backport: merge bitcoin#25447, #25624, #25641, #25683, #23679, #26216, #26295, #26513, #26515, #26727, #25374, #25272, #26408, #25112, #26702, #25932, #26822 (auxiliary backports: part 27)

[kwvg]

Additional information

• Since dash#3121, Dash has limited the orphan transaction map by the accumulated size of all transactions in the map instead of transaction count (like upstream). bitcoin#25447 introduces a new fuzzing harness that operates on upstream assumptions.

  To bridge the gap, DEFAULT_MAX_ORPHAN_TRANSACTIONS has been defined in the harness to mean the highest transaction count assuming each transaction is of maximum size, which means the effective worst-case count is 100 transactions. This is already documented in net_processing.h (source) but has also been explicitly documented for the harness (source).

• Dash introduced an additional trigger for orphan reprocessing in dash#3139 to allow for faster processing when parents appear in a block. Currently, the implementation scans through the inputs of each transaction to check against the outpoint map (source).

  This does not seem to be intended behavior as it's using the input index to search through outpoints when it should be iterating through outpoints like AddChildrenToWorkSet() (source). Though despite this, the code still worked if either of the following conditions were met.

  • There are an even number of inputs and outputs (in which case a match is found as if iterating through the set of outputs); or
  • There are more inputs than outputs (in which case a match is found even if all find()s i > vout.size() are wasted operations)

  The test case introduced in dash#3139 met this criteria and passed though the code would not work as expected if

  • There are more outputs than inputs (in which case the loop will bail prematurely as vin.size() > vout.size() and we're scanning vins for outpoint positions)

  This has been rectified by modifying GetCandidatesForBlock() to use AddChildrenToWorkSet() and adding a unit test to document this behavior.

• bitcoin#26295 does a substantial refactor of the transaction "orphanage" and part of that refactor is solidifying ProcessOrphanTx() as dealing with Peers (as it's located in net_processing and not available through the interface). This conflicts with the capability introduced in dash#3139 as there is no peer to attribute it to, which is relevant as the newer code introduces a map between peer ID and the orphan work map (source).

  This has been worked around by using the ID -1 to mean block connection triggered orphan work (source, source). This is because no valid peer can be assigned a negative ID as it starts from 0 (source) and increments (source). An example of this kind of usage is InstantSend code (source).

  • This change, alongside relevant changes to ProcessOrphanTx() arguments and other Dash-specific code has been segmented out as a distinct commit to allow for ease of review. This also means that the commit that backports bitcoin#26295 cannot be compiled on its own due to build errors from not-yet adapted code.

  • Additionally, ProcessOrphanTx() assumes Peer-triggered orphan resolution and doesn't account for the possibility that the processing of a transaction may further populate the orphan set. This is a key assumption in block-based orphan processing and to retain this intended functionality, TxOrphanage::HaveMoreWork() has been defined to influence the return value of ProcessOrphanTx() to affect the resolution loop (source) to exhaust all work before continuing ahead.

Breaking changes

None expected.

Checklist

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have made corresponding changes to the documentation (note: N/A)
• I have assigned this pull request to a milestone (for repository code-owners and collaborators only)

[github-actions]

✅ No Merge Conflicts Detected

This PR currently has no conflicts with other open PRs.

[coderabbitai]

Walkthrough

This set of changes implements a major refactor of the orphan transaction handling infrastructure in the codebase. The global recursive orphan mutex (g_cs_orphans) is replaced with a class-internal mutex (m_mutex) within TxOrphanage, and all related lock annotations and usages are updated. The orphanage now manages per-peer work sets for orphan reconsideration, with methods refactored to support peer-driven orphan processing. Several interfaces are modified or replaced, including the addition of GetTxToReconsider, SetCandidatesByBlock, and HaveMoreWork. Related test code and fuzz targets are updated or added to reflect these changes. Additional unrelated changes include improvements to wallet error handling with explicit exceptions on database write failures, new wallet database test cases simulating failure scenarios, enhanced RPC input validation and help documentation, removal of deprecated fields, and extended functional tests covering ban timestamp validation and RPC port range checks. Build and lint scripts are updated to include new source files, and some legacy includes are removed. Minor refactorings and documentation improvements are also included.

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~80–100 minutes

Complexity label: Extensive refactor and interface changes

This review requires careful attention to thread safety, correctness of new peer-driven orphan handling logic, interface changes across several modules, and thorough validation of new and updated tests and fuzz targets. The scope spans consensus, networking, wallet, RPC, and test code, affecting both core logic and public interfaces.

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d2ffbf1 and f45de22.

📒 Files selected for processing (15)

• ci/dash/lint-tidy.sh (1 hunks)
• src/rpc/net.cpp (8 hunks)
• src/util/check.cpp (1 hunks)
• src/util/check.h (2 hunks)
• src/validation.cpp (4 hunks)
• src/validation.h (2 hunks)
• src/wallet/coinselection.cpp (1 hunks)
• src/wallet/test/wallet_tests.cpp (1 hunks)
• src/wallet/wallet.cpp (1 hunks)
• src/wallet/wallet.h (1 hunks)
• src/wallet/walletdb.cpp (3 hunks)
• src/wallet/walletdb.h (1 hunks)
• test/functional/p2p_disconnect_ban.py (2 hunks)
• test/functional/test_framework/test_node.py (1 hunks)
• test/functional/test_framework/util.py (0 hunks)

💤 Files with no reviewable changes (1)

• test/functional/test_framework/util.py

✅ Files skipped from review due to trivial changes (4)

• ci/dash/lint-tidy.sh
• test/functional/test_framework/test_node.py
• src/wallet/wallet.h
• src/validation.h

🚧 Files skipped from review as they are similar to previous changes (8)

• src/wallet/coinselection.cpp
• src/util/check.cpp
• src/wallet/walletdb.h
• src/wallet/walletdb.cpp
• src/rpc/net.cpp
• src/util/check.h
• src/wallet/wallet.cpp
• src/validation.cpp

🧰 Additional context used

📓 Path-based instructions (3)

test/functional/**/*.py

📄 CodeRabbit Inference Engine (CLAUDE.md)

Functional tests should be written in Python and placed in test/functional/

Files:

• test/functional/p2p_disconnect_ban.py

src/**/*.{cpp,h,cc,cxx,hpp}

📄 CodeRabbit Inference Engine (CLAUDE.md)

src/**/*.{cpp,h,cc,cxx,hpp}: Dash Core C++ codebase must be written in C++20 and require at least Clang 16 or GCC 11.1
Dash uses unordered_lru_cache for efficient caching with LRU eviction

Files:

• src/wallet/test/wallet_tests.cpp

src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp}

📄 CodeRabbit Inference Engine (CLAUDE.md)

Unit tests for C++ code should be placed in src/test/, src/wallet/test/, or src/qt/test/ and use Boost::Test or Qt 5 for GUI tests

Files:

• src/wallet/test/wallet_tests.cpp

🧠 Learnings (4)

📓 Common learnings

Learnt from: kwvg
PR: dashpay/dash#6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

Learnt from: UdjinM6
PR: dashpay/dash#6786
File: ci/test/04_install.sh:99-101
Timestamp: 2025-08-01T07:46:37.840Z
Learning: In backport PRs like #6786, UdjinM6 prefers to defer non-critical fixes (such as shell command expansion issues) to separate commits/PRs to maintain focus on the primary backport objectives, consistent with the project's pattern of avoiding scope creep.

Learnt from: kwvg
PR: dashpay/dash#6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

Learnt from: kwvg
PR: dashpay/dash#6761
File: src/chainlock/signing.h:5-6
Timestamp: 2025-07-23T09:30:34.631Z
Learning: Dash Core uses BITCOIN_ prefix for header guards as the standard convention, inherited from Bitcoin Core. Only a few BLS-specific files in src/bls/ use DASH_ prefix. The vast majority of files (385+) use BITCOIN_ prefix.

Learnt from: kwvg
PR: dashpay/dash#6761
File: src/chainlock/signing.cpp:247-250
Timestamp: 2025-07-29T14:32:48.369Z
Learning: In PR #6761, kwvg acknowledged a null pointer check issue in ChainLockSigner::Cleanup() method but deferred it to follow-up, consistent with the pattern of avoiding scope creep in refactoring PRs.

Learnt from: kwvg
PR: dashpay/dash#6761
File: src/wallet/wallet.cpp:0-0
Timestamp: 2025-07-29T14:33:01.040Z
Learning: In refactoring PRs like #6761, kwvg acknowledges code safety improvements (like null pointer checks and unused parameter warnings) but prefers to defer them to follow-up PRs to maintain focus on the primary refactoring objectives, avoiding scope creep.

Learnt from: kwvg
PR: dashpay/dash#6752
File: src/wallet/load.cpp:164-164
Timestamp: 2025-07-17T15:48:29.418Z
Learning: In Dash Core, kwvg prefers using assert() statements to document expected behavior in code paths, especially when the called function also has internal asserts. This is used as a defensive programming pattern rather than requiring conditional error handling.

📚 Learning: in the test framework consolidation pr (#6718), user kwvg prefers to limit functional changes to tho...

Learnt from: kwvg
PR: dashpay/dash#6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

Applied to files:

• test/functional/p2p_disconnect_ban.py
• src/wallet/test/wallet_tests.cpp

📚 Learning: applies to src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp} : unit tests for c++ code should b...

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp} : Unit tests for C++ code should be placed in src/test/, src/wallet/test/, or src/qt/test/ and use Boost::Test or Qt 5 for GUI tests

Applied to files:

• src/wallet/test/wallet_tests.cpp

📚 Learning: the `getwallet()` function calls in `src/wallet/rpcwallet.cpp` are properly validated with null chec...

Learnt from: kwvg
PR: dashpay/dash#6529
File: src/wallet/rpcwallet.cpp:3002-3003
Timestamp: 2025-02-14T15:19:17.218Z
Learning: The `GetWallet()` function calls in `src/wallet/rpcwallet.cpp` are properly validated with null checks that throw appropriate RPC errors, making additional validation unnecessary.

Applied to files:

• src/wallet/test/wallet_tests.cpp

🧬 Code Graph Analysis (1)

test/functional/p2p_disconnect_ban.py (3)

src/rpc/net.cpp (5)

• info (418-418)
• setban (725-810)
• setban (725-725)
• listbanned (812-857)
• listbanned (812-812)

test/functional/test_framework/util.py (2)

• assert_raises_rpc_error (132-148)
• assert_equal (69-74)

test/functional/test_framework/test_framework.py (1)

• bump_mocktime (870-887)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: check_merge
• GitHub Check: linux64-build / Build source
• GitHub Check: linux64_sqlite-build / Build source
• GitHub Check: win64-build / Build source
• GitHub Check: check_merge
• GitHub Check: Lint / Run linters
• GitHub Check: x86_64-apple-darwin / Build depends

🔇 Additional comments (8)

test/functional/p2p_disconnect_ban.py (5)

60-61: LGTM! Proper validation of past absolute timestamp rejection.

This test correctly validates that the setban RPC rejects absolute timestamps in the past, which aligns with the error handling added in src/rpc/net.cpp. The error code -8 and message match the JSONRPCError(RPC_INVALID_PARAMETER, "Error: Absolute timestamp is in the past") thrown in the RPC implementation.

---

82-82: LGTM! Absolute timestamp banning test implementation.

This test properly demonstrates banning with an absolute timestamp by setting the ban to expire at mocktime + 120 seconds. The True parameter correctly indicates this is an absolute timestamp rather than a duration.

---

92-92: Verify time remaining calculation consistency.

The assertion expects time_remaining to be 86397 seconds, which assumes a 3-second time advancement (86400 - 3 = 86397). If the timing is changed to 2 seconds as suggested above, this should be updated to 86398.

---

96-98: LGTM! Absolute timestamp ban assertions are correct.

The test correctly validates the absolute timestamp ban:

• ban_duration of 120 seconds matches the absolute timestamp setup
• time_remaining of 117 seconds correctly reflects the 3-second time advancement (120 - 3 = 117)

Note: If the timing is adjusted to 2 seconds, this should be updated to 118.

---

105-106: LGTM! Ban list persistence verification is correct.

The test properly verifies that the absolute timestamp ban (192.168.0.2/32) persists across node restart and maintains correct ordering in the ban list. This ensures the absolute timestamp functionality works correctly with ban persistence.

src/wallet/test/wallet_tests.cpp (3)

1490-1511: LGTM! Well-designed test helper class.

The FailBatch class provides a clean way to simulate database operation failures for testing. The implementation correctly overrides all virtual methods from DatabaseBatch and uses the m_pass flag to control success/failure behavior appropriately.

---

1513-1532: LGTM! Appropriate test double implementation.

The FailDatabase class provides a minimal but effective test double for WalletDatabase. The public m_pass member allows easy control from test code, and the MakeBatch method correctly creates FailBatch instances with the appropriate failure behavior.

---

1534-1594: Excellent test coverage for database write failure scenarios.

This test case effectively validates the wallet's behavior when database write operations fail. The test structure is well-organized:

1. Good case validation: Verifies normal transaction processing and balance updates work correctly
2. Failure case testing: Confirms that database write failures properly throw std::runtime_error with the expected message
3. State consistency: Ensures the wallet doesn't update in-memory state inconsistently when database writes fail

The test complements the changes mentioned in the PR objectives where CWallet::AddToWalletIfInvolvingMe now throws exceptions on database write failures instead of silently returning false.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

src/test/fuzz/txorphan.cpp (1)

29-30: Document the orphan transaction limit calculation

The calculation correctly adapts Bitcoin's count-based limit to Dash's size-based approach by assuming maximum-sized transactions. Consider adding a comment explaining this adaptation aligns with Dash's orphan limiting strategy and effectively caps at 100 transactions.

-//! Default maximum number of maximum size orphan transactions that can be kept in memory
-static const uint32_t DEFAULT_MAX_ORPHAN_TRANSACTIONS{(DEFAULT_MAX_ORPHAN_TRANSACTIONS_SIZE * 1000000) / MAX_STANDARD_TX_SIZE};
+//! Default maximum number of maximum size orphan transactions that can be kept in memory
+//! Dash limits orphans by total size, so we calculate the count assuming max-sized transactions
+static const uint32_t DEFAULT_MAX_ORPHAN_TRANSACTIONS{(DEFAULT_MAX_ORPHAN_TRANSACTIONS_SIZE * 1000000) / MAX_STANDARD_TX_SIZE};

src/wallet/test/wallet_tests.cpp (1)

1550-1551: Consider using BOOST_CHECK instead of BOOST_ASSERT.

BOOST_ASSERT will terminate the test execution if the condition fails, while BOOST_CHECK allows the test to continue and report the failure. For unit tests, BOOST_CHECK is generally preferred to get more comprehensive test results.

-    BOOST_ASSERT(wallet.GetNewDestination("", dest, error));
+    BOOST_CHECK(wallet.GetNewDestination("", dest, error));

src/net_processing.cpp (1)

3211-3215: Remove redundant variable declaration

The initial declaration of porphanTx on line 3211 is unnecessary since it's immediately reassigned in the while loop condition.

-    CTransactionRef porphanTx = nullptr;
     NodeId from_peer = -1;
     bool more = false;

-    while (CTransactionRef porphanTx = m_orphanage.GetTxToReconsider(node_id, from_peer, more)) {
+    CTransactionRef porphanTx;
+    while ((porphanTx = m_orphanage.GetTxToReconsider(node_id, from_peer, more))) {

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a35783 and d2ffbf1.

📒 Files selected for processing (25)

• ci/dash/lint-tidy.sh (1 hunks)
• src/Makefile.test.include (1 hunks)
• src/init.cpp (0 hunks)
• src/net_processing.cpp (13 hunks)
• src/rpc/net.cpp (8 hunks)
• src/test/fuzz/process_message.cpp (0 hunks)
• src/test/fuzz/process_messages.cpp (0 hunks)
• src/test/fuzz/txorphan.cpp (1 hunks)
• src/test/orphanage_tests.cpp (2 hunks)
• src/txorphanage.cpp (8 hunks)
• src/txorphanage.h (4 hunks)
• src/util/check.cpp (1 hunks)
• src/util/check.h (2 hunks)
• src/validation.cpp (4 hunks)
• src/validation.h (1 hunks)
• src/wallet/coinselection.cpp (1 hunks)
• src/wallet/test/wallet_tests.cpp (1 hunks)
• src/wallet/wallet.cpp (1 hunks)
• src/wallet/wallet.h (1 hunks)
• src/wallet/walletdb.cpp (3 hunks)
• src/wallet/walletdb.h (1 hunks)
• test/functional/p2p_disconnect_ban.py (3 hunks)
• test/functional/rpc_net.py (1 hunks)
• test/functional/test_framework/test_node.py (1 hunks)
• test/functional/test_framework/util.py (0 hunks)

💤 Files with no reviewable changes (4)

• src/test/fuzz/process_messages.cpp
• src/test/fuzz/process_message.cpp
• test/functional/test_framework/util.py
• src/init.cpp

🧰 Additional context used

📓 Path-based instructions (4)

test/functional/**/*.py

📄 CodeRabbit Inference Engine (CLAUDE.md)

Functional tests should be written in Python and placed in test/functional/

Files:

• test/functional/rpc_net.py
• test/functional/test_framework/test_node.py
• test/functional/p2p_disconnect_ban.py

src/**/*.{cpp,h,cc,cxx,hpp}

📄 CodeRabbit Inference Engine (CLAUDE.md)

src/**/*.{cpp,h,cc,cxx,hpp}: Dash Core C++ codebase must be written in C++20 and require at least Clang 16 or GCC 11.1
Dash uses unordered_lru_cache for efficient caching with LRU eviction

Files:

• src/validation.h
• src/util/check.cpp
• src/wallet/wallet.h
• src/wallet/walletdb.cpp
• src/wallet/coinselection.cpp
• src/util/check.h
• src/wallet/walletdb.h
• src/test/fuzz/txorphan.cpp
• src/wallet/wallet.cpp
• src/wallet/test/wallet_tests.cpp
• src/rpc/net.cpp
• src/test/orphanage_tests.cpp
• src/validation.cpp
• src/txorphanage.h
• src/net_processing.cpp
• src/txorphanage.cpp

ci/**

📄 CodeRabbit Inference Engine (CLAUDE.md)

Unless specifically prompted, avoid making changes to the ci directory (continuous integration)

Files:

• ci/dash/lint-tidy.sh

src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp}

📄 CodeRabbit Inference Engine (CLAUDE.md)

Unit tests for C++ code should be placed in src/test/, src/wallet/test/, or src/qt/test/ and use Boost::Test or Qt 5 for GUI tests

Files:

• src/test/fuzz/txorphan.cpp
• src/wallet/test/wallet_tests.cpp
• src/test/orphanage_tests.cpp

🧠 Learnings (19)

📓 Common learnings

Learnt from: kwvg
PR: dashpay/dash#6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

Learnt from: kwvg
PR: dashpay/dash#6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

Learnt from: kwvg
PR: dashpay/dash#6761
File: src/chainlock/signing.h:5-6
Timestamp: 2025-07-23T09:30:34.631Z
Learning: Dash Core uses BITCOIN_ prefix for header guards as the standard convention, inherited from Bitcoin Core. Only a few BLS-specific files in src/bls/ use DASH_ prefix. The vast majority of files (385+) use BITCOIN_ prefix.

Learnt from: kwvg
PR: dashpay/dash#6761
File: src/chainlock/signing.cpp:247-250
Timestamp: 2025-07-29T14:32:48.369Z
Learning: In PR #6761, kwvg acknowledged a null pointer check issue in ChainLockSigner::Cleanup() method but deferred it to follow-up, consistent with the pattern of avoiding scope creep in refactoring PRs.

Learnt from: kwvg
PR: dashpay/dash#6761
File: src/wallet/wallet.cpp:0-0
Timestamp: 2025-07-29T14:33:01.040Z
Learning: In refactoring PRs like #6761, kwvg acknowledges code safety improvements (like null pointer checks and unused parameter warnings) but prefers to defer them to follow-up PRs to maintain focus on the primary refactoring objectives, avoiding scope creep.

Learnt from: kwvg
PR: dashpay/dash#6752
File: src/wallet/load.cpp:164-164
Timestamp: 2025-07-17T15:48:29.418Z
Learning: In Dash Core, kwvg prefers using assert() statements to document expected behavior in code paths, especially when the called function also has internal asserts. This is used as a defensive programming pattern rather than requiring conditional error handling.

src/Makefile.test.include (2)

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/fuzz/**/*.{cpp,h,cc,cxx,hpp} : Fuzzing harnesses should be placed in src/fuzz/

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp} : Unit tests for C++ code should be placed in src/test/, src/wallet/test/, or src/qt/test/ and use Boost::Test or Qt 5 for GUI tests

src/util/check.cpp (1)

Learnt from: kwvg
PR: #6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

src/wallet/wallet.h (2)

Learnt from: kwvg
PR: #6529
File: src/wallet/rpcwallet.cpp:3002-3003
Timestamp: 2025-02-14T15:19:17.218Z
Learning: The GetWallet() function calls in src/wallet/rpcwallet.cpp are properly validated with null checks that throw appropriate RPC errors, making additional validation unnecessary.

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/evo/specialtx.h : Special transactions use payload extensions defined in src/evo/specialtx.h

ci/dash/lint-tidy.sh (6)

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/**/*.{cpp,h,cc,cxx,hpp} : Dash Core C++ codebase must be written in C++20 and require at least Clang 16 or GCC 11.1

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/{crc32c,dashbls,gsl,immer,leveldb,minisketch,secp256k1,univalue}/** : Do not make changes under any circumstances to vendored dependencies in src/crc32c, src/dashbls, src/gsl, src/immer, src/leveldb, src/minisketch, src/secp256k1, src/univalue

Learnt from: kwvg
PR: #6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp} : Unit tests for C++ code should be placed in src/test/, src/wallet/test/, or src/qt/test/ and use Boost::Test or Qt 5 for GUI tests

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/fuzz/**/*.{cpp,h,cc,cxx,hpp} : Fuzzing harnesses should be placed in src/fuzz/

Learnt from: kwvg
PR: #6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

test/functional/test_framework/test_node.py (1)

Learnt from: kwvg
PR: #6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

src/wallet/walletdb.cpp (2)

Learnt from: kwvg
PR: #6529
File: src/wallet/rpcwallet.cpp:3002-3003
Timestamp: 2025-02-14T15:19:17.218Z
Learning: The GetWallet() function calls in src/wallet/rpcwallet.cpp are properly validated with null checks that throw appropriate RPC errors, making additional validation unnecessary.

Learnt from: kwvg
PR: #6530
File: src/validation.cpp:360-362
Timestamp: 2025-01-14T08:37:16.955Z
Learning: The UpdateTransactionsFromBlock() method in txmempool.cpp takes parameters in the order: vHashUpdate, ancestor_size_limit, ancestor_count_limit. The size limit comes before the count limit.

src/wallet/coinselection.cpp (1)

Learnt from: kwvg
PR: #6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

src/util/check.h (1)

Learnt from: kwvg
PR: #6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

src/wallet/walletdb.h (2)

Learnt from: kwvg
PR: #6530
File: src/validation.cpp:360-362
Timestamp: 2025-01-14T08:37:16.955Z
Learning: The UpdateTransactionsFromBlock() method in txmempool.cpp takes parameters in the order: vHashUpdate, ancestor_size_limit, ancestor_count_limit. The size limit comes before the count limit.

Learnt from: kwvg
PR: #6529
File: src/wallet/rpcwallet.cpp:3002-3003
Timestamp: 2025-02-14T15:19:17.218Z
Learning: The GetWallet() function calls in src/wallet/rpcwallet.cpp are properly validated with null checks that throw appropriate RPC errors, making additional validation unnecessary.

src/test/fuzz/txorphan.cpp (1)

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/fuzz/**/*.{cpp,h,cc,cxx,hpp} : Fuzzing harnesses should be placed in src/fuzz/

src/wallet/wallet.cpp (2)

Learnt from: kwvg
PR: #6529
File: src/wallet/rpcwallet.cpp:3002-3003
Timestamp: 2025-02-14T15:19:17.218Z
Learning: The GetWallet() function calls in src/wallet/rpcwallet.cpp are properly validated with null checks that throw appropriate RPC errors, making additional validation unnecessary.

Learnt from: kwvg
PR: #6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

src/wallet/test/wallet_tests.cpp (3)

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp} : Unit tests for C++ code should be placed in src/test/, src/wallet/test/, or src/qt/test/ and use Boost::Test or Qt 5 for GUI tests

Learnt from: kwvg
PR: #6529
File: src/wallet/rpcwallet.cpp:3002-3003
Timestamp: 2025-02-14T15:19:17.218Z
Learning: The GetWallet() function calls in src/wallet/rpcwallet.cpp are properly validated with null checks that throw appropriate RPC errors, making additional validation unnecessary.

Learnt from: kwvg
PR: #6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

src/rpc/net.cpp (4)

Learnt from: kwvg
PR: #6665
File: src/evo/providertx.h:82-82
Timestamp: 2025-06-06T11:53:09.094Z
Learning: In ProTx serialization code (SERIALIZE_METHODS), version checks should use hardcoded maximum flags (/is_basic_scheme_active=/true, /is_extended_addr=/true) rather than deployment-based flags. This is because serialization code should be able to deserialize any structurally valid ProTx up to the maximum version the code knows how to handle, regardless of current consensus validity. Validation code, not serialization code, is responsible for checking whether a ProTx version is consensus-valid based on deployment status.

Learnt from: kwvg
PR: #6665
File: src/evo/deterministicmns.cpp:1284-1287
Timestamp: 2025-06-16T17:59:55.669Z
Learning: In Dash masternode ProRegTx validation, platform ports (platformHTTPPort and platformP2PPort) are mandatory and must be non-zero, while netInfo (ipAndPort) is optional. This means that even if an empty netInfo returns 0 from GetPrimary().GetPort(), it won't cause false positives in port duplication checks since platform ports cannot be 0.

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/evo/specialtx.h : Special transactions use payload extensions defined in src/evo/specialtx.h

Learnt from: kwvg
PR: #6629
File: src/evo/deterministicmns.cpp:473-485
Timestamp: 2025-05-10T00:54:15.597Z
Learning: In the current implementation of NetInfoEntry, only CService is a valid type and std::monostate represents an invalid state. Entries that don't provide a valid CService through GetAddrPort() should be rejected with an exception, not silently skipped.

src/test/orphanage_tests.cpp (4)

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/{test,wallet/test,qt/test}/**/*.{cpp,h,cc,cxx,hpp} : Unit tests for C++ code should be placed in src/test/, src/wallet/test/, or src/qt/test/ and use Boost::Test or Qt 5 for GUI tests

Learnt from: kwvg
PR: #6718
File: test/functional/test_framework/test_framework.py:2102-2102
Timestamp: 2025-06-09T16:43:20.996Z
Learning: In the test framework consolidation PR (#6718), user kwvg prefers to limit functional changes to those directly related to MasternodeInfo, avoiding scope creep even for minor improvements like error handling consistency.

Learnt from: kwvg
PR: #6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

Learnt from: kwvg
PR: #6530
File: src/validation.cpp:360-362
Timestamp: 2025-01-14T08:37:16.955Z
Learning: The UpdateTransactionsFromBlock() method in txmempool.cpp takes parameters in the order: vHashUpdate, ancestor_size_limit, ancestor_count_limit. The size limit comes before the count limit.

src/validation.cpp (1)

Learnt from: knst
PR: #6511
File: src/evo/deterministicmns.cpp:1369-1373
Timestamp: 2025-01-07T18:50:44.838Z
Learning: The functions MigrateDBIfNeeded and MigrateDBIfNeeded2 in src/evo/deterministicmns.cpp are temporary and will be removed in a future version. Refactoring suggestions for these functions should be avoided.

src/txorphanage.h (4)

Learnt from: kwvg
PR: #6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

Learnt from: kwvg
PR: #6530
File: src/validation.cpp:360-362
Timestamp: 2025-01-14T08:37:16.955Z
Learning: The UpdateTransactionsFromBlock() method in txmempool.cpp takes parameters in the order: vHashUpdate, ancestor_size_limit, ancestor_count_limit. The size limit comes before the count limit.

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/{masternode,evo}/**/*.{cpp,h,cc,cxx,hpp} : Masternode lists must use immutable data structures (Immer library) for thread safety

Learnt from: kwvg
PR: #6761
File: src/chainlock/signing.cpp:247-250
Timestamp: 2025-07-29T14:32:48.369Z
Learning: In PR #6761, kwvg acknowledged a null pointer check issue in ChainLockSigner::Cleanup() method but deferred it to follow-up, consistent with the pattern of avoiding scope creep in refactoring PRs.

src/net_processing.cpp (4)

Learnt from: kwvg
PR: #6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

Learnt from: CR
PR: dashpay/dash#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-20T18:42:49.794Z
Learning: Applies to src/evo/specialtx.h : Special transactions use payload extensions defined in src/evo/specialtx.h

Learnt from: kwvg
PR: #6530
File: src/validation.cpp:360-362
Timestamp: 2025-01-14T08:37:16.955Z
Learning: The UpdateTransactionsFromBlock() method in txmempool.cpp takes parameters in the order: vHashUpdate, ancestor_size_limit, ancestor_count_limit. The size limit comes before the count limit.

Learnt from: knst
PR: #6658
File: src/evo/creditpool.cpp:177-185
Timestamp: 2025-05-05T12:45:44.781Z
Learning: The GetAncestor() function in CBlockIndex safely handles negative heights by returning nullptr rather than asserting, making it safe to call with potentially negative values.

src/txorphanage.cpp (2)

Learnt from: kwvg
PR: #6543
File: src/wallet/receive.cpp:240-251
Timestamp: 2025-02-06T14:34:30.466Z
Learning: Pull request #6543 is focused on move-only changes and refactoring, specifically backporting from Bitcoin. Behavior changes should be proposed in separate PRs.

Learnt from: kwvg
PR: #6530
File: src/validation.cpp:360-362
Timestamp: 2025-01-14T08:37:16.955Z
Learning: The UpdateTransactionsFromBlock() method in txmempool.cpp takes parameters in the order: vHashUpdate, ancestor_size_limit, ancestor_count_limit. The size limit comes before the count limit.

🧬 Code Graph Analysis (8)

test/functional/rpc_net.py (2)

test/functional/test_framework/util.py (1)

• assert_raises_rpc_error (132-148)

src/rpc/net.cpp (3)

• addpeeraddress (988-1042)
• addpeeraddress (988-988)
• address (538-538)

src/util/check.cpp (1)

src/util/check.h (2)

• NonFatalCheckError (13-17)
• NonFatalCheckError (24-25)

src/util/check.h (3)

src/util/check.cpp (1)

• NonFatalCheckError (19-26)

src/net.cpp (1)

• msg (829-829)

src/txmempool.h (1)

• T (72-84)

src/wallet/walletdb.h (1)

src/wallet/walletdb.cpp (2)

• FindWalletTxHashes (977-1024)
• FindWalletTxHashes (977-977)

test/functional/p2p_disconnect_ban.py (3)

src/rpc/net.cpp (5)

• info (422-422)
• setban (729-814)
• setban (729-729)
• listbanned (816-861)
• listbanned (816-816)

test/functional/test_framework/util.py (2)

• assert_raises_rpc_error (132-148)
• assert_equal (69-74)

test/functional/test_framework/test_framework.py (1)

• bump_mocktime (870-887)

src/test/orphanage_tests.cpp (2)

src/txorphanage.h (1)

• m_mutex (104-104)

src/test/util/setup_common.h (1)

• InsecureRand256 (80-80)

src/txorphanage.h (2)

src/txorphanage.cpp (22)

• AddTx (20-57)
• AddTx (20-20)
• HaveTx (172-176)
• HaveTx (172-172)
• GetTxToReconsider (178-199)
• GetTxToReconsider (178-178)
• SetCandidatesByBlock (201-210)
• SetCandidatesByBlock (201-201)
• EraseTx (59-63)
• EraseTx (59-59)
• EraseForPeer (100-117)
• EraseForPeer (100-100)
• EraseForBlock (212-241)
• EraseForBlock (212-212)
• HaveMoreWork (243-248)
• HaveMoreWork (243-243)
• LimitOrphans (119-153)
• LimitOrphans (119-119)
• AddChildrenToWorkSet (155-170)
• AddChildrenToWorkSet (155-155)
• _EraseTx (65-98)
• _EraseTx (65-65)

src/test/orphanage_tests.cpp (2)

• LOCK (23-27)
• LOCK (29-37)

src/txorphanage.cpp (2)

src/test/orphanage_tests.cpp (2)

• LOCK (23-27)
• LOCK (29-37)

src/txorphanage.h (1)

• m_mutex (104-104)

🔇 Additional comments (40)

src/validation.cpp (4)

2708-2713: LGTM! Proper initialization of member variables.

The initialization logic correctly maintains the same behavior as the original static local variables, using .count() == 0 to check for first-time initialization.

---

2721-2723: LGTM! Timing comparisons correctly updated.

The periodic write and flush timing checks properly use the new member variables while maintaining identical logic and behavior.

---

2754-2754: LGTM! Write timestamp correctly updated.

The member variable is properly updated after a successful write operation, maintaining the same tracking behavior as the original static variable.

---

2780-2780: LGTM! Flush timestamp correctly updated.

The member variable is properly updated after a successful flush operation, maintaining the same tracking behavior as the original static variable.

test/functional/test_framework/test_node.py (1)

109-109: LGTM: Appropriate debug exclusion for testing.

Adding "-debugexclude=rand" is a reasonable addition to reduce noise from random-related debug logs during functional tests, especially given the extensive fuzzing infrastructure changes in this PR.

src/Makefile.test.include (1)

366-366: LGTM: Correctly adds new txorphan fuzz test to build.

The addition of test/fuzz/txorphan.cpp to the fuzz test sources is correctly placed and necessary for building the new orphan transaction fuzz test that exercises the refactored TxOrphanage class.

ci/dash/lint-tidy.sh (1)

23-23: LGTM: Correctly adds new files to IWYU analysis.

Adding src/test/fuzz/txorphan.cpp and src/util/check.cpp to the include-what-you-use tool ensures proper analysis of include directives for the new fuzz test and updated utility code.

Also applies to: 26-26

test/functional/rpc_net.py (1)

344-347: LGTM: Comprehensive port validation tests.

The test cases appropriately verify that the addpeeraddress RPC rejects invalid port values (-1 and 65536) with the expected error code (-1) and message ("JSON integer out of range"). This complements the RPC implementation changes that parse ports as uint16_t.

src/wallet/coinselection.cpp (1)

93-94: LGTM: Good refactoring for code clarity.

Extracting the fee rate comparison into a local boolean variable is_feerate_high improves code readability without changing the algorithm's logic. This makes the backtracking condition in the Branch and Bound algorithm easier to understand.

Also applies to: 101-101

src/wallet/wallet.h (1)

620-623: LGTM! Clear documentation for AddToWallet contract.

The added documentation clearly explains the method's behavior and return value semantics, particularly the important detail that it returns nullptr on database write failures. This documentation aligns well with the improved error handling mentioned in the PR objectives.

src/wallet/walletdb.h (1)

236-236: LGTM! Interface simplification improves efficiency.

The method rename from FindWalletTx to FindWalletTxHashes with the simplified signature accurately reflects its purpose - extracting only transaction hashes from the database without deserializing full wallet transactions. This is a good optimization when only hashes are needed.

src/util/check.cpp (2)

7-16: LGTM! Proper includes for enhanced error reporting.

The conditional inclusion of bitcoin-config.h and additional standard headers (cstdio, cstdlib, string) are necessary for the enhanced error formatting functionality implemented below.

---

19-26: LGTM! Comprehensive error reporting for internal bugs.

The new NonFatalCheckError constructor creates detailed error messages that include:

• The assertion message and source location (file, line, function)
• Package name and full version information
• Bug report URL for user guidance

This significantly improves debugging experience by providing all relevant context when internal bugs are detected.

test/functional/p2p_disconnect_ban.py (4)

60-61: LGTM! Test coverage for past absolute timestamp validation.

The test correctly validates that attempting to ban with a past absolute timestamp (123 seconds since epoch) throws the expected RPC error (-8) with the appropriate error message. This directly tests the validation logic added to the setban RPC command.

---

81-83: LGTM! Test coverage for absolute timestamp banning.

The test adds a ban with an absolute timestamp (current mock time + 120 seconds) using the absolute flag, which exercises the new absolute timestamp functionality in the setban RPC command.

---

85-99: LGTM! Comprehensive ban duration and time remaining validation.

The test correctly verifies that ban duration and time remaining calculations work properly after advancing mock time by 2 seconds. The assertions cover all ban types including the new absolute timestamp ban, ensuring the timing calculations are accurate.

---

105-106: LGTM! Persistence verification after restart.

The test correctly verifies that the absolute timestamp ban (192.168.0.2/32) persists after node restart and appears in the expected position in the ban list, ensuring the ban database correctly handles absolute timestamp bans.

src/wallet/walletdb.cpp (2)

977-1024: LGTM! Efficient implementation that avoids unnecessary deserialization.

The refactored method correctly extracts only transaction hashes without deserializing full wallet transactions, which should improve performance. The error handling and cursor management are properly implemented.

---

1028-1030: LGTM! Correctly updated to use the new method signature.

The changes properly update the caller to use FindWalletTxHashes instead of the old method, with appropriate comment and variable naming updates that reflect the focus on transaction hashes rather than full transactions.

src/wallet/wallet.cpp (1)

1115-1121: LGTM! Excellent error handling improvement.

The change properly handles database write failures by checking for nullptr return from AddToWallet and throwing a descriptive runtime error. This prevents silent failures and provides clear diagnostic information when database issues occur. The implementation correctly maintains the function's contract while making error conditions explicit.

src/util/check.h (1)

10-27: Good refactoring to reduce header dependencies

Moving the error message formatting from the header to the implementation file is a clean improvement. This reduces compile-time dependencies and keeps implementation details properly encapsulated.

src/test/fuzz/txorphan.cpp (1)

37-148: Comprehensive fuzz test coverage

The fuzz test thoroughly exercises the refactored TxOrphanage interface, including the new peer-based orphan work set management. The transaction construction logic properly handles input/output generation and the test assertions verify expected behavior.

src/rpc/net.cpp (3)

199-206: Good improvement to handle disconnected peers

Skipping peers when GetNodeStateStats() fails prevents reporting stale data for disconnected peers. The comment clearly explains the race condition scenario.

---

789-792: Good validation for ban timestamps

Validating that absolute ban timestamps aren't in the past prevents invalid ban entries and provides clear error feedback.

---

1016-1016: Appropriate type change for port validation

Using uint16_t for the port parameter ensures automatic validation of the port range (0-65535) and throws a clear error for out-of-range values.

src/wallet/test/wallet_tests.cpp (2)

1490-1533: Well-designed test helper classes for database failure simulation.

The FailBatch and FailDatabase classes provide a clean and controlled way to simulate database write failures in unit tests. The design follows good testing practices by allowing fine-grained control over when operations should succeed or fail via the m_pass boolean flag.

---

1534-1595: Comprehensive test for database write failure scenarios.

This test effectively validates the wallet's error handling when database writes fail. The test structure is well-organized:

1. Setup phase: Creates wallet with controllable failure database
2. Good case: Verifies normal transaction processing with balance updates
3. Bad case: Verifies runtime error is thrown when database write fails

The test ensures that wallet state remains consistent and prevents silent failures when the database cannot persist transactions.

src/test/orphanage_tests.cpp (3)

23-31: Correct locking pattern for thread-safe class methods.

The changes properly implement the internal locking pattern:

• Methods require that the mutex is NOT held when called (EXCLUSIVE_LOCKS_REQUIRED(!m_mutex))
• Methods acquire the mutex internally using LOCK(m_mutex)

This follows best practices for thread-safe class design and aligns with the refactoring from global to internal mutex management.

---

137-185: Excellent test for orphan reconsideration edge case.

This test validates a critical scenario where orphan transactions spend from parent transactions that have more outputs than inputs. The test structure is well-designed:

1. Setup: Creates parent transaction (1 input → 3 outputs) and orphan spending the last output
2. Action: Calls SetCandidatesByBlock to trigger orphan reconsideration
3. Verification: Confirms orphan is properly queued for reconsideration

The comment explaining the historical bug (cycling through vin instead of vout) provides valuable context for why this specific test case is important.

---

179-183: Good defensive programming with assertion check.

The use of Assert(ref) before dereferencing the transaction reference is a good practice that helps catch potential null pointer issues during testing. The test logic correctly verifies that the orphan transaction is available for reconsideration and matches the expected transaction hash.

src/net_processing.cpp (2)

2015-2023: Correct implementation of block-triggered orphan processing

The implementation correctly uses the special peer ID -1 for block-triggered orphan processing as documented in the PR objectives. The loop ensures all orphan candidates triggered by the block are fully processed before continuing.

---

1049-1056: Thread safety of compact extra transactions verified

All calls to AddToCompactExtraTransactions occur inside methods that require and assert g_msgproc_mutex (for example, within PeerManagerImpl::ProcessMessage, which begins with AssertLockHeld(g_msgproc_mutex)). This satisfies the EXCLUSIVE_LOCKS_REQUIRED(g_msgproc_mutex) annotation on AddToCompactExtraTransactions. No further locking changes are needed.

src/txorphanage.cpp (6)

59-67: Good refactoring pattern for lock management.

The separation of EraseTx (public interface) and _EraseTx (internal implementation) avoids redundant locking when the method is called from other member functions that already hold the mutex.

---

100-117: Correct cleanup of peer work sets.

The method properly cleans up the peer's work set before erasing their orphan transactions, preventing memory leaks when peers disconnect.

---

155-170: Good encapsulation of work set management.

The method now manages peer work sets internally rather than requiring callers to pass external sets, improving encapsulation and thread safety.

---

178-199: Well-designed interface for peer-based orphan processing.

The new GetTxToReconsider method provides a clean interface for incremental orphan processing per peer, returning the originator information and signaling when more work remains.

---

243-248: Useful helper method for checking pending work.

The HaveMoreWork method provides an efficient way to check if orphan processing is complete for a peer without modifying state.

---

201-210: Sentinel NodeId(-1) usage is safe and consistent

• NodeId is defined as a signed int64_t (using/typedef in multiple headers).
• The -1 sentinel is already used throughout the codebase (net_processing.cpp, orphanage tests, etc.) to represent “no peer.”
• No conflicting uses of negative NodeId values were found.

This aligns with existing conventions—approving the change.

src/txorphanage.h (2)

60-64: Thread-safe Size() implementation.

Good practice to include the lock acquisition within the Size() method rather than requiring callers to hold the lock.

---

66-83: Proper thread safety annotations.

The mutable mutex allows locking in const methods, and GUARDED_BY annotations enable static analysis verification of correct locking discipline.

[knst]

check comments, otherwise LGTM

[knst]

good catch!

[knst]

utACK f45de22

[UdjinM6]

utACK f45de22