Skip to content

fix(db): re-verify all transaction signatures on fork switch#6864

Merged
lvs0075 merged 1 commit into
tronprotocol:release_v4.8.2from
xxo1shine:fix/fork-switch-reverify-tx-sign
Jul 2, 2026
Merged

fix(db): re-verify all transaction signatures on fork switch#6864
lvs0075 merged 1 commit into
tronprotocol:release_v4.8.2from
xxo1shine:fix/fork-switch-reverify-tx-sign

Conversation

@xxo1shine

Copy link
Copy Markdown
Collaborator

What does this PR do?
The switchFork new-branch apply loop only re-validated each block's witness signature; the transactions inside were applied through the isVerified cache. That flag caches a signature-verification result computed against a specific account-permission state, but a fork switch re-applies blocks on a rewound, diverged chain state where those permissions may have changed. Trusting the stale flag lets a transaction skip verification and be accepted with a signature no longer valid under the fork-chain state.

  • Manager.switchFork: clear isVerified on every transaction of each block on the branch being switched to, before applyBlock, forcing full signature re-validation against the fork-chain state. The switch-back path (original main branch) is left untouched: it reproduces the exact original state, so its cached verifications stay valid and resetting them would only cost perf.
  • ManagerTest: add switchForkShouldResetTransactionSignVerifiedOnNewBranch, which drives a real reorg and asserts the new branch's transaction gets its cached verification flag cleared (fails without the fix).

Why are these changes required?

This PR has been tested by:

  • Unit Tests
  • Manual Testing

Follow up

Extra details

The switchFork new-branch apply loop only re-validated each block's witness
signature; the transactions inside were applied through the isVerified cache.
That flag caches a signature-verification result computed against a specific
account-permission state, but a fork switch re-applies blocks on a rewound,
diverged chain state where those permissions may have changed. Trusting the
stale flag lets a transaction skip verification and be accepted with a
signature no longer valid under the fork-chain state.

- Manager.switchFork: clear isVerified on every transaction of each block on
  the branch being switched to, before applyBlock, forcing full signature
  re-validation against the fork-chain state. The switch-back path (original
  main branch) is left untouched: it reproduces the exact original state, so
  its cached verifications stay valid and resetting them would only cost perf.
- ManagerTest: add switchForkShouldResetTransactionSignVerifiedOnNewBranch,
  which drives a real reorg and asserts the new branch's transaction gets its
  cached verification flag cleared (fails without the fix).
@github-actions github-actions Bot requested a review from halibobo1205 July 2, 2026 08:54
@lvs0075 lvs0075 merged commit 7ab8945 into tronprotocol:release_v4.8.2 Jul 2, 2026
12 checks passed
@halibobo1205 halibobo1205 added this to the GreatVoyage-v4.8.2 milestone Jul 2, 2026
@KingsDmusk

Copy link
Copy Markdown

valide

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants