aldabra

History

Kayos e4914a14ba AUDIT4-2 fix: invert plutus collateral/funding utxo picker build_signed_plutus_spend was picking the LARGEST ada-only utxo for collateral and the next-largest for funding. Wallets with one big change utxo + a small leftover (the typical shape after any send) hit this with funding=tiny, collateral=huge — funding+locked couldn't cover payout + script-execution fee + change min_utxo even with billions of lovelace sitting unused in collateral. Fix: pick the SMALLEST ada-only utxo that still qualifies (≥5 ADA) for collateral, and the LARGEST for funding. Collateral never gets consumed on the happy path, so its size beyond the 5-ADA floor is wasted budget; funding has to cover real spend. Surfaced 2026-05-04 audit-4 phase F2 on the deployed Lucy container against the always-succeeds Aiken validator. New regression test picks_smallest_qualifying_collateral_largest_funding covers the mixed-size-utxo scenario the prior tests missed (both old utxos were 50-100M ada, so the inversion didn't show).	2026-05-04 20:59:29 -07:00
..
src	AUDIT4-2 fix: invert plutus collateral/funding utxo picker	2026-05-04 20:59:29 -07:00
Cargo.toml	phase 4.5, 4.6, 3.6 close-out: stake delegation + multisig mint primitive	2026-05-04 12:41:10 -07:00

Kayos e4914a14ba AUDIT4-2 fix: invert plutus collateral/funding utxo picker

build_signed_plutus_spend was picking the LARGEST ada-only utxo
for collateral and the next-largest for funding. Wallets with
one big change utxo + a small leftover (the typical shape after
any send) hit this with funding=tiny, collateral=huge —
funding+locked couldn't cover payout + script-execution fee +
change min_utxo even with billions of lovelace sitting unused
in collateral.

Fix: pick the SMALLEST ada-only utxo that still qualifies (≥5 ADA)
for collateral, and the LARGEST for funding. Collateral never
gets consumed on the happy path, so its size beyond the 5-ADA
floor is wasted budget; funding has to cover real spend.

Surfaced 2026-05-04 audit-4 phase F2 on the deployed Lucy
container against the always-succeeds Aiken validator.

New regression test picks_smallest_qualifying_collateral_largest_funding
covers the mixed-size-utxo scenario the prior tests missed
(both old utxos were 50-100M ada, so the inversion didn't show).

2026-05-04 20:59:29 -07:00

src

AUDIT4-2 fix: invert plutus collateral/funding utxo picker

2026-05-04 20:59:29 -07:00

Cargo.toml

phase 4.5, 4.6, 3.6 close-out: stake delegation + multisig mint primitive

2026-05-04 12:41:10 -07:00