Skip to content

Comments

feat(core): add assertDaoOutputLimit for NervosDAO 64-output guard#359

Open
phroi wants to merge 2 commits intockb-devrel:masterfrom
phroi:feat/dao-output-limit
Open

feat(core): add assertDaoOutputLimit for NervosDAO 64-output guard#359
phroi wants to merge 2 commits intockb-devrel:masterfrom
phroi:feat/dao-output-limit

Conversation

@phroi
Copy link
Contributor

@phroi phroi commented Feb 22, 2026

Why

NervosDAO transactions silently fail on-chain when they exceed 64 outputs. There is no early warning — the transaction submits fine but gets rejected by the DAO script during verification, wasting fees and confusing users.

Changes

  • Add assertDaoOutputLimit(tx, client) in packages/core/src/ckb/transaction.ts: throws ErrorNervosDaoOutputLimit when a DAO transaction has >64 outputs
  • Add ErrorNervosDaoOutputLimit error class in transactionErrors.ts
  • Auto-call the check at the end of completeFee (both return paths) for early failure
  • Zero overhead for non-DAO transactions: short-circuits when outputs <= 64

@phroi
feat(core): add assertDaoOutputLimit for NervosDAO 64-output guard
7a83cd4 
NervosDAO transactions silently fail on-chain when they exceed 64
outputs. This adds a proactive check:

- `assertDaoOutputLimit(tx, client)` — throws
  `ErrorNervosDaoOutputLimit` when a DAO transaction has >64 outputs
- Auto-called at the end of `completeFee` so callers get early
  failure instead of a rejected on-chain submission
- Only fires when outputs > 64 AND at least one input/output carries
  the DAO type script — zero overhead for non-DAO transactions
@changeset-bot
Copy link

changeset-bot bot commented Feb 22, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 8e63e3a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 18 packages
Name Type
@ckb-ccc/core Patch
@ckb-ccc/eip6963 Patch
@ckb-ccc/joy-id Patch
@ckb-ccc/lumos-patches Patch
@ckb-ccc/nip07 Patch
@ckb-ccc/okx Patch
@ckb-ccc/rei Patch
@ckb-ccc/shell Patch
@ckb-ccc/spore Patch
@ckb-ccc/ssri Patch
@ckb-ccc/udt Patch
@ckb-ccc/uni-sat Patch
@ckb-ccc/utxo-global Patch
@ckb-ccc/xverse Patch
@ckb-ccc/ccc Patch
ckb-ccc Patch
@ckb-ccc/connector Patch
@ckb-ccc/connector-react Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@netlify
Copy link

netlify bot commented Feb 22, 2026
edited
Loading

Deploy Preview for liveccc ready!

Name Link
🔨 Latest commit 8e63e3a
🔍 Latest deploy log https://app.netlify.com/projects/liveccc/deploys/699b8b97fb882a0008ad1b16
😎 Deploy Preview https://deploy-preview-359--liveccc.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 33 (🔴 down 4 from production)
Accessibility: 88 (no change from production)
Best Practices: 92 (🔴 down 8 from production)
SEO: 100 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Feb 22, 2026
edited
Loading

Deploy Preview for appccc ready!

Name Link
🔨 Latest commit 8e63e3a
🔍 Latest deploy log https://app.netlify.com/projects/appccc/deploys/699b8b972fe6050008ff2b99
😎 Deploy Preview https://deploy-preview-359--appccc.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 67 (🔴 down 19 from production)
Accessibility: 89 (🟢 up 1 from production)
Best Practices: 92 (🔴 down 8 from production)
SEO: 100 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Feb 22, 2026
edited
Loading

Deploy Preview for apiccc ready!

Name Link
🔨 Latest commit 8e63e3a
🔍 Latest deploy log https://app.netlify.com/projects/apiccc/deploys/699b8b97e3c9f7000898c601
😎 Deploy Preview https://deploy-preview-359--apiccc.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 86 (🟢 up 4 from production)
Accessibility: 100 (no change from production)
Best Practices: 100 (no change from production)
SEO: 94 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Feb 22, 2026

Summary of Changes

Hello @phroi, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a crucial early warning system for NervosDAO transactions. It addresses the issue of transactions silently failing on-chain when they exceed the 64-output limit, which previously led to wasted fees and user frustration. By implementing a new validation function and integrating it into the transaction completion process, the system now proactively identifies and flags such invalid transactions, significantly improving the user experience and reliability of DAO operations.

Highlights

  • Prevent silent NervosDAO transaction failures: Introduced a new check, assertDaoOutputLimit, to proactively identify and prevent NervosDAO transactions from silently failing on-chain when they exceed the 64-output limit.
  • New error class for DAO output limit: Added ErrorNervosDaoOutputLimit to provide specific error messaging when a NervosDAO transaction attempts to exceed the allowed output count.
  • Early warning integration: Integrated the assertDaoOutputLimit check into the completeFee method, ensuring that transactions are validated for the DAO output limit before submission, saving fees and preventing user confusion.
  • Optimized performance: Designed the assertDaoOutputLimit function to have zero overhead for non-DAO transactions or those with 64 or fewer outputs, short-circuiting the check when not applicable.
Changelog
  • packages/core/src/ckb/transaction.ts
    • Imported ErrorNervosDaoOutputLimit for use in the file.
    • Called assertDaoOutputLimit within the completeFee method's two return paths to enforce the output limit.
    • Added the assertDaoOutputLimit asynchronous function, which checks if a transaction is a NervosDAO transaction and if its output count exceeds 64, throwing an error if it does.
  • packages/core/src/ckb/transactionErrors.ts
    • Defined the ErrorNervosDaoOutputLimit class, a custom error type for when NervosDAO transactions exceed the 64-output limit, including count and limit properties.
Activity
  • No human activity has been recorded on this pull request yet.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 22, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request introduces a crucial check for NervosDAO transactions to prevent silent failures due to exceeding the 64-output limit. This is a significant improvement for user experience and transaction reliability. The implementation correctly integrates the check into the completeFee method and provides a clear error message. The ErrorNervosDaoOutputLimit class is well-defined. The changes are well-documented and appear to be robust.

packages/core/src/ckb/transaction.ts
// The fee has been paid
if (leastFee === changedFee) {
this.copy(tx);
await assertDaoOutputLimit(this, from.client);
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The assertDaoOutputLimit function is also called here, after the transaction has been copied and the fee has been paid. This ensures that even if the transaction structure changes during the fee calculation, the DAO output limit is re-validated before returning, catching any potential issues introduced by the change function.

Copy link
Contributor Author

@phroi phroi Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, the dual check is intentional: the change callback can alter outputs

@netlify
Copy link

netlify bot commented Feb 22, 2026
edited
Loading

Deploy Preview for docsccc ready!

Name Link
🔨 Latest commit 8e63e3a
🔍 Latest deploy log https://app.netlify.com/projects/docsccc/deploys/699b8b970167d10008826ab4
😎 Deploy Preview https://deploy-preview-359--docsccc.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 72 (🟢 up 5 from production)
Accessibility: 88 (no change from production)
Best Practices: 92 (no change from production)
SEO: 92 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@phroi phroi force-pushed the feat/dao-output-limit branch from 395860e to 8e63e3a Compare February 22, 2026 23:04
@phroi
Copy link
Contributor Author

phroi commented Feb 22, 2026

@Hanssen0 @ashuralyk all green, feel free to review 🤗

Phroi %28

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@phroi