Skip to content

fix(utxo_endpoints): add logging when account model unavailable for integrity check (M9)#6311

Open
waefrebeorn wants to merge 35 commits into
Scottcjn:mainfrom
waefrebeorn:fix-m9-utxo-integrity-logging-v2
Open

fix(utxo_endpoints): add logging when account model unavailable for integrity check (M9)#6311
waefrebeorn wants to merge 35 commits into
Scottcjn:mainfrom
waefrebeorn:fix-m9-utxo-integrity-logging-v2

Conversation

@waefrebeorn
Copy link
Copy Markdown

@waefrebeorn waefrebeorn commented May 25, 2026

Summary

M9 — MED: utxo_endpoints.py /utxo/integrity silently skips cross-model comparison

Bug

When the account model (balances table) is unavailable — DB path mismatch, locked DB, or schema mismatch — the /utxo/integrity endpoint silently falls through without logging. The integrity check runs against UTXO only, potentially masking fund leaks or reconciliation issues.

Fix

Added logging.warning() before the silent fallback so operators can detect when cross-model comparison is skipped.

Before: silent — GET /utxo/integrity returns OK but no account comparison was performed.
After: WARNING:root:Account model unavailable — running integrity check without cross-model comparison in logs.

Testing

  • Syntax verified (Python AST parse)
  • 0 behavioral change — only adds logging on the existing failure path
  • No regressions

RTC Wallet for bounty: RTC17c0d21f04f6f65c1a85c0aeb5d4a305d57531096

waefrebeorn added 30 commits May 25, 2026 01:16
@waefrebeorn
update battleship: add A18 + exhausted cells + PR tracking
05b4762
@waefrebeorn
battleship: add A19 (beacon_api field lengths -> PR Scottcjn#6262)
5160879
@waefrebeorn
battleship: add A20 (bridge address lengths -> PR Scottcjn#6263)
0e12446
@waefrebeorn
battleship: add A21 (airdrop field lengths -> PR Scottcjn#6264)
4b9683c
@waefrebeorn
battleship: add A22 (lock_ledger -> PR Scottcjn#6265)
f9ce59b
@waefrebeorn
battleship: add A23 (sync endpoints -> PR Scottcjn#6266)
c02eefa
@waefrebeorn
fix: cap unbounded string fields in bridge/bridge_api.py (A24)
b9388aa 
Adds max_length parameter to _clean_string_field and caps all user input
fields in POST route handlers:

- /lock: sender_wallet(128), target_wallet(128), tx_hash(128), receipt_signature(256)
- /confirm: proof_ref(256), notes(1024)
- /release: release_tx(128), notes(1024)

Prevents storage of arbitrarily large strings in bridge_ledger DB.
@waefrebeorn
docs: add A24 to BATTLESHIP_PROGRESS
2832c96
@waefrebeorn
fix: cap wallet address in faucet.py (A25)
1c9b2dc
@waefrebeorn
docs: add A25 to BATTLESHIP_PROGRESS
e8300bd
@waefrebeorn
fix: cap miner_id in sophia_api.py (A26)
914245d
@waefrebeorn
docs: add A26 to BATTLESHIP_PROGRESS
b78ae6a
@waefrebeorn
fix: cap unbounded path params in explorer (A27/A29) and p2p (A28)
7af5c79
@waefrebeorn
docs: add A27-A29 to BATTLESHIP_PROGRESS
36d0d6a
@waefrebeorn
fix: cap string fields in testnet faucet and rent-a-relic (A30-A31)
70d458d
@waefrebeorn
docs: add A30-A31 to BATTLESHIP_PROGRESS
d6060c8
@waefrebeorn
fix: cap address/search in explorer-api (A32-A33)
48ff7ce
@waefrebeorn
docs: add A32-A33 to BATTLESHIP_PROGRESS
ace2a62
@waefrebeorn
fix: cap unbounded path params in 4 route files (A34-A37)
29e80ee
@waefrebeorn
docs: add A34-A37 to BATTLESHIP_PROGRESS
fdefdd7
@waefrebeorn
fix: cap unbounded fields in contributor_registry and hall_of_rust (A…
3702de5 
…38-A39)
@waefrebeorn
docs: add A38-A39 to BATTLESHIP_PROGRESS
f182f1e
@waefrebeorn
fix: cap string fields in machine_passport_api.py (A40)
c8e41f4
@waefrebeorn
docs: add A40 to BATTLESHIP_PROGRESS
f5c9173
@waefrebeorn
fix: cap agent_name in bottube_mood_engine.py (A41)
b2a729d
@waefrebeorn
docs: add A41 to BATTLESHIP_PROGRESS
45597b8
@waefrebeorn
docs: expand grid to 400 cells, vault 56 accomplished, add Row S stub…
c6180af 
…s + Row M error handling + Row T test gaps + Row E infrastructure
@waefrebeorn
docs: S1 completed (PR Scottcjn#6286), next S2
c44b7ea
@waefrebeorn
docs: S3 done (PR Scottcjn#6287), S2 removed (false positive-tests only)
1bf19c1
@waefrebeorn
docs: mark S4-S7, S13, S17-S20 done on battleship board
f277aa2
@github-actions github-actions Bot added documentation Improvements or additions to documentation BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related api API endpoint related size/M PR: 51-200 lines labels May 25, 2026
jaxint
jaxint approved these changes May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaxint jaxint left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Great work on this PR. 🚀

@jaxint jaxint mentioned this pull request May 25, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jaxint jaxint jaxint approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

api API endpoint related BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) documentation Improvements or additions to documentation node Node server related size/M PR: 51-200 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waefrebeorn @jaxint