Bisq

Recent Commits

• HenrikJannsen (09 Jun 26)

  Merge pull request #7905 from HenrikJannsen/Restore-weighted-BTC-fee-receiver-routing Restore weighted btc fee receiver routing

• HenrikJannsen (09 Jun 26)

  Merge pull request #7906 from wodoro/grpc_check refactor(proto): extract gRPC services into separate :proto-grpc module

• wodoro (09 Jun 26)

  refactor(proto): extract gRPC services into separate :proto-grpc module Split the proto module so that gRPC service stubs and their runtime dependencies (grpc-stub, grpc-protobuf and transitives) no longer leak onto the runtime classpath of modules that only need protobuf messages. The :proto module now generates messages only: the `service` blocks were moved out of grpc.proto and bridge.proto into grpc_services.proto and bridge_services.proto in the new :proto-grpc module, which imports the message definitions from proto.jar (import-only, no recompilation) and owns the gRPC codegen and dependencies. Only cli, daemon, apitest and bridge consume the service stubs and now depend on :proto-grpc; core (messages only) and all other modules (desktop, seednode, p2p, persistence, common, inventory, btcnodemonitor, restapi, statsnode) stay on the grpc-free :proto.

• HenrikJannsen (09 Jun 26)

  Validate weighted BTC fee receiver entries Reject weighted BTC fee receiver addresses that do not parse for the configured Bitcoin network and reject fractions finer than the 1/10000 selection granularity instead of silently flooring them. Update BtcFeeReceiverService tests with valid weighted receiver addresses and align docs README bullet indentation.

• HenrikJannsen (09 Jun 26)

  Address follow-up review feedback Add fail-fast canonical field handling, align BTC fee receiver delimiter text, tolerate empty grep extracts in the HashMap order comparison script, and update canonical migration docs to match current P2P/payment-account status. Make mailbox storage test payload hashes input-derived and add enum cardinality assertions for ScriptType and TxOutputType.

• HenrikJannsen (09 Jun 26)

  Harden BTC fee receiver selection Review BtcFeeReceiverService end to end and tighten receiver selection invariants. Use RandomGenerator with ThreadLocalRandom for production selection, capture the DAO height once per address selection, and make the height field volatile for listener visibility. Keep Burning Man remainder allocation within the delegated weight ceiling so weighted filter receivers retain their documented share even if upstream candidate shares overrun the remainder. Also fix long weight accumulation in findIndex, reject negative random-selection weights, and add focused unit coverage for the overflow and ceiling cases.

• HenrikJannsen (09 Jun 26)

  Restore weighted BTC fee receiver routing Reintroduce the filter btc_fee_receiver_addresses field at its original protobuf field number and include it in canonical filter encoding. Route configured weighted receivers through BtcFeeReceiverService, leaving the remaining probability to Burning Man receiver selection, and keep legacy plain-address filter behavior as uniform selection. Expose the filter receivers through FilterPolicyService, include parsed receivers in mempool fee address validation, and add admin filter UI validation plus focused tests. Add BTC fee receiver routing spec Move the filter-controlled Burning Man BTC fee receiver concept into tracked developer docs and link it from the Burning Man documentation.

• HenrikJannsen (09 Jun 26)

  Restore protected storage extra data maps Reintroduce extraDataMap preservation for alert, filter, BSQ swap offer, temp proposal payload, and dispute agent storage payloads. Include the restored maps in canonical schemas at their original protobuf field numbers so non-empty extension data round-trips deterministically while empty maps remain omitted.

• HenrikJannsen (09 Jun 26)

  Address canonical encoding review findings Reject unsupported ONEOF map entry values explicitly, normalize empty BlindVote extra data, defensively copy Merit signatures, and keep DAO state dump I/O failures from aborting block verification. Update focused tests to compare against protobuf bytes and lock down BlindVote payload hash input, null-vote Ballot omission, Merit signature immutability, and ScriptType protobuf code parity.

• HenrikJannsen (09 Jun 26)

  Merge pull request #7903 from wodoro/lax_filter fix(filter): defer no-filter warning until seed data received

• wodoro (09 Jun 26)

  fix(filter): defer no-filter warning until seed data received The "no filter object received" warning was triggered synchronously in onAllServicesInitialized(), before the initial P2P data request to the seed nodes had completed. On slow networks the filter had simply not arrived yet, producing a false-positive popup asking users to contact the developers. Move the check into the onDataReceived() listener, which fires after the seed-node data handshake completes; by then any network filter has been applied via the onAdded listener. A one-shot guard prevents repeat warnings. When no seed node is reachable onDataReceived never fires, so the unrelated "No seed nodes available" path handles that case instead. Also fix grammar typo in the warning string ("a not expected situation" -> "an unexpected situation") in the English source.

• HenrikJannsen (09 Jun 26)

  Restore protected storage extra data maps Reintroduce extraDataMap preservation for alert, filter, BSQ swap offer, temp proposal payload, and dispute agent storage payloads. Include the restored maps in canonical schemas at their original protobuf field numbers so non-empty extension data round-trips deterministically while empty maps remain omitted.

• HenrikJannsen (09 Jun 26)

  Restore blind vote extra data map Preserve BlindVote extraDataMap values from protobuf, include them in canonical field 6, and keep newly published blind votes on an empty TreeMap so empty-map wire bytes remain unchanged.

• HenrikJannsen (08 Jun 26)

  Restore proposal extra data maps Reintroduce extraDataMap plumbing for proposal subclasses and pass empty TreeMaps from factories so future extension data remains supported without changing empty-map wire or canonical bytes.

• HenrikJannsen (09 Jun 26)

  Address canonical encoding review findings Restrict TreeMapIterator construction to non-null comparators, add explicit Alert and DaoState guards, pass the selected canonical encoder through P2P protected payload hashing, and tighten PubKeyRing byte-array invariants. Update canonical migration documentation and focused regression coverage for the reviewed paths.

• HenrikJannsen (08 Jun 26)

  Require canonical protected storage payloads Make ProtectedStoragePayload extend Canonical and simplify DataAndSeqNrPair to use the protected payload's canonical bytes directly. Update protected-storage stubs and legacy blind-vote parity checks to use serializeForHash() where they intentionally compare against the deprecated protobuf hash preimage.

• HenrikJannsen (08 Jun 26)

  Remove legacy exclude-for-hash support Drop ExcludeForHash and ExcludeForHashAwareProto now that Filter and canonical hash preimages no longer need annotation-based field exclusion. Make Proto.serializeForHash() a deprecated protobuf fallback and keep P2P generic fallbacks explicit.

• HenrikJannsen (08 Jun 26)

  Use canonical encoding for hash preimages Replace direct serializeForHash() usage with encodeCanonical() for payloads whose static type is canonical. Keep serializeForHash() only as the compatibility bridge and generic fallback for noncanonical P2P payloads.

• HenrikJannsen (08 Jun 26)

  Add encodeCanonical() default implementation

• HenrikJannsen (08 Jun 26)

  Fix hashmap order probe canonical source paths

• HenrikJannsen (08 Jun 26)

  Validate AccountingTxOutput uint32 bounds

• HenrikJannsen (08 Jun 26)

  Guard empty DaoState hash-chain serialization

• HenrikJannsen (08 Jun 26)

  Add LegacyCollectorsToMapIterator edge tests

• HenrikJannsen (08 Jun 26)

  Apply canonical merit list plaintext encoding Encrypt blind-vote merit list plaintext from canonical serializeForHash() bytes and add verifyBlindVoteEncryptedMeritListSerialization for live legacy protobuf parity checks. Extend canonical encoder coverage for MeritList empty, ordered, serializeForHash, protobuf parse, and encrypted decrypt paths, and refresh the canonical serialization inventory.

• HenrikJannsen (08 Jun 26)

  Update canonical serialization inventory Refresh the protobuf hash use-case documentation after the blind-vote encrypted votes and payment-account contract hash migrations. Document that encrypted merit plaintext is the remaining blind-vote serialization-sensitive path still using protobuf serialize() before encryption, and outline the parity and verification coverage needed before switching it to canonical bytes.

• HenrikJannsen (08 Jun 26)

  Apply canonical blind vote plaintext encoding Add canonical schemas for VoteWithProposalTxId and VoteWithProposalTxIdList, including focused byte-identity tests for empty, null-vote, rejected, accepted, ordered, parse, serializeForHash, and decrypt paths. Encrypt canonical plaintext in the blind-vote caller path and add verifyBlindVoteEncryptedVotesSerialization so operators can compare canonical bytes against legacy protobuf bytes and fail fast with length/hash diagnostics.

• HenrikJannsen (08 Jun 26)

  Cover canonical payment account parity for locally created payloads Every existing parity case decodes through CoreProtoResolver.fromProto, which hides three production code paths from the canonical schema: - PaymentAccountPayload's no-arg constructor leaves maxTradePeriod at -1, while the matrix always seeds the protobuf with maxTradePeriod=12345. - The constructor auto-injects a SALT entry into excludeFromJsonDataMap and PaymentAccountPayloadExcludeFromJsonMap then enforces LEGACY_HASHMAP_ORDER, whereas fromProto always picks the preserveInsertionOrder branch. - setHolderName on PaymentAccountPayload subclasses that have no holderName field of their own (AliPay etc.) feeds the HOLDER_NAME entry into the same map and forces the legacy reorder to put HOLDER_NAME ahead of SALT. Add a parity matrix that builds AliPayAccountPayload, NationalBankAccountPayload and SepaAccountPayload directly through their public Java constructors, mutates them the way producers do, and asserts canonical bytes, serializeForHash bytes and the ripemd160 contract hash stay byte-compatible with the roundtripped protobuf bytes. This covers the default signed-int64 maxTradePeriod path, the auto-salt LEGACY_HASHMAP_ORDER path, an empty repeated-string field (Sepa acceptedCountryCodes) and the nested CountryBased -> Bank -> NationalBank wrapper for a payload that only sets the required holder name.

• HenrikJannsen (08 Jun 26)

  Cover canonical payment account parity for null optional fields The previous parity matrix populated every protobuf field, so the canonical schemas were never exercised against BankAccountPayload and CashDepositAccountPayload instances whose nullable bank-level fields fromProto decoded as null. The schemas read those fields directly through lambdas, so a regression that introduced an NPE or wrote an empty string instead of skipping the field would silently drift away from the legacy protobuf hash preimage. Add a focused parity matrix that exercises: - NationalBank and SpecificBanks with only the required holderName populated. - CashDepositAccountPayload with only the required holderName populated. - Sepa with the deprecated email field unset. - SepaInstant with the acceptedCountryCodes list left empty. For each shape we re-decode through CoreProtoResolver and assert that the canonical bytes, serializeForHash bytes and ripemd160 contract hash match the roundtripped protobuf bytes, so the canonical encoder must continue handling null lambda returns, empty repeated string lists and missing deprecated string fields exactly the way protobuf does.

• HenrikJannsen (08 Jun 26)

  Migrate payment account contract hashes to canonical encoding Make PaymentAccountPayload implement Canonical so getHashForContract now uses the canonical account schema through serializeForHash. Extend account payload parity coverage to prove canonical serializeForHash bytes and final contract hashes remain byte-compatible with the legacy protobuf preimage for every supported account payload shape.

• HenrikJannsen (08 Jun 26)

  Add payment account canonical parity schemas Build canonical schemas for the complete PaymentAccountPayload hierarchy without changing runtime hash behavior yet. Cover every resolver-supported concrete account payload shape against the current normalized protobuf bytes before switching getHashForContract to canonical serialization.