month:

Specify EVM version Paris (#4) ±2 by aefhm @ 2025-02-11.

Description

We need to fix the EVM version to Paris because Sapphire does not support push0 yet.

In total, 1 pull requests were merged in February.

Demo Starter Py

The Demo Starter Py team merged 1 PRs this month:

Update README with PyPI instructions and add signed query example (#5) ±194 by ZigaMr @ 2025-02-11.

This PR:

In total, 1 pull requests were merged in February.

Demo Rofl Chatbot

The Demo Rofl Chatbot team merged 2 PRs this month:

frontend: Improve UI (#1) ±1183 by lubej @ 2025-02-21.
frontend: UI follow up (#2) ±12 by lubej @ 2025-02-25.
In total, 2 pull requests were merged in February.

Dapp Blockvote

The Dapp Blockvote team merged 1 PRs this month:

Add renovate config (#121) ±30 by buberdds @ 2025-02-13.
In total, 1 pull requests were merged in February.

Dapp Votee

The Dapp Votee team merged 1 PRs this month:

Add renovate config (#78) ±30 by buberdds @ 2025-02-13.
In total, 1 pull requests were merged in February.

Core Platform Updates

Oasis Core

The Oasis Core team merged 26 PRs this month:

[BACKPORT/20.10.x] Add consensus archive mode support (#6054) ±2016 by ptrus @ 2025-02-18.

Fixes: #5978

Manual backport of: #4571

It doesn't ensure runtime works as well, since we do not need runtime archive support for that network (there were no runtimes).

Testing:

[BACKPORT/20.12.x] Add consensus archive mode support (#6057) ±1966 by ptrus @ 2025-02-18.

Fixes: #5978

Manual backport of: #4571

It doesn't ensure runtime archive works as well, since we do not need runtime archive support for that network.

Testing:

go/roothash: Batch history reindex writes (#6050) ±696 by martintomazic @ 2025-02-27.

Closes #6069

What

During history reindex, we now batch 1000 writes at the same time.

Why

As from the benchmarks, this already gives 2-3x performance gain for the single threaded program.

Given its simplicity and the fact, that it will be required by all possible solutions, this is a natural start.

go/runtime/registry: Remove runtime host handler factory (#6073) ±578 by peternose @ 2025-02-21.

Refactored committee node:

Related to:

changelog: Assemble changes for 25.0 release (#6048) ±291 by kostko @ 2025-02-07.
go: Bump badger and go-libp2p (#6046) ±79 by kostko @ 2025-02-07.
go/runtime/bundle/manager: Cleanup key manager bundles on startup (#6062) ±61 by peternose @ 2025-02-12.

CHANGELOG:

go/runtime/bundle/manager: Cleanup key manager bundles on startup

go/consensus/cometbft/roothash: Publish the last block on subscribe (#6083) ±61 by peternose @ 2025-02-25.

Replaying the latest block with a hook was not ideal because if the broker still had blocks in the queue while adding a new subscription, it could result in an unexpected block order and potentially cause the last block to be replayed twice.

Solution with monotonically increasing order solved this problem, but there is a simpler one where we use broker's option to publish the last block on subscription.

Fix observer role registration (#6037) ±54 by abukosek @ 2025-02-06.

Closes #6019.

CHANGELOG:

go/worker/client: Fix observer role registration

go/consensus/cometbft: Fail ImmutableState creation if version is missing (#6040) ±45 by ptrus @ 2025-02-10.

Fixes: #6039

CHANGELOG:

go/consensus/cometbft: Fail ImmutableState creation if version is missing
Previously, when an `ImmutableState` was requested for a block version that didn't exist, the function would silently default to the latest available block. This could lead to inconsistencies since clients might receive state for a different block than expected. With this change, calls to create an `ImmutableState` for a missing version now explicitly fail with a "version not found" error, ensuring that such cases are handled properly.

go/runtime: Disable hot-loading of runtime bundles for key managers (#6043) ±45 by peternose @ 2025-02-06.

Fixes:

go/runtime/host/tdx: Resize overlay image if needed (#6077) ±37 by kostko @ 2025-02-21.

Fixes #6076

CHANGELOG:

go/runtime/host/tdx: Resize overlay image if needed

go: Bump go to 1.24.0 (#6091) ±37 by peternose @ 2025-02-28.

CHANGELOG:

go: Bump go to 1.24.0

go/runtime/host/sgx: Retry re-attestation faster on failure (#6038) ±36 by kostko @ 2025-02-05.

Fixes #6036

CHANGELOG:

go/runtime/host/sgx: Retry re-attestation faster on failure

[BACKPORT/24.3.x] Bump CometBFT to 0.37.15-oasis1 (#6033) ±34 by kostko @ 2025-02-03.

Backport of #6032

go/runtime/host/sandbox: Verify sandbox binary when needed (#6060) ±30 by peternose @ 2025-02-12.

Ensures validator nodes without configured runtimes and with the default runtime provisioner set to sandbox do not fail to start if bubblewrap is not installed.

CHANGELOG:

go/runtime/host/sandbox: Verify sandbox binary when needed
Ensures validator nodes without configured runtimes and with the default runtime provisioner set to sandbox do not fail to start if bubblewrap is not installed.

Bump CometBFT to 0.37.15-oasis1 (#6032) ±21 by kostko @ 2025-02-03.

CHANGELOG:

Bump CometBFT to 0.37.15-oasis1

changelog: Assemble changes for 24.3.2 release (#6034) ±16 by kostko @ 2025-02-03.
go/runtime/bundle: Don't abort when some manifests cannot be loaded (#6044) ±12 by kostko @ 2025-02-07.

When upgrading from earlier versions the exploded bundle directory may contain non-bundle subdirectories which should not cause the loader to fail.

go/roothash/api: Change invalid round value (#6088) ±11 by peternose @ 2025-02-28.

The latest round and the invalid round now have unique values, allowing us to distinguish between the two.

changelog: Improve per-runtime changes (#6063) ±10 by peternose @ 2025-02-13.
runtime/src/transaction: Fix is_supported call to wrapped dispatcher (#6058) ±9 by peternose @ 2025-02-12.

Fixing Box::<NoopDispatcher>::default().is_supported() which returned true for ROFL apps.

CHANGELOG:

runtime/src/transaction: Fix is_supported call to wrapped dispatcher

chore: fix some function names in interface comment (#5945) ±6 by chuangjinglu @ 2025-02-28.
go/runtime/host/multi: Fix host removal when stopping a version (#6053) ±5 by peternose @ 2025-02-11.

CHANGELOG:

go/runtime/host/multi: Fix host removal when stopping a version

go/runtime/host: Ensure processes get cleaned up on node termination (#6066) ±4 by kostko @ 2025-02-14.

Fixes #6065

CHANGELOG:

go/runtime/host: Ensure processes get cleaned up on node termination

go: Bump golang.org/x/crypto to v0.35.0 (#6090) ±3 by peternose @ 2025-02-28. 
pkg:golang/golang.org/x/crypto@v0.32.0
1 known vulnerabilities affecting installed version
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ [CVE-2025-22869] CWE-770: Allocation of Resources Without Limits or Throttling                                                                                                                                 ┃
┣━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Description        ┃ SSH servers which implement file transfer protocols are vulnerable to a                                                                                                                   ┃
┃                    ┃ denial of service attack from clients which complete the key exchange                                                                                                                     ┃
┃                    ┃ slowly, or not at all, causing pending content to be read into memory, but                                                                                                                ┃
┃                    ┃ never transmitted.                                                                                                                                                                        ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ OSS Index ID       ┃ CVE-2025-22869                                                                                                                                                                            ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Score         ┃ 6.9/10 (Medium)                                                                                                                                                                           ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Vector        ┃ CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N                                                                                                                           ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Link for more info ┃ https://ossindex.sonatype.org/vulnerability/CVE-2025-22869?component-type=golang&component-name=golang.org%2Fx%2Fcrypto&utm_source=nancy-client&utm_medium=integration&utm_content=1.0.33 ┃
┗━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛

CHANGELOG:

go: Bump golang.org/x/crypto to v0.35.0

2 new releases of oasis-core were made this month: In total, 26 pull requests were merged in February.

Oasis Boot

The Oasis Boot team merged 2 PRs this month:

Bump Linux kernel to 6.12.13 (#12) ±1716 by kostko @ 2025-02-20.
Switch to netavark/aardvark-dns container network/DNS backends (#13) ±4 by kostko @ 2025-02-28.
2 new releases of oasis-boot were made this month: In total, 2 pull requests were merged in February.