Analysis date: 2026-05-03 · Chain height: 4,206,417 · Nerva core code base: Monero v0.15 (Dec 2019) · Monero current: v0.18.4.6 (Feb 2026)
Nerva’s core code (rctTypes.h, blockchain.cpp, wallet2.cpp, net_node.inl) was last fully rebased from Monero in December 2019 (commit 7b8da67). Since then only selective cherry-picks were applied. The highest RCT type is RCTTypeBulletproof2 = 5 — CLSAG and Bulletproofs+ are absent from the codebase. All items below are gaps relative to that baseline, filtered against what is already planned.
Already Planned
HF13
CryptoNight-NX: 4 MB scratchpad, random instruction VM, branch divergence
CryptoNight-NX: 4 MB scratchpad, random instruction VM, branch divergence
HF14
CLSAG + Bulletproofs+
CLSAG + Bulletproofs+
HF15
Ring size 5 → 16
Ring size 5 → 16
1 — HF Item Missing from Plan
| # | Priority / HF target | What | Details & rationale | Monero PR / version |
|---|---|---|---|---|
| 1 | CRITICAL HF14 | View tags | Each output carries a 1-byte tag derived from the Diffie-Hellman shared secret. During wallet scanning the tag is checked first — outputs that don’t match are skipped without full decryption. Only 1-in-256 outputs pass the tag check on average, reducing scan work by roughly 40–50×. At 4.2M blocks this turns a 5–10 min scan into seconds. Should be bundled into HF14 alongside CLSAG and Bulletproofs+ — all three touch the output/transaction format and require a consensus upgrade. Monero shipped all three in a single release (v0.18.0), costing one network upgrade instead of three. | PR #7007 v0.18.0 — Aug 2022 |
2 — Security & Privacy
All no-fork. Recommended target: ship immediately, independent of any HF.
| # | Priority | What | Details | Monero PR / version | File(s) |
|---|---|---|---|---|---|
| 2 | CRITICALNO-FORK | P2P crash vulnerability | Critical crash exploitable via crafted P2P messages. Responsibly disclosed by Kevin McSheehan; mechanism withheld in release notes. All nodes should be patched immediately. | (no public PR) v0.18.4.0 — Apr 2025 | p2p/ |
| 3 | CRITICALNO-FORK | P2P memory exhaustion / DoS mitigations | Multiple defenses added in response to an active attack in Dec 2020: separate size limits for epee binary in P2P vs RPC, stricter pre-handshake buffer limits, max levin packet size per command, ban on duplicate keys/unnamed sections in epee binary. Three rapid patch releases. | (multiple PRs) v0.17.1.7 –1.9 Dec 2020 – Jan 2021 | p2p/epee/ |
| 4 | CRITICALNO-FORK | Peerlist filter inverted ternary | An inverted ?: in peer list filtering causes the wrong peers to be kept. Single-line fix. | PR #10317 v0.18.4.6 — Feb 2026 | p2p/ net_node.inl |
| 5 | CRITICALNO-FORK | Anonymous inbound data leak | Nodes using --anonymous-inbound (Tor/I2P) expose their own onion address with a real timestamp in peerlist responses. Fix: insert at a random position with timestamp=0. Nerva currently uses std::time(nullptr) here — the leak is active. | PR #9632 PR #9633 v0.18.4.0 — Apr 2025 | p2p/ net_node.inl~line 2332 |
| 6 | CRITICALNO-FORK | tx_extra size limit in mempool | No cap on the tx_extra field for mempool entries — an attacker can exhaust RAM and disk by crafting transactions with oversized extra data. | PR #8784 v0.18.2.2 — Apr 2023 | cryptonote_core/ |
| 7 | CRITICALNO-FORK | get output distribution DoS | Restricted RPC was serving output distribution for pre-RCT outputs — computationally expensive queries that could DoS a public node. Reported by the Haven team. | PR #8084 v0.17.3.0 — Dec 2021 | rpc/ core_rpc_server.cpp |
| 8 | CRITICALNO-FORK | RPC input size sanity check | No size limit on data submitted to RPC endpoints. Allows resource exhaustion via oversized inputs. Reported by researcher m31007. | PR #8276 v0.17.3.2 — Apr 2022 | rpc/ |
| 9 | CRITICALNO-FORK | LMDB deadlock in resize detection | Low-probability deadlock in lmdb_txn_begin(): resize detection did not account for an existing transaction on the current thread under concurrent access. | PR #7958 v0.17.3.0 — Dec 2021 | blockchain_db/ lmdb/ |
| 10 | CRITICALNO-FORK | Daemon race condition in P2P context | Race condition when multiple threads simultaneously access fluff_txs and sent_addresses in p2p connection context_t. Undefined behaviour on multi-core systems. | PR #7873 v0.17.3.0 — Dec 2021 | p2p/ |
| 11 | CRITICALNO-FORK | Wallet privacy leak via malicious remote node | A hostile RPC node can exploit the wallet scanning path to extract ring data. Fix: remove wallet2 :: find_and_save_rings() — rings have been stored during scanning since the last Nerva HF; the function is dead code that creates attack surface. | PR #10015 v0.18.4.2 — Aug 2025 | wallet/ wallet2.cpp |
| 12 | CRITICALNO-FORK | Decoy selection: gamma distribution from chain tip | Gamma distribution for decoy output age was computed from unlock time instead of chain tip. Produces biased decoy selection that leaks information about the true spend. Identified via academic analysis. | PR #7822 v0.17.2.3 — Sep 2021 | wallet/ wallet2.cpp |
| 13 | CRITICALNO-FORK | Decoy selection: integer truncation | average_output_time used integer division (e.g. 1.9→1), skewing decoy selection. An associated zero-division vulnerability was also fixed in the same PR. | PR #7798 v0.17.2.3 — Sep 2021 | wallet/ wallet2.cpp |
| 14 | HIGHNO-FORK | /24 subnet deduplication | Upgrades peer diversity filter from /16 to /24. Known spy nodes cluster in /24 blocks; the /16 filter is too coarse. Simulation: spy-node connections per outbound drop from ~3.6 → ~1.06. Nerva uses 0x0000ffff (/16) mask. | PR #9939 v0.18.4.3 — Oct 2025 | p2p/ net_node.inllines 1430–1473 |
| 15 | HIGHNO-FORK | Decoy selection: recent spend window 50→15 blocks | After the integer truncation fix (#13), the 50-block recent spend window was oversized. Reducing to 15 better matches empirical spending patterns. | PR #7993 v0.17.3.0 — Dec 2021 | wallet/ wallet2.cpp |
| 16 | HIGHNO-FORK | Decoy selection: statistical dependence within rings | Sequential picking created statistical dependence — later picks were biased. Fix commits to pick ordering after RPC validation, preserving the less-biased earlier selections. | PR #9130 v0.18.3.2 — Mar 2023 | wallet/ wallet2.cpp |
| 17 | HIGHNO-FORK | Peer ID disabled over Tor/I2P | Peer ID no longer tracked or sent over anonymous networks. Tracking peer IDs over Tor/I2P allows circuit correlation attacks. | (v0.17.1.6 release) v0.17.1.6 — Dec 2020 | p2p/ net_node.inl |
| 18 | HIGHNO-FORK | Privacy network silent tx drop | When Tor/I2P has no outgoing connections, transactions were silently dropped rather than falling back. A user could believe their tx was sent over Tor but it never propagated. | PR #9267 v0.18.3.4 — Aug 2024 | p2p/ net_node.inl |
| 19 | HIGHNO-FORK | Remove DNS calls in tx construction | Dead code fetched segregation heights from segheights. moneropulse.org on every transaction build. Records were never populated. Removal eliminates a per-tx DNS privacy leak and unnecessary latency. | PR #8408 v0.18.0.0 — Jul 2022 | wallet/ wallet2.cpp |
| 20 | HIGHNO-FORK | Don’t use DNS to determine if address is local | Wallet performed DNS lookups to decide whether a daemon address is local (for trust level). Leaks which node the wallet connects to via DNS. Now determined without network queries. | PR #8878 v0.18.3.1 — Oct 2023 | wallet/ wallet2.cpp |
3 — P2P & Network
All no-fork unless noted. Recommended target: ship in next patch release or HF13 window.
| # | Priority / target | What | Details | Monero PR / version | File(s) |
|---|---|---|---|---|---|
| 21 | HIGHNO-FORK | Sync race condition dropping connections | Race between reading blockchain height and block IDs during peer requests. Fix reads both atomically under m_blockchain_lock. Directly relevant to the current fix/slow-daemon-sync branch. | PR #10257 v0.18.4.5 — Dec 2025 | cryptonote_protocol/_handler.inl |
| 22 | HIGHNO-FORK | Peer scoring system | Tracks misbehaviour per peer: stale data delivery, claimed height decreases, peer list spam, missing replies. Scores accumulate and misbehaving peers are dropped. Previously they stayed connected indefinitely. | (v0.17.1.6– 1.8 releases) v0.17.1.6 –1.8 — Dec 2020 | p2p/ net_node.inl |
| 23 | HIGHNO-FORK | Don’t drop peers for soft offenses | Separates hard offenses (immediate ban) from soft offenses (score deduction only). Reduces false-positive disconnections that degrade network connectivity. | PR #8813 v0.18.2.2 — Apr 2023 | p2p/ net_node.inl |
| 24 | HIGHNO-FORK | SSL / connection layer rewrite | Fixed SSL shutdown hangs, SSL handshake segfaults, and circular strand dependencies causing dropped P2P connections under load. | PR #8426 v0.18.0.0 — Jul 2022 | epee/p2p/ |
| 25 | HIGHNO-FORK | Spurious rejection of downloaded blocks | When kicking an idle peer, the set of requested blocks was not cleared. On reconnect, incoming blocks from a new request were rejected because the daemon still expected blocks from the evicted peer. | PR #8022 v0.17.3.0 — Dec 2021 | cryptonote_protocol/ |
| 26 | HIGHNO-FORK | Transaction re-relay stuck 4 hours | get_relay_delay() comparison was always satisfied early, causing failed transactions to remain stuck in the relay queue for up to 4 hours instead of re-trying at proper intervals. | PR #8326 v0.18.0.0 — Jul 2022 | cryptonote_core/ |
| 27 | HIGHNO-FORK | Dandelion++ tuning and bug fixes | Nerva has Dandelion++ but is missing several years of fixes: (a) fluff probability 10%→20% + embargo timeout 39 s (v0.17.1.5); (b) skip desynced peers in stem phase; (c) locally-submitted tx not entering stem phase correctly (PR #8628); (d) duplicate tx in fluff queue causing false peer drops (PR #9355). | PRs #8628, #9355 v0.17.1.5 — 2020 v0.18.2.0 — 2023 v0.18.3.4 — 2024 | p2p/ net_node.inlcryptonote_core/ |
| 28 | HIGHNO-FORK | Drop peers sending duplicate transactions | Disconnect peers that repeatedly send the same transaction. Addresses OOM conditions caused by duplicate tx flooding. | PR #8916 v0.18.3.1 — Oct 2023 | cryptonote_protocol/ |
| 29 | HIGHNO-FORK | High CPU from terminated TCP connections | Daemon spun high CPU when interrupted TCP connections were not properly closed — the handling thread looped rather than exiting. | PR #8900 v0.18.3.1 — Oct 2023 | epee/ |
| 30 | MEDIUMNO-FORK | Peer list cleanup on ban | When an IP is banned it is now removed from grey list and anchor list, not just white list. Previously a banned IP could re-enter from grey/anchor on next daemon start. | PR #7810 v0.17.2.3 — Sep 2021 | p2p/ net_node.inl |
| 31 | MEDIUMNO-FORK | Sync height selection refinement | Improved logic for choosing which peer height to request when starting or resuming sync. Reduces unnecessary work when multiple peers advertise different heights. | PR #10202 v0.18.4.4 — Nov 2025 | cryptonote_protocol/ |
| 32 | MEDIUMNO-FORK | Relay empty fluffy block on mined block | When a local miner finds a block, immediately relay an empty fluffy block rather than the full block. Reduces propagation latency and orphan risk. | PR #10206 v0.18.4.4 — Nov 2025 | cryptonote_protocol/ |
| 33 | MEDIUMNO-FORK | Default outbound peer count 8 → 12 | Raises the default outgoing connection count from 8 to 12. Better connectivity and block propagation on a small network. | (v0.17.1.1 release) v0.17.1.1 — Oct 2020 | p2p/ net_node.inl |
| 34 | MEDIUMNO-FORK | --ban-list with CIDR subnet support | --ban-list flag loads banned IPs from a file at startup. Entries support CIDR subnets. Also adds ban @filename for runtime loading. | (v0.17.1.3 / 1.8 releases) v0.17.1.3 — Nov 2020 | p2p/ net_node.inl |
| 35 | MEDIUMNO-FORK | /16 filter for IPv4 – within – IPv6 | Applies the /16 subnet deduplication already used for IPv4 to IPv4 addresses embedded in IPv6 (::ffff:x.x.x.x). Without it, a single operator can fill the peer list via IPv6 embedding. | (v0.17.1.3 release) v0.17.1.3 — Nov 2020 | p2p/ net_node.inl |
| 36 | MEDIUMNO-FORK | Txpool revalidation at fork boundaries | When the chain crosses a hard fork height, all mempool transactions are revalidated against the new rules. Transactions invalid post-fork are flushed, preventing miners from accidentally including them in the first post-HF block. | PR #7169 v0.18.0.0 — Jul 2022 | cryptonote_core/ |
| 37 | MEDIUMHF13 | max block count in sync request | Adds a max_block_count field to NOTIFY REQUEST GET OBJECTS so peers can signal preferred batch size. Protocol extension — pairs well with the adaptive batch sync work already on this branch. Candidate for HF13. | (v0.18.4.3 release) v0.18.4.3 — Oct 2025 | cryptonote_protocol/_defs.h lines 210–225 |
| 38 | MEDIUMNO-FORK | P2P connection bug fixes | Miscellaneous P2P connection reliability fixes in the most recent Monero release. | PR #10298 v0.18.4.6 — Feb 2026 | p2p/ |
4 — Performance
All no-fork. Recommended target: next patch release or HF13 window.
| # | Priority | What | Details | Monero PR / version | File(s) |
|---|---|---|---|---|---|
| 39 | HIGHNO-FORK | Keccak / cn_fast_hash 5× faster | Loop unrolling and compile-time constant substitution in the Keccak permutation. cn_fast_hash for 16 KB: 164 µs → 31 µs. Affects every hash operation — block verification, tx hashing, and CNA PoW pre-processing. | PR #8262 v0.18.0.0 — Jul 2022 | crypto/keccak.c |
| 40 | HIGHNO-FORK | CryptoNote binary deserialization ~60% faster | Eliminates a full payload copy before reading, removes redundant virtual calls, improves cache efficiency. Benchmark: 100 blocks in 86 µs vs 205 µs; 4,224 transactions in 7.8 ms vs 15.6 ms. Direct sync speedup. | PR #7661 v0.18.0.0 — Jul 2022 | epee/cryptonote_basic/ |
| 41 | HIGHNO-FORK | RingCT verification cache | Caches verRctNon SemanticsSimple results. When the same outputs are verified multiple times (block propagation then acceptance), the cached result is reused. Release notes: “huge block propagation speedup.” | PR #8676 v0.18.2.0 — Mar 2023 | cryptonote_core/ |
| 42 | HIGHNO-FORK | Reduced LMDB writes 2→1 per txpool insert | add_txpool_tx currently does two separate mdb_cursor_put calls (metadata then blob). Merging into one halves disk I/O per txpool insertion. | PR #9740 v0.18.4.0 — Apr 2025 | blockchain_db /lmdb/db_lmdb.cpp |
| 43 | HIGHNO-FORK | Long-term block weight cache bug | Incorrect calculation when adding blocks to the long-term weight cache, returning wrong median values. Check first: Nerva’s current branch reworked this cache — verify whether the specific upstream bug is already addressed independently. | PR #9014 v0.18.3.1 — Oct 2023 | cryptonote_core/ blockchain.cpp |
| 44 | HIGHNO-FORK | Transaction construction 56% faster | Five batched wallet optimizations: public key validity caching, ringdb update/lookup batching, vector preallocation, elimination of redundant pre-computation. Large transactions: 5.9 s → 2.6 s. | PR #8046 v0.18.0.0 — Jul 2022 | wallet/ wallet2.cpp |
| 45 | MEDIUMNO-FORK | Second I/O thread pool for daemon | Separates I/O-bound tasks (especially DNS) from compute into a dedicated 8-thread pool. On <8-core systems, DNS lookups previously blocked incoming transaction processing. | PR #8577 v0.18.1.2 — Sep 2022 | cryptonote_core/ |
| 46 | MEDIUMNO-FORK | get block template backlog 15 s CPU spike | Iterated all mempool transactions, causing up to 15 s CPU time under high load. Now only processes transactions that realistically fit in the next block. | PR #8455 v0.18.1.0 — Aug 2022 | cryptonote_core/ |
| 47 | MEDIUMNO-FORK | Prevent base fee reaching zero | Adds a floor to the dynamic fee calculation. Note: Monero later reverted this (PR #9603, Dec 2024) — evaluate against Nerva’s emission curve before applying. | PR #8851 v0.18.3.1 — Oct 2023 | cryptonote_core/ |
5 — Wallet & UX
All no-fork unless noted. Recommended target: next patch release or post-HF14.
| # | Priority | What | Details | Monero PR / version | File(s) |
|---|---|---|---|---|---|
| 48 | HIGHNO-FORK | Identify spends in pool during scanning | Two-pass wallet scan marks unconfirmed pool spends during refresh. Fixes the common complaint of balance not updating after sending when the tx is in pool but not yet in a block. | PR #10153 v0.18.4.4 — Nov 2025 | wallet/ wallet2.cpp |
| 49 | HIGHNO-FORK | Key image stays unspent after confirmed spend | Edge case where key images remain marked unspent after a confirmed spend, causing the wallet to show an inflated spendable balance. | PR #10255 v0.18.4.5 — Dec 2025 | wallet/ wallet2.cpp |
| 50 | HIGHNO-FORK | Spurious reorg detection with untrusted nodes | Wallets on untrusted nodes quantize height for privacy, receiving already-seen blocks. The reorg size check was applied to these blocks, triggering false “huge reorg” warnings and wallet aborts. | PR #8331 v0.18.0.0 — Jul 2022 | wallet/ wallet2.cpp |
| 51 | HIGHNO-FORK | Wallet compatibility check with daemon HF | Wallet checks compatibility with the connected daemon’s active hard fork before proceeding. Without this, a wallet on an old HF connecting to a post-HF daemon fails with confusing errors. | PR #8544 v0.18.1.1 — Sep 2022 | wallet/ wallet2.cpp |
| 52 | MEDIUMNO-FORK | scan_tx command | Rescan a specific transaction by ID without a full wallet resync. Useful for recovering wallets that missed a transaction — avoids redoing a full scan. | PR #7312 / #8566 v0.18.0.0 / v0.18.3.1 | wallet/ wallet2.cppsimplewallet/ |
| 53 | MEDIUMNO-FORK | Wallet RPC restricted – mode tx limit chunking | If the mempool has >100 transactions, wallets on restricted RPC nodes previously failed with “too many transactions.” Fix: chunk requests into batches of ≤100. | PR #8388 v0.18.0.0 — Jul 2022 | wallet/ wallet2.cpp |
| 54 | MEDIUMNO-FORK | Fee carving from partial payments | When a transaction can’t send the full requested amount, the fee is carved from the partial amount rather than requiring extra funds or failing. | PR #7342 v0.18.0.0 — Jul 2022 | wallet/ wallet2.cpp |
| 55 | MEDIUMNO-FORK | Chunk get_outs.bin calls | Breaks large output queries into chunks to avoid per-request size limits on RPC nodes. Without this, large transactions fail to build against restricted nodes. | PR #7796 v0.17.3.0 — Dec 2021 | wallet/ wallet2.cpp |
| 56 | MEDIUMNO-FORK | Log rotation bug with relative paths | Rotation logic prepended ./ during directory scanning, causing a filename mismatch — log files were continuously rotated instead of appended to. | PR #9396 v0.18.3.4 — Aug 2024 | epee/ |
| 57 | MEDIUMNO-FORK | Unicode file paths on Windows | Wallet could not open wallet files with Unicode characters in the path on Windows — affects users whose Windows username contains non-ASCII characters. | PR #8548 v0.18.1.1 — Sep 2022 | wallet/ wallet2.cpp |
| 58 | LOWNO-FORK | Background sync with view key only | Sync a wallet using only the view key — spend key does not need to be on the machine. Requires new BackgroundSync wallet structures entirely absent from Nerva. Large architectural change, warrants its own release cycle. | PR #8617 v0.18.4.0 — Apr 2025 | wallet/ wallet2.hwallet/ wallet2.cpp |
6 — RPC, ZMQ & Tooling
All no-fork. Recommended target: next patch release or post-HF14 as bandwidth allows.
| # | Priority | What | Details | Monero PR / version | File(s) |
|---|---|---|---|---|---|
| 59 | HIGHNO-FORK | Fix connecting to password-protected nodes | Regression where wallets could not connect to RPC nodes requiring username/password authentication. | PR #9238 v0.18.3.3 — Apr 2023 | wallet/ wallet2.cpp |
| 60 | HIGHNO-FORK | busy_syncing + synchronized in get_info | get_info returns busy_syncing (currently downloading blocks) and synchronized (fully synced) fields. Enables health checks and monitoring without polling block height. | (v0.17.1.8 release) v0.17.1.8 — Dec 2020 | rpc/ core_rpc_server.cpp |
| 61 | MEDIUMNO-FORK | ZMQ txpool_add and chain_main events | ZMQ publisher emits events when transactions enter the mempool and when new blocks are found. Enables lightweight monitoring without polling the RPC. Extended in v0.18.1 to also publish submitted transactions. | (v0.17.0 release) PR #8451 v0.17.0 / v0.18.1.0 | zmq/cryptonote_core/ |
| 62 | MEDIUMNO-FORK | Confirmations in get transactions | get_transactions now returns confirmation count per transaction. Previously callers had to compute it from block height difference. | PR #7662 v0.18.0.0 — Jul 2022 | rpc/ core_rpc_server.cpp |
| 63 | MEDIUMNO-FORK | submit_block returns block ID | submit_block RPC returns the block ID of the accepted block. Mining software can confirm which block was accepted without a follow-up query. | PR #8891 v0.18.3.1 — Oct 2023 | rpc/ core_rpc_server.cpp |
| 64 | MEDIUMNO-FORK | calcpow RPC method | New RPC to compute the proof-of-work hash for a given block template. For Nerva this computes CNA. Useful for mining software and external validators. | PR #8075 v0.17.3.0 — Dec 2021 | rpc/ core_rpc_server.cpp |
| 65 | MEDIUMNO-FORK | --rpc-restricted-bind-ip | Separate bind IP for restricted vs full RPC. Previously both shared --rpc-bind-ip, making it impossible to expose restricted RPC publicly while keeping full RPC on localhost. | (v0.17.1.6 release) v0.17.1.6 — Dec 2020 | daemon/rpc/ |
| 66 | MEDIUMNO-FORK | RPC SSL cert persistence | SSL certs/keys persisted to disk so the daemon uses the same cert across restarts. Previously self-signed certs regenerated on each start, breaking clients that pinned the cert. | PR #7366 v0.18.0.0 — Jul 2022 | rpc/ |
| 67 | LOWNO-FORK | Wildcard CORS support | RPC CORS supports * wildcard when the operator permits. Useful for web wallet and explorer integrations. | PR #7952 v0.17.3.0 — Dec 2021 | rpc/ |
| 68 | LOWNO-FORK | Ban list # comment support | Allows # comment lines in --ban-list files. Minor QoL for node operators. | PR #9616 v0.18.4.0 — Apr 2025 | p2p/ net_node.inl |
Already Present in Nerva
- Dandelion++ — base implementation present in
levin_notify.cppandnet/dandelionpp.*(tuning and bug fixes in item #27 are NOT present) - Fake output infinite-loop fix — Nerva commit
5f40d1e(Mar 2026), port of Monero PRs #8794 / #8801 is_same_hostpeer check —p2p/net_node.inllines 243, 2737 (Monero PRs #9948/#9949)- Boost 1.86 compatibility — cherry-picked Oct 2024, Monero PR #9499
- Wallet RPC responsiveness during sync — independently implemented, pending release
- P2P fixes Jan 2020 — Monero PRs #6037, #6052, #6057, #6119, #6120, #6125, #6229
- P2P fixes Dec 2020 — Monero PRs #7189, #7191
Recommended Schedule
Ship immediately (pre-HF13, security critical)
#2–#13: P2P crash, P2P memory exhaustion, peerlist ternary, anonymous inbound leak, tx_extra DoS, get_output_distribution DoS, RPC input size, LMDB deadlock, daemon race condition, wallet RPC privacy leak, decoy selection gamma fix, decoy selection integer truncation.#19, #20: Remove DNS calls from tx construction and local address detection.
Next patch release or HF13 window
#14–#18 (remaining security: /24 subnets, decoy selection window, Dandelion++ tuning, peer ID over Tor, Tor tx drop).#21–#29 (P2P: sync race, peer scoring, SSL rewrite, block rejection, re-relay, duplicate tx, high CPU).
#39–#44 (performance: Keccak, deserialization, RingCT cache, LMDB writes, block weight cache, tx construction).
#37:
max_block_count in sync request — bundle with HF13 adaptive batch sync work.HF14 — bundle with CLSAG + Bulletproofs+
#1: View tags — all three changes touch the output/transaction format; one network upgrade instead of three.#36: Txpool revalidation at fork boundaries — essential HF infrastructure.
#51: Wallet HF compatibility check.
Post-HF14 patch releases
#48–#57: Wallet correctness and UX (pool spends, key image edge case, scan_tx, fee carving, chunking, log rotation, Unicode paths).#59–#68: RPC/ZMQ tooling improvements as bandwidth allows.
#58: Background sync with view key — large architectural change, own release cycle.
Generated 2026-05-03 · 68 items · Nerva baseline: git 7b8da67 (Dec 2019), rctTypes.h tops at RCTTypeBulletproof2 · Monero scanned: v0.15 → v0.18.4.6 · HF13/HF14/HF15 plans from nerva.one