You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Finalize an asset (mark is_finalized = true), then attempt further issuance and verify rejection.
Block 5 in the workflow tests this at the consensus level, but not after the asset has been persisted to the finalized DB and the non-finalized chain has been pruned.
Workflow vector rejection: replace is_valid: bool with a specific expected error
Replace the is_valid: bool field in OrchardWorkflowBlock with a typed expected error (e.g. Option<&'static str> matched against the error's Display output, or a typed ExpectedError enum).
Update check_orchard_zsa_workflow to assert that block 5 is rejected specifically due to post-finalization issuance, not merely that it fails for any reason — as is_valid: false currently allows any rejection to pass the test silently.
Malformed V6 issuance transaction with issue data but no Orchard action groups/nullifiers
Note:
This file existed in the branch where this gap was identified (zsa-integration-state - merged into zsa1 now), but was later removed in upstream Zebra.
Need:
Add test coverage that uses a non-native AssetBase, not only AssetBase::zatoshi().
Verify that the Halo2 verification path behaves correctly for issued (ZSA) assets as well as the native asset.
Address the existing FIXME: Add ENABLE_ZSA for OrchardZSA? and FIXME: What about ENABLE_ZSA? comments.
Test issuing an asset in block 1 and burning it in block 2, verifying accumulated state across blocks.
The state-level test (check_burns_and_issuance) only commits one workflow block to the non-finalized state. The consensus-level test (check_orchard_zsa_workflow) processes multiple blocks but via transcript, not through the full state service.
Finalized/checkpoint issued-assets rebuild paths without sighashes
Add or improve coverage for the trusted-validation/checkpoint rebuild path (prepare_issued_assets_batch with None sighashes).
Decide whether proptest-generated blocks should produce realistic transaction_sighashes, or whether None is the intended and sufficient model for these paths.
Add OrchardZSA note-encryption test vectors (OrchardZSA uses a larger c_enc of 612 bytes vs. 580 for OrchardVanilla).
Either split the current vectors into vanilla-only coverage plus separate OrchardZSA coverage, or make the TestVector struct generic over the encrypted note size.
Mempool
OrchardZSA coverage in mempool spend-conflict property tests
The V6 SpendConflictForTransactionV6 enum covers transparent, sapling, and orchard nullifier conflicts, but does not include ZSA-specific conflict scenarios (e.g., duplicate issuance of the same asset in two mempool transactions).
Extend the spend-conflict helpers/strategies to cover ZSA issuance conflicts and add corresponding property tests.
remove_orchard_actions_with_conflicts and OrchardSpendConflict don't handle OrchardZSA
remove_orchard_actions_with_conflicts only operates on orchard::ShieldedData (vanilla); the OrchardZSA flavor is not wired in despite the generic <Flavor: orchard::ShieldedDataFlavor> variant existing.
OrchardSpendConflict struct only holds orchard::ShieldedData (vanilla) and has no OrchardZSA variant.
Fix both as a prerequisite to implementing the ZSA issuance conflict scenarios described in item 10.
Known ZSA-related test coverage gaps
Consensus & correctness (highest priority)
Chain rollback/reorg with ZSA assets
Refs:
zebra-state/src/service/non_finalized_state/chain.rs:960-990(revert_issued_assets),zebra-state/src/service/check/tests/issuance.rs:19Need:
issued_assetsmap after the rollback.check/tests/issuance.rscovers reorgs.Finalized-then-re-issue rejection
Refs:
zebra-consensus/src/orchard_zsa/tests.rs:224Need:
is_finalized = true), then attempt further issuance and verify rejection.Workflow vector rejection: replace
is_valid: boolwith a specific expected errorRefs:
Review commentzebra-test/src/vectors/orchard_zsa_workflow_blocks.rs,zebra-consensus/src/orchard_zsa/tests.rs:224Need:
is_valid: boolfield inOrchardWorkflowBlockwith a typed expected error (e.g.Option<&'static str>matched against the error'sDisplayoutput, or a typedExpectedErrorenum).check_orchard_zsa_workflowto assert that block 5 is rejected specifically due to post-finalization issuance, not merely that it fails for any reason — asis_valid: falsecurrently allows any rejection to pass the test silently.Malformed V6 issuance transaction with issue data but no Orchard action groups/nullifiers
Refs:
zebra-chain/src/orchard_zsa/asset_state.rs:209-210Need:
AssetStateError::InvalidInputerror instead of panicking.Coinbase
ENABLE_ZSAflag rejectionRefs:
zebra-consensus/src/transaction/check.rs:179-183Need:
ENABLE_ZSAset is rejected withCoinbaseHasEnableZSA.ENABLE_ZSApasses validation.v5_coinbase_transaction_without_enable_spends_flag_passes_validationtest.Halo2 proof verification with a non-native
AssetBaseRefs:
zebra-consensus/src/primitives/halo2/tests.rs:39,zebra-consensus/src/primitives/halo2/tests.rs:226Note:
This file existed in the branch where this gap was identified (
zsa-integration-state- merged intozsa1now), but was later removed in upstream Zebra.Need:
AssetBase, not onlyAssetBase::zatoshi().FIXME: Add ENABLE_ZSA for OrchardZSA?andFIXME: What about ENABLE_ZSA?comments.State & persistence
Finalization persistence of issued-asset state
Refs:
zebra-state/src/service/finalized_state/zebra_db/shielded.rs:521-551Need:
is_finalized, reference note) when blocks are finalized.prepare_issued_assets_batchis only tested indirectly through full block commit; add a direct unit test.Multi-block issuance-then-burn sequences
Refs:
zebra-state/src/service/check/tests/issuance.rs:19,zebra-consensus/src/orchard_zsa/tests.rs:224Need:
check_burns_and_issuance) only commits one workflow block to the non-finalized state. The consensus-level test (check_orchard_zsa_workflow) processes multiple blocks but via transcript, not through the full state service.Finalized/checkpoint issued-assets rebuild paths without sighashes
Refs:
zebra-state/src/arbitrary.rs:40,zebra-state/src/request.rs:502,zebra-state/src/request.rs:535,zebra-state/src/service/finalized_state/zebra_db/block/tests/vectors.rs:139,zebra-state/src/service/finalized_state/zebra_db/shielded.rs:521Need:
prepare_issued_assets_batchwithNonesighashes).transaction_sighashes, or whetherNoneis the intended and sufficient model for these paths.Serialization, deserialization & encryption
Refs:
zebra-test/src/vectors/orchard_note_encryption.rs:4(FIXME: add tests for OrchardZSA),zebra-test/src/vectors/orchard_note_encryption.rs:22(FIXME: works for OrchardVanilla only!)Need:
c_encof 612 bytes vs. 580 for OrchardVanilla).TestVectorstruct generic over the encrypted note size.Mempool
OrchardZSA coverage in mempool spend-conflict property tests
Refs:
zebrad/src/components/mempool/storage/tests/prop.rs:450-464(V6 variant),zebrad/src/components/mempool/storage/tests/prop.rs:810-817(SpendConflictForTransactionV6)Need:
SpendConflictForTransactionV6enum covers transparent, sapling, and orchard nullifier conflicts, but does not include ZSA-specific conflict scenarios (e.g., duplicate issuance of the same asset in two mempool transactions).remove_orchard_actions_with_conflictsandOrchardSpendConflictdon't handle OrchardZSARefs:
zebrad/src/components/mempool/storage/tests/prop.rs:762-763(remove_orchard_actions_with_conflicts)zebrad/src/components/mempool/storage/tests/prop.rs:823-824(OrchardSpendConflict)Need:
remove_orchard_actions_with_conflictsonly operates onorchard::ShieldedData(vanilla); theOrchardZSAflavor is not wired in despite the generic<Flavor: orchard::ShieldedDataFlavor>variant existing.OrchardSpendConflictstruct only holdsorchard::ShieldedData(vanilla) and has no OrchardZSA variant.Missing OrchardZSA trusted preallocation coverage
Refs:
zebra-chain/src/orchard/tests/preallocate.rsNeed:
OrchardZSA, not onlyOrchardVanillaAuthorizedAction,Action, and related serialized-size /max_allocation()checks