Skip to content

feat(actuator,consensus): harden exchange calculations (TIP-836)#6710

Merged
lvs0075 merged 7 commits intotronprotocol:developfrom
halibobo1205:feat/tip-836-harden-exchange-transaction
May 8, 2026
Merged

feat(actuator,consensus): harden exchange calculations (TIP-836)#6710
lvs0075 merged 7 commits intotronprotocol:developfrom
halibobo1205:feat/tip-836-harden-exchange-transaction

Conversation

@halibobo1205
Copy link
Copy Markdown
Collaborator

@halibobo1205 halibobo1205 commented Apr 28, 2026
edited
Loading

Summary

Implements TIP-836 to harden exchange transaction calculations:

  • Algorithm: New SafeExchangeProcessor uses BigDecimal for division, scaling, and rounding around the Bancor formula, while keeping StrictMath.pow for deterministic exponentiation. This avoids silent Infinity/NaN results from invalid division paths.
  • Invariants: ExchangeCapsule.transaction() rejects negative post-trade pool balances via StrictMathWrapper.addExact/subtractExact.
  • Actuators: All four exchange actuators (Create/Inject/Transaction/Withdraw) inherit AbstractExchangeActuator for unified overflow-checked arithmetic gated by the new proposal.
  • Governance: New proposal ALLOW_HARDEN_EXCHANGE_CALCULATION (code 98), requires fork VERSION_4_8_2.

Reference

TIP-836: Harden Exchange Transaction Calculations

@halibobo1205 halibobo1205 force-pushed the feat/tip-836-harden-exchange-transaction branch 2 times, most recently from 7ff8e9b to 6c92146 Compare April 28, 2026 03:27
@halibobo1205 halibobo1205 requested a review from 317787106 April 28, 2026 03:28
@halibobo1205 halibobo1205 added this to the GreatVoyage-v4.8.2 milestone Apr 28, 2026
@halibobo1205 halibobo1205 mentioned this pull request Apr 28, 2026
Open
@halibobo1205 halibobo1205 force-pushed the feat/tip-836-harden-exchange-transaction branch from 6c92146 to 03ecf09 Compare April 28, 2026 05:38
waynercheung
waynercheung approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@waynercheung waynercheung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

yanghang8612
yanghang8612 approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@yanghang8612 yanghang8612 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

xxo1shine
xxo1shine approved these changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@xxo1shine xxo1shine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@halibobo1205 halibobo1205 force-pushed the feat/tip-836-harden-exchange-transaction branch from a6aaa84 to 93f384b Compare May 8, 2026 02:32
@halibobo1205
feat(proposal): add ALLOW_HARDEN_EXCHANGE_CALCULATION (code 98)
7d777ea
@halibobo1205
fix(actuator): skip abstract classes in TransactionRegister
85465fc
@halibobo1205
feat(actuator,consensus): harden exchange transaction calculations (T…
f769a70 
…IP-836)

Add SafeExchangeProcessor that replaces double arithmetic with
BigDecimal in the Bancor-formula calculation:

1. BigDecimal divide throws ArithmeticException on zero divisor
2. ExchangeCapsule.transaction() rejects negative post-trade balances
3. longValueExact() guards against BigDecimal-to-long saturation

Introduce AbstractExchangeActuator that overrides addExact/subtractExact
to route through allowHardenExchangeCalculation() flag, applied to all
four exchange actuators (Create, Inject, Transaction, Withdraw) for
consistent overflow detection.

ExchangeWithdrawActuator.validate() also gains a pure BigDecimal
precision-loss check when the proposal is active (previously used
double comparison).

Pre-activation behavior is byte-for-byte identical to legacy code.
Activation gated by ALLOW_HARDEN_EXCHANGE_CALCULATION (proposal 98).
@halibobo1205
test(exchange): add hardened-path coverage for TIP-836
cfcd603
@halibobo1205
feat(proposal): make ALLOW_HARDEN_EXCHANGE_CALCULATION togglable
b2c934b
@halibobo1205
feat(actuator): wrap ArithmeticException in exchange actuators
7efdfc0
@halibobo1205
test: stabilize harden exchange proposal validation
f52026e
@halibobo1205 halibobo1205 force-pushed the feat/tip-836-harden-exchange-transaction branch from 16271b8 to f52026e Compare May 8, 2026 06:55
lvs0075
lvs0075 approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@lvs0075 lvs0075 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approve

@lvs0075 lvs0075 merged commit 328480f into tronprotocol:develop May 8, 2026
12 checks passed
@github-project-automation github-project-automation Bot moved this to Done in java-tron May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yanghang8612 yanghang8612 yanghang8612 approved these changes

@lxcmyf lxcmyf lxcmyf approved these changes

@xxo1shine xxo1shine xxo1shine approved these changes

@waynercheung waynercheung waynercheung approved these changes

@lvs0075 lvs0075 lvs0075 approved these changes

@317787106 317787106 Awaiting requested review from 317787106

Assignees

@lxcmyf lxcmyf

@xxo1shine xxo1shine

Labels

topic:consensus

Projects

java-tron
Status: Done

Milestone

GreatVoyage-v4.8.2

Development

Successfully merging this pull request may close these issues.

7 participants

@halibobo1205 @yanghang8612 @lxcmyf @xxo1shine @waynercheung @lvs0075 @Sunny6889