Overview

This release includes security patches and bug fixes for improved network stability and upstream compatibility. All node operators are encouraged to upgrade.

Important: For Insectarium Testnet and MemeCore Mainnet Hardfork Schedule, please refer to v1.15.1 Release Notes.

What's Changed

Security Fixes

[Medium] Transaction Type Validation in TX Announcements

Upstream: go-ethereum PR #33378 (commit 56d201b0f)

Added FilterType validation to prevent processing of unsupported transaction types in NewPooledTransactionHashes messages. Previously, malicious peers could announce transactions with invalid types (0x05-0xFF), causing unnecessary GetPooledTransactions requests and potential resource exhaustion.

Key changes:

• Added FilterType(kind byte) bool method to the SubPool interface
• Renamed hasTx callback to validateMeta for comprehensive metadata validation
• Implemented FilterType in txpool, blobpool, and legacypool subpools
• Modified TxFetcher.Notify() to validate transaction type before scheduling fetch requests

[Low] Error Handling for Invalid Signature Length

Upstream: go-ethereum PR #33647 (commit 8fad02ac6)

Changed decodeSignature() function to return an error instead of panic when signature length is not 65 bytes. This prevents potential node crashes from malformed transactions with invalid signatures.

Key changes:

• Modified decodeSignature() return type from (r, s, v *big.Int) to (r, s, v *big.Int, err error)
• Updated all callers: modernSigner.SignatureValues(), EIP155Signer.SignatureValues(), FrontierSigner.SignatureValues(), SignSetCode()
• Added unit test TestSignatureValuesError to verify error handling

Bug Fixes

RLP Backward Compatibility with v1.14

Fixed an issue where environment.copy() in the miner was converting nil sidecars slice to an empty slice via make(BlobSidecars, 0). This caused RLP encoding to include the Sidecars field even before CanPraTree hardfork activation.

Root cause analysis:

• In Go, nil slice returns IsZero()=true and is omitted in RLP optional fields
• Empty slice returns IsZero()=false and is included in RLP encoding
• v1.14 expects 4 fields in extblock/BlockBody, while v1.15 has 5 fields
• v1.14 nodes rejected v1.15 blocks with error "too many elements for extblock"
• Peer connections were forcibly terminated on RLP decode error

Impact before fix:

• All block propagation between v1.15 and v1.14 nodes failed pre-hardfork
• Both NewBlockMsg (0x07) and BlockBodiesMsg (0x06) were affected
• Network segregation between v1.14 and v1.15 nodes occurred

Resolution:

• Added nil check before copying sidecars: if env.sidecars != nil { ... }
• Nil sidecars remain nil, preserving RLP backward compatibility
• Post-hardfork (CanPraTree) behavior unchanged as IsCancun sets empty slice explicitly

Downloader Test Failure

Fixed unit test failure in eth/downloader/downloader_test.go caused by upstream changes. The testHighTDStarvationAttack test was updated to use a longer chain (200 blocks) and adjusted TD value to properly trigger the stalling peer detection in both full sync and snap sync modes.

Maintenance

Go Version Update and Filter Test Fix

Updated Go version requirement from 1.23.0 to 1.24.0 in go.mod to support the new b.Loop() benchmark API. Also updated expected hash values in filter_test.go to match gmeme's InitialBaseFee configuration (1500 gwei vs geth's 1 gwei), which affects transaction hash calculations in test fixtures.

Upgrade Notes

This upgrade is recommended for all node operators.

• The RLP compatibility fix is important for networks running mixed v1.14/v1.15 node versions before CanPraTree activation
• The security fixes prevent potential DoS vectors and node crashes from malformed network messages
• No changes to existing Gmeme configuration required; drop-in replacement for v1.15.1
• After Gmeme upgrading, nodes will properly interoperate with both v1.14 and v1.15 peers