OMS Payments consolidates quote and transaction economics into a single
pricing container, refactors the source and destination shape into a typed instrument model discriminated by type (walletOms, walletExternal, bankUs, bankIban, bankCanada, card, cash), replaces the legacy origin fields on transactions with a typed precursor object, and retires the GET /customers/{customerId}/transactions route in favor of a ?customerId= filter on GET /transactions.New
- Typed instruments on
sourceanddestination: quote and transaction sides are now discriminated bytype. A quote’s source is an OMS wallet (walletOms) or a debit card (card, pull-from-card funding); the destination can bewalletOms,walletExternal,bankUs,bankIban,bankCanada,card, orcash. Each type carries its owndetailsenvelope with the instrument-specific fields (bank routing coordinates, IBAN block, card identifiers, cash pickup coordinates, and so on) and apartyblock that identifies who is on that side. - Consolidated
pricingobject on quotes and transactions: per-side amounts (amountGross,amountNet,feesDeducted), the rate pair (exchangeRate,effectiveRate), the assetpair,fixedAmountSide,sponsorGas, andsponsorGasCostall move into a single top-levelpricingobject withpricing.sourceandpricing.destinationper-side entries. The core equation is nowpricing.source.amountNet × pricing.exchangeRate = pricing.destination.amountGross. precursoron transactions: a typedprecursorobject describes what created the transaction (quote,depositAddress,virtualAccount, orcashIn) and carries that origin’s deposit instructions. It supersedes the loosequoteId/depositAddressId/virtualAccountId/cashInIdand top-leveldepositInstructionsfields.holdandawaitingActionstatus: transactions can now enter a non-terminalawaitingActionstate when blocked on developer, upstream, or compliance action. Theholdobject explains the reason and carries a deadline, and the transaction returns toprocessingonce cleared.TransactionSubStatusis now a closed set of status-scoped strings namespaced by their parent (for exampleprocessing.cashPickupReady,completed.cashPickupCollected,awaitingAction.awaitingSenderAttribution,failed.attributionTimeout).sourceToDestinationcorridor tag: a new composite tag on quotes and transactions coverscryptoToCrypto,cryptoToCash,cryptoToFiatAccount,cashToCrypto, andfiatAccountToCrypto. It replaces the oldertypeandTransferTypefor these resources;TransferTypeis retained for deposit addresses, onramp/cash-in, and customer filters.Partymodel on each side: sides now carry apartyblock discriminated byrelationship(customer,otherCustomer,externalRegistered,externalUnregistered), so two-sided flows such as remittances and B2B payouts can identify each side inline.senderCustomerId,recipientCustomerId, and the per-requestrolefield are removed; usecustomerId(the quote owner and sender) plus the party blocks instead.?customerId=filter onGET /transactions: passcustomerIdas a query parameter to scope the list to a customer. Matches rows where the customer is on either side.SettlementErrorand operatorRecovery: transactions carry aSettlementError(code,message,occurredAt,recoverable, and an optionalrecoverypath orrefund) in place of the previous genericAsyncError.
Updated
- Removed the “MVP” note from the customer
typedescription: the field description now reads simplyMust be "individual". - Card
settlementTypefield on quote requests: card rail only.internalcustodies the crypto with OMS;externaldelivers to an on-chain wallet. Defaults areexternalfor card buys andinternalfor card sells.
Removed
GET /customers/{customerId}/transactions: retired. UseGET /transactions?customerId=…for the same behavior.- Legacy top-level fields on
Transaction:senderCustomerId,recipientCustomerId,role,quoteId,cashInId,depositAddressId,virtualAccountId,depositInstructions,rail,rates,sponsorGas,sponsorGasCost,fixedAmountSide,type,completedAt, andcashPickupare removed from the top level. The information they carried now lives onpricing,precursor,source/destinationparty,sourceToDestination, andsubStatus. cashPickupReadytop-level status: cash off-ramp pickup lifecycle events surface as sub-statuses (processing.cashPickupReady,completed.cashPickupCollected,completed.cashPickupExpired) rather than as a top-level status.
The AggLayer settlement service now resumes pending settlement jobs when it restarts, so a restart no longer strands an in-progress settlement until something else re-drives it.
Updated
- Settlement jobs resume on service restart: on startup, the settlement service scans persisted settlement job ids and restarts any whose result is non-terminal, skipping jobs that already completed. Operator restarts and crash recovery no longer leave an active settlement job sitting idle until an unrelated event picks it back up (#1585).
OMS Payments adds debit-card buy and internal sell to the existing quotes and transactions endpoints, requires
billingAddress when registering a card external account, returns structured JWT authentication errors that distinguish expired from missing or invalid tokens, and writes a visible retry reason on transient onboarding failures so partners can tell an actively-retrying job from a stalled one.New
- Debit-card buy and internal sell on
/quotesand/transactions: partners reference the card by itsexternalAccountId(ext_…) on the quote and transaction requests and the existing pricing and transaction machinery handles the rest. Card buys produce afiatToCryptotransaction and settle either internally or externally; internal card sells produce acryptoToFiattransaction. A new optionalsettlementTypefield on the quote request (internalorexternal) is persisted on the quote and re-read at execute time.externalAccountIdis surfaced on the transactionsource(buy) anddestination(sell) in GET and list responses and on the webhook snapshot. SourcewalletIdis now optional for card buys, and a wallet target on a card sell is rejected. New validation errors includeexternal_sell_unsupported,external_account_rail_mismatch,external_account_required,external_custody_not_allowed, andsource_wallet_address_not_allowed(422), plusinvalid_wallet_target(400). External card sell is not yet supported. billingAddressrequired for card external accounts: registering an external account oftype=cardnow requires abillingAddress(addressLine1,city,state,country,zipCode). Missing or whitespace-only fields surface abilling_address_invalidvalidation error.
Updated
- Structured JWT authentication errors: failed bearer-token requests now return RFC 6750-style bodies with a stable machine code on
errorand a human-readable reason onerror_description, plus a matchingWWW-Authenticate: Bearer error="…", error_description="…"challenge header. Distinct codes let clients tell expired tokens (invalid_tokenwith"token expired") from missing (invalid_requestwith"missing authorization token"), bad signature (invalid_tokenwith"invalid token signature"), missing required project claims, and generic invalid tokens, so a dashboard can trigger a silent refresh on expiry instead of treating every401the same. A keyset-unavailable failure now returns503 temporarily_unavailableinstead of401. Note the breaking response contract change: the top-levelerrorfield is now a stable machine code rather than free-form prose; clients reading.erroras a human message need to read.error_descriptioninstead. - Visible retry reason on transient onboarding failures: when an onboarding phase hits a transient error, the onboarding record now carries a non-terminal
statusReasonsuch asretrying after transient error (attempt N): <err>, refreshed on each retry and self-cleared once the phase advances or the onboarding reaches a terminal state. An actively-retrying onboarding is no longer indistinguishable from one that is silently stuck; terminal failures continue to record their final reason as before.
Bor adds graded peer response on
develop so transient sync failures no longer churn good peers, Heimdall lands the disabled-by-default Ithaca hardfork code for stalled-producer span rotation, and Erigon v3.6.1 ships with optimizations and bug fixes that RPC providers are recommended to take before the mainnet Zurich activation.New
- Bor devp2p peer jailing on
develop: the bor downloader replaces blanket peer drops with a graded response. Transient failures (timeouts, stalls, unsynced peers, empty headers) get a 30-second local backoff, four soft strikes in a 10-minute window escalate to a 5-minute jail, a whitelist (checkpoint or milestone) mismatch backs off then jails before dropping only after persistent disagreement within a 30-minute window, and a pruned-sidechain ghost-state mismatch jails on the first occurrence and drops only on a repeat inside a 30-minute window. Every terminal drop also benches the peer for 30 minutes so it cannot dodge the drop by reconnecting. Not consensus-affecting, fully backwards-compatible, and operator-visible through neweth/downloader/peer/response/{backoff,jail,drop,mismatch}Prometheus meters and areasonfield on the existingSynchronisation failed, dropping peerlog (#2283). - Heimdall Ithaca hardfork code merged, disabled by default: a new hardfork gate adds VEBLOP pending-stall recovery so a span rotates when the agreed actual bor head stops advancing past a stall threshold, closing the post-Rio liveness hole where a stalled single block producer could halt bor production while a pending milestone tally remained in the 1/3–2/3 band. The new behavior is gated behind a per-network
ithacaHeightthat ships at0(disabled) on every network; activation heights are a release-planning decision and must be>= Rio. No stored-state migration or genesis change (#611).
Updated
- Erigon v3.6.1: a non-breaking optimization and bug-fix release. RPC providers are strongly recommended to upgrade ahead of the mainnet Zurich activation; nodes already running
v3.7.1-privrequire no action.
AggLayer 0.6.0 development adds a settlement-result lookup by hash, persists EIP-1559 fees per settlement attempt so replacement transactions reliably clear the standard 10% pricebump on nonce retry, and stops a retry loop from hammering L1 RPCs during indexing lag.
New
- L1 result lookup by settlement hash: operators can query the L1 settlement result for a given settlement hash directly, instead of re-deriving the result from local state (#1572).
Updated
- Gas bump on settlement retry: each settlement attempt now persists its resolved EIP-1559 fees (
max_fee_per_gas,max_priority_fee_per_gas), and a replacement transaction on the same nonce bumps both fields by at least the geth pricebump floor (10%), tracking a fresh L1 estimate and respecting the configured ceiling. When the ceiling forbids a strict bump, the run loop waits on the existing ceiling-priced attempt rather than broadcasting an underpriced replacement that execution-layer clients would reject (#1580).
Fixed
- No reorg loop during L1 indexing lag: when a nonce is observed mined but the receipt has not yet propagated to a lagging RPC node, the settlement loop now re-checks the
(wallet, nonce)mapping and treats a still-matching transaction asNotSettledYet, retrying through the existing backoff path. Only a nonce that no longer maps to the same transaction is reported as a reorg, eliminating a tight retry loop that hammered L1 during indexing lag (#1581).
Trails makes Base ETH native an unconditional relay-handoff candidate on every edge rail (Solana and Tron, origin and destination), exposes per-rail edge enablement on
RuntimeStatus, fixes a multi-wallet connection regression in the widget, and lands a broad set of edge-monitor, provider-scoring, and shutdown reliability fixes.New
- Base ETH native on all edge rails: Base ETH native is now an unconditional relay-handoff candidate on both origin and destination across every edge rail. The previous flag that gated Base-native to Solana origin only is removed; Relay quotes the pair in all four corners (EVM↔Tron, exact-input and exact-output), so suppressing it on Tron origin saved no work and hid a swap-saving candidate. The strategy race still discards candidates that fail to quote (#944).
edgeSolanaEnabledandedgeTronEnabledonRuntimeStatus: theRuntimeStatusRPC and generated Go and TypeScript clients report per-rail edge enablement derived fromconfig.edge.solana.enabledandconfig.edge.tron.enabled(#948).
Updated
- Edge monitor enablement is rail-aware: the edge monitor is considered enabled when either Solana or Tron edge is enabled, centralised behind
Config.EdgeEnabled()so a Tron-only or Solana-only deployment starts the worker correctly (#951). - Provider scoring uses real gas costs: Relay now reports origin-chain gas in
Info()(200k gas units), Hyperlane CrossCollateral reports a 3 bps fee and 30-second duration, and Relay’s default duration moves from 10s to 30s.Capabilities()returnsSupported,Trustless, andOperationsfrom a single struct, so probe paths no longer callInfo()with a zero chain ID and silently drop Relay, Hyperlane, and CCTP from candidate building (#935).
Fixed
- Multi-wallet connection regression on EVM and SVM: a widget regression that broke connecting both EVM and Solana wallets in the same session is fixed (#1122).
- Edge monitor queue starvation: persistent-error rows no longer cycle through
POLLING → PENDINGevery 5 seconds (which had been resetting the 1-hour retry timeout) and starve newer edge intents behind 10 stuck rows in the dequeue. Failing origin edge quotes now park inPOLLINGuntil stale recovery or timeout, so persistent failures age out through the existing pending-edge pipeline (#949). - Origin edge fast-retry on missing fill hash: when Relay reports terminal success before the fill or handoff hash has propagated into
txHashes, the edge quote fast-retries on the next worker cycle instead of waiting for stale-recovery to time out (#953). - Solana edge address validation: Solana origin, destination, token, and refund addresses are validated by decoding through
solana-goinstead of a regex shape check, so base58-shaped strings that decode to the wrong public-key length are now rejected. Token-style public keys remain valid where appropriate, but are not accepted as a user recipient or refund address (#943). - Terminal intents clear queued child transactions:
IntentReceipts.RefreshStatusaborts queued child transactions still inON_HOLD,PENDING, orERROREDonce the parent receipt is terminal, so/info/workersno longer shows stale dependents waiting for a release that will never come. Active child transactions inRELAYING,SENT, orMININGare preserved (#940). - Graceful-shutdown dispatch stranding: the dispatch decision in
ProcessTransactionsruns on a context detached from worker shutdown, so a SIGTERM landing after the dequeue claim no longer leaves anORIGIN/DESTINATIONrow stuck inRELAYINGuntil the 10-minute stale sweep. Receipt waits remain cancellable so shutdown still aborts long polls cleanly (#923).
OMS Wallet hardens WalletConnect session handling, normalizes wallet, relayer, and EVM revert errors into clearer in-app messages across send, sign-transaction, recovery, WalletConnect, and Earn, adds a cookie consent banner with separate analytics toggles and PII scrubbing, and tightens Earn deposit preflight so capped vaults and unaffordable relayer fees are caught before signing.
New
- Cookie consent and analytics preferences: a consent banner now appears on first visit with separate toggles for product analytics and Google Analytics, and Account Settings exposes a re-openable analytics preferences entry. Analytics initialize only after consent and stop again on revoke; GA Consent Mode is updated and
_ga*cookies are cleared on revoke. Wallet addresses, hashes, emails, bare hex values, ENS names, and sensitive URL substrings are scrubbed from analytics payloads before they leave the client, and contact and watched-wallet nicknames are no longer sent (#286). - Earn deposit preflight and vault status guards: ERC-4626
maxDeposit(receiver)andpreviewDeposit(amount)are checked before relayer execution, capped vaults surface a friendly vault-capacity error, and a fee-balance guard blocks deposits and withdrawals where amount plus relayer fee would exceed the selected token balance. Yield vault status (entry and exit availability, capacity state, entry limits, risk metadata) is now preserved through the proxy cache, so deposits and withdrawals are disabled with a clear reason when Yield reports the vault is not accepting them. Possible fees show as informational detail-page copy, not warning badges (#285).
Updated
- Wallet, relayer, and EVM revert errors normalize app-wide: a vendored
wallet-errorsmodule decodes wallet, relayer, and EVM revert errors (includingError(string)andAllCapsReached()) into structured, friendly messages and is wired through send, sign-transaction, recovery, WalletConnect, Earn deposit, and Earn withdraw. Raw error details (code,name,cause, original message) are preserved for analytics and debugging while user-facing copy is clearer. Failed relayer quotes are no longer classified as sponsored or free-gas options, and a stale selected relayer ID is cleared once relayer options refresh (#291).
Fixed
- WalletConnect session-request handling and stale modal UX: duplicate transaction modals from WalletConnect re-delivering unresponded
session_requestevents on every relay reconnect are de-duplicated by an in-memory seen-request set, closing the modal now bulk-deletes all pending transactions instead of triggering a close/reopen loop, pending transactions older than 10 minutes are cleaned up on WalletKit init and every 60 seconds, the sign-transaction modal opens reliably on tab focus through the document visibility API instead of the non-reactivedocument.hasFocus(), session-proposal unmount no longer cancels approvals that triggered a navigation, and unimplemented WC methods (eth_sign,eth_signTypedData,eth_sendRawTransaction, unsupported defaults) now reply withUNSUPPORTED_METHODSso dapps get a real error. The confirm button is also disabled until the relayer fee option is selected (#329). - Trails history button restored in the wallet’s Trails integration (#323).
The OMS public API surfaces a structured on-chain identity for assets on wallets and transactions, so integrators can read the underlying chain, protocol family, and token without parsing the human-readable
chain and asset strings.New
BlockchainAssetschema: a new component that combines the chain identifier (chainId), the wire-level protocol family (protocol:evm,svm, orsui), and the token identifier on that chain (tokenId). All three fields are required when the object is present.BlockchainProtocolenum:evmfor Ethereum-compatible chains,svmfor Solana, andsuifor the Sui Move VM.blockchainAssetfield on wallets, customer wallets, transactions, and wallet balances:Wallet,CustomerWallet,TransactionSource,TransactionDestination, and thedatapayload ofGET /wallets/{walletId}/balancenow include an optionalblockchainAssetobject. The field is additive: existingchainandassetstrings continue to be returned, so current integrations keep working unchanged.
residentialAddressandidentifyingInformationonPOST /customersandPATCH /customers/{customerId}: both fields are now accepted on the public surface and persisted through to compliance review.ResidentialAddressandIdentificationDocumentare exposed as reusable component schemas.- Required fields on
IdentificationDocument:type,issuingCountry, andnumberare now required when an identification document is supplied. - Single E.164 phone field: the public customer schema standardizes on one E.164-formatted
phoneNumberfield, replacing the prior pair of country code plus subscriber number.
Bor v2.8.3 ships stable across mainnet block producers, and the mainnet block gas limit lifts from 140 million to 160 million, completing the throughput target announced earlier this month.
New
- Mainnet block gas limit raised to 160 million: the planned increase from 140 million to 160 million gas has rolled out on mainnet, lifting the effective execution rate to around 106.66 Mgas/s at the 1.5-second block time. This is the final scheduled step on the path to roughly 5,079 TPS using POL transfers (21,000 gas) as the unit transaction.
Updated
- Bor v2.8.3 stable rolled out on mainnet block producers: bor v2.8.3 was cut from a multi-iteration
v2.8.3-candidateline on Amoy and promoted to mainnet block producers around June 16 to 17. The release rolls up the v2.8.3-beta fixes, including a milestone-mismatch rewind deadlock fix and the related revert from beta4.
Trails adds a gasless option to the React send hook, makes wagmi 3 the default widget integration, ships Hyperlane CrossCollateral routes with bridge-gas reimbursement, and lands a wide set of widget UX and worker-side reliability fixes.
New
gaslessoption onuseTrailsSendTransaction: integrators can opt into gasless execution directly from the React send hook.- Hyperlane CrossCollateral routes with bridge-gas reimbursement: Hyperlane CrossCollateral is wired in as a route option, with bridge-gas reimbursement so destinations receive the expected amount.
- Timed refund leaf on 1.5 intents: v1.5 intents now include a timed refund leaf, so refunds can be claimed deterministically once the timeout window elapses.
/info/workersqueue filters and admin intent-receipt refresh: the admin workers endpoint accepts queue filters and exposes an admin intent-receipt status refresh.
Updated
- Wagmi 3 is the default widget integration.
- EVM-first connect ordering: the connect dialog requires an EVM wallet connection before exposing Solana wallets, matching the EVM-anchored intent model. The SVM tab is also hidden when the Solana edge is not enabled by the API.
- Auto-sync of origin and destination chains: the widget auto-syncs selected origin and destination chains with the connected wallet and the entered recipient, and improves SVM and EVM address validation.
- Balance hooks: balance hooks now take an object-shaped params argument.
- Hyperlane monitor cadence: poll interval reduced from 15 seconds to 3 seconds for faster origin-to-destination dispatch, with CrossCollateral dispatched only after the origin receipt is confirmed.
/info/workerspending-intents speedup: the operator endpoint that lists pending intents is materially faster.
Fixed
- SOL pricing in Pay mode: SOL prices now resolve correctly in Pay mode.
- Chain resolution drift: chain selection no longer drifts between widget state and the underlying connector.
Add walletprop control: the fund-methods screen exposes a prop to hide “Add wallet” cleanly.- CCTP supported chains: CCTP routes honor the
chain_idsconfig to restrict supported chains. - Hyperlane decimals: collateral checks and quote amounts normalize decimals for Hyperlane routes, and route decimal conversions are normalized across providers.
- Legacy receipts: receipts with a null deposit transaction are refreshed correctly.
- Timeouts and retries: dispatch and execution timeouts are bounded, ancient executing intents abort cleanly, and
WaitIntentReceiptgetLogsbackoff is fixed so receipts do not stall behind RPC rate limits. - Intent
SUCCEEDEDgating: intentSUCCEEDEDstatus is now gated on destination edge delivery confirmation, with related fee and quote-path consolidation in dispatch.
Bor v2.8.3 stable ships with parallel-EVM (BlockSTM v2) consensus-correctness fixes, and Heimdall v0.9.0 lands the Zurich hardfork release: Amoy activates around block 37,750,000 on June 17, mainnet around block 47,880,000 on June 25 at 14:00 UTC.
New
- Zurich hardfork on Heimdall: v0.9.0 promotes the Zurich hardfork to mainnet. At the activation height,
x/clerkswitches to deterministic state-sync processing with block-height-based event visibility assigned inPreBlocker; bothPrepareProposalandProcessProposalenforce symmetric side-transaction caps (50/block) with wall-clock budgets for proposal construction (500 ms) and vote-extension generation (800 ms); checkpoint signature aggregation moves to commit-only; milestone propositions bind deterministically to the parent hash;MsgVoteProducersis restricted to the active validator set; and new ante decorators add a 16-output cap on aggregate bank transfers and 32-byte validation onMsgCheckpoint.AccountRootHash. All nodes must upgrade before their network’s activation height (Amoy37,750,000, mainnet47,880,000); pre-activation behavior is unchanged, no store migration or genesis change is required (#610). - Full Heimdall↔Bor gRPC transport in Heimdall v0.9.0: opt-in via
bor_grpc_flag, requires bor v2.8.3 or newer, with a startup hash-parity check across HTTP and gRPC before traffic switches. Batched milestone-proposition calls are around 4.4× faster than the HTTP path (#610). - Bor endpoint failover with health probing in Heimdall: non-producer nodes can fail over between configured bor endpoints when health probes mark an endpoint unhealthy; failover is explicitly refused on block-producing nodes to preserve a single source of truth (#610).
- EIP-1559 L1 transactions from Heimdall: bridge submissions and other L1 transactions now post as type-2 EIP-1559 transactions with operator-configurable gas caps (#610).
Updated
- Bor v2.8.3 stable released: the v2.8.3-candidate branch promoted to stable after five Amoy soak iterations. Required for operators running Heimdall v0.9.0 with the gRPC transport enabled (#2272).
Fixed
- Parallel-EVM (BlockSTM v2) consensus correctness: three independent BlockSTM v2 vs serial-execution divergences, each capable of producing a bad block, are fixed at the
core/statelayer. A 7702-delegatedCodePathread no longer splits across snapshot versions and poison the cross-block jumpdest cache;Existnow recognises accounts made to exist purely by a prior in-block nonce bump (sender increment or 7702 delegation clear), correctly applying the existing-account refund and avoiding the new-account CALL surcharge; and transfer-log emission now matches byBalanceOpsIdxinstead of by transfer shape, so a same-sender/same-recipient/same-amount selfdestruct payout no longer steals a later transfer’s log emission point. SerialStateDBandcore/vmare untouched; non-parallel nodes are unaffected (#2270). - Heimdall proposer-local liveness on dense blocks:
PrepareProposalpreviously sized the proposal with rawlen(tx), but CometBFT validates the returned proposal using the protobuf-encoded size ofData.Txs. Under high tx-count load the proposer could assemble a batch that passed its own check yet exceededMaxTxBytesonce CometBFT re-measured it, stalling block production on that proposer. Accounting now uses the same protobuf unit CometBFT uses (#608).
Trails adds Hyperlane CrossCollateral routes with bridge-gas reimbursement on the API side, tightens the widget connect-wallet flow to require an EVM wallet before Solana wallets surface, and ships a broad set of dispatch and quote reliability fixes.
New
- Hyperlane CrossCollateral routes: a new Hyperlane route variant covers cross-collateral cases that the standard Warp Route flow cannot, including bridge-gas reimbursement on the destination side. Routing dispatches the CrossCollateral call after the origin receipt lands so the destination side only acts once the origin commitment is confirmed (#843, #913).
- wagmi 3 as the default widget integration: the Trails widget and demo now ship wagmi 3 as the default wagmi path, with Privy and Sequence Connect using wagmi3-native provider/connector stacks and
viempinned to Privy’s peer requirement (#1102).
Updated
- Connect-wallet flow requires an EVM wallet before Solana: the widget’s Connect Wallet screen no longer lets users connect a Solana wallet before an EVM wallet is connected, both in the widget and in the standalone connect screen. The widget also enforces an EVM wallet before allowing the connect screen to be left (#1099, #1096).
- SVM wallet tab hidden when Solana edge is not enabled: when the API returns
edges: []for Solana, the widget hides the SVM wallet tab and all Solana wallet options, including both installable and already-detected Solana wallets (#1101). - Hyperlane monitor polling interval reduced: the Hyperlane monitor now polls every 3 seconds instead of every 15 seconds, shortening time-to-state-transition on Hyperlane intents (#912).
Fixed
- CCTP
chain_idsconfig honoured: CCTP route discovery now respects the configuredchain_idslist to restrict the set of supported chains, instead of advertising chains outside the operator’s configuration (#915). - Intent SUCCEEDED gated on destination edge delivery: an intent only transitions to SUCCEEDED once destination edge delivery is confirmed, removing a class of premature SUCCEEDED states on edge-backed routes (#893).
- Dispatch precheck ERRORED, worker interfaces, and admin transitions: dispatch precheck failures now route through the ERRORED path, worker interfaces are narrowed to the operations each worker actually performs, and admin-driven state transitions are centralised so they cannot diverge from worker-driven ones (#897).
- Ancient executing intents aborted: intents stuck in an executing state past their bound are now aborted instead of holding worker capacity indefinitely (#922).
- Timeout and retry bounds: dispatch timeout and retry handling are now explicitly bounded, preventing unbounded retry loops on transient errors (#920).
- Hyperlane decimal normalisation: the Hyperlane collateral check and quote amounts now normalise token decimals before comparing, fixing under-collateralisation false positives on tokens with non-default decimals (#917).
- Route decimal conversions normalised across the API quote path (#919).
- Legacy receipts with null deposit transaction: legacy receipts that recorded a null deposit transaction now refresh correctly through the receipt refresh path (#918).
- Fee and quote-path consolidation: a set of fee-collector and quote-path edge cases are consolidated into a single corrected path (#898).
/info/workerspending intents: the pending-intents path of/info/workersis now substantially faster on busy deployments (#928).
Heimdall v0.9.0 mainnet release schedules the Zurich hardfork for June 25, bor v2.8.3 ships as the matching stable client, and the mainnet block gas limit increases from 140M to 160M while holding 1.5s blocks.
New
- Mainnet block gas limit raised to 160M: with 1.5s blocks held, the upgrade lifts sustained throughput to roughly 5,000 payments per second at the same fee and reliability characteristics. Amoy continues at 200M for stress testing.
- Heimdall v0.9.0 mainnet release, Zurich hardfork: activates on mainnet at block
47,880,000(approximately June 25, 2026, 14:00 UTC), with Amoy already activated at block37,750,000on June 17, 14:00 UTC. The fork gates a set of consensus-level changes that stay inactive until the activation height: deterministic state-sync processing inx/clerkwith block-height-based event visibility assigned inPreBlocker; symmetric side-transaction caps of 50 per block inPrepareProposalandProcessProposal, with wall-clock budgets of 500 ms for proposal construction and 800 ms for vote-extension generation; commit-only checkpoint signature aggregation; deterministic milestone-proposition parent-hash binding;MsgVoteProducersrestricted to the active validator set; and new ante decorators (16-output aggregate bank-transfer cap andMsgCheckpoint.AccountRootHash32-byte validation). Validators must upgrade before their network’s activation height (#610). - Heimdall to bor gRPC transport (opt-in): heimdall ships full gRPC transport for the heimdall to bor channel, enabled with the
bor_grpc_flagconfig and requiring bor v2.8.3+. Startup hash-parity check and batched milestone-proposition calls included; internal benchmarks show roughly 45% lowerextendVotelatency on the heaviestGetBorChainBlockInfoInBatchpath versus HTTP (#610). - Bor endpoint failover with health probing: heimdall now supports multiple bor endpoints with health-probed failover. Disabled on block producers (#610).
- EIP-1559 L1 transactions in heimdall: heimdall now uses the EIP-1559 fee market for its L1 transactions, with safe-default gas caps (#610).
- Bor v2.8.3 stable release: backwards-compatible client cut from
v2.8.3-candidateafter five Amoy beta iterations. Recommended for all operators ahead of the Zurich activation. Includes the milestone-mismatch rewind deadlock fix landed inv2.8.3-beta5(#2272).
Fixed
- Parallel-EVM (BlockSTM v2) consensus divergences: three independent BlockSTM v2 vs serial divergences, each able to produce a bad block, are fixed at the
core/statelayer. (1) Per-tx CodePath read snapshot consistency for EIP-7702-delegated code, addressing theindex out of rangepanics invalidJumpdestandinvalid gas usedbad blocks observed on mainnet. (2)Existnow considers prior-tx nonce bumps, soapplyAuthorization’s existing-account refund and the new-account CALL surcharge match serial. (3) Settlement transfer-log mispairing intryEmitTransferAtnow matches onTransferRecord.BalanceOpsIdxrather than transfer shape, eliminating the receipts-root-only divergence from EIP-6780 selfdestruct payouts. SerialStateDBandcore/vmare untouched, so non-parallel nodes are unaffected (#2270). - Heimdall proposer liveness under high tx-count load:
PrepareProposalaccounting now uses the same protobuf-encoded size that CometBFT uses to validate the returned proposal. Rawlen(tx)could undercount per-tx protobuf overhead and let a proposer assemble a batch that passed its own check but exceededMaxTxByteson CometBFT’s re-measurement, stalling block production on that proposer. Proposer-local fix; not consensus-affecting (#608).
AggLayer 0.6.0 development gains a settlement-side wallet-and-nonce wait gate and certificate-to-settlement-job persistence so certificate tasks can resolve settlement jobs directly.
Updated
- Wait for any new expected
(wallet, nonce)to be on L1: settlement submission now waits until any newly expected(wallet, nonce)is observed on L1, closing a race that could surface during recovery and re-submission (#1571). - Certificate-to-settlement-job ID persistence: the state store persists the mapping from certificate IDs to settlement-job IDs through a new
certificate_settlement_job_cfcolumn family with insert-only semantics and a migration for existing databases. Certificate tasks can resolve settlement jobs directly without re-deriving the link (#1578).
Trails adds Hyperlane CrossCollateral stablecoin routes across Arbitrum, Base, and Ethereum, cuts CrossCollateral end-to-end latency on the order of
47s by dispatching the destination right after origin receipt and tightening the Hyperlane monitor poll, fixes a cross-decimal collateral bug that was stranding intents, and gates EVM and Solana intent completion on confirmed destination fills.New
- Hyperlane CrossCollateral routes: new
CROSS/moonpayUSDC and USDT route set across Arbitrum, Base, and Ethereum, including same-asset, cross-asset, and same-chain coverage. Uses the Hyperlane v4CrossCollateralRouterwithtransferRemoteToandquoteTransferRemoteTo. For overlapping USDC routes,CROSS/moonpayis preferred explicitly rather than by alphabetical order. Exact-input fee accounting reserves provider source-token overage and reimburses relayer-fronted native bridge gas through the origin-token collector sweep, so total fee no longer double-counts bridge gas (#843). - wagmi 3 as the default widget integration: the Trails wagmi integration is now wagmi 3 by default in the widget (#1102).
- CCTP
chain_idsconfig now honored: settingchain_idsunder[cctp]inapi.confactually restricts the supported chains for CCTP routes, aligning behavior with every other route provider. Previously the field was declared but silently ignored (#915).
Updated
- Hide SVM wallet tab when Solana edge is not enabled by the API: the widget gates the SVM tab and all Solana wallet options on
useSolanaEdgeActive()in addition to the adapter check. If the API returnsedges: []for Solana, the SVM tab and any detected or connected Solana wallets are hidden (#1101). - Require EVM wallet connection before connecting Solana: the widget’s connect screen now requires an EVM wallet before allowing a Solana wallet, and the widget itself no longer leaves the connect screen without one (#1099, #1096).
- Hyperlane CrossCollateral destination dispatch latency cut by approximately
47s: CrossCollateral now releases the destination transaction as soon as the origin receipt proves the Hyperlane dispatch metadata, instead of waiting for Hyperlane API delivery visibility. Worker-owned early release replaces the API delivery wait; destination preconditions still gate execution (#913). - Hyperlane monitor poll interval reduced from 15s to 3s: cuts average Hyperlane delivery-detection latency from roughly
7.5sto1.5s, the largest controllable overhead on CrossCollateral end-to-end time. The 10s GraphQL HTTP timeout keeps cycles from overlapping (#912). - Fee and quote-path consolidation: exact-input fee totals are computed per trade type in the fee calculator; gas-estimation RPCs are cached during quoting; provider fallback cascades are bounded; v1 and v1.5 protocol handlers share a single
FeeCalculatorinstance; zero-value fees and gas are initialized for testnet chains so testnet quotes no longer hit a nil-pointer (#898).
Fixed
- Hyperlane cross-decimal collateral check (caused two stuck user intents): collateral sufficiency now scales the origin-denominated transfer amount to destination decimals before comparing, instead of comparing destination-denominated collateral against a raw origin transfer amount. For Polygon to BSC 6 to 18 USDC routes, raw collateral
18.45e18was numerically larger than raw transfer amount644e6, so an insufficient-collateral case still passed the check. QuoteToAmountandToAmountUSDare now destination-denominated, and EXACT_OUTPUT requests are normalized back to origin decimals before quoting and packingtransferRemotecalldata (#917, #919). - EVM to Solana intent completion gated on destination edge delivery: for DESTINATION-mode edge intents,
WaitIntentReceiptno longer returnsDone=trueuntil the edge monitor confirms the Solana fill, failure, or refund. The intent holds atEXECUTINGuntil the edge worker terminates, thenRefreshStatusderives the terminal status (Completed to SUCCEEDED, Failed to ABORTED, Refunded to REFUNDED). A delivery bound on the bridge transactionTxnMinedAtexits the hold if the destination delivery stalls (#893). - Timeout, cancellation, and retry hardening: CCTP now uses an
http.Clientwith a 10s timeout instead of the no-timeout default; origin-edge success ordering callsExecuteIntentbefore marking the edgeCOMPLETEDand parks retryable failures inPOLLINGwith the fill hash preserved; deposit validation no longer marks potentially funded depositsFAILEDwhen shutdown cancels the retry wait, falling through to the existing fail-open provider fallback; deposit-dependent transaction release now uses a background context after the deposit is accepted, so shutdown cannot strandORIGINorDESTINATIONrowsON_HOLD(#920). - Dispatch precheck on guard error: when
shouldDispatchToRelayererrors, the transaction transitions toERROREDwith a status reason and a retry metric, instead of being silently skipped and re-dequeued forever. Context cancellation is excluded so shutdown does not produce spuriousERROREDwrites (#897).
Heimdall v0.9.0-beta announces the Zurich hard fork, with activation blocks scheduled on Amoy and mainnet, and Bor v2.8.3 ships as a non-breaking performance and stability release.
New
- Zurich hard fork activation scheduled: heimdall v0.9.0-beta defines the Zurich hard fork with activation at block
37,750,000on Amoy (June 17, ~14:00 UTC) and block47,880,000on mainnet (June 25, ~14:00 UTC). All validators, RPC providers, and node operators should upgrade their heimdall-v2 nodes before the activation block on each network.
Updated
- Bor v2.8.3 stable: non-breaking release focused on performance and stability improvements, validated through an extended Amoy testing period. No operator action beyond the standard upgrade cycle is required.
- Heimdall v0.8.2 stable: matching mainnet release of the v0.8.x line for operators that need to remain on v0.8.x ahead of the Zurich activation on mainnet.
AggLayer is now fully upgraded to the SP1 Hypercube (v6) proving system across all connected networks, including mainnet.
New
- SP1 Hypercube (v6) live on mainnet: AggLayer mainnet recorded its first L1 settlement on the SP1 Hypercube prover on June 16, completing the v5 → v6 migration across devnets, testnets, and mainnet. The upgraded prover is up to 5x faster on proving speed, more cost effective, and brings security hardening improvements. Backward-compatible reads of legacy v5 proofs and certificates remain in place over the migration window, so no caller-side changes are required.
AggLayer 0.6.0 development continues with operator usability and recovery improvements, and AggKit gains a new exit-certificate claimer service alongside resilient sync recovery for the legacy-syncer upgrade path.
New
- Exit-certificate claimer service: a new
exit_certificate_claimerHTTP service in AggKit serves the data needed to callclaimAsseton L1 for the bridge exits available to an address, with helper scripts (list-bridges.sh,claim-asset.sh,claim-all.sh). The service can run standalone or derive its config from an existing exit-certificate run via--exit-certificate-config. Default port7080(#1650). - Off-chain LER computation in the exit-certificate tool: Step G is split into G1 (lite L2 bridge sync) and G2 (
NewLocalExitRootcomputation). G2 now supports an off-chain mode that computes the LER directly from the lite exit tree without an Anvil shadow-fork, alongside the default shadow-fork verification mode.exitAddressis now mandatory and several option names switch to theignore*convention. Config files now accept JSON or TOML (#1633). - Settlement attempt and job persistence: settlement attempts and jobs are persisted to storage before submission to L1, so pending settlements can recover attempt metadata and job payload after a node restart (#1550, #1551).
Updated
- Docker image version reporting: agglayer Docker and CI builds now stamp a real git-derived version at compile time, so the node startup log prints the version instead of
VERGEN_IDEMPOTENT_OUTPUT(#1568).
Fixed
- Stuck settled-but-InError certificates: re-certification now queries the aggchain hash at the pre-settlement L1 block instead of
latest, so stateful aggchain contracts no longer revert reconciliation withL2BlockNumberLessThanNextBlockNumber()afternextBlockNumberadvances past the certificate’s L2 range. L1 archive access is required on the same path that already required it (#1563). l1infotreesyncupgrade loop: upgrading from a legacy syncer (for example 0.8.x) to the multidownloader implementation no longer leaves the syncer stuck withnot found in storage or blocks_reorged. When the last-processed block is at or below the finalized block, the multidownloader validates it against L1 by hash and resumes fromlastBlock+1on a match, removing the need to manually delete the DB (#1639, #1645).- Bare-filename config paths: agglayer accepts a bare filename config path (for example
agglayer.toml) again, without requiring a parent directory (#1553).
Trails ships a wide set of EVM↔Solana fixes after the EVM↔Solana edge support merge, hardens intent and transaction reliability on the API side, and adds an operator flag to disable the v1 intent protocol.
New
- Unified wallet connection with SVM: the widget’s wallet connection flow surfaces EVM and Solana wallets in the same connect dialog (#1019).
- Wallet screening for quote requests: quote requests are subject to wallet screening before a quote is returned (#853).
intents.disable_v1_intent_protocolconfig andGetSupportedIntentProtocolsAPI: deployments can disable the v1 intent protocol, and the supported-protocols RPC reflects the setting (#876, #884).- Recipient picker pulse and a same-chain WETH↔ETH calldata demo scenario in the widget (#1080, #1079).
Updated
- Source-token selector: shows all wallet tokens and supports API-based search inline (#1006).
- Solana wallet cancellations are retryable: cancellations from Solana wallets during signing are treated as retryable rather than fatal (#1072).
- Solana destination edge timeline: Solana destination edge transaction states are included in intent state, and duplicate edge-tx rows in the Solana edge timeline are removed (#866, #1076).
- Default connector set: select native wallet connectors are removed from the widget’s default connector set (#1068).
Fixed
- Mainnet CCTP routes: a testnet-mode gate that was breaking mainnet CCTP routes is removed (#861).
- Expired persisted fee quotes: dispatch now regenerates a fresh fee quote when the persisted quote is within 1 minute of its 10-minute expiry, instead of sending an expired quote and being rejected. Stuck DESTINATION transactions also time out after 1 hour rather than waiting forever and starving the dispatch queue (#868).
- Deposit starvation behind in-flight rows: the dispatch dequeue no longer includes
RELAYING/MININGrows, so stale in-flight rows from crashed or restarted workers no longer block recovery or starve deposit-dependent transactions (#858). - Same-chain calldata cases: same-chain swaps with calldata, including same-chain same-token with exact input, route correctly (#1074, #1078).
- Solana destination flows: destination token selection updates correctly, destination fills no longer double-fill, and Fund is disabled until a Solana recipient is selected when the destination is Solana (#1073, #1082, #1083).
- Edge metadata rail persistence is retained correctly on intent records (#857).
IntentTransactionGasFee.totalFeeUsdis now typed asfloat64instead ofstring, aligning the API contract with how it is serialized (#854).- Widget polish: connect-wallet close button, WETH demo icons, clipboard fallback compatibility, and inline-SVG canvas rendering (#1070, #1088, #1085, #1086).
OMS Wallet rebuilds the Private Send experience on a REST send flow with a dedicated recovery surface, and adds a wallet screening auth gate across sign-in and protected-route entry points.
New
- Private Send REST flow and status UI: Private Send now runs on the REST send flow with fee quoting, order creation, deposit submission, order polling, and a five-step lifecycle and status view. Failures after the deposit hand-off are tracked as recoverable rather than fatal (#304).
- Private Send recovery: a Settings recovery surface lets a connected wallet look up saved recoverable orders, inspect stuck balances, and submit stuck-UTXO withdrawals (#306).
- Wallet screening auth gate: authenticated wallets and connected EOAs are checked against a screening service before sign-in, OAuth callback, route loaders, auth-token setup, and the experimental wallet and login routes proceed. Blocked wallets are cleared from local auth state, redirected to sign-in, and shown a blocked-wallet notice. Screening URL and key are configured via environment variables (#287).
Updated
- Private Send availability analytics: availability now reports
unsupported_chainfor non-supported EVM chains andunsupported_tokenfor collectibles and non-coin records before checking other eligibility (#305).
The OMS public token endpoint now publishes a
429 Too Many Requests response so clients can handle rate-limited responses correctly.New
429response onPOST /auth/token(get bearer token): the token endpoint is rate-limited per client IP. When the limit is exceeded, the endpoint returns429with anErrorResponsebody and aRetry-Afterresponse header carrying the integer number of seconds to wait. Clients should branch on429alongside200,400,401, and500and honorRetry-Afterbefore retrying.
The OMS public API consolidates the account-balance and account-transactions endpoints under the Wallet surface and exposes a synchronous failure response on transaction execution.
Removed
GET /accounts/{id}/balance: the standalone account-balance endpoint is no longer part of the public API. Read balances throughGET /wallets/{id}/balanceinstead. TheAccountBalanceschema is removed.Accounttag: theAccountgrouping is dropped from the API. Endpoints that referenced it now live underWallet.
Updated
GET /accounts/{id}/transactionsis now a Wallet operation: the endpoint is re-tagged fromAccounttoWalletand the summary becomes “List wallet transactions.” The path parameteridnow expects a wallet ID with thewlt_prefix. The path itself is unchanged, so existing integrations continue to work; update tooling, examples, and SDK groupings to file the endpoint under wallets.
New
502response onPOST /transactions(execute a transaction): synchronous provider failures during transaction execution now return502with aTransactionbody in failed status, so clients can distinguish “created but failed at the provider” from “not created.” Handle502alongside201when calling the execute endpoint.
OMS Wallet adds an agentic wallet mode, refreshes the Earn experience with new filters, sorting, and interest disclosures, refreshes the Private Send flow, and ships a wide set of transaction and inventory fixes.
New
- Agentic wallet mode: dedicated landing experience with a terminal-style prompt copy flow for AI coding agents, plus an in-wallet inventory prompt card with docs link, reduced-motion support, and dismiss persistence.
- Earn interest disclosures and deposit terms: tooltip-based interest disclosures across the Earn list, detail, and deposit surfaces, with the APY column relabeled to Interest. A terms-and-conditions notice now appears below Review Deposit.
- Earn coin filters: switch between “Yours” (vaults for tokens in your inventory) and “All” to discover other opportunities, replacing the previous third “Vaults available for your funds” table.
- Inventory and empty-state defaults: collectibles are hidden by default until enabled in settings, the header wallet avatar stack is hidden when only one wallet exists, decorative placeholder cards are removed from empty states, and Earn defaults to all vaults when no coin tokens are held.
Updated
- Earn UX: vault data is now cached across page navigation with background refresh, sorting is available on any column with retained filters and sort order across navigation, deposit and withdraw amounts can be entered as a direct percentage, and vault selection rules now require APY under 100 percent (alongside the existing $300k minimum TVL and non-deprecated criteria) to filter out stale high-APY vaults.
- Private Send flow: refreshed UI with new step transitions, token selection, recipient selection, amount entry, and final send states.
- Terms of Use and Privacy Policy updated.
Fixed
- Transaction flow reliability: transaction relay and finality waiting now resolves only after a confirmed final status and handles cancellation and failure consistently; the sign-transaction modal scopes requested transactions correctly and keeps selected transactions visible while progressing; dapp send-wallet-transaction recovery handles wallet sync, duplicate approvals, stored transaction ids, the success idle state, and error rendering consistently.
- Inventory cache regressions after the persisted query cache migration: auth inventory prefetch now writes the canonical summary shape consumed by the inventory query hook, and recovery inventory reads are scoped to the requested recovery wallet, including the per-chain selection flow.
- Empty inventory notice no longer flickers when refreshing inventory.
- Earn snapshot initialization no longer gets permanently stuck if a background refresh is interrupted; the refresh lease now expires within 90 seconds and the next request re-triggers initialization.
- Private Send withdraw finalization behavior corrected.
- Trails success modal content fixed in the in-wallet cross-chain flow.
- Agentic mode terminal: text overflow fixed and generated CLI prompt arguments are now wrapped in double quotes for terminal-safe copy and paste.
A coordinated heimdall hard fork activated on mainnet on June 2 at block 46361000, and one day later the mainnet block time was reduced from 1.75 seconds to 1.5 seconds, lifting effective execution throughput by roughly 16 percent.
New
- Mainnet block time reduced from 1.75 s to 1.5 s: on June 3 the network moved to 1.5-second blocks with the block gas limit held at 140 million, raising the effective execution rate from around 80 Mgas/s to around 93.3 Mgas/s. No operator action is required. As a heads-up, a follow-on block-gas-limit increase from 140 million to 160 million is currently scheduled for June 16 as the final step on the path to 5,000 TPS.
- Heimdall hard fork activated on mainnet at block 46361000: the validator-set fee-withdrawal gate hard fork activated on Polygon PoS mainnet at block 46361000 on June 2 at 14:00 UTC, with heimdall v0.8.1 as the matching public release. After the fork, fee-withdrawal operations on heimdall are restricted to addresses in the active validator set; requests from non-validators are rejected at message-handling time. The fork also activates the v0.8.x features documented in the June 1 entry (planned-downtime successor nomination, deterministic state syncs gated on
visibilityTimeHeight, and the related bridge and consensus guards).
AggLayer v0.5.0 ships stable, with a revised admin API, mandatory gRPC prover transport, and a safer default for settlement confirmations.
New
- Networks can be marked as disabled in configuration, so operators can stop accepting certificates from a chain without removing it from the deployment (#1160)
Updated
- Breaking: the admin API replaces
forceSetCertificateStatuswithforceEditCertificate, which takes a certificate ID, aprocess-now=true|falseflag, and structured operations such asset-status,from=InError,to=Candidateorset-settlement-tx-hash,from=0x...,to=null. Update any operator tooling that called the previous endpoint (#1159) - Breaking: prover transport is now gRPC-only. The
prover_entrypointconfig key is removed and the[grpc]block is mandatory;proverreferences aProverTypefrom the provers repository (#1195) - Breaking: the
[extra-certificate-signer]configuration variable is removed; drop the matching block from deployment configs (#1206) - Default settlement confirmations raised from 1 to 12. Deployments that set this parameter explicitly are unaffected; deployments relying on the default now wait 12 blocks before processing a settlement (#1470)
Trails ships SDK v0.16.1 with Hyperlane and LayerZero Value Transfer routes, the Open Intents Framework as a route option, the OMS Wallet widget theme, and a dedicated recovery flow for stuck intents. EVM↔Solana edge support has merged to master and is in QA ahead of a follow-up release.
New
- Hyperlane routes: Trails routes can now traverse Hyperlane Warp Routes, including first-party USDC HWR support across Arbitrum, Base, Polygon, Ethereum, and Katana. Hyperlane is enabled in AUTO routing with market-rate fee estimation, supports
EXACT_INPUTtrades, and includes destination-collateral checks, worker recovery, and underfunded-deposit refund handling. - LayerZero Value Transfer (
LZ_TRANSFER) routes: a new route provider built on the LayerZero Value Transfer API replaces the deprecatedlz_stargateroute. The widget exposes it as a selectable bridge option. - Open Intents Framework (OIF) routes: OIF is wired in as a route provider, with an expired-order refund worker, explicit rejection of partial-fill quotes, and demo coverage for ETH USDC → Katana USDC.
- OMS Wallet widget theme: a new widget theme aligned with OMS Wallet, including a refreshed selected-wallet background.
- Recover funds screen: a dedicated screen in intent history for recovering stuck funds, replacing the prior inline recovery surface. Edge wallet intents are now included in history.
- Fund exact output: funding flows can now target an exact output amount.
- Recent chains in the chain selector: previously used chains surface at the top of the chain selector.
- Token selector refresh: a refresh control on the token selector reloads token lists inline.
- Widget chain and token filtering: new
supportedChainsandsupportedTokensByChainwidget props let integrators restrict the chains and tokens shown to users. GetEdgesdiscovery API: a new RPC enumerates enabled edge rails so integrators can discover available cross-chain routes at runtime.- Intent history filters: history and search now accept edge address, rail, mode, provider, and participant-address filters.
- Edge metadata on intent endpoints: intent receipts now include
IntentEdgeMetadatawithEdgeStatus, refund transaction hashes, and rail metadata. - Same-chain “Swap & Receive” label: same-chain terminal swap steps are labeled clearly in transaction summaries.
- Wagmi auto-detection: the widget detects an active wagmi provider without explicit adapter configuration.
- Composable action resolver APIs: the composable-action resolver helpers are now exported for integrator use. See the Trails docs.
- Somnia chain support: Somnia is supported as a route destination, including
USDC.e↔USDsoswaps andSOMIOFT routes for cross-chainSOMItransfers, with refreshedSOMIbranding in the widget. - EVM↔Solana edge support (in QA): end-to-end EVM↔Solana intents are merged to master and available in the dev demo, with SVM wallet auto-detection, Solana-standard wallet support, Solana funding and settings rows, Solana-side refund and failure handling, and server-side edge execution via a new edge monitor worker. Targeting a follow-up SDK release once QA completes.
Updated
- Hyperlane fee breakdown: Hyperlane now shows as a Bridge rather than a Swap in the fee breakdown.
- WETH passthrough: self-wrap and self-unwrap quote shapes are now supported through passthrough.
lz_stargateremoved: the deprecatedlz_stargateroute provider has been removed in favor ofLZ_TRANSFER.xaiandblastchains removed: both chains are no longer supported by the Trails SDK.- Widget input scope tightened:
from.currencyis restricted to fiat andfrom.tokento ERC-20 in the widget. - Multi-swap route discovery: routing now discovers multi-swap routes through intermediary tokens, broadening coverage.
GetEarnPoolschain list: refreshed list of chains exposed by the earn-pools endpoint.WaitIntentReceiptsynthesis: receipts are now synthesized from intent state when no receipt row exists, removing a class of “pending” hangs.
Fixed
- Polygon USDT permit: salt-based EIP-712 domain handling now works correctly for the Polygon USDT permit flow.
- EVM signer resolution: quote requests now resolve the EVM signer address when a wallet session is connected but
walletClientis still null (for example, MetaMask on Polygon before wagmi materializes the client). - Embedded wallet approval prompt: the “Please approve…” prompt is hidden for embedded wallets, including OMS Wallet.
- Embedded wallet intent recovery: resolves a recovery hang for embedded wallets on v1 intents.
- Quote owner resolution: the connected EVM wallet is always used as the quote owner; the recipient address is never substituted.
- Quote route provider fee labels: corrected labels for route provider fees in quote breakdowns.
- Fund method disabled state: unlisted fund methods now render as disabled rather than enabled.
- WalletConnect recovery flow: the WalletConnect recovery flow now completes without stalling.
- WalletConnect funding: WalletConnect funding now redirects to token selection and exposes a disconnect button. WalletConnect wallets are also shown when direct-transfer is hidden from fund methods.
- Native wallet reconnect on reload: native wallet sessions now reconnect on page reload.
- Recovery fee options: fee options no longer break for WaaS wallets in the recovery flow.
- v1.5
depositSignature: v1-only fields indepositSignatureare now guarded for v1.5 compatibility. - Credit-card flow placeholder: fund amount placeholder text fixed in the credit-card flow.
- SDK edge sends: the SDK no longer auto-executes intents after an edge deposit; server workers handle execution.
- Same-chain quote math: fixed
PriceImpactUSD, native token normalization, andEXACT_INPUTcalldata for same-chain quotes. - Edge quote timeout: intents now abort cleanly on edge quote timeout.
- Fee caps: exact-input fees are capped to the residual amount, and
CollectorFeeCapis scoped toEXACT_OUTPUTto fix anEXACT_INPUTbridge gas regression. - Edge worker transaction hashes: init and refund transaction hashes now persist correctly through worker updates.
- Token decimals cache: scoped by chain to prevent cross-chain collisions.
- Deposit transfer logs: matching deposit transfer logs are summed instead of taking the first match.
- Outer approvals: redundant outer approvals are skipped for SDK-managed
hydrateExecuteAndSweepmulticalls. - Multi-swap recipients: replay of multi-swap intents now preserves the original per-step recipients.
- Fee collector: corrected fee-collector validation, tokenlist fallthrough, and receipt-state edge cases.
- Send-transaction destination context: corrected propagation of destination context for send-transaction calls.
The OMS public API expands the set of blockchain networks accepted for inbound transfers.
Updated
- Inbound blockchain networks: the
BlockchainInNetworkenum used by the deposit-address simulation endpoint (POST /deposit-addresses/{depositAddressId}/simulate) now acceptsINKandSUIin addition toBASE,ETHEREUM, andSOLANA. Integrators using the deposit-address flow can now simulate inbound USDC, USDT, or USAT transfers from Ink and Sui in sandbox.
Bor v2.7.2 through v2.8.2 ship across the lookback window, alongside heimdall v0.7.1, introducing an opt-in heimdall-to-bor gRPC transport, expanded tracing for state-sync transactions, several new operator flags, and a large set of consensus, miner, and bridge fixes.
New
- Heimdall-to-bor gRPC transport (opt-in): every bor-facing JSON-RPC now has a gRPC counterpart, selectable per-node via
bor_grpc_flagin heimdall’sapp.tomlagainst bor’s new[grpc]config section. TheGetBlockInfoInBatchcall used in the consensus-criticalExtendVoteHandlerpath is around 4.4× faster on gRPC, and the wire path allocates 50 to 67 percent fewer bytes across the seven methods. Defaults are unchanged, and heimdall performs a startup hash-parity check across both transports before continuing. - State-sync transaction tracing: state-sync (bor bridge event) transactions are now first-class in the
debug_*tracing RPCs, includingdebug_traceBlockByNumber,debug_traceBlockByHash,debug_traceTransaction,debug_traceChain,debug_traceCall,debug_intermediateRoots, anddebug_standardTraceBlockToFile. A new wrapped tracing hook collects multiple bridge events under a single synthetic root call frame per state-sync transaction, socallTracer-class tracers see one root with N sub-calls instead of N independent traces. The legacydebug_traceBorBlockRPC method has been removed; switch any callers todebug_traceBlockByNumberordebug_traceBlockByHash. p2p.nosnapconfig flag: decouples the local snapshot tree from serving thesnap/1p2p sub-protocol. Block producers can keep the flat-state snapshot enabled for fast local reads while declining to serve snap sync to peers, which removes unnecessary network and CPU overhead on validator boxes.miner.disable-pending-blockflag: disables the pending-block creation loop inminer/worker. RPC queries against thependingtag returnnil. Intended for non-validator and serving nodes that do not need a pending block.- Builder-phase prefetch and new metrics: the builder pipeline now runs three additional, builder-synchronized prefetch phases (upfront plan scan, per-transaction forwarding, and freed-gas overflow), reducing cache-miss costs on contract-heavy blocks. New metrics include
worker/prefetch/builder_added_percentandworker/txApplyDuration/{prefetched,notPrefetched}. Additional block-building timing metrics cover prepare-work duration, pending-transaction fetch time, and the count of header-time extensions. - Heimdall planned downtime can nominate a successor:
MsgSetProducerDowntimenow accepts an optionaltarget_producer_idto nominate a specific replacement. If the target is invalid, inactive, or also down for the range, selection falls back to round-robin. Gated on a coordinated hard fork. - Heimdall deterministic state syncs: introduces height-pinned, one-block-delayed visibility for clerk events so that during heimdall halts pending events remain excluded and all validators derive identical query results. Activation is gated on
visibilityTimeHeight, which is0(disabled) on all networks until the next hard fork is scheduled. - Heimdall bridge self-healing expanded: the bridge self-heal loop now recovers
SignerChangeandUnstakeInitevents in addition toStakeUpdate, unified through a single combined subgraph query that returns the max L1 nonce across the three event types. Receipt validation now rejects reverted L1 transactions and logs emitted by unexpected contracts. prepareProposalBudgetin heimdall: implements an explicit time budget for proposal preparation in ABCI, bounding the work the proposer can do before block dissemination.
Updated
- Witness filestore is now the default: the filesystem-backed witness storage is now enabled by default in bor’s CLI. Existing operators on the database-backed store continue to work; new nodes pick up the filestore without additional flags.
- Witness configuration template hint: bor packaging templates now show
[witness]withenable = falseinstead of the deprecated top-levelwitnessprotocolkey, which the current parser no longer consumes. Update any custom configs that still usewitnessprotocol. rpc.batchlimitrenamed torpc.batch-request-limit: bor’s templates and example config now userpc.batch-request-limit, matching the runtime parser. The previousrpc.batchlimitkey was silently ignored, which could leave nodes on the default batch limit of 1000 unintentionally.cache.triejournaldirectoryis now wired end-to-end: operators who set this key inconfig.tomlnow get the configured directory respected. When unset, behavior is unchanged and the journal stays under<DATADIR>/triedb.- Heimdall pruning defaults retuned: the shipped
config.tomlnow defaultsindexer = "null"(cometbft transaction index disabled), with the pruningintervalreduced from3hto10mandEnforcedMinRetainBlocksreduced from 2,500,000 to 2,000,000. The effect on a mainnet RPC node is around 23 GB freed at steady state and the elimination of large pruning bursts. Operators who do not use/txor/tx_searchcan also reclaim around 43 GB by removing the existingtx_index.dbafter upgrading. - Heimdall bridge metric rename: the three self-heal Prometheus metrics moved into the
heimdallv2namespace and follow Prometheus naming conventions.self_healing_<chain>_StakeUpdateis nowheimdallv2_self_healing_stake_events_processed_total,self_healing_<chain>_StateSyncedis nowheimdallv2_self_healing_state_syncs_processed_total, andself_healing_<chain>_NewHeaderBlockis nowheimdallv2_self_healing_checkpoint_acks_processed_total. Update any dashboards or alerts that reference the old names. - Heimdall bridge performance: vote-extension processing now pre-fetches L1 receipts in a single batched RPC call, the root-chain listener uses an O(1) topic-to-event map instead of a per-log linear ABI scan, and the clerk mempool check uses the typed CometBFT RPC client.
- Amoy bootnodes updated: bor’s compiled-in Amoy static peer list now points at the current set of Amoy bootnodes. Operators relying on the embedded list no longer need a manual override.
- Heimdall mainnet seeds and persistent peers: refreshed to the current working set, so nodes regenerating their config pick up working peers without manual intervention.
Fixed
- Bor recovers from milestone-mismatch forks without manual wipe: nodes that briefly forked off the canonical chain due to a heimdall startup hiccup or span propagation gap could enter a state where rewinding required canonical-chain blocks that the downloader refused to deliver, requiring an operator to wipe chain data. The mismatch-rewind path now resyncs the canonical segment from peers while still rejecting genuine sidechain ghost-state attacks.
- Forkid wire-format change reverted: a change that included polygon-specific forks (Rio, Madhugiri, Dandeli, Lisovo, Giugliano, Chicago, others) in the eth p2p handshake forkid hash was reverted because changing the wire forkid is a breaking peer-to-peer change. Nodes running the changed code could not handshake with older bor peers. A future, coordinated rollout will reintroduce the fix gated on a fork block.
eth_estimateGasno longer fails on non-validator nodes: nodes whose configured signer is not in the active validator set previously returned “insufficient funds for transfer” against thependingblock becausePrepare()was failing on every block and the pending snapshot was never refreshed.Prepare()no longer fails for unauthorized signers;Seal()continues to reject blocks from unauthorized signers independently, so no invalid blocks can be produced.- Live tracing no longer conflicts with the miner: bor running with live tracing enabled could call live tracing hooks from the miner path once it reached live, causing problems. The miner now disables the tracer in its
vm.Configso only block synchronization invokes the tracer. - Heimdall checkpoint submission off-by-one fixed: the bridge stopped submitting checkpoints to L1 after the
indexer = "null"migration because the new tx-bytes lookup was passing the event’s block height instead of the height of the block that contained the checkpoint transaction. The lookup now usesheight - 1, matching the invariant established by the side-tx post-handler running in the block after the one that included the message. - Heimdall producer downtime span off-by-one fixed: veBlop spans created by
PostHandleSetProducerDowntimewere one block longer than intended (6,401 instead of 6,400), causing overlaps with adjacent spans. Gated behindproducerDowntimeSpanFixHeightto preserve pre-fork behavior. (*Header).GetValidatorBytesno longer panics on shortExtra: an exported helper used by indexers, light clients, and explorers panicked withslice bounds out of rangewhen passed a header whoseExtrafield was shorter than 97 bytes on pre-Cancun configurations. The pre- and post-Cancun branches now share a single length guard and returnnilfor malformed input.- Witness size recovers when filesystem metadata and DB disagree: if a crash interrupted a witness write between renaming the file on disk and writing the size key to the DB, witness pagination paths could silently fail because
ReadWitnessSizereturnednil. The lookup now falls back toos.Staton the witness file when DB metadata is missing. - Miner state-machine wedges closed: four silent stall paths in the producer state machine that could leak the
pendingWorkBlockorpendingTasksmap entry on edge cases (peer count zero during production, syncing-check early return, sealhash interrupt, fullresultCh) are now plugged, with regression tests for each. SpanStore.PurgeCacheno longer races its own poll loop: a background poller could write a freshly purged span back into the cache before the next test read, producing intermittent CI flakes. The poll goroutine is now cancelled and waited on before state is reset.- Milestone websocket subscriber shuts down cleanly: the heimdall milestone subscriber outlived
chainDb.Close()because it was launched withcontext.Background(). It now exits on the bor close channel, eliminating the burst ofpebble: closederrors during shutdown.
AggLayer migrates the prover stack to SP1 v6, aggkit ships substantial exit-certificate recovery tooling, and operators get more configurable RPC behavior plus a slate of reliability fixes.
New
- SP1 prover upgraded to v6 with backward-compatible reads of legacy v5 proofs and certificates, improving proof generation and verification performance during the migration window (#1525, #1545)
- gRPC ingress now rejects certificates carrying non-writable SP1 proof versions with a dedicated
UnsupportedProofVersionerror instead of failing downstream (#1522) - Settlement service gains an auto-retry helper (
retry_callback_until_success) that recovers from transient RPC errors instead of panicking (#1476) - aggkit exit-certificate tool: Step A is split into A1 (tracing) and A2 (receipt-recovery fallback), addressable individually or together via
--step a1,a2, ora, with automatic migration of legacy output files (#1630) - aggkit exit-certificate tool: new
stepAWindowSizeoption (default 5000) for independent Step A chunk sizing, and an abort-on-error mode that stops all workers on the first trace failure whenContinueOnTraceError=false. Trace errors now surface both the transaction hash and the underlying RPC message (#1629) - aggkit exit-certificate tool:
targetBlockaccepts finality keywords (LatestBlock,FinalizedBlock), decimal/hex values, and relative offsets likeLatestBlock/-10. The resolved block is persisted and reused across resumed runs (#1627) - aggkit LET operator tooling: new
craft-cert,send-cert --no-db,cert-status, andexport-cert-exitssubcommands, with stronger fallback diagnostics when aggsender bridge-exit data is unavailable (#1616, #1570) - aggkit RPC client: new
BatchBlockHeaderRetrievaloption lets operators disable batch header requests and fall back to sequential calls for nodes that do not support batching (#1601)
Updated
- Per-epoch certificate rate limiting is restored:
MAX_CERTIFICATE_PER_EPOCHand epoch-capacity gating inNetworkTaskonce again enforce one certificate per network per epoch (#1514) - aggsender startup recovery now requires a manual database wipe when local certificate state diverges from AggLayer, replacing the previous automatic reconciliation (#1570)
- aggkit docs now document that event logs must be available from genesis and provide reth configuration for disabling receipt pruning to prevent historical sync failures (#1610)
Fixed
- aggkit exit-certificate tool now patches ERC-20 balances correctly for smart-contract-locked exits in Step G, supporting both OpenZeppelin v4 (slot 0) and v5 (namespaced storage) layouts. Resolves
ERC20InsufficientBalanceerrors during SC-locked exit processing (#1622) - aggkit Docker images now embed
VERSION,GITREV, andGITBRANCHbuild metadata, sodocker run aggkit versionreports the correct values instead of empty fields (#1619, #1621) - aggkit
l2gersyncno longer emits ERROR-level logs for max-block-range responses that are already handled by automatic chunking (#1607) - aggkit
ParseMaxRangeFromErrornow recognizes thequery exceeds max block rangeRPC error format, so ClaimSyncer retries with chunked requests instead of failing (#1589) - aggkit bridge-call matching now filters debug trace frames to actual
CALLoperations only, ignoringDELEGATECALL,STATICCALL,CALLCODE, and untyped frames (#1609) - Pending certificate validation now uses the correct error type instead of
CertificateCandidateError::UnexpectedHeight(#1289)
Trails ships composable actions, a token-first widget destination flow, auto-refresh for expired quotes, and a wide set of widget and SDK fixes.
New
- Composable Actions: chain multiple destination calls into a single intent, with dynamic balance routing and support for multiple ERC-20 tokens in dynamic-amount slots. Integrators can sequence approvals, swaps, and custom calls inside one quote, with backend validation rejecting ambiguous recipient or passthrough configurations. See the Trails docs for usage.
- Token-first widget destinations: widgets now accept token-specific destination lists, letting you configure a fixed set of destination tokens (and chains) that users can pick from. Persisted token selections survive across sessions.
- Quote auto-refresh: expired quotes refresh automatically on the next user interaction before signing, so users no longer see an “Intent quote has expired” error in the pre-signing state. Refresh is suppressed once signing has begun.
- Wallet runtime adapters: Trails wallet runtimes are now decoupled behind explicit adapters, giving integrators a cleaner extension point for embedding custom wallet stacks.
- Configuration validation and offline recovery: intent configuration is now validated up front and cached locally, with pruning of stale entries. This enables offline recovery of in-flight intents.
Updated
- Widget lifecycle callbacks renamed:
onSwapComplete,onPaymentComplete,onFundingComplete, andonWithdrawCompleteare nowonSwapSuccess,onPaymentSuccess,onFundingSuccess, andonWithdrawSuccessfor consistency. Update your widget props to match the new names. - WalletConnect: improved QR rendering, deep-link handling, and loading state in the WalletConnect flow.
- Quote input: clearer error states when the input amount or token is invalid.
- Send flow: destination chain now defaults to the connected wallet’s chain when no destination is specified.
- Mesh exchange: mesh exchange queries can now run without a configured
trailsApiUrl. - Receipt step ids: receipt step ids are now stable across renders, making them safer to use as React keys and analytics identifiers.
- SDK packaging: improved compatibility with Node environments and better tree-shaking for smaller bundles. Server-side rendering with Trails actions is now safe.
Fixed
- Fixed swap funding method selection so the chosen method is preserved across re-renders.
- Fixed the receiver token picker losing account context when switching accounts.
- Fixed chain-switch detection in the widget when users change networks mid-flow.
- Fixed Privy wallet modes incorrectly rendering a ConnectKit button.
- Fixed
useQuotesoQuoteErroris available as a runtime value rather than a type-only export. - Fixed missing deposit transaction enrichment in intent history.
- Wrapped errors now propagate via
Error.cause, preserving the original stack and context for debugging. - Composable-action quotes now reject a top-level recipient (which is per-call only) and omit the quote recipient in earn mode.
- Guarded against undefined
detailsinUnknownRpcErrorchecks to prevent spurious crashes. - Removed a duplicate Pay fallback path that could double-trigger the pay flow.
Agglayer adds gRPC-level SP1 proof version validation; aggkit ships configurable block header batching and fixes RPC range errors and bridge call trace matching.
New
- gRPC ingress now rejects certificates carrying non-writable SP1 proof versions and returns a structured
UnsupportedProofVersionerror, giving integrators explicit feedback when submitting proofs built with unsupported versions BatchBlockHeaderRetrievalis now configurable in[L1NetworkConfig.RPC]and[Common.L2RPC]in aggkit; set tofalseto disable batch RPC requests for endpoints that do not support them (v0.10.0-rc3)
Fixed
- Node process no longer panics on corrupt certificate rows; storage decode failures now surface as
CodecError::Serializationinstead of unwinding the process - Pending certificate validation now returns the correct error type; previously reused
CertificateCandidateError::UnexpectedHeightfor a case it was not designed for - ClaimSyncer now recognizes the “query exceeds max block range” RPC error and automatically retries with smaller block ranges, preventing sync failures on restrictive RPC endpoints (aggkit v0.10.0-rc2, v0.8.3-rc2)
- Bridge and claim sync debug traces now correctly match only
CALLframes, preventing incorrect calldata extraction fromDELEGATECALL,STATICCALL, orCALLCODEframes (aggkit v0.10.0-rc3, v0.8.3-rc3)
aggkit pre-releases add configurable RPC block header batching and improve bridge call trace accuracy; agglayer corrects error type semantics in pending certificate validation.
New
- Batch block header retrieval is now configurable via
RPCClientConfigin aggkit, letting operators control how many block headers are fetched per RPC call (v0.10.0-rc3)
Fixed
- Pending certificate validation in agglayer now returns the correct error type; the code previously reused
CertificateCandidateError::UnexpectedHeight, which is semantically reserved for epoch-context candidate certificates - aggkit no longer emits a spurious error log when l2gersync encounters a block range that exceeds the RPC provider limit (v0.10.0-rc3)
- Bridge call matching in debug traces is corrected (aggkit v0.10.0-rc3, v0.8.3-rc3)
- aggkit now parses
query exceeds max block rangeresponses from RPC providers and retries with a reduced range instead of surfacing an unhandled error (v0.10.0-rc2, v0.8.3-rc2)
Two governance proposals targeting the validator reward schedule and payments revenue distribution were merged this week.
New
-
PIP-86 recalibrates
CHECKPOINT_REWARDon the L1StakeManagerto hold annual POL emission at the 1% target (103,530,000 POL/yr) as Polygon Chain transitions to faster block times. The parameter decreases from 34,695.98 POL to 29,414.92 POL per checkpoint when block time moves to 1.75s (planned May 5), and to 25,212.79 POL per checkpoint at 1.5s (planned May 19). No contract upgrades are required; both changes execute viaupdateCheckpointReward()through the existingGovernancecontract. - PIP-87 proposes a fixed-cost payments program that gives payment companies predictable, fiat-denominated pricing for blockspace on Polygon. Revenue from the program is converted to stablecoins and distributed to validators and stakers via the existing PIP-65/82/85 framework, with a portion used to buy POL from the market for staker distribution and for the PIP-24 burn.
Bor v2.7.2 stable ships RPC fixes including re-enabling
eth_simulateV1, with v2.7.3-beta adding private transaction relay improvements and critical fixes for memory growth and security landing on the development branch.New
- Added
miner.disable-pending-blockconfig option to disable the pending block creation loop; when set, allpendingblock RPC queries return nil
Updated
-
RPC gas cap is now bypassed only for internal system transactions; external
eth_calland simulation requests are subject to the configured gas cap - Private transaction relay now purges stale transactions more aggressively using per-block-producer error tracking, preventing unbounded in-memory growth under sustained relay load
Fixed
-
eth_simulateV1is re-enabled in v2.7.2; a context propagation error in the RPC path was causing the method to return incorrect results - Fixed exponential memory growth in the pathDB BFS preload path: the node-child enumeration was enqueuing all 16 nibble children regardless of node type, causing the visited map to grow as O(16^depth) and consuming up to 14 GB per goroutine on restart, stalling block import for up to two hours on archive and full nodes
-
Go runtime updated to 1.26.2, resolving 6 standard library CVEs in
crypto/tlsandcrypto/x509including a TLS 1.3 KeyUpdate denial-of-service and several certificate validation bypass issues
Trails API adds gas fee option selection to the intent flow, persists wallet configuration at quote time, and fixes a recovery issue for intents using custom address overrides.
New
- Intents now support gas fee option selection. Specify fee options at quote time; the API validates the selected option against quoted options before execution, giving integrators explicit control over transaction costs.
- Wallet configuration is now stored at quote time and returned with the quote response, enabling reliable intent recovery and re-execution across sessions.
Fixed
- Recovery now correctly applies custom address overrides when deriving wallet context, preventing derived-address mismatches for intents configured with non-default addresses.
Trails SDK and widget ship smarter intent protocol defaults, better recipient handling, and improved error recovery.
New
- The SDK now automatically resolves the best intent protocol version for each transaction. An explicit override, global config, or SDK default is checked in order, with a fallback to the API-provided default when the preferred version isn’t supported.
Updated
- The widget highlights the recipient address when it differs from the sender, making it easier to spot send-to-other flows before confirming.
- Expired quote errors now show a warning icon and offer a clear recovery path so users can retry without restarting the flow.
Fixed
- Fixed an issue where the recipient address could go stale after switching wallets in the widget.
- Fixed the add-wallet flow in the recipient selector so users can successfully add new recipient addresses.
Bor v2.7.1 stable ships opt-in EVM execution optimizations, database performance improvements, and a goroutine leak fix.
New
- Added opt-in EVM execution optimization via
--switch-dispatchCLI flag orEnableSwitchDispatchconfig option, introducing a fixed-size opcode stack and a switch-dispatch fast path for hot opcodes ported from GEVM
Updated
- Tuned PebbleDB write path (1 MiB
BytesPerSync, adaptive compaction) and increased PathDB state buffer to 2 GB with intelligent carry-over across flushes, reducing write stalls for archive and full nodes - Removed legacy
UpdateDeps/GetDepDAG algorithm from BlockSTM, fully replaced by theDepsBuilderimplementation
Fixed
- Fixed goroutine leaks in the witness request path that caused unbounded memory growth when peers disconnected during parallel stateless import
aggkit fixes claim syncer startup block selection on empty databases.
Fixed
- Claim syncer now determines its starting block from the earliest settled reference block (not the latest) when the database is empty on startup, preventing sync errors on fresh starts
Bor v2.7.1-beta ships transaction propagation improvements and an SRC buffer reduction, with additional RPC and monitoring fixes merged to the development branch.
Updated
- Increased max transaction packet size from 100 KB to 1 MB, improving transaction propagation between peers
- Reduced SRC buffer from 500ms to 100ms, allowing block producers to spend more time on transaction execution
Fixed
bor_getLogsandbor_getLatestLogsnow correctly return state-sync logs from blocks produced before the Madhugiri upgrade- Prometheus
_countmetrics no longer reset to zero on each scrape, restoring correctrate(),increase(), and latency calculations for node operators
The Polygon Wallet adds private token transfers and Yield vault support in the Earn tab.
New
- Added end-to-end private send flow, including a dedicated status screen for deposit, withdraw, success, and failure states, and refreshed gas and privacy fee display with up to 4 decimal place precision
- Added Yield vault support to the Earn tab
Agglayer raises the default settlement confirmation count to 12 for safer out-of-the-box deployments.
- Default confirmations for L1 settlement increased from 1 to 12. Deployments that do not set this value explicitly are now safer by default.
Trails API adds a new option to suppress passthrough quotes from intent responses.
- Added
intents.disable_passthrough_quotesoption. When set, the API omits passthrough quotes from intent results, giving integrators tighter control over which quote sources are returned.