fix(key-wallet): extend gap limit for operator keys like owner/voting keys#882
Conversation
… keys When a ProRegTx/ProUpRegTx marks a provider key as used, wallet_checker runs maintain_gap_limit on the account's pools — but it sourced the derivation key via extended_public_key_for_account_type, which returns None for BLS accounts, so the operator pool was silently skipped while the ECDSA owner/voting pools were extended. A wallet whose operator keys were all registered would stop detecting registrations with its next operator keys. Add Wallet::key_source_for_account_type, which yields KeySource::BLSPublic (legacy-scheme non-hardened derivation, matching how the pool addresses were generated) for the operator account and KeySource::Public for ECDSA accounts, and route wallet_checker's gap maintenance through it. Platform-node (EdDSA) pools remain excluded: SLIP-0010 supports hardened derivation only, so they cannot be extended from a public key. The regression test pins the semantics: after a ProRegTx uses operator key 0, the pool extends to highest_used + gap_limit and the freshly derived entries carry BLS public keys matching the audited operator_public_key_at entry point. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Warning Review limit reached
Next review available in: 29 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## dev #882 +/- ##
==========================================
+ Coverage 74.23% 74.28% +0.04%
==========================================
Files 326 326
Lines 74585 74602 +17
==========================================
+ Hits 55370 55415 +45
+ Misses 19215 19187 -28
|
Problem
When a
ProRegTx/ProUpRegTxmarks a provider key as used,wallet_checkerrunsmaintain_gap_limiton the matched account's pools — but it obtained the derivation key viaextended_public_key_for_account_type, which returnsNonefor BLS accounts ("These use BLS/EdDSA keys, not regular xpubs"), so the loopcontinued before gap maintenance. Result: owner and voting pools extend past used keys, the operator pool never does. A wallet whose pre-generated operator keys were all consumed by registrations would stop detecting registrations made with its next operator keys.All the machinery below the checker already supported this:
KeySource::BLSPublicdoes legacy-scheme non-hardened derivation (the same path used to pre-generate the pool), and the operator pool isAddressPoolType::Absent(non-hardened), so watch-side extension is possible.Changes
Wallet::key_source_for_account_type(new, inwallet/helper.rs): key-source counterpart ofextended_public_key_for_account_type. ECDSA accounts yieldKeySource::Public; the provider operator account yieldsKeySource::BLSPublicfrom its stored account xpub; account types that cannot derive publicly yieldNoKeySource.wallet_checker: gap maintenance now sources its key through the new helper and only skips onNoKeySource, so operator pools extend exactly like owner/voting pools.None.Tests
provider_registration_extends_operator_key_gap_limit: derives operator key 0, processes a ProRegTx carrying it, and asserts the pool extends tohighest_used + gap_limit, with the freshly derived entries surfaced innew_addressesand their BLS public keys matching the auditedoperator_public_key_atentry point (#880/#881). Verified the test fails without the source change (pool stays at the pre-generated window,Some(4) != Some(5)).Full
cargo test -p key-wallet --all-features(544 passed), clippy-D warnings, and fmt are clean;key-wallet-ffi,key-wallet-manager, anddash-spvstill compile.🤖 Generated with Claude Code