The week of April 20-26, 2026 closed 23 GitHub issues across the Gonka organisation and merged 11 pull requests, 9 of them in the main gonka repo and 2 in gonka-docs. The work clusters around three themes: a final pass on CertiK audit findings ahead of the v0.2.12 chain upgrade, follow-up patches to the gas-scaling problem first surfaced on testnet-10, and the activation of DevShards reward distribution at the end of each epoch.
CertiK audit and security hardening
CertiK delivered findings on the BLS distributed key generation (DKG) flow this week, and the protocol team closed them all. BLS DKG is the process where validators in a new epoch jointly build a shared signing key without anyone seeing the full secret. Two items were the headline fixes:
- PR #1112 closes audit issue #1107 (GEB-29). The DKG quorum logic excluded a dealer's own verification vote, which made it mathematically impossible for any honest dealer holding 50% or more of the slots to reach quorum. Any 50/50 or 60/40 slot distribution could fail an epoch for arithmetic reasons alone. The fix counts the dealer's own vote.
- PR #1106 closes #1108 (GEB-61). Without an upper bound on warm-key fanout (the number of authz-derived keys a participant accumulates), one heavy participant could push the dealer ciphertext array over the hardcoded 16384-share limit, blocking every dealer from submitting a part. The fix adds snapshot-side pruning, a keeper-side preflight check, and a shared bound across both sides.
Three further issues from the same audit pass closed this week: #1077 added param validation to SetParams in the BLS keeper to stop a governance proposal from underflowing the threshold calculation, #1082 and #1083 plug two front-running and ID-collision vectors in the training-task module, and #1058 caps subnet proxy request bodies at 10 MB to prevent OOM via unbounded uploads.
Issue #1081 is independent of CertiK but in the same hardening category: a floor-vs-ceiling mismatch in decimalToPermille had the dynamic p0 selection and the binomial downtime test using different lookup tables, so the stricter downtime threshold was never actually enforced.
Gas scaling: extending the testnet-10 fix
The N-squared gas-scaling problem first patched in PR #1070 returned in three more code paths this week. The shape of the bug is always the same: a struct holds a growing slice inline, and every time one entry is updated, the chain re-writes the entire slice and charges WritePerByte gas for every byte of it. With enough entries, even a normal handler call can cross the gas limit.
- PR #1088 is the direct fix for a failing
MsgSubmitGroupKeyValidationSignatureon testnet-10 block 5164: 4 of 8 participants were dropping out mid-DKG because the threshold-crossing branch tried to write the full BLS state inline. The PR splits four BLS and bridge structs into per-entry sub-keys (bls_partial_sig,epoch_bls_verification_submission,epoch_bls_dealer_complaint, and the bridge transaction state) and migrates in-flight pre-split state in the v0.2.12 upgrade handler. - PR #1096 walks the same pattern through nine handler sites missed in PR #1088 — places where a handler would fetch a rehydrated struct, modify one field, and call
Set*with the split fields still populated, causing the sync loops to re-write every sub-key per call. - PR #1099 and PR #1102 added supported-model filtering, removed the participant cap when an old group is being removed, fixed a reward path bug, and wired the proxy setup for the v0.2.12 testnet rollout.
DevShards: rewards now settle at epoch end
Issue #976 marks the activation of the DevShards economic loop. WorkCoins were previously paid at settlement; from this week, they are distributed at the end of the epoch alongside the regular reward pass. Two follow-on issues landed the implementation: #1000 adds the end-of-epoch distribution itself, and #1001 folds DevShards stats into CurrentEpochStats so that punishments in bitcoin_rewards.go and inactivity status in ComputeStatus take DevShards work into account.
Upgrade prep and operational fixes
PR #1119 sets the on-chain upgrade params for v0.2.12 — the last governance step before validators can vote the upgrade in. PR #1117 fixes a CLI bug where inferenced tx inference grant-ml-ops-permissions was ignoring --gas auto and broadcasting with gasWanted=0. The fix calls tx.CalculateGas before building the unsigned transaction.
Four smaller closures rounded out the week: PR #1089 added random selection of preserved MLNodes, so the set of nodes kept on inference during PoC rotates across epochs instead of staying static; #791 shipped automatic cleanup of old propagation proofs at PoC phase boundaries; #925 resolved a bridge normalization issue; and #1097 improved API behaviour for non-existent wallets. The P0 task to align on vLLM 0.15.1 (#939) also closed.
gonka-docs saw two cleanup PRs: #976 updated documentation links, and #977 fixed a broken deploy script.
By the numbers
| Repo | PRs merged | Notable issues closed |
|---|---|---|
gonka |
9 | 21 (5 audit fixes, 3 DevShards, 4 gas-scaling) |
gonka-docs |
2 | 0 |
vllm |
0 | 1 (#939 vLLM 0.15.1) |
bridge-geth / bridge-prysm |
0 | 0 |
| Total | 11 | 23 |
Coming up
The v0.2.12 upgrade governance proposal is the next concrete step. With the upgrade params set (#1119) and the gas-scaling and audit fixes baked into the upgrade handler, the proposal can be submitted on-chain for a validator vote. After the upgrade, attention shifts back to multi-model PoC support and follow-up on the Ethereum bridge audit.