Threshold enforcement #12

GTC6244 · 2025-11-20T03:12:48Z

WHAT

Add threshold enforcement to keysets

Copilot

Pull Request Overview

This PR adds threshold enforcement to keysets. The changes refactor the root key handling from a HashMap-based approach to a Vec-based approach, simplifying the key share proof checking logic and removing per-keyset iteration in favor of a single validation pass.

Refactored root key storage from HashMap<String, Vec<CachedRootKey>> to Vec<CachedRootKey>
Updated voting and validation logic to work with the simplified structure
Added new error handling for threshold enforcement
Updated contract ABIs to support new error types

Reviewed Changes

Copilot reviewed 40 out of 73 changed files in this pull request and generated 45 comments.

Show a summary per file

File	Description
rust/lit-node/lit-node/src/tasks/fsm/utils.rs	Refactored key share proof checking from keyset-based to single pass validation
rust/lit-node/lit-node/src/tasks/fsm/mod.rs	Updated root key handling to use Vec instead of HashMap
rust/lit-node/lit-node/src/tasks/fsm/epoch_change.rs	Changed return type to Result and improved error handling
rust/lit-node/lit-node/src/tss/ecdsa_damfast/mod.rs	Made root_pubkeys parameter optional
rust/lit-core/lit-blockchain/abis/Staking.json	Added CannotKickBelowKeySetThreshold error and reordered NotEnoughValidatorsInNextEpoch
rust/lit-core/Cargo.toml	Pinned scc dependency to specific version 3.3.2
rust/lit-node/lit-node/tests/integration/backup_long.rs	Updated imports for elliptic_curve crate
rust/lit-node/lit-node/tests/component/sign/ecdsa_damfast.rs	Updated function call to pass Option for root keys
rust/lit-core/lit-blockchain/src/contracts/	Updated contract bindings with new bytecode

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot · 2025-11-20T03:19:48Z

rust/lit-node/lit-node/src/tasks/fsm/utils.rs

+                        .map_err(|e| unexpected_err(e, Some("Unable to complain".to_string())))?;
+                } else {
+                    error!(
+                        "Key share proof verification failed for peer {} - curve {}: {:?} - already complainted for this DKG.",


Typo: "complainted" should be "complained".

Copilot · 2025-11-20T03:19:49Z

infrastructure/observability/infrastructure/index.ts

+import * as fs from 'fs';
+import * as path from 'path';
+import * as crypto from 'crypto';
+import { env } from 'process';


Unused import env.

Suggested change

import { env } from 'process';

Copilot · 2025-11-20T03:19:49Z

infrastructure/observability/infrastructure/index.ts

+    }
+  );
+
+  const schedulerJob = new gcp.cloudscheduler.Job(


Unused variable schedulerJob.

Suggested change

const schedulerJob = new gcp.cloudscheduler.Job(

new gcp.cloudscheduler.Job(

Copilot · 2025-11-20T03:19:49Z

infrastructure/observability/irm/escalations.ts

+  );
+
+  // Create the escalations.
+  const declareIncident = new grafana.oncall.Escalation(


Unused variable declareIncident.

Suggested change

const declareIncident = new grafana.oncall.Escalation(

new grafana.oncall.Escalation(

Copilot · 2025-11-20T03:19:49Z

infrastructure/observability/infrastructure/index.ts

+
+function setupPermissionsForCloudRunJob(cloudRunServiceAccount: Account) {
+  // Grant the Cloud Run Job's service account the role to publish metrics
+  const metricWriterRole = new gcp.projects.IAMBinding(


Unused variable metricWriterRole.

Suggested change

const metricWriterRole = new gcp.projects.IAMBinding(

new gcp.projects.IAMBinding(

Copilot · 2025-11-20T03:19:57Z