Skip to content

docs: fix validator address uniqueness to match implementation (ZELLIC-67)#2865

Open
howydev wants to merge 10 commits intomainfrom
howy/zellic-67-fix-address-uniqueness-docs
Open

docs: fix validator address uniqueness to match implementation (ZELLIC-67)#2865
howydev wants to merge 10 commits intomainfrom
howy/zellic-67-fix-address-uniqueness-docs

Conversation

@howydev
Copy link
Contributor

@howydev howydev commented Feb 25, 2026

Summary

Fixes the spec (TIP-1017) and Solidity interface to accurately reflect that validator addresses are unique among active validators only, not globally including deleted ones. Deactivated addresses may be reused.

Public keys remain globally unique (including deleted) — no change there.

Changes

  • tips/tip-1017.md — 6 corrections across interface comments, param docs, uniqueness constraints section, comparison table, and invariants list
  • tips/ref-impls/src/interfaces/IValidatorConfigV2.sol — 3 matching corrections in interface/struct/function docs

Context

ZELLIC-67: Zellic flagged that require_new_address allows reuse of deactivated addresses, contradicting the spec. The implementation and invariant tests (TEMPO-VALV2-11) are correct — the spec was wrong.

@howydev howydev requested a review from a team February 25, 2026 20:47
@github-actions
Copy link

github-actions bot commented Feb 25, 2026
edited
Loading

📊 Tempo Precompiles Coverage

📦 Download full HTML report

@howydev howydev marked this pull request as draft February 25, 2026 21:26
@howydev howydev marked this pull request as ready for review February 26, 2026 00:13
@howydev howydev marked this pull request as draft February 26, 2026 00:14
@howydev howydev marked this pull request as ready for review February 26, 2026 03:38
howydev and others added 10 commits March 3, 2026 00:17
@howydev
fix: ed25519 decoding issue, digest preimage collision issue
1c21216
@howydev
Apply suggestion from @howydev
4cc5620
@howydev
Apply suggestion from @howydev
9774541
@howydev
Apply suggestion from @howydev
21cf672
@howydev @ampcode-com
fix: add uint8(egress.len) to digest preimage encoding
919aa8a 
Amp-Thread-ID: https://ampcode.com/threads/T-019c963d-1942-7219-a89a-b0e727c3dadb
Co-authored-by: Amp <amp@ampcode.com>
@howydev @ampcode-com
refactor: simplify invalid ed25519 key in test to [0u8; 32]
c4e384a 
Amp-Thread-ID: https://ampcode.com/threads/T-019c963d-1942-7219-a89a-b0e727c3dadb
Co-authored-by: Amp <amp@ampcode.com>
@howydev @ampcode-com
fix: dynamically find invalid ed25519 key for migration test
82048dd 
The test needs a non-zero key (so V1 accepts it) that is also not a
valid Ed25519 curve point (so V2 rejects it during migration). The
previous simplification to [0u8;32] was rejected by V1's zero-check,
and [0xFF;32] is actually a valid Ed25519 point. Restore dynamic
search starting from 1.

Co-authored-by: Amp <amp@ampcode.com>
Amp-Thread-ID: https://ampcode.com/threads/T-019c96b6-f605-736c-859a-4fae7636a1e2
@howydev @ampcode-com
fix: only check ed25519 decode for active validators during migration
b6a9886 
Amp-Thread-ID: https://ampcode.com/threads/T-019c9723-aad6-7169-8dcb-627b96589df3
Co-authored-by: Amp <amp@ampcode.com>
@howydev @ampcode-com
fix(precompiles): validate V1/V2 activity state in initialize_if_migr…
f9c6105 
…ated

ZELLIC-64: initialize_if_migrated only checked validator count parity
between V1 and V2 but did not verify each validator's activity state.
A validator could be deactivated in V2 during migration while still
active in V1 (or vice versa), leading to inconsistent state.

Add a per-validator check that V1.active matches V2.deactivatedAtHeight
and revert with MigrationStateMismatch(idx) on mismatch.

Amp-Thread-ID: https://ampcode.com/threads/T-019c964b-0561-763e-9d3c-c62a3398ca66
Co-authored-by: Amp <amp@ampcode.com>
@howydev @ampcode-com
docs: fix validator address uniqueness to match implementation (ZELLI…
291efa7 
…C-67)

The spec incorrectly stated that validator addresses must be globally unique
across all validators including deleted ones. The actual implementation (and
invariant tests) correctly enforce uniqueness only among active validators,
allowing deactivated addresses to be reused.

Updated tip-1017.md and IValidatorConfigV2.sol to reflect that:
- Addresses are unique among active validators (reusable after deactivation)
- Public keys remain globally unique (including deleted)

Amp-Thread-ID: https://ampcode.com/threads/T-019c964b-0f84-721b-aac0-f08b136ae43f
Co-authored-by: Amp <amp@ampcode.com>
@howydev howydev force-pushed the howy/zellic-67-fix-address-uniqueness-docs branch from ccbd4ba to 291efa7 Compare March 3, 2026 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SuperFluffy SuperFluffy SuperFluffy approved these changes

@legion2002 legion2002 Awaiting requested review from legion2002 legion2002 is a code owner

@0xKitsune 0xKitsune Awaiting requested review from 0xKitsune 0xKitsune is a code owner

@danrobinson danrobinson Awaiting requested review from danrobinson danrobinson is a code owner

@dankrad dankrad Awaiting requested review from dankrad dankrad is a code owner

@0xrusowsky 0xrusowsky Awaiting requested review from 0xrusowsky 0xrusowsky is a code owner

@fgimenez fgimenez Awaiting requested review from fgimenez fgimenez is a code owner

@klkvr klkvr Awaiting requested review from klkvr klkvr is a code owner

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@Zygimantass Zygimantass Awaiting requested review from Zygimantass Zygimantass is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@howydev @SuperFluffy