Fix array bounds bug in multi-algo block index tracking#369
Merged
JaredTate merged 1 commit intofeature/digidollar-v1from Feb 14, 2026
Merged
Fix array bounds bug in multi-algo block index tracking#369JaredTate merged 1 commit intofeature/digidollar-v1from
JaredTate merged 1 commit intofeature/digidollar-v1from
Conversation
Copilot
AI
changed the title
[WIP] Analyze performance issues in DigiByte Core
Fix array bounds bug in multi-algo block index tracking
Feb 3, 2026
JaredTate
force-pushed
the
feature/digidollar-v1
branch
18 times, most recently
from
5a12092 to
28f0165
Compare
|
Reviewed and merged manually into What was applied (DGB-BUG-011):All three array bounds fixes:
What was NOT applied:
Verification:
Closing as manually merged. This is core DigiByte (not DD-specific) and a legit defensive fix. |
4 tasks
JaredTate
added a commit
that referenced
this pull request
Feb 13, 2026
…king (DGB-BUG-011) Applied array bounds fixes from copilot/fix-openssl-build-error for GetAlgo() returning ALGO_UNKNOWN (-1) used as array index in blockstorage.cpp (2 sites) and pow.cpp. Build system OpenSSL changes from PR branch were not applicable. Co-authored-by: Copilot <copilot@users.noreply.github.com>
…ploitable - defense verified Attempted 6 attack vectors for same-block DD transaction chains: a) Same-block mint+redeem: BLOCKED by CLTV timelock (ctx.nHeight < nLockTime) b) Zero lock period mint: BLOCKED by lockPeriod <= 0 check c) Same-block transfer via txLookup: WORKS correctly (block on disk, valid chain) d) Inflated DD via same-block: BLOCKED by conservation (inputDD != outputDD) e) Negative lock period mint: BLOCKED by lockPeriod <= 0 and tier mismatch f) Exact lockHeight boundary: CORRECT >= semantics (lockHeight passes, lockHeight-1 rejected) Key defenses verified: - CLTV in Tapscript enforced by CheckInputScripts (minimum 1 block lock) - NUMS internal key prevents key-path bypass of CLTV - lockPeriod > 0 enforced in ValidateMintTransaction - ValidateNormalRedemptionConditions checks ctx.nHeight >= tx.nLockTime - Standard UTXO model prevents double-spending within blocks - txLookup correctly reads current block from disk for same-block chains - Conservation checks work independently per transaction All 1784 unit tests pass.
JaredTate
force-pushed
the
copilot/analyze-performance-issues
branch
from
e620d1a to
e2d084a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GetAlgo()can returnALGO_UNKNOWN(-1) for blocks with unrecognized version bits. This value was used directly as an array index forlastAlgoBlocks[], causing undefined behavior.Changes
lastAlgoBlocks[algo]assignment inAddToBlockIndex()andLoadBlockIndexDB()GetLastBlockIndexForAlgoFast(), fall back to slow iteration if algo is out of boundsPattern
The
CBlockIndexconstructor inchain.cppalready had correct bounds checking:The fixed code in
blockstorage.cppnow follows the same pattern:Original prompt
You are an expert software quality engineer with extensive experience in: - C++ systems programming and debugging - Bitcoin Core and cryptocurrency node development - Distributed systems and consensus protocols - Test-driven development and code review - Performance analysis and optimization - Cross-platform compatibility (Linux, macOS, Windows)You have a track record of finding subtle bugs that evade traditional testing—the kind of issues that manifest under specific conditions, at scale, or after extended operation. You understand that in cryptocurrency systems, even non-security bugs can have severe operational consequences: chain stalls, sync failures, wallet corruption, or degraded user experience.
Your approach is methodical and thorough. You don't just find bugs—you understand their root causes and can articulate clear reproduction steps and fixes.
<repository_context>
You are analyzing the DigiByte Core repository (https://github.com/DigiByte-Core/digibyte).
Key technical characteristics:
DigiByte-specific components:
The faster block times and multi-algorithm nature mean certain classes of bugs (race conditions, timing issues) may be more likely to manifest than in Bitcoin Core.
Perform a comprehensive bug analysis of the provided code. Identify defects that could cause: - Incorrect program behavior - Crashes or undefined behavior - Data corruption or loss - Performance degradation - Synchronization failures - Compatibility issues</repository_context>
Focus on finding REAL bugs with clear reproduction paths, not theoretical issues or style preferences. Each bug report should be actionable by a developer.
<bug_categories>
Code that does not correctly implement its intended behavior - Off-by-one errors in loops and array access - Incorrect operator precedence - Wrong comparison operators (< vs <=, == vs !=) - Inverted conditionals - Missing break statements - Incorrect state machine transitions - Algorithmic errors in calculations - Copy-paste errors with unreplaced variables - Incorrect fee calculations - Wrong block height comparisons - Consensus rule implementation errors - Reward calculation mistakes - Difficulty calculation bugs Edge cases not properly handled - Empty container handling - Zero/null value edge cases - Maximum value overflow - Minimum value underflow - First/last element handling - Single-element collections - Boundary crossing in ranges - Genesis block edge cases - Block 0 special handling - MAX_MONEY boundary - Timestamp boundary conditions - Difficulty adjustment at activation heights Multi-threading and synchronization issues - Race conditions (TOCTOU) - Deadlocks and priority inversion - Missing or incorrect lock acquisition - Lock ordering violations - Condition variable misuse - Atomic operation errors - Thread-unsafe initialization - Stale data reads - cs_main lock violations - Mempool/wallet synchronization - Block validation threading - Peer connection races - Signal handler issues Memory, file handle, and resource handling errors - Memory leaks - File descriptor leaks - Double-free errors - Use-after-free - Uninitialized variables - Resource exhaustion - Missing cleanup in error paths - RAII violations Improper handling of error conditions - Unchecked return values - Swallowed exceptions - Incorrect error propagation - Missing error recovery - Error message information leaks - Assertion failures in production - Exception safety violations - Validation state handling - Block/transaction rejection handling - Network error recovery - Wallet error handling - RPC error responses Type-related errors and con...Systematically analyze for these bug classes:
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.