From 7d9c3a51db0d81b65363471ff93bfc2f7b469f91 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:06 -0600
Subject: [PATCH 01/22] script: DD opcodes are BIP342 OP_SUCCESSx until
 SCRIPT_VERIFY_DIGIDOLLAR active (RH-54)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Before this fix, IsOpSuccess() statically excluded 0xbb..0xbf from the
OP_SUCCESSx range. This broke BIP342 forward-compatibility: old nodes
that don't know SCRIPT_VERIFY_DIGIDOLLAR should see these bytes as
unconditional successes, not execute them.

Fix: restore the full BIP342 OP_SUCCESSx set in IsOpSuccess(). Add
IsOpSuccessForFlags() in the interpreter that short-circuits only when
SCRIPT_VERIFY_DIGIDOLLAR is NOT active — so pre-activation nodes keep
OP_SUCCESSx semantics and post-activation nodes evaluate the opcodes.
Also adds a Tapscript-only guard: DD opcodes return BAD_OPCODE in
legacy/witness-v0 script contexts regardless of the activation flag.
---
 src/script/interpreter.cpp | 50 +++++++++++++++++++++++++++-----------
 src/script/script.cpp      | 15 ++++--------
 src/script/script.h        | 12 ++++-----
 3 files changed, 47 insertions(+), 30 deletions(-)

diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index 8424b5fb24..71d66eca50 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -436,6 +436,22 @@ static bool EvalChecksig(const valtype& sig, const valtype& pubkey, CScript::con
 // OP_CHECKPRICE to fail closed — no hardcoded fallback of any kind.
 GetOracleConsensusPriceFn g_get_oracle_consensus_price = nullptr;
 
+static bool IsDigiDollarOpcode(opcodetype opcode)
+{
+    return opcode >= OP_DIGIDOLLAR && opcode <= OP_ORACLE;
+}
+
+static bool IsOpSuccessForFlags(opcodetype opcode, unsigned int flags)
+{
+    // DigiDollar opcodes are BIP342 OP_SUCCESSx before activation, exactly as
+    // old Taproot nodes see them. Once SCRIPT_VERIFY_DIGIDOLLAR is active they
+    // are removed from OP_SUCCESSx and evaluated by the stricter new rules.
+    if (IsDigiDollarOpcode(opcode) && (flags & SCRIPT_VERIFY_DIGIDOLLAR)) {
+        return false;
+    }
+    return IsOpSuccess(opcode);
+}
+
 bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker, SigVersion sigversion, ScriptExecutionData& execdata, ScriptError* serror)
 {
     static const CScriptNum bnZero(0);
@@ -635,10 +651,14 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                 // DigiDollar specific opcodes
                 case OP_DIGIDOLLAR:
                 {
-                    // CRITICAL FIX: Check flag BEFORE stack validation to avoid consensus split
+                    if (sigversion != SigVersion::TAPSCRIPT) {
+                        return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
+                    }
+                    // Before activation, these bytes are still BIP342 OP_SUCCESSx.
+                    // ExecuteWitnessScript normally short-circuits before EvalScript;
+                    // keep direct EvalScript callers compatible too.
                     if (!(flags & SCRIPT_VERIFY_DIGIDOLLAR)) {
-                        // Behave as NOP when flag is not set (soft fork compatibility)
-                        break;
+                        return set_success(serror);
                     }
 
                     // CRITICAL FIX: Read DD amount from SCRIPT (next element), not from stack
@@ -667,9 +687,11 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
 
                 case OP_DDVERIFY:
                 {
+                    if (sigversion != SigVersion::TAPSCRIPT) {
+                        return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
+                    }
                     if (!(flags & SCRIPT_VERIFY_DIGIDOLLAR)) {
-                        // Behave as NOP when flag is not set (soft fork compatibility)
-                        break;
+                        return set_success(serror);
                     }
 
                     // Verify DigiDollar conditions
@@ -685,10 +707,11 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
 
                 case OP_CHECKPRICE:
                 {
-                    // CRITICAL FIX: Check flag BEFORE stack validation to avoid consensus split
+                    if (sigversion != SigVersion::TAPSCRIPT) {
+                        return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
+                    }
                     if (!(flags & SCRIPT_VERIFY_DIGIDOLLAR)) {
-                        // Behave as NOP when flag is not set (soft fork compatibility)
-                        break;
+                        return set_success(serror);
                     }
 
                     // Stack: <price>
@@ -725,12 +748,11 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
 
                 case OP_CHECKCOLLATERAL:
                 {
-                    // CRITICAL FIX: Check flag BEFORE stack validation AND do NOT pop stack in NOP mode
-                    // Popping stack when flag not set causes CONSENSUS SPLIT!
+                    if (sigversion != SigVersion::TAPSCRIPT) {
+                        return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
+                    }
                     if (!(flags & SCRIPT_VERIFY_DIGIDOLLAR)) {
-                        // Behave as TRUE NOP when flag is not set (soft fork compatibility)
-                        // DO NOT touch stack - that would cause consensus split!
-                        break;
+                        return set_success(serror);
                     }
 
                     // Stack: <ratio> <threshold>
@@ -1963,7 +1985,7 @@ static bool ExecuteWitnessScript(const Span<const valtype>& stack_span, const CS
                 return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
             }
             // New opcodes will be listed here. May use a different sigversion to modify existing opcodes.
-            if (IsOpSuccess(opcode)) {
+            if (IsOpSuccessForFlags(opcode, flags)) {
                 if (flags & SCRIPT_VERIFY_DISCOURAGE_OP_SUCCESS) {
                     return set_error(serror, SCRIPT_ERR_DISCOURAGE_OP_SUCCESS);
                 }
diff --git a/src/script/script.cpp b/src/script/script.cpp
index dca4fd9f10..b3b1cd93bc 100644
--- a/src/script/script.cpp
+++ b/src/script/script.cpp
@@ -149,6 +149,7 @@ std::string GetOpName(opcodetype opcode)
     case OP_DDVERIFY               : return "OP_DDVERIFY";
     case OP_CHECKPRICE             : return "OP_CHECKPRICE";
     case OP_CHECKCOLLATERAL        : return "OP_CHECKCOLLATERAL";
+    case OP_ORACLE                 : return "OP_ORACLE";
 
     case OP_INVALIDOPCODE          : return "OP_INVALIDOPCODE";
 
@@ -341,16 +342,10 @@ bool GetScriptOp(CScriptBase::const_iterator& pc, CScriptBase::const_iterator en
 
 bool IsOpSuccess(const opcodetype& opcode)
 {
-    // CRITICAL: Exclude DigiDollar opcodes (0xbb-0xbf) from OP_SUCCESSx range
-    // These opcodes are used for DigiDollar redemption scripts and must be executed.
-    // OP_ORACLE (0xbf) is a marker opcode used in coinbase OP_RETURN outputs; if it
-    // were OP_SUCCESS in Tapscript, any leaf containing it would be unconditionally
-    // spendable. See rh54_op_oracle_opsuccess_tests for PoC.
-    if (opcode >= OP_DIGIDOLLAR && opcode <= OP_ORACLE) {
-        return false;  // 0xbb OP_DIGIDOLLAR, 0xbc OP_DDVERIFY, 0xbd OP_CHECKPRICE,
-                       // 0xbe OP_CHECKCOLLATERAL, 0xbf OP_ORACLE
-    }
-
+    // BIP342 raw OP_SUCCESSx set. DigiDollar uses 0xbb..0xbf, which are in
+    // this range, as future-upgrade Tapscript opcodes. They remain OP_SUCCESSx
+    // until SCRIPT_VERIFY_DIGIDOLLAR is active; the interpreter applies that
+    // activation flag when deciding whether to short-circuit or execute them.
     return opcode == 80 || opcode == 98 || (opcode >= 126 && opcode <= 129) ||
            (opcode >= 131 && opcode <= 134) || (opcode >= 137 && opcode <= 138) ||
            (opcode >= 141 && opcode <= 142) || (opcode >= 149 && opcode <= 153) ||
diff --git a/src/script/script.h b/src/script/script.h
index 48e92a9386..e45dea83c7 100644
--- a/src/script/script.h
+++ b/src/script/script.h
@@ -206,12 +206,12 @@ enum opcodetype
     // Opcode added by BIP 342 (Tapscript)
     OP_CHECKSIGADD = 0xba,
 
-    // DigiDollar specific opcodes (using OP_NOP slots for soft fork)
-    OP_DIGIDOLLAR = 0xbb,       // OP_NOP11 - Marks DD outputs
-    OP_DDVERIFY = 0xbc,         // OP_NOP12 - Verify DD conditions
-    OP_CHECKPRICE = 0xbd,       // OP_NOP13 - Check oracle price
-    OP_CHECKCOLLATERAL = 0xbe,  // OP_NOP14 - Verify collateral ratio
-    OP_ORACLE = 0xbf,           // OP_NOP15 - Oracle price data marker
+    // DigiDollar specific opcodes (using Tapscript OP_SUCCESSx slots for soft fork)
+    OP_DIGIDOLLAR = 0xbb,       // Marks DD outputs / payloads
+    OP_DDVERIFY = 0xbc,         // Verify DD conditions
+    OP_CHECKPRICE = 0xbd,       // Check oracle price
+    OP_CHECKCOLLATERAL = 0xbe,  // Verify collateral ratio
+    OP_ORACLE = 0xbf,           // Oracle price data marker
 
     OP_INVALIDOPCODE = 0xff,
 };

From 424645e40cff2471bfde41246922c34b8d3b7fea Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:16 -0600
Subject: [PATCH 02/22] digidollar: canonical P2TR check, remove
 skipOracleValidation bypass (RH-113, RH-114, RH-115)

Three related fixes to validation.cpp:

RH-114: IdentifyScriptType() and all P2TR output detection sites used a
fragile 34-byte + OP_1 heuristic. A 34-byte script starting with OP_1
but missing the required OP_PUSHBYTES_32 opcode (an impostor) was
accepted as a DD output. Replaced with IsCanonicalP2TROutput() which
calls IsWitnessProgram() for the proper BIP341 check.

RH-115: Oracle price validation and collateral ratio checks were wrapped
in `if (!ctx.skipOracleValidation)`. This let IBD/catch-up nodes accept
mints that caught-up nodes reject, creating a potential chain split.
Collateral and oracle checks are now unconditional.

RH-113: FindDDOpReturn() returned the first legacy OP_DIGIDOLLAR marker
it found and never looked for the modern "DD" pushdata format. A tx with
both formats would use the legacy one. Now the modern format wins; legacy
is only returned if no modern marker is present.
---
 src/digidollar/validation.cpp | 322 +++++++++++++++++++---------------
 1 file changed, 184 insertions(+), 138 deletions(-)

diff --git a/src/digidollar/validation.cpp b/src/digidollar/validation.cpp
index 3398008fe6..fe2298e1f8 100644
--- a/src/digidollar/validation.cpp
+++ b/src/digidollar/validation.cpp
@@ -57,13 +57,22 @@ struct ValidationCache {
 // Global validation cache instance
 static ValidationCache g_validationCache;
 
+static bool IsCanonicalP2TROutput(const CScript& script)
+{
+    int witnessVersion = -1;
+    std::vector<unsigned char> witnessProgram;
+    return script.IsWitnessProgram(witnessVersion, witnessProgram) &&
+           witnessVersion == 1 &&
+           witnessProgram.size() == WITNESS_V1_TAPROOT_SIZE;
+}
+
 // ============================================================================
 // Script Analysis Functions
 // ============================================================================
 
 ScriptType IdentifyScriptType(const CScript& script) {
     // Quick rejection for obviously non-P2TR scripts
-    if (script.size() != 34 || script[0] != OP_1) {
+    if (!IsCanonicalP2TROutput(script)) {
         return ScriptType::NOT_DIGIDOLLAR;
     }
 
@@ -167,6 +176,8 @@ bool ExtractDDAmount(const CScript& script, CAmount& amount) {
 }
 
 int FindDDOpReturn(const CTransaction& tx) {
+    int legacyIdx = -1;
+
     for (size_t i = 0; i < tx.vout.size(); i++) {
         const CScript& script = tx.vout[i].scriptPubKey;
         if (script.size() < 2) continue;
@@ -174,7 +185,10 @@ int FindDDOpReturn(const CTransaction& tx) {
 
         // Format 1: OP_RETURN OP_DIGIDOLLAR ...
         if (script.size() >= 2 && script[1] == OP_DIGIDOLLAR) {
-            return static_cast<int>(i);
+            if (legacyIdx < 0) {
+                legacyIdx = static_cast<int>(i);
+            }
+            continue;
         }
 
         // Format 2: OP_RETURN <pushdata "DD"> ...
@@ -190,7 +204,8 @@ int FindDDOpReturn(const CTransaction& tx) {
             return static_cast<int>(i);
         }
     }
-    return -1;
+
+    return legacyIdx;
 }
 
 /**
@@ -326,8 +341,8 @@ static bool ExtractDDAmountFromTxRef(const CTransactionRef& prev_tx, const COutP
         if (txout.scriptPubKey.size() > 0 && txout.scriptPubKey[0] == OP_RETURN) continue;
         if (txout.nValue != 0) continue;
 
-        // Check if it's a P2TR output (OP_1 + 32 bytes = DD output)
-        if (txout.scriptPubKey.size() == 34 && txout.scriptPubKey[0] == OP_1) {
+        // Check if it's a canonical P2TR output (OP_1 OP_PUSHBYTES_32 <xonly>)
+        if (IsCanonicalP2TROutput(txout.scriptPubKey)) {
             if (n == prevout.n) {
                 // Found the matching output
                 if (dd_output_idx < dd_amounts.size()) {
@@ -410,7 +425,7 @@ bool ExtractMintAccountingAmounts(const CTransaction& tx,
             continue;
         }
 
-        if (out.scriptPubKey.size() == 34 && out.scriptPubKey[0] == OP_1) {
+        if (IsCanonicalP2TROutput(out.scriptPubKey)) {
             collateralOutputs++;
             collateralAmount = out.nValue;
         }
@@ -750,8 +765,10 @@ bool ValidateMintTransaction(const CTransaction& tx,
         return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-mint-outputs");
     }
 
-    // 2. Oracle price validation (skip for historical blocks)
-    if (!ctx.skipOracleValidation && ctx.oraclePriceMicroUSD <= 0) {
+    // 2. Oracle price validation. This is consensus-critical for every mint:
+    // local sync state must not allow IBD/catch-up nodes to accept mints that
+    // caught-up nodes reject for missing deterministic oracle data.
+    if (ctx.oraclePriceMicroUSD <= 0) {
         LogPrintf("DigiDollar: Invalid oracle price: %d\n", ctx.oraclePriceMicroUSD);
         return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-oracle-price");
     }
@@ -787,7 +804,7 @@ bool ValidateMintTransaction(const CTransaction& tx,
 
         // Phase 1 workaround: Identify outputs by structure since metadata doesn't cross nodes
         // P2TR outputs: collateral has value > 0, DD token has value = 0
-        bool isP2TR = (output.scriptPubKey.size() == 34 && output.scriptPubKey[0] == OP_1);
+        bool isP2TR = IsCanonicalP2TROutput(output.scriptPubKey);
         bool isOpReturn = (output.scriptPubKey.size() > 0 && output.scriptPubKey[0] == OP_RETURN);
 
         // Check script type using metadata
@@ -1144,42 +1161,42 @@ bool ValidateMintTransaction(const CTransaction& tx,
         return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-dd-mint-amount");
     }
 
-    // 7. Calculate and verify collateral (skip for historical blocks - oracle price dependent)
+    // 7. Calculate and verify collateral. This remains mandatory even when
+    // skipOracleValidation is set during IBD/catch-up; otherwise block validity
+    // depends on a node-local sync flag.
     CAmount requiredCollateral = 0;
-    if (!ctx.skipOracleValidation) {
-        // SECURITY [T2-01]: Convert absolute lock HEIGHT to relative lock PERIOD for
-        // collateral ratio calculation. The OP_RETURN stores an absolute lockHeight
-        // (currentHeight + lockPeriod), but GetCollateralRatioForLockTime expects a
-        // relative lock period in blocks. Without this conversion, on mainnet (height ~22M)
-        // the absolute height exceeds ALL tier thresholds (max is 10yr = 21M blocks),
-        // causing every lock tier to use the 200% (10-year) ratio instead of its correct
-        // higher ratio. A 1-hour lock would require only 200% instead of 1000% collateral.
-        int64_t lockPeriod = lockTime - ctx.nHeight;
-        if (lockPeriod <= 0) {
-            LogPrintf("DigiDollar: Invalid lock period: lockTime=%lld, height=%d, period=%lld\n",
-                      (long long)lockTime, ctx.nHeight, (long long)lockPeriod);
-            return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-lock-period");
-        }
-
-        requiredCollateral = CalculateRequiredCollateral(totalDD, lockPeriod, ctx);
-        if (requiredCollateral <= 0) {
-            LogPrintf("DigiDollar: Failed to calculate required collateral\n");
-            return state.Invalid(TxValidationResult::TX_CONSENSUS, "collateral-calculation-failed");
-        }
+    // SECURITY [T2-01]: Convert absolute lock HEIGHT to relative lock PERIOD for
+    // collateral ratio calculation. The OP_RETURN stores an absolute lockHeight
+    // (currentHeight + lockPeriod), but GetCollateralRatioForLockTime expects a
+    // relative lock period in blocks. Without this conversion, on mainnet (height ~22M)
+    // the absolute height exceeds ALL tier thresholds (max is 10yr = 21M blocks),
+    // causing every lock tier to use the 200% (10-year) ratio instead of its correct
+    // higher ratio. A 1-hour lock would require only 200% instead of 1000% collateral.
+    int64_t lockPeriod = lockTime - ctx.nHeight;
+    if (lockPeriod <= 0) {
+        LogPrintf("DigiDollar: Invalid lock period: lockTime=%lld, height=%d, period=%lld\n",
+                  (long long)lockTime, ctx.nHeight, (long long)lockPeriod);
+        return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-lock-period");
+    }
+
+    requiredCollateral = CalculateRequiredCollateral(totalDD, lockPeriod, ctx);
+    if (requiredCollateral <= 0) {
+        LogPrintf("DigiDollar: Failed to calculate required collateral\n");
+        return state.Invalid(TxValidationResult::TX_CONSENSUS, "collateral-calculation-failed");
+    }
 
-        // Verify sufficient collateral
-        if (totalCollateral < requiredCollateral) {
-            LogPrintf("DigiDollar: Insufficient collateral: provided %lld, required %lld (totalDD=%lld, lockPeriod=%lld)\n",
-                      (long long)totalCollateral, (long long)requiredCollateral,
-                      (long long)totalDD, (long long)lockPeriod);
-            return state.Invalid(TxValidationResult::TX_CONSENSUS, "insufficient-collateral");
-        }
+    // Verify sufficient collateral
+    if (totalCollateral < requiredCollateral) {
+        LogPrintf("DigiDollar: Insufficient collateral: provided %lld, required %lld (totalDD=%lld, lockPeriod=%lld)\n",
+                  (long long)totalCollateral, (long long)requiredCollateral,
+                  (long long)totalDD, (long long)lockPeriod);
+        return state.Invalid(TxValidationResult::TX_CONSENSUS, "insufficient-collateral");
+    }
 
-        // 8. Additional validation checks
-        if (!ValidateCollateralRatio(totalCollateral, totalDD, lockPeriod, ctx)) {
-            LogPrintf("DigiDollar: Collateral ratio validation failed\n");
-            return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-collateral-ratio");
-        }
+    // 8. Additional validation checks
+    if (!ValidateCollateralRatio(totalCollateral, totalDD, lockPeriod, ctx)) {
+        LogPrintf("DigiDollar: Collateral ratio validation failed\n");
+        return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-collateral-ratio");
     }
 
     // 9. Log successful validation
@@ -1244,8 +1261,15 @@ bool ValidateTransferTransaction(const CTransaction& tx,
             if (!output.scriptPubKey.GetOp(pc, opcode, data)) {
                 return state.Invalid(TxValidationResult::TX_CONSENSUS, "transfer-malformed-op-return");
             }
-            CScriptNum txType(data, true);
-            if (txType.getint() != 2) {
+            int64_t txType = 0;
+            try {
+                CScriptNum txTypeNum(data, true);
+                txType = txTypeNum.GetInt64();
+            } catch (const scriptnum_error&) {
+                return state.Invalid(TxValidationResult::TX_CONSENSUS, "transfer-malformed-op-return",
+                                     "Malformed transfer OP_RETURN transaction type");
+            }
+            if (txType != static_cast<int64_t>(DD_TX_TRANSFER)) {
                 return state.Invalid(TxValidationResult::TX_CONSENSUS, "transfer-opreturn-type-mismatch",
                                      "Transfer OP_RETURN type must match transaction version");
             }
@@ -1253,9 +1277,14 @@ bool ValidateTransferTransaction(const CTransaction& tx,
             // Extract DD amounts
             while (output.scriptPubKey.GetOp(pc, opcode, data)) {
                 if (data.size() > 0) {
-                    // Allow up to 8 bytes for DD amounts (int64_t range)
-                    CScriptNum amount(data, true, 8);
-                    dd_amounts.push_back(amount.GetInt64());
+                    try {
+                        // Allow up to 8 bytes for DD amounts (int64_t range)
+                        CScriptNum amount(data, true, 8);
+                        dd_amounts.push_back(amount.GetInt64());
+                    } catch (const scriptnum_error&) {
+                        return state.Invalid(TxValidationResult::TX_CONSENSUS, "transfer-malformed-op-return",
+                                             "Malformed transfer OP_RETURN DD amount");
+                    }
                 }
             }
         }
@@ -1272,8 +1301,15 @@ bool ValidateTransferTransaction(const CTransaction& tx,
         if (output.scriptPubKey.size() > 0 && output.scriptPubKey[0] == OP_RETURN) continue;
         if (output.nValue != 0) continue;
 
-        // Check if it's a P2TR output (OP_1 + 32 bytes)
-        if (output.scriptPubKey.size() == 34 && output.scriptPubKey[0] == OP_1) {
+        // Reject 34-byte OP_1 impostors instead of treating them as DD outputs.
+        if (output.scriptPubKey.size() == 34 && output.scriptPubKey[0] == OP_1 &&
+            !IsCanonicalP2TROutput(output.scriptPubKey)) {
+            return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-dd-script",
+                                 "DD output must be canonical P2TR");
+        }
+
+        // Check if it's a canonical P2TR output (OP_1 OP_PUSHBYTES_32 <xonly>)
+        if (IsCanonicalP2TROutput(output.scriptPubKey)) {
             if (dd_amount_index >= dd_amounts.size()) {
                 return state.Invalid(TxValidationResult::TX_CONSENSUS, "transfer-dd-output-amount-mismatch");
             }
@@ -1373,6 +1409,14 @@ bool ValidateTransferTransaction(const CTransaction& tx,
             if (found) {
                 inputDD += ddAmt;
                 ddInputCount++;
+            } else if (ctx.coins) {
+                Coin coin;
+                if (ctx.coins->GetCoin(txin.prevout, coin) && coin.out.nValue == 0) {
+                    LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: REJECT - Could not determine DD amount for zero-value input %s:%u\n",
+                             txin.prevout.hash.ToString(), txin.prevout.n);
+                    return state.Invalid(TxValidationResult::TX_CONSENSUS, "dd-input-amounts-unknown",
+                                       "Cannot verify DD conservation: input DD amount undetermined");
+                }
             }
         }
 
@@ -1622,9 +1666,9 @@ bool ValidateRedemptionTransaction(const CTransaction& tx,
             if (output.scriptPubKey.size() > 0 && output.scriptPubKey[0] == OP_RETURN) {
                 continue;
             }
-            // Check if it's a P2TR DD output (nValue=0, starts with OP_1)
+            // Check if it's a canonical P2TR DD output.
             // For DD outputs, use the amount from OP_RETURN metadata if available
-            if (output.scriptPubKey.size() > 1 && output.scriptPubKey[0] == OP_1) {
+            if (IsCanonicalP2TROutput(output.scriptPubKey)) {
                 if (foundOpReturn && ddAmountFromOpReturn > 0) {
                     // Use the authoritative amount from OP_RETURN
                     totalDDOutputs += ddAmountFromOpReturn;
@@ -1837,106 +1881,112 @@ bool ValidateCollateralReleaseAmount(const CTransaction& tx,
         return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-collateral-release-zero-collateral");
     }
 
-    // Extract original DD amount — first try metadata registry, then creating tx lookup.
+    // Extract original DD amount from the creating mint transaction before trusting metadata.
     //
     // SECURITY [T1-08]: The collateral UTXO is a P2TR script (OP_1 + 32 bytes) which does
     // NOT contain the DD amount. During cross-node block validation, the ephemeral metadata
     // registry is empty. Without this fix, the function silently allowed ANY release amount,
     // enabling an attacker to burn 1 cent of DD and steal all locked collateral.
     //
-    // Strategy: 1) metadata registry, 2) txindex, 3) block-db lookup, 4) REJECT
+    // SECURITY [DD-RH-106]: Metadata is mutable process-local state keyed only by script.
+    // A rejected mint with the same owner/lock script but a smaller DD amount can overwrite
+    // that metadata. Prefer the authoritative creating mint transaction whenever available.
+    //
+    // Strategy: 1) txindex, 2) block-db lookup, 3) metadata registry fallback, 4) REJECT.
     CAmount originalDDMinted = 0;
-    if (!ExtractDDAmount(collateralCoin.out.scriptPubKey, originalDDMinted) || originalDDMinted <= 0) {
-        LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Could not extract original DD amount from collateral script, "
-                 "trying creating transaction lookup...\n");
-
-        // Helper: extract DD minted amount from a mint transaction's OP_RETURN
-        auto extractDDFromMintTx = [](const CTransactionRef& prev_tx, CAmount& ddOut) -> bool {
-            // SECURITY [T5-04]: Verify source tx is actually a DD transaction.
-            // Without this check, a regular (non-DD) tx with a crafted DD OP_RETURN
-            // could be treated as a legitimate mint, allowing an attacker to set
-            // originalDDMinted to an arbitrary (e.g. trivially small) value.
-            // This is consistent with ExtractDDAmountFromTxRef() which also checks
-            // HasDigiDollarMarker, and isCollateralOutput (T2-06b) which checks nVersion.
-            if (!DigiDollar::HasDigiDollarMarker(*prev_tx)) {
-                return false;
-            }
-            // Also verify it's a MINT transaction (type byte = 1 in upper nVersion bits)
-            if (DigiDollar::GetDigiDollarTxType(*prev_tx) != DD_TX_MINT) {
-                return false;
-            }
-            for (const auto& vout : prev_tx->vout) {
-                if (vout.scriptPubKey.size() == 0 || vout.scriptPubKey[0] != OP_RETURN) continue;
+    bool found = false;
+
+    // Helper: extract DD minted amount from a mint transaction's OP_RETURN.
+    auto extractDDFromMintTx = [](const CTransactionRef& prev_tx, CAmount& ddOut) -> bool {
+        // SECURITY [T5-04]: Verify source tx is actually a DD transaction.
+        // Without this check, a regular (non-DD) tx with a crafted DD OP_RETURN
+        // could be treated as a legitimate mint, allowing an attacker to set
+        // originalDDMinted to an arbitrary (e.g. trivially small) value.
+        // This is consistent with ExtractDDAmountFromTxRef() which also checks
+        // HasDigiDollarMarker, and isCollateralOutput (T2-06b) which checks nVersion.
+        if (!DigiDollar::HasDigiDollarMarker(*prev_tx)) {
+            return false;
+        }
+        // Also verify it's a MINT transaction (type byte = 1 in upper nVersion bits)
+        if (DigiDollar::GetDigiDollarTxType(*prev_tx) != DD_TX_MINT) {
+            return false;
+        }
+        for (const auto& vout : prev_tx->vout) {
+            if (vout.scriptPubKey.empty() || vout.scriptPubKey[0] != OP_RETURN) continue;
 
-                CScript::const_iterator pc = vout.scriptPubKey.begin();
-                opcodetype opcode;
-                std::vector<unsigned char> data;
+            CScript::const_iterator pc = vout.scriptPubKey.begin();
+            opcodetype opcode;
+            std::vector<unsigned char> data;
 
-                if (!vout.scriptPubKey.GetOp(pc, opcode)) continue; // Skip OP_RETURN
-                if (!vout.scriptPubKey.GetOp(pc, opcode, data)) continue;
-                if (data.size() != 2 || data[0] != 'D' || data[1] != 'D') continue;
+            if (!vout.scriptPubKey.GetOp(pc, opcode)) continue; // Skip OP_RETURN
+            if (!vout.scriptPubKey.GetOp(pc, opcode, data)) continue;
+            if (data.size() != 2 || data[0] != 'D' || data[1] != 'D') continue;
 
-                // Read tx type
-                if (!vout.scriptPubKey.GetOp(pc, opcode, data)) continue;
-                int64_t txType = 0;
-                if (data.size() > 0) {
-                    try {
-                        CScriptNum txTypeNum(data, true);
-                        txType = txTypeNum.GetInt64();
-                    } catch (const scriptnum_error&) { continue; }
-                }
+            // Read tx type
+            if (!vout.scriptPubKey.GetOp(pc, opcode, data)) continue;
+            int64_t txType = 0;
+            if (!data.empty()) {
+                try {
+                    CScriptNum txTypeNum(data, true);
+                    txType = txTypeNum.GetInt64();
+                } catch (const scriptnum_error&) { continue; }
+            }
 
-                // Only process MINT (type 1) — that's the transaction that created collateral
-                if (txType != 1) continue;
+            // Only process MINT (type 1) — that's the transaction that created collateral
+            if (txType != 1) continue;
 
-                // Read DD amount (first push after type for mint)
-                if (vout.scriptPubKey.GetOp(pc, opcode, data) && data.size() > 0) {
-                    try {
-                        CScriptNum scriptNum(data, true, 8);
-                        ddOut = scriptNum.GetInt64();
-                        return ddOut > 0;
-                    } catch (const scriptnum_error&) {}
-                }
+            // Read DD amount (first push after type for mint)
+            if (vout.scriptPubKey.GetOp(pc, opcode, data) && !data.empty()) {
+                try {
+                    CScriptNum scriptNum(data, true, 8);
+                    ddOut = scriptNum.GetInt64();
+                    return ddOut > 0;
+                } catch (const scriptnum_error&) {}
             }
-            return false;
-        };
-
-        bool found = false;
-
-        // Try txindex (authoritative — reads creating tx from indexed database)
-        if (!found && g_txindex) {
-            uint256 block_hash;
-            CTransactionRef prev_tx;
-            if (g_txindex->FindTx(tx.vin[0].prevout.hash, block_hash, prev_tx)) {
-                found = extractDDFromMintTx(prev_tx, originalDDMinted);
-                if (found) {
-                    LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Extracted original DD minted (%lld) from txindex\n",
-                             (long long)originalDDMinted);
-                }
+        }
+        return false;
+    };
+
+    // Try txindex (authoritative — reads creating tx from indexed database)
+    if (!found && g_txindex) {
+        uint256 block_hash;
+        CTransactionRef prev_tx;
+        if (g_txindex->FindTx(tx.vin[0].prevout.hash, block_hash, prev_tx)) {
+            found = extractDDFromMintTx(prev_tx, originalDDMinted);
+            if (found) {
+                LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Extracted original DD minted (%lld) from txindex\n",
+                         (long long)originalDDMinted);
             }
         }
+    }
 
-        // Try block-db lookup (universal fallback — every full node has every block)
-        if (!found && ctx.txLookup) {
-            CTransactionRef prev_tx;
-            if (ctx.txLookup(tx.vin[0].prevout.hash, collateralCoin.nHeight, prev_tx)) {
-                found = extractDDFromMintTx(prev_tx, originalDDMinted);
-                if (found) {
-                    LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Extracted original DD minted (%lld) from block db\n",
-                             (long long)originalDDMinted);
-                }
+    // Try block-db lookup (universal fallback — every full node has every block)
+    if (!found && ctx.txLookup) {
+        CTransactionRef prev_tx;
+        if (ctx.txLookup(tx.vin[0].prevout.hash, collateralCoin.nHeight, prev_tx)) {
+            found = extractDDFromMintTx(prev_tx, originalDDMinted);
+            if (found) {
+                LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Extracted original DD minted (%lld) from block db\n",
+                         (long long)originalDDMinted);
             }
         }
+    }
 
-        if (!found || originalDDMinted <= 0) {
-            // SECURITY: REJECT if we cannot determine original DD amount.
-            // A consensus rule must never be silently bypassed.
-            LogPrintf("DigiDollar: SECURITY [T1-08] - Cannot determine original DD minted amount "
-                      "for collateral at %s:%d. Rejecting to prevent collateral theft.\n",
-                      tx.vin[0].prevout.hash.ToString(), tx.vin[0].prevout.n);
-            return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-collateral-release-unknown-dd-amount",
-                               "Cannot verify proportional collateral release: original DD amount undetermined");
-        }
+    // Last resort for legacy/unit-test contexts that lack tx lookup. This is intentionally
+    // after authoritative sources because script metadata can be overwritten by failed mints
+    // that reuse the same collateral script.
+    if (!found && ExtractDDAmount(collateralCoin.out.scriptPubKey, originalDDMinted) && originalDDMinted > 0) {
+        found = true;
+    }
+
+    if (!found || originalDDMinted <= 0) {
+        // SECURITY: REJECT if we cannot determine original DD amount.
+        // A consensus rule must never be silently bypassed.
+        LogPrintf("DigiDollar: SECURITY [T1-08] - Cannot determine original DD minted amount "
+                  "for collateral at %s:%d. Rejecting to prevent collateral theft.\n",
+                  tx.vin[0].prevout.hash.ToString(), tx.vin[0].prevout.n);
+        return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-collateral-release-unknown-dd-amount",
+                           "Cannot verify proportional collateral release: original DD amount undetermined");
     }
 
     // SECURITY [T2-03]: Require full DD burn for collateral release.
@@ -2003,9 +2053,7 @@ bool ValidateCollateralReleaseAmount(const CTransaction& tx,
                 if (outputIndex >= prev_tx->vout.size()) return false;
 
                 const CTxOut& candidate = prev_tx->vout[outputIndex];
-                if (candidate.nValue <= 0 ||
-                    candidate.scriptPubKey.size() != 34 ||
-                    candidate.scriptPubKey[0] != OP_1) {
+                if (candidate.nValue <= 0 || !IsCanonicalP2TROutput(candidate.scriptPubKey)) {
                     return false;
                 }
 
@@ -2014,9 +2062,7 @@ bool ValidateCollateralReleaseAmount(const CTransaction& tx,
                 int collateralCount = 0;
                 for (uint32_t candidateIndex = 0; candidateIndex < prev_tx->vout.size(); ++candidateIndex) {
                     const CTxOut& vout = prev_tx->vout[candidateIndex];
-                    if (vout.nValue > 0 &&
-                        vout.scriptPubKey.size() == 34 &&
-                        vout.scriptPubKey[0] == OP_1) {
+                    if (vout.nValue > 0 && IsCanonicalP2TROutput(vout.scriptPubKey)) {
                         collateralIndex = candidateIndex;
                         collateralCount++;
                     }

From 1747ed40948fb4859ee6d830f4c74903c13e39c5 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:24 -0600
Subject: [PATCH 03/22] validation: move DD mempool check after input caching,
 re-validate on reorg (RH-121)

Two fixes to src/validation.cpp:

DD contextual validation in PreChecks() was running before CheckTxInputs()
cached the input coins. This meant DD validation used CoinsTip() directly,
missing unconfirmed parents and allowing stale txindex data to resolve DD
amounts across reorgs. Moved DD validation to after CheckTxInputs() so it
uses the mempool-aware view with all inputs already fetched.

MaybeUpdateMempoolForReorg() now re-validates DD transactions when
resurrecting them after a reorg. A DD tx valid on the old chain may have
depended on a collateral vault or oracle state that no longer exists on
the new chain. Without re-validation, invalid DD txs could re-enter the
mempool and cause downstream failures.

Also moved the non-final tx check to before DD validation so non-final
DD transactions are cheaply rejected without triggering oracle lookups.
---
 src/validation.cpp | 128 +++++++++++++++++++++++++++++----------------
 1 file changed, 84 insertions(+), 44 deletions(-)

diff --git a/src/validation.cpp b/src/validation.cpp
index f62560ef8a..fc2c75c681 100644
--- a/src/validation.cpp
+++ b/src/validation.cpp
@@ -437,6 +437,44 @@ void Chainstate::MaybeUpdateMempoolForReorg(
                 }
             }
         }
+
+        if (DigiDollar::HasDigiDollarMarker(tx)) {
+            CCoinsViewMemPool view_mempool{&CoinsTip(), *m_mempool};
+            CCoinsViewCache dd_view{&view_mempool};
+            auto txLookup = [this](const uint256& txid, uint32_t coinHeight, CTransactionRef& tx_out) -> bool {
+                AssertLockHeld(cs_main);
+                const CBlockIndex* pblockindex = m_chain[coinHeight];
+                if (!pblockindex) return false;
+                CBlock block;
+                if (!m_blockman.ReadBlockFromDisk(block, *pblockindex)) return false;
+                for (const auto& btx : block.vtx) {
+                    if (btx->GetHash() == txid) {
+                        tx_out = btx;
+                        return true;
+                    }
+                }
+                return false;
+            };
+
+            TxValidationState dd_state;
+            DigiDollar::ValidationContext ddContext(
+                m_chain.Height() + 1,
+                GetOraclePriceForTransaction(tx),
+                DigiDollar::GetSystemCollateralRatio(),
+                m_chainman.GetParams(),
+                &dd_view,
+                false,
+                txLookup,
+                m_mempool
+            );
+
+            if (!DigiDollar::ValidateDigiDollarTransaction(tx, ddContext, dd_state)) {
+                LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Removing reorg-resurrected tx %s after DD revalidation failed: %s\n",
+                         tx.GetHash().ToString(), dd_state.GetRejectReason());
+                return true;
+            }
+        }
+
         // Transaction is still valid and cached LockPoints are updated.
         return false;
     };
@@ -776,8 +814,15 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
         return false; // state filled in by CheckTransaction
     }
 
-    // DigiDollar consensus validation with blockchain context
-    if (DigiDollar::HasDigiDollarMarker(tx)) {
+    // Only accept nLockTime-using transactions that can be mined in the next
+    // block; keep this before DigiDollar contextual validation so non-final DD
+    // transactions cannot force oracle/block-db validation work.
+    if (!CheckFinalTxAtTip(*Assert(m_active_chainstate.m_chain.Tip()), tx)) {
+        return state.Invalid(TxValidationResult::TX_PREMATURE_SPEND, "non-final");
+    }
+
+    const bool is_digidollar_tx = DigiDollar::HasDigiDollarMarker(tx);
+    if (is_digidollar_tx) {
         // RH-36c: Early reject invalid DD tx types BEFORE expensive oracle/block-DB lookups.
         // Transactions with the 0x0770 marker but invalid type (>= DD_TX_MAX) would
         // otherwise trigger full oracle price lookup + block reads before eventual rejection.
@@ -793,41 +838,6 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
             return state.Invalid(TxValidationResult::TX_CONSENSUS, "digidollar-not-active",
                                "DigiDollar features not yet activated");
         }
-
-        // Create validation context with current blockchain state
-        // Pass coins tip for UTXO lookup in DD redemption validation
-        // Include block-db tx lookup for DD amount extraction without txindex
-        auto txLookup = [this](const uint256& txid, uint32_t coinHeight, CTransactionRef& tx_out) -> bool {
-            AssertLockHeld(cs_main);
-            const CBlockIndex* pblockindex = m_active_chainstate.m_chain[coinHeight];
-            if (!pblockindex) return false;
-            CBlock block;
-            if (!m_active_chainstate.m_blockman.ReadBlockFromDisk(block, *pblockindex)) return false;
-            for (const auto& btx : block.vtx) {
-                if (btx->GetHash() == txid) {
-                    tx_out = btx;
-                    return true;
-                }
-            }
-            return false;
-        };
-
-        DigiDollar::ValidationContext ddContext(
-            m_active_chainstate.m_chain.Height() + 1,  // Height for next block
-            GetOraclePriceForTransaction(tx),           // Current oracle price
-            DigiDollar::GetSystemCollateralRatio(),     // System health
-            args.m_chainparams,                          // Chain parameters
-            &m_active_chainstate.CoinsTip(),             // Coins view for UTXO lookup
-            false,                                       // Don't skip oracle validation in mempool
-            txLookup,                                    // Block-db tx lookup for DD amounts
-            &m_pool                                      // Mempool for unconfirmed DD input lookup
-        );
-
-        if (!DigiDollar::ValidateDigiDollarTransaction(tx, ddContext, state)) {
-            LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Transaction validation failed (txid: %s): %s\n",
-                     hash.ToString(), state.GetRejectReason());
-            return false; // state filled in by DigiDollar validation
-        }
     }
 
     // Coinbase is only valid in a block, not as a loose transaction
@@ -844,13 +854,6 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
     if (::GetSerializeSize(tx, PROTOCOL_VERSION | SERIALIZE_TRANSACTION_NO_WITNESS) < MIN_STANDARD_TX_NONWITNESS_SIZE)
         return state.Invalid(TxValidationResult::TX_NOT_STANDARD, "tx-size-small");
 
-    // Only accept nLockTime-using transactions that can be mined in the next
-    // block; we don't want our mempool filled up with transactions that can't
-    // be mined yet.
-    if (!CheckFinalTxAtTip(*Assert(m_active_chainstate.m_chain.Tip()), tx)) {
-        return state.Invalid(TxValidationResult::TX_PREMATURE_SPEND, "non-final");
-    }
-
     if (m_pool.exists(GenTxid::Wtxid(tx.GetWitnessHash()))) {
         // Exact transaction already exists in the mempool.
         return state.Invalid(TxValidationResult::TX_CONFLICT, "txn-already-in-mempool");
@@ -941,6 +944,43 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
         return false; // state filled in by CheckTxInputs
     }
 
+    // DigiDollar contextual validation must use the mempool-aware view after
+    // inputs have been cached. Passing CoinsTip() here would miss unconfirmed
+    // parents and let stale txindex data resolve DD amounts across reorgs.
+    if (is_digidollar_tx) {
+        auto txLookup = [this](const uint256& txid, uint32_t coinHeight, CTransactionRef& tx_out) -> bool {
+            AssertLockHeld(cs_main);
+            const CBlockIndex* pblockindex = m_active_chainstate.m_chain[coinHeight];
+            if (!pblockindex) return false;
+            CBlock block;
+            if (!m_active_chainstate.m_blockman.ReadBlockFromDisk(block, *pblockindex)) return false;
+            for (const auto& btx : block.vtx) {
+                if (btx->GetHash() == txid) {
+                    tx_out = btx;
+                    return true;
+                }
+            }
+            return false;
+        };
+
+        DigiDollar::ValidationContext ddContext(
+            m_active_chainstate.m_chain.Height() + 1,  // Height for next block
+            GetOraclePriceForTransaction(tx),           // Current oracle price
+            DigiDollar::GetSystemCollateralRatio(),     // System health
+            args.m_chainparams,                         // Chain parameters
+            &m_view,                                    // Mempool-aware coins view
+            false,                                      // Don't skip oracle validation in mempool
+            txLookup,                                   // Block-db tx lookup for DD amounts
+            &m_pool                                     // Mempool for unconfirmed DD input lookup
+        );
+
+        if (!DigiDollar::ValidateDigiDollarTransaction(tx, ddContext, state)) {
+            LogPrint(BCLog::DIGIDOLLAR, "DigiDollar: Transaction validation failed (txid: %s): %s\n",
+                     hash.ToString(), state.GetRejectReason());
+            return false; // state filled in by DigiDollar validation
+        }
+    }
+
     // Check for non-standard pay-to-script-hash in inputs
     const bool taproot_active = DeploymentActiveAfter(m_active_chainstate.m_chain.Tip(), m_active_chainstate.m_chainman, Consensus::DEPLOYMENT_TAPROOT);
     if (m_pool.m_require_standard && !AreInputsStandard(tx, m_view, taproot_active)) {

From e229ae6e8bb52efafada3811f2bf4eba5205d0ea Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:32 -0600
Subject: [PATCH 04/22] oracle: reject duplicate oracle outputs in coinbase,
 harden bundle parse (RH-29)

A coinbase with more than one OP_RETURN OP_ORACLE output was accepted;
only the first one was read. An attacker could stuff a second malformed
oracle output to confuse indexers or cause ambiguity in bundle selection.
Now any coinbase with >1 oracle output is rejected outright.

Malformed pushdata during bundle parsing used break (silently produced a
short/garbage data buffer) instead of return false (hard rejection). All
four pushdata parse paths (direct push, OP_PUSHDATA1, OP_PUSHDATA2,
unrecognized byte) now return false immediately on truncation or unknown
encoding. Phase One bundle size check is now exact (== 18) rather than
a lower-bound (< 18) to reject padded bundles.
---
 src/oracle/bundle_manager.cpp | 48 +++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/src/oracle/bundle_manager.cpp b/src/oracle/bundle_manager.cpp
index a72c008214..2c5833f327 100644
--- a/src/oracle/bundle_manager.cpp
+++ b/src/oracle/bundle_manager.cpp
@@ -1173,6 +1173,20 @@ bool OracleBundleManager::ExtractOracleBundle(const CTransaction& coinbase_tx, C
         }
     }();
 
+    int oracle_output_count = 0;
+    for (const auto& output : coinbase_tx.vout) {
+        if (output.scriptPubKey.size() >= 2 &&
+            output.scriptPubKey[0] == OP_RETURN &&
+            output.scriptPubKey[1] == OP_ORACLE) {
+            ++oracle_output_count;
+        }
+    }
+    if (oracle_output_count > 1) {
+        LogPrintf("Oracle: Rejecting transaction with %d oracle outputs (expected at most 1)\n",
+                  oracle_output_count);
+        return false;
+    }
+
     // Look for OP_RETURN output with OP_ORACLE marker
     for (const auto& output : coinbase_tx.vout) {
         if (output.scriptPubKey.size() > 2 && output.scriptPubKey[0] == OP_RETURN) {
@@ -1193,32 +1207,32 @@ bool OracleBundleManager::ExtractOracleBundle(const CTransaction& coinbase_tx, C
                                 data.insert(data.end(), script_it, script_it + chunk_size);
                                 script_it += chunk_size;
                             } else {
-                                break;
+                                return false;
                             }
                         } else if (*script_it == 0x4c) { // OP_PUSHDATA1: next byte is length
                             ++script_it;
-                            if (script_it >= output.scriptPubKey.end()) break;
+                            if (script_it >= output.scriptPubKey.end()) return false;
                             unsigned int chunk_size = *script_it;
                             ++script_it;
                             if (script_it + chunk_size <= output.scriptPubKey.end()) {
                                 data.insert(data.end(), script_it, script_it + chunk_size);
                                 script_it += chunk_size;
                             } else {
-                                break;
+                                return false;
                             }
                         } else if (*script_it == 0x4d) { // OP_PUSHDATA2: next 2 bytes are length (LE)
                             ++script_it;
-                            if (script_it + 2 > output.scriptPubKey.end()) break;
+                            if (script_it + 2 > output.scriptPubKey.end()) return false;
                             unsigned int chunk_size = *script_it | (*(script_it + 1) << 8);
                             script_it += 2;
                             if (script_it + chunk_size <= output.scriptPubKey.end()) {
                                 data.insert(data.end(), script_it, script_it + chunk_size);
                                 script_it += chunk_size;
                             } else {
-                                break;
+                                return false;
                             }
                         } else {
-                            break;
+                            return false;
                         }
                     }
 
@@ -1280,9 +1294,9 @@ bool OracleBundleManager::ExtractOracleBundle(const CTransaction& coinbase_tx, C
                         return true;
                     }
                     else if (data[0] == 0x01) {
-                        // Phase One compact format: oracle_id (1) + price (8) + timestamp (8) = 17 bytes
-                        if (data.size() < 18) { // 1 (version) + 17 (data)
-                            LogPrintf("Oracle: Invalid Phase One bundle size: %d\n", data.size());
+                        // Phase One compact format: version (1) + oracle_id (1) + price (8) + timestamp (8)
+                        if (data.size() != 18) {
+                            LogPrintf("Oracle: Invalid Phase One bundle size: %zu (expected 18)\n", data.size());
                             return false;
                         }
 
@@ -1349,10 +1363,11 @@ bool OracleBundleManager::ExtractOracleBundle(const CTransaction& coinbase_tx, C
                             return false;
                         }
 
-                        // Validate we have enough data for all messages
+                        // Validate exact data size for all messages. Trailing bytes would
+                        // create alternate serializations for the same oracle bundle.
                         size_t expected_size = 1 + 1 + 8 + 8 + num_messages * 65; // version + header + per-msg
-                        if (data.size() < expected_size) {
-                            LogPrintf("Oracle: Phase Two data too short: %zu < %zu (for %d messages)\n",
+                        if (data.size() != expected_size) {
+                            LogPrintf("Oracle: Invalid Phase Two data size: %zu != %zu (for %d messages)\n",
                                      data.size(), expected_size, num_messages);
                             return false;
                         }
@@ -1468,7 +1483,7 @@ bool OracleBundleManager::ValidateV03BundleFormat(const CScript& script, uint8_t
                 return false;
             }
         } else {
-            break;
+            return false;
         }
     }
 
@@ -1485,14 +1500,15 @@ bool OracleBundleManager::ValidateV03BundleFormat(const CScript& script, uint8_t
         size_t expected = 1 + 1 + bitmap_len + 4 + 8 + 8 + 64;
         return data.size() == expected;
     } else if (version == 0x02) {
-        // v0x02: version(1) + num_msgs(1) + price(8) + timestamp(8) = 18 minimum
+        // v0x02: version(1) + num_msgs(1) + price(8) + timestamp(8) + N*(oracle_id(1)+sig(64))
         if (data.size() < 18) return false;
         uint8_t num_msgs = data[1];
+        if (num_msgs == 0 || num_msgs > ORACLE_ACTIVE_COUNT) return false;
         size_t expected = 1 + 1 + 8 + 8 + num_msgs * 65;
-        return data.size() >= expected;
+        return data.size() == expected;
     } else if (version == 0x01) {
         // v0x01: version(1) + oracle_id(1) + price(8) + timestamp(8) = 18
-        return data.size() >= 18;
+        return data.size() == 18;
     }
 
     return false;

From 326a83d1370c627a7e5c1a40bbd24e84c3ed8796 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:37 -0600
Subject: [PATCH 05/22] miner: recalculate merkle root after oracle bundle is
 injected into coinbase

AddOracleBundleToBlock() mutates the coinbase transaction after
GenerateCoinbaseCommitment() has already set the block header merkle root.
Any caller that uses the returned block template directly (GBT consumers,
mining software that skips IncrementExtraNonce()) would see a stale merkle
root that does not match the actual coinbase. Recalculate after injection.
---
 src/node/miner.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/node/miner.cpp b/src/node/miner.cpp
index b0693ac4c8..2232364868 100644
--- a/src/node/miner.cpp
+++ b/src/node/miner.cpp
@@ -372,6 +372,10 @@ std::unique_ptr<CBlockTemplate> BlockAssembler::CreateNewBlock(const CScript& sc
             LogPrintf("CreateNewBlock(): Warning - Failed to add oracle bundle to block %d\n", nHeight);
             // Continue with block creation even if oracle bundle fails (graceful degradation)
         }
+        // AddOracleBundleToBlock() mutates the coinbase after GenerateCoinbaseCommitment().
+        // Keep the template header internally consistent for GBT/miner consumers that use
+        // the returned block directly instead of first calling IncrementExtraNonce().
+        pblock->hashMerkleRoot = BlockMerkleRoot(*pblock);
     }
 
     LogPrintf("CreateNewBlock(): block weight: %u txs: %u fees: %ld sigops %d\n", GetBlockWeight(*pblock), nBlockTx, nFees, nBlockSigOpsCost);

From 9e144e61a5acaca507d81958f16ac022cd406a59 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:41 -0600
Subject: [PATCH 06/22] digidollar/rpc: gate getmockoracleprice behind
 DigiDollar activation check (RH-116)

getmockoracleprice was callable on any chain before DigiDollar activated,
which could return a price that does not correspond to any live oracle
state and mislead callers about the system's actual oracle readiness.
Now returns a clear error if DigiDollar is not yet active.
---
 src/rpc/digidollar.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/rpc/digidollar.cpp b/src/rpc/digidollar.cpp
index ef0f8cc54d..10dda03a8a 100644
--- a/src/rpc/digidollar.cpp
+++ b/src/rpc/digidollar.cpp
@@ -4623,9 +4623,18 @@ static RPCHelpMan getmockoracleprice()
                 RPCExamples{
                     HelpExampleCli("getmockoracleprice", "") +
                     HelpExampleRpc("getmockoracleprice", "")
-                },
+        },
         [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue
         {
+            // Check DigiDollar activation
+            {
+                const node::NodeContext& node = EnsureAnyNodeContext(request.context);
+                ChainstateManager& chainman = EnsureChainman(node);
+                const CBlockIndex* tip = WITH_LOCK(cs_main, return chainman.ActiveChain().Tip());
+                if (!DigiDollar::IsDigiDollarEnabled(tip, chainman)) {
+                    throw JSONRPCError(RPC_MISC_ERROR, "DigiDollar is not yet active on this blockchain");
+                }
+            }
             // Only allow in RegTest mode
             if (Params().GetChainType() != ChainType::REGTEST) {
                 throw JSONRPCError(RPC_METHOD_NOT_FOUND,

From dffc1b1b7cf0ba7b904f90419bcd4a0f48c56d89 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:46 -0600
Subject: [PATCH 07/22] digidollar: return explicit error when transfer fee
 inputs are underfunded (RH-109)

BuildTransferTransaction() calculated the required fee and constructed a
change output but never checked whether the selected DGB fee inputs
actually covered that fee before continuing. A caller with zero or
insufficient fee inputs would get a silently malformed transaction with a
negative change output. Now returns a descriptive error immediately.
---
 src/digidollar/txbuilder.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/digidollar/txbuilder.cpp b/src/digidollar/txbuilder.cpp
index 9dc283bcda..bf139dd938 100644
--- a/src/digidollar/txbuilder.cpp
+++ b/src/digidollar/txbuilder.cpp
@@ -719,6 +719,17 @@ TxBuilderResult TransferTxBuilder::BuildTransferTransaction(const TxBuilderTrans
     LogPrintf("DigiDollar: Fee calculation - calculated: %d sats, minimum: %d sats, actual: %d sats\n",
               calculatedFee, MIN_DD_FEE, actualFee);
 
+    if (totalFeeIn <= 0) {
+        result.error = "Insufficient DGB fee input: no fee inputs selected";
+        return result;
+    }
+
+    if (totalFeeIn < actualFee) {
+        result.error = strprintf("Insufficient DGB fee input: selected=%d sats, required=%d sats",
+                                 totalFeeIn, actualFee);
+        return result;
+    }
+
     // Add DGB change output if needed (after we know actual fee)
     if (totalFeeIn > 0) {
         CAmount dgbChange = totalFeeIn - actualFee;

From 13f6d206914fd7846fd27d254a37169ac8126cd4 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:02:52 -0600
Subject: [PATCH 08/22] digidollar/health: remove MAX_DIGIDOLLAR cap from
 supply overflow protection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OnMintConnected() and OnRedeemDisconnected() capped totalDDSupply at
MAX_DIGIDOLLAR, treating it as a hard supply ceiling. DigiDollar has no
global supply cap — MAX_DIGIDOLLAR is a per-output serialization bound.
Replaced the duplicate cap+overflow guard in both functions with a shared
AddClampedAmount() helper that protects against int64_t overflow without
imposing an artificial supply limit.
---
 src/digidollar/health.cpp | 41 ++++++++++++++-------------------------
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/src/digidollar/health.cpp b/src/digidollar/health.cpp
index 917ee31e2f..359bfee281 100644
--- a/src/digidollar/health.cpp
+++ b/src/digidollar/health.cpp
@@ -446,24 +446,22 @@ void SystemHealthMonitor::ScanUTXOSet(CCoinsView* view, CCoinsView* validation_v
 // Called from ConnectBlock/DisconnectBlock under cs_main.
 // ============================================================================
 
+static void AddClampedAmount(CAmount& total, CAmount amount, const char* label)
+{
+    if (amount <= 0) return;
+    if (total <= std::numeric_limits<CAmount>::max() - amount) {
+        total += amount;
+        return;
+    }
+    LogPrintf("Health: WARNING - %s would overflow, capping\n", label);
+    total = std::numeric_limits<CAmount>::max();
+}
+
 void SystemHealthMonitor::OnMintConnected(CAmount ddAmount, CAmount dgbCollateral)
 {
     std::lock_guard<std::mutex> lock(s_metricsMutex); // RH-44: thread safety
-    // SECURITY [RH-11]: Prevent supply overflow — cap at MAX_DIGIDOLLAR
-    if (ddAmount > 0 && s_currentMetrics.totalDDSupply <= MAX_DIGIDOLLAR - ddAmount) {
-        s_currentMetrics.totalDDSupply += ddAmount;
-    } else if (ddAmount > 0) {
-        LogPrintf("Health: WARNING - totalDDSupply would exceed MAX_DIGIDOLLAR, capping at %s\n",
-                 FormatMoney(MAX_DIGIDOLLAR));
-        s_currentMetrics.totalDDSupply = MAX_DIGIDOLLAR;
-    }
-    // Cap collateral at MAX_MONEY to prevent int64_t overflow
-    if (dgbCollateral > 0 && s_currentMetrics.totalCollateral <= std::numeric_limits<CAmount>::max() - dgbCollateral) {
-        s_currentMetrics.totalCollateral += dgbCollateral;
-    } else if (dgbCollateral > 0) {
-        LogPrintf("Health: WARNING - totalCollateral would overflow, capping\n");
-        s_currentMetrics.totalCollateral = std::numeric_limits<CAmount>::max();
-    }
+    AddClampedAmount(s_currentMetrics.totalDDSupply, ddAmount, "totalDDSupply");
+    AddClampedAmount(s_currentMetrics.totalCollateral, dgbCollateral, "totalCollateral");
     LogPrint(BCLog::DIGIDOLLAR, "Health: Mint connected - DD +%s, Collateral +%s (totals: DD=%s, Collateral=%s)\n",
              FormatMoney(ddAmount), FormatMoney(dgbCollateral),
              FormatMoney(s_currentMetrics.totalDDSupply), FormatMoney(s_currentMetrics.totalCollateral));
@@ -492,17 +490,8 @@ void SystemHealthMonitor::OnMintDisconnected(CAmount ddAmount, CAmount dgbCollat
 void SystemHealthMonitor::OnRedeemDisconnected(CAmount ddAmount, CAmount dgbCollateral)
 {
     std::lock_guard<std::mutex> lock(s_metricsMutex); // RH-44: thread safety
-    // SECURITY [RH-11]: Same overflow protection as OnMintConnected
-    if (ddAmount > 0 && s_currentMetrics.totalDDSupply <= MAX_DIGIDOLLAR - ddAmount) {
-        s_currentMetrics.totalDDSupply += ddAmount;
-    } else if (ddAmount > 0) {
-        s_currentMetrics.totalDDSupply = MAX_DIGIDOLLAR;
-    }
-    if (dgbCollateral > 0 && s_currentMetrics.totalCollateral <= std::numeric_limits<CAmount>::max() - dgbCollateral) {
-        s_currentMetrics.totalCollateral += dgbCollateral;
-    } else if (dgbCollateral > 0) {
-        s_currentMetrics.totalCollateral = std::numeric_limits<CAmount>::max();
-    }
+    AddClampedAmount(s_currentMetrics.totalDDSupply, ddAmount, "totalDDSupply");
+    AddClampedAmount(s_currentMetrics.totalCollateral, dgbCollateral, "totalCollateral");
     LogPrint(BCLog::DIGIDOLLAR, "Health: Redeem disconnected - DD +%s, Collateral +%s (totals: DD=%s, Collateral=%s)\n",
              FormatMoney(ddAmount), FormatMoney(dgbCollateral),
              FormatMoney(s_currentMetrics.totalDDSupply), FormatMoney(s_currentMetrics.totalCollateral));

From 569da793326418454a8196909c8fd7cbb32cd2e6 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:03:01 -0600
Subject: [PATCH 09/22] test: update unit tests for script activation,
 canonical P2TR, and oracle fixes

- rh54: rewritten to test BIP342 OP_SUCCESSx compatibility instead of
  the old static exclusion approach; verifies DD opcodes fail as
  BAD_OPCODE in legacy script contexts
- redteam T1-06b: updated to expect BAD_OPCODE in legacy execution and
  correct Tapscript behavior post-activation
- skip_oracle: updated expected results now that skipOracleValidation no
  longer bypasses collateral checks; insufficient-collateral must reject
  in all sync states
- validation: added test for non-canonical OP_1 impostor rejection and
  legacy DD OP_RETURN format fallback behavior
- opcodes, rh11, rh16, rh29, transfer, txbuilder: minor updates for
  aligned API and message changes from the production fixes above
---
 src/test/digidollar_opcodes_tests.cpp         | 104 ++++----
 src/test/digidollar_redteam_tests.cpp         | 117 +++------
 src/test/digidollar_rh11_consensus_tests.cpp  |  15 +-
 .../digidollar_rh16_reorg_attacks_tests.cpp   |  38 ++-
 src/test/digidollar_skip_oracle_tests.cpp     |  49 ++--
 src/test/digidollar_transfer_tests.cpp        |  76 ++++--
 src/test/digidollar_txbuilder_tests.cpp       |  32 ++-
 src/test/digidollar_validation_tests.cpp      | 228 ++++++++++++++++++
 src/test/oracle_miner_tests.cpp               |  10 +-
 ...h29_coinbase_oracle_manipulation_tests.cpp |  29 +--
 src/test/rh54_op_oracle_opsuccess_tests.cpp   | 152 +++++++-----
 11 files changed, 558 insertions(+), 292 deletions(-)

diff --git a/src/test/digidollar_opcodes_tests.cpp b/src/test/digidollar_opcodes_tests.cpp
index 7d835943a1..d5da541abf 100644
--- a/src/test/digidollar_opcodes_tests.cpp
+++ b/src/test/digidollar_opcodes_tests.cpp
@@ -44,11 +44,11 @@ CAmount ScopedOpcodeOraclePrice::s_current_price = 0;
 // Test that DigiDollar opcodes have correct values
 BOOST_AUTO_TEST_CASE(digidollar_opcode_values)
 {
-    // These opcodes should use OP_NOP slots for soft fork compatibility
-    BOOST_CHECK_EQUAL(static_cast<int>(OP_DIGIDOLLAR), 0xbb);      // OP_NOP11
-    BOOST_CHECK_EQUAL(static_cast<int>(OP_DDVERIFY), 0xbc);        // OP_NOP12
-    BOOST_CHECK_EQUAL(static_cast<int>(OP_CHECKPRICE), 0xbd);      // OP_NOP13
-    BOOST_CHECK_EQUAL(static_cast<int>(OP_CHECKCOLLATERAL), 0xbe); // OP_NOP14
+    // These opcodes use Tapscript OP_SUCCESSx slots for soft-fork compatibility.
+    BOOST_CHECK_EQUAL(static_cast<int>(OP_DIGIDOLLAR), 0xbb);
+    BOOST_CHECK_EQUAL(static_cast<int>(OP_DDVERIFY), 0xbc);
+    BOOST_CHECK_EQUAL(static_cast<int>(OP_CHECKPRICE), 0xbd);
+    BOOST_CHECK_EQUAL(static_cast<int>(OP_CHECKCOLLATERAL), 0xbe);
 
     // Verify OP_CHECKSIGADD exists (BIP342)
     BOOST_CHECK_EQUAL(static_cast<int>(OP_CHECKSIGADD), 0xba);
@@ -76,7 +76,7 @@ BOOST_AUTO_TEST_CASE(op_digidollar_basic)
     CScript script;
     script << OP_DIGIDOLLAR << CScriptNum(100000);  // 1.0 DGB in satoshis
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 1);
     BOOST_CHECK(CastToBool(stack.back())); // Should push true for valid amount
@@ -94,7 +94,7 @@ BOOST_AUTO_TEST_CASE(op_digidollar_zero_amount)
     script << OP_DIGIDOLLAR << CScriptNum(0);
 
     // SECURITY FIX: Zero amount now correctly fails instead of pushing false
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_DD_AMOUNT);
 }
 
@@ -109,7 +109,7 @@ BOOST_AUTO_TEST_CASE(op_digidollar_negative_amount)
     CScript script;
     script << OP_DIGIDOLLAR << CScriptNum(-100);
 
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_DD_AMOUNT);
 }
 
@@ -124,7 +124,7 @@ BOOST_AUTO_TEST_CASE(op_digidollar_overflow_amount)
     CScript script;
     script << OP_DIGIDOLLAR << CScriptNum(MAX_MONEY + 1);
 
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_DD_AMOUNT);
 }
 
@@ -139,7 +139,7 @@ BOOST_AUTO_TEST_CASE(op_digidollar_insufficient_stack)
     CScript script;
     script << OP_DIGIDOLLAR; // No amount in script
 
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_DD_AMOUNT); // Changed from INVALID_STACK_OPERATION
 }
 
@@ -155,7 +155,7 @@ BOOST_AUTO_TEST_CASE(op_ddverify_basic)
     CScript script;
     script << OP_TRUE << OP_DDVERIFY;
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 0); // Should consume the stack item
 }
@@ -171,7 +171,7 @@ BOOST_AUTO_TEST_CASE(op_ddverify_false)
     CScript script;
     script << OP_FALSE << OP_DDVERIFY;
 
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_DD_VERIFY);
 }
 
@@ -186,7 +186,7 @@ BOOST_AUTO_TEST_CASE(op_ddverify_insufficient_stack)
     CScript script;
     script << OP_DDVERIFY; // No value on stack
 
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_STACK_OPERATION);
 }
 
@@ -205,7 +205,7 @@ BOOST_AUTO_TEST_CASE(op_checkprice_basic)
     CScript script;
     script << CScriptNum(100000) << OP_CHECKPRICE;
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 1);
     BOOST_CHECK(CastToBool(stack.back())); // Should push true for matching price
@@ -222,7 +222,7 @@ BOOST_AUTO_TEST_CASE(op_checkprice_mismatch)
     CScript script;
     script << CScriptNum(50000) << OP_CHECKPRICE; // Different from mock oracle price
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 1);
     BOOST_CHECK(!CastToBool(stack.back())); // Should push false for non-matching price
@@ -239,7 +239,7 @@ BOOST_AUTO_TEST_CASE(op_checkprice_insufficient_stack)
     CScript script;
     script << OP_CHECKPRICE; // No price on stack
 
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_STACK_OPERATION);
 }
 
@@ -255,7 +255,7 @@ BOOST_AUTO_TEST_CASE(op_checkcollateral_basic)
     CScript script;
     script << CScriptNum(150) << CScriptNum(120) << OP_CHECKCOLLATERAL; // ratio=150, threshold=120
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 1);
     BOOST_CHECK(CastToBool(stack.back())); // Should push true for sufficient collateral
@@ -272,7 +272,7 @@ BOOST_AUTO_TEST_CASE(op_checkcollateral_insufficient)
     CScript script;
     script << CScriptNum(100) << CScriptNum(120) << OP_CHECKCOLLATERAL; // ratio=100, threshold=120
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 1);
     BOOST_CHECK(!CastToBool(stack.back())); // Should push false for insufficient collateral
@@ -289,7 +289,7 @@ BOOST_AUTO_TEST_CASE(op_checkcollateral_equal)
     CScript script;
     script << CScriptNum(120) << CScriptNum(120) << OP_CHECKCOLLATERAL; // ratio=120, threshold=120
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 1);
     BOOST_CHECK(CastToBool(stack.back())); // Should push true for equal values
@@ -306,29 +306,33 @@ BOOST_AUTO_TEST_CASE(op_checkcollateral_insufficient_stack)
     CScript script;
     script << CScriptNum(120) << OP_CHECKCOLLATERAL; // Only one value on stack
 
-    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_STACK_OPERATION);
 }
 
-// Test DigiDollar opcodes behave as NOPs when flag is not set (soft fork compatibility)
-BOOST_AUTO_TEST_CASE(opcodes_as_nops_without_flag)
+// In legacy and witness-v0 scripts, DD opcode bytes are not old-node NOPs.
+// They must remain bad opcodes so activation is not a hard fork for those script versions.
+BOOST_AUTO_TEST_CASE(opcodes_are_bad_opcode_outside_tapscript)
 {
-    std::vector<std::vector<unsigned char>> stack;
     MockSignatureChecker checker;
-    ScriptError error;
-    ScriptExecutionData execdata;
-
-    // All DD opcodes should behave as NOPs without SCRIPT_VERIFY_DIGIDOLLAR flag
-    // Push a value on stack first so we can verify stack is unchanged
     CScript script;
-    script << CScriptNum(100000) << OP_DIGIDOLLAR << CScriptNum(999);
+    script << OP_DIGIDOLLAR << CScriptNum(100000);
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_NONE, checker, SigVersion::BASE, execdata, &error));
-    BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
-    // Without the flag, OP_DIGIDOLLAR behaves as NOP, leaving stack with the two pushed values
-    BOOST_CHECK_EQUAL(stack.size(), 2);
-    BOOST_CHECK_EQUAL(CScriptNum(stack[0], false).GetInt64(), 100000);
-    BOOST_CHECK_EQUAL(CScriptNum(stack[1], false).GetInt64(), 999);
+    {
+        std::vector<std::vector<unsigned char>> stack;
+        ScriptError error;
+        ScriptExecutionData execdata;
+        BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+        BOOST_CHECK_EQUAL(error, SCRIPT_ERR_BAD_OPCODE);
+    }
+
+    {
+        std::vector<std::vector<unsigned char>> stack;
+        ScriptError error;
+        ScriptExecutionData execdata;
+        BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::WITNESS_V0, execdata, &error));
+        BOOST_CHECK_EQUAL(error, SCRIPT_ERR_BAD_OPCODE);
+    }
 }
 
 // Test complex DigiDollar script combining multiple opcodes
@@ -351,7 +355,7 @@ BOOST_AUTO_TEST_CASE(complex_digidollar_script)
     script << CScriptNum(150) << CScriptNum(120) << OP_CHECKCOLLATERAL; // Check collateral (pushes true)
     script << OP_BOOLAND; // Combine last two conditions with AND
 
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
     BOOST_CHECK_EQUAL(stack.size(), 1);
     BOOST_CHECK(CastToBool(stack.back())); // All conditions should pass
@@ -366,24 +370,28 @@ BOOST_AUTO_TEST_CASE(digidollar_script_error_strings)
     BOOST_CHECK_EQUAL(ScriptErrorString(SCRIPT_ERR_INSUFFICIENT_COLLATERAL), "Insufficient collateral ratio");
 }
 
-// Test that opcodes work with different signature versions
-BOOST_AUTO_TEST_CASE(opcodes_different_sigversions)
+// Test that activated DD opcodes execute only under Tapscript.
+BOOST_AUTO_TEST_CASE(opcodes_tapscript_only)
 {
-    std::vector<std::vector<unsigned char>> stack;
     MockSignatureChecker checker;
-    ScriptError error;
-    ScriptExecutionData execdata;
-
     CScript script;
     script << OP_DIGIDOLLAR << CScriptNum(100000);
 
-    // Test with different signature versions
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
-    BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
+    {
+        std::vector<std::vector<unsigned char>> stack;
+        ScriptError error;
+        ScriptExecutionData execdata;
+        BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error));
+        BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
+    }
 
-    stack.clear();
-    BOOST_CHECK(EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::WITNESS_V0, execdata, &error));
-    BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
+    {
+        std::vector<std::vector<unsigned char>> stack;
+        ScriptError error;
+        ScriptExecutionData execdata;
+        BOOST_CHECK(!EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error));
+        BOOST_CHECK_EQUAL(error, SCRIPT_ERR_BAD_OPCODE);
+    }
 }
 
 BOOST_AUTO_TEST_SUITE_END()
\ No newline at end of file
diff --git a/src/test/digidollar_redteam_tests.cpp b/src/test/digidollar_redteam_tests.cpp
index caae1f211e..75ace78ab6 100644
--- a/src/test/digidollar_redteam_tests.cpp
+++ b/src/test/digidollar_redteam_tests.cpp
@@ -2511,16 +2511,12 @@ BOOST_AUTO_TEST_CASE(redteam_T1_06a_dd_marker_version_check)
     }
 }
 
-// T1-06b: DD opcodes behave as NOPs when SCRIPT_VERIFY_DIGIDOLLAR is NOT set
-BOOST_AUTO_TEST_CASE(redteam_T1_06b_dd_opcodes_nop_before_activation)
+// T1-06b: DD opcode bytes are only soft-fork-safe in Tapscript
+BOOST_AUTO_TEST_CASE(redteam_T1_06b_dd_opcodes_tapscript_only)
 {
-    // ATTACK: Before activation, can DD opcodes be used in scripts to create
-    // unexpected behavior?
-
-    // Create a simple script that uses OP_DIGIDOLLAR with an amount push
-    // Script: OP_DIGIDOLLAR <amount=1000> OP_DROP OP_TRUE
-    // Pre-activation: OP_DIGIDOLLAR is NOP, <1000> is pushed to stack, OP_DROP removes it, OP_TRUE succeeds
-    // Post-activation: OP_DIGIDOLLAR consumes <1000>, pushes true, OP_DROP removes it, OP_TRUE succeeds
+    // 0xbb..0xbf are BIP342 OP_SUCCESSx bytes, not legacy OP_NOP slots.
+    // Executed legacy/witness-v0 scripts must keep rejecting them as bad opcodes
+    // so DigiDollar activation does not loosen old-node consensus.
 
     CScript scriptPubKey;
     scriptPubKey << OP_DIGIDOLLAR;
@@ -2528,140 +2524,99 @@ BOOST_AUTO_TEST_CASE(redteam_T1_06b_dd_opcodes_nop_before_activation)
     scriptPubKey << OP_DROP;
     scriptPubKey << OP_TRUE;
 
-    CScript scriptSig;  // Empty — not needed for this script structure
-
-    // Without SCRIPT_VERIFY_DIGIDOLLAR (pre-activation behavior):
-    // OP_DIGIDOLLAR = NOP, <1000> pushed, OP_DROP removes 1000, OP_TRUE → stack has [true]
     {
-        unsigned int flags = SCRIPT_VERIFY_P2SH;  // No DD flag
+        unsigned int flags = SCRIPT_VERIFY_P2SH;
         ScriptError err;
-        // Use direct EvalScript since this isn't a real spending scenario
         std::vector<std::vector<unsigned char>> stack;
         bool result = EvalScript(stack, scriptPubKey, flags, BaseSignatureChecker(), SigVersion::BASE, &err);
-        BOOST_CHECK_MESSAGE(result,
-            "Pre-activation: OP_DIGIDOLLAR as NOP, script should succeed");
-        BOOST_CHECK_MESSAGE(stack.size() == 1 && !stack.back().empty(),
-            "Pre-activation: Stack should have [true] at top");
+        BOOST_CHECK_MESSAGE(!result,
+            "Legacy script execution must reject DD opcode bytes, not treat them as NOPs");
+        BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
     }
 
-    // With SCRIPT_VERIFY_DIGIDOLLAR (post-activation behavior):
-    // OP_DIGIDOLLAR reads <1000>, pushes true (1000 > 0), OP_DROP removes true, OP_TRUE → stack has [true]
+    // Once active in Tapscript, OP_DIGIDOLLAR reads the following amount push,
+    // pushes true, OP_DROP removes it, and OP_TRUE leaves a true stack item.
     {
         unsigned int flags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DIGIDOLLAR;
         ScriptError err;
         std::vector<std::vector<unsigned char>> stack;
-        bool result = EvalScript(stack, scriptPubKey, flags, BaseSignatureChecker(), SigVersion::BASE, &err);
+        bool result = EvalScript(stack, scriptPubKey, flags, BaseSignatureChecker(), SigVersion::TAPSCRIPT, &err);
         BOOST_CHECK_MESSAGE(result,
-            "Post-activation: OP_DIGIDOLLAR processes amount, script should succeed");
+            "Post-activation Tapscript: OP_DIGIDOLLAR processes amount and script succeeds");
         BOOST_CHECK_MESSAGE(stack.size() == 1 && !stack.back().empty(),
-            "Post-activation: Stack should have [true] at top");
+            "Post-activation Tapscript: Stack should have [true] at top");
     }
 }
 
-// T1-06c: OP_DDVERIFY as NOP doesn't pop stack (consensus safety)
-BOOST_AUTO_TEST_CASE(redteam_T1_06c_ddverify_nop_stack_safety)
+// T1-06c: OP_DDVERIFY is Tapscript-only
+BOOST_AUTO_TEST_CASE(redteam_T1_06c_ddverify_tapscript_only)
 {
-    // ATTACK: OP_DDVERIFY pops and verifies top of stack when active.
-    // As NOP, it must NOT touch the stack.
-    // If it incorrectly popped pre-activation, scripts would break at activation.
-
-    // Script: OP_TRUE OP_DDVERIFY
-    // Pre-activation: OP_TRUE pushes 1, OP_DDVERIFY is NOP → stack has [1]
-    // Post-activation: OP_TRUE pushes 1, OP_DDVERIFY pops 1 (verifies true) → stack is empty
-
     CScript script;
-    script << OP_TRUE;
-    script << OP_DDVERIFY;
+    script << OP_TRUE << OP_DDVERIFY;
 
-    // Pre-activation: stack should still have the true value
     {
-        unsigned int flags = SCRIPT_VERIFY_P2SH;  // No DD flag
+        unsigned int flags = SCRIPT_VERIFY_P2SH;
         ScriptError err;
         std::vector<std::vector<unsigned char>> stack;
         bool result = EvalScript(stack, script, flags, BaseSignatureChecker(), SigVersion::BASE, &err);
-        BOOST_CHECK_MESSAGE(result, "Pre-activation: OP_DDVERIFY as NOP should succeed");
-        BOOST_CHECK_MESSAGE(stack.size() == 1,
-            "CRITICAL: Pre-activation OP_DDVERIFY must NOT pop stack (stack size should be 1, got " +
-            std::to_string(stack.size()) + ")");
+        BOOST_CHECK_MESSAGE(!result, "Legacy OP_DDVERIFY byte must be SCRIPT_ERR_BAD_OPCODE");
+        BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
     }
 
-    // Post-activation: OP_DDVERIFY consumes the true, stack should be empty
     {
         unsigned int flags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DIGIDOLLAR;
         ScriptError err;
         std::vector<std::vector<unsigned char>> stack;
-        bool result = EvalScript(stack, script, flags, BaseSignatureChecker(), SigVersion::BASE, &err);
-        BOOST_CHECK_MESSAGE(result, "Post-activation: OP_DDVERIFY should verify true and succeed");
+        bool result = EvalScript(stack, script, flags, BaseSignatureChecker(), SigVersion::TAPSCRIPT, &err);
+        BOOST_CHECK_MESSAGE(result, "Post-activation Tapscript: OP_DDVERIFY should verify true and succeed");
         BOOST_CHECK_MESSAGE(stack.size() == 0,
-            "Post-activation: OP_DDVERIFY should pop the verified value (stack size should be 0, got " +
+            "Post-activation Tapscript: OP_DDVERIFY should pop the verified value (stack size should be 0, got " +
             std::to_string(stack.size()) + ")");
     }
 }
 
-// T1-06d: OP_CHECKCOLLATERAL NOP doesn't touch stack (consensus critical)
-BOOST_AUTO_TEST_CASE(redteam_T1_06d_checkcollateral_nop_stack_safety)
+// T1-06d: OP_CHECKCOLLATERAL is Tapscript-only
+BOOST_AUTO_TEST_CASE(redteam_T1_06d_checkcollateral_tapscript_only)
 {
-    // ATTACK: OP_CHECKCOLLATERAL pops 2 items when active.
-    // As NOP, it MUST NOT touch the stack — the comment in the code says so.
-    // If it popped pre-activation, it would be a consensus split.
-
-    // Script: <ratio=500> <threshold=200> OP_CHECKCOLLATERAL
-    // Pre-activation: both numbers pushed, OP_CHECKCOLLATERAL NOP → stack has [500, 200]
-    // Post-activation: both popped, 500 >= 200 → true → stack has [true]
-
     CScript script;
     script << CScriptNum(500);
     script << CScriptNum(200);
     script << OP_CHECKCOLLATERAL;
 
-    // Pre-activation: stack should have both values
     {
         unsigned int flags = SCRIPT_VERIFY_P2SH;
         ScriptError err;
         std::vector<std::vector<unsigned char>> stack;
         bool result = EvalScript(stack, script, flags, BaseSignatureChecker(), SigVersion::BASE, &err);
-        BOOST_CHECK_MESSAGE(result, "Pre-activation: OP_CHECKCOLLATERAL NOP should succeed");
-        BOOST_CHECK_MESSAGE(stack.size() == 2,
-            "CRITICAL: Pre-activation OP_CHECKCOLLATERAL must NOT touch stack (stack size should be 2, got " +
-            std::to_string(stack.size()) + ")");
+        BOOST_CHECK_MESSAGE(!result, "Legacy OP_CHECKCOLLATERAL byte must be SCRIPT_ERR_BAD_OPCODE");
+        BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
     }
 
-    // Post-activation: stack should have [true]
     {
         unsigned int flags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DIGIDOLLAR;
         ScriptError err;
         std::vector<std::vector<unsigned char>> stack;
-        bool result = EvalScript(stack, script, flags, BaseSignatureChecker(), SigVersion::BASE, &err);
-        BOOST_CHECK_MESSAGE(result, "Post-activation: OP_CHECKCOLLATERAL(500>=200) should succeed");
+        bool result = EvalScript(stack, script, flags, BaseSignatureChecker(), SigVersion::TAPSCRIPT, &err);
+        BOOST_CHECK_MESSAGE(result, "Post-activation Tapscript: OP_CHECKCOLLATERAL(500>=200) should succeed");
         BOOST_CHECK_MESSAGE(stack.size() == 1 && !stack.back().empty(),
-            "Post-activation: OP_CHECKCOLLATERAL should push true (500 >= 200)");
+            "Post-activation Tapscript: OP_CHECKCOLLATERAL should push true (500 >= 200)");
     }
 }
 
-// T1-06e: OP_CHECKPRICE NOP doesn't touch stack
-BOOST_AUTO_TEST_CASE(redteam_T1_06e_checkprice_nop_stack_safety)
+// T1-06e: OP_CHECKPRICE is Tapscript-only
+BOOST_AUTO_TEST_CASE(redteam_T1_06e_checkprice_tapscript_only)
 {
-    // ATTACK: OP_CHECKPRICE pops 1 item when active.
-    // As NOP, it must NOT touch the stack.
-
-    // Script: <price=42000> OP_CHECKPRICE
-    // Pre-activation: number pushed, OP_CHECKPRICE NOP → stack has [42000]
-    // Post-activation: number popped, compared to mock oracle → stack has [true/false]
-
     CScript script;
     script << CScriptNum(42000);
     script << OP_CHECKPRICE;
 
-    // Pre-activation: stack should still have the price value
     {
         unsigned int flags = SCRIPT_VERIFY_P2SH;
         ScriptError err;
         std::vector<std::vector<unsigned char>> stack;
         bool result = EvalScript(stack, script, flags, BaseSignatureChecker(), SigVersion::BASE, &err);
-        BOOST_CHECK_MESSAGE(result, "Pre-activation: OP_CHECKPRICE NOP should succeed");
-        BOOST_CHECK_MESSAGE(stack.size() == 1,
-            "CRITICAL: Pre-activation OP_CHECKPRICE must NOT pop stack (stack size should be 1, got " +
-            std::to_string(stack.size()) + ")");
+        BOOST_CHECK_MESSAGE(!result, "Legacy OP_CHECKPRICE byte must be SCRIPT_ERR_BAD_OPCODE");
+        BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
     }
 }
 
@@ -18998,7 +18953,7 @@ BOOST_AUTO_TEST_CASE(redteam_t10_05c_script_flags_at_activation_boundary)
     // Block 600 (pprev=599): DeploymentActiveAfter(599) = ACTIVE → DD flag set
     //
     // This means:
-    // - Block 599: DD opcodes are NOPs (soft-fork compat)
+    // - Block 599: DD opcodes remain Tapscript OP_SUCCESSx (soft-fork compat)
     // - Block 600: DD opcodes enforced
     //
     // Mempool PolicyScriptChecks uses STANDARD_SCRIPT_VERIFY_FLAGS which
@@ -19018,7 +18973,7 @@ BOOST_AUTO_TEST_CASE(redteam_t10_05c_script_flags_at_activation_boundary)
 
     BOOST_TEST_MESSAGE("  SCRIPT_VERIFY_DIGIDOLLAR in STANDARD_SCRIPT_VERIFY_FLAGS ✅");
     BOOST_TEST_MESSAGE("  SCRIPT_VERIFY_DIGIDOLLAR NOT in MANDATORY_SCRIPT_VERIFY_FLAGS ✅");
-    BOOST_TEST_MESSAGE("  Block 599: DD opcodes are NOPs (standard soft-fork behavior) ✅");
+    BOOST_TEST_MESSAGE("  Block 599: DD opcodes remain Tapscript OP_SUCCESSx (old-node behavior) ✅");
     BOOST_TEST_MESSAGE("  Block 600: DD opcodes enforced (activation complete) ✅");
     BOOST_TEST_MESSAGE("  Mempool flag mismatch at tip=599 is benign (no DD UTXOs to spend) ✅");
 }
diff --git a/src/test/digidollar_rh11_consensus_tests.cpp b/src/test/digidollar_rh11_consensus_tests.cpp
index e0b66e87a8..bd3ca3bfc8 100644
--- a/src/test/digidollar_rh11_consensus_tests.cpp
+++ b/src/test/digidollar_rh11_consensus_tests.cpp
@@ -52,22 +52,21 @@ BOOST_AUTO_TEST_CASE(rh11_supply_overflow_no_protection)
 
     DigiDollar::SystemHealthMonitor::ResetMetrics();
 
-    // After fix [RH-11]: OnMintConnected caps at MAX_DIGIDOLLAR to prevent overflow
     CAmount bigMint = std::numeric_limits<CAmount>::max() / 2;
     DigiDollar::SystemHealthMonitor::OnMintConnected(bigMint, 100 * COIN);
 
     auto metrics = DigiDollar::SystemHealthMonitor::GetCachedMetrics();
-    // Should be capped at MAX_DIGIDOLLAR, not bigMint
-    BOOST_CHECK_EQUAL(metrics.totalDDSupply, MAX_DIGIDOLLAR);
+    BOOST_CHECK_EQUAL(metrics.totalDDSupply, bigMint);
 
-    // Second mint should still be capped
+    // Second mint still fits in CAmount and must be accounted exactly.
     DigiDollar::SystemHealthMonitor::OnMintConnected(bigMint, 100 * COIN);
     metrics = DigiDollar::SystemHealthMonitor::GetCachedMetrics();
-    BOOST_CHECK_EQUAL(metrics.totalDDSupply, MAX_DIGIDOLLAR);
+    BOOST_CHECK_EQUAL(metrics.totalDDSupply, bigMint * 2);
 
-    // Verify no overflow
-    BOOST_CHECK(metrics.totalDDSupply > 0);
-    BOOST_CHECK(metrics.totalDDSupply <= MAX_DIGIDOLLAR);
+    // A true int64 overflow attempt is clamped at CAmount max.
+    DigiDollar::SystemHealthMonitor::OnMintConnected(2, 100 * COIN);
+    metrics = DigiDollar::SystemHealthMonitor::GetCachedMetrics();
+    BOOST_CHECK_EQUAL(metrics.totalDDSupply, std::numeric_limits<CAmount>::max());
 
     DigiDollar::SystemHealthMonitor::ResetMetrics();
 }
diff --git a/src/test/digidollar_rh16_reorg_attacks_tests.cpp b/src/test/digidollar_rh16_reorg_attacks_tests.cpp
index dd29146a18..52f3763eed 100644
--- a/src/test/digidollar_rh16_reorg_attacks_tests.cpp
+++ b/src/test/digidollar_rh16_reorg_attacks_tests.cpp
@@ -205,12 +205,14 @@ BOOST_AUTO_TEST_CASE(rh16_clamp_to_zero_hides_double_disconnect)
 
 BOOST_AUTO_TEST_CASE(rh16_overflow_after_reorg_reconnect)
 {
-    // ATTACK: Get supply near MAX_DIGIDOLLAR, disconnect, then reconnect
-    // with a different (larger) amount. Does overflow protection still work?
+    // ATTACK: Get supply near MAX_DIGIDOLLAR, connect a normal valid-size mint,
+    // then reorg it out. The incremental cache must return to the exact
+    // pre-connect value even when the connected mint crosses the local cap.
     DigiDollar::SystemHealthMonitor::ResetMetrics();
 
     const CAmount nearMax = MAX_DIGIDOLLAR - 100;
     const CAmount smallMint = 50;
+    const CAmount validMint = 10000000; // Default maxMintAmount ($100k in cents)
 
     // Set supply near max
     DigiDollar::SystemHealthMonitor::OnMintConnected(nearMax, 1000 * COIN);
@@ -222,29 +224,19 @@ BOOST_AUTO_TEST_CASE(rh16_overflow_after_reorg_reconnect)
     metrics = DigiDollar::SystemHealthMonitor::GetCachedMetrics();
     BOOST_CHECK_EQUAL(metrics.totalDDSupply, nearMax + smallMint);
 
-    // Try to overflow with huge mint
-    const CAmount hugeMint = MAX_DIGIDOLLAR;
-    DigiDollar::SystemHealthMonitor::OnMintConnected(hugeMint, 1000 * COIN);
-    metrics = DigiDollar::SystemHealthMonitor::GetCachedMetrics();
-    // Should be capped at MAX_DIGIDOLLAR, not overflow
-    BOOST_CHECK_EQUAL(metrics.totalDDSupply, MAX_DIGIDOLLAR);
-
-    // Now disconnect the huge mint — since it was capped, how much do we subtract?
-    // VULNERABILITY: We disconnect hugeMint amount, but only MAX_DIGIDOLLAR was recorded.
-    // After disconnect: MAX_DIGIDOLLAR - hugeMint could be negative → clamped to 0
-    // But the actual state should be nearMax + smallMint.
-    DigiDollar::SystemHealthMonitor::OnMintDisconnected(hugeMint, 1000 * COIN);
-    metrics = DigiDollar::SystemHealthMonitor::GetCachedMetrics();
+    const CAmount beforeReorg = metrics.totalDDSupply;
 
-    // EXPLOIT CONFIRMED: Supply is now 0 (clamped) instead of nearMax + smallMint
-    // The overflow cap during connect + raw subtraction during disconnect = supply loss
-    BOOST_CHECK_MESSAGE(metrics.totalDDSupply == 0,
-        "Expected supply drift to 0 due to cap+disconnect asymmetry. Got: " +
-        std::to_string(metrics.totalDDSupply));
+    // A valid-size mint crossing the cap must still be reversible. Current code
+    // caps the connected total to MAX_DIGIDOLLAR, then subtracts the full mint
+    // on disconnect, losing valid pre-existing supply.
+    DigiDollar::SystemHealthMonitor::OnMintConnected(validMint, 1000 * COIN);
+    DigiDollar::SystemHealthMonitor::OnMintDisconnected(validMint, 1000 * COIN);
+    metrics = DigiDollar::SystemHealthMonitor::GetCachedMetrics();
 
-    // Document the expected correct value for when this is fixed:
-    // BOOST_CHECK_EQUAL(metrics.totalDDSupply, nearMax + smallMint);
-    // ^^^ This is what it SHOULD be after fix
+    BOOST_CHECK_MESSAGE(metrics.totalDDSupply == beforeReorg,
+        "Reorg supply drift after valid mint crossing cap: got " +
+        std::to_string(metrics.totalDDSupply) + " expected " +
+        std::to_string(beforeReorg));
 }
 
 // =============================================================================
diff --git a/src/test/digidollar_skip_oracle_tests.cpp b/src/test/digidollar_skip_oracle_tests.cpp
index 6b4cd3e58d..2006f0544b 100644
--- a/src/test/digidollar_skip_oracle_tests.cpp
+++ b/src/test/digidollar_skip_oracle_tests.cpp
@@ -95,8 +95,8 @@ BOOST_FIXTURE_TEST_CASE(skip_oracle_allows_insufficient_collateral_exploit, Basi
     // (dust+) collateral for $100 DD. At $0.50/DGB with 500% ratio, the
     // real requirement is ~10 DGB (1,000,000,000 sats).
     //
-    // With skipOracleValidation=true (the current bug in ConnectBlock),
-    // collateral ratio validation is skipped entirely, so this passes.
+    // Before DD-RH-115, skipOracleValidation=true skipped collateral ratio
+    // validation entirely, so this passed only for IBD/catch-up nodes.
 
     CKey testKey;
     testKey.MakeNewKey(true);
@@ -114,8 +114,9 @@ BOOST_FIXTURE_TEST_CASE(skip_oracle_allows_insufficient_collateral_exploit, Basi
     CMutableTransaction mtx = BuildMintTx(ownerKey, trivialCollateral, currentHeight);
     CTransaction tx(mtx);
 
-    // With skipOracleValidation=true (the bug): collateral check is SKIPPED
-    // This passes because no economic validation occurs
+    // With skipOracleValidation=true, local sync state must not change the
+    // consensus result: a post-activation mint still needs oracle-backed
+    // collateral validation.
     {
         DigiDollar::ValidationContext ctx(currentHeight, oraclePrice, 150, Params(),
                                           nullptr, true /* skipOracleValidation */);
@@ -123,11 +124,11 @@ BOOST_FIXTURE_TEST_CASE(skip_oracle_allows_insufficient_collateral_exploit, Basi
         bool result = DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state);
         BOOST_TEST_MESSAGE("skipOracle=true, trivial collateral result: " +
                           std::to_string(result) + " reason: " + state.GetRejectReason());
-        // This documents the bug: with skipOracle=true, insufficient collateral passes
-        // After the fix, this STILL passes in IBD mode (skipOracle=true) because
-        // historical blocks already passed consensus when they were first validated.
-        BOOST_CHECK_MESSAGE(result,
-            "IBD mode should allow through historical blocks (skipOracle=true)");
+        BOOST_CHECK_MESSAGE(!result,
+            "SECURITY BUG [DD-RH-115]: skipOracleValidation=true bypasses "
+            "collateral ratio, so IBD/catch-up nodes can accept an "
+            "undercollateralized mint rejected by caught-up nodes");
+        BOOST_CHECK_EQUAL(state.GetRejectReason(), "insufficient-collateral");
     }
 
     // With skipOracleValidation=false (the fix for non-IBD blocks): this MUST FAIL
@@ -146,8 +147,9 @@ BOOST_FIXTURE_TEST_CASE(skip_oracle_allows_insufficient_collateral_exploit, Basi
 
 BOOST_FIXTURE_TEST_CASE(non_ibd_rejects_zero_oracle_price, BasicTestingSetup)
 {
-    // When NOT in IBD, oracle price must be available and positive.
-    // Zero oracle price should cause rejection (fail-closed).
+    // Oracle price must be available and positive for mint validation in every
+    // local sync state. Otherwise IBD/catch-up nodes can accept blocks that
+    // caught-up nodes reject.
 
     CKey testKey;
     testKey.MakeNewKey(true);
@@ -175,7 +177,7 @@ BOOST_FIXTURE_TEST_CASE(non_ibd_rejects_zero_oracle_price, BasicTestingSetup)
         BOOST_CHECK_EQUAL(state.GetRejectReason(), "bad-oracle-price");
     }
 
-    // IBD with oracle price = 0: allowed (oracle may not be available during sync)
+    // IBD/catch-up with oracle price = 0: also rejected.
     {
         DigiDollar::ValidationContext ctx(currentHeight, 0, 150, Params(),
                                           nullptr, true /* IBD mode */);
@@ -183,7 +185,9 @@ BOOST_FIXTURE_TEST_CASE(non_ibd_rejects_zero_oracle_price, BasicTestingSetup)
         bool result = DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state);
         BOOST_TEST_MESSAGE("IBD, zero oracle result: " +
                           std::to_string(result) + " reason: " + state.GetRejectReason());
-        BOOST_CHECK(result);
+        BOOST_CHECK_MESSAGE(!result,
+            "SECURITY BUG [DD-RH-115]: IBD/catch-up mint accepted with zero oracle price");
+        BOOST_CHECK_EQUAL(state.GetRejectReason(), "bad-oracle-price");
     }
 }
 
@@ -248,9 +252,9 @@ BOOST_FIXTURE_TEST_CASE(valid_mint_passes_non_ibd, BasicTestingSetup)
 
 BOOST_FIXTURE_TEST_CASE(ibd_err_blocks_minting_with_nonzero_supply, BasicTestingSetup)
 {
-    // Reproduce the exact IBD failure: after earlier mints increment totalDDSupply,
-    // ShouldBlockMintingDuringERR() blocks minting because oracle price is 0 (fail-closed).
-    // With skipOracleValidation=true (IBD mode), the ERR check should be skipped.
+    // Regression: after earlier mints increment totalDDSupply, the IBD/catch-up
+    // path still must fail closed on zero oracle price before any local ERR
+    // state can make the result node-dependent.
 
     CKey testKey;
     testKey.MakeNewKey(true);
@@ -274,9 +278,8 @@ BOOST_FIXTURE_TEST_CASE(ibd_err_blocks_minting_with_nonzero_supply, BasicTesting
     CMutableTransaction mtx = BuildMintTx(ownerKey, generousCollateral, currentHeight);
     CTransaction tx(mtx);
 
-    // IBD mode: oracle price is 0 (no oracles running during sync), skipOracle=true
-    // BUG: ShouldBlockMintingDuringERR does NOT check skipOracleValidation,
-    // so it calls ShouldBlockMinting(0) which fails-closed → "minting-blocked-during-err"
+    // IBD/catch-up mode: oracle price is 0, so the mint must be rejected
+    // deterministically with the same reason as a caught-up node.
     {
         DigiDollar::ValidationContext ctx(currentHeight, 0 /* no oracle in IBD */, 150, Params(),
                                           nullptr, true /* skipOracleValidation = IBD mode */);
@@ -284,11 +287,9 @@ BOOST_FIXTURE_TEST_CASE(ibd_err_blocks_minting_with_nonzero_supply, BasicTesting
         bool result = DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state);
         BOOST_TEST_MESSAGE("IBD + nonzero supply + zero oracle: result=" +
                           std::to_string(result) + " reason=" + state.GetRejectReason());
-        BOOST_CHECK_MESSAGE(result,
-            "IBD BUG: Mint blocked during IBD with reason: " + state.GetRejectReason() +
-            " — new nodes cannot sync past this block!");
-        // Before fix: fails with "minting-blocked-during-err"
-        // After fix: passes (ERR check skipped during IBD)
+        BOOST_CHECK_MESSAGE(!result,
+            "SECURITY BUG [DD-RH-115]: IBD/catch-up mint accepted with zero oracle price");
+        BOOST_CHECK_EQUAL(state.GetRejectReason(), "bad-oracle-price");
     }
 
     // Non-IBD mode with zero oracle: should STILL block (fail-closed is correct for live nodes)
diff --git a/src/test/digidollar_transfer_tests.cpp b/src/test/digidollar_transfer_tests.cpp
index e0e7d28188..f0835d2b8e 100644
--- a/src/test/digidollar_transfer_tests.cpp
+++ b/src/test/digidollar_transfer_tests.cpp
@@ -223,7 +223,7 @@ struct DDTransferTestFixture : public TestingSetup {
 
         // Add some mock UTXOs
         params.ddUtxos.push_back(CreateMockDDUTXO(TEST_DD_AMOUNT));
-        params.feeUtxos.push_back(CreateMockDGBUTXO(100000)); // 0.001 DGB for fees
+        params.feeUtxos.push_back(CreateMockDGBUTXO(COIN)); // 1 DGB for fees
 
         return params;
     }
@@ -276,8 +276,8 @@ BOOST_FIXTURE_TEST_CASE(test_transfer_with_change, DDTransferTestFixture)
         BOOST_TEST_MESSAGE("Transfer failed: " << result.error);
     }
     BOOST_CHECK(result.success);
-    // Outputs: recipient P2TR + change P2TR + OP_RETURN = 3
-    BOOST_CHECK_EQUAL(result.tx.vout.size(), 3); // recipient + change + OP_RETURN
+    // Outputs: recipient P2TR + DD change P2TR + DGB fee change + OP_RETURN = 4
+    BOOST_CHECK_EQUAL(result.tx.vout.size(), 4);
 }
 
 BOOST_FIXTURE_TEST_CASE(test_multiple_dd_inputs_consolidation, DDTransferTestFixture)
@@ -723,7 +723,7 @@ BOOST_FIXTURE_TEST_CASE(test_multiple_dd_inputs_assembly, DDTransferTestFixture)
     params.recipients = {{CreateDDAddress(recipientKey.GetPubKey()), 15000}}; // $150.00
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     // Create 5 small UTXOs
     for (int i = 0; i < 5; ++i) {
@@ -760,7 +760,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_input_count_matches_utxo_count, DDTransferTestFi
         params.recipients = {{recipientAddr, count * 1000}}; // $10.00 per UTXO
         params.feeRate = 100000; // 100,000 sat/kB
         params.spenderKey = senderKey;
-        params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+        params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
         for (int i = 0; i < count; ++i) {
             params.ddUtxos.push_back(CreateMockDDUTXO(1000));
@@ -802,7 +802,7 @@ BOOST_FIXTURE_TEST_CASE(test_build_transfer_outputs, DDTransferTestFixture)
     params.ddUtxos.push_back(CreateMockDDUTXO(25000)); // $250
 
     // Add fee UTXOs
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000)); // 0.001 DGB
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN)); // 1 DGB
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -845,7 +845,7 @@ BOOST_FIXTURE_TEST_CASE(test_single_recipient_output, DDTransferTestFixture)
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(30000)); // Exact amount
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -882,7 +882,7 @@ BOOST_FIXTURE_TEST_CASE(test_output_p2tr_script_format, DDTransferTestFixture)
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(10000));
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -936,7 +936,7 @@ BOOST_FIXTURE_TEST_CASE(test_all_recipients_get_outputs, DDTransferTestFixture)
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(60000)); // Exact total
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -981,7 +981,7 @@ BOOST_FIXTURE_TEST_CASE(test_output_amounts_match_requested, DDTransferTestFixtu
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(amount1 + amount2));
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1018,7 +1018,7 @@ BOOST_FIXTURE_TEST_CASE(test_fee_inputs_added, DDTransferTestFixture)
 {
     // Arrange: Create transfer params with fee inputs
     COutPoint ddUtxo = CreateMockDDUTXO(50000);  // $500.00
-    COutPoint feeUtxo = CreateMockDGBUTXO(100000); // 0.001 DGB for fees
+    COutPoint feeUtxo = CreateMockDGBUTXO(COIN); // 1 DGB for fees
 
     std::string recipientAddr = CreateDDAddress(recipientKey.GetPubKey());
 
@@ -1063,7 +1063,7 @@ BOOST_FIXTURE_TEST_CASE(test_transaction_finalization, DDTransferTestFixture)
 
     // Create DD UTXO with sufficient balance
     params.ddUtxos.push_back(CreateMockDDUTXO(50000)); // Exact amount
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000)); // Fee UTXO
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN)); // Fee UTXO
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1097,7 +1097,7 @@ BOOST_FIXTURE_TEST_CASE(test_transaction_version_and_locktime, DDTransferTestFix
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(25000));
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1121,7 +1121,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_amount_balance_verification, DDTransferTestFixtu
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(30000)); // Exact balance
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1163,7 +1163,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_amount_mismatch_detection, DDTransferTestFixture
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(30000)); // Only $300.00 (insufficient!)
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1176,6 +1176,42 @@ BOOST_FIXTURE_TEST_CASE(test_dd_amount_mismatch_detection, DDTransferTestFixture
     BOOST_CHECK(result.error.find("Insufficient") != std::string::npos);
 }
 
+BOOST_FIXTURE_TEST_CASE(transfer_rejects_malformed_opreturn_without_throwing, DDTransferTestFixture)
+{
+    CMutableTransaction tx;
+    tx.SetDigiDollarType(::DD_TX_TRANSFER);
+    tx.vin.push_back(CTxIn(CreateMockDDUTXO(TEST_DD_AMOUNT)));
+
+    XOnlyPubKey recipientXOnly(recipientKey.GetPubKey());
+    tx.vout.push_back(CTxOut(0, DigiDollar::CreateDigiDollarP2TR(recipientXOnly, TEST_DD_AMOUNT)));
+
+    CScript malformedType;
+    malformedType << OP_RETURN
+                  << std::vector<unsigned char>{'D', 'D'}
+                  << std::vector<unsigned char>(5, 0x01)
+                  << CScriptNum(TEST_DD_AMOUNT);
+    tx.vout.push_back(CTxOut(0, malformedType));
+
+    TxValidationState state;
+    DigiDollar::ValidationContext ctx(currentHeight, oraclePrice, systemCollateral, chainParams);
+
+    bool valid = true;
+    BOOST_CHECK_NO_THROW(valid = DigiDollar::ValidateTransferTransaction(CTransaction(tx), ctx, state));
+    BOOST_CHECK(!valid);
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "transfer-malformed-op-return");
+
+    tx.vout.back().scriptPubKey = CScript() << OP_RETURN
+                                            << std::vector<unsigned char>{'D', 'D'}
+                                            << CScriptNum(2)
+                                            << std::vector<unsigned char>(9, 0x01);
+
+    state = TxValidationState();
+    valid = true;
+    BOOST_CHECK_NO_THROW(valid = DigiDollar::ValidateTransferTransaction(CTransaction(tx), ctx, state));
+    BOOST_CHECK(!valid);
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "transfer-malformed-op-return");
+}
+
 BOOST_FIXTURE_TEST_CASE(test_empty_inputs_validation, DDTransferTestFixture)
 {
     // Arrange: Create params with no DD inputs
@@ -1186,7 +1222,7 @@ BOOST_FIXTURE_TEST_CASE(test_empty_inputs_validation, DDTransferTestFixture)
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     // No ddUtxos provided!
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1206,7 +1242,7 @@ BOOST_FIXTURE_TEST_CASE(test_empty_outputs_validation, DDTransferTestFixture)
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(10000));
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1228,7 +1264,7 @@ BOOST_FIXTURE_TEST_CASE(test_complete_transaction_structure, DDTransferTestFixtu
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(40000));
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(COIN));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -1514,7 +1550,7 @@ BOOST_FIXTURE_TEST_CASE(test_transfer_broadcasts_to_network, DDTransferTestFixtu
     params.spenderKey = ownerKey;
     params.ddUtxos = {mint_dd_utxo};
     params.ddAmounts = {mint_amount};  // Provide DD amounts for mock UTXO
-    params.feeUtxos = {CreateMockDGBUTXO(100000)};
+    params.feeUtxos = {CreateMockDGBUTXO(COIN)};
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
     TxBuilderResult result = builder.BuildTransferTransaction(params);
@@ -1687,4 +1723,4 @@ BOOST_FIXTURE_TEST_CASE(test_receive_dd_from_transfer, DDTransferTestFixture)
     LogPrintf("  - Sender time-lock active: %d\n", sender_positions[0].is_active);
 }
 
-BOOST_AUTO_TEST_SUITE_END()
\ No newline at end of file
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_txbuilder_tests.cpp b/src/test/digidollar_txbuilder_tests.cpp
index 7dffa32b53..f3354ced7a 100644
--- a/src/test/digidollar_txbuilder_tests.cpp
+++ b/src/test/digidollar_txbuilder_tests.cpp
@@ -235,6 +235,36 @@ BOOST_AUTO_TEST_CASE(transfer_transaction_basic)
     BOOST_CHECK(::GetDigiDollarTxType(CTransaction(result.tx)) == ::DD_TX_TRANSFER);
 }
 
+BOOST_AUTO_TEST_CASE(transfer_rejects_underfunded_fee_inputs)
+{
+    const CChainParams& params = Params();
+    int height = 1000;
+    CAmount price = 10000; // $0.01 per DGB (10,000 micro-USD)
+
+    TestTransferTxBuilder builder(params, height, price);
+
+    CKey recipient = CreateTestKey();
+    CTxDestination dest{WitnessV1Taproot(XOnlyPubKey(recipient.GetPubKey()))};
+    std::string addr = DigiDollar::EncodeDigiDollarAddress(dest, params);
+
+    uint256 feeHash;
+    feeHash.SetHex("abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890");
+
+    TxBuilderTransferParams transferParams;
+    transferParams.recipients = {{addr, 5000}};
+    transferParams.feeRate = 35000000;
+    transferParams.ddUtxos = CreateTestUTXOs(1);
+    transferParams.ddAmounts = {5000};
+    transferParams.feeUtxos = {COutPoint(feeHash, 0)};
+    transferParams.feeAmounts = {1};
+    transferParams.spenderKey = CreateTestKey();
+
+    TxBuilderResult result = builder.BuildTransferTransaction(transferParams);
+
+    BOOST_CHECK(!result.success);
+    BOOST_CHECK(result.error.find("Insufficient DGB fee input") != std::string::npos);
+}
+
 BOOST_AUTO_TEST_CASE(transfer_transaction_invalid_address)
 {
     const CChainParams& params = Params();
@@ -599,4 +629,4 @@ BOOST_AUTO_TEST_CASE(consolidation_input_weight_budget)
                    (size_t)MAX_STANDARD_TX_WEIGHT);
 }
 
-BOOST_AUTO_TEST_SUITE_END()
\ No newline at end of file
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_validation_tests.cpp b/src/test/digidollar_validation_tests.cpp
index 7f8895179d..9e34df16c4 100644
--- a/src/test/digidollar_validation_tests.cpp
+++ b/src/test/digidollar_validation_tests.cpp
@@ -64,6 +64,18 @@ static CScript MakeDDOpReturnScript(int tx_type, const std::vector<CAmount>& amo
     return opReturn;
 }
 
+static CScript MakeLegacyDDOpReturnScript(CAmount amount)
+{
+    std::vector<unsigned char> amountBytes(8);
+    for (int i = 0; i < 8; ++i) {
+        amountBytes[i] = static_cast<unsigned char>((amount >> (i * 8)) & 0xff);
+    }
+
+    CScript opReturn;
+    opReturn << OP_RETURN << OP_DIGIDOLLAR << amountBytes;
+    return opReturn;
+}
+
 // ============================================================================
 // Script Type Detection Tests
 // ============================================================================
@@ -3130,6 +3142,75 @@ BOOST_FIXTURE_TEST_CASE(bug8_transfer_conservation_utxo_valid, DigiDollarValidat
     BOOST_CHECK_MESSAGE(result, "Valid transfer should pass, got error: " + state.GetRejectReason());
 }
 
+BOOST_FIXTURE_TEST_CASE(transfer_rejects_noncanonical_taproot_like_output, DigiDollarValidationTestSetup)
+{
+    const CAmount ddAmount = 10000;
+    const CScript inputScript = DigiDollar::CreateDigiDollarP2TR(testXOnlyKey, ddAmount);
+
+    CScript malformedOutputScript;
+    malformedOutputScript << OP_1 << OP_DROP << OP_TRUE;
+    while (malformedOutputScript.size() < 34) {
+        malformedOutputScript << OP_NOP;
+    }
+    BOOST_REQUIRE_EQUAL(malformedOutputScript.size(), 34);
+    BOOST_REQUIRE_NE(malformedOutputScript[1], 32);
+
+    CCoinsView baseView;
+    CCoinsViewCache coinsView(&baseView);
+
+    const COutPoint prevOut(uint256S("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"), 0);
+    coinsView.AddCoin(prevOut, Coin(CTxOut(0, inputScript), 500, false), false);
+
+    CMutableTransaction mtx;
+    mtx.nVersion = 0x02000770;
+    mtx.vin.push_back(CTxIn(prevOut));
+    mtx.vout.push_back(CTxOut(0, malformedOutputScript));
+    mtx.vout.push_back(CTxOut(0, MakeDDOpReturnScript(2, {ddAmount})));
+
+    DigiDollar::ValidationContext ctxWithCoins(1000, 500000, 150, Params(), &coinsView);
+    TxValidationState state;
+
+    const bool result = DigiDollar::ValidateTransferTransaction(CTransaction(mtx), ctxWithCoins, state);
+    BOOST_CHECK_MESSAGE(!result, "Transfer must reject non-canonical OP_1 scripts as DD outputs");
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "bad-dd-script");
+}
+
+BOOST_FIXTURE_TEST_CASE(transfer_rejects_unresolved_zero_value_input_when_other_input_resolves, DigiDollarValidationTestSetup)
+{
+    const CAmount ddAmount = 10000;
+
+    CScript knownInputScript = DigiDollar::CreateDigiDollarP2TR(testXOnlyKey, ddAmount);
+    CScript outputScript = DigiDollar::CreateDigiDollarP2TR(testXOnlyKey, ddAmount);
+
+    CScript unresolvedZeroValueP2TR;
+    unresolvedZeroValueP2TR << OP_1 << std::vector<unsigned char>(32, 0x42);
+
+    CCoinsView baseView;
+    CCoinsViewCache coinsView(&baseView);
+
+    const COutPoint knownPrevOut(uint256S("abababababababababababababababababababababababababababababababab"), 0);
+    coinsView.AddCoin(knownPrevOut, Coin(CTxOut(0, knownInputScript), 500, false), false);
+
+    const COutPoint unresolvedPrevOut(uint256S("bcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbcbc"), 0);
+    coinsView.AddCoin(unresolvedPrevOut, Coin(CTxOut(0, unresolvedZeroValueP2TR), 500, false), false);
+
+    CMutableTransaction mtx;
+    mtx.nVersion = 0x02000770;
+    mtx.vin.push_back(CTxIn(knownPrevOut));
+    mtx.vin.push_back(CTxIn(unresolvedPrevOut));
+    mtx.vout.push_back(CTxOut(0, outputScript));
+    mtx.vout.push_back(CTxOut(0, MakeDDOpReturnScript(2, {ddAmount})));
+
+    auto noLookup = [](const uint256&, uint32_t, CTransactionRef&) { return false; };
+    DigiDollar::ValidationContext ctxWithCoins(1000, 500000, 150, Params(), &coinsView, false, noLookup);
+    TxValidationState state;
+
+    const bool result = DigiDollar::ValidateTransferTransaction(CTransaction(mtx), ctxWithCoins, state);
+    BOOST_CHECK_MESSAGE(!result,
+                        "DD transfer must reject any zero-value input whose DD amount cannot be resolved");
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "dd-input-amounts-unknown");
+}
+
 BOOST_FIXTURE_TEST_CASE(transfer_rejects_first_opreturn_amount_spoof, DigiDollarValidationTestSetup)
 {
     const CAmount realAmount = 10000;
@@ -3291,6 +3372,153 @@ BOOST_FIXTURE_TEST_CASE(mint_accounting_extraction_allows_change_before_opreturn
     BOOST_CHECK_EQUAL(extractedCollateral, collateral);
 }
 
+BOOST_FIXTURE_TEST_CASE(mint_accounting_ignores_legacy_opreturn_spoof, DigiDollarValidationTestSetup)
+{
+    const CAmount ddAmount = 20000;
+    const CAmount spoofedDD = 10000;
+    const int64_t lockBlocks = DigiDollar::LockDaysToBlocks(30);
+    const int64_t lockHeight = mockHeight + lockBlocks;
+    const CAmount collateral = DigiDollar::CalculateRequiredCollateral(ddAmount, lockBlocks, validationContext);
+    BOOST_REQUIRE_GT(collateral, 0);
+
+    DigiDollar::MintParams params;
+    params.ddAmount = ddAmount;
+    params.lockHeight = lockHeight;
+    params.ownerKey = testXOnlyKey;
+    params.internalKey = DigiDollar::GetCollateralNUMSKey();
+    params.oracleKeys = DigiDollar::GetOracleKeys(15);
+
+    const CScript legacySpoof = MakeLegacyDDOpReturnScript(spoofedDD);
+    const CScript collateralScript = DigiDollar::CreateCollateralP2TR(params);
+    const CScript ddScript = DigiDollar::CreateDigiDollarP2TR(testXOnlyKey, ddAmount);
+    BOOST_REQUIRE(!collateralScript.empty());
+    BOOST_REQUIRE(!ddScript.empty());
+
+    CPubKey ownerPubKey = testKey.GetPubKey();
+    XOnlyPubKey ownerXOnly(ownerPubKey);
+    CScript modernOpReturn;
+    modernOpReturn << OP_RETURN
+                   << std::vector<unsigned char>{'D', 'D'}
+                   << CScriptNum(1)
+                   << CScriptNum(ddAmount)
+                   << CScriptNum(lockHeight)
+                   << CScriptNum(1)
+                   << std::vector<unsigned char>(ownerXOnly.begin(), ownerXOnly.end());
+
+    CMutableTransaction mtx;
+    mtx.nVersion = 0x01000770;
+    mtx.vin.push_back(CTxIn(COutPoint(uint256S("8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f8f"), 0)));
+    mtx.vout.push_back(CTxOut(0, legacySpoof));
+    mtx.vout.push_back(CTxOut(collateral, collateralScript));
+    mtx.vout.push_back(CTxOut(0, ddScript));
+    mtx.vout.push_back(CTxOut(0, modernOpReturn));
+    const CTransaction tx(mtx);
+
+    TxValidationState state;
+    BOOST_REQUIRE_MESSAGE(DigiDollar::ValidateMintTransaction(tx, validationContext, state),
+                          "legacy spoof must not make an otherwise valid mint fail validation: " + state.GetRejectReason());
+
+    CAmount extractedDD = 0;
+    CAmount extractedCollateral = 0;
+    BOOST_REQUIRE(DigiDollar::ExtractMintAccountingAmounts(tx, extractedDD, extractedCollateral));
+    BOOST_CHECK_EQUAL(extractedDD, ddAmount);
+    BOOST_CHECK_EQUAL(extractedCollateral, collateral);
+}
+
+BOOST_FIXTURE_TEST_CASE(redemption_uses_authoritative_mint_amount_before_script_metadata, DigiDollarValidationTestSetup)
+{
+    const CAmount originalDD = 50000;
+    const CAmount poisonedDD = 10000;
+    const int64_t lockBlocks = DigiDollar::LockDaysToBlocks(30);
+    const int64_t lockHeight = mockHeight + lockBlocks;
+    const CAmount lockedCollateral = DigiDollar::CalculateRequiredCollateral(originalDD, lockBlocks, validationContext);
+    BOOST_REQUIRE_GT(lockedCollateral, 0);
+
+    DigiDollar::MintParams originalParams;
+    originalParams.ddAmount = originalDD;
+    originalParams.lockHeight = lockHeight;
+    originalParams.ownerKey = testXOnlyKey;
+    originalParams.internalKey = DigiDollar::GetCollateralNUMSKey();
+    originalParams.oracleKeys = DigiDollar::GetOracleKeys(15);
+
+    const CScript collateralScript = DigiDollar::CreateCollateralP2TR(originalParams);
+    BOOST_REQUIRE(!collateralScript.empty());
+
+    CScript mintOpReturn;
+    mintOpReturn << OP_RETURN
+                 << std::vector<unsigned char>{'D', 'D'}
+                 << CScriptNum(1)
+                 << CScriptNum(originalDD)
+                 << CScriptNum(lockHeight)
+                 << CScriptNum(1)
+                 << std::vector<unsigned char>(testXOnlyKey.begin(), testXOnlyKey.end());
+
+    CMutableTransaction originalMint;
+    originalMint.nVersion = 0x01000770;
+    originalMint.vin.push_back(CTxIn(COutPoint(uint256S("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"), 0)));
+    originalMint.vout.push_back(CTxOut(lockedCollateral, collateralScript));
+    originalMint.vout.push_back(CTxOut(0, DigiDollar::CreateDigiDollarP2TR(testXOnlyKey, originalDD)));
+    originalMint.vout.push_back(CTxOut(0, mintOpReturn));
+    const CTransaction originalMintTx(originalMint);
+
+    CScript poisonedMintOpReturn;
+    poisonedMintOpReturn << OP_RETURN
+                         << std::vector<unsigned char>{'D', 'D'}
+                         << CScriptNum(1)
+                         << CScriptNum(poisonedDD)
+                         << CScriptNum(lockHeight)
+                         << CScriptNum(1)
+                         << std::vector<unsigned char>(testXOnlyKey.begin(), testXOnlyKey.end());
+
+    CMutableTransaction poisonedMint;
+    poisonedMint.nVersion = 0x01000770;
+    poisonedMint.vin.push_back(CTxIn(COutPoint(uint256S("dededededededededededededededededededededededededededededededede"), 0)));
+    poisonedMint.vout.push_back(CTxOut(546, collateralScript));
+    poisonedMint.vout.push_back(CTxOut(0, DigiDollar::CreateDigiDollarP2TR(testXOnlyKey, poisonedDD)));
+    poisonedMint.vout.push_back(CTxOut(0, poisonedMintOpReturn));
+
+    TxValidationState poisonedState;
+    BOOST_CHECK_MESSAGE(!DigiDollar::ValidateMintTransaction(CTransaction(poisonedMint), validationContext, poisonedState),
+                        "poison mint must be rejected but must not affect later redemption accounting");
+    BOOST_CHECK_EQUAL(poisonedState.GetRejectReason(), "insufficient-collateral");
+
+    DigiDollar::ScriptMetadata poisonedMetadata;
+    BOOST_REQUIRE(DigiDollar::GetScriptMetadata(collateralScript, poisonedMetadata));
+    BOOST_REQUIRE_EQUAL(poisonedMetadata.ddAmount, poisonedDD);
+
+    CCoinsView baseView;
+    CCoinsViewCache coinsView(&baseView);
+    const COutPoint collateralOut(originalMintTx.GetHash(), 0);
+    coinsView.AddCoin(collateralOut, Coin(CTxOut(lockedCollateral, collateralScript), 500, false), false);
+
+    const CScript burnScript = DigiDollar::CreateDigiDollarP2TR(testXOnlyKey, poisonedDD);
+    const COutPoint ddBurnOut(uint256S("efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef"), 0);
+    coinsView.AddCoin(ddBurnOut, Coin(CTxOut(0, burnScript), 500, false), false);
+
+    CMutableTransaction redeem;
+    redeem.nVersion = 0x03000770;
+    redeem.nLockTime = lockHeight;
+    redeem.vin.push_back(CTxIn(collateralOut));
+    redeem.vin.push_back(CTxIn(ddBurnOut));
+    redeem.vout.push_back(CTxOut(lockedCollateral, GetScriptForDestination(PKHash(testPubKey))));
+    redeem.vout.push_back(CTxOut(0, MakeDDOpReturnScript(3, {poisonedDD})));
+
+    auto lookupOriginalMint = [mintRef = MakeTransactionRef(originalMintTx)](const uint256& txid,
+                                                                            uint32_t coinHeight,
+                                                                            CTransactionRef& tx_out) {
+        if (coinHeight != 500 || txid != mintRef->GetHash()) return false;
+        tx_out = mintRef;
+        return true;
+    };
+
+    DigiDollar::ValidationContext ctxWithLookup(lockHeight + 1, 500000, 150, Params(), &coinsView, false, lookupOriginalMint);
+    TxValidationState redeemState;
+    const bool redeemAccepted = DigiDollar::ValidateRedemptionTransaction(CTransaction(redeem), ctxWithLookup, redeemState);
+    BOOST_CHECK_MESSAGE(!redeemAccepted,
+                        "redemption must require burning the original mint amount from the creating transaction, not poisoned script metadata");
+    BOOST_CHECK_EQUAL(redeemState.GetRejectReason(), "bad-collateral-release-partial-burn");
+}
+
 // ============================================================================
 // Bug #4: Collateral Release Validation Tests
 // ============================================================================
diff --git a/src/test/oracle_miner_tests.cpp b/src/test/oracle_miner_tests.cpp
index 2391f04a65..a825ce9f7e 100644
--- a/src/test/oracle_miner_tests.cpp
+++ b/src/test/oracle_miner_tests.cpp
@@ -333,6 +333,12 @@ BOOST_AUTO_TEST_CASE(create_new_block_includes_oracle_bundle)
 
     // WILL FAIL: Oracle bundle not added by CreateNewBlock()
     BOOST_CHECK(found_oracle_opreturn);
+
+    // Regression: CreateNewBlock appends the oracle output after generating the
+    // witness commitment. The returned template must already have the final
+    // merkle root; miners/GBT consumers should not need IncrementExtraNonce()
+    // to repair it.
+    BOOST_CHECK(block.hashMerkleRoot == BlockMerkleRoot(block));
 }
 
 /**
@@ -371,9 +377,9 @@ BOOST_AUTO_TEST_CASE(create_new_block_no_oracle_if_unavailable)
     // Coinbase should have at least miner payout
     BOOST_CHECK_GE(coinbase.vout.size(), 1);
 
-    // Compute and verify merkle root (CreateNewBlock doesn't set it)
-    block.hashMerkleRoot = BlockMerkleRoot(block);
+    // Verify CreateNewBlock returned a populated merkle root.
     BOOST_CHECK(!block.hashMerkleRoot.IsNull());
+    BOOST_CHECK(block.hashMerkleRoot == BlockMerkleRoot(block));
 
     // Test should pass even without oracle bundle (graceful degradation)
     BOOST_CHECK(true);
diff --git a/src/test/rh29_coinbase_oracle_manipulation_tests.cpp b/src/test/rh29_coinbase_oracle_manipulation_tests.cpp
index aee27bf387..42fa25ea5e 100644
--- a/src/test/rh29_coinbase_oracle_manipulation_tests.cpp
+++ b/src/test/rh29_coinbase_oracle_manipulation_tests.cpp
@@ -199,16 +199,9 @@ BOOST_AUTO_TEST_CASE(attack1_extra_data_appended_to_oracle_script)
     COracleBundle bundle;
     bool extracted = manager.ExtractOracleBundle(CTransaction(MakeCoinbaseTx(script, 101)), bundle);
 
-    // The extra push data gets concatenated into the data buffer during extraction.
-    // V01 expects exactly 18 bytes. Extra data means data.size() > 18.
-    // But ExtractOracleBundle for V01 only checks data.size() < 18, not ==18.
     BOOST_TEST_MESSAGE("  Extracted: " << extracted);
-    if (extracted) {
-        BOOST_TEST_MESSAGE("  >>> FINDING: V01 extraction accepts trailing data (no exact size check)");
-        BOOST_TEST_MESSAGE("  >>> Extra bytes after V01 oracle data are silently ignored");
-        BOOST_TEST_MESSAGE("  >>> Malleability risk: same oracle data can have different serializations");
-        BOOST_CHECK_EQUAL(bundle.median_price_micro_usd, price);
-    }
+    BOOST_CHECK_MESSAGE(!extracted,
+        "V01 extraction must reject trailing data so the same oracle payload has one canonical serialization");
 }
 
 BOOST_AUTO_TEST_CASE(attack1_extra_data_appended_v02)
@@ -241,13 +234,9 @@ BOOST_AUTO_TEST_CASE(attack1_extra_data_appended_v02)
     COracleBundle bundle;
     bool extracted = manager.ExtractOracleBundle(CTransaction(MakeCoinbaseTx(script, 101)), bundle);
 
-    // V02 calculates expected_size = 1+1+8+8+N*65 and checks data.size() < expected_size
-    // But does NOT check data.size() > expected_size — trailing bytes allowed
     BOOST_TEST_MESSAGE("  V02 extraction with trailing data: " << extracted);
-    if (extracted) {
-        BOOST_TEST_MESSAGE("  >>> FINDING: V02 extraction accepts trailing data beyond expected_size");
-        BOOST_TEST_MESSAGE("  >>> Script malleability: miners can embed hidden data after oracle payload");
-    }
+    BOOST_CHECK_MESSAGE(!extracted,
+        "V02 extraction must reject trailing data beyond expected_size");
 }
 
 BOOST_AUTO_TEST_CASE(attack1_extra_data_appended_v03)
@@ -325,15 +314,13 @@ BOOST_AUTO_TEST_CASE(attack2_two_oracle_op_returns)
     BOOST_TEST_MESSAGE("  Validation result: " << valid);
     BOOST_TEST_MESSAGE("  State: " << state.ToString());
 
-    // ExtractOracleBundle returns the FIRST match — which price wins?
+    // ExtractOracleBundle should also reject ambiguous oracle outputs rather than
+    // returning the first match and silently ignoring the second.
     OracleBundleManager& manager = OracleBundleManager::GetInstance();
     COracleBundle bundle;
     bool extracted = manager.ExtractOracleBundle(*block.vtx[0], bundle);
-    if (extracted) {
-        BOOST_TEST_MESSAGE("  Extracted price: " << bundle.median_price_micro_usd);
-        BOOST_TEST_MESSAGE("  >>> ExtractOracleBundle returns first OP_ORACLE match");
-        BOOST_TEST_MESSAGE("  >>> Second oracle output (price=99999) is silently ignored");
-    }
+    BOOST_CHECK_MESSAGE(!extracted,
+        "ExtractOracleBundle must reject transactions with multiple OP_ORACLE outputs");
 
     // The block validation should reject this
     if (!valid) {
diff --git a/src/test/rh54_op_oracle_opsuccess_tests.cpp b/src/test/rh54_op_oracle_opsuccess_tests.cpp
index c9121485c3..4350c0a034 100644
--- a/src/test/rh54_op_oracle_opsuccess_tests.cpp
+++ b/src/test/rh54_op_oracle_opsuccess_tests.cpp
@@ -3,72 +3,47 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 /**
- * RH-54: OP_ORACLE incorrectly classified as OP_SUCCESS in Tapscript
- *        (Wave-2 adversarial PoC)
+ * RH-54: DigiDollar Tapscript OP_SUCCESSx activation compatibility
  *
- * Target: src/script/script.cpp::IsOpSuccess
- *
- * Pre-patch behavior:
- *   IsOpSuccess() excluded opcodes 0xbb..0xbe (OP_DIGIDOLLAR..OP_CHECKCOLLATERAL)
- *   from the generic Tapscript OP_SUCCESS range [187..254], but NOT OP_ORACLE
- *   (0xbf = 191). Because OP_ORACLE falls inside 187..254 without exclusion,
- *   `IsOpSuccess(OP_ORACLE) == true` — which means any Tapscript leaf containing
- *   OP_ORACLE becomes **unconditionally spendable** per BIP-342 OP_SUCCESSx
- *   semantics (ExecuteWitnessScript short-circuits the script as a success).
- *
- * Why this is novel (not in bug-hunt report priors):
- *   - C1-C4, H1-H8, M1-M5 and the W1 ledger entries do not cover IsOpSuccess.
- *   - Existing `digidollar_opcodes_tests.cpp` and `digidollar_script_attacks_tests.cpp`
- *     assert opcode semantics via EvalScript but never exercise the OP_SUCCESS
- *     branch of Tapscript execution.
- *
- * Attack model (fund-theft trap):
- *   - DD wallets and third-party DD-aware tooling that treat OP_ORACLE as a
- *     marker opcode (docs describe it as "Oracle price data marker") may
- *     embed it in a Tapscript leaf as a compact tag — e.g., for on-chain
- *     indexing of oracle-related transactions.
- *   - Any P2TR output whose script-path MAST contains OP_ORACLE is spendable
- *     by anyone because the Tapscript execution path short-circuits as success.
- *   - The attacker scans the chain for P2TR outputs whose revealed leaf
- *     includes OP_ORACLE, then takes them with an empty witness / a
- *     well-formed control block.
- *
- * Fix (applied in this commit):
- *   Extend the IsOpSuccess exclusion to cover OP_ORACLE:
- *     if (opcode >= OP_DIGIDOLLAR && opcode <= OP_ORACLE) return false;
- *
- * This test asserts the POST-FIX invariant. Pre-fix it fails; post-fix it
- * passes. The unit-test binary was re-built twice during audit (pre-patch
- * and post-patch) to verify both directions.
+ * DigiDollar uses opcode bytes 0xbb..0xbf. Under BIP342 those bytes are
+ * OP_SUCCESSx before the soft fork activates, so old Taproot nodes accept a
+ * revealed leaf containing them unconditionally. Upgraded nodes must preserve
+ * that pre-activation behavior and only remove the bytes from OP_SUCCESSx when
+ * SCRIPT_VERIFY_DIGIDOLLAR is active.
  */
 
-#include <boost/test/unit_test.hpp>
-
+#include <script/interpreter.h>
 #include <script/script.h>
+#include <script/standard.h>
 #include <test/util/setup_common.h>
+#include <util/strencodings.h>
+
+#include <boost/test/unit_test.hpp>
 
 BOOST_FIXTURE_TEST_SUITE(rh54_op_oracle_opsuccess_tests, BasicTestingSetup)
 
-// All five DD opcodes (0xbb..0xbf) must be excluded from OP_SUCCESSx.
-BOOST_AUTO_TEST_CASE(rh54_all_dd_opcodes_excluded_from_opsuccess)
+static CScript MakeSingleLeafTaproot(const CScript& leaf, CScriptWitness& witness)
 {
-    BOOST_CHECK_MESSAGE(!IsOpSuccess(OP_DIGIDOLLAR),
-        "OP_DIGIDOLLAR must be executable, not OP_SUCCESS");
-    BOOST_CHECK_MESSAGE(!IsOpSuccess(OP_DDVERIFY),
-        "OP_DDVERIFY must be executable, not OP_SUCCESS");
-    BOOST_CHECK_MESSAGE(!IsOpSuccess(OP_CHECKPRICE),
-        "OP_CHECKPRICE must be executable, not OP_SUCCESS");
-    BOOST_CHECK_MESSAGE(!IsOpSuccess(OP_CHECKCOLLATERAL),
-        "OP_CHECKCOLLATERAL must be executable, not OP_SUCCESS");
-    BOOST_CHECK_MESSAGE(!IsOpSuccess(OP_ORACLE),
-        "OP_ORACLE must NOT be OP_SUCCESS — a Tapscript leaf containing "
-        "OP_ORACLE would otherwise be unconditionally spendable by any "
-        "user presenting a valid control block. Fund-theft trap for any "
-        "wallet that treats OP_ORACLE as a marker opcode.");
+    static const std::vector<unsigned char> NUMS_PK{ParseHex("50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0")};
+
+    TaprootBuilder builder;
+    builder.Add(0, leaf, TAPROOT_LEAF_TAPSCRIPT);
+    builder.Finalize(XOnlyPubKey{NUMS_PK});
+
+    witness.stack.emplace_back(leaf.begin(), leaf.end());
+    witness.stack.push_back(*builder.GetSpendData().scripts.begin()->second.begin());
+    return GetScriptForDestination(builder.GetOutput());
+}
+
+BOOST_AUTO_TEST_CASE(rh54_dd_opcodes_remain_raw_bip342_opsuccess)
+{
+    BOOST_CHECK(IsOpSuccess(OP_DIGIDOLLAR));
+    BOOST_CHECK(IsOpSuccess(OP_DDVERIFY));
+    BOOST_CHECK(IsOpSuccess(OP_CHECKPRICE));
+    BOOST_CHECK(IsOpSuccess(OP_CHECKCOLLATERAL));
+    BOOST_CHECK(IsOpSuccess(OP_ORACLE));
 }
 
-// Spot-check the opcode numerics that drive the fix so a future refactor
-// doesn't silently reopen the hole.
 BOOST_AUTO_TEST_CASE(rh54_opcode_numeric_invariants)
 {
     BOOST_CHECK_EQUAL(static_cast<int>(OP_DIGIDOLLAR),      0xbb);
@@ -77,21 +52,70 @@ BOOST_AUTO_TEST_CASE(rh54_opcode_numeric_invariants)
     BOOST_CHECK_EQUAL(static_cast<int>(OP_CHECKCOLLATERAL), 0xbe);
     BOOST_CHECK_EQUAL(static_cast<int>(OP_ORACLE),          0xbf);
 
-    // Sanity: 0xbf == 191, and the generic OP_SUCCESS range starts at 187.
-    BOOST_CHECK_GE(static_cast<int>(OP_ORACLE), 187);
+    BOOST_CHECK_GE(static_cast<int>(OP_DIGIDOLLAR), 187);
     BOOST_CHECK_LE(static_cast<int>(OP_ORACLE), 254);
 }
 
-// Neighbors outside the DD range remain OP_SUCCESS to preserve the existing
-// BIP-342 semantics.
-BOOST_AUTO_TEST_CASE(rh54_neighbors_still_opsuccess)
+BOOST_AUTO_TEST_CASE(rh54_preactivation_tapscript_matches_old_opsuccess)
+{
+    // Invalid under active DigiDollar rules, but valid pre-activation because
+    // OP_DIGIDOLLAR is still OP_SUCCESSx and short-circuits the entire leaf.
+    CScript leaf;
+    leaf << OP_DIGIDOLLAR << CScriptNum(0) << OP_FALSE;
+
+    CScriptWitness witness;
+    const CScript script_pubkey = MakeSingleLeafTaproot(leaf, witness);
+
+    ScriptError error;
+    BOOST_CHECK(VerifyScript(CScript{}, script_pubkey, &witness,
+        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT,
+        BaseSignatureChecker{}, &error));
+    BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
+}
+
+BOOST_AUTO_TEST_CASE(rh54_activation_removes_dd_opcodes_from_opsuccess)
+{
+    CScript leaf;
+    leaf << OP_DIGIDOLLAR << CScriptNum(0) << OP_FALSE;
+
+    CScriptWitness witness;
+    const CScript script_pubkey = MakeSingleLeafTaproot(leaf, witness);
+
+    ScriptError error;
+    BOOST_CHECK(!VerifyScript(CScript{}, script_pubkey, &witness,
+        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT | SCRIPT_VERIFY_DIGIDOLLAR,
+        BaseSignatureChecker{}, &error));
+    BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_DD_AMOUNT);
+}
+
+BOOST_AUTO_TEST_CASE(rh54_op_oracle_is_opsuccess_before_activation_bad_opcode_after)
+{
+    CScript leaf;
+    leaf << OP_ORACLE;
+
+    CScriptWitness witness_pre;
+    const CScript script_pubkey_pre = MakeSingleLeafTaproot(leaf, witness_pre);
+    ScriptError error_pre;
+    BOOST_CHECK(VerifyScript(CScript{}, script_pubkey_pre, &witness_pre,
+        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT,
+        BaseSignatureChecker{}, &error_pre));
+    BOOST_CHECK_EQUAL(error_pre, SCRIPT_ERR_OK);
+
+    CScriptWitness witness_post;
+    const CScript script_pubkey_post = MakeSingleLeafTaproot(leaf, witness_post);
+    ScriptError error_post;
+    BOOST_CHECK(!VerifyScript(CScript{}, script_pubkey_post, &witness_post,
+        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT | SCRIPT_VERIFY_DIGIDOLLAR,
+        BaseSignatureChecker{}, &error_post));
+    BOOST_CHECK_EQUAL(error_post, SCRIPT_ERR_BAD_OPCODE);
+}
+
+BOOST_AUTO_TEST_CASE(rh54_non_dd_neighbors_keep_existing_meaning)
 {
-    // 0xba == OP_CHECKSIGADD  (NOT OP_SUCCESS — it's a real opcode)
+    // 0xba == OP_CHECKSIGADD (real Tapscript opcode), not OP_SUCCESSx.
     BOOST_CHECK(!IsOpSuccess(static_cast<opcodetype>(0xba)));
-    // 0xc0 == first byte after OP_ORACLE; must remain OP_SUCCESS (has no
-    // assigned opcode today).
+    // Neighbor after OP_ORACLE remains a reserved OP_SUCCESSx.
     BOOST_CHECK(IsOpSuccess(static_cast<opcodetype>(0xc0)));
-    // 0xfe remains OP_SUCCESS (end of range).
     BOOST_CHECK(IsOpSuccess(static_cast<opcodetype>(0xfe)));
 }
 

From 8d1813f196c93bc52245cdf1a056aebd5015a7d9 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:03:07 -0600
Subject: [PATCH 10/22] test/functional: add ancestor-reorg transfer test,
 update activation and RPC gating tests

- wallet_digidollar_transfer_ancestor_reorg.py (new): verifies that a DD
  transfer whose parent mint is reorganized out is correctly evicted from
  the mempool and cannot be re-broadcast without a valid chain ancestor
- digidollar_activation_boundary.py: aligned with updated activation
  predicate behavior after oracle/activation cleanup
- digidollar_rpc_gating.py: updated for getmockoracleprice activation gate
- test_runner.py: registers the new ancestor-reorg test
---
 .../digidollar_activation_boundary.py         | 15 ++++
 test/functional/digidollar_rpc_gating.py      | 13 ++--
 test/functional/test_runner.py                |  1 +
 ...llet_digidollar_transfer_ancestor_reorg.py | 72 +++++++++++++++++++
 4 files changed, 95 insertions(+), 6 deletions(-)
 create mode 100644 test/functional/wallet_digidollar_transfer_ancestor_reorg.py

diff --git a/test/functional/digidollar_activation_boundary.py b/test/functional/digidollar_activation_boundary.py
index 29f59fca19..4a40df4e0c 100755
--- a/test/functional/digidollar_activation_boundary.py
+++ b/test/functional/digidollar_activation_boundary.py
@@ -15,6 +15,8 @@
 min_activation_height=200 on regtest.
 """
 
+from test_framework.address import address_to_scriptpubkey
+from test_framework.messages import COutPoint, CTransaction, CTxIn, CTxOut
 from test_framework.test_framework import DigiByteTestFramework
 from test_framework.util import assert_equal
 
@@ -171,6 +173,19 @@ def run_test(self):
         assert len(positions) > 0, "Expected at least one DD position"
         self.log.info(f"  Positions: {len(positions)}")
 
+        # A non-final DD transaction must be rejected before the expensive DD
+        # parser/validation path. Before DD-RH-120 this returned a DD-specific
+        # structural error because ATMP ran DD validation before finality.
+        future_dd = CTransaction()
+        future_dd.nVersion = (2 << 24) | 0x0770  # DD_TX_TRANSFER
+        future_dd.nLockTime = node.getblockcount() + 20
+        future_dd.vin = [CTxIn(COutPoint(1, 0), b"", 0xFFFFFFFE)]
+        future_dd.vout = [CTxOut(100000, address_to_scriptpubkey(node.getnewaddress()))]
+        nonfinal = node.testmempoolaccept([future_dd.serialize().hex()], maxfeerate=0)[0]
+        assert not nonfinal["allowed"], nonfinal
+        assert_equal(nonfinal["reject-reason"], "non-final")
+        self.log.info("  Non-final DD tx rejected before DD validation")
+
         # Final verification: deployment info still ACTIVE
         dep = node.getdigidollardeploymentinfo()
         assert_equal(dep['status'], 'active')
diff --git a/test/functional/digidollar_rpc_gating.py b/test/functional/digidollar_rpc_gating.py
index 72ef83c29f..ff24ff8f3b 100755
--- a/test/functional/digidollar_rpc_gating.py
+++ b/test/functional/digidollar_rpc_gating.py
@@ -3,10 +3,10 @@
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 """
-Test DigiDollar RPC gating — all 27 gated RPCs must be blocked before activation.
+Test DigiDollar RPC gating — all 28 gated RPCs must be blocked before activation.
 
 Verifies that:
-  - All 27 gated DD/Oracle RPCs return "DigiDollar is not yet active" pre-activation
+  - All 28 gated DD/Oracle RPCs return "DigiDollar is not yet active" pre-activation
   - getdigidollardeploymentinfo (ungated) works at any time
   - After BIP9 activation, key RPCs become functional
 
@@ -64,6 +64,7 @@ def get_gated_rpc_calls(self, node):
             ("validateddaddress", lambda: node.validateddaddress(dummy_addr)),
             # Oracle query RPCs
             ("getoracleprice", lambda: node.getoracleprice()),
+            ("getmockoracleprice", lambda: node.getmockoracleprice()),
             ("getalloracleprices", lambda: node.getalloracleprices()),
             ("getoracles", lambda: node.getoracles()),
             ("listoracle", lambda: node.listoracle()),
@@ -119,20 +120,20 @@ def activate_digidollar(self, node):
     def run_test(self):
         node = self.nodes[0]
 
-        # ── Phase 1: Verify all 27 gated RPCs are blocked at DEFINED state ──
-        self.log.info("Phase 1: Testing all 27 gated RPCs at DEFINED state (height 0)...")
+        # ── Phase 1: Verify all 28 gated RPCs are blocked at DEFINED state ──
+        self.log.info("Phase 1: Testing all 28 gated RPCs at DEFINED state (height 0)...")
         info = node.getdeploymentinfo()
         assert_equal(info["deployments"]["digidollar"]["bip9"]["status"], "defined")
 
         gated_rpcs = self.get_gated_rpc_calls(node)
-        assert_equal(len(gated_rpcs), 27)
+        assert_equal(len(gated_rpcs), 28)
 
         blocked_count = 0
         for name, call in gated_rpcs:
             self.test_rpc_gated(node, name, call)
             blocked_count += 1
 
-        self.log.info(f"  All {blocked_count}/27 gated RPCs correctly blocked")
+        self.log.info(f"  All {blocked_count}/28 gated RPCs correctly blocked")
 
         # ── Phase 2: Verify ungated RPC works pre-activation ──
         self.log.info("Phase 2: Verifying getdigidollardeploymentinfo works without activation...")
diff --git a/test/functional/test_runner.py b/test/functional/test_runner.py
index e8097f955e..a8b53e05f4 100755
--- a/test/functional/test_runner.py
+++ b/test/functional/test_runner.py
@@ -322,6 +322,7 @@
     'wallet_digidollar_rescan.py',
     'wallet_digidollar_persistence_restart.py --legacy-wallet',
     'wallet_digidollar_persistence_restart.py --descriptors',
+    'wallet_digidollar_transfer_ancestor_reorg.py',
     'wallet_digidollar_transfer_reorg.py',
     'wallet_digidollar_restore.py --legacy-wallet',
     'wallet_digidollar_restore.py --descriptors',
diff --git a/test/functional/wallet_digidollar_transfer_ancestor_reorg.py b/test/functional/wallet_digidollar_transfer_ancestor_reorg.py
new file mode 100644
index 0000000000..57c8e7114c
--- /dev/null
+++ b/test/functional/wallet_digidollar_transfer_ancestor_reorg.py
@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+# Copyright (c) 2026 The DigiByte Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+"""
+Regression test for DD-RH-121: if a reorg disconnects both a DD mint and a
+descendant DD transfer, the transfer must not resurrect through stale txindex
+data while its DD input is only available from the mempool parent.
+"""
+
+from test_framework.test_framework import DigiByteTestFramework
+
+
+class WalletDigiDollarTransferAncestorReorgTest(DigiByteTestFramework):
+    def set_test_params(self):
+        self.num_nodes = 1
+        self.setup_clean_chain = True
+        self.extra_args = [["-txindex=1", "-dandelion=0", "-persistmempool=1"]]
+
+    def add_options(self, parser):
+        self.add_wallet_options(parser)
+
+    def skip_test_if_missing_module(self):
+        self.skip_if_no_wallet()
+
+    def run_test(self):
+        node = self.nodes[0]
+
+        self.log.info("Mining spendable funds")
+        node.generate(200)
+        # Match the regtest fallback/P2P oracle price used during disconnect
+        # mempool re-add, so the disconnected mint itself remains policy-valid.
+        node.setmockoracleprice(6500)
+
+        self.log.info("Minting and confirming DigiDollar")
+        mint = node.mintdigidollar(100, 0)
+        mint_txid = mint["txid"]
+        mint_block = node.generate(1)[0]
+        node.syncwithvalidationinterfacequeue()
+
+        self.log.info("Confirming a transfer descendant of the minted DD output")
+        transfer = node.senddigidollar(node.getdigidollaraddress(), 100)
+        transfer_txid = transfer["txid"]
+        transfer_block = node.generate(1)[0]
+        assert transfer_txid in node.getblock(transfer_block)["tx"]
+        node.syncwithvalidationinterfacequeue()
+
+        self.log.info("Invalidating the mint ancestor block")
+        node.invalidateblock(mint_block)
+        node.syncwithvalidationinterfacequeue()
+
+        mempool = node.getrawmempool()
+        assert transfer_txid not in mempool, (
+            "DD transfer descendant must not return to mempool while its DD input "
+            "comes from an unconfirmed mint"
+        )
+        assert node.getdigidollarbalance()["total"] == 0, (
+            "Wallet must not keep phantom DD balance from a temporarily re-added "
+            "descendant whose confirmed ancestor was disconnected"
+        )
+
+        self.log.info("Restarting with mempool persistence must not reload the descendant")
+        self.restart_node(0, extra_args=["-txindex=1", "-dandelion=0", "-persistmempool=1"])
+        node = self.nodes[0]
+        node.syncwithvalidationinterfacequeue()
+        mempool = node.getrawmempool()
+        assert transfer_txid not in mempool, "Rejected DD descendant must not survive restart"
+        assert node.getdigidollarbalance()["total"] == 0
+
+
+if __name__ == "__main__":
+    WalletDigiDollarTransferAncestorReorgTest().main()

From 30bab84643c1fbb3a5df4b659f43d624b85f283e Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:03:13 -0600
Subject: [PATCH 11/22] docs: update REPO_MAP supply cap description, add Red
 Hornet continuation ledger

REPO_MAP_DIGIDOLLAR.md: MAX_DIGIDOLLAR documented as a per-output
serialization bound, not a global supply cap. DigiDollar total supply
is theoretically unlimited; the only constraint is available collateral
and per-block minting rate. AlertThresholds::MAX_DD_SUPPLY clarified as
a monitoring alert threshold, not a consensus limit.

reports/red_hornet_ledger.md: appended full continuation campaign log
covering the 2026-04-29 Red Hornet session (waves, findings, fix
assignments, and proposed commit split recorded by vulnerability ID).
---
 REPO_MAP_DIGIDOLLAR.md       |   4 +-
 reports/red_hornet_ledger.md | 771 +++++++++++++++++++++++++++++++++++
 2 files changed, 773 insertions(+), 2 deletions(-)

diff --git a/REPO_MAP_DIGIDOLLAR.md b/REPO_MAP_DIGIDOLLAR.md
index 2e6c82762c..d4f66ef253 100644
--- a/REPO_MAP_DIGIDOLLAR.md
+++ b/REPO_MAP_DIGIDOLLAR.md
@@ -24,7 +24,7 @@ This is the granular file index for all DigiDollar and Oracle source code. Read
 ## DigiDollar Core
 
 ### src/digidollar/digidollar.h
-- `MAX_DIGIDOLLAR` → static constant: 21 billion DGB equivalent in cents (21B × 100), hard cap on total DD supply
+- `MAX_DIGIDOLLAR` → static constant: per-output serialization bound (21B DGB equivalent in cents); DigiDollar has no global supply cap — total DD in circulation is theoretically unlimited, constrained only by available DGB collateral and the per-block minting rate
 - `CDigiDollarOutput` (class) → represents a DigiDollar UTXO with Taproot-based redemption paths
   - `CDigiDollarOutput()` → default constructor, zeroes amount/locktime, nulls collateral ID
   - `CDigiDollarOutput(nDDAmountIn, collateralIdIn, nLockTimeIn)` → parameterized constructor linking DD to specific collateral
@@ -49,7 +49,7 @@ This is the granular file index for all DigiDollar and Oracle source code. Read
 ### src/digidollar/health.h
 - `DigiDollar::SystemMetrics` (struct) → aggregates all system-wide DD health data: supply, collateral, per-tier breakdown, DCA/ERR/volatility status, oracle status
   - `TierMetrics` (nested struct) → per-tier stats: lockDays, ddMinted, dgbLocked, positions count, healthRatio
-- `DigiDollar::AlertThresholds` (struct) → static constexpr thresholds for alerts: MAX_DD_SUPPLY (100M), MIN_HEALTH_RATIO (120%), CRITICAL (110%), MIN_ORACLES (5), MAX_VOLATILITY (30%), STALE_ORACLE_BLOCKS (100)
+- `DigiDollar::AlertThresholds` (struct) → static constexpr monitoring alert thresholds: ALERT_DD_SUPPLY (monitoring trigger at 100M, not a supply cap), MIN_HEALTH_RATIO (120%), CRITICAL (110%), MIN_ORACLES (5), MAX_VOLATILITY (30%), STALE_ORACLE_BLOCKS (100)
 - `DigiDollar::SystemHealthMonitor` (class) → real-time system health tracking and alerting
   - `GetSystemMetrics()` → returns current SystemMetrics after updating tiers/protection/oracle status
   - `GetTierBreakdown()` → returns per-tier metrics vector with health ratios per lock period
diff --git a/reports/red_hornet_ledger.md b/reports/red_hornet_ledger.md
index 78a8c25ea3..9a30c4ee55 100644
--- a/reports/red_hornet_ledger.md
+++ b/reports/red_hornet_ledger.md
@@ -2900,3 +2900,774 @@ PRINT_ALL_FUZZ_TARGETS_AND_ABORT=1 src/test/fuzz/fuzz 2>&1 | rg 'digidollar|orac
 **Agent C result summary:** returned final-report structure and open-risk summary; content was integrated into the final package.
 
 **Wave 20 status:** complete. `DD-RH-050` fixed, `DD-RH-051` test coverage repaired, final configured and scoped DD/oracle suites passed, no new architecture item added, scope stayed within DigiDollar/oracle.
+
+---
+
+# Red Hornet Continuation Campaign — 2026-04-29
+
+**Scope:** DigiDollar and DigiDollar-oracle only, on branch `feature/digidollar-v1`.
+
+**Required context loaded by main agent in order:**
+`CLAUDE.md`, `ARCHITECTURE.md`, `REPO_MAP.md`, `REPO_MAP_GUIDE.md`, `DIGIDOLLAR_ARCHITECTURE.md`, `DIGIDOLLAR_ORACLE_ARCHITECTURE.md`, `REPO_MAP_DIGIDOLLAR.md`, `DIGIDOLLAR_EXPLAINER.md`, `DIGIDOLLAR_ORACLE_EXPLAINER.md`, `DIGIDOLLAR_ACTIVATION_EXPLAINER.md`, `DIGIDOLLAR_WALLET_INTEGRATION.md`, `DIGIDOLLAR_EXCHANGE_INTEGRATION.md`, `DIGIDOLLAR_OPRETURN_PQC_MINT_PLAN.md`, `ORACLE_DISCOVERY_ARCHITECTURE.md`, `DIGIDOLLAR_ORACLE_SETUP.md`, `docs/ORACLE_OPERATOR_GUIDE.md`, `digidollar/DIGIDOLLAR_FLOWCHART.md`, `digidollar/DIGIDOLLAR_ORACLE_PHASE_ONE_SPEC.md`, `digidollar/ORACLE_PHASE_2_SPEC_PRD.md`, `digidollar/4_tier_collateral.md`, `RELEASE_v9.26.0-rc33.md`.
+
+**Initial worktree check:**
+
+```bash
+git status --short --branch
+```
+
+Result: clean worktree, `## feature/digidollar-v1...origin/feature/digidollar-v1`.
+
+**Attack-surface enumeration command required for every wave:**
+
+```bash
+find src/digidollar src/oracle src/wallet src/rpc src/qt src/test src/test/fuzz test/functional -type f \
+  | grep -Ei 'digidollar|oracle|musig2|rh|red|attack|security|wallet|qt' \
+  | sort
+```
+
+Initial result: 909 matching files.
+
+**Report paths for this continuation:**
+- Running ledger: `reports/red_hornet_ledger.md`
+- Final review package: `reports/red_hornet_final_report.md`
+
+**Commit policy:** no local commits unless explicitly authorized during this continuation. Fixes, if any, remain uncommitted with proposed commit split recorded by vulnerability ID.
+
+## Continuation Wave 1 — Threat Model, Baseline, Attack-Test Inventory
+
+**Assignments:**
+- Agent A / exploit-path attacker: production invariant map and high-risk exploit assignments.
+- Agent B / invariant/test breaker: redteam, regression, fuzz, wallet, Qt, and functional coverage inventory.
+- Agent C / boundary adversary: baseline test artifact discovery and scoped security-relevant test run.
+
+**Wave attack-surface enumeration:** required `find ... | grep ... | sort` command run; 909 matching files. Scope stayed within DigiDollar/oracle and direct boundary files.
+
+**Confirmed vulnerabilities:** none newly assigned in this continuation wave.
+
+**ARCHITECTURAL_REVIEW_REQUIRED:**
+- `DD-RH-069` carryover remains high priority and appears reachable: after timelock, collateral can be spent through the normal Taproot script path as a non-DigiDollar DGB transaction, so the DD validation path requiring a DD burn is not entered. Key references: `src/digidollar/scripts.cpp:61`, `src/validation.cpp:779`, `src/validation.cpp:2947`, `src/digidollar/validation.cpp:2107`. Exploit sketch: owner mints, waits until lock height, spends the collateral vault script path without the DD marker/metadata, and leaves the DD token UTXO live. This needs a consensus/script/protocol decision before implementation; no production change made without Jared approval.
+- Existing carryovers reaffirmed: strict post-activation `OP_ORACLE` handling, Phase 3 acceptance of legacy v0x02 bundles, `skipOracleValidation` during IBD/catch-up, MuSig2 domain separation, ERR behavior, watch-only storage, and mint owner-key storage timing.
+
+**Rejected false positives / narrowed claims:**
+- Baseline checkout does not have local build artifacts (`./src/test/test_digibyte`, `src/Makefile`, `test/config.ini` absent). This is an environment/build-state blocker, not a product vulnerability.
+- The attack-surface command intentionally over-includes generic Qt/wallet files because the required grep contains `qt|wallet`; this was recorded but not treated as scope expansion.
+
+**Theoretical / not yet reachable risks:**
+- Need deeper proof for oracle fail-open/fail-closed behavior across activation, malformed `OP_ORACLE`, IBD, reindex, and reorg.
+- Need adversarial multi-node functional proof for MuSig2 signer reselection, nonce/partial churn, and mined bundle recovery across restarts/reorgs.
+- OP_RETURN/PQC/P2MR mint hardening remains design-plan work, not an implemented v2 surface.
+
+**Test/coverage evidence:**
+- Agent B found coverage: 67 `src/test/digidollar_*_tests.cpp`, 16 `src/test/oracle_*_tests.cpp`, 19 `src/test/musig2_*_tests.cpp`, 19 `src/test/rh*_tests.cpp`, 16 DigiDollar/oracle fuzz files with 35 targets, and 65 focused functional scripts.
+- Agent C used Guix RC33 x86_64 artifacts because the working tree is unconfigured. Scoped C++ baseline passed: 135 selected tests / 628 assertions across DigiDollar, oracle, MuSig2, and RH suites.
+- Agent C functional smoke passed with process-substituted config: `digidollar_activation_boundary.py`, `digidollar_oracle_rpc_staleness.py`, `rpc_getoracles_pending.py`.
+
+**Commands/results recorded:**
+```bash
+git status --short --branch
+# clean: ## feature/digidollar-v1...origin/feature/digidollar-v1
+
+find src/digidollar src/oracle src/wallet src/rpc src/qt src/test src/test/fuzz test/functional -type f \
+  | grep -Ei 'digidollar|oracle|musig2|rh|red|attack|security|wallet|qt' \
+  | sort
+# 909 matching files
+```
+
+**Fixes landed:** none.
+
+**Commit status:** no commits; ledger edit only.
+
+**Wave 1 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.
+
+## Continuation Wave 2 — Inflation and Supply Integrity
+
+**Assignments:**
+- Agent A / exploit-path attacker: mint/transfer production paths for unauthorized DD creation and collateral-release accounting.
+- Agent B / invariant/test breaker: conservation/supply assertions and missing negative cases.
+- Agent C / boundary adversary: RPC/wallet/functional supply-accounting drift and restart/cache candidates.
+
+**Wave attack-surface enumeration:** required `find ... | grep ... | sort` command run; 909 matching files. Scope stayed within DigiDollar/oracle and direct RPC/wallet boundary surfaces.
+
+**Confirmed vulnerabilities fixed in working tree:**
+
+### DD-RH-105 — Medium — transfer conservation ignores an unresolved zero-value input when another DD input resolves
+
+- **Affected invariant:** transfer validation cannot create, hide, or route DD value unless every DD-like input amount is known.
+- **Exploit path:** `ValidateTransferTransaction()` summed only inputs whose DD amount could be resolved, then accepted if at least one DD input was found. A transaction with one resolved DD input and one unresolved zero-value P2TR input could pass conservation without proving the second input's DD amount.
+- **Exact code reference:** `src/digidollar/validation.cpp:1373` pre-fix only counted resolved inputs and deferred rejection until `ddInputCount == 0`; fixed zero-value unresolved rejection starts at `src/digidollar/validation.cpp:1377`.
+- **Attack test:** `src/test/digidollar_validation_tests.cpp:3133`.
+- **Fail-before evidence:** `./src/test/test_digibyte --run_test=digidollar_validation_tests/transfer_rejects_unresolved_zero_value_input_when_other_input_resolves --log_level=all --report_level=short` failed with 1 selected test failed, 2/2 assertions failed; observed acceptance and empty reject reason.
+- **Fix summary:** if coins view shows an input is zero-value and txindex/block-db/metadata cannot resolve a positive DD amount, reject immediately with `dd-input-amounts-unknown`, even if earlier inputs resolved.
+- **Pass-after evidence:** same selected test passed: 1 test, 2 assertions.
+- **Additional regression coverage:** `digidollar_validation_tests` passed 103 tests / 265 assertions; `digidollar_transfer_tests` passed 43 tests / 168 assertions; `digidollar_redteam_tests` passed 356 tests / 1756 assertions; `digidollar_rh42_formal_invariant_tests` passed 15 tests / 7897668 assertions.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `digidollar validation: fix DD-RH-105 unresolved transfer input`.
+
+### DD-RH-106 — High — rejected mint can poison collateral script metadata and lower redemption burn requirement
+
+- **Affected invariant:** collateral cannot be released unless the DD burned is at least the amount minted by the original collateral-creating mint transaction.
+- **Exploit path:** `CreateCollateralP2TR()` registers process-local metadata keyed by collateral script, but normal collateral script creation does not bind `ddAmount`; same owner and lock height produce the same script. `ValidateMintTransaction()` reconstructs expected collateral script before later mint failures, so a rejected undercollateralized mint with the same script and a smaller DD amount overwrote metadata. `ValidateCollateralReleaseAmount()` trusted metadata before looking up the creating mint transaction, so a redemption could burn the smaller poisoned amount and release all collateral.
+- **Exact code references:** metadata registration in `src/digidollar/scripts.cpp:165` and keying in `src/digidollar/scripts.cpp:227`; mint-side side effect in `src/digidollar/validation.cpp:1118`; pre-fix metadata-first redemption amount extraction at `src/digidollar/validation.cpp:1840`; fixed authoritative tx lookup before metadata starts at `src/digidollar/validation.cpp:1848`.
+- **Attack test:** `src/test/digidollar_validation_tests.cpp:3330`.
+- **Fail-before evidence:** `./src/test/test_digibyte --run_test=digidollar_validation_tests/redemption_uses_authoritative_mint_amount_before_script_metadata --log_level=all --report_level=short` failed with 1 selected test failed, 2/8 assertions failed; rejected poison mint had overwritten metadata to the smaller DD amount and redemption was accepted instead of `bad-collateral-release-partial-burn`.
+- **Fix summary:** `ValidateCollateralReleaseAmount()` now prefers txindex and validation-context block-db lookup of the collateral-creating mint transaction before falling back to process-local script metadata.
+- **Pass-after evidence:** same selected test passed: 1 test, 8 assertions.
+- **Additional regression coverage:** `digidollar_validation_tests` passed 103 tests / 265 assertions; `digidollar_no_partial_redeem_tests` passed 10 tests / 52 assertions; `digidollar_rh07_redemption_attacks` passed 18 tests / 27 assertions; `digidollar_rh06_mint_attacks` passed 36 tests / 69 assertions; `digidollar_redteam_tests` passed 356 tests / 1756 assertions.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `digidollar redemption: fix DD-RH-106 metadata-poisoned burn accounting`.
+
+**ARCHITECTURAL_REVIEW_REQUIRED:**
+- `ARCH-RH-002` carryover reaffirmed by Agent A: `fSkipOracle`/IBD catch-up can still bypass oracle/collateral-dependent mint checks in production validation (`src/validation.cpp:2990`, `src/digidollar/validation.cpp:1147`). This is a deployment/consensus policy decision; no implementation change made without Jared approval.
+- `DD-RH-069` carryover still open from Wave 1: normal collateral path after timelock can bypass DD redemption validation if spent as non-DD. No implementation change made without Jared approval.
+
+**Rejected false positives / downgraded items:**
+- Agent B's stats/health mint accounting helper concern remains a test-gap candidate only; consensus-valid chains already route through mint validation before stats indexing.
+- Agent C's address-filtered `getdigidollarbalance(..., minconf=0)` pending-balance discrepancy and `sendmanydigidollar` `"multiple"` history row are user-surface/accounting risks, not yet proven loss-of-funds or consensus supply bugs.
+
+**Theoretical / not yet reachable risks:**
+- Restart/state divergence between persisted DigiDollar stats index and in-memory health/ERR cache needs a focused Wave 7/9 proof.
+- RPC/wallet display of pending address-filtered DD and multi-recipient history may mislead users; carry forward to Waves 9-11.
+
+**Commands/results recorded:**
+
+```bash
+./autogen.sh
+# passed
+
+./configure --disable-bench --with-gui=no
+# passed; local build configured without GUI, wallet/tests enabled
+
+make -C src -j2 test/test_digibyte
+# passed; linked src/test/test_digibyte
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests/transfer_rejects_unresolved_zero_value_input_when_other_input_resolves --log_level=all --report_level=short
+# pre-fix failed: 1 test failed, 2/2 assertions failed
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests/redemption_uses_authoritative_mint_amount_before_script_metadata --log_level=all --report_level=short
+# pre-fix failed: 1 test failed, 2/8 assertions failed
+
+make -C src -j2 test/test_digibyte
+# post-fix incremental rebuild passed
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests/transfer_rejects_unresolved_zero_value_input_when_other_input_resolves --report_level=short
+# passed: 1 test, 2 assertions
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests/redemption_uses_authoritative_mint_amount_before_script_metadata --report_level=short
+# passed: 1 test, 8 assertions
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests --report_level=short
+# passed: 103 tests, 265 assertions, 2 Boost warning-status cases
+
+./src/test/test_digibyte --run_test=digidollar_transfer_tests --report_level=short
+# passed: 43 tests, 168 assertions
+
+./src/test/test_digibyte --run_test=digidollar_no_partial_redeem_tests --report_level=short
+# passed: 10 tests, 52 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh07_redemption_attacks --report_level=short
+# passed: 18 tests, 27 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh06_mint_attacks --report_level=short
+# passed: 36 tests, 69 assertions
+
+./src/test/test_digibyte --run_test=digidollar_redteam_tests --report_level=short
+# passed: 356 tests, 1756 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh17_mempool_attacks_tests --report_level=short
+# passed: 10 tests, 34 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh42_formal_invariant_tests --report_level=short
+# passed: 15 tests, 7897668 assertions
+```
+
+**Fixes landed:** DD-RH-105 and DD-RH-106 in working tree.
+
+**Commit status:** no commits; user has not authorized local commits. Current modified files: `reports/red_hornet_ledger.md`, `src/digidollar/validation.cpp`, `src/test/digidollar_validation_tests.cpp`.
+
+**Wave 2 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.
+
+## Continuation Wave 3 — Collateral Accounting, Rounding, Overflow
+
+**Assignments:**
+- Agent A / exploit-path attacker: collateral math, cents/COIN conversions, overflow clamps, DCA health source, and redemption-release math.
+- Agent B / invariant/test breaker: ratio, MAX_MONEY, `__int128`, invalid amount, price, rounding, and stale/insecure test assertions.
+- Agent C / boundary adversary: wallet/RPC/Qt/txbuilder collateral, change, fee, lock-tier, and quote behavior.
+
+**Wave attack-surface enumeration:** required `find ... | grep ... | sort` command run. Current post-build tree has 1669 matching paths because configured build/test artifacts and logs are now present. Scope stayed within DigiDollar/oracle and direct wallet/RPC/Qt/validation boundary files.
+
+**Confirmed vulnerabilities fixed in working tree:**
+
+### DD-RH-109 — Medium — transfer builder can return success while selected DGB fee inputs underpay the reported fee
+
+- **Affected invariant:** wallet/txbuilder fee accounting must not report a higher fee than the transaction can actually pay, and must not construct DigiDollar transfers that silently underfund the intended miner fee.
+- **Exploit path:** `TransferDigiDollarMany` estimates fee inputs before final transfer size is known, and `TransferTxBuilder::BuildTransferTransaction()` computed `actualFee` after all DD outputs were present but never rejected `totalFeeIn < actualFee`. The builder omitted DGB change and still returned `result.totalFees = actualFee`, so callers could believe a 0.1 DGB or selected-rate fee was paid even when the fee inputs were much smaller.
+- **Exact code reference:** pre-fix fee calculation accepted underfunded inputs at `src/digidollar/txbuilder.cpp:714`; fixed rejection starts at `src/digidollar/txbuilder.cpp:722`.
+- **Attack test:** `src/test/digidollar_txbuilder_tests.cpp:238`.
+- **Fail-before evidence:** `./src/test/test_digibyte --run_test=digidollar_txbuilder_tests/transfer_rejects_underfunded_fee_inputs --log_level=all --report_level=short` failed with 1 selected test failed, 2/2 assertions failed; observed `result.success == true` with a 1-sat fee input and a 0.1 DGB reported fee.
+- **Fix summary:** `BuildTransferTransaction()` now rejects when no DGB fee inputs are selected or when selected fee input value is below the calculated/minimum required fee.
+- **Tests upgraded:** `src/test/digidollar_transfer_tests.cpp` now funds direct builder tests with realistic 1 DGB fee UTXOs and updates the change-output expectation where DGB fee change is now present.
+- **Pass-after evidence:** selected attack test passed; `digidollar_txbuilder_tests` passed 18 tests / 63 assertions; `digidollar_transfer_tests` passed 43 tests / 168 assertions; `digidollar_validation_tests` passed 103 tests / 265 assertions with the existing 2 Boost warning-status cases.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `digidollar txbuilder: fix DD-RH-109 underfunded transfer fees`.
+
+**ARCHITECTURAL_REVIEW_REQUIRED:**
+
+### DD-RH-107 — High — non-canonical lock periods receive the next longer tier's lower collateral ratio
+
+- **Affected invariant:** a DD mint cannot be under-collateralized by manipulating lock duration around tier boundaries.
+- **Exploit path:** `GetCollateralRatioForLockTime()` uses `lower_bound(lockBlocks)` and returns the first tier with lock time greater than or equal to the requested period. A raw mint with `lockTier=0` and `lockHeight=currentHeight+241` passes the tier-0 consistency check because 241 blocks is at least `240 - 10`, but collateral math passes `lockPeriod=241` into the ratio helper and receives the 30-day 500% ratio instead of the 1-hour 1000% ratio. Similar boundary gaming exists at every tier: `30d+1` gets the 90-day ratio, etc.
+- **Exact code references:** `src/consensus/digidollar.cpp:26`, `src/consensus/digidollar.cpp:34`, `src/digidollar/validation.cpp:930`, `src/digidollar/validation.cpp:943`, `src/digidollar/validation.cpp:1157`.
+- **Proof status:** reachable from current validation logic; existing tests currently assert this behavior as design in `src/test/digidollar_rh20_time_ordering_tests.cpp` and `src/test/digidollar_rh32_collateral_dca_tests.cpp`.
+- **Why no fix landed:** changing the helper to choose the previous/shorter tier or requiring exact canonical lock periods changes consensus economics and existing policy tests. Needs Jared approval before implementation.
+- **Recommended decision:** define whether only canonical tier durations are valid, or whether intermediate durations should receive the shorter tier's more conservative ratio. Then add a consensus regression such as `fresh_mint_tier0_plus_one_block_must_not_get_30day_ratio`.
+
+### DD-RH-108 — High — DCA health source can be stale/unit-inflated relative to the oracle price used for mint collateral
+
+- **Affected invariant:** the DCA multiplier used for mint collateral must be a deterministic function of current chain DD supply, current locked collateral, and the same oracle price used for the mint.
+- **Exploit path:** block and mempool validation pass `DigiDollar::GetSystemCollateralRatio()` into `ValidationContext`, while mint collateral math uses `ctx.oraclePriceMicroUSD` directly. Cached health can remain at a healthy value after incremental mint/redeem mutations, and volatility price history records `ctx.oraclePriceMicroUSD` while `SystemHealthMonitor::GetLastOraclePrice()` treats the last price as the health-calculation price unit. A stressed system can therefore validate at the base ratio when actual health requires a DCA multiplier.
+- **Exact code references:** `src/validation.cpp:818`, `src/validation.cpp:2998`, `src/digidollar/validation.cpp:463`, `src/digidollar/validation.cpp:2213`, `src/digidollar/validation.cpp:2336`, `src/digidollar/health.cpp:449`, `src/digidollar/health.cpp:773`.
+- **Proof status:** independently reported by Agents A and B. It needs a deterministic consensus-safe health-source design before production changes.
+- **Why no fix landed:** forcing recomputation or changing price units in consensus validation affects activation/IBD/reindex/reorg behavior and overlaps existing `skipOracleValidation` architecture decisions.
+- **Recommended decision:** define one canonical chain-derived health calculation for validation, including exact price units and IBD/catch-up behavior; then add failing tests for stale health after incremental mints and for micro-USD/cents unit confusion.
+
+**Rejected false positives / downgraded items:**
+- `ValidateCollateralReleaseAmount()` returning true when `ctx.coins == nullptr` was not counted as reachable: live mempool and block validation pass coin views through `src/validation.cpp:818` and `src/validation.cpp:3000`.
+- `estimatecollateral` floors a fractional DCA multiplier in `src/rpc/digidollar.cpp:2833`; this is a reachable quote drift, but not a consensus acceptance bug because mint validation uses consensus DCA calculation. Carry forward to RPC/UX waves.
+- `Transfer OP_RETURN` "output_count" wording is a stale comment; builder and validator both use `DD type amount...`.
+- DD transfer dust/change through RPC is guarded by wallet coin selection; direct builder sub-min DD change remains rejected by validation.
+
+**Theoretical / not yet reachable / carry-forward risks:**
+- Legacy `OP_RETURN OP_DIGIDOLLAR` amount parsing uses a signed left shift on attacker-controlled high-bit bytes in `src/digidollar/validation.cpp:135`. This is C++ UB and consensus-risk shaped, but no deterministic non-sanitizer failing test was produced in Wave 3. Carry forward to fuzz/sanitizer work before counting as a confirmed vulnerability.
+- `CalculateRequiredCollateral()` caps overflowed requirements to `MAX_MONEY` at `src/digidollar/validation.cpp:501`, while RPC quote paths throw and the txbuilder returns 0. Current parameters make this impractical, but it should be turned into an explicit policy/design decision instead of silent cap semantics.
+- `mintdigidollar` and Qt mint flows persist wallet DD position data after `CommitTransaction()`, while wallet commit only logs mempool rejection. Exact references: `src/wallet/wallet.cpp:2500`, `src/rpc/digidollar.cpp:1143`, `src/rpc/digidollar.cpp:1162`, `src/rpc/digidollar.cpp:1174`, and the Qt path in `src/qt/walletmodel.cpp`. This is a credible wallet-corruption boundary risk, but Wave 3 did not produce a deterministic functional reproducer; carry forward to Waves 8, 11, and 12.
+- `calculatecollateralrequirement` optional price help text says cents while implementation treats it as micro-USD. This is a low RPC quote/unit trap; carry forward to Wave 11.
+
+**Commands/results recorded:**
+
+```bash
+find src/digidollar src/oracle src/wallet src/rpc src/qt src/test src/test/fuzz test/functional -type f \
+  | grep -Ei 'digidollar|oracle|musig2|rh|red|attack|security|wallet|qt' \
+  | sort | wc -l
+# 1669 matching paths in the post-build tree
+
+make -C src -j2 test/test_digibyte
+# passed after adding the DD-RH-109 attack test to the binary
+
+./src/test/test_digibyte --run_test=digidollar_txbuilder_tests/transfer_rejects_underfunded_fee_inputs --log_level=all --report_level=short
+# pre-fix failed: 1 selected test failed, 2/2 assertions failed
+
+make -C src -j2 test/test_digibyte && \
+./src/test/test_digibyte --run_test=digidollar_txbuilder_tests/transfer_rejects_underfunded_fee_inputs --report_level=short
+# post-fix passed: 1 selected test, 2 assertions
+
+./src/test/test_digibyte --run_test=digidollar_txbuilder_tests --report_level=short
+# passed: 18 tests, 63 assertions
+
+./src/test/test_digibyte --run_test=digidollar_transfer_tests --report_level=short
+# initially failed after the new guard because stale tests used 0.001 DGB fee UTXOs; after test fixture update passed: 43 tests, 168 assertions
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests --report_level=short
+# passed: 103 tests, 265 assertions, 2 Boost warning-status cases
+
+git diff --check
+# passed
+```
+
+**Fixes landed:** DD-RH-109 in working tree. DD-RH-107 and DD-RH-108 recorded as `ARCHITECTURAL_REVIEW_REQUIRED`.
+
+**Commit status:** no commits; user has not authorized local commits. Proposed commit split includes DD-RH-105, DD-RH-106, and DD-RH-109 as separate commits. Wave 3 touched `src/digidollar/txbuilder.cpp`, `src/test/digidollar_txbuilder_tests.cpp`, and `src/test/digidollar_transfer_tests.cpp`; unrelated pre-existing/current modifications outside this wave were not reverted.
+
+**Wave 3 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.
+
+## Continuation Wave 4 — Timelock, ERR, DCA, Volatility Bypass
+
+**Assignments:**
+- Agent A / exploit-path attacker: redemption paths, ERR/DCA/volatility state transitions, and production validation bypasses.
+- Agent B / invariant/test breaker: height/time edges, stale redemption tests, ERR burn requirements, DCA thresholds, volatility threshold assertions.
+- Agent C / boundary adversary: RPC/Qt/user-facing redemption state, restart/cache protection boundaries, and misleading redeemability flows.
+
+**Wave attack-surface enumeration:** required `find ... | grep ... | sort` command run. Current post-build tree has 1669 matching paths because generated `.deps`, `.o`, `.Po`, logs, and `.dirstamp` files are present. Review stayed within DigiDollar/oracle and directly gated wallet/RPC/Qt/validation surfaces.
+
+**Confirmed vulnerabilities fixed in working tree:** none in Wave 4. The strongest findings require consensus/protocol or wallet-state design approval before implementation.
+
+**ARCHITECTURAL_REVIEW_REQUIRED:**
+
+### DD-RH-108 — High — stale/default system health can bypass DCA and ERR redemption protection
+
+- **Affected invariant:** DCA and ERR decisions must use the same current, deterministic system health as mint/redemption validation.
+- **Exploit path:** mempool/block validation passes `DigiDollar::GetSystemCollateralRatio()` into the validation context (`src/validation.cpp:818`, `src/validation.cpp:2998`). The helper returns cached health when present and falls back to a healthy `150%` value when oracle/collateral data is missing (`src/digidollar/validation.cpp:2336`, `src/digidollar/validation.cpp:2360`). Incremental health updates mutate supply/collateral without recomputing health from the current oracle price (`src/digidollar/health.cpp:299`, `src/digidollar/health.cpp:449`). A restart/cache gap or stale monitor can therefore validate mints at too-low DCA collateral and route redemptions down the normal path when live protection status is emergency.
+- **Exact related code:** mint DCA uses `ctx.systemCollateral` at `src/digidollar/validation.cpp:515`; mint freeze/status depends on global volatility at `src/digidollar/validation.cpp:761`; redemption chooses ERR versus normal at `src/digidollar/validation.cpp:1692`; normal redemption rejects ERR only when `ctx.systemCollateral < 100` at `src/digidollar/validation.cpp:1739`; ERR path is currently incomplete at `src/digidollar/validation.cpp:1809`.
+- **Proof status:** independently reported in Waves 3 and 4. Wave 4 expanded impact from undercollateralized mints to normal redemption acceptance/failure under stale health. No deterministic regression was added yet because the required fix depends on the approved authoritative health source and cache/IBD semantics.
+- **Recommended decision:** define one consensus-safe health calculation for validation, including price units, cache invalidation, restart/reindex behavior, and skip-oracle historical handling; then add attack tests for stale health after incremental mints, restart before health refresh, and normal redemption attempted while live protection status is emergency.
+
+### DD-RH-110 — High — ERR redemption state is split across incompatible RPC, wallet, and consensus paths
+
+- **Affected invariant:** when system health is under 100%, all wallet/RPC/consensus paths must agree whether a position is redeemable, which redemption path is valid, and how much DD must be burned.
+- **Exploit path:** `getprotectionstatus` computes emergency from current stats/current price and reports `err.active` from that live health (`src/rpc/digidollar.cpp:3501`, `src/rpc/digidollar.cpp:3511`). `getredemptioninfo` instead calls `EmergencyRedemptionRatio::GetCurrentState()` (`src/rpc/digidollar.cpp:2975`), whose inactive-state path only records health and does not activate ERR (`src/consensus/err.cpp:141`). `redeemdigidollar` hardcodes `RedemptionPath::NORMAL` (`src/rpc/digidollar.cpp:1657`) and consensus currently rejects all ERR redemptions as incomplete (`src/digidollar/validation.cpp:1809`). The user-visible result can be `getprotectionstatus.err.active == true` while redemption info/wallet flows still indicate normal redeemability or produce a normal-path transaction.
+- **Reproducer plan:** on regtest, enable/set mock oracle, mint and confirm a tier-0 vault, mine to unlock height, crash price so `getprotectionstatus.err.active` is true, call `getredemptioninfo <position>`, then call `redeemdigidollar`. Expected behavior is a single authoritative "ERR not implemented/not redeemable" result or an implemented ERR transaction; current code has split status and hardcoded normal construction.
+- **Why no fix landed:** choosing whether RED phase should block all redemptions under ERR, permit normal redemptions until ERR is implemented, or implement ERR burn semantics is a protocol/wallet UX decision. No consensus or RPC schema behavior was changed without Jared approval.
+
+### DD-RH-111 — Medium — first high-volatility mint can pass before volatility freeze state is updated
+
+- **Affected invariant:** a mint that introduces a price movement at or above the freeze threshold should not be accepted merely because the monitor only records accepted transactions after validation.
+- **Exploit path:** mint validation checks `VolatilityMonitor::ShouldFreezeMinting()` before recording the mint's oracle price (`src/digidollar/validation.cpp:761`). The price history is only mutated after a transaction is accepted (`src/digidollar/validation.cpp:2206`), and `VolatilityMonitor::RecordPrice()` may also skip too-frequent samples (`src/consensus/volatility.cpp:39`). A candidate mint with a large price move can be the transaction that causes freeze, but the current pre-check still sees the old non-frozen state.
+- **Proof status:** static reachable path identified by Agent A. A small fix would need a pure "would this candidate price freeze?" API or another consensus-safe prevalidation mechanism; mutating global volatility state before validation would let invalid transactions poison the monitor.
+- **Recommended decision:** add a non-mutating volatility check that evaluates the candidate price and timestamp against the current history, then add a failing mint-validation attack test seeded with a prior price and a candidate price crossing the freeze threshold.
+
+**Rejected false positives / downgraded items:**
+- Partial burn for full collateral was rejected as already blocked by `ValidateCollateralReleaseAmount()` after DD-RH-106's authoritative mint lookup fix.
+- Timelock key-path bypass was rejected for current standard-script validation: the mint collateral output uses NUMS P2TR construction plus CLTV script leaves, and block validation still runs standard script checks.
+- RPC amount NaN/Inf/trailing-garbage was rejected: `ParseDigiDollarRpcAmount` checks full string consumption, finite values, and range.
+- Unconfirmed DD replay/chaining was rejected for consensus and wallet selection: transfer and redemption reject mempool-created DD inputs, and wallet DD selection skips unconfirmed coins.
+
+**Theoretical / not yet reachable / carry-forward risks:**
+- Existing redemption tests still assert RED-phase failures for expired normal redemption and stale ERR behavior in `src/test/digidollar_redeem_tests.cpp`. This is a test-suite quality issue until Jared chooses the intended RED/ERR redemption behavior.
+- Volatility cooldown/threshold tests do not pin exact `ShouldFreezeMinting()`/`ShouldFreezeAll()` behavior at threshold and cooldown boundaries. Carry forward to Wave 19 fuzz/adversarial expansion unless a Wave 4 design decision is approved earlier.
+- DCA boundary comments/docs still conflict with runtime behavior (`src/consensus/dca.cpp:119`, `src/consensus/dca.h:42`, `DIGIDOLLAR_ARCHITECTURE.md:386`). This is not counted as a live exploit until a canonical policy source is selected.
+- `getredemptioninfo` and Qt redeem enablement do not check actual spendable DD burn inputs before reporting redeemability (`src/rpc/digidollar.cpp:2993`, `src/qt/digidollarpositionswidget.cpp:497`). This is a reachable user-surface deception risk; carry forward to wallet/RPC/Qt waves for a deterministic functional/Qt test.
+- Qt's details context menu omits tier 0 and labels it as the default `1 year` (`src/qt/digidollarpositionswidget.cpp:365`, `src/qt/digidollarpositionswidget.cpp:375`), while the table mapping knows tier 0 is 240 blocks (`src/qt/digidollarpositionswidget.cpp:1075`). Carry forward to Wave 12 for a focused UI regression/fix.
+- Stale oracle cache rollback needs a test that restores an old source-time cache entry and asserts `GetLatestPrice()` returns stale/zero rather than a rolled-back old price.
+
+**Commands/results recorded:**
+
+```bash
+find src/digidollar src/oracle src/wallet src/rpc src/qt src/test src/test/fuzz test/functional -type f \
+  | grep -Ei 'digidollar|oracle|musig2|rh|red|attack|security|wallet|qt' \
+  | sort | wc -l
+# 1669 matching paths in the post-build tree
+
+git status --short --branch
+# dirty working tree; Red Hornet fixes remain uncommitted and unrelated pre-existing/user edits were not reverted
+```
+
+**Fixes landed:** none in Wave 4.
+
+**Commit status:** no Wave 4 commits. Existing proposed commit split from Waves 2-3 remains DD-RH-105, DD-RH-106, and DD-RH-109.
+
+**Wave 4 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.
+
+## Continuation Wave 5 — Script, OP_RETURN, Metadata, Address Abuse
+
+**Assignments:**
+- Agent A / exploit-path attacker: malformed script/template/OP_RETURN exploit paths.
+- Agent B / invariant/test breaker: parser/classifier fuzz and regression coverage gaps.
+- Agent C / boundary adversary: wallet/index/scan confusion and address display/routing attacks.
+
+**Wave attack-surface enumeration:** required local `find ... | grep ... | sort` command run successfully. Current post-build tree has 1669 matching paths because generated build artifacts are present. Agent B and C also reported that their prompted command had a trailing `sort .` typo and failed with `sort: read failed: .: Is a directory`; they reran the corrected pipeline. Review stayed within DigiDollar/oracle and directly gated wallet/RPC/Qt/validation surfaces.
+
+### DD-RH-112 — Medium — malformed transfer OP_RETURN script numbers escape validation
+
+- **Affected invariant:** malformed DD/oracle inputs must deterministically reject, not throw through consensus/mempool validation.
+- **Exploit path:** `ValidateTransferTransaction()` parsed the transfer OP_RETURN type and output amounts with `CScriptNum(data, true)` / `CScriptNum(data, true, 8)` without catching `scriptnum_error`. A DD transfer carrying `OP_RETURN "DD" <5-byte non-minimal type> ...` or a 9-byte amount push threw out of validation instead of returning invalid state.
+- **Exact code references:** fixed parser at `src/digidollar/validation.cpp:1258` and `src/digidollar/validation.cpp:1275`; attack test at `src/test/digidollar_transfer_tests.cpp:1179`.
+- **Reproducer:** `transfer_rejects_malformed_opreturn_without_throwing` first failed with two unexpected exceptions and empty reject reason.
+- **Expected secure behavior:** return false with `transfer-malformed-op-return`.
+- **Fix summary:** catch `scriptnum_error` for transfer OP_RETURN tx type and amount fields and return `TX_CONSENSUS` invalid state.
+- **Test evidence:**
+  - Pre-fix: `make -C src -j2 test/test_digibyte && ./src/test/test_digibyte --run_test=digidollar_transfer_tests/transfer_rejects_malformed_opreturn_without_throwing --log_level=all --report_level=short` failed: 1 selected test failed, 6/6 assertions failed.
+  - Post-fix: same target with `--report_level=short` passed: 1 selected test, 6 assertions.
+
+### DD-RH-113 — High — legacy OP_DIGIDOLLAR OP_RETURN can undercount mint accounting
+
+- **Affected invariant:** DD supply and collateral accounting must match the modern mint metadata validated by consensus.
+- **Exploit path:** a valid DD mint could include a valid legacy `OP_RETURN OP_DIGIDOLLAR <smaller amount>` before the modern `OP_RETURN "DD" <MINT> <real amount> ...`. Mint validation counted only the modern marker, but `ExtractMintAccountingAmounts()` called `FindDDOpReturn()`, which returned the first legacy marker. Health scanning then adds the spoofed DD amount at `src/digidollar/health.cpp:397` and `src/digidollar/health.cpp:415`, undercounting supply and overstating system health.
+- **Exact code references:** `FindDDOpReturn()` now prefers modern metadata and falls back to legacy-only transactions at `src/digidollar/validation.cpp:178`; accounting caller at `src/digidollar/validation.cpp:403`; attack test at `src/test/digidollar_validation_tests.cpp:3375`.
+- **Reproducer:** `mint_accounting_ignores_legacy_opreturn_spoof` built a valid 20,000-cent mint with a preceding valid legacy 10,000-cent marker. Pre-fix, `ExtractMintAccountingAmounts()` returned `10000` instead of `20000`.
+- **Expected secure behavior:** block-connect accounting must recover the same DD amount that mint validation accepted.
+- **Fix summary:** record the first legacy marker as fallback only; immediately return the first modern `"DD"` marker when present.
+- **Test evidence:**
+  - Pre-fix: `make -C src -j2 test/test_digibyte && ./src/test/test_digibyte --run_test=digidollar_validation_tests/mint_accounting_ignores_legacy_opreturn_spoof --report_level=short` failed with `extractedDD == ddAmount [10000 != 20000]`.
+  - Post-fix: same target passed: 1 selected test, 7 assertions.
+
+### DD-RH-114 — High — non-canonical OP_1 scripts were accepted as DD transfer outputs
+
+- **Affected invariant:** DD outputs must be canonical P2TR witness programs, not arbitrary scripts that start with `OP_1`.
+- **Exploit path:** transfer output validation treated any zero-value script with `size == 34 && script[0] == OP_1` as a DD output. A malformed script such as `OP_1 OP_DROP OP_TRUE OP_NOP...` padded to 34 bytes is not P2TR and can be spent as a true legacy script, yet DD amount mapping would assign it transfer value.
+- **Exact code references:** canonical witness-program helper at `src/digidollar/validation.cpp:60`; transfer reject at `src/digidollar/validation.cpp:1302`; previous-tx amount mapping at `src/digidollar/validation.cpp:344`; mint/redeem/collateral accounting canonicalization at `src/digidollar/validation.cpp:428`, `src/digidollar/validation.cpp:805`, `src/digidollar/validation.cpp:1669`, and `src/digidollar/validation.cpp:2053`; attack test at `src/test/digidollar_validation_tests.cpp:3145`.
+- **Reproducer:** `transfer_rejects_noncanonical_taproot_like_output` spent a valid DD input to a zero-value 34-byte `OP_1 OP_DROP OP_TRUE ...` output with a matching DD amount. Pre-fix, validation returned success and no reject reason.
+- **Expected secure behavior:** reject with `bad-dd-script`.
+- **Fix summary:** added `IsCanonicalP2TROutput()` using `CScript::IsWitnessProgram()` and `WITNESS_V1_TAPROOT_SIZE`; replaced loose P2TR classifications in DD consensus/accounting paths; transfer validation now explicitly rejects 34-byte OP_1 impostors.
+- **Test evidence:**
+  - Pre-fix: `make -C src -j2 test/test_digibyte && ./src/test/test_digibyte --run_test=digidollar_validation_tests/transfer_rejects_noncanonical_taproot_like_output --report_level=short` failed because the transfer was accepted.
+  - Post-fix: same target passed: 1 selected test, 4 assertions.
+
+**Additional tests/results:**
+
+```bash
+./src/test/test_digibyte --run_test=digidollar_transfer_tests --report_level=short
+# passed: 44 tests, 174 assertions
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests --report_level=short
+# passed: 103 tests + 2 warning-status tests, 276 assertions, exit 0
+
+./src/test/test_digibyte --run_test=digidollar_rh12_script_attacks_tests --report_level=short
+# passed: 12 tests, 25 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh49_find_opreturn_tests --report_level=short
+# exit 200: no matching test cases or all disabled; source exists but this suite is not registered/enabled in the current test binary
+
+./src/test/test_digibyte --run_test=digidollar_script_attacks_tests --report_level=short
+# failed independently of DD-RH-112/113/114: 4 failed tests, 1 abort, error-code expectations at lines 68/90, stack-size expectations at 180/181, and crash in attack_boundary_amounts at line 417
+
+git diff --check -- src/digidollar/validation.cpp src/test/digidollar_validation_tests.cpp src/test/digidollar_transfer_tests.cpp
+# passed
+```
+
+**Rejected false positives / downgraded items:**
+- Multiple modern DD OP_RETURNs remain blocked for mint, transfer, and redemption.
+- Transfer OP_RETURN amount-count spoofing is blocked: validation now enforces matched canonical DD output count and OP_RETURN amount count.
+- Coinbase DD minting remains blocked by coinbase DD marker rejection and DD source extraction rejecting coinbase sources.
+- Phase-one unsigned compact oracle price spoof remains not reachable post-DD activation under current mainnet/testnet/signet/regtest deployment parameters.
+- Unknown/truncated `OP_ORACLE` fail-open is accepted transition behavior; normal tip DD mints still fail without a block oracle price.
+
+**Theoretical / not yet reachable / carry-forward risks:**
+- Legacy DD amount parsing still uses signed left shift on attacker-controlled 8-byte legacy payloads at `src/digidollar/validation.cpp:137`, and oracle v0x02 timestamp parsing has the same UB shape in `src/oracle/bundle_manager.cpp:1318` and `src/oracle/bundle_manager.cpp:1384`. Count only after UBSan/fuzz reproducer; carry forward to Waves 17-19.
+- Mint OP_RETURN trailing data after owner pubkey is not rejected at `src/digidollar/validation.cpp:983`. Add `mint_rejects_trailing_data_after_owner_pubkey`.
+- Planned PQC v2 mint OP_RETURN shape can be positionally misread by current v1 parser; this is `ARCHITECTURAL_REVIEW_REQUIRED` until the v2 format/version gate is approved.
+- Wallet restore/rescan assumes fixed mint output indexes despite consensus allowing reordered collateral/DD outputs: `src/wallet/digidollarwallet.cpp:2124`, `src/wallet/digidollarwallet.cpp:2226`, `src/wallet/digidollarwallet.cpp:2330`, `src/wallet/digidollarwallet.cpp:2355`, `src/wallet/digidollarwallet.cpp:3949`, and `src/wallet/digidollarwallet.cpp:4664`. This is reachable wallet-storage risk but needs wallet-storage design approval; carry to Wave 9.
+- Wallet incoming DD scan can throw on malformed OP_RETURN and can credit the first of duplicate DD OP_RETURNs: `src/wallet/digidollarwallet.cpp:6994`, `src/wallet/digidollarwallet.cpp:7002`, `src/wallet/digidollarwallet.cpp:7007`. Carry to Waves 9-11.
+- Restored send history and generic raw tx RPC display DD recipients/outputs as base-chain DGB addresses, not DD addresses: `src/wallet/digidollarwallet.cpp:2475`, `src/core_write.cpp:166`, `src/core_write.cpp:186`. Carry to Waves 11-12.
+- Qt `WalletModel::validateDigiDollarAddress()` checks prefix/length/base58 but not checksum/network at `src/qt/walletmodel.cpp:1318`. Carry to Wave 12.
+- Oracle bundle script extraction concatenates split pushes at `src/oracle/bundle_manager.cpp:1202`; add noncanonical split-push rejection tests in oracle waves.
+
+**Fixes landed:** DD-RH-112, DD-RH-113, and DD-RH-114 in working tree.
+
+**Commit status:** no commits; user has not authorized local commits. Proposed commit split: one commit for DD-RH-112 transfer OP_RETURN exception handling, one for DD-RH-113 modern OP_RETURN accounting preference, and one for DD-RH-114 canonical P2TR classification. Existing Wave 2-3 proposed splits remain separate.
+
+**Wave 5 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.
+
+## Continuation Wave 6 — Activation and Consensus-Split Risks
+
+**Assignments:**
+- Agent A / exploit-path attacker: validation, chainparams, deployment gates, and shared hooks.
+- Agent B / invariant/test breaker: enabled/disabled boundary tests and mempool/block validation mismatch coverage.
+- Agent C / boundary adversary: multi-node activation, reorg, RPC, Qt, wallet, and oracle P2P boundary behavior.
+
+**Wave attack-surface enumeration:** required local `find ... | grep ... | sort` command run successfully. Current post-build tree has 1669 matching paths because generated build artifacts are present. Review stayed within DigiDollar/oracle and directly gated RPC, P2P, validation, Qt, wallet, chainparams, and miner surfaces.
+
+### DD-RH-115 — High — post-activation mint validity depended on local IBD/catch-up state
+
+- **Affected invariant:** DD mint acceptance must be deterministic and cannot depend on a node-local sync flag.
+- **Exploit path:** `ConnectBlock()` passed `fSkipOracle` into `DigiDollar::ValidationContext` based on `IsInitialBlockDownload()` / header catch-up state. `ValidateMintTransaction()` then skipped both zero-price rejection and collateral-ratio validation when `ctx.skipOracleValidation == true`. A post-activation block containing an undercollateralized mint could therefore be rejected by caught-up nodes and accepted by IBD/catch-up nodes.
+- **Exact code references:** block context wiring at `src/validation.cpp:2993`; pre-fix mint price gate at `src/digidollar/validation.cpp:768`; pre-fix collateral skip at `src/digidollar/validation.cpp:1162`; fixed mandatory price gate at `src/digidollar/validation.cpp:768`; fixed mandatory collateral validation at `src/digidollar/validation.cpp:1164`.
+- **Reproducer:** `src/test/digidollar_skip_oracle_tests.cpp:92` builds a validly structured mint for 10,000 cents of DD with only 1,000 satoshis of collateral. Pre-fix, the `skipOracleValidation=true` context returned success and no reject reason; the strict context rejected with `insufficient-collateral`.
+- **Expected secure behavior:** the same mint must reject with `insufficient-collateral` regardless of local IBD/catch-up state. A zero oracle price must reject with `bad-oracle-price` in every sync state.
+- **Fix summary:** mint oracle price and collateral calculations are now mandatory. `skipOracleValidation` no longer skips mint price/collateral consensus checks; it remains limited to the existing local protection checks that still need a broader deterministic design.
+- **Tests added/upgraded:** `src/test/digidollar_skip_oracle_tests.cpp` now asserts that undercollateralized and zero-price mints reject even when `skipOracleValidation=true`.
+- **Fail-before evidence:** `make -C src -j2 test/test_digibyte && ./src/test/test_digibyte --run_test=digidollar_skip_oracle_tests/skip_oracle_allows_insufficient_collateral_exploit --log_level=all --report_level=short` failed with exit 201, 1 selected test failed, 2/4 assertions failed; observed `skipOracle=true` returned `result: 1` and empty reject reason.
+- **Pass-after evidence:** same selected test passed after the fix; full `digidollar_skip_oracle_tests` passed 6 tests / 18 assertions.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `digidollar validation: fix DD-RH-115 skip-oracle mint bypass`.
+
+### DD-RH-116 — Low — `getmockoracleprice` was callable before DigiDollar activation
+
+- **Affected invariant:** user/operator RPC surfaces that influence or expose DigiDollar/oracle state should follow the same pre-activation gate unless explicitly deployment-monitoring-only.
+- **Exploit path:** `setmockoracleprice` and `enablemockoracle` checked DigiDollar activation before running, but `getmockoracleprice` only checked regtest. This let scripts observe mock oracle state while every other DigiDollar/oracle RPC in the gating test was blocked.
+- **Exact code references:** pre-fix ungated handler at `src/rpc/digidollar.cpp:4627`; fixed activation check at `src/rpc/digidollar.cpp:4629`; functional test list updated at `test/functional/digidollar_rpc_gating.py:66`.
+- **Reproducer:** adding `getmockoracleprice` to `digidollar_rpc_gating.py` made the pre-activation phase fail because the RPC returned successfully instead of raising "DigiDollar is not yet active".
+- **Expected secure behavior:** `getmockoracleprice` rejects pre-activation like the paired mock-oracle mutation RPCs.
+- **Fix summary:** added the same activation check used by `setmockoracleprice` and `enablemockoracle`.
+- **Tests added/upgraded:** `test/functional/digidollar_rpc_gating.py` now verifies all 28 gated DD/oracle RPCs, including `getmockoracleprice`.
+- **Fail-before evidence:** `test/functional/test_runner.py --jobs=1 digidollar_rpc_gating.py` failed at `getmockoracleprice should have been rejected pre-activation`.
+- **Pass-after evidence:** `make -C src -j2 digibyted && test/functional/test_runner.py --jobs=1 digidollar_rpc_gating.py` passed; the activation trio also passed.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `rpc digidollar: fix DD-RH-116 mock oracle activation gate`.
+
+**ARCHITECTURAL_REVIEW_REQUIRED:**
+
+### DD-RH-117 — Medium — oracle P2P activation uses static height instead of DigiDollar BIP9 state
+
+- **Affected invariant:** oracle P2P discovery and price-message handling should not become reachable before the DigiDollar deployment predicate that consumes oracle data.
+- **Exploit path:** `Consensus::IsOracleActive()` checks only `nOracleActivationHeight`, while DD validation/RPC/mining use the BIP9 `DEPLOYMENT_DIGIDOLLAR` predicate. Mainnet has `nOracleActivationHeight = 3000000` and `nDDActivationHeight = 22014720`; regtest overrides can also make DD active while oracle P2P remains inactive. P2P call sites include `VERACK` auto-`GETORACLES`, `ORACLEPRICE`, `ORACLEBUNDLE`, and `GETORACLES` handling.
+- **Exact code references:** `src/consensus/params.h:244`, `src/kernel/chainparams.cpp:307`, `src/kernel/chainparams.cpp:309`, `src/net_processing.cpp:4031`, `src/net_processing.cpp:5440`, `src/net_processing.cpp:5607`, and `src/net_processing.cpp:6192`.
+- **Proof status:** reachable P2P surface mismatch reported by all Wave 6 agents. Not counted as a direct consensus split because block oracle extraction and DD transaction validation remain BIP9-gated.
+- **Why no fix landed:** changing P2P activation semantics is a protocol/operator behavior decision. Needs Jared approval on whether oracle P2P should be gated by DD BIP9 active, `DD active && oracle height`, or a documented separate oracle deployment.
+- **Recommended decision:** align oracle P2P activation with DD BIP9 unless there is a deliberate reason to pre-warm oracle P2P. Then add a unit/functional boundary test for "oracle P2P not reachable before DD deployment active."
+
+**Rejected false positives / downgraded items:**
+- Pre-activation DD txs remain rejected by both mempool and block validation (`digidollar-not-active`), and reorg-below-activation mempool filtering is already covered.
+- Miner template inclusion of stale invalid DD transactions is guarded by DD pre-validation and `TestBlockValidity` retry logic.
+- Oracle cache pre-activation poisoning was not reachable through block connection; extraction/cache updates are DD activation gated.
+- `CheckPhase3OracleBundleVersion()` and `ValidateBlockOracleData()` null-`pindex_prev` static-height fallbacks were not shown reachable in production `ConnectBlock`, which passes `pindex->pprev`.
+
+**Theoretical / not yet reachable / carry-forward risks:**
+- Qt DigiDollar activation status uses a height heuristic for visible text while actual enablement uses BIP9 state (`src/qt/digidollartab.cpp:401`, `src/qt/digidollartab.cpp:425`). Carry to Wave 12 for a Qt regression/fix because it is a user-deception surface, not a consensus split.
+- `skipOracleValidation` still gates volatility/ERR local protection checks. DD-RH-115 removed the direct price/collateral mint split, but DD-RH-108 remains the architectural item for deterministic system-health/volatility sources.
+- Malformed `OP_ORACLE` extraction can fail open as transition behavior when no DD transaction depends on the price (`src/oracle/bundle_manager.cpp:2525`). Carry to oracle waves.
+- Phase-2 oracle bundle format remains accepted after Phase 3 height under current chainparams; no production exploit shown because `nDigiDollarPhase3Height` is currently `0`.
+- `OracleNode::Start()` is testnet-only despite mainnet oracle parameters; operator-readiness risk only, no direct exploit in Wave 6.
+
+**Commands/results recorded:**
+
+```bash
+find src/digidollar src/oracle src/wallet src/rpc src/qt src/test src/test/fuzz test/functional -type f \
+  | grep -Ei 'digidollar|oracle|musig2|rh|red|attack|security|wallet|qt' \
+  | sort | wc -l
+# 1669 matching paths in the post-build tree
+
+make -C src -j2 test/test_digibyte && \
+./src/test/test_digibyte --run_test=digidollar_skip_oracle_tests/skip_oracle_allows_insufficient_collateral_exploit --log_level=all --report_level=short
+# pre-fix DD-RH-115 failed: exit 201, 1 selected test failed, 2/4 assertions failed
+
+make -C src -j2 test/test_digibyte && \
+./src/test/test_digibyte --run_test=digidollar_skip_oracle_tests/skip_oracle_allows_insufficient_collateral_exploit --report_level=short
+# post-fix passed: 1 selected test, 4 assertions
+
+./src/test/test_digibyte --run_test=digidollar_skip_oracle_tests --report_level=short
+# passed: 6 tests, 18 assertions
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests --report_level=short
+# passed: 103 tests + 2 warning-status tests, 276 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh18_cross_feature_tests --report_level=short
+# passed: 9 tests, 36 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh31_consensus_fork_tests --report_level=short
+# passed: 24 tests, 33 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh47_consensus_fork_deep_tests --report_level=short
+# passed: 30 tests, 93 assertions
+
+./src/test/test_digibyte --run_test=digidollar_consensus_tests --report_level=short
+# passed: 13 tests, 125 assertions
+
+./src/test/test_digibyte --run_test=digidollar_activation_tests --report_level=short
+# passed: 5 tests, 17 assertions
+
+./src/test/test_digibyte --run_test=musig2_activation_tests --report_level=short
+# passed: 20 tests, 103 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh06_mint_attacks --report_level=short
+# passed: 36 tests, 69 assertions
+
+test/functional/test_runner.py --jobs=1 digidollar_rpc_gating.py
+# pre-fix DD-RH-116 failed at getmockoracleprice pre-activation gate
+
+make -C src -j2 digibyted && test/functional/test_runner.py --jobs=1 digidollar_rpc_gating.py
+# post-fix passed
+
+test/functional/test_runner.py --jobs=1 digidollar_activation.py digidollar_activation_boundary.py digidollar_rpc_gating.py
+# passed: all 3 functional tests
+
+git diff --check -- src/digidollar/validation.cpp src/test/digidollar_skip_oracle_tests.cpp src/rpc/digidollar.cpp test/functional/digidollar_rpc_gating.py reports/red_hornet_ledger.md
+# passed
+```
+
+**Fixes landed:** DD-RH-115 and DD-RH-116 in working tree.
+
+**Commit status:** no commits; user has not authorized local commits. Proposed commit split: one commit for DD-RH-115 mint validation determinism, one commit for DD-RH-116 mock oracle RPC gating. Existing Wave 2-5 proposed splits remain separate.
+
+**Wave 6 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.
+
+## Continuation Wave 7 — Reorg, Replay, Rollback, Cache Corruption
+
+**Assignments:**
+- Agent A / exploit-path attacker: production connect/disconnect state mutation, rollback order, cached DD metrics, oracle price caches, block/chain reorg state, and `ConnectBlock`/`DisconnectBlock`.
+- Agent B / invariant/test breaker: duplicate/reversed/missing connect/disconnect state updates, DD supply/collateral metrics, oracle cache rollback, reorg/reindex/restart/rescan, and mempool re-add tests.
+- Agent C / boundary adversary: restart/reindex/rescan/reorg functional boundaries, wallet restore/rescan, RPC stats after restart, oracle cache persistence/rollback, multi-node DD reorgs, and mempool resurrection.
+
+**Wave attack-surface enumeration:** required local `find ... | grep ... | sort` command run successfully. Current post-build tree has 1669 matching paths because generated build artifacts are present. All three sub-agents confirmed they read the required context files in order and ran the live enumeration. Review stayed within DigiDollar/oracle and directly gated validation, wallet, index, RPC, and oracle-cache surfaces.
+
+### DD-RH-118 — Medium — cached DD supply can drift downward after valid reorg near `MAX_DIGIDOLLAR`
+
+- **Affected invariant:** reorg connect/disconnect cycles must exactly restore DD supply/collateral accounting for valid chain states.
+- **Exploit path:** `SystemHealthMonitor::OnMintConnected()` capped `totalDDSupply` at `MAX_DIGIDOLLAR`, but `OnMintDisconnected()` subtracted the full mint amount. If valid aggregate supply was near `MAX_DIGIDOLLAR`, connecting a normal valid-size mint that crossed the cap recorded only the capped delta; disconnecting that block then subtracted the full mint and permanently undercounted cached supply. The same lossy cap existed on `OnRedeemDisconnected()`.
+- **Exact code references:** pre-fix lossy cap was at `src/digidollar/health.cpp:452`; fixed helper and call sites are at `src/digidollar/health.cpp:449`, `src/digidollar/health.cpp:463`, and `src/digidollar/health.cpp:493`; attack regression is at `src/test/digidollar_rh16_reorg_attacks_tests.cpp:206`; overflow guard expectation was updated at `src/test/digidollar_rh11_consensus_tests.cpp:47`.
+- **Reproducer:** `rh16_overflow_after_reorg_reconnect` sets cached supply to `MAX_DIGIDOLLAR - 50`, connects a normal `10000000`-cent mint, disconnects it, and expects supply to return to `MAX_DIGIDOLLAR - 50`.
+- **Fail-before evidence:** after rebuilding, `./src/test/test_digibyte --run_test=digidollar_rh16_reorg_attacks_tests/rh16_overflow_after_reorg_reconnect --log_level=all --report_level=short` failed with `got 2099990000000 expected 2099999999950`.
+- **Expected secure behavior:** cached supply must return to the exact pre-connect value. Arithmetic overflow protection must guard `CAmount` overflow, not silently apply a lossy business cap to reversible state transitions.
+- **Fix summary:** replaced the `MAX_DIGIDOLLAR` supply cap in connect/disconnect add paths with a true `CAmount` overflow clamp. Valid aggregate accounting remains exact and reversible until `std::numeric_limits<CAmount>::max()` would overflow.
+- **Tests added/upgraded:** upgraded `rh16_overflow_after_reorg_reconnect` to use a valid per-mint amount and assert exact reorg restoration; upgraded `rh11_supply_overflow_no_protection` to verify exact accounting until true `CAmount` overflow, then clamp.
+- **Pass-after evidence:** selected DD-RH-118 regression passed; selected RH-11 overflow test passed; full `digidollar_rh16_reorg_attacks_tests`, `digidollar_rh11_consensus_tests`, `digidollar_rh34_multiblock_state_tests`, `digidollar_rh42_formal_invariant_tests`, and `digidollar_health_tests` passed.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `digidollar health: fix DD-RH-118 reorg supply cap drift`.
+
+**ARCHITECTURAL_REVIEW_REQUIRED:**
+
+### DD-RH-119 — High — `MAX_DIGIDOLLAR` is documented inconsistently as output bound vs global supply cap
+
+- **Affected invariant:** DD global supply policy must be deterministic and consistently enforced if it exists.
+- **Observed conflict:** `src/digidollar/digidollar.h:18` defines `MAX_DIGIDOLLAR` as a maximum amount, production validation uses it as a per-output/per-structure bound at `src/digidollar/validation.cpp:467`, and mint consensus uses `maxMintAmount` as the per-mint cap at `src/consensus/digidollar.h:65`. `REPO_MAP_DIGIDOLLAR.md:27` calls the same constant a hard cap on total DD supply, but no consensus rule rejects a valid mint because aggregate supply would exceed it.
+- **Why no consensus fix landed:** adding or removing a global DD supply cap is an economic/consensus decision. Wave 7 fixed the local cache corruption without choosing new issuance policy.
+- **Recommended decision:** Jared should decide whether DigiDollar has a consensus-enforced aggregate supply cap. If yes, add a deterministic chain-state/index-derived consensus check and activation tests. If no, update docs and keep `MAX_DIGIDOLLAR` as an amount/output serialization bound only.
+
+**Rejected false positives / downgraded items:**
+- Invalid-block oracle cache poisoning through `ConnectBlock` was rejected: block oracle cache mutation is deferred until after full block validation at `src/validation.cpp:3143`, and existing `rh67`/`rh61` coverage passed.
+- Missed rollback for DD health updates on ordinary `ConnectBlock` failures was rejected: the `DigiDollarHealthUpdateGuard` reverses uncommitted mint/redeem updates before `Commit()` at `src/validation.cpp:2822`; `rh68` coverage passed.
+- Redeem input-0 mismatch was rejected: current redemption validation treats input 0 as collateral and requires DD inputs after it, so disconnect's vault-coin assumption is not attacker-reachable without another confirmed validation bug.
+- Transfer missing supply updates was rejected: DD transfers are supply-neutral and should not mutate supply/collateral metrics.
+- Mempool resurrection of disconnected DD transactions was rejected as intentional reorg behavior: re-addition routes through normal mempool admission and DD validation rechecks deployment, UTXO, oracle, and unconfirmed-parent constraints.
+- Wallet rescan/restart DD loss was rejected for the inspected paths: existing functional tests cover mint/redeem/transfer reorg, reindex, rescan, and persistence restart.
+
+**Theoretical / not yet reachable / carry-forward risks:**
+- DD-RH-069 remains the critical architectural item: collateral can be unlocked by the normal Taproot timelock+owner leaf in a non-DD transaction after lock expiry, bypassing DD burn validation. This is a script/consensus redesign, so no fix was landed without Jared approval.
+- DD-RH-108 remains active: DCA/ERR mint and redemption behavior still depends on process-local cached health/volatility in several paths. Wave 7 found the restart variant again, where a node with an empty cache can compute "max healthy" from zero cached supply at `src/digidollar/validation.cpp:2382`. Needs deterministic chain/index-derived health design.
+- Overburned DD in redemption is a reachable accounting lead but not yet counted as a confirmed vulnerability in Wave 7. Validation permits `ddBurned > originalDDMinted` at `src/digidollar/validation.cpp:2001`, while in-memory and stats-index accounting subtract only the original vault amount at `src/validation.cpp:3031` and `src/index/digidollarstatsindex.cpp:276`. This appears conservative/liveness-skewing rather than inflationary, but needs a targeted regression that distinguishes actual DD UTXO supply from reported supply.
+- Oracle startup reload only scans the last 20 blocks at `src/oracle/bundle_manager.cpp:2103` while price freshness is also wall-clock based at `src/oracle/bundle_manager.cpp:1523`. A restarted node may forget a still-time-fresh bundle that is more than 20 blocks behind tip. This appears fail-closed for minting; carry to oracle staleness waves.
+- No combined multi-node functional test covers mint, transfer, redeem, branch split, longer competing chain, reconnect, wallet rescan, stats comparison, and mempool checks in one scenario.
+- No direct stats-index restart test asserts `getdigidollarstats` immediately after node restart with `-digidollarstatsindex=1`.
+- No deep oracle cache reorg test exceeds the current cache retention window.
+
+**Commands/results recorded:**
+
+```bash
+find src/digidollar src/oracle src/wallet src/rpc src/qt src/test src/test/fuzz test/functional -type f \
+  | grep -Ei 'digidollar|oracle|musig2|rh|red|attack|security|wallet|qt' \
+  | sort | wc -l
+# 1669 matching paths in the post-build tree
+
+make -C src -j2 test/test_digibyte && \
+./src/test/test_digibyte --run_test=digidollar_rh16_reorg_attacks_tests/rh16_overflow_after_reorg_reconnect --log_level=all --report_level=short
+# pre-fix DD-RH-118 failed after rebuild: got 2099990000000 expected 2099999999950
+
+make -C src -j2 test/test_digibyte && \
+./src/test/test_digibyte --run_test=digidollar_rh16_reorg_attacks_tests/rh16_overflow_after_reorg_reconnect --report_level=short && \
+./src/test/test_digibyte --run_test=digidollar_rh11_consensus_tests/rh11_supply_overflow_no_protection --report_level=short
+# passed: both selected tests
+
+./src/test/test_digibyte --run_test=digidollar_rh16_reorg_attacks_tests --report_level=short
+# passed: 11 tests, 43 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh11_consensus_tests --report_level=short
+# passed: 15 tests, 538 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh34_multiblock_state_tests --report_level=short
+# passed: 21 tests, 1358 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh42_formal_invariant_tests --report_level=short
+# passed: 15 tests, 7897668 assertions
+
+./src/test/test_digibyte --run_test=digidollar_health_tests --report_level=short
+# passed: 21 tests, 567 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh25_serialization_cache_tests --report_level=short
+# passed: 6 tests, 26 assertions
+
+./src/test/test_digibyte --run_test=rh68_test_block_validity_health_metrics_side_effect_tests --report_level=short
+# passed: 1 test, 13 assertions
+
+./src/test/test_digibyte --run_test=rh67_invalid_block_oracle_cache_side_effect_tests --report_level=short
+# passed: 1 test, 6 assertions
+
+./src/test/test_digibyte --run_test=rh66_startup_oracle_price_loading_tests --report_level=short
+# passed: 1 test, 14 assertions
+
+./src/test/test_digibyte --run_test=rh63_oracle_validator_escape_hatches_tests --report_level=short
+# passed: 7 tests, 35 assertions
+
+./src/test/test_digibyte --run_test=rh61_coinbase_price_cache_poisoning_tests --report_level=short
+# passed: 7 tests, 19 assertions
+
+test/functional/test_runner.py --jobs=1 digidollar_stats_reorg.py digidollar_oracle_reorg_cache.py wallet_digidollar_reorg.py wallet_digidollar_transfer_reorg.py wallet_digidollar_mint_reorg.py wallet_digidollar_pending_redeem_restart.py wallet_digidollar_reindex.py
+# passed: all 7 functional tests
+
+test/functional/test_runner.py --jobs=1 digidollar_stats_reordered_mint.py wallet_digidollar_rescan.py wallet_digidollar_persistence_restart.py digidollar_network_tracking.py digidollar_redeem_stats.py digidollar_persistence.py
+# passed: all 7 functional entries; wallet_digidollar_persistence_restart.py ran legacy-wallet and descriptors variants
+
+git diff --check -- src/digidollar/health.cpp src/test/digidollar_rh16_reorg_attacks_tests.cpp src/test/digidollar_rh11_consensus_tests.cpp reports/red_hornet_ledger.md
+# passed
+
+git status --short --branch
+# dirty working tree; DD-RH-118 and earlier Red Hornet fixes remain uncommitted, unrelated pre-existing/user edits were not reverted
+```
+
+**Fixes landed:** DD-RH-118 in working tree.
+
+**Commit status:** no commits; user has not authorized local commits. Proposed commit split: one commit for DD-RH-118 health monitor reversible accounting. Existing Wave 2-6 proposed splits remain separate.
+
+**Wave 7 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.
+
+## Continuation Wave 8 — Mempool Relay, Conflict, Replacement
+
+**Assignments:**
+- Agent A / exploit-path attacker: DD mempool admission, RBF/full-RBF replacement, conflict removal, package accept, and oracle-mempool boundaries.
+- Agent B / invariant/test breaker: mempool attack tests, replacement/package coverage, malformed conflict cases, and missing negative assertions.
+- Agent C / boundary adversary: multi-node/reorg/restart mempool behavior, persisted mempool reload, wallet-visible pending DD state, and txindex/reorg replay.
+
+**Wave attack-surface enumeration:** required local `find ... | grep ... | sort` command run successfully. Current post-build tree has 1670 matching paths after adding the new functional regression. All three sub-agents confirmed they read the required context files in order and ran the live enumeration. Review stayed within DigiDollar/oracle and directly gated mempool, validation, wallet, RPC, and functional-test surfaces.
+
+### DD-RH-120 — Low — non-final DD transactions forced DD contextual validation before cheap finality rejection
+
+- **Affected invariant:** malformed or non-final DD/oracle inputs must not create practical validation DoS beyond intended mempool policy cost.
+- **Exploit path:** `MemPoolAccept::PreChecks()` ran full DigiDollar contextual validation before `CheckFinalTxAtTip()`. A peer could send structurally DD-marked, non-final transactions and force DD parsing/oracle/block-db work, receiving a DD structural reject instead of the cheap `non-final` policy reject.
+- **Exact code references:** finality now runs before DD contextual validation at `src/validation.cpp:817`; cheap DD marker/type gating remains at `src/validation.cpp:824`; full DD contextual validation now runs after input caching at `src/validation.cpp:947`. Regression is at `test/functional/digidollar_activation_boundary.py:176`.
+- **Reproducer:** `digidollar_activation_boundary.py` constructs a future-locktime DD transfer with sequence `0xfffffffe` and calls `testmempoolaccept`.
+- **Fail-before evidence:** `test/functional/test_runner.py --jobs=1 digidollar_activation_boundary.py` failed with `AssertionError: not(transfer-no-op-return-data == non-final)`.
+- **Expected secure behavior:** non-final DD transactions are rejected as `non-final` before expensive DD validation.
+- **Fix summary:** moved `CheckFinalTxAtTip()` immediately after `CheckTransaction()` and before DD contextual validation.
+- **Tests added/upgraded:** `test/functional/digidollar_activation_boundary.py` now asserts the non-final DD reject reason.
+- **Pass-after evidence:** activation boundary functional test passed; DD mempool attack/relay unit tests passed.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `validation: fix DD-RH-120 non-final DD mempool ordering`.
+
+### DD-RH-121 — Medium — DD transfer descendants can persist after multi-block reorg through stale txindex and missing final-tip DD revalidation
+
+- **Affected invariant:** reorgs, restarts, rescans, cache invalidation, wallet reloads, and mempool conflicts cannot corrupt DD supply/collateral/accounting state; DD transfer inputs must remain confirmed before their OP_RETURN amount is trusted.
+- **Exploit path:** during `invalidateblock`/multi-block disconnect, `MaybeUpdateMempoolForReorg()` re-added the transfer block while the mint ancestor was still temporarily visible as a confirmed UTXO. After the mint block disconnected, the mint was re-added to mempool but the transfer stayed accepted as if it spent a confirmed DD input. Because DD amount extraction can also read stale historical txindex data, the transfer survived with an unconfirmed DD parent and was visible in wallet/mempool state.
+- **Exact code references:** reorg re-add loop at `src/validation.cpp:358`; final-tip DD revalidation added at `src/validation.cpp:441`; DD revalidation uses a mempool-aware coin view at `src/validation.cpp:442`; failing transfer rejection now occurs through `ValidateDigiDollarTransaction()` at `src/validation.cpp:471`; ordinary ATMP DD validation also now uses the mempool-aware cached view at `src/validation.cpp:947`. Attack regression is `test/functional/wallet_digidollar_transfer_ancestor_reorg.py:6`.
+- **Reproducer:** with `-txindex=1 -persistmempool=1`, mine a DD mint at the low regtest fallback oracle price, mine a DD transfer spending that mint, then invalidate the mint ancestor block. Before the fix, both the mint and transfer returned to mempool even though the transfer's DD input was now from an unconfirmed mint.
+- **Fail-before evidence:** `test/functional/test_runner.py --jobs=1 wallet_digidollar_transfer_ancestor_reorg.py` failed with `AssertionError: DD transfer descendant must not return to mempool while its DD input comes from an unconfirmed mint`.
+- **Expected secure behavior:** after the final reorg tip is known, any DD mempool entry resurrected from disconnected blocks must still validate against the final chain plus mempool view. A transfer whose DD input is only available from a mempool parent must be removed and must not survive restart through `mempool.dat`.
+- **Fix summary:** kept cheap DD type/activation rejects early, moved ordinary DD mempool validation to use the mempool-aware cached coin view after input loading, and added DD-specific final-tip revalidation in `MaybeUpdateMempoolForReorg()` before `removeForReorg()` finishes.
+- **Tests added/upgraded:** added `test/functional/wallet_digidollar_transfer_ancestor_reorg.py` and registered it in `test/functional/test_runner.py`.
+- **Pass-after evidence:** the new ancestor-reorg regression passed; surrounding transfer/reorg/restart functional tests passed; DD mempool unit suites passed.
+- **Status:** fixed in working tree, uncommitted. Proposed commit: `validation: fix DD-RH-121 reorg DD descendant resurrection`.
+
+**Rejected false positives / downgraded items:**
+- DD tx replacement by a higher-fee non-DD transaction is owner-authorized cancellation/confusion, not theft or inflation: the replacement must spend the same inputs and pass generic RBF/full-RBF policy. No fix landed.
+- Invalid replacement cannot evict a valid DD tx because conflicts are removed only after replacement prechecks, policy checks, scripts, and finalization succeed.
+- Wallet-built DD mint/transfer transactions do not opt into BIP125 by default; redemption uses `0xfffffffe` for CLTV and does not signal BIP125 opt-in. The redemption sequence comment is misleading, not itself a funds-loss bug.
+- Package accept did not show a DD bypass in this wave: package-created coins are tagged `MEMPOOL_HEIGHT`, and DD transfer/redeem validation rejects unconfirmed zero-value DD inputs when the mempool view is visible.
+- Oracle P2P pending objects do not interact directly with tx mempool admission; they remain in scope for oracle/P2P waves.
+
+**Theoretical / not yet reachable / carry-forward risks:**
+- No end-to-end DD RBF/replacement functional test proves DD-to-non-DD and non-DD-to-DD replacement behavior under both opt-in and full-RBF. Coverage gap, not a confirmed vulnerability.
+- No DD-specific package submission negative test proves an unconfirmed DD parent/child package remains rejected through `submitpackage`/package evaluation.
+- DD redemption with an unconfirmed collateral parent should receive a targeted reorg regression in Wave 9 or Wave 4 follow-up. DD-RH-121 fixed final-tip DD revalidation broadly, but the current regression proves the transfer path only.
+- Existing full `digidollar_redteam_tests` still has an unrelated stale failure in `redteam_nums_key_legitimate_collateral_accepted` (`insufficient-collateral`). Not counted as a Wave 8 regression failure because targeted DD mempool suites passed.
+
+**Commands/results recorded:**
+
+```bash
+find src/digidollar src/oracle src/wallet src/rpc src/qt src/test src/test/fuzz test/functional -type f \
+  | grep -Ei 'digidollar|oracle|musig2|rh|red|attack|security|wallet|qt' \
+  | sort | wc -l
+# 1670 matching paths after adding wallet_digidollar_transfer_ancestor_reorg.py
+
+./src/test/test_digibyte --run_test=digidollar_rh17_mempool_attacks_tests --report_level=short
+# passed: 10 tests, 34 assertions
+
+./src/test/test_digibyte --run_test=digidollar_rh33_mempool_relay_tests --report_level=short
+# passed: 12 tests, 318 assertions
+
+./src/test/test_digibyte --run_test=digidollar_transfer_tests --report_level=short
+# passed: 44 tests, 174 assertions
+
+./src/test/test_digibyte --run_test=digidollar_txbuilder_tests --report_level=short
+# passed: 18 tests, 63 assertions
+
+test/functional/test_runner.py --jobs=1 wallet_digidollar_transfer_ancestor_reorg.py
+# pre-fix DD-RH-121 failed: transfer descendant returned to mempool with unconfirmed DD parent
+
+make -C src -j2 digibyted test/test_digibyte
+# passed; pre-existing redundant CheckMinimalPush declaration warning remained
+
+test/functional/test_runner.py --jobs=1 wallet_digidollar_transfer_ancestor_reorg.py
+# post-fix passed
+
+test/functional/test_runner.py --jobs=1 digidollar_activation_boundary.py
+# pre-fix DD-RH-120 failed with transfer-no-op-return-data instead of non-final
+# post-fix passed
+
+test/functional/test_runner.py --jobs=1 wallet_digidollar_transfer_reorg.py wallet_digidollar_pending_redeem_restart.py digidollar_stats_reorg.py
+# passed: all 3 functional tests
+
+test/functional/test_runner.py --jobs=1 -t /tmp/dgb_redhornet_networkrelay_ digidollar_network_relay.py
+# passed: 68 seconds
+
+./src/test/test_digibyte --run_test=digidollar_validation_tests --report_level=short
+# passed: 103 tests + 2 warning-status tests, 276 assertions
+
+test/functional/test_runner.py --jobs=1 digidollar_network_relay.py
+# infrastructure-only failure: parallel test_runner invocation reused the same timestamped tmpdir and raised FileExistsError; rerun with -t passed
+```
+
+**Fixes landed:** DD-RH-120 and DD-RH-121 in working tree.
+
+**Commit status:** no commits; user has not authorized local commits. Proposed commit split: one commit for DD-RH-120 mempool ordering, one commit for DD-RH-121 reorg descendant resurrection. Existing Wave 2-7 proposed splits remain separate.
+
+**Wave 8 status:** complete. Ledger updated at `reports/red_hornet_ledger.md`.

From 844fba8bf397b4d7c02fce08912c6a247cedd8f8 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:03:18 -0600
Subject: [PATCH 12/22] =?UTF-8?q?docs:=20add=20MVP=5FPLAN.md=20=E2=80=94?=
 =?UTF-8?q?=20DigiDollar=20mainnet=20V1=20TDD=20wave=20execution=20plan?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Captures all locked V1 decisions (14 total), P0 launch blockers with
TDD requirements, 7-phase wave execution model (Pre-Wave + Waves 1-6),
commit standards, and full-suite regression gate requirements for each
wave. Replaces the prior ad-hoc planning in session memory.
---
 MVP_PLAN.md | 667 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 667 insertions(+)
 create mode 100644 MVP_PLAN.md

diff --git a/MVP_PLAN.md b/MVP_PLAN.md
new file mode 100644
index 0000000000..8fe60c7ee1
--- /dev/null
+++ b/MVP_PLAN.md
@@ -0,0 +1,667 @@
+# MVP_PLAN.md — DigiDollar Mainnet V1 Work Plan
+
+**Branch:** `feature/digidollar-v1`  
+**Purpose:** TDD wave-based execution plan for DigiDollar V1 mainnet deployment.  
+**Rule:** Planning only. All code work done by separate agents using TDD. No pushes — Jared reviews and pushes.
+
+---
+
+## 0. Non-Negotiable V1 Invariants
+
+1. **No early redemptions.** Collateral cannot unlock before the chosen timelock expires.
+2. **DD burn enforcement is mandatory.** A collateral vault spend must require burning the correct DigiDollar amount.
+3. **ERR must be finished, not disabled.** If system health drops below 100%, redemption still requires timelock expiry and returns full collateral — but the redeemer must burn extra DD according to the ERR ratio. No haircut on DGB.
+4. **Consensus math must be deterministic.** No float/double in consensus-visible DCA/ERR/collateral math. Integer basis points and `__int128` only.
+5. **Oracle data must be deterministic.** DCA, ERR, mint validation, and redemption validation must use the same consensus-safe price/health source.
+6. **MuSig2 oracle bundles only for V1.** Legacy v0x01/v0x02 formats were development steps — removed from production validation, mining, and fallback paths.
+7. **Oracle roster must be expandable.** Launch quorum: minimum 9 signatures. Active oracle set must grow beyond 17 via deterministic consensus-visible roster rules.
+8. **Lock tiers are canonical only.** No in-between or custom lock durations for V1.
+9. **Watch-only DD is read-only.** Watch-only wallets may display/monitor DD positions but cannot mint, redeem, send, or sign.
+10. **Legacy DigiDollar wallets unsupported for V1.** Require descriptor/bech32m-capable wallets. Fail clearly on unsupported types.
+
+---
+
+## 1. Audit Sources
+
+### Primary DigiDollar / Red Hornet
+- `DIGIDOLLAR_BUG_HUNT_REPORT.md`, `Z_RED_HORNET.md`, `Z_RED_HORNET_v2.md`
+- `doc/RED_HORNET_V3_REPORT.md`, `reports/red_hornet_final_report.md`
+- `reports/red_hornet_ledger.md`, `reports/red_hornet_security_final_report.md`
+- `reports/red_hornet_security_ledger.md`, `RELEASE_v9.26.0-rc33.md`
+
+### Architecture / repo maps
+- `ARCHITECTURE.md`, `REPO_MAP.md`, `DIGIDOLLAR_ARCHITECTURE.md`, `REPO_MAP_DIGIDOLLAR.md`
+
+### Fuzz / regression readiness
+- `doc/FUZZ_COMPLETION_REPORT.md`, `doc/FUZZ_MARATHON_COMPLETE.md`, `doc/FUZZ_PHASE4_FINAL_REPORT.md`
+
+---
+
+## 2. Red Hornet Continuation Fixes (Pre-committed by Red Hornet Team)
+
+The Red Hornet team will have committed all campaign fixes before this plan's Wave 1 begins. The Pre-Wave agent's only job is to verify the baseline is clean and the full test suite passes — no commit-splitting work needed.
+
+**Fixes expected in baseline (committed by Red Hornet team):**
+
+| RH ID | Severity | Fix |
+|-------|----------|-----|
+| DD-RH-001 | Medium | Valid reordered mint now correctly tracked in health accounting |
+| DD-RH-003 | Low | DCA fractional multipliers now ceiling-rounded (no undercut) |
+| DD-RH-004 | Low | Required collateral uses ceiling division (no one-sat undercount) |
+| DD-RH-005 | High | Nonzero-vout mint collateral no longer treated as redemption fee input |
+| DD-RH-006 | Low | `getprotectionstatus` no longer reports false emergency on zero DD supply |
+| DD-RH-007 | Critical | Transfer OP_RETURN spoof cannot inflate later spends |
+| DD-RH-008 | Medium | DD address validators reject corrupted/wrong-shape strings |
+| DD-RH-009 | Medium | `importdigidollaraddress` returns explicit failure instead of false success |
+| DD-RH-105 | Medium | Transfer rejects unresolved zero-value DD inputs |
+| DD-RH-106 | High | Redemption burn accounting prefers authoritative mint tx over poisonable metadata |
+| DD-RH-109 | Medium | Transfer builder rejects underfunded DGB fee inputs |
+| DD-RH-112 | Medium | Malformed transfer OP_RETURN script numbers reject cleanly |
+| DD-RH-113 | High | Mint accounting prefers modern `"DD"` OP_RETURN over legacy spoof marker |
+| DD-RH-114 | High | Non-canonical `OP_1` impostor scripts rejected as DD outputs |
+| DD-RH-115 | High | Mint price/collateral validation no longer depends on `skipOracleValidation` |
+| DD-RH-116 | Low | `getmockoracleprice` is activation-gated |
+| DD-RH-118 | Medium | Reorg connect/disconnect now restores DD supply exactly near `MAX_DIGIDOLLAR` |
+| DD-RH-120 | Low | Non-final DD transactions now fail cheaply before DD contextual validation |
+| DD-RH-121 | Medium | DD transfer descendants no longer survive reorg through stale txindex |
+
+**Additional fixes from waves 6–19** (DD-RH-010 through DD-RH-049) will also be in the baseline. Pre-Wave agent should verify by reading `reports/red_hornet_ledger.md` to confirm all "fixed" items are present in committed history.
+
+**Pre-Wave responsibility:** Verify baseline compiles, all committed RH fixes are present, and the full unit + functional + fuzz suite passes clean. No commit work. No push.
+
+---
+
+## 3. P0 Launch Blockers (Detail + TDD Requirements)
+
+### P0.1 — DD Burn Enforcement on Every Collateral Spend (`DD-RH-069`)
+
+**Problem:** The normal collateral script path is essentially `CLTV + owner sig`. After timelock, a non-DD tx can spend backing DGB without entering DD redemption validation — leaving DD supply live with no collateral.
+
+**Files:**
+- `src/script/interpreter.cpp`, `src/script/script.h`
+- `src/digidollar/scripts.cpp`, `src/digidollar/validation.cpp`
+
+**Fix direction:**
+1. Consensus-level detector: any input spending a known DD collateral vault must enter DD redemption validation, even without a DD marker in the spending tx.
+2. Require correct DD burn amount before collateral release.
+3. Fix both normal and ERR Taproot leaves so ABI matches `OP_DIGIDOLLAR` / `OP_DDVERIFY` semantics.
+4. Timelock mandatory for both normal and ERR leaves.
+
+**TDD requirements:**
+- Failing test: post-timelock non-DD collateral spend is rejected.
+- Failing test: normal redemption succeeds only when full original DD amount is burned.
+- Failing test: partial burn cannot release collateral.
+- Failing test: collateral spend with no DD inputs cannot release collateral.
+- Failing test: reordered mint outputs still identify the correct collateral output.
+
+---
+
+### P0.2 — ERR End-to-End (`ARCH-RH-004`, `DD-RH-110`)
+
+**Design:** ERR is not early redemption. ERR only changes the DD burn requirement after timelock expiry when system health drops below 100%.
+
+**Current problems:**
+- ERR consensus validation incomplete.
+- ERR Taproot leaf ABI broken (`OP_DIGIDOLLAR` not followed by positive DD amount).
+- RPC/wallet can disagree with consensus on ERR state.
+
+**Files:**
+- `src/consensus/err.cpp/h`, `src/digidollar/validation.cpp` (ERR sections)
+- `src/digidollar/txbuilder.cpp`, `src/rpc/digidollar.cpp`
+- `src/test/digidollar_err*_tests.cpp`, `src/test/digidollar_redeem_tests.cpp`
+
+**Required V1 behavior:**
+- Health `≥ 100%`: burn original DD, return full DGB.
+- Health `< 100%`: burn `ceil(originalDD * 10000 / errRatioBps)`, return full DGB.
+- ERR still requires timelock expiry.
+- New minting blocked while ERR active.
+- Normal redemption blocked while ERR active unless ERR burn requirement met.
+- No DGB haircut. Extra DD burned is the penalty.
+
+**Consensus math:** Replace doubles with integer basis points. `ceil(originalDD * 10000 / errRatioBps)` using `__int128`. Compare against `MAX_MONEY` before casting.
+
+**TDD requirements:**
+- Failing test: ERR no longer returns `err-validation-incomplete` for valid ERR redemption.
+- Failing test: health `<100%`, original-only burn fails.
+- Failing test: health `<100%`, required extra burn succeeds.
+- Failing test: ERR before timelock fails.
+- Failing test: normal redemption while ERR active fails unless ERR burn requirement met.
+- Functional test: regtest price/health crash activates ERR, wallet builds correct ERR redemption, block validates.
+- Fuzz: ERR burn boundary fuzz for health 0, 1, 84, 85, 89, 90, 94, 95, 99, 100, overflow values.
+
+---
+
+### P0.3 — Canonical Deterministic Health for DCA + ERR (`DD-RH-108`)
+
+**Problem:** DCA/ERR decisions can depend on cached or placeholder health. `TxBuilder::GetCurrentSystemCollateral()` returns a default healthy value; validation can fall back to `150%` when data is missing.
+
+**Files:**
+- `src/digidollar/health.cpp/h`, `src/consensus/dca.cpp`
+
+**Required V1 behavior:**
+- One canonical health calculation for consensus validation.
+- Inputs: chain-derived DD supply, locked collateral, and the same oracle price used for the block/tx being validated.
+- No healthy fallback after activation when oracle/health data is missing. Fail closed.
+- Caches OK for performance but consensus validates against deterministic data.
+- DCA multiplier doubles → integer multipliers/basis points. Conservative rounding up. `__int128` + `MAX_MONEY` checks.
+
+**TDD requirements:**
+- Failing test: stale cached health cannot allow a mint at base collateral when current health requires DCA.
+- Failing test: missing post-activation price/health rejects DD validation instead of defaulting to 150%.
+- Failing test: DCA, ERR, RPC quote, and txbuilder agree on health source for the same block/price.
+- Fuzz: health calculation with extreme collateral, DD supply, and price values.
+
+---
+
+### P0.4 — Lock Tier Canonicalization (`DD-RH-107`)
+
+**Problem:** Non-standard lock duration just above a tier boundary can receive the next tier's lower collateral ratio. E.g., `1-hour tier + 1 block` gets the 30-day ratio.
+
+**Files:**
+- `src/consensus/digidollar.cpp/h`, `src/digidollar/validation.cpp` (lock-tier sections), `src/digidollar/txbuilder.cpp`
+
+**Required V1 rule:** Accept only canonical lock tiers. Reject all in-between/custom durations.
+
+**TDD requirements:**
+- Failing test: each canonical tier is accepted with correct collateral ratio.
+- Failing test: `tier + 1 block`, `tier - 1 block`, and arbitrary custom durations reject.
+- Functional test: RPC/Qt cannot create non-canonical lock durations.
+
+---
+
+### P0.5 — Oracle Consensus / Activation Rules (`ARCH-RH-001`, `DD-RH-084/085/086/117`)
+
+**Locked direction:** Non-DD blocks are valid without oracle data. Any block containing a DD transaction or spending a DD collateral vault must include a valid MuSig2 oracle bundle — missing or invalid oracle data makes the DD-touching block invalid for every node.
+
+**Files:**
+- `src/oracle/*`, `src/primitives/oracle*`
+- `src/kernel/chainparams.cpp`, `src/consensus/params.h`
+- `src/node/miner.cpp`, `src/validation.cpp`
+
+**Required V1 rules:**
+1. **MuSig2 only.** Remove v0x01/v0x02 acceptance, mining, and fallback paths.
+2. **No separate oracle activation maze.** DD V1 starts with MuSig2. Gate DD behavior to the DigiDollar deployment predicate, not stale phase heights.
+3. **Avoid chain splits:** Non-DD blocks need no oracle bundle. DD-touching blocks must have one valid MuSig2 oracle bundle.
+4. **Expandable roster:** variable-length signer encoding + deterministic height/deployment-indexed active roster. Quorum floor remains 9. Expansion requires a new release with explicit activation rules.
+5. **Reserve/inactive operators** listed but cannot count toward quorum.
+6. **Domain separation:** signatures commit to network/genesis/deployment, epoch/height, price, timestamp, message type.
+7. **Signer liveness:** deterministic reselection/retry rules so nonce withholding cannot stall block construction.
+8. **Mempool policy:** may require recent valid MuSig2 oracle quote for DD transactions; block validity is the final consensus rule.
+
+**TDD requirements:**
+- Failing test: v0x01/v0x02 oracle formats rejected; not mined as fallback.
+- Failing test: non-DD block without oracle data remains valid.
+- Failing test: any DD mint/transfer/redeem/collateral-spend block without oracle data is rejected.
+- Failing test: malformed/stale/wrong-domain/insufficient-quorum oracle bundle makes DD-touching block invalid.
+- Failing test: roster with >17 active operators verifies valid 9-sig MuSig2 bundle after roster activation.
+- Failing test: same >17 roster bundle rejected before roster activation.
+- Failing test: out-of-roster signer, duplicate signer, wrong-domain sig all reject.
+- Functional: 9-of-N signs passes, 8-of-N fails, N can be increased without invalidating historical blocks.
+
+---
+
+### P0.6 — `MAX_DIGIDOLLAR` Supply Cap Clarification (`DD-RH-119`) — RESOLVED
+
+**Severity:** High → RESOLVED as Option B (docs only)
+
+**Decision (locked):** DigiDollar has **no global supply cap**. Total DigiDollars in circulation are theoretically unlimited — the only constraint is available DGB collateral and the per-block minting rate. `MAX_DIGIDOLLAR` is a per-output serialization bound only, not a global cap. No consensus change required.
+
+**Docs already updated:**
+- `REPO_MAP_DIGIDOLLAR.md` — removed "hard cap on total DD supply" language; clarified as per-output bound
+- `AlertThresholds::MAX_DD_SUPPLY` in `health.h` — monitoring alert threshold only, not a supply cap; rename to `ALERT_DD_SUPPLY` for clarity
+
+**Wave 6 docs agent must also verify:** No remaining "global supply cap" or "total supply limit" language survives in `DIGIDOLLAR_ARCHITECTURE.md`, `DIGIDOLLAR_EXPLAINER.md`, or any whitepaper/spec docs under `digidollar/`.
+
+---
+
+### P0.7 — Qt Mint Owner Key Lifecycle (`DD-RH-034`)
+
+**Severity:** High
+
+**Problem:** Qt mint generates a random non-HD key (`MakeNewKey(true)`) and stores it in the DD wallet only AFTER `commitTransaction()`. The RPC mint path uses the wallet-derived `GetHDKeyForDigiDollar()` helper. A crash between successful broadcast and `StoreOwnerKey()` leaves the collateral vault locked forever — the owner key that controls normal and ERR redemption is lost. This is a **loss-of-funds** risk on mainnet.
+
+**Files:**
+- `src/qt/walletmodel.cpp` (lines 866–870, 1111–1138)
+- `src/rpc/digidollar.cpp` (HD key helper, lines 97–151)
+- `src/wallet/` (key derivation path)
+
+**Required V1 fix:** Move `GetHDKeyForDigiDollar()` to shared wallet code (not private to `rpc/digidollar.cpp`). Both Qt and RPC mint must derive the owner key from the wallet's HD seed. Persist the derived key to wallet database before broadcast. If the wallet is non-HD, fail clearly at mint time with an explicit error.
+
+**TDD requirements:**
+- Failing test: Qt mint path derives owner key from HD seed (same derivation as RPC path).
+- Failing test: owner key persisted to wallet database before transaction broadcast.
+- Failing test: non-HD wallet returns explicit error at Qt mint time.
+- Failing test: wallet restore from seed recovers Qt-minted DD position owner key without extra wallet.dat backup.
+- Functional test: mint via Qt, crash-simulate between broadcast and StoreOwnerKey, reload wallet — position is still redeemable.
+
+---
+
+### P0.8 — Volatility Precheck (`DD-RH-111`)
+
+**Problem:** First mint that crosses a volatility threshold can pass because freeze state is checked before recording/evaluating the candidate price.
+
+**Files:** `src/digidollar/validation.cpp` (volatility section only)
+
+**Fix:**
+- Non-mutating "would this candidate price freeze minting?" check before any state mutation.
+- Reject candidate mint if it crosses freeze threshold.
+
+**TDD requirements:**
+- Failing test: seeded prior price + candidate mint price crossing threshold is rejected.
+- Failing test: invalid candidate tx cannot poison volatility state.
+- Fuzz: volatility boundary/cooldown thresholds.
+
+---
+
+### P0.9 — Mempool / Block / IBD / Reorg Consensus Parity
+
+**Problem:** Several audit findings were chain-split shaped: behavior differed between mempool and block validation, IBD and caught-up nodes, stale cache and fresh cache, or pre/post reorg state.
+
+**Files:**
+- `src/validation.cpp`, `src/node/miner.cpp`, `src/net_processing.cpp`
+- `test/functional/` (functional test scenarios)
+
+**Required V1 behavior:**
+- `AcceptToMemoryPool`, miner block assembly, `ConnectBlock`, IBD, reindex, and reorg replay apply identical DD consensus rules.
+- Mempool may be stricter for liveness/safety but must never allow a DD tx that block validation rejects.
+- `skipOracleValidation` must not bypass post-activation DD requirements.
+- Reorg rollback must restore DD supply, collateral, health, oracle cache, wallet positions, and pending redemption state deterministically.
+- Historical validation uses the oracle bundle and roster rules at that historical height.
+
+**TDD requirements:**
+- Functional: DD block accepted by caught-up node is also accepted by IBD/reindex node.
+- Functional: DD mempool acceptance and mined block validity agree on oracle, DCA, ERR, and burn requirements.
+- Functional: reorg across DD mint/transfer/redeem restores supply/collateral/health and wallet state exactly.
+- Functional: expanded oracle roster validates only after activation height and does not invalidate older blocks.
+- Fuzz: validation contexts with `skipOracleValidation`, stale cache, missing cache, and reorg rollback.
+
+---
+
+## 4. P1 Mainnet Readiness Work
+
+### P1.1 — Wallet / RPC / Qt State Consistency
+- `getprotectionstatus`, `getredemptioninfo`, wallet redemption, Qt display, and consensus agree on normal vs ERR state.
+- RPC reports required DD burn during ERR. Wallet selects enough DD inputs for ERR extra burn.
+- Watch-only wallets: display/monitor only. Cannot mint/send/redeem/sign.
+- Restore/rescan recovers DD positions with reordered outputs and modern metadata.
+- Legacy wallet path fails with explicit unsupported error.
+
+**TR-RH-003 — RPC unit/filter drift (reachable, loss-of-funds adjacent):**
+- `listdigidollarpositions min_amount` compared DGB units to DD cents → fix filter to use DD cents.
+- `senddigidollar change_amount` reported wallet remaining DGB as DD change → fix to report correct unit.
+- `getdigidollarbalance minconf` accepted but ignored `minconf` parameter → apply correctly.
+- Fix these in RPC layer; add schema validation tests.
+
+**TR-RH-004 — Qt stale collateral ratios for tiers 5–8:**
+- `WalletModel::calculateRequiredCollateral()` had stale hardcoded ratios for higher tiers.
+- RPC collateral estimate reported base consensus minimum; `MintTxBuilder` adds 1% safety margin.
+- Decide whether RPC should report consensus minimum or builder-padded amount and document clearly.
+- Fix Qt to read ratios from consensus parameters, not hardcoded constants.
+
+**TR-RH-005 — `listdigidollaraddresses` hides zero-balance DD addresses:**
+- Currently only lists addresses inferred from current DD UTXOs; hides generated zero-balance addresses and hardcodes `iswatchonly=false`.
+- Fix: list all generated DD addresses including zero-balance; set `iswatchonly` from wallet metadata.
+
+**TR-RH-006 — `CDigiDollarAddress` accepts any chain's address prefix:**
+- A mainnet wallet can accept testnet/regtest-prefixed DD address if version+checksum are valid.
+- Fix: validate the address version byte against the currently active chain params. Reject cross-chain addresses.
+
+**ARCH-RH-003 — Watch-only address storage (V1 scope: explicit failure is acceptable):**
+- `importdigidollaraddress` now returns `success=false` with an explicit warning (fixed in Wave 9).
+- For V1: this explicit failure is sufficient. Full watch-only address import/rescan/listing is a post-V1 feature.
+- Ensure the error message is clear and documented in release notes.
+
+**TDD requirements:**
+- Functional: health crash changes all RPC/Qt-visible protection state consistently.
+- Functional: wallet builds both normal redemption and ERR redemption.
+- Functional: legacy wallet path fails with explicit unsupported error.
+- Functional: watch-only wallet can view DD metadata but cannot mint/send/redeem/sign.
+- Unit: restore/rescan recovers DD positions with reordered outputs.
+- Unit: `listdigidollarpositions min_amount` filters in DD cents, not DGB satoshis.
+- Unit: Qt collateral estimate matches consensus tier ratios for all tiers including 5–8.
+- Unit: `CDigiDollarAddress` rejects testnet address on mainnet and vice versa.
+- Functional: `importdigidollaraddress` returns explicit unsupported error (not false success).
+
+### P1.2 — Oracle Operator Key Security
+- Oracle operator private keys must not remain plaintext if wallet/node is encrypted.
+- Key IDs/slots cannot drift from consensus roster.
+- Define backup/rotation procedure.
+
+### P1.3 — Backward Compatibility
+- Existing non-DD DigiByte blocks/transactions remain valid.
+- No mainnet DD state before activation; rules can be finalized without preserving old mainnet DD positions.
+- Testnet reset allowed if final consensus changes require it. Recommendation: reset testnet after final V1 changes.
+- Legacy DigiDollar wallets unsupported; document in release notes and RPC errors.
+
+### P1.4 — Documentation Cleanup
+Update after code fixes: `ARCHITECTURE.md`, `DIGIDOLLAR_ARCHITECTURE.md`, `DIGIDOLLAR_ORACLE_ARCHITECTURE.md`, `DIGIDOLLAR_EXPLAINER.md`, `REPO_MAP_DIGIDOLLAR.md`, release notes for next RC.
+
+---
+
+## 5. Decisions Locked
+
+| # | Decision |
+|---|---------|
+| 1 | **DD burn enforcement:** locked. Collateral unlock requires burning DD. |
+| 2 | **ERR:** locked. Finish ERR; do not disable it. No DGB haircut. |
+| 3 | **No early redemptions:** locked. ERR does not bypass timelock. |
+| 4 | **ERR ratio table:** locked. Keep current 95/90/85/80% ratio tiers. |
+| 5 | **Oracle strictness:** locked. Non-DD blocks may omit oracle data; any DD-touching block requires valid MuSig2 data and fails deterministically without it. |
+| 6 | **Oracle bundle format:** locked. MuSig2 only. Remove v0x01/v0x02 production support and fallback paths. |
+| 7 | **Oracle roster:** locked. Min quorum remains 9. Active oracle set expandable beyond 17 via deterministic roster rules. |
+| 8 | **Expandable roster mechanism:** locked. Variable-length signer encoding + deterministic height/deployment-indexed roster. New oracles added by release + explicit activation. |
+| 9 | **Lock tiers:** locked. Canonical tiers only; no in-between/custom lock durations. |
+| 10 | **Legacy DigiDollar wallets:** locked. Unsupported for V1. |
+| 11 | **Watch-only DD:** locked. Read-only display/monitoring allowed; spend/sign requires private keys. |
+| 12 | **Qt mint owner key:** locked. Must derive from HD seed via shared wallet helper. Non-HD wallet fails clearly at mint time. Key persisted before broadcast. |
+| 13 | **Cross-chain DD address:** locked. `CDigiDollarAddress` must validate version byte against active chain params. Testnet addresses rejected on mainnet. |
+| 14 | **No global DD supply cap:** locked. DigiDollar total supply is theoretically unlimited. `MAX_DIGIDOLLAR` is a per-output serialization bound only. No consensus-enforced aggregate cap. The only rate limit is per-block minting. |
+
+---
+
+## 6. TDD Wave Execution Model
+
+**Rules for all agents:**
+1. Write the failing test first. Confirm it fails for the expected reason.
+2. Implement the minimum safe fix.
+3. Run targeted tests to confirm green.
+4. Commit immediately after targeted tests pass — one commit per logical fix (not one per file, not one giant dump).
+5. **Commit message standard:** Subject line (≤72 chars) states what was broken and what was fixed in plain English. No ticket jargon, no vague "fix bug" messages. Body optional — only add it if the why isn't obvious from the subject. Examples:
+   - `digidollar: collateral spend could bypass DD burn check — add consensus-level vault detector`
+   - `digidollar/err: ERR validation returned incomplete for valid redemption — wire integer burn calc`
+   - `digidollar/health: stale cached health could allow mint under DCA — fail closed when data missing`
+6. At end of each wave: run **all unit tests** (`make check`), **all functional tests** (`test/functional/test_runner.py`), **all fuzz tests**. These are the regression gate — no exceptions.
+7. Wave does not close until: full test gate is green AND working tree is clean (all changes committed, no pending diffs).
+8. Never touch a file owned by a sibling agent in the same wave.
+9. Local commits only. No pushing.
+
+---
+
+### Pre-Wave — Verify Clean Baseline (1 agent, sequential)
+
+**Goal:** Confirm the Red Hornet team's commits are all present and the full test suite passes before Wave 1 begins. No new features, no new files, no commit work.
+
+**Agent 1 tasks:**
+- Read `reports/red_hornet_ledger.md` — confirm every "fixed" RH ID has a corresponding commit in git log
+- Run full unit + functional + fuzz suite: `make check && test/functional/test_runner.py --jobs=4`
+- Confirm clean working tree (no uncommitted diffs)
+- Report any missing RH fixes or test failures before Wave 1 begins
+
+**File scope:** Read-only git history verification + test runner only.
+
+**Gate:** Full unit + functional + fuzz suite passes cleanly. All Section 2 RH IDs confirmed committed.
+
+---
+
+### Wave 1 — TDD Red Phase: Write All Failing Tests (3 agents, parallel)
+
+**Goal:** Write all failing tests for the P0 blockers before touching any production code. Zero production code changes in this wave. All agents write to different test files/directories.
+
+**Agent A — Burn + Tiers + Address** (test files only, no conflicts with B/C)
+- Write failing unit tests for P0.1 (DD burn enforcement, partial burn, no-DD-input collateral spend)
+- Write failing unit tests for P0.4 (lock tier boundary above/below, canonical tier acceptance)
+- Write failing unit tests for TR-RH-006 (mainnet rejects testnet DD address, regtest rejects mainnet address)
+- Target files: `src/test/digidollar_burn_enforcement_tests.cpp` (new), `src/test/digidollar_locktier_tests.cpp` (new/modify), `src/test/digidollar_address_tests.cpp` (new/modify)
+
+**Agent B — Oracle** (test files only, no conflicts with A/C)
+- Write failing unit tests for P0.5 (v0x01/v0x02 rejection, non-DD block without oracle, DD block requires oracle, malformed/stale/wrong-domain rejection)
+- Write failing unit tests for expandable roster (>17 operators, pre/post activation)
+- Target files: `src/test/digidollar_oracle_musig2_tests.cpp` (new), `src/test/digidollar_oracle_roster_tests.cpp` (new or modify existing)
+
+**Agent C — ERR + Health + Volatility + Wallet + RPC** (test files only, no conflicts with A/B)
+- Write failing unit tests for P0.2 (ERR: extra burn success/fail, ERR before timelock, normal while ERR active)
+- Write failing unit tests for P0.3 (stale health rejection, missing-price fail-closed, DCA/ERR/RPC health agreement)
+- Write failing unit tests for P0.7 (Qt mint derives HD key, persists before broadcast, non-HD wallet fails clearly)
+- Write failing unit tests for P0.8 (volatility threshold candidate rejection, no state poison)
+- Write failing unit tests for TR-RH-003/004 (listdigidollarpositions DD-cent filter, Qt stale tier ratios)
+- Target files: `src/test/digidollar_err_tests.cpp` (new/modify), `src/test/digidollar_health_dca_tests.cpp` (new), `src/test/digidollar_volatility_tests.cpp` (new/modify), `src/test/digidollar_wallet_hd_tests.cpp` (new), `src/test/digidollar_rpc_unit_tests.cpp` (new/modify)
+
+**Gate after Wave 1:**
+- `make check` passes — zero pre-existing test regressions
+- New tests compile and fail for the correct expected reason (not compile error, not wrong-failure message)
+- All new test files committed; working tree clean
+- Commit messages explain what each test is covering and why it must fail at this stage
+
+---
+
+### Wave 2 — Script / Oracle / Lock Layer (3 agents, parallel)
+
+**Goal:** Fix the foundational script, oracle, and lock-tier layers. Each agent owns separate file domains.
+
+**Agent A — Script/Burn** (`src/script/`, `src/digidollar/scripts.cpp` only)
+- Implement DD burn enforcement (P0.1)
+- Add consensus-level detector for DD collateral vault spends
+- Fix normal + ERR Taproot leaf ABI to match `OP_DIGIDOLLAR` / `OP_DDVERIFY` semantics
+- Files: `src/script/interpreter.cpp`, `src/script/script.h`, `src/digidollar/scripts.cpp`
+
+**Agent B — Oracle Core** (`src/oracle/`, `src/primitives/oracle*`, `src/kernel/chainparams.cpp`, `src/consensus/params.h`)
+- Remove v0x01/v0x02 oracle bundle acceptance, mining, and fallback paths
+- Gate DD oracle behavior to DigiDollar deployment predicate (not stale phase heights)
+- Implement expandable roster: variable-length signer encoding, deterministic activation rules
+- Implement MuSig2 domain separation (network/genesis/deployment, epoch/height, price, timestamp, message type)
+- Implement signer liveness / deterministic reselection rules
+- Files: `src/oracle/*`, `src/primitives/oracle*`, `src/kernel/chainparams.cpp`, `src/consensus/params.h`
+
+**Agent C — Lock Tiers + Volatility + Address Routing** (`src/consensus/digidollar.cpp/h`, specific validation.cpp sections, `src/digidollar/address.cpp`)
+- Canonicalize lock tiers: reject all non-canonical durations (P0.4)
+- Fix volatility candidate precheck: non-mutating freeze check before state mutation (P0.8)
+- Fix `CDigiDollarAddress` network routing: validate version byte against active chain params, reject cross-chain addresses (TR-RH-006)
+- Rename `AlertThresholds::MAX_DD_SUPPLY` → `AlertThresholds::ALERT_DD_SUPPLY` in `health.h` and all callers — clarify it is a monitoring alert threshold, not a supply cap (P0.6 docs-only resolution)
+- Files: `src/consensus/digidollar.cpp`, `src/consensus/digidollar.h`, `src/digidollar/txbuilder.cpp` (lock-tier input validation only), `src/digidollar/address.cpp` or equivalent, `src/digidollar/health.h`, `src/digidollar/health.cpp` (rename only)
+- validation.cpp scope: lock-tier validation section, volatility section only — do not touch mint/redemption/ERR sections; no supply cap check needed (no global cap)
+
+**Gate after Wave 2:**
+- All Wave 1 failing tests now pass (burn, lock tiers, address routing, oracle, alert rename)
+- `make check` — zero unit test regressions vs Wave 1 baseline
+- `test/functional/test_runner.py` — zero functional test regressions
+- Fuzz suite — zero new crashes or errors
+- All changes committed in clean, logical commits; working tree clean
+- Each commit subject line explains what was broken and what was fixed
+
+---
+
+### Wave 3 — Health / ERR Core (3 agents, parallel)
+
+**Goal:** Replace doubles with integer math, implement canonical health, finish ERR consensus. Each agent owns distinct files.
+
+**Agent A — Canonical Health + DCA Math** (`src/digidollar/health.cpp/h`, `src/consensus/dca.cpp`)
+- Implement one canonical health calculation for consensus (P0.3)
+- Replace DCA consensus doubles with integer basis points
+- Conservative rounding up for collateral requirements
+- `__int128` + `MAX_MONEY` checks before casting
+- No fallback to 150% after activation when data is missing — fail closed
+- Files: `src/digidollar/health.cpp`, `src/digidollar/health.h`, `src/consensus/dca.cpp`
+
+**Agent B — ERR Consensus** (`src/consensus/err.cpp/h`)
+- Finish ERR validation logic (P0.2 part 1)
+- Replace ERR consensus doubles with integer basis points
+- Implement `ceil(originalDD * 10000 / errRatioBps)` using `__int128`
+- Gate: health `≥ 100%` = normal burn, health `< 100%` = ERR burn
+- Block new minting while ERR active
+- Files: `src/consensus/err.cpp`, `src/consensus/err.h`
+
+**Agent C — Oracle Roster + Miner Gating** (`src/oracle/musig2*`, `src/node/miner.cpp`)
+- Wire expandable roster into MuSig2 verification path
+- Enforce that miner only includes/mines valid MuSig2 bundles for DD-touching blocks
+- Non-DD blocks: no oracle bundle required
+- Files: `src/oracle/musig2*.cpp`, `src/oracle/musig2*.h`, `src/node/miner.cpp` (oracle bundle gating only)
+
+**Gate after Wave 3:**
+- Wave 1 Agent C failing tests now pass (ERR, health, DCA, volatility)
+- Oracle roster unit tests pass (expandable roster, quorum, domain separation)
+- `make check` — zero unit test regressions vs Wave 2 baseline
+- `test/functional/test_runner.py` — zero functional test regressions
+- Fuzz suite — zero new crashes or errors
+- All changes committed in clean, logical commits; working tree clean
+- Each commit subject line explains what was broken and what was fixed
+
+---
+
+### Wave 4 — Integration Wiring (3 agents, parallel)
+
+**Goal:** Wire the fixed subsystems (health, ERR, oracle) into validation, txbuilder, and RPC. Each agent owns separate call sites in shared files.
+
+**Agent A — Mint path wiring** (validation.cpp mint sections, txbuilder.cpp mint/collateral)
+- Wire canonical health + DCA into DD mint validation (P0.3 wiring)
+- Wire canonical health into txbuilder collateral requirement calculations
+- Remove all `skipOracleValidation` bypasses in mint and DCA paths
+- Ensure mint rejects without oracle data post-activation (fail closed)
+- Files: `src/digidollar/validation.cpp` (mint + DCA sections), `src/digidollar/txbuilder.cpp` (mint/collateral sections)
+
+**Agent B — Redemption/ERR wiring** (validation.cpp redemption sections, txbuilder.cpp redemption, rpc/digidollar.cpp ERR status)
+- Wire ERR into redemption validation path (P0.2 wiring)
+- Wire burn enforcement into redemption path (must call P0.1 collateral detector)
+- Update txbuilder redemption to select correct DD burn amount based on ERR state
+- RPC: report ERR state and required DD burn amount correctly
+- Files: `src/digidollar/validation.cpp` (redemption + ERR sections), `src/digidollar/txbuilder.cpp` (redemption sections), `src/rpc/digidollar.cpp` (ERR status RPCs)
+
+**Agent C — Wallet + Qt + RPC unit fixes + mempool oracle policy**
+- Move HD key helper to shared wallet code; both Qt and RPC mint derive owner key from HD seed (P0.7 / DD-RH-034)
+- Persist derived owner key to wallet DB before transaction broadcast
+- Non-HD wallet returns explicit error at mint time
+- Wire wallet normal redemption and ERR redemption with correct DD input selection (P1.1)
+- Enforce watch-only wallet cannot mint/send/redeem/sign
+- Legacy wallet path fails with explicit unsupported error
+- Fix Qt collateral ratios for tiers 5–8 to read from consensus params (TR-RH-004)
+- Fix `listdigidollarpositions min_amount` to filter in DD cents (TR-RH-003)
+- Fix `senddigidollar change_amount` unit (TR-RH-003)
+- Fix `getdigidollarbalance minconf` application (TR-RH-003)
+- Fix `listdigidollaraddresses` to list all generated DD addresses including zero-balance (TR-RH-005)
+- Confirm `importdigidollaraddress` explicit failure message is clear and release-note worthy (ARCH-RH-003)
+- Mempool oracle policy: require recent valid MuSig2 oracle quote before accepting DD txs
+- Files: `src/qt/walletmodel.cpp`, `src/wallet/` (shared HD helper), `src/rpc/digidollar.cpp` (RPC unit fixes, oracle policy), wallet DD paths, `src/validation.cpp` (mempool DD oracle gating), `src/net_processing.cpp` (mempool policy only)
+
+**Gate after Wave 4:**
+- All Wave 1 failing tests now pass across all three agent domains
+- RPC, wallet, and Qt state visibly consistent with consensus for normal redemption, ERR, watch-only, legacy wallet failure
+- `make check` — zero unit test regressions vs Wave 3 baseline
+- `test/functional/test_runner.py` — zero functional test regressions
+- Fuzz suite — zero new crashes or errors
+- All changes committed in clean, logical commits; working tree clean
+- Each commit subject line explains what was broken and what was fixed
+
+---
+
+### Wave 5 — Mempool / IBD / Reorg Consensus Parity (3 agents, parallel)
+
+**Goal:** Close all chain-split-shaped audit findings. Prove identical behavior across all validation contexts.
+
+**Agent A — Mempool/ConnectBlock parity** (validation.cpp connect path, miner.cpp)
+- Ensure `AcceptToMemoryPool` + `ConnectBlock` + miner block assembly apply identical DD consensus rules (P0.7)
+- Fix any remaining `skipOracleValidation` bypasses in post-activation paths
+- Historical validation must use oracle bundle/roster rules committed at that historical height
+- Files: `src/validation.cpp` (ConnectBlock + AcceptToMemoryPool sections), `src/node/miner.cpp` (final oracle validation check)
+
+**Agent B — IBD / reindex / reorg rollback** (validation.cpp disconnect path, net_processing.cpp)
+- Ensure reindex, IBD, and reorg rollback restore DD supply, collateral, health, oracle cache deterministically (P0.7)
+- Expanded oracle roster validates only after activation height; does not invalidate older blocks
+- Files: `src/validation.cpp` (DisconnectBlock + IBD path), `src/net_processing.cpp` (reorg chain state)
+
+**Agent C — Functional test coverage** (test/functional/ only)
+- Write/run functional test scenarios:
+  - Caught-up node accepts same DD block as IBD/reindex node
+  - Mempool + mined block validity agree on oracle, DCA, ERR, burn requirements
+  - Reorg across DD mint/transfer/redeem restores supply/collateral/health and wallet state exactly
+  - Expanded roster validates only after activation height
+- Files: `test/functional/digidollar_ibdreorg_tests.py` (new), `test/functional/digidollar_consensus_parity_tests.py` (new), existing functional tests
+
+**Gate after Wave 5:**
+- All P0.9 consensus parity scenarios covered and passing (mempool/ConnectBlock/IBD/reindex/reorg)
+- New functional tests pass: caught-up node and IBD node agree; reorg restores all DD state exactly; roster activation height enforced
+- `make check` — zero unit test regressions vs Wave 4 baseline
+- `test/functional/test_runner.py` — zero functional test regressions (full suite, not just new tests)
+- Fuzz suite — zero new crashes or errors
+- All changes committed in clean, logical commits; working tree clean
+- Each commit subject line explains what was broken and what was fixed
+
+---
+
+### Wave 6 — Final Regression Gates + Release Prep (3 agents, parallel)
+
+**Goal:** Green on everything. Then docs + RC cut.
+
+**Agent A — Full unit test suite**
+- Run `make check` (all unit tests)
+- Fix any remaining unit test failures
+- Target: zero failures
+- Files: targeted fixes only, no new features
+
+**Agent B — Full functional test suite**
+- Run full `test/functional/` suite
+- Fix any remaining functional test failures
+- Target: zero failures
+- Files: targeted fixes only, no new features
+
+**Agent C — Full fuzz suite**
+- Run all 208 registered fuzz targets per `doc/FUZZ_MARATHON_COMPLETE.md`
+- Fix any remaining fuzz failures or OOM issues (use per-target RSS config, not global)
+- Target: zero crashes/errors
+
+**After all three agents green:**
+- Update `ARCHITECTURE.md`, `DIGIDOLLAR_ARCHITECTURE.md`, `DIGIDOLLAR_ORACLE_ARCHITECTURE.md`
+- Update `DIGIDOLLAR_EXPLAINER.md`, `REPO_MAP_DIGIDOLLAR.md`
+- Remove stale claims that ERR is incomplete or disabled
+- Write release notes for next RC
+- Cut RC tag locally. Jared reviews and pushes.
+
+**Gate after Wave 6:**
+- `make check` — zero failures across all unit tests
+- `test/functional/test_runner.py` — zero failures across all functional tests
+- All 208 fuzz targets — zero crashes or errors
+- All fixes committed in clean, logical commits with clear commit messages; working tree clean except doc/release artifacts
+- Doc artifacts (updated architecture docs, release notes) committed separately from code fixes
+- RC tag created locally; Jared reviews and pushes
+
+---
+
+## 7. Wave Summary
+
+| Phase | Agents | Focus | Files Touched |
+|-------|--------|-------|---------------|
+| Pre-Wave | 1 | Verify Red Hornet team commits + full test suite baseline | Read-only — git log verification + test runner only |
+| Wave 1 | 3 (parallel) | Write all failing tests (red phase, no prod code) | `src/test/`, `test/functional/` only |
+| Wave 2 | 3 (parallel) | Script/oracle/lock layer + address routing + alert rename (no supply cap) | `src/script/*`, `src/oracle/*`, `src/primitives/oracle*`, `src/kernel/chainparams.cpp`, `src/consensus/digidollar.*`, `src/digidollar/scripts.cpp`, `src/digidollar/address.cpp`, `src/digidollar/txbuilder.cpp` (lock input only), `src/digidollar/validation.cpp` (lock/volatility sections), `src/digidollar/health.h/cpp` (alert rename only) |
+| Wave 3 | 3 (parallel) | Health/ERR core + oracle roster wiring | `src/digidollar/health.*`, `src/consensus/dca.cpp`, `src/consensus/err.*`, `src/oracle/musig2*`, `src/node/miner.cpp` (oracle gating) |
+| Wave 4 | 3 (parallel) | Integration wiring — mint path, redemption/ERR path, wallet/Qt/RPC | `src/digidollar/validation.cpp` (by section), `src/digidollar/txbuilder.cpp` (by section), `src/rpc/digidollar.cpp`, `src/qt/walletmodel.cpp`, `src/wallet/` (HD helper), `src/validation.cpp` (mempool policy), `src/net_processing.cpp` (mempool) |
+| Wave 5 | 3 (parallel) | Mempool/IBD/reorg consensus parity + functional tests | `src/validation.cpp` (connect/disconnect/IBD), `src/node/miner.cpp`, `src/net_processing.cpp`, `test/functional/` |
+| Wave 6 | 3 (parallel) | Full regression gates (unit + functional + fuzz) + docs + RC | Targeted fixes only; docs; release notes |
+
+**Total:** 7 phases (1 pre-wave + 6 waves)  
+**Sub-agent executions:** 19 (1 + 3×6)  
+**After every wave — mandatory before the next wave starts:**
+1. `make check` — zero unit test failures (no regressions)
+2. `test/functional/test_runner.py` — zero functional test failures (no regressions)
+3. Fuzz suite — zero new crashes or errors
+4. All changes committed; working tree clean
+5. Every commit subject line explains what was broken and what was fixed — plain English, ≤72 chars
+
+---
+
+## 8. Pre-Coding Checklist
+
+Before Wave 2 coding begins, the following must be confirmed:
+
+- [x] **DD-RH-119 supply cap decision:** LOCKED — Option B. No global DD supply cap. `MAX_DIGIDOLLAR` is per-output bound only. Docs updated. No consensus change.
+- [ ] **Pre-Wave complete:** Red Hornet team commits verified in git log, full test suite passes clean.
+- [ ] **Wave 1 complete:** all failing tests written, existing suite still green.
+
+---
+
+## 9. MVP Summary
+
+**7 phases, 19 sub-agent executions, mandatory full-suite test gate after every wave.**
+
+DigiDollar V1 ships when:
+- All Red Hornet fixes committed by the Red Hornet team, verified by Pre-Wave baseline check
+- Collateral spends cannot bypass DD burn (P0.1)
+- ERR is fully implemented with integer math and no DGB haircut (P0.2 + P0.3)
+- DCA/ERR health uses one canonical oracle-backed source (P0.3)
+- Lock tiers are canonical only (P0.4)
+- Oracle handling is MuSig2-only with expandable roster, DD-touching blocks require oracle data (P0.5)
+- No global DD supply cap enforced in consensus; `MAX_DIGIDOLLAR` is per-output bound only; all supply-cap language removed from docs (P0.6)
+- Qt mint owner keys derived from HD seed, persisted before broadcast (P0.7)
+- Volatility precheck is non-mutating (P0.8)
+- All validation contexts (mempool/IBD/reorg) are provably identical (P0.9)
+- Wallet/RPC/Qt state is consistent with consensus including ERR, watch-only, legacy, and unit/filter correctness (P1.1)
+- Cross-chain DD addresses rejected at validation (TR-RH-006)
+- Full unit + functional + fuzz gate green, clean working tree, docs updated, RC cut for Jared review

From 5cefdcd414e14c6a89a619b63ce66541632a8164 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:08:46 -0600
Subject: [PATCH 13/22] release: bump version to v9.26.0-rc34, update wallet
 branding image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

configure.ac: _CLIENT_VERSION_RC 33 → 34
digibyte_wallet.png: version text updated to v9.26.0-rc34 DigiDollar
---
 configure.ac                         |   2 +-
 src/qt/res/icons/digibyte_wallet.png | Bin 18894 -> 18998 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index db4ecd15c6..4fe3619924 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.69])
 define(_CLIENT_VERSION_MAJOR, 9)
 define(_CLIENT_VERSION_MINOR, 26)
 define(_CLIENT_VERSION_BUILD, 0)
-define(_CLIENT_VERSION_RC, 33)
+define(_CLIENT_VERSION_RC, 34)
 define(_CLIENT_VERSION_IS_RELEASE, false)
 define(_COPYRIGHT_YEAR, 2026)
 define(_COPYRIGHT_HOLDERS,[The %s developers])
diff --git a/src/qt/res/icons/digibyte_wallet.png b/src/qt/res/icons/digibyte_wallet.png
index 3acd8b0de61949f166a5a2cbfbf228d3bf5e4c31..ffa13428f01930d9f3ef19e6cfc969235be016e8 100644
GIT binary patch
literal 18998
zcmcFqV{>F(+l_78HYT26V%xTD+qOBejR_~VIkC--{r3I*hqpg;b#>J~wfA+_UKdxC
zqPzqm93C792neE-q^L3o2&e(@cNGj2@Ea~qwg3b~>QhSem#Sy(Ri1~hs@l`vJ`eK+
z7*g0CS~<~ZGE?E^AR3z+5_c=`w$|Ef2fZyZ4XxF!<*j8kHVmc9PNs=yJq*YoS>d#8
znNum6vn-E*fbQ|ssT?nr?L?59_g9GItoLjFtnplr>p$gzQU8A*DRR*tEg*5><M(!#
zHc3HU>(bK4O8VFO%X4H|nVGrWxgQhHdtz1ua%b^kPeOCxv_65S2&PN#(zPCDh>jTC
zPy}L*7;E4)B27eMHPp0L{PlS%&L94`=;$daVJR}N^66Ml3>OKhgNe>G!TLhfXzxBm
zLJde^Vlchn{sUIb3cKD^R8-WU)V+Yb)E#Is-Pl882y9R-L<S{}V9LL~7)N~4ivh=j
z+slXyDN#{U<Of5ly(#H#;++l>&eU@~MZ@z&5aaKf3=YYw-zVW%BSS+aPLBIDJJ48M
z#p}GvY90Gv@)ZC4Y=znI&+?}qf^_h;ae$i(FTSI1aDucjO!|)4RVS$}8fJxwG8BmZ
zU|)3Zv$8ajm6eSbjMI3P*IdUp@&fC?ZQyL-h81bTICPP1o`odE*Cqfy<v`>>r57Fk
zs_<vfAunFBZ<Gn9vV2j<CpZ;+X;By}E2|VkoW!3vM%#qxPqN4yeC<>yb4n~PW)&A~
z&K45j!J~@z(ryl4Iis@$K=!ScOrg=2sXw5W(?`8}zJvaEnjud-^;h``L1eLRxZK4;
z=O6mgC_jI75tN@rv#|2~vBWv@8I5*bu>Jy#wPC@Prx6uUKSI)<)Z3X$&dkij8NAc*
zwZ<5X5Sl&cbtjZ&R3(7&pj=W7>4Mwj*sX)A4CH{cl`@o5@3W;%%!X_`ghI#V4#!Bz
zOuu&*fip5THbxi)8exn$2BqF{bKi}UU;{ZKrtlI)l|cEs{wD%kctu^RtE3I+8DpUo
z{Fo(p7Gb|L0r?&UyQTIg2s2_Ow|`7Fa2wNiO1&O6lGL?N9ElzjzO{f5#co7tccF34
zib~l_Z!COM_rS}U#4T91jgSTkcR9^CGI3UZ3%lRgY(OI-L}~OM!0{QW2~a25hexBW
zb>ThL1V=A~GNPllsah_gujeCb5u*Q5#ueTc*T1HY(j6KaqF|*^f92J+05<@+LM-TN
zgL|qC;-}xcwI3|!3T<Jq^x$magH~ooZw$sKrB2S^BS%fi$;_mPAEGsgxbQV(63_6g
zp^YGXZJ;N%R!EeN6RucsEWa<bsupFq^~vQ?L1SqI;xSk<7Lb=1fGFIp;OG&#Rw)3t
zkuEgP#=*81Dk@ZcJ@@+4a%E<%l9HL7@#I&tKxou>RM6dohj9NE3=d&(^j?RJ;f6w0
zYxNQyn^|$;a+c$9DO4BvkWZ>@ZyvJ5AH>`x;7LGns(q=kHUm?M!A1z4iPu2zdxIy)
z!(~@b8>oI|-0waFk;KAjptCz2$Ff_p0dWaolncC0f*4}Hpd~~68b?N&-;e~G1bw>H
zU}w`sqh{6}*{nYk7Qgt4sn~%iB{E6985-!7Gy|Puxc>9>1$H5z(L62BAx{irfxu29
zulX~U{e&1w*3{TI8Dw9h_xaFcm=O!i?jU<q4<5f)9eGLKEW0(Lxt?nPn;~e!X?=%P
zhz=bcJtRuub-RZl#?(W=QC#;v6?5=BVOiA>T~azEU!y9*`A!M^1Fqb!7gQO@H8_&K
z?;EDi7em#aGHt)UWL56oR8&Ce1%t0*_VZ|AJtOX7HgHJNfK(VXROd_GK?G43WApfF
zWAyL6yexnVjnl8b(>RjewVe^`Vna3^mYEv}Uo@UZKN4!Jb<}Q@)rl^6!$*Qdb4hDW
z_v1n4f{Icm6LAC!kN%YKap1|&xaQw|3F~AHapx$H)!M%xbg+heUumW8ndUrHe;(0e
zGB|Uqxb$%;0#BBL6SWOUlcgpa?qc6j?QT@;##I02YU3TE!@{^jLeh{S9|qz!D(*D(
zCiKGwWfSAx+Gq7|xPx);N9xI6C=MuI_w}Hc7^QvS6&;d4w2z3uE>%kJhB_r!lpfYG
zdVP0#W0C_o{Rz>D824x$r8;A=9@rs5D{no*Y!5D_*C2_HwV_^?zae>%4n{86uy7e0
zzjhj`qi&L9<Ft;<)uKtY7p42k3n&1;6P2wd*nqD4XRaEO^w5F8`;_o_o|bBR=76<Z
zISL+=qh#g>G9)6z{~Y^)rIT{u+4|fVjv|N7(SPRgH!m<C<QLZ%w$rh|wor1GsF3Nz
zbN&ZW$FMZm&hD6_#^6GhqCUZ6>1Ym--o|2Qn7g@_mly|RwO=b$jXJ!@+cON$>haY(
z&3eJ#9W71LXZf+n)*oi%(t`O7EnJa7O8ROcVQ`!2#uR+qO<p#-Tq&$!wUWxm;5{Po
zsQX9&=j~`OMDi?6Zk$SASkq7f6`QlaQ(t1g5){VzAh`L@Il>&lBa)<H2bw_3{S=m5
zGCdo`eoWYTL7Lju`mE0Ikz&-N1kYLsh-Jjrip2l19>5UDF#!2{g#Bny$L@NSZP)d*
zXm-jUK6xhAX|zm$!@@LDHvzyM!SXMB-TS!>b7AmHpXkvIt-%wCq`8Y|a8Dbe8@xMY
zkw|Rbf>x601p`<7uId6;H<U-5pw3<L$Yp?5A0);W8ltz)V^%>d5;^cPbG5#jf8Wtg
z1c23ci0yTio1A&VCpItWn4{^)F(zZ2?f1;qx;zW}x8axH0G+;A5`#hW^85W-4igez
zfz6{+#hAJhn2lh}<2iyYKtVhj2)%R<5T1d+tZXpyKrJCs^mL@Cmx-vlc}b|V_>}9g
zMmP(a;BwHOePT1$pG{<^^M|qckrH=M3%LC$9n}GQ`5$u|e@Dhlt&BeQ<7FoV6JR0R
z@BZ$;!~}~)^&VA^QJYkOINA1T$2>#)Qpob}afIx8uEg@KKA!G4H}+Y(V;6W?Vfi=E
z6u@|Sj#2!ru^lw{_(T33Y49i-qx9GwJO+1l9@^+N3Kp_BEB!vG7hwRkf9C~Hx}A|#
zxTC|<&;(8`;%0%6I&1pSsDBF@;$UAUbE$;T{*HA_Ag(DTTHB(VD{=<rAFdR2G@SgX
zv5YWi=;q(akZpl&<FIyL>O+HIL!pO7Y0Y;Y8tM@*d2?}e`xiCOL5r0D-&U*Zj%%`H
z+oH$ex}J!a^YSC{sPfsen<Y+}`4osIP-L?b5LT*RDe$4WL4$7TbqK+_TmMR4?25Sy
zYj}N`-Yl3UB$e}#yj?$%nIyw0g&7L5(KEu@4e`JtE?gBtA}oaB#hh8^5L>UM2<y2*
zEqU#s@7^=b8MQ$r@ElC#{lpF21gt8HzVl@gQdv)I3g+3xN2UD_4sMiE4=h1Cs*OZy
z(%W!Gdt?siq4DU^0nDPGBoxtQe~b4bU|<R01jPjgT5`W}DOGhfk3jQK%`^`&yLk;A
z=GX^#(?vO_(<c7F=J2^+lXd62fIARSYk|RBxo4&Z5W$HQ=QoytapLOqvoLaGZ8p!s
zRFfPS?KAG_#ZRu-9{mPA*P61r(q1^3x`iGl_WNo!Y7(33<(T`@wcO@er&n>(A%Y}g
z*QMeQb<@oi3nBaUO`;Hak_a$>@G#Os`WeN}Wj@-u*PY%K23yC4x><R5Nl*fyP=WqH
zdzdn{DyrDM4xL=BNCbm>(EVZXLv=~~w5zb#P+yjM&gSITJb+si?(mp?_TaH^vw&qd
zhsOPie<)k7OS9RDI;_vuX!|*gfG%#F1BK^o+GsaaQ@3JN(%Iv92i%Q82;9riiM`6!
zCy>fWoDlRp8IqwQPkEr=)@Bi|{L^p^^#F@wG(8pEG}uk>Iy+C6xS>|*jRlm7@gi2|
zEF{ddWHU~=EAA}hDU3jn^xHW!6We@5PV-0&G@&C*2(=c)86tRe&IXn0P!ixQ7`@*v
z$$$>eEJ`OBN=QBwcX;IMn@a&Fv;oL#IGoDFxS98>n(QaJwD35%!X_TD=D({Vb+_FJ
zj<?fc+5hMT>DYo3>|9|xxuBeS^`_nMxVR!RDXhV9$NX!h)OD7lY=R5zq+S&hPIti=
zs?iP7zTX0^o#(+kNmltJ9Qs0z;*u_f!XAzRZh+5e@H=bW0l$H9|8C%S`($Rn&7TVn
zA_M4;NOD2^AwQ!!jf%E#4cAdZv74WJAj&iROusEr2CfWy$jkn<F%FE`9m@0(y9m?i
zGyX@z&`;*4f493I-dTO$>;zQw-!n_;Iq|yY+9>CW1U1Rv_nt_v4?XD&Xh+UHiDPK~
z0mSBto8QvF3fS!D6*N;;L2F%Coi%JuS`-*M5Gq6Mp-94nBXTQcv64=P6m(Yz#c<)8
z1cjd<=b<d)ts66nweL$MSIA5S2HwcMKFRM@<fe!tC>S3=8sW?R<mU!W;B<nV<ubEu
z8flvcnCn(G6`A%Pzo36QZ-*|~&{J)4U)6^ZvK8%Wz?62){7h?^%^Ei?+8rx^`JJIa
zAs*hB&W57mgkkxU5_`Ah;yswKE?v@z70U}&`3ZcU;PKNQE)@*=m%T{zADFL;oBg?$
z`wTFNe)YnX>jBU{aaM-$nDTRV5H3B=Ok{)CI8ql5^X)fN(1f4QywK4JI9yhjm7_e|
zS79TtXu+^DKI9D5gUHD$j>qAGw{95Su*$QFG{aWN@iuN9$$?v;D%;8RS>~$=zlh#d
zpxRP>gf_u)tN8>nIV8X047JA&Q6j1Z3ri_|CG!olKWBlC%auR)@W!YvH)PS@Z_Gl%
z-;lEF0;<sFv~?J#>}U#5^XvlQv<U6EE&{!hK+g?ctqWNao+su^ym(pfJyK7(Fw}S}
z8Cpv0^(o?TKz)QP)c6w#;7!J?s16En%6$q5nLD*F%oma<_XKTY{vmr;MnQcy@NJbx
zo$I^le-&2q3MkkH=NDOP<Q@SN?~I<p33bcOCm}IEpCu=E`fcN3iV4tus4<VpM16Wq
z>Z3Rq3&7Di$5LqRa3N2Wh|!1nLaZ6t<JEBq6}sVYIcT%gu}*F@s>g8FUOQ>-;)N;q
zG=e9Le_5zA6XgrrwL}Q0S%~W0|BSSH(pbKmXvQh_1l>lg^dziv=hpoeL6s5OmUK-c
zT@>n$E#5_KVQvxq2Cbn{)9J+@3h^+&<=nV5EjDv!@AW=F-t?Y^9FfJje<!s!1Naty
z1-3eMBnxfVv7h_ox_@H)!VQ`PZDI7Pte%RNvgf2eY(BvDpy)CNjl_nf8$f5bFjSEa
zA?oq*r%Tou)Te#XWmog{?I#&nt`5{|X@>6dIL}NB;PJkuAti>DJWWi}G$MQ0+Z_sK
zEyPdg&RWub<j+mrK^~&{<RJeI^%8Q-jt-~?RR`4=`7?qsg3$)|QOMs-6UU|}D8(W+
zi9nC}ugZ(vKfvLVGDJZ&ImNd7ZWVgXqaoD+yEZytK#$3?+)gyCh(ipw4-5@kn{sGb
zva<X~xdgY4;1;Sf6n*+#3}5h^3w8JK<W}{Mf~*Etm;nIn2(2Dw|0>WSSj-(rP1{3c
zVSX7`er9Wx%*cr|nJDa~$v)g$(yXCKL+?tX^pW}6-u8`6eo{EfVQdu>leVValwj5>
zS$~zexM8wHXFwC)jq!;|jEtemk}DjH2(o_5mw4uR<{(v5n7AM#tM-m6Gl`6yI_H*#
z^7CGI(Rdyg&Hu2$JC@y}7%^`J%+n{#Uo=7gYZjd0rIdIQdi`aIR_dP^OO`aDk#yiH
zKt-uayo~&r)zS?vU8^4~&Po{XNBmGR%n8+loYY|1#ZPtg{0p@JRI8IsJVtb5n)CsK
z=H1eR;f24;M2vT7li*9)i9=bR@Fnq?nD9`CBpBJeB(-yu-jd#+^r@f%THPr92(`>>
zhKh=z2WH3&6$T&nNHcBMn;IQ(!=iZSjbaCuR<9T?;RjCp4@qrgsQ!uP-j!<8x02K)
zufmi=#$uwlo%OiAen{|NzS<n)gspP_?F%+i|JuM4%#j8!Sod^|QCg=9El07?>1X2%
zVx0pCB*tkdiBv|}tb*E$L1Dcoec(5#R@`5xCa%b8SXryuSyJf*0a)*c{Exbh$K<>r
z{A@RZ?4@|&5e)2F3C762-6=0=b|h^$F^xD&tzMw_hvv~fnLzIG*9S4`!ML?aAnz&;
zFmEL~R4RmGSeDd^E5sY`E}Z&%2YKS@yI+J^zuQMchD^Fjwp9r;DTxw5mdl3O)RZ5f
zAX<>qvl__Q6wxQ>^elz0jfL#7#gf{`{XN+^?NnxY^9k9B6elDBITr*gGh@2`7x9j<
zE=X=0F?1Fr>H0Q8S76{>NNpR|+jPGvCW)6HMl3RfbC@6T6vbcaj+XQJ6Z9I~Kv>H1
zh~6^>*$3JK-;o`OKW41TQs?ZgD;5XkRq`39%*u4$D?${_L3{S(zjB1A+{+yMnymEI
zOQ1w9Pmtap!q-=l0oomYVB$fjl!p{i4LkM>lc&2cJ~odRMLD}S)`ui|dae^~7N@XS
z`TEK41__s02=!z$Y$h>_De~@vjwbIGiW1uk_;{hN`UzILQQS9UET<TRQHlMaKh^>|
z=~j+w;3&T)Xq#ro?Gl_qg(2nuZxD32RVYDyxKmW%NpZ69H5T{Fe?t;YdJ}J+5STRu
z&&ecwO0o0o15+B9nZ-YxP^MfAZMXjYlBx9-<-Utm1(e;x+F@ex4{u(rnVM@F-#5a&
zL|#D@uiQp%zkO+3#S38C#SzuogbR)?u;w-Rcw3emR)k{URu_%NAViL(DX?M+f&9hW
zVmAW}?>o#rnYQ@w4NTt4CZXA14Q@sS=f55kw|F{jmL?Qb4h%MtIhNU7g+ruGq3zUp
zl)eub%c1R}ZnU!Ex_DiG(u3@i15Nokt6F_YnFraPqVLjt{6ySy$#!Pk>1Q@K_)m{n
zWOgB)w8pjF{)a@(4+*+&qeEyt5js{{j4f08q8DI}FU+UxC1kM`k(FId$a$)#5s&=t
zTS6LJh*#W-_hn05ZFO_<b!%~{fGZ?FMi05e+U1a?@H&B`i$uw)sYXh}uPlC+#5Q;=
zL(%m_Wc<2b>&w{}IGP`jGOv+0nkwN?+#Iy$#NXvc!80!I7B^zSgJ<lM5biy}kC#zb
zLF28n3)iv<@rc`A!Gp$c(*P&q?08w#b<T;x+gOZepU{%+BouQiGa-1tkQiMUF^ZiF
z&gMHlp=givx!xsF+2V)uaQa`VOq2}#NP)U~<0#O*l#8~su1f^9%E1lbi!V0eI`F3$
zf;h1}1<~XALp8DetOidDhFqxD6HOACU&y|2?2#niH?DjrD>Q~D-B+{+bY7>Ia^rXJ
zp{a=Uc$Z7S{v>h6{Ud%rNx+R`<7tvfBMh&H?R0ppllv<zAI!2@BEj(uO{O|G+}rLD
zPQ=%L>2sL;M`8GIWf;d9(SSb<$RVHXRhNMYBEO9z`XUs>3N_Aa5T>W-NvB@wkNG;-
zYW#D|f$5@fUA<D)?TB4|^Jm01&1kkdu=UVC&X|SE!xZRJ3J@uCE-5hoLKG)71eatN
zzACb#yQvS9NOJp}(8pWfboR%1T}9iPl|3YRnb@4b9YdZ}jF@YFub-Fu-h7tQwqnjN
ztJN}vnC!ue<w;{?5FI4*6`1cq&(1gNNQfNUuF~=OAHgej6Rtlk5T7JqoCN-wXlFY!
z4@LMkia#v0+x&f;T_pD_(hxf+JKx9N6BlMX+1%|9QqQ8xcy)G!ne{4cUMSitaqgdf
zE<%s#yvT-mR3qWV2L|(32jG8LE`&&{9-+!Ly<)-|+>6K@d_#vut=zg>i65*}9dr!N
zs+xlJ$ov^1rlheT*XL2E*nZKdJfkWFL+AoZI!@+GE~&OB+)Kv%MKnCVu@MCvbu|8J
zZW#O|gQzhVzglf$e+kOFnIr;DPU*$gX{7JWB=2)8M}GXETa<C9CDyc2`6_F6_INs6
zqb*D~cT3xU3oq~Es8ie+c9mpggOic6kJQ%kS=k!;Tw4VQ+wQ$6$M*T?VM89kfJ6IP
za&ZFb*wGmz&z*l*8!3#VhUWG{fvWCsg}4mBY=UN+$V?sVLP(?2XJgN1X{eV6r9hO9
zPgQF0ZZ^uJ?tPQGdR!@zdzsaxNY${W))bSoa$Hb_IBnU9N{kBYNsQLl@%$7?goW%A
z9(#8aUp8K*fg_gkW^&e7^sYN+f+haToQd6p)Ff2z_h??W9^$}jeXo!=MqXLlQahn{
z`l|5AFiycExmuU({40}Vz<_ZrV$cmcG=?_gCM5&^Us1jFS%iimmJHCc=Sbr?J4P(C
zZ=(s-6B=keX)697=k^i<pB}n1%?YAtZ@5#{4gvjs0SE><6v`#34Ek+B_{@tA;nkx>
zXd%({8W`1QJKk!b;H)EnWkJhovHG}}!DZq@zEiJ7ih8SXz0x0Du$3wK^gkHp&P!~B
z!kJ0pbBkYZhX(p3kA(AV3|4<GE#2HIAsV-h_<|`FYKThg+|Z_7xaps(?R5!CQeHk<
z{}An<v%#;djh=dotr3whT7xqKZF2H^G0<ZInOu)N1{12h9r`g_-=}g%(4plmdL>L_
z^K)X=7}d#a1d-S`K4?K`{%gPEgj>~nX@il+zT`L7h80>G$2R|UBy_87@l2cE)L<6+
zTgauOUc~w?i;P8U-db|&XT;k$)cV<<H))tq@xA=<g@OEFi$Q}(e3^xsLW$-3j9W2d
ziUKydV)oI{5BPpGrd$U?V8K2-PbY4sgYpt5$UQO*J7x*C7GM4pyA7=}*7*1}NsGuQ
zJrDVG*js#CTo0x0nw5m=V2ZUwAzR{A{A|Z%Rmdz@XJ51*SbHj0iI9ZTwK8!nHzL<2
z!mQgi4y5o;C5~2qEn~I+cQ!@x<S9&BCwz)ApCsKd>@_=KYhBGG1OuI<mRKdGX@A`6
z5)5x#@%1-mz<`L1AG@f}&&fvhc3tK6H?=zNX0`$A<K`}gxX0@>Np^V857kN;zZjnG
zWgi89jZJ{xfCcGw>G^3*!~JPQb{KmMaWu{R2%qjBrGVJj8j~PxO$J{(4Kaua^btwD
ziY)zGACjZtA7z7WKK9GB*oA{r$bIaRXla~`&HMSqe;tqTLogXlxgteg&xu=tPy$SY
zWf-%WEWuia^tL#wQZ2`C9K+9{NJr0)HEc>x;u&p`rG2(q8PiuYGrxZ-6DZHhdxAvi
zKjl5iL6gzC{Yi2E3}NJnphq|Da1?-y`H-(YJ?_(2rsJH4rL7-g94%}gOx*YAgw{w>
z<yaK$j#$jcJ`zLqeHlKIO>cJPOHM6+f}-?&>k3o)yH9fnA2ofz4jWKjs}S~U!w8(a
z$4`c-kLF2T|G%08(04&ei^@U=JicDO-^#)NrlLBMF`v4qoS;v(R{1=r79`0x(T;bA
z9q?RmVPtD+5gUgjSrVQ~BGx7rjZ_FBA~cvoKQzp<X-$jVO}}LfZzzl$*nLuFi>88c
zW?H;#euxlLTxQ6OTT<u#-DwP@R8eP6(vGO#!D`%aaEVO_qzkA`94rw(yKWQ}=umAD
zj|RDQdy@9a8I1V{^kNIc@nlqNrJ)v*L0d#8m|!}|#=*q*S~6A(#z%@M<@&L<=+*2p
zj|jQq=gAv1jlUo8>>l&yD;aBbhU%Jy9&wo&G%XTEiL8x1XBng~F&k|s@=h`5qwrsK
za-ZhHdJm*#5e<SE<cDl?dHS6~-(YdkV$}H9L?@iY(^?SwovZAU%%;VZml+bJL(NQw
z{I_{+EA@&i$hYB5nbnwJlhJC%AN@9xM%?3t#!w~Cy7sgwXo5i!0^hDew4<^A3d>nP
z5VM4w^9;!(Pfv6tHEIae)Ku-|{Sm~YLCwuT4+vcuHDHRW!4>+^VFIJ0a<kv~8@n72
z85+fzVn#O)3BFUu^XfqtB*zXu3Q%iBnOYH%!aE`7dvT^sAZZ#FzHbD{k&fy%4%#WI
zx;#bvsyH+c^F`CzNL(jbW|@mxGr0Ebi+Gg~{xi3waA~B_7cp8eF6DxWP;x_Ei`C$J
zr#@ZL`6bf{40JVN4&G|{L@&ev24rc-c`&t+cIOTf8|3a?{|D*~XpgW)3V_8*%!Z<|
z^aKp(*NOWT8l`d3#+9d?W0mzo^cDUn`WpkU7t)aILN&AxAG(C-4?DXdA8wc8$NQ=!
zids;z8bz$XNXqO6NZw0UJK$tZ@(W2Mha&6Hf9SAG5p*WkM~q(OJJtFcZMn^TU*f(B
zX)Jd-c{C7XW<j(%jmcx+;%FCfg=D#=aMJ4UCWPW_Fw=E&dD?fEV4ABEx{l=^bfJqD
zTzWJ|L6h1r{=x4%Z7E^BI!up-iQRC}lX6`2{YnsMV1=B!h{EPiE`^z-<aQac!a{(H
zp;W$b5?S)s4={hEheYL-<Hb-Gz-<ys70ZIL?1cR-;w!Ch?<l46U7EOpz5w8FmhlNk
zJV(EO-0&dY?J9_~34ma+U%Ksx>Hqc<zvYP~9onZ$CVT5cY|YI_m3xT}L`MC<lUcCh
zcDbgg@1x(Ze$+z(QtsE`<A!8yDROW-C}V&rV<d5+GXZT@9;!Di?xkq-?$Y*unJ<Ea
z)EEl?QB{I&gg%_h;U&aZ7#WjkwjYVtXJ4FE`k1eI8jQ^0U3U?74g_9AMv>Mp==TlM
zg1qc5JdR+pXwhhr_@E{Fkx;~<649#)jaaL6T;vpc!l1}H5fKn}!M7E~zN%p|9KrMC
zj^nj98^Q0_g+!Wk!&Dr1i?<01935+Di0^1Xl`};|;ywzN6O6|+RvB_EKg96f#L^7N
zy+{;`uB04KZyvBflA^W(Z)6pRF)sO(sNOuEQ|0sA#E|^zw)Tf2z#?1kK#{tVr-=7>
zh14{1e@2>B_-Ax5B)ob_LvTygS*-G>J{-NUcH%%){4Ww35oZYQShAG^tm@w`jG-xN
z^&eCuLm{lMUKa-~#87o+0}HyLX57L4lK;R+o0epGk6;?WhoB5Gug?qIL}qfI3LHD$
z$c7*DSFEuM)uSedJR)^tI_cMA3Sq{*6KxWkP>i(VRWAIHL|J-w!5EAHEv=f*JeMo=
z9!WIHD#>d-j=a;&zhe@sMU*J?!sU%6lAP530TX80nG>pEj!|$0g_E>@1^5(7{0mJ+
zk@}TE-je#J*`M=6Fs{jaW3%9>_V7J1(Iw5oZ<z{MREIl}D0`oGw@C6``d3@xkr<ne
zO|VuR%SkjE{I)R9^A$PH+QnRvv8GFyC&M+KpuJix3yQ-z%M5uZL~*rsqJ%jfm&336
zn%GLdnkL*hSWR~&teoZqbv}W&y)v{ne6N@{$?T}YT?07@9I6z<*C%$0p{AVSJrP);
zlyAtH96_XssE)ICcjhg_#}jbFi^$uuzz)WK_Q74>RD7R}7`JVs=uxDK!fRCz0=daT
z^op$OC-{RkVdOUpBiFB)5Ak4NtYh?<eEW4$OtW8>@<oL~%E=%lq4c|@&<@e!_37$g
z)~^$B1OJZr{RI<Xxwp~?@Nn&q_q<IcMW$itKV>jE8U=V<L5%@mmS+O;G`Tai%}9|}
zr4t278R;7uu(_Zmm7fl<F#n!eKPBVDE4%Qa^fIE_{uUQKyRj;fb^JuK1T$uLM8SZM
zWP;%#XoZsKU~CCaEY7k|I3c+x84%b0r!?{V!*CsM29W0}<GW|(5YYLzf$T_bLD}<S
z7`jo*MBy-588C)%0M`&PgcbrwTUaAG9f{30|Asq1b1^{iL(SjU#rk{Y(SiT^>jrd}
zZ4jvm53P0P$|dmjh&0msJL1R);Cw<U+=7l7LmkfCS$v!N(ze#P&>}_Gu2-!>rUp&E
z7-iApD0uR8iMC4Mb>kmqqh`wgxla}@I-)WG*izXAF=j?Xn*zmf@)|<K#}^DBfBHBQ
z+-;G-2X$FcX_t$<eyEJ{r;sA+`0R`slSJ0wqxdO~HSY!J&B5_{P3$<<>?@6w_$KI$
z?=Tty<p1HhV{DV`aFBwhn8oEjz{7YJDm%f^C9Dj}1UAzef2^s!g3EWQH_xaLB>>Xq
zOI1tF(R2xE?}jd%StibVo{~X--p`$O99LAjxonVs7k2M+Q`VG>7W$?nqa|9e!c;cO
z_BV(^vgV|&_d5;Ka#2yuwv(E@;Nh*Sk_=g@+=Y)U4$9R?puPI*!$?jlZzK~_Lp@*o
z+R4u|>D{g%<1Mb|Ezn}#B-RLq{;R^=Bh!C=&_OO2qy0)W#~|<D#M(F)ulm5dBR*gq
zdL#gNlfY)*S^Jl_CnWlBR^gT$izjIHvV3HkPyF1wL+qQZwEbt@1lKk%k~qfvYoF9A
z`_cTyzIyi#llHJd`E-;`d__a4khFJ;Mjjq<t~Qe40kh;a2=943atYK>xuhB0;^ofB
zvU4RX8vvX>ID)KC=nG+=65uSrd!`=)v8&W;?6*{}<~<1!SuA&7Qx@B~-`#PX`Kol;
z*uz<!rcscEqEXPnn_j;)5%=6<sM&rPX^AHiQ>tk{Moq^4<^Y`!l5e=sG(&T(i?Wr}
z#3<Y*9_d;ltD@pc3#o)KfyKZeiYnuDjH4J@ngrOR;qsUjj5v(#Cs|&Fl$S^jOSDHB
zmV64<1Zx#!vD*y~$9feNR_lek_|4>#w}sn=XW*m|)8&98ZY_PeXSd;gb+RE=ZQR**
zVP)qi;DJ0CkxO|0=4QLzn=v`^b8@eE^z}a5&HG^$#>tw-AYe)R&jy}m^hnq`n`Q6G
z<dBf+k&o%UdQ+D=coKAoc^h;LM_VwX5*zDGNShY%Y(i(G{32E5Pp6x>pKMRo%E<=_
zHcaaVQ>7mK)4d_3PP3RC(|i&EaesH!@qiOMUlsF6#PQA{u}lmj#vxOSXrwA2*vJAo
z>|LkNtO#MhCH22)05s5~5FYx1sfat>12<G#hLQVQ&3&P$9{huCdhZAM^w!3H1vS^c
z2mg%-RSq)iPXY8Grr*J=wsED~aOo8N_W3Q}IS0si&#Y);I{`nhyFS^R-&|vC<O0;|
zHfGe&%Nkr}@Az^N3hg7%2yHyw{%(s#niw1Z-dE{`+cDaER?^$*W~X4$uCl9UsO$RC
z+xC-v0Aqf9#&+Vi-@;{h?rYQYpJ6sf9Dk5V%<M5X%UeG-k2+EBqPwuwHb;0&XrrE(
zoUCl{E$z-ad5q*t1sGX<_F_$5wxg04H|X#Fj-)}UreS@qz1w+bf9KkxSb4i~>vZ`G
ztgHv#gCE{`^GPl<=R<$^yN0&B$S}ThA8`|8y*^*WIV|VPEFM-R-wqu847*u?)+7>u
zN6^gM%}y}1R8_InN=&SPjuC4x`?7I8M-j<X1#hwlfQ_dv2lU;L-FT+3u<-?c)`h1J
z0EfH;2G}U(F40B%wrsHjVA8QP5T<$dFmCt?z9b9iiL42tu?x3&5E+AjGde8QV;A2p
zg@CjPY$b)1bi}NADyTDb2f~Ph@oT@~O~)Jf&8IOz8YVjmH5^7xOF}*Mim0e@Cm}XW
zu-}A%R^R}q4o;AHHF^gRPJ(T-Oxrx(mVH1>Y|V8Bjx-YS!E5(70FZNEQ4w3j=SXJt
zk1#owU+6~=6QhddKh>@ZRkJu@B`d^;i59+OSGz3XCb`FlG&R~whNx?YG7)vOlY;qF
z&go=Hg+@i)WAm+TY5z^nRLKM^HsxA`%VhcYDGIj58UniN(u$Vw0m37KN>!7m#bgFo
z>pl3_9p{GV^Yy=w$u+_DwZ5YwYOTq&&>=CRW?V|EHaS_Mix~9K3Cm5@CE380sT%b9
zS-hsN!n__B8a@U0<vP_E$u;K}9yQWN8o)t?ulE*f56Co*qIdKBMb<cs9P60$^wlP(
zz8jCbfSqV*o9_A)!Ew%CtLeR~CKvs5Rn{CkscgzNJHc-g*dVV|krpD-m0}ysYC8_C
ztXsbbikXLvqw4*I$to*qj*qxb?tHfc4(hOzSmYC!rH3eRNOyB0x}bf>S~MH(aN4KW
z@CpgmIc1DL3%pJ4KlB9e`}jYc?3F|>^u64v6!hogf9bVexY!CP4v%#+GHl@Tx&WdD
zvVOWs*@Qoi-A?Szp8tk>6KIAK8{o%o-M=AU-nuMm(q0$rWizy`M!+YQyBrDIS{8`*
zL0WYjT$<KDvO#q;`L-n@*v{_P%lZAN^ku)L6y8^2PX4_&;r?MRiZ7(Le?@G7TjI-S
zO4<08wXMmY!v83RIy<vb{MzMipET7(?US5!%vW>swPekCwOU8wsqM}-nSXhdcK__+
z&VF>?v%TZC#op5+z4OfzU{5%gyLxkuAY}C?$33BbNW)bi(BpzvADZ5v{gJU|q9C%&
zv1z%?e~oLHxG2@MneC};&uKOVCi)4R{V}iJvG>_+(6mZSI)=&Gw?3)}fuCJO;|@%B
zt%tU+tA_Epr)%(iEiXjJGc7;$_Kobb<7SBh-mAS}CNE?_qvT?RE==M2LOh||zvy?q
z+v?A)kyt)Hr>#F)Mkk)9pLzNhUYB0IkK5Y11cs0Qy?%uo{y`gD=56H>L=~>)lZJJ|
z|G?Tj>TaZ&FgN_Z6@9pe>;Y!j40DZhSbfZ6;YB-)#~0BB)qV>cV;QI^K(?B(YlYb+
zTBQ`a3+`Nm8Qv1n_Qb5$N$TF?dL{(d@x){f>`8e-blmjn)#kckU_`PrgO}0YYVV)$
z5dXg7hQkW%rYULBcD+R22nf%Pu3)O3b<031v8%4>IA+Nf3%l@oo%Z@Ti7BY8l=J0v
z+jNbuhe?X!{333chOT<C&s#qov<`Anuo3=V%<(L^StOl1I;fxP)$<6oix}u4P)=d^
zxcOqo@lRKX@@qS15w!m)F6G7O$H%#sAEWKXhnJV0C)>A}(_q=`K%KrkG{J@JQNCkU
zrK>y;94DdG)*MVYy!=C|ZLZafZL|ub_wj=XysKoft4G28J7);-v&qv%7JETu>FRYV
z4EoP=9^v+t+j|X#|BD=QJ>NjBByc0CYF+eeYRYorRcY6?Dr>%l(P>?({7%a}SuIw_
zE<97Z6@Dss>_gA%0j<Z9k{N?48f_+$?YlF_MXB{DEas6nJ+IEwsO}kW>#=csf(?P1
z_9s+JCsUl2xdGu0)3~Jm(1nTJU)zhGb|-17Ko4=6TF-$i-#nQ9VtqWak+nwipEH5J
z#{%?si`j0L_4HV!n&x5YkP@aem~u2ai+nTO%mTqaSR*C?F9ox9Kft3e)?}P93+bre
zUiM&laM8@;Qq;D5JiFs?j#KD4+TF-#$RBuorY?T+Rx`3hQ4mH2(aqOet#NnFuRMrY
zZ+CnG97zfJ;>tARo78Ho1|wB1<$SGrf&p#)4^8fO6TSwWzD;ts<2@Fhm^WpgYP#R+
z=IYpCTq7T=8(PZKTs8?1aeq#y5N0f|Hk_tjq;&q|1&FKUcMIDI^!OW4=IN9qDxa9F
z-jagrZjy&EF}9u%Epg=OUxB?ByHClN*)>x<5#7;Re&b&N@{TaBVfMa~jH|vA)+e}@
zKT*}%0>Jv)6CGV!2IV!TRvZ%Qu5dXk6l7ONWZdK!V=^3etAX8td2GREe;L!S4snSL
zcs%Xklw=*}oRstuZC?qxE#F<Z8uo&%A@O_Hol&c&edC+wuN4)kKRMq_%!pkpg>`3}
zd`sBouOHYxAsEa;R${wMwimw&I9~oXtmv-jT(xQ*r0c!{%I2i|MN&-Ri(Q&~1p9h#
zQRI>tyIITFxgIr$1wCuhle~0Z{6!3X`pWC=6M9mrP7~BSaqnj1vY{QnS|(-p0Rp}L
ziOpDq3qQFZH0*&M0B|<3P{^8PrM``~0a-1kSS?94wLKHO^8lhM*u*y!b*L$L6tHW_
z=%Vq4HZp=_Rp|!%Cojiy^dCcT7u5S9yo(9HwDNh^7qTV&4zP7>^xK9mc_%bmDy8Jd
zDJRB?AJMXz+mKEVgLXVYwc$CR0bpyk`enZL>815S3Zr&5x;8i~is=h$y-Ox01Szyk
zcXj&$-<P>B^TVzx?B9>!feL~GVIQCIqK5Kokbv%qllmPs<>|%m#ci)g`x6)BOQza8
zx~@wqbt;3aoP)I2cQ;Jtzhk+!Y|3f|R&KS2<#MB%FP_LVkD9ZS9_cPyHaY+FXU!J=
zh_N9XER4M0H{U;<)9J%J98~$=8V;u=SwGVG2ezkUK#S>v9ByroUqpN@TKKFTdyw<0
zmtN6LSsNdP`)h3%STOU5#_8no@l)Q4tLmy>^!!=pEA>gc!L+bgSZUs<tV-+dS@Kw{
z9o6Yx=i7A^a3$xg26$LAK7&`1j#|!t>8>?{AxT*9l$B99JtH<goyNpv5&KU%7-ahC
zuFB%9m~yj!8Q)O#KU`&s%TpKBD}X&C+aL-xtHSr4=biDt8UP(*e7i5S9oI&Vk6#H0
zyQ?k|kYs!q)dK^3y9`vc+GiSAOLA^*PtXNz-g=8_$L)X9%}3*f2?n5Q#Zi3YPhBrq
z_j)$))v~K%-s$_Z9&B&c;etJ_MYe5UeFhb`c7N!ZF28@&&QxiKX*eLdXS7PTFHrou
zd0cel+2k*Q<l0aZ`{OBtJ3GB0vlHKouR;@WV+Wp{l3l{z{vB7*vN^reyFHqE!3z@P
zZxB%Z(Kjjm0~tOjFr<xFn0`kC`f@l)5PZlFXbdK@!qIw?fOK!Zm_#PR4VGs<Y{urC
zq`WM7ac?|e(kdz6WYnxJCEc_@M(_K6Pkg@$nEs84aYbKbvVrw+w^}?9U+~q>g*v%<
zdgd)qGBiiDEs7mL3CeONd^I(R-McxNQh?!AOAX`7!?2+>17O)R1WEX=s(pT+z@t3e
zo1T6;)~`n0<<GEoqSS(XM!X+?KAw%>cKi`4e0u<-Ox?My6SIfskgvT(vag4%w#Pgm
z<!|{ztABs_2Ph7OVPU&FNP7qh+FK`6?v@n~FW8y=5;z3Xwx?H1Rm)@*#<iy(y}g*X
z1D;!g&E9t}6VP#H^Y?;jelbOOq+{J5h!@OjW8clSX`yN4=biceESdb(klFo3e=b<F
z7_8Y1!X0=Ty>8wT^7LusaYz}wYQH_Km(W81c)h>kf4%Fu-5W(O$emc9wr(1Y6^!V!
zV9@UkGT^+9)$A3Q^OoVZ6B3beQcgBT-xOeJ8X56Gwi;(IxVod;$-h#@y~NJJKQF9^
zKR)BE1H7{YH0`sL9<A$`2M8V<gRAKuIm+!Y+;HOTwh|+WQgnSs1^6Km!Pj;>5U&l`
zWUbI8Tk-ap5I#CsCMg>H0b1`S_C{J|c4j{b*~8n!OULX*AG~(3?QNcx{qr~P`A(!c
z!_TqKp0p0ksAV$CG^1jd7*p|oIX;8X?Zj2bId1(CVIVYQW9N|kM;9$Of0bD957!zF
zT22KJq}znOB#9+eWjkJz8)kt;>=U(aYrAbyqtV$HlBaz8IJg)@Zv%KT*5!ZlZgqTI
zlNT2%6uS2}a@z>yu^9C2h_*Ae;HpQPyn`c!OlR8-i~$#wP2zibb6-L?+HP5@AkEk|
zI?A8&HfXz0Sx?0ZPD_Gb28}Y`w;S3wbC&bRCZK!TeZ3tVD%b>bn`3YF&yU&U7_VVg
zVZXJi(vtlBZ@VF(fB2RD7j9)dD>;ZCEyLZc;NO?q_(k}Nm2#+dl|Db?%uiZ~WmvuV
zj=qlTsh8gB_uhake|u;*Ru5b-8#I?EH}jK*{>fVeAL;2mHLQs9r<JSTUiB6p1wd|o
z;L^9F%f*l?`X&0+L9f<y=pdQ_XH^c5_R=c*;EfJ3MJ(4TTB_ePy(n)!Z(be>WVkJm
zB4Rn;4rGl7c7)%3AB_ZbFf|1pGx#y}kKnC;fLEyh%kzi3Ixs8UJ`vvQyJBMWxL?Mz
zlQ~b4@w@TRN(;W1Snjm@w}e&b`lX_Y=ib9xce)tso>f&!L%GRegKr>kI(f)fZAVA$
z&2cbk0Csftk7*fy0&Cj)Ki{;{lzKam@xG>f6Ua17g|oEm0sd0aKtWRbyx+{`X&X8#
zwkSY9o@1n5@RsfnE$6r)wBvJc^b1yk-(`b=jHGfnpgp;-cB<N!m|%MyUjT>c4BRs%
zBiwQu^l`crmnTQ)L(L->3)gOU>V+J~zUx?cL0RPDYrvolf@YDGOOL?0=C@?N&tq{o
zqoX}Wtq*W2F+6?0<mlmeTz6ryd<uXC;jkC+LK_J#Vbde9RXsC~aLX4iO;j;xjS6b>
z*?puLc+(N@!dnJO^WNvzGh4mHEI`lV<~hDHw($A+xv=BFJpl|txUnH7-gk#<L+b7|
z9tz(~$@{;<pFYEje??>OzWM*#77+oGPK#tatB)-9bc-3|`MYn(@skUW?zIPb6>-n*
zIuTBn-e~(pJcL-F=RCJ%wa5+tQnKDVzUgoya0WH*xm-k$<{#4gim0Czp@Sa){QDJP
zF?~`(L9_gPZ1By0sC$H|M!<t*fTdqd!iev!|8Gt?cPaKxhHpzxd$4;sDBVCiIZRN0
zYv%plpm*~^X8zHI$Ch7n*y95H!1%&NePanEtWYhrRID>Df!ghUqQxozliBwy#`N~t
z2n>`dR<Q+^_lGj({FE59*KzjKHV@N9-guUs^1p^zi<TvWSwUwKjGm2h)`pl_WTNx3
z!@km;mcD4>kNs$i&E=@4eBqxvHT-D1Y!xPe<*U=oT0GmwwEDhDqru*Zz`-Bi_)4Fr
zVIL@58Hv5V{RxMU$dxZ-D!o8$kfCvZeG*_Xa%8pq1heYq+0xdoABmVTp=#@G8@!aY
z)@8s@CdkDeLdP|qBxMX$m|v*+AjSa6N8v=pHdy~^!Si8(bG!B=+%K*Ba{R@*05kJv
zgS`V~`=K@QdhNPif7KS|wn#BA)9H39=~gxnX|Yt}SWxa#CpYAL-t1!&)tL5Ky_6&m
z)mGAm{2|>Ne0K|6@0#uH$rE^C7&&3;xSU8D9a#ska$PQoH*=?sVH+2`+>R~j2^ndg
z?5ClMetpmH%heTq+ZzX+xAiwq&96e3%dK#gQdsLhWQ;AGI1GH)RzENczP-O(t&^s1
zn|<pG`pkIG2Gn&oxF+cj?AY6y49K$&D(U^W#J;(A3jcgEoWF7XelrT9_s~$(qX)OQ
z9yV*;US*3!fwprKE%OBhI3Mqi6~OPGN7h#kW+R+zBh+yfk-adPp+RENKM=yog|r7z
zjj(>yn7cmFS94!?r-M2*eAO^j?KTD2KR|uIQzL`uZc{J%I36bGB;|g_TI1NQX-LKC
zc%yS@mu&nOMPW$IJ-sPvF>-ac@fhMGG&pPQ&Js2yzih|_wYHUp2F=#re_h^yd2;n}
zlgQeh2Zw;3O?n{O_urgc9yd@o+aJ{d0x2LlF6kRo+|_DJR*3^ZRRv$J{Cij4E|#61
z4X=c`de%z;K#ATByU~-o+%UZLxf|h^zz(a3w)ch65?wOaClbe}gXjjb+Pz)RY1p~;
zc(mTpq5G58wF5IFk{T}nrE*$e0b@qQRpJn9qdsWu>2myR?gmS8z7Eb54OCdD;9_bW
zaTGKFo)H5`%d+`8L$Ay=$TTBpbd0S64j;aet@&#U$<AB~erUOwhxMMoWOiqVxbQut
zT5Gpmt?uAaEFu_bICzxc!M-5E)n-D=PGmLr#b{8e-nY>F;+6g)qxYXe|I;nsLZ4sj
z>cwJDnFCfW*vD>vglaz@60iw1Oy%j}tKks+49xvrO~opYv!&Gc<Pt#&Hu{z8BWF&k
z6FjRMf9=N6s6GgP;_GML_G@)-^4n$`9Huk>UGm>>>>z^Fk2~+=U1-|foL6MQx5n4H
zyF(9ZW(rZ~$J35h3C8TA)9h-85d#&I#;DA<&QSaFPfd9+e&1UCs;;n2e>!jlmved@
zT)X>0&X8&iNDDH1@y^!-o4|XcY?W_cTr)AfP2S3|?i-7&OKAkZywpLN@o7Vz@jPxS
zT5q14o+qk~jxRyC`O#D!jQC#lQcz&~Pp+o>Wm*6vUY#ymU>bU72UoH2BGQ0AiagC8
zN}w;^=G~mFMgj_m6{~df(vt4<<*wz&4@}c!wbQy)VBAB@e18=$NT=9$vn3G6GbxkR
z+>HVI@p<7#Y5<)hb{lIT?XLIuM;%uRl!NW~tp|%SXFaq1jpbgwdY++(4RuHBym>`t
za;r%Am0|#I<p^Yc>GDzH%9f9<%my?bqaW~mz$EB3K?3oBV<gTA)ULw7^pelk>7@Q_
z8~aFIzx#WfSqEvkLgaiMx^#OMN)^~pRR^VVmz|kQGIm0ai<tvZ+c1m;GiC-)-xjvB
z$tUv5-lGlSz<t}Q8My~)7=QRf1dua7UyOy1gcR=zB-RgcNXS9fd?2S@&k_63B_)IU
zN#G{-P$83wlAoD57(1hpg@H}TqulJZ%qBcEy>zMa0xW`Y&{qkRs}Q-{8OcN!|ER=Z
zZ52K*Ct_?iQAl%wi8!v4SGxm6m(H7!eRwkOCP)z9F*Zn~g&SgX4lSr~CqrVIg&Qo~
z9;vAHgG3A~sAc;ctX8==iv^!Rjc#hGFK}S)F-NjO0Iph4O(j`@Qki}E+*FJ3ar9gz
znvBWVdq(=R2v~JR3}T(Y-px<@2UG+>c;mC}<f~cJznzaoyX7{(z`NqX=*>XOxSFMi
zC`OTqv+z^*%9jCG!47jD!LwL-L8q>Z1+vm=wx%__`mFUZRMp{7Bm66`jzX71h<R}&
zKLjc#{Ee4FflH$LHGxa~rLY-Rn1imvr@c&(ZL^UnHxP1~eo0M+*I^6mm~g@pRiW&w
z16vcE&dNZ2(~w~|05Y@XH%F5>5t<1*IMR(WIT?~Yo9p_4_@esU*-xO})4>hdggaPF
ze{yN_ChmU{Nhb>NSFqSmT5z59QIf&u@2D`7cf$)Z?gpX~|K?t(axEXAnoiq|8kG4}
zKlF&L7RnE}y|@gZ*fS8=$6f3;=1jh|3pFY2lx1A#wNRUC4MrE2hHAM0x0{tW#oD35
zc!nuM-psCm1PX)EM2ypz{{kgc9{m^)3DmAVO(6{)m;`GT{yQiX7DAJCb7fqn9&GEa
zipY21SQ|8DPh0hZE5Mp{W0L2Q&gjqwed4~HP@kf8w`xYE(*Wg0k*Cf+Tn9CWQktzh
z_1HDSSyC%b0y^Y4hIG5^@u1S38x;pDs})Op0RR%GuY-Kxi75C!{-Tp3P0?S`&P>%G
zW+GZGOjiZ;+WL{6CRHwwL&|R1L?%3yp%q8b+eOl*$iHAA_22{TT4Z7)EB!t0OA%=2
zk*PbiUXYZN4VsA;^xF+6EkTTHJT=(jKn^jr?l{Sxh60>N>iUFpW4RkZQ#H;xuA3R}
zIhFwE9L+<<9gQ6kGG*U$Gcp<E1Lu%{kCU|2T)Ym7qg5sLM;J#J(hiwez)A8At?|n|
z3vuUYp#eT)WP$r>`5?o!-})0fxf)M9ReV5v*FX2E9#0$PzZXBpo$5e{eqS#Z-3L-`
zoiR2@@+~dBvh%=OK;%Kd#CJ>KD3Azx39=2DKWc@%GqA!XfxoN1E52*H1Xafu$jpBa
z@!m{W2m1FQ-;G^qL*o<L6SlnPM=(coP<bGJpt}(3E#xh9?o%G>xE%zN2HyFNKlL2?
z*wa`Om?vWSXCG;u4ctd?z5YZy_tjgJ4ASa-#R;9;QekI<JGcx8wfy^n_i8uv=H+W8
zpS;gQWl7O-q!^LOO5C@HG|JuTJx6l)rh;X`B0Q-$c)2pqPzXr@1n=IIUmYslwoH)N
z-`0wv;PJn>71CES1a*>=jng3d5HsM}pmKrDfzUx_+`4ubwLa|@TlhhoLUh*4-GU%}
zQ9{=UyAr!bg((u(ZGX4^q7l@|qfXdC90Z>I4HKeY!dI}_Ro*orsJjr><$?rC>nMxp
zJ_Lxg(mgSZMdsHId9Hsj0q>s{&EZjZ0{e+>Xb03|ooACW1OW9swQkYBqX-hNf3kuY
zi;D$J%}M_8Cs3#B5PE+JMFs8`<Vu2FF*##{&yp~>JlGt*%zo@V+qtEf_80`S;)7-o
zwb%zb9rVsG*be?hRJ1AXi0}emHCzzx&7OJk{1Ns`gIhNw@IA6z<M)J0MZx1!{%gE9
z(KjQ~>fpAL{JUkY``&Bxv~a9#{MaGSc;o+da`yjB|7#rID86nQNfNo~D^UoEtr_Mn
zDb4i2giJXSifN4^n{ik;wQf(RVi_GiElt94cg$*`8?|#9_HANYV%nP9vyII-JO9FY
z{{`3khxhAsJ+AlleEGJ6=v(g~X7un6Z;_0w@;vXj#k_d1&G!9Cb6(^{<+-v`-4K2d
z`o1+gwMIEW<a&S&K<P+GAQZhDrQs9#(Mt&8j)mw6-&$p*!ah%o>)W*UaT$;4m)L_&
zB7{ORkM*x*ZA|}S;kW74ew!=CO??(CPzb*PxkHq=i+Q0&xo`?bPU5$rJvzME!8J-6
z&AS-gIT{+{A+Tc?v9UM-Rj1=ikGYK24=Tl2lwKo!|FeB;p1MEBx+dS~7dT}=y#EMc
zCwL7^`B=$IvC6Mz&V|rGaJ{6G!)(VoX1F>NChz@yawg(;YEKSifyCYn^fJ$iTvClu
zMZr-m<s1c66w@D(RZ`40WAk8gTkW8<U*-K}#U1O>I86+tX$`)O%1es2x{viWF1Fge
z#V1UkifS|aQ{v}#gM8271<ktEd;tW5i5)Om*s4Ry%QvpRJ`784owU^Y*h4kNSQVWK
zVh)J~6`Z(APKN>IxbRDU7b=1f2fCneorI4Su6Kg9_4ibVMc#GJgcdT#R}Tm7Y}nrf
z?;O4h9DtCzA$lF`e35ag3vN3~)1(+%wUhpJEkdMlO*hri<o41}U`La<*78BIjqEnv
zpD{XVyAr@sxq2_bk}-Ng`cOLS0fG6*w&Y0w*EZNfs>!!~X-;vAWn?WBIT*TBEWJn@
zymhul$$!^ob|irtw&eb@kv?F|Nip|neRl?i@6j<7clek1&~`KkCVyT6|9Ix!6W{#j
zLf|2AtbSw}Puj&i9za2wsc*E^6VKOk#8M-~kJX>9jOg~8@SqGE#{DlwqZV_OS$%;`
zKE0%IiIal1ywOdtv?!DMS%dz-3AjuD%<)+`^^+7%$ZQ7>)+c6(VOt2jx{1wOG2CSI
zLv!%N={@y#+3^1P-aqe}#(hP5%){r9gbf5xOb%WGWbl~n4Pn~eVWh9+Q^_KN+ck?5
zkfsPX0JxXQsGR{LXuZ)KW5817eYrjXf$R36u1oz3tBM}{W5A<g_rL&qU{em3>N4Qi
zZ#d)BEWFL{_ZC_s<Cuqm^|3Q-=t{Hb1WaxM!gcM{-$2H_qQ4O`8WO*X;p1&7jS@kO
zqTX!HY;mS8N6|yi;Xc-*>R!Ti9?`XQRGPGp9OR!|ySPe|C6w|4kEStQaDrtmagLhh
z3w9sMBz>FjPOToz%&p|yFI5NAs?=(13F88(n&XU~*s>2ulKH}tD-J22M?9^-I9!9i
z3Wv#aud+6FK=@i~{vkRGp+y(J0h!<gvTqjiV%$WT)M*}6Q{5xGzKbF|G!i;~9FaXD
z>>xn$(zU9<1E}O_8THX6%>e?jA+NmlWw&QYVxfKp`4^dSYfI*xibBc6=Cc8=GBP0{
z;b@YkYMZ->+-@YaDOMD}i>Z(F<l=q$8g$HC;o2o?eIjjuojh_8Zzy^xaXT0rG>HKW
zQ>WR46znT%8DO;speOtt35M{YYyvPp{dGijU;T$fRoqs{O;;B?T#V~dLr2EW(0GHH
zEg_16pi*hZCdG^)ZmV?nOuXo;YkIY5+-nU5U*Q%h#hP^xG2?P;`n8VfMbc>*Wz*b(
zCa|Zrx^PNE#*GnY@y?+)p4|;y9m~-DW3eBDsV8W;X$5zg2^Rv8`A0sSb9_`fjI1(s
z2R58uI8w<l<L|B^_Tj-=>?=bz*}mhG>|ZPwVn%dRpCu(5;$<^Rjc-Cuux%BCpAF6x
zk>ZOvQ;48Xs$F%nQ@C16;Rm59K|^vzX`*eMOpwr@doN#W<+1cB*+EiDn~%=sP(|gE
zuRXR=9xsRSBCBU+Esc}h^$-36ed`T=^PK(@>1w|T`li!6!1gA`nOuYuG>wrChUA13
z3QD9W6V1;xlZwaGR$bnGHXYMHr&Md1ia||_t^5<-D{w%gk8?v6ZH4fUiu7x<W&NtW
zyi5DB9(&E6Z}z*win=x&7RP$H^5!M$ZKmhaO<Y$_a9l!L3}-;C-%^*e-8sv82XQKQ
zs0nc3WNti`ELM}FV>rWAWURQIA~?wUUwT9tr^9koj((7e`z^sfKj3fWkLqrlBC0tG
z_pCdi6BO09iKB+a#^lpL)iVbO-vsD2f-=feDtYTx5I%-I4j7&f2V5lU^qk6ou=p1r
z{Qz&?`eHkGcF+6fBNO56;Lj@8XP)Q@WGg@Y-*<<^`@@QB1^PP**9|1~>nBF+%&lTn
zQ1inbL?H$=qyqyQ>~Z!Ol-+c;MOAK0C$)A#8!+4q-D{`#u^xFtw!!r@jiS0B@MP(w
zcP$xTwI#ejOHh+Glp05@6=LixR(w&tv?r^lM8`&Ws}Tq+;g_@5H&?%!e4Q0t5p9bN
zlBdyH;Pwk^LI+=ZNcF@>w{?xu^EYK=!P`#7O?QsRt)Qzc=`sSPIew<)vLHLJi-rt{
zwVX|&48Ch%`WvlSE9RGK3)8a6kuZ5jSOl0c{{6D(V13?$ox_#e<*8>8sNRseYOy1O
zAm#c4RzHr#X49=l2{<E^#>D7ej%C(gB#9%T-A-&i8&{)LI}GaVwgHI$5`@n6@&%3+
zSb2e(`dDT@e!8;2{tH%&?a5^}eyZjS542h7GCEq}7Lx{G=zCNC!^w=kytoI7F3o!X
z8L8DewJB?q4}sgZkJ0H^v$dVRrp-6ccm7Z>!Q^=IZoqg2#CQ`>QV1%dNmggkr=u}-
zHg-ekjYif}u)A<DZv3^beO?sf6ro#;)}V}6QQ>i^yqFhSePj~%#<x8oQJrPFU=aKG
zSnO)84L4E*ZTx=2o~OI;+4_jxS!*gPz$~?i?f<D^Z`P?+MYpaS|G&?VSjh(XGHyuO
UdFq&+E)NP68IB5LhNPDM7gn{P=l}o!

literal 18894
zcmb??^LJ&>6K!mBVos8YZD(TJwr$(a#OBPzwrx##W8K*1yPxlSf5Q9a-m}(O-RpGq
zuIk#mtD=<@B#{yD5x~H}kfo)5s(^uk8-kwy!oh%k5%S~;z`&$`N&gg4^UA%*^Yl|w
zUk@r^W3vuRnyXy+SxO@cqijbL(~W47!D*xmsClcd?5wJ+IjiaD?2w5dkI`Rgu38<2
zfyfG@?S9G*O9@MB2fpnql$%{n<+(&canD{wT3qIGUUXl1&*};nDbZjdgp2-v`@<(I
zF2bF&%H*ExpGoKOs=P2eAl?ZlR!8op3>S62cezL0hCMQKCM|*GT*DMmEIo%WModz@
zGPLN<=ja39A$0=l2RGuYgBX`#uTN=e`qkwpbF%Bpf)KuEwR?=wgIN}Tfe1r-=q<$q
zCE{4f_QyZ36TM2<6eYwlxWI{zPKCQbw1^vl`!@V4Y@o+#&yNyF!Hqj+yMwJxkqJ8`
zy4X`j|7N*$rn=c@t3rbnA4j43te`aqebNm*ZZDh|VUPe{CbiXX;Ts<UF2r?jf`uTy
zzcYs3^E6{G(d^&G=rp`WC~b>c2Q!XT>ItI?Q|)*>OoJ5@QF4P=$0AN`l=>C9Lq%Fy
zlwpdF(NE9*f=h+^-cf{GqC|rt6tDT5kh2YI><iTfUdMIsq7q>yI7Xdy{tgvpcYFw%
zWl(G%vu8gxuTUW5zy^Q+Rb>>T)GsDs#xskiDZ(I5v`C5}Ua~Eo@iJ)ejWCJ;-{%MN
zl!@IfBNcM)<{Y9j4c4EM-SDd+ZIl*{Zrq`Qxlkgk4*6&GzxJqi6G5BE-QU7RjRlbD
z{HU?=qp1ua6s+gm*$rgS`9<IST3N+uuq1JjDf}Gu)8sX#g@Ra+TOueBl%w=Je`Ubd
z*d6}@;l!5vJw)-z#0&M<eHB<ERvA9wzas#}v9wbS;fU;2DPm(Z3nq!by7&;7fHXD*
zDd`i+fX5w$g_)WAB_YNL0-4s}E_Tm8f+WRIEFov0K0K^ve~-OV4=(M~>6cIwsu_fV
zKHgf=5=MirXli=WB904R@CCEafOPpn)2l%~iJtc}l{yWUhO1ZDRdsB`_+Nj#gX$jz
zl_scZc0mjBN*&-fC}kdkIgl=VqIZmQU2F#)V8*f+xpi3baYizqw`z)|N;E2Br{Pzb
zdo!!evr=VQMGaUU^x+q>g$?xPi$h@)nCp)r9@Jt66>2kT2}xY4%-1Dq3dR48vI(!9
zbY;Efnd`r;x2-e+vaa@gd$e!%^O7B#2z{g$ds8K4<HBb1LU-YZhO8(zaS9hr=2fBg
z)6Z`VQmo@0HkF6AqYYySSMm)rv%wNwiQp@Mm)ET@3EAGC38aOFq{E8AO2*&itGSj5
z^NPGaMT=JT2jiRywMTTD4WqySul5zrU@Ox0wT(>g>N|LUQwx9#-y7@m0gX6D3Cj&p
zA9w2FsN1F12Q1kz;58`Ez5e9B5sjTj-?Nul*&6Vr=)yty3tC7}^MI${e6!RGvC*{i
z*QI*hsVsNXcFHb3(Ifk@4;7&hT$uW$jS2qcI|~kSIcPwb`+%qDE*kp{Pg3%|R^(&<
z#H{h``oW4jWzr^uk3m&urS{-rTV8LY4fB5hTZY@d8U9FGM-^@?9bLacta_G9<m6lC
z4nWIw$`=n9*aP2q`KmJ_1(^pT1-Hi&$77Jr0`ejSe^eK-vS$JHUxInIdr)d^{QwSq
zu&xu|c9W4hLim753TBTd{TRijE?jQXKkmctb@z}0SX$uL+H+^DA4-foHbJpYe3sgE
zw4je58^3T|?5<6!+F{rP3tvpzK`t-H!0AOL08;X);9paj0$ZB@H>)THZqGjd6SyWd
z$6L)|-A<nAVh;hLZO@`S3*})4043)GnQ9`9Iu{fr>r+=zUHs}X``M(YyPDzB1K?EJ
zOC`)*$=+|1^G{ighm=}y1Z>u_K_O#d$nnnI+a(xUcqPnI{|mF~jcoUFl#-!Cv=@E6
zwDw=!c#$0bb6$8QC<MV{^d8Y=iL!=xx)xz{MJqKBr+;$Q^AGWIvfofKD$>zqlqu0*
zPze4H7*H$J{D1`Wy3@0;PLjKGgR(baY6V}kz-AjBgm7|a6D~e}X6o46dvoE8Fbi63
zRK#uR1&=>qg_B0df|T=H7=QAH4;E8A%DDgH@wGCPx(`zktrDJPx!F)m>mncpt|&BO
z^6nP08ED7LGmc(ttjtZS{G|5SJ)`x*7@~lmc5$NivY@Gjp*!(ral=otx*ATaAt=PS
z{<pu?KK;948*wk7FyC7uAhcwBsp}umNQ{0OO`z|@v(H}GDOiMQ4CsXF*A}c%9u>SA
zc9j<{a1%2e7SLC}TOIMTSXfMXSreI)zsWmSUgm73EpE;sE(_UCb?!kB3VR>Ny}TaJ
zx7I=zUaP%oyknn~YGpGaffc~-5I}+!x_7P~8ZXn;f<c+H+Uw!3!j-B#TrIt50q#%U
zg1)DLaBHaOg+hmC=m(?n1~C@BTE4uTYz^5Gu1})r1@7dx;fk;e{YciV5@wI>0DNp4
zReE+F`Zr<gi*9C8=9@9gPYzX!7BX8dAhDugPu|k*x1s9CTL~8=J44h*eL2={%W1bJ
zzCz}y)1x4?fG8^%wm3qmrLHYFbG+w?9GDwPVEjceCcAe@4W4ra*5KV5+Q#o1#1+it
z%(pM~N)LS^PC`)vXW%awo61ZbHMvOq$6tcIAJHiFB6x20DM336?uK!WfA{6gC9#d4
zAgL>X;)BOPu#A28CP8@$bz=lqAN)2XOk%r3nCZb4%4zGwzXZWRK9ydtW$Vl9{sAaS
zG~0O3Y-UzTAAVRsway0{`QG?zQaTDAkuQYMqF+ir*tpNFFw^-Cc67tF%aSr>Q63<D
zb^a6A@<)gexW%~8#7R@2^6JukuC27hb;JU6e~DLR;O@-87@%)t?5DNq`G$fV4S%Y$
zIG5|y#zAVxaCG}o<+vo~1emi^Mt<xQT)$jq0EaKSuIDMf-x<zy+q<9Tzem;WkCBFE
zaq|_I)de1rx7sf344`6LUJkvXW|b9(r&i`vTS5;UKrxOEfBfLxb9#kTkHv2^L%GE`
zA3Ihy##hr)srkxd(IW*<j-RRPHONTL1w1vPX_QV7Y^_yULuLLh?g@Mznyi!bWU8fj
zzn*7d4vb9mX5hq;@X}m-#cvebAZVxQIr3NCJKJ1B++FTQE|s3IvfHrbYam3swL|x-
z-U4Cr;cz;U@5^mPxCX;)F30w%dHNnTvKb`tgcP`mS_}*>91rNTDHl25V6qdah8+op
z!OfR?R9S?4*A%lKE9xpuf$rii2DItW_ZIIV$M|w$JGX>abl2D1WAjooupK2pfj|4d
zBDAuj*F@e0i<Da#LO$YG*eV1mn1o`hrpC5`4IhVo&+5V_c;?05dtduKt=5gzz`B;|
zXqDx4<92Ia#>*h()11SBg<ohY;;K7E$MRuNj}nd)BxWw3UsXD4DyxSMsW^wL2W4Gu
z>j`z1VgBrY=(FjXRaH4X_BIsUc!1Cb0&=$SWDRS^qPtmENYTDS*)m$D_ArB0Q*JQ%
zexhpNSxEbiaSkqeb#?;4{PKcf!j&Fuf5o@}rT0%uA>Edi%(ZqT-dqHRjv)XWX6*&p
z4p(~ZIFd0*s@X!J7PHV8=ALxvJMON!77j$>9&u)!@urIbaa)3O{tDWL#r1il)P*ut
z-lOa)8z{ZA7xygn^N&aPQ8+gB^Uhn$+x}+{Vn>Vxl^aC2AC;YM=1_`g`)&i9_hIc*
zsoZsW3<KX|gWWVvdi9pv4bxfXi$06*BnB(;kb(!|H+DvJ%u|ttF8${xQcUDI(aStQ
z9POw_p>&$YTX2UFIDt=D+A;O}NYlv024?ecCJ%#C=^<ph(RO&N1)Hh@V2;K<6ATl_
zt-tbNSb|r@LA-LaFKy9N!cM5>8Y3(d&wPku_3)5PvrDuvdKr!fso#;A4xQ@22?3^u
zWVBL>VLx_O#AaL4o?^%y>mbl6Qv)lc{)o?ED;get3zE-0HB_8i@p6V>b~AA^;J{q$
z{9n!Yy!B?YRqYS3Yafn)dwSqt?a|Gy=G|J`lHF4#80ge1gG-17$Ze<L1HMVIs_OHr
ztvOP5>_E4{x3a07b(x9~TQ>tqhe(3MO5_GIdE20#CmL>4rb|Bwf{<BSaXB0HN7O*J
zU)Xs?*pbu=pBC95D(jVK7U(GCJGZg`!gnU$rVch>L6T<@owri4uSf7`wa5E?K9wX$
z_1lJRI+%_X3L@eCiv$J=#U%FrIQWwxWb|3Qw5-r%OzcJo*0QSC1{nq5&K=N<nWtJF
zwNI;g<3B&W|1|F#jmx^je7wgNwq0!RS{h-w*pFqDut|;umnxcP3B<q@KWDkw$GsO`
zj0hqOO8O9Pg4QXtJ;y#?_rps$gwu|y`;zJpT0K|WM;s*`kJ%8m>%VwsKEM6Fw_K=?
zXMUhVxPE_}nuCp#cIRc@=djINE1CTZ8`EH8CZmKCPty%u^vsxbhK%<>(X@EZ2|EFH
zp0AEFLh?$MCrY|41}Q&9XvZTP5Tc*2A>}N{=?$*(2s;n)ap!=L2JS2DARMEJ_Rh6B
zWPJUQ0iikXQ`mSiM8;GCb%afs>P{DS#v~Z}Wboen-IT+^;OiKc*zXqGBjdc)VQxq)
z@y?kqwpv#TYGnE<w2mQuOG+@@*XSP7P;=gvbQ&w1bz{b<S0jTOc~ypem*FL5T)~y(
zU|#5OXRHl#D8BDc`Ng1i#KATkl_V01vo{QwgbI1k0Xh}m7lwy_7f^(9R^sG^%mK)O
zUO@C&lXtYK0lrB-%OJtR6WHO{Q($_XvlS1(TdNO{n}=UL#2{rmrAg_`I`<o23E-)R
zNf4JLxBK|<4b7WCsOXxV9WY2*OZEt5{)?1k<l>zRF7y=U72eG+1lMTaZW78-!Uuo$
zy<pyZV1ATAGjFhg>GMQrt}#sB6;sa0jCQO_WOX!?0cwc-&e@D!!fijMO4J}cYuOG{
zwM0<pJ;O~e9Cc?*4>*bAX@hjeQp^<+2r29At-xtV#_T)W<z+vToo(j!FJDw4;nnZX
zfw36gKudD;Be>2MZ&874gMi{&r<*CG*S2ND-S_V9N2p~ugP>M&1cQtU0mj*{xgq|f
z6?8+3F?uwn9a<l>{e+h1z@T5|KI5LTZC44C#S%G0_DwchaZH9EkX-uSEgX<k@7_^4
zAgcP8sg8wF5r0fqPRBnIU`<R;W6I1ER8PeuAFd65GA$VQe7@SAXJzmL83lxs9RMBE
zJ985QHCrrnnB(%wz6gSBNZ2I0ZoKoi>U}ute1p?`?s0ToP;9PgNvIJ}Zev<a%;+yp
zPJZ(=%ny<VvKG~!cnUP<s3u`Axh%?%@BP<V&f%I6vO$w6x%)pPuv<|+iUdG;oQo=-
zG&cZ8E1kB%J=Ws=vt~#YhU8Ca1&`N*<5PpHBHs3tcFKE@F8|z?R&<OgLCc{YROw8!
zOcY(xf}E8?v~$yEIYTKDF1;zx1H#xs!7C5fM-5Mq&EeB1?1G{Svx7IJ*6XBc+IVF#
zTOXE{$;Z<AJ%6oqTwa3F$oIxP4z<C`iW^Nwa)%WS7k!iK*$@lqoyJXpeX)duEFMI#
z#qH;8J{=Z15x(^!R$M(*KmADM7)dZ<g@)n!ya{h58>XYwb<?6IiuAPleJzmb%py91
zyHEe!j*De`xPSjCu~d7J#u7o21*J3Z$?zSyo2e)9qBCVmwIPsC?L3&uc>;DEPUVLm
z2hYfXrHaf0xa&#*C}$~N%7(T|o4eWZG}g3FP|o~_3Y%U%XDO;<%6`TgW79Y7l8T!q
z9FPlYNPUDI6l&DPH5Z#kp6`sIOS+Ajll}b4BsGLZ4`8M!W51|1ruS=J4=g6p63<G9
z%{u4H`Ns97hlV>^x2pBKuO=MGho|XP86L6{X+=Qm7tYCkNg#D1@w;Ipu=y%_l<hJC
zkpb^a>U*s=r=oxxTS>s1$!(~;A;ji>92GW_e83)D9EhyXF|um+5y%N$C7o#LOv9mB
z7%nRg+!08Di&HU5Etp!}Ekb_+GZD9Bb^@i+$(@4EA@>kO#dOXZGZv~6K`7H+MXuGZ
zOZ8e}P83UBM;{A&FP{DleWSVYl8E;zB3qOdgHAE+ski%`R5JVCZ`KhAjrNEbTzJdf
z0DEMqK_@~CX49t;pSA?|H+c#v7Ku>TEoPRASo<2`GnNVg&4p(nC%O(9_QtXpUX=`W
zsqrfM*|gD9t4{p!=A6QlkfX+Y-07`Z?78x-w@NF=Eb1}Aun>^+%}foB2#@RPCl#vB
zuZ;s3?gJv>dpNX{_<%8N(hg)b;B+0`K5lLz`yUY+a>6F-t#RSeW7U{MXRj-G77{23
z8FEC!{<E$X>aO*m43<pmpB~d%vRvEdltDB<eI!}dNMmNUDRBZ9eK@y48%SYO+?n66
z!)h}cq2~;Y)Hw9O#tDg{@@rM?s8N*j=GDumBHgBPaf-$zlf;Kg=Z~(uwn0m7bhK_U
z2bZoGeR^WmR~iH3sGA&P;tOCTV(lYIa;l;TGdeK0{4O+C^r6(k@)^MC8-r0Q#a8iT
zLRHW*=ayM7Uh(t8<jk%wkA#@L$l5~pS%%UvT%QPp2=ATb_b`;VTEs@c2!_%g$Mxm6
z&l;jIZLf31h<<cWoX4L|<<i?wNt^XN#Q<ni^q%7U>*>D%pajqso0Dh55y)ZU=PY!0
z74G-_5lZ^jxOn2Hci=&kAi8}5{$Ijj@aYx0y;+YY&u;Uw;3KTs()}Ih^tfL#cAO%W
zN7KivHPFDktqi(Ilu}9DGgmvqz;Qge_Z7Zz)F#{S>{l3uBm#Gfr3cigqNopXgmZ<M
z0FfO11g<ad$sfkLdwjTDqq;<E1=wIWf|u`eua+Gek6q(o1miXB{Z4O*+HP6*%){;6
z=Pq{+xTfXSlW;m6EB|sRlyyj(znI@Q9nixwv9hh}e$7FEbcA}$Kby9!SCDe}R_C0@
z1)2%*uYOgGafNgx%`lJWV6rD@W}k2t_li8i0YmvAj#=}y{G@*75LA&1P)&c~(k_@P
z>;l`(_sdfL%i^3~d<65<haB?*;*&E9##K=_<!})<_kG;2e)?pGp5ljYyYN#!;vwIZ
z`8F}?DKAd7^!@sl1%JwBp@2wfv2KLja__XQ?zl8fD(5GOJVmU{VH%V^Uy&BL`_li*
zIAati4}#TaVnWIS<!+-Bmixeq>HPFRwJchVcY;LG;7Jy2U(QiQM%6Wv$_?<pH`c0A
z76}+#vcb~q8$^w)B3pK>wswqhV9k5Vq<k)r?J@TGZ%)|w{NEKQvuEoM{7*Te4DT2=
z(L6Iskbiu4^uNV4d~ZvtHTa-_eEoSRo=B7<KUbzopi!;ZFroND{F^cIo@TqmNoSw-
zG?u^?>GeOE5u55W6b8Qn{jrHJ`n3cs$&vNXHe)EyR8v2PoFD_cQ2({(MPDe@M~l+>
z5I1$zpGr+Aw#Z8t_jZvtu#ncQc_uy6wRBgWIZm0`??KAgsd|*%XmWj1a^z-;<nV^B
znrzaMkUliGkGYXSR*xebr7PKv(WaGi=ztlSZL+M)v7zR^<`G5l3oY?x0jcM$2U%4c
zy8X#Y9eoto66zS<bebQ0W6-T1(Q8+N(zTa)^mvW_XGi0RhCwOub2Y8rokpeH(DWER
zkqZvOW5+^AS}5xyQ`W}E>sS$RT<FKU?G+M+kh{7IT{W7f9zKlT<JWa^wY<g{O5|Um
zzDCdTqq?pH<bOSXVy&>V#cO{OJoP!nx1(eLb;;qE`zVvya<e+KFU<G6o7?y|liyin
zI%(}(eyZ^~g0ZEF{kJt+r#G3@{xWDUMNC4`v;M^`w?l2CG@E0_W5Yf_l{>CTQTdJa
zRo?%ea@z<?P@pe{)~soTwile9GRH5%>AwDy+w3}^Zp+){iVquf4c8vB#6B@--DQiM
zsOg`wT*6Tfl0b!zFm&P@oW%c6iH*x1YzskhY%3>{t7ho1S2r{~xajous-NAWLnM_c
zChh+y_b>p<sNl<N+m|*-91mBfR*zJ~Fn$7V&2bo#`I7J7ORu#KFQ|W)bx^>Bd0>+c
zG7~=ebcso?X|B2*$`Cqf-r{YE|ICREj}aRI*Kk(FA!f&hq&oC8G4peFEVa<U*?LDa
z)0-EE^G=km)H#Qd-Zh1v6`w&uoL!p!K2P)v%|>w~f|L2H)?kv-@>yPz>C<}8n=(GU
zMZc4X?d?w%RTh;Z*HUHaJJ|%`yf321-t7j;yx+tj9~M&F#hm8KeF-9S4g)8ygny)2
z`~`C^b;!r4`z~Fy;p87~Kkru4-F#i9-Dp@-=MN-c8J8gNQb=N!0fSCO=7>>i*c~?q
zcaX!>@sIfU3Z3lzwPRydP?1*2OEyW<l8MI1@F5=9t^8D#bxH>EW({k$ej+>kEH(_j
zmHYZH(h_Pk$p9-aZ@(KnsSCo?p4xB3HrblbzhPJgjrfCUSY?Y%9iGzGIj9^TQjV8M
zN^zQdFOkt1Cf99jDoqvzL6}x1<Pg&yTW_O!mCX<eviFuV1us;8^~<(g+Wzy5vSBB%
z&q<cXMZ9a<7+p%fACd1I6J8l?-zk$qZ0fiM9@u<Pnw*_)S0Syp?v+?7Kz!d6PX+K`
z!SoC`AZeI%<?sm}<WF7W+?V2NA<2d%_!bGwMkGUniT0(EAppeYM{S`qwKSa=Yd+j%
z97~%}lCZ56vW~V5xc1>p=Q%>B!ptP_wp`{poBrd3FvX=4;<Vn=;Yu5GJSQvV46(Kx
zF88)Gbiy$@I>YnDa~Emq8V$;f;@eK)wHDkZsPLcFg^X0u!=OfC<naW{;~PoYnfO*o
zhpel7``hb;7f}P_=kS(SxFe1!4&kgC#uIhgo=ccC2GO5z+gwjZ2L=13HMm{!79^Es
zH~=!}lEq6DX_MH?;r<eRz!m)nfLkj9Q+pvk`{GwtGX3&BRRI~*_+DcJtl0WrO|pu9
zw(Zn>^A;as=kBj7Gyw!>SasNPNutq>CHia~zd*TQ&d;ND_al2VJ8Z=JA(MI6P8;%#
zJZ6zoz3HjkZLvQzMJz-uo8GC?9blN{-A~oxbo15#TBZ}07<$|uc&m9)k4Va}+7}T5
zxEsk4@B7k|5GrB1uBD4Tgy{5l6wgu{G?yl8zh-5x%i}$iLU-mofQ4_?O}HY(u))W9
zm~V2X_%`0Q8)>>)Mvk=*sa~q9w~L5`D{!%H-0>mKq5rPTd=D)z`IfcI1<QgD=|_O2
zj}x}62AkLrpe+yD*&}9ml!?)}IM+cZxs<#S)oOll+ddBLXr#U;irbGf_1JU$RZXXf
zs3mBhuW2vE6_e>u{e6-bhtbe+H%97sr&h2a0JqypWP_5@Z(QC>P~U4f#ok8P<pp*q
zRc?k$K_pYot44kVr-g=xAS^$M=TYoT0Pe<lb*WywTR7i%VMQwn&LPgg1dbq^28D^~
z`#wzwsgQAlYlnB^w}$NS#_V+&O+5inP!*xK#0)uG(`bUyR7O`xr})V!+5#?E+K0#e
zFI5LgSL_9hQIVw7izG)Y`Z}HTchSf)R%Ci;(;--OQUhIxgVb#hdRrd$gQQEHr-7=|
z(366?Zn-ygyzK$AUCU5lw}x#uwVQ)vPI~kt{ha+sW2}Z&6FCV7yq^Up!%dtP$_3|C
z$}wg9JA;Ge!O!jSFrdV&a5|+4%;me2kmy|yQuMULIUf1pw@Q_D2_v$lgw^6BlW`lI
z39>MIuPKi$Uc#)+y)lX{0y9T{eGJO7)x|SFi|NA!VMNkk606f-v-BJk84mcz>{}cZ
zQ&4>N)N`N_&Y`PRI(uXu%OK`#kk{|O5nMtq^8?uZSuf+hR{qz+U8^zRL!n&YtsEbW
z`7{;*f5+<x$RhWNtyGNr-4GoK^AUGId7pX<M@bOIhttB(wrEE`^;ofJhIu7c`r;AJ
zDn{<Uw9JNVXo{=EH3G74)tonj*yE}&mQZwck8Fk#k&x)9)b>`*@NkB)?~17hr--og
zHSPujA75{W{4!5OO%5V`9D`GOI@8{hdjt?*9MK!h<|YH4cJph(w=K9JfC*oXt(E%8
zY5jwdHrZ_lOMSf%y;d!*jEgesG3J%{Q9D#su1CpN-#(HHWrDx9Wcf^oIr@{|+#Uo?
z*b!Uc(jRGEn4!!f`Y?I3qaHMmrHc&|@)ntedeVcB5!iNKPBRGI$@P(<7lpR*t~xvR
z@}8$=?-K6gxpL@?f{a`U*1&n2BP`w2a<;HAhfH_`!?W<<%N1HXNN3=76rgYVui#cT
zfSHZxC&KK5DGB6|j*1y<RHVG_+CeXJEn?1^uZE1pR^VXGRwpkcb7eHHP|6D&0J`mN
z^cxjYObmm@g|qsG$Cgp~6B8slj~p+CiXeXd&op@g)Nk4Fdt!ca{e9PI<^8H;7m}q%
zz9uUuxt>1TVQ-Eb9XXDHEj91xeVOQDsR}S(=l`x<zsX7ssZol*ZzBuj<ztIKw}4-f
zJ!7{t?K=UtCHlb>r@E)*QAT##`?2l~<*TciLb$*ve9ai5u997l@Y?m!EWq*XBx0`T
zw(4E^g5zqW$KW^)|2`SUYs0yo+rfN>Q_X;!3Jn^vN7^cF)y^Ukt!4GYn?jKj90`Sq
zqA@CAhKpQ~&w5A24K;=v;>Q3t+yXrwCQ4X3dTWtEW4V?Et6ZD)H}W0?WHLG5F9O+%
zznnQn=TV3$_@;yD`tLwQ*)FYtd5qP(EW}hN!Ym^6ce)t^Y^g``VFNo8rmbvuIlQzs
z#F)ucTS9Q0Fr1RkBw`mo#KAym>e?=@fn}H<3(0oWl@`rHYEKE!-lcbyzfGm{%^MbX
zl&GtrlWC8Z$;`qIW^~|1`NJZR2|P;cLYvNZ<5a$M5%@&clLl&9MM!BR8%S0osWkSm
zW%t+^e(F|gzsd_oy<s%mErV`%VD*OEULet1ir`);%w@yI7Aa1eKKiK8Ducd*^nFfu
z9#_7=fy0wXtd(b(%Dnje?~ECJWG)P^HCC`8_EH)ldJ$>EZ~)N_i2_%eka}@T(^!lO
z`=OXwqe}0dSheJ=<dNkyRjXv&f=E50Y^oDpGl-lP?Tlac8_2kO0WP8{rW<b+Kf1X0
z*<v-+6044wSLv681t@1()?SosaNN>%Y3aex?Gd}fCz?{p*E17wMz9Sc(dI91uBjX<
zv@bU$qOdkP+TgW0mg?a&*$CmTg4<$U*7r4|s?3JUEUD<dz<cr=S5^9RR_Jr6No442
ze-hbpUG#l;s9`F*tYUJ1!)dq)W8t*W%jXL|Zjt?QCHM+`)rE;Zz&)rNWUf~J-2rH?
z6lMmK?jOM!#_&m!DG<(>#Nq^;9+znPZZQ!vRB+iDyv&gOonvG$FfZ9}DaMK$<7NVV
zH2-?Z7H?z(B#(T%dV$S6<VE{3zU{-pyCZ;SoCOQ}Kr99npcY1-CBEh;#c|h_5edht
zhI+8)9sz1KaTSC(KJN$J)6$3zK+>;nOTM5$!hVge3H(9KRATt#3#od`7B2>R&)&EH
zN(E*MHFDx78^0YWN&(32&if`E7Mk?E#J@Xr5qDEY6fbQ+{A7}avi*(jyzYztW1qhl
zGCN2M@f>^_rkG9?MSQj&WZ-JD1F3TERGu;3zfMW&0YSIiftd*ri+<D_nYq4e1SDTZ
z+9|hG+IU@`8~)tq(XcMkKfJGhoMF^S4y6ZO|60(YJ|2l9w)i4{J#iI6`#|eC(BteQ
zaBCxY6S;EOF_}bZz{e1ny+{p$8zPJH`AVFC#6rr=iYX)dv+5`4cS96zN!dEAkXA0w
z+WtbDiuH#|3r~UnBg>b&S#zaygvRSkmS5JS@+1Qb9*UJ%HT&w395=};CCSO7BwE&l
zadq|ig)e%P=?lD-%>XsCB)`L6)UQHOeo8=ErJq5wKvuz{X@hLOo;7-=#M5y0S{8<y
zV`Rb|;C0M2e;1`IL0*uRL1Abb8{P?Q{&`y(PQfU4hhierGrX3JA9W+HnIsjgp9hkL
z@v+bNk8a=%@eHNZEf{y#l2sHNs9-CbwkjF9<43PZvi^PJXf|*NxF%6kBQ6j6bq*Eg
zsH1}*dVx>I(Na-IuOu=>TJjiI`kqFBiD}7`#Oi~BY)Xr6Qi{=)e6!?)NtZm-Q-BN6
zaC_fy5E;$(`c!II%LxC}N*g^hHaTnZ%JxKwy#s!|dgrLzbkBS#)wqY#(}|p#N@5?!
z<U!8SIMG^Phh^NE69RtoGR5W5a@2<AynKiG9wnc!Zw{<?zEeo*z<0Rmm0qhxsl1lw
zObo@AcKdW3;NX9lo0dl0ay+8nbxakKvx#eSG82~Y=;}_0CsAPNbiUT4Y=y{^14ODo
z?wOWyMvu=prqH(k`-TS+Jo-QCJ(Gk&z4AlepAtKs$f2LZYPIm5e1C1yLQk@kiyNp)
z==oTvn9BJIId2<8ZqCRiCd&R*&?7?3s0DU(7SvbixX7`~7Y?bAa~)75|AFL$NCZn{
zHWtBUzY<0hNNOMwZ4rsGE1g;pbNd0Q46)8@Hzk32=M2<M3M)&#-GXECoZ=0?&t(%n
zy+R~Rq(mj_CY4D#2V+6C>9xEq1Qi_}P{8Xy+f+sIUAW&d)@{AU`ATd!UwE5YP+o4e
z7*8_xWHnM2^=u~C#=ed7;qg8ngaK<!r$>nN_)p;<iMXeFSGxB1uPBD<$^1g+T@M|s
zcGTG!?^8q?{l2hpiV?RzY*!Y$bUDyE*{mF3>((%3S23vfQ~9lOKKrZMQjgi~Q^qMg
z^+!WXYDp;synBy8<f85RQK;TkQG3C3SU#5V<_TR(Pe!ar397`G4;1$iSp{3afeKg>
zWrwpxxxeC4dFm^@i3X*tvJZYenLfFoi8=u|#IznBV&5GGn$zL7E;?oKJl^*0RvYL}
z>i4MTXU8uYngT!tQ^g6Sfh>Sl7OX48GI3m*O{0^L)6{bj02d3@{P@g-(U7^N%M$}`
z>UOKIiYrW`*RTX5$rDyiD@o7bINGTP%}sq=h5{ft22`1ZkQa2l^o&E$n^@@?%a|nU
z_{XFAuI+W;VB%ITKILbHw}UE(Jh5h=;PtuV7Kk*KN5eXOyE&;Mm)LqDgrzIiTvzzP
z(D8jvT1!`5tw<>h9j&MN4VaX#3O$t1QK9WCu(LPUgGG-#f<z*dO>xr&|AwM=oodPR
zU;1g#Xt&-pRrUlwI{y}?kn5sisc^BxaWa9K{0zKT^uGS1iBhW>if->aye-KJmI2g1
z`>)!{&kz5!j(3I)u|KITLhDIPri<8)v%f=|X|dfD!a)Uj>`}k0jW}=Ut0%sDPkv(T
z0&WIC;DZgan&1E@x7r2fQ17N)K^I~=dIrk4&>qxP4#}6)w(ON7VF+&F#}DLgh;UK#
z84LuNcS2gfvPbWYK{JlX4KK*hDQV8c!CkYn8H}3lGra%eL0TF|3Vj?WY*RE7EokwC
zFqEmJLjdqhKOHj0Sz6K_yTc2`2!CCAU0q;8b^C!HUE^C>#DYJpcgId|*Y&y_E$VkA
zBJN*Jr{LDh#H6%^wv|Xa92^R??!P5Wb+wUwC*$c-+-!e|bcnUy|I)O!V~oGzTV!F1
zZ&a|70a#d@S+3Ijcxo^iB@58=57J7+abdkcI?a}k++cTUJU?fsH3v;HoI|@BDD|{9
zE7LgNZr*noxS3D;*H(;Lsu8iH6@?I0eMx5d3SJRosViF0uycbw+hTRiwJx2ZYzfQp
zZ(*^{UF{!JgT69XRq5uhcB78g8Pe&R-ayz&_LiUCU#EczvMm}ezo}d{r&M{(lXvIb
z=Nn>lG_DZ3(syR<b+zNa{1K=&$&Qz4uLG*KRmIh-cOz94EH2KJ44)xL4IyuS4yohM
zUz%+`>e|b@qpge~)~}^Z79`2gqN?8w*s}d+DQRG=6y7K`@Ov?wB;50BFfo}BD@A~o
ze^O3G4JtayMRr;J?X17kbI(fRmm^=`yP2-soq>l7W1_)&{$eK{5UADJ8M6z0rd7w|
za&S=Q@7n$q!kN3mHrg9ul<rVjy1hR+N4eqcV4F`=b7k?AzOt~pJ4|M;3*`0+^z)oK
zDOyq9=&6mcrLKNJG|UM)gJB2u6xnl^=&HsAOl;S1_sszxtPX_qmh%l!Z4r+}y9Nhi
z2g4jkyVx}Zw_rOR>qZ6FM=;r133`?p85Xs#t(aUIAtE0Hh;=8j^+)ia5^eKmLL`0P
zR$ksvTW|ka^1au(5AXZGiwZrr8#(Y+L)UI>K?gM;FkO%s$dR7-!8tCeccI|+7`&aW
zHVa`Y?wNIpebv`WZ;AbwHnzNf5KASd#<l~f50rBC4t+doB4hr+p=0Pg{p?1N#d9%9
z__G7eT_LF&;OWeF8DN|GwQg_ObdM<TWA_)&QNVVVH79}tPd-2)F+aJ+_Y6s}qmxg7
z<Sl%{XI($m4p!CiY-*|ENStW@)06Y988~kVbL8vqARV>rD^o!)*mDNeYr*fS&$FVS
zGx_N6<DQw|Z9VmE^Vgk^gu>R<5+!O^D;`*+ywll9uw6b0BYnw`5zy%kkKrRkGnM%R
z*d1XCun*xHaYIJ$D!gJRcOKnI59mKzqO669_dhEHJtOX%+xbBfx>}H~Oy}ImlH0Bg
zXed2dwq57(8d1~~lL+S%I5$hU;e!zbMr2R4bu0n@ACprt)tb)T`}LpSecrvy{`*%h
zn9FP3L75RIWh{4%YIku-+oNBE`&tLs`M00Vyz@-;34HTF;&_2VY;x2%w;bF$riz?m
zC-~|FLPg|bp_vpgu8k&EqN?a9%l0bBx7}?lf5u3Rawt}O-N<J)a@Ju^+L{2*V14Gk
zxc&8222d+e>x^8#=g9oEPH`yFt#m`tu=d;cWeDxCSga5;y6ESMwtWNMtpBbtvpfde
zSvNj8t>omq1I|#qt^K~v@&jDMG*kT=_rO3N*HG4!oh!#Dux?i8;fWpFdhD`ytLkD6
zpf_^K<ODpIv)efBbbq<5eMV75jxyTL?p*Hvnx=p^Bs2QA(`R`%-0)$?fS86y;HqH-
zQ6H?ItyF*suy9$159X<m@In@5frfmqxEUFt`_mnP2Fi?lc?p4G?&F73@-3|O>huQn
z$)1)oN1Iu$THXC#zKb;De2n!!d1HPbaMZhA1o40EQ(HJ#zUBr+P(s-S9%1#8YBzm1
zg5YlSRrP5>{<oIP3DB}dJX$;B3y0fMu62ORLM;?;$xDWW)G@Wt5f;OQ*un=)GkJNQ
z*Y2)otlZvp9GCa+5KM(kW7DszM5A>m<#>6+h6U-!-}ZItdO2&5>IrU=Js;O#zK3{D
z*U;8@do#$kiffL900AJrzB2g~+064aM5thex#}$UF|O5?=Ps&B+^xnW*zE!&>u3Vy
zZ!;qfMq)7By_P8Yx_F8HKCN~>t*F(B>wmm?{|hjtfx^PD+gi8|HHBWPP<M$~sUalz
zh}&{kZ)!ZB@L}7c#q;CvIRfyuy#k%?J6(%!RR6fN|JvGQbvj`iezqk&34LY#Ix}e;
z<>2ke-<+f4rfqjNLTp%Yi+B7YW4iJYy_@24+$$9K*a5PeIz)e68D0Eo8kh{kO&8BQ
zyLVXI;Go>Gc)17i4L~soYnvZ4+I{2)ae7^O+qbnP8ras4(6yh3b0mj{BvPGlN}$+X
z2EI?6ce6{k-kkns)Dsf!?ExAw3?eSyZ2q0Q4G8QghMbw{C=_xUo2(10;p7iOEcbW7
z&$vha7n&<*S-abBT;~J;odSut8R5<2(+zj8$2F_=Av*G`4kHo)&+dxCtrWf#xl#!z
z7@wV}|8B?kg!@*H`>W$RnCoOQ1NlG>{)QL)Al_b2Ov-Rqy@NP1@D#rI#J0r-KVC}_
zZziRK<3<8OCm36)OEhl56r1q@OP6(jgzNWqhXE>$5%T-)uOgn4iZN+a&iq|V%-1$R
zdNp`XRnzkt0JF_VU*r^8W6U{S$3iYdI=7YC%60mOuaATYb@i+@P2;ZO3-7AywFxy7
zwk3V(Ib8pa%7e-P{oDSqcBdRPQ{VOb(Sg}%%fhM7xS}lz>)URA?&)GaXlHj$Ggcbv
z^T$hNC*6qK3ah_vFxfma5e(p(_fI{po%(;JT0bEM1g!vng?Sr*VQnm|IYxfoRRGq|
z+$eap%<X8WK>oh|>HRs%c63oTQkj^Shwei``=j<@TQ4uK@nhg=A=T9y2)IyNlG(~6
zX**focQ-i2bm1jwN6XRoP1gYk2wMzsO1N=jw=jkH-&iMP;aP7u+ZS`ZVwkS`ZeIf|
zEeMx+R3ik46yyZgI>~bb@*2jj2<slCck=Jn!RF`}N5uVIKB&Khssy9X9{NN8$TK(r
z1V8%JFjEH$Yt{ndv3E$e&snjS?Oh0wE{VC{UudLqdVHk_vbpBNt<2*`3<VPzBvr1F
zEo`+p3bt25Ie9vwygKW`SZeLr-N4_b>pVU$J}x1fyRPl+*4{#zXa4HMXE-2mWi(H<
zEK&*_f3Pw0Y_PO_=i+u3;Q^fjiZdG`y$Znus+7K0(-qC6Y|~!nI|Rzw;TgSw&8ZbN
zmvCY0{-MpcUyL*y{Pa+wDC?(D^nQlC_OLYre@HJAR!5vLzy+8>22Nft=p{NlY$mC<
zeXN$c@TOfG$H!-ir8QtqtWgL(_^hoxbdJQC0zXZ6T|nAEls%v938>;K@O>%j_eDk5
zoBPz6?Y$cxA}a<BYApy-Qebl2qujT*Sxg?+$C7~eb<D7ALL9pqBV#O2=AcL>8{pTQ
zQasMh^%0CEV(&8Cb&KRm+roKB=PY8?Rdc~p!<#TvFxpVGJsVG_WZ%R$JJ^rGQNZ(E
z#mKs+0Vba(6p_})Tc^G;F|I`JV#yDIkn^@I>z1UP1oS(uw8*t2-=^`M@Z^p;#@dCp
zhhGm~94Ecj|Ma=YpI!4hYjVv2knnXO@+gioOuM5?;APD-`$hVV?2LRoD}e&V<08x%
zA>gs6hMYe{=<~t#g#D!LUDw4T!Rt64vHB-h9CjbKyU=c48gsj!Z!V56NB2qchHjgE
z>PG+d{_M4!(r=3~)NoAj_K(j#*KpdfM(&O&NkNL-Nf)Wd=Ik+bq9gut>ok0Rv?&<J
z6X|JBMu|DKO1{{+EhM><jD1wrFzzx(X<@6`)IY>U(R`e|a|{JH_zdurvqcrWsh!Oa
zO%8uz2-SJzSOkTOwF8c2<*x`F#D{R*Z2jw_RR{Km3wmNd$Hwi9R(FLR0cKvi%Bwt9
zhOx?$&v>iTbAhT=XSiCbdH__lE1{cp)(jlT{%<=Y-AjJm<nMK8VDe$s-9}V?n=|rl
zF&06DM9q2V0yCit4@&6sFc`S|4sE2TcOX6c8M-z<$J6P*T2%S2a@~@FqaZ=eU@3Wz
z7Sp^+#pyf1D?7aAr*FK_zz^!dndwj+r$y@yCx_JioqLd@v{oBkoG8VQ<Ro7Nf3}~J
z{{gd@;#e+yC0U^yLSlUx4chq~c-vzY`?A~Gy;U@y+YBqV(H!6&KtT0T2XLYw;NRAq
zd~9SGlc&R&2Ib_a4WYR2b$~gI*Unggv$Wxdg_?5pjYc<TU=OX+SZj4vgiY;zZ-Q|*
zq>fvA@U*AgT*qW3`xYY-VIfR!xwtOv$K$Oz0M)r+Hr&Z5<2=cuc4`gNy2Mao@vmoG
zKJ&aEI8$K%48xGB37i{&*|u#To4|>RnD=x8UVyZlF}|JXw}2C)Y|d!Azk*uMQLSH|
zUZ=BVxtNin3c7b5F=24abAq}ZiHaFv<%%EXzGa5bA(zu&9U30GNy2YNB3WPUQc#Ya
zleAra?NeH*KGy?%Kz)O<-B0Be2VD;LFu1%gtPJtI+637*&JzEcnjbRot%}=yxKGgJ
zFA6pp<8@op&wCkj5BD|&C!Xf9mOaUkId9G8KXyUR*HE(st{)-h<kQ-Ryz{ZQkW{yI
zr#P|8H3&hK4a$2y;Tm86t@yDKhUCCP3+6n<$nfkC0E{uoL>T%ze+?iX2JHH7&v6Dk
z^;?OM^x5(YtzM&8)iBCW8$#|mmS4n;StC+YUG+QN{Q@Ta!qa}l{c2$RnVHb>`5tA@
zA%A-yd&OlJ;#z67h{$`ybx)h1li-*<1KkZVP_+|z&G5cM3SR#vT)kcH`|_im%wtrl
zAJTo*p4_aaV1)>&o@m8crlJbX`0J_G<2C&Cg*rR}WmcC&w=J+v|Fu&cR;#fR;R&_q
zto!Pn)A%C<THu&-O$)B4$iMYeI1^OXSsv*6RYV4gJ31D8nJj-RjaM7cAMAUKO<}VL
z8R0w7m!1r+?T{WeYxZ-n-v;@G-@g$yEg9FmK$vL?NPE9d3uk1m!!Fhfr8$J<P3~Rl
zjGmGB&j$89uU+%}fJc1j-qoCyAgnBIi1~m`jUBMX0?}B53=YsLZ6u(>^Bfo|jgJ<T
zrkUubM@VX|t^(gzm^`3F-9qJ1&Ysk6E+&+ES6_4gF|z$6{r275I_qL56n^u=R;RHt
z#<B;_ixmpM9E^r3LAf45gntrZwVo@$A7Bpq^$quF{BWoxt7;ujN#}GH_nZeUT9ByW
z+dmE?*hDu~gsp|zHTB^qk$_=U$16ElL-PFEj4M<Yynie=F^_IGHFS0l;f{6V#!E9|
zWRceWT*a?jh~elCjOg|+Ataz;M&;{aD!&2}z47N_L$bqBmgZW;T3L6%Rq)V6$OWGg
zx@P+WQRgH^HZZC`8N5OdHsP6GBxV&|R7kjT|IYC7MG*)B)7C|!*YQBhXEpF|UZht)
z?#&Vz6T6quaDvzd_uTWG!}zjHx?S}>3I39^M`AhB<yIO9YM^9_<+m;8EXvhEB5CFC
z<u>Pu4z!ipa=fA!Bm{?(sXN0fGtdl#f9J=XR;}{(jSR~&Q2lGHTl0vy+1E8s9&%7T
zNPZuNLYIBQ@sha#t^`D0XisOKMlx&O&j9*WoBHDJ)e;uj@h#H}t9mNanmuF9M*X<_
zhRk`o<!tw*eQ&r`Sqj`09GVZ4ceOW1f6ms-ccyPv&4Y7H>IxiJS4HsMKM0ilTl<D}
z>HgIGBI9aKxz+jd#ghmNZQ(V+>;Z#*DcGTXhZ@3WdHOS$k5aJ(mcLTS`p#Gu1(`$i
ziX2(K3lI)>M-uphrysIFo50hk9z|luEZeH?awDYqmiHAJ3Jb<~l5-}+jWALvtq`E6
z8K-f<|1)0m6_VpW41YK&vP-W%`Z#(stn_qonh_w?dC4B{gBalZ$LpLPKxLq?Li3pf
zHV15rmLA?2Gv|IVKk51qFl#k_CA2XiXlS;%$AC>Hg3tlbv?@FQt0R3S^a*k7ajhF-
zSN#C2+)rSO!`!@gC>VF8fT*?Hh>MR1!M&e5;|;OzDS>Id1rGiO5k+Vs8<_1V&dchf
z9G@-3rREe+{QS21y|BHPrI%9WbgbKq(|6m+S#Xb!yp<;anzF@GaW>+UOEdz+BgB#5
z!2N4A+6hn~`|))sTYfDu-=x~-K1@v{nb9W?sGQxM&iZO!-Z3y#U*E1u?gmTuhpbde
ze|~H_`0#h6k%Y8NxOcHyI<6LJdF2RvUfk_m%JcluKgh-0uI1e^Bsre<=^uD~sr6KD
zVtGxtzcReM2DsIpXGor*@p(OysXr%(Jr#~Q!Tra7NcIHmABhEZ)GW9yv-O`LDM^hy
z>Xu}S@75MRKJDz#d?;cLx|O~naEJY!c$w~_@Q-jij}V#ve8K4DM+Rl=ooY&I5a;q@
z#8?R1Q^*PiP&zFP&vjUe)$U~)&8N$xU#&)z2UC5|{-@YHS=nXxquN+inghfwRdksw
zg>wiajW59|^1pc5G0tlZ&q1sQx;1Y;W$S{?I{BioYhp6tqj^f(H_20=Oc`_OpVxQX
zFI$d``)PBnD+|IE{`f8`lt)dU7jxh5l^z;5y@kyjjwZnNT2Bb4og@pZ#jdNoX)?Ud
zN7%#E)xfby5H6h5d-Z0{vcyKa+_KHrepLT9Khf~-F#^xBz%9RPwoM;_MTF?we~P{D
zeRCVz8w@x1YpX+o=YLz8iMk3Mr1IjYq3mRQ(>u#;N+QH7fa=Dr&gRW*cOzlTINhR8
zCP&}SC7D|Wongs(FO&nsO9x;#2j|EVwRU{`MLl3|t^EU@DGEZ~Q>0M$gysAMSTPjf
z{jFHs@~J7*M_C2Rd^lP;N`^reM5JGwV{ya^zrn)vxj1P0E0qYz#wtv$e`Q`TO&Z04
zVJJeTZ>lhXq@=*iU6xP*qSx)hw>w&_n32StD^QIsZA<z14s8d)L9BGVvMPM+7o>U4
z6o6RP>_E5|9p`85csJa<l+79)mL!>qRiQo14W|RJN~`m`VcCK@H}cT$(vc(;roMJ#
z6!e%GBHgBQ6#tr_rt6gN&JFnA;sAKMEtsHI+*K(-0@=t=MyM}Y8zi#AxAwWfQfvs|
znD}bpo43;`9Nkvr#p?NB+KxI6KK1fH%RnOqoI^ar(75~$DxANleG7>XNe8CUQ+fh?
z+6L5jEk|iZ(XLr3y{lb+M2oE8s?dADKy@Ywt*?@WiQo6_4U031YZDl>N6};JM1Uf5
z5A=1z8Js*2k#j@L<p<Q7;~;6Y6zeREsV^*?Xx;`0wj5@(L>$t*-M<X&tUk<bVinLu
z%soHEnuy9IY9QI)mso|b1R4Tk8_v|X>aAbD)(hsN#d-93QD=dZ=1^xh2J^j=$Bhqm
zUAs~GS~(nzOF8K)_*W>%%KwbIuc0&Rej_(nP+{0oKt9^f3y?on)w`_@N-QqVy~tSs
z5Cc6>ZC4ZJ4TejDx3zhGgIaHi{(x3g5;)PH`~W_7{1Aw-yQ82b1nW@?Wo=MZ+i$%L
z-hmXcEFjgd+XHFbx%yie)QD`=RjTj|f%Nq~59b$K(oZIeT$-grpOnW7S&SL%Tvk?>
zLVrUmPZ!#f=jB50NEY+CS2g*<|J!TI)CX#;vYl6jBUU)^JM=Xg#aQju`RXK-nhn<2
zEVL)F+FG+&6creHS|y~&{O6eAts5>nzbe&zU2W>OTPAgbZ<J5Nq5XH#U1)b9Ua5i1
z9e!gm`&hKa+tO+ay1|r=C7%*MrGiG6EBQ%+QZox=efDpWiq8;nc>wrbFM|H8NcXL5
zF{OG*CUdoV+zDB?U_Dj%Et?O+Ou8H}-)w`wqsb_E-af2_=Qv4ADqnmhKO$ckHlov7
znZ0*bj^wcs#7&Q`5e$Q(8wu?uU)VsDJWB{;3tu0uBv?QUw=3StyN{l5UB1grhl0%k
z)cX3<iu;7M$BRbA7oNMmf7!{*2`y79@*S8(gFn+ec<2m~2w@4%(?_+#uw%V3v-&ru
zgWo<Fq_YO4&eQ#|gXp=A#|$t9^%6i5KThYw=1aZ`_1(4QnX^o-5qcrD;aH)jffYao
z_FZfcE_PJ+9gd3zUbKRD2Oae^(?b}5S{)ok?I~uT*gHa0C6Qk}t?8Iio%TIuYFB{v
zJ22ZN#BF&uZ*CI!6v+=-Y>v0JKg1~uw5XL4VEn`+E`PugQ_OcbN%EyU&D;3ydI$pg
zLY_p8P@J$krUi+(!S#Rp2Tx+!>fNjD@a)JH;>|&E!?&So1x+s2Y;}1)A9bTxA(|CO
z)_#FMyCa>=fCoSkgYmvCZ=$q8W=2jf@{G9a_J1=%a6*~G{}@?>X+wJkU2~j50Y+r-
zJJ7Dq2m<pJNjb6N?FAz9B0vW?)BW$_z89$MR>g&^`2<D{NL-dRp4=Z5j@HM+U`&Ny
zT3vn2Zv8ytPaE2O`YZ{J*qLzmkPX4X!g)D*ok`Am`T0FO=RKSm&qo&tj8&ea%-bbU
zF7fX~R^S`^z8l0|od11~$WHAsejv{4w2{T!9guRB6NgyrtJ)Ln5(eeD<_jkS2p&k+
z>PqQQas44HCl+TPx4P__hG_^styc8*$DsdtpfYK%wy$32y9>!!Z*uaJXX8YL^#1KT
zq<$25ZZLp{>$u&!&svx#Npa_n2DCl2zrUci9{|CD*)t~|3ALWXp_6y~*G${{4kELg
zh-S~9J=m?TEmv2NA{Wzbn@?XhJ1iSBVtu{-;zpei|EH8QZA(Hy!!U{pWQw*NuM)Gy
zC0oP_mlWK$%*?5-)1pvRrkRCyGFL!A%N9(handvp?9|j{VIE5mGtm|+WgAOUKuC{)
z#un<)5M`L(FhAmbKD^I!-$%Y01N*g9o%3q$<!}h*kh{I6SF4%K8FC|}hudM2<#sQf
z%xl>*8*!>x#t+*Emw|YdWgEStZM<MF7HL=oPla$lfR#`V3MUg7AEoCL+>Brm<R}Oa
zzUTbu^H!uY`%?0t)O>XKzOWH$_RI@5v0CgFAVn+K?S8uXXwMlvFE;wfITDRG&$C(z
zj(}bSSv0GEKN+MjS>yhi^UrSAQ{H*oAH>Rl#sdt5j-2`sZJ6HYWLiwHoPei><o7xn
zBDftnafagFEgaMogyr>RZU+aBl~;3DaUANhfN<d^H2n+*^{t^};1Y`a*cRKJY8Y;l
z&6j~hk%GAhh}q$6yu4ItTnR++{MCJr1>0x*xYxakFr}n4tXJNaXX`jH_RQ&WiA$-p
z$O>I2^n?QbWIA@d=b-MBkBDYoWH9x<#8f3>@2x%GFBZdrL<d%)W&8KR0EunnBArbM
zoE2&_vBB_E?<TQ97y(&dXAN1uz!gSCFRg5A4Ej2b8ksiYV2qxwU`adm&-j`GxXpB6
zrEB#1;gsm751AIj0KOWeG@`8tY%OVcB{zFxfG&uG>Lx7`s+}3q(C?21sC8FZ5AqWv
z6{XCa*3<^-26S0=S+|Pf$-aL2Eu+zPKM=;DZT>mNer)%AwujjmIBI)e9Q5KWtn!sy
zP<2vQG}_SiH?^MSn%;?WRz7BIV>dUJ=@2@sxMa3iuBIGlE(^FMT5CVmbzGU_=803a
zE<JR`IDBI^zK&wIo$zF4sk55At6poc*J{=nAO^_9iU6LkF6Os&+`|_$yzW9zt+>lS
zj@*}q^M1%|Tsvx`vN^F@M3E>9mI0&zgzEx`TeGyQ@95`?e2wv*rZGSwDU1u(mn&mm
zLdEP7xtJ|WAuE(dRHd{t<m$+D&K71hh7PwoFT6bXT8olnpCslX9m_XBqa+Q0U&ad}
zV6(DqC%ff>!yME)b>yE(YQ1Gdoo-V2%7Tffetl_L#rX%nSBsa=&-dgN>w3AGD|3<|
zPr2_(0}z)*J2rm7x_%LB$2`b~#DyMh6Gm7i@oXtM_m*kbgX9YOT;$^KXYmcKuKxrP
zQ^+%E)(IxL%VjV~JGAfxJf5U6dix?lR?zG>pyP2X(9G2?q;OD6q_J21L*}P4L0NNG
zxPOdWEt2#>4LS>0#9L0qvL^_YtjmWPxep>+C0lnVn9s-ryPB$6;XH3Aj9>hzERljg
z9q#rd^qo7s`^nfu@BupFo%Tteb`}72z=Q`(S+CLvjuHOaJm~=0zwcnrOKQ+$CRMW9
z{A#!mvXa%|t`Nlc+$BJ%@os-4d_;TO2XqKS64tkU%i(?M_2CWh2B;@QKz^w^B?khg
zzI*5Ff@sS|)c<MT5I6A=tS`9p)rbdE<Jk8<L;fCMIM>~QAgx>O=UynH>c!g?Ha9}y
z!n^9t^L!E8QunoBIYaaZm?O)0{(ku_PUVZHW7LrXI0tpi+8)5GE-UKNuw*^Y|FHY<
zl<xlCKI9m%UO7K_KG7{T9f6ApIZ47DG;P`|RW@Rm)*l&Old|J@s)C`aZjnS3jTPn6
zvs`wx<Ds$&X{S?N)@}nUNnvUt9E2U~3#q3pw}>%^H%zd8Y7IALYR2(Od`v1Iy4h!A
z4={6+MsaWl??1>hH|np#@s}W+lLWG~ldtHT>~zIo`B9Pr5Fnsgf6tri?iQ`h-L&yh
zS-JFQp<-@^TrHLl?j_yCr_o$ntv!9=xN$Hs1o`QKpWJafHOzBgB2=^oMCVNw+hWRF
z7k>~lrl+v`cRsVn?3nAHEOwAz;X9(8V0~J=N1ZBJ>6G6yaY4OV)yu;5j`_B+tJY$=
z&fnA_JT$3`oTQq;gR_{pbmjJ@8WT*uvbKm+J5qwCpPH47+3fD0_b}TnArBNrajLlb
zD9tB_B@6`iW^&5L4A)6&yc1alrvzvx;bvIjzjnT*T`UsDkD36R$(rl%8viY~ufp>>
zNJk-~d$IPxnL~okN73b*R!z9iYENg`Dk`(*Ml<d=$s*5*EEbB4H(2y0<QH`W`wAx}
zLqE@<#R9AmIFmhj1hmu=YunSO4Qxk5+Murz!z>$_>GK{HTz8+V(kbhF-4S0wRR86!
z=n2!!EtLUEYARgQ2{}IGjy6M<qQ``)lK#YhqT{ms;X*HU<qg|QT2aHCdS*W$BFb|7
z)v?wK{yS{g?ROUZVnWhkQ1m|3w_P_w!zywK51qeUV};uPPoy*KD}NSRLeWra`B8!P
zcgxp=ei2!!pO>S+<A7^Ga52DX$#Pr!<(T!~vo&)T8Md{QOIr^Ywx~faj9kR`u3g>N
zH&o?2nrxDNxPQ&TaH^0kXgN5aT#V!nmxASslK~uB`@YgH8Yr(=kWh9(!pJ#L+7|Zm
zi`LxdM#QL8(mPQLbNMG)X2j)t1o7;k67kZREL-7tfdi=O%~0^+m+DM9H*btm53QC7
zvN@>Rq$YhrK6AGn!5#V|_XA%tQ9z^&AnHj?xtADg>Z_JLu0_H|v`^klcCL{J5L_6{
zu66>*?4$c}n{nXGEvw0<%BAk#k=$fukC^XrS553cBzmzVk3z}>UKb=128`Cw8pC|H
z3dwzH4lY-D8*+S#CRFe9f)4quaZ1|BwaizmrOWH{+dm?CBOF?5{8Y>TuQ|F=Yq0ba
Whni{2r8ujn36K=OKaLfHrTiD}=OaM?


From 00bfd601472019d01a65cf42a2de0e6e9c74bd49 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 16:59:11 -0600
Subject: [PATCH 14/22] test: update DigiDollar unit expectations

Recent RC33 follow-up changes intentionally tightened DigiDollar behavior, but several unit tests still expected the old rules.

DD script opcodes are now Tapscript-only. Legacy/P2SH script tests should see BAD_OPCODE for raw 0xbb-0xbe, while opcode attack and oracle tests need to exercise the Tapscript path where those opcodes are valid.

Mint validation also no longer lets skipOracleValidation bypass collateral and lock-period checks. Lock-height fixtures now validate historical mints at their original block height and calculate the required collateral instead of relying on stale hard-coded amounts.

Other fixtures now fund fee/collateral cases correctly, assert transaction builder success before dereferencing results, and pass the required P2SH/WITNESS/TAPROOT flags for Taproot script checks.
---
 src/test/data/script_tests.json               |  8 +--
 src/test/digidollar_change_tests.cpp          | 43 +++++++-------
 src/test/digidollar_lock_height_tests.cpp     | 46 +++++++++++----
 src/test/digidollar_redteam_tests.cpp         | 11 +++-
 .../digidollar_rh20_time_ordering_tests.cpp   |  4 +-
 src/test/digidollar_script_attacks_tests.cpp  | 37 ++++++------
 ...op_checkprice_mock_weaponization_tests.cpp | 59 ++++++++++---------
 src/test/rh54_op_oracle_opsuccess_tests.cpp   | 11 ++--
 8 files changed, 126 insertions(+), 93 deletions(-)

diff --git a/src/test/data/script_tests.json b/src/test/data/script_tests.json
index 1ae9a170b0..409e4bd445 100644
--- a/src/test/data/script_tests.json
+++ b/src/test/data/script_tests.json
@@ -890,10 +890,10 @@
 
 ["0x50","1", "P2SH,STRICTENC", "BAD_OPCODE", "opcode 0x50 is reserved"],
 ["1", "IF 0xba ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE", "opcodes above MAX_OPCODE invalid if executed"],
-["1", "IF 0xbb ELSE 1 ENDIF", "P2SH,STRICTENC", "EVAL_FALSE", "OP_DIGIDOLLAR (0xbb) is valid DigiDollar opcode"],
-["1", "IF 0xbc ELSE 1 ENDIF", "P2SH,STRICTENC", "EVAL_FALSE", "OP_DDVERIFY (0xbc) is valid DigiDollar opcode"],
-["1", "IF 0xbd ELSE 1 ENDIF", "P2SH,STRICTENC", "EVAL_FALSE", "OP_CHECKPRICE (0xbd) is valid DigiDollar opcode"],
-["1", "IF 0xbe ELSE 1 ENDIF", "P2SH,STRICTENC", "EVAL_FALSE", "OP_CHECKCOLLATERAL (0xbe) is valid DigiDollar opcode"],
+["1", "IF 0xbb ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE", "OP_DIGIDOLLAR (0xbb) is Tapscript-only"],
+["1", "IF 0xbc ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE", "OP_DDVERIFY (0xbc) is Tapscript-only"],
+["1", "IF 0xbd ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE", "OP_CHECKPRICE (0xbd) is Tapscript-only"],
+["1", "IF 0xbe ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE", "OP_CHECKCOLLATERAL (0xbe) is Tapscript-only"],
 ["1", "IF 0xbf ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE"],
 ["1", "IF 0xc0 ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE"],
 ["1", "IF 0xc1 ELSE 1 ENDIF", "P2SH,STRICTENC", "BAD_OPCODE"],
diff --git a/src/test/digidollar_change_tests.cpp b/src/test/digidollar_change_tests.cpp
index 2ebe7f8ef9..6a7e0e2c6c 100644
--- a/src/test/digidollar_change_tests.cpp
+++ b/src/test/digidollar_change_tests.cpp
@@ -149,7 +149,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_change_output, DDChangeTestFixture)
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(100000)); // 1000 DD ($1000.00)
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000)); // 0.001 DGB for fees
+    params.feeUtxos.push_back(CreateMockDGBUTXO(20000000)); // 0.2 DGB for 0.1 DGB min fee + change
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -157,7 +157,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_change_output, DDChangeTestFixture)
     TxBuilderResult result = builder.BuildTransferTransaction(params);
 
     // Assert
-    BOOST_CHECK_EQUAL(result.success, true);
+    BOOST_REQUIRE_EQUAL(result.success, true);
     BOOST_CHECK_MESSAGE(result.error.empty(), "Unexpected error: " << result.error);
 
     // Find OP_RETURN output and extract DD amounts
@@ -170,7 +170,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_change_output, DDChangeTestFixture)
         }
     }
 
-    BOOST_CHECK_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
+    BOOST_REQUIRE_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
 
     // Debug: Count P2TR DD outputs
     int dd_p2tr_count = 0;
@@ -184,7 +184,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_change_output, DDChangeTestFixture)
     }
 
     // Should have 2 DD amounts in OP_RETURN: recipient + change
-    BOOST_CHECK_EQUAL(ddAmounts.size(), 2);
+    BOOST_REQUIRE_EQUAL(ddAmounts.size(), 2);
 
     // Verify total DD is conserved (1000 DD)
     CAmount totalDD = 0;
@@ -255,7 +255,7 @@ BOOST_FIXTURE_TEST_CASE(test_no_dd_change_exact_amount, DDChangeTestFixture)
     params.feeRate = 100000; // 100,000 sat/kB
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(50000)); // Exact amount
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(20000000));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -263,7 +263,8 @@ BOOST_FIXTURE_TEST_CASE(test_no_dd_change_exact_amount, DDChangeTestFixture)
     TxBuilderResult result = builder.BuildTransferTransaction(params);
 
     // Assert
-    BOOST_CHECK_EQUAL(result.success, true);
+    BOOST_REQUIRE_EQUAL(result.success, true);
+    BOOST_CHECK_MESSAGE(result.error.empty(), "Unexpected error: " << result.error);
 
     // Find OP_RETURN and extract DD amounts
     std::vector<CAmount> ddAmounts;
@@ -275,10 +276,10 @@ BOOST_FIXTURE_TEST_CASE(test_no_dd_change_exact_amount, DDChangeTestFixture)
         }
     }
 
-    BOOST_CHECK_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
+    BOOST_REQUIRE_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
 
     // Should have exactly 1 DD amount in OP_RETURN (recipient only, no change)
-    BOOST_CHECK_EQUAL(ddAmounts.size(), 1);
+    BOOST_REQUIRE_EQUAL(ddAmounts.size(), 1);
     BOOST_CHECK_EQUAL(ddAmounts[0], 50000);
 }
 
@@ -302,7 +303,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_change_below_dust, DDChangeTestFixture)
     params.feeRate = 100000;
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(totalDD));
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(20000000));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -310,7 +311,7 @@ BOOST_FIXTURE_TEST_CASE(test_dd_change_below_dust, DDChangeTestFixture)
     TxBuilderResult result = builder.BuildTransferTransaction(params);
 
     // Assert: Transaction succeeds
-    BOOST_CHECK_EQUAL(result.success, true);
+    BOOST_REQUIRE_EQUAL(result.success, true);
     BOOST_CHECK_MESSAGE(result.error.empty(), "Unexpected error: " << result.error);
 
     // Extract DD amounts from OP_RETURN
@@ -323,10 +324,10 @@ BOOST_FIXTURE_TEST_CASE(test_dd_change_below_dust, DDChangeTestFixture)
         }
     }
 
-    BOOST_CHECK_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
+    BOOST_REQUIRE_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
 
     // Must have 2 DD amounts: recipient + sub-$1 change (NOT dropped as dust)
-    BOOST_CHECK_EQUAL(ddAmounts.size(), 2);
+    BOOST_REQUIRE_EQUAL(ddAmounts.size(), 2);
 
     // Total DD must be perfectly conserved
     CAmount totalDDOut = 0;
@@ -367,7 +368,7 @@ BOOST_FIXTURE_TEST_CASE(test_bug27_multi_input_dd_conservation, DDChangeTestFixt
     for (int i = 0; i < numUtxos; i++) {
         params.ddUtxos.push_back(CreateMockDDUTXO(perUtxo));
     }
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(20000000));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
@@ -375,7 +376,7 @@ BOOST_FIXTURE_TEST_CASE(test_bug27_multi_input_dd_conservation, DDChangeTestFixt
     TxBuilderResult result = builder.BuildTransferTransaction(params);
 
     // Assert: Must succeed — this was the exact failure scenario
-    BOOST_CHECK_EQUAL(result.success, true);
+    BOOST_REQUIRE_EQUAL(result.success, true);
     BOOST_CHECK_MESSAGE(result.error.empty(), "Bug #27 regression: " << result.error);
 
     // Extract DD amounts from OP_RETURN
@@ -388,10 +389,10 @@ BOOST_FIXTURE_TEST_CASE(test_bug27_multi_input_dd_conservation, DDChangeTestFixt
         }
     }
 
-    BOOST_CHECK_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
+    BOOST_REQUIRE_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
 
     // Must have 2 amounts: $99.50 recipient + $0.50 change
-    BOOST_CHECK_EQUAL(ddAmounts.size(), 2);
+    BOOST_REQUIRE_EQUAL(ddAmounts.size(), 2);
 
     // CRITICAL: Total DD must be perfectly conserved — not one cent lost
     CAmount totalDDOut = 0;
@@ -429,26 +430,28 @@ BOOST_FIXTURE_TEST_CASE(test_single_cent_dd_change_preserved, DDChangeTestFixtur
     params.feeRate = 100000;
     params.spenderKey = senderKey;
     params.ddUtxos.push_back(CreateMockDDUTXO(10000)); // $100.00
-    params.feeUtxos.push_back(CreateMockDGBUTXO(100000));
+    params.feeUtxos.push_back(CreateMockDGBUTXO(20000000));
 
     MockTransferTxBuilder builder(chainParams, currentHeight, oraclePrice);
 
     TxBuilderResult result = builder.BuildTransferTransaction(params);
 
-    BOOST_CHECK_EQUAL(result.success, true);
+    BOOST_REQUIRE_EQUAL(result.success, true);
     BOOST_CHECK_MESSAGE(result.error.empty(), "Unexpected error: " << result.error);
 
     // Extract DD amounts from OP_RETURN
     std::vector<CAmount> ddAmounts;
+    bool found_opreturn = false;
     for (const auto& output : result.tx.vout) {
         if (output.scriptPubKey.size() > 0 && output.scriptPubKey[0] == OP_RETURN) {
-            ExtractDDAmountsFromOpReturn(output.scriptPubKey, ddAmounts);
+            found_opreturn = ExtractDDAmountsFromOpReturn(output.scriptPubKey, ddAmounts);
             break;
         }
     }
+    BOOST_REQUIRE_MESSAGE(found_opreturn, "No OP_RETURN found in transaction");
 
     // Must have 2 amounts: $99.99 + $0.01 change
-    BOOST_CHECK_EQUAL(ddAmounts.size(), 2);
+    BOOST_REQUIRE_EQUAL(ddAmounts.size(), 2);
 
     CAmount totalDDOut = 0;
     for (CAmount amount : ddAmounts) {
diff --git a/src/test/digidollar_lock_height_tests.cpp b/src/test/digidollar_lock_height_tests.cpp
index 819f776c0a..7d840c9b06 100644
--- a/src/test/digidollar_lock_height_tests.cpp
+++ b/src/test/digidollar_lock_height_tests.cpp
@@ -90,28 +90,42 @@ struct DigiDollarLockHeightTestSetup : public TestingSetup {
 BOOST_FIXTURE_TEST_CASE(rescan_mature_mint_passes, DigiDollarLockHeightTestSetup)
 {
     // Mint created at height 100 with lockHeight 340 (1-hour tier / 240 blocks).
-    // During rescan/revalidation at height 500, it must still validate.
+    // Historical revalidation uses the original block-connection height. Mint
+    // validation still enforces collateral using lockHeight - nHeight, even when
+    // oracle validation is skipped.
+    const int mintHeight = 100;
     const int64_t lockHeight = 340;
-    const CTransaction tx = CreateMintTx(lockHeight, /*lock_tier=*/0, /*dd_amount=*/10000, /*collateral=*/1000 * COIN);
-    DigiDollar::ValidationContext ctx = MakeContext(/*height=*/500, /*skip_oracle_validation=*/true);
+    DigiDollar::ValidationContext ctx = MakeContext(mintHeight, /*skip_oracle_validation=*/true);
+    const CAmount ddAmount = 10000;
+    const CAmount requiredCollateral = DigiDollar::CalculateRequiredCollateral(
+        ddAmount, lockHeight - mintHeight, ctx);
+    BOOST_REQUIRE(requiredCollateral > 0);
+    const CTransaction tx = CreateMintTx(lockHeight, /*lock_tier=*/0, ddAmount, requiredCollateral);
     TxValidationState state;
 
     ResetVolatilityState(ctx.nHeight);
-    BOOST_CHECK(DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state));
+    BOOST_CHECK_MESSAGE(DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state),
+        "Historical mint should pass at original validation height, got: " + state.GetRejectReason());
     BOOST_CHECK(state.IsValid());
 }
 
 BOOST_FIXTURE_TEST_CASE(rescan_immature_mint_still_valid, DigiDollarLockHeightTestSetup)
 {
     // Same historical mint, but validation context is height 200 (lock not yet matured).
-    // Rescan/revalidation must not reject it for lock tier mismatch.
+    // Revalidation must not reject it for lock tier mismatch; collateral is still
+    // checked against the current remaining lock period.
     const int64_t lockHeight = 340;
-    const CTransaction tx = CreateMintTx(lockHeight, /*lock_tier=*/0, /*dd_amount=*/10000, /*collateral=*/1000 * COIN);
     DigiDollar::ValidationContext ctx = MakeContext(/*height=*/200, /*skip_oracle_validation=*/true);
+    const CAmount ddAmount = 10000;
+    const CAmount requiredCollateral = DigiDollar::CalculateRequiredCollateral(
+        ddAmount, lockHeight - ctx.nHeight, ctx);
+    BOOST_REQUIRE(requiredCollateral > 0);
+    const CTransaction tx = CreateMintTx(lockHeight, /*lock_tier=*/0, ddAmount, requiredCollateral);
     TxValidationState state;
 
     ResetVolatilityState(ctx.nHeight);
-    BOOST_CHECK(DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state));
+    BOOST_CHECK_MESSAGE(DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state),
+        "Immature historical mint should pass, got: " + state.GetRejectReason());
     BOOST_CHECK(state.IsValid());
 }
 
@@ -201,17 +215,23 @@ BOOST_FIXTURE_TEST_CASE(fresh_mint_short_lock_high_tier_fails, DigiDollarLockHei
 
 BOOST_FIXTURE_TEST_CASE(matured_mint_locktime_in_past_passes, DigiDollarLockHeightTestSetup)
 {
-    // Matured mint: lockTime is in the past (lockTime <= nHeight).
-    // During rescan/wallet-reload, skipOracleValidation is true (no live oracle data).
-    // The tier check must be skipped for matured mints, confirming RC25 behavior.
+    // A 30-day mint validated at its original block height must pass even when
+    // oracle validation is skipped. Fully matured mints are redemption cases;
+    // mint validation rejects them because lockTime - nHeight is non-positive.
+    const int mintHeight = 39237;
+    const int64_t tier1LockBlocks = DigiDollar::LockDaysToBlocks(30);
     const int64_t lockHeight = 212037;
-    const CTransaction tx = CreateMintTx(lockHeight, /*lock_tier=*/1, /*dd_amount=*/10000, /*collateral=*/1000 * COIN);
-    DigiDollar::ValidationContext ctx = MakeContext(/*height=*/300000, /*skip_oracle_validation=*/true);
+    BOOST_REQUIRE_EQUAL(lockHeight, mintHeight + tier1LockBlocks);
+    DigiDollar::ValidationContext ctx = MakeContext(mintHeight, /*skip_oracle_validation=*/true);
+    const CAmount ddAmount = 10000;
+    const CAmount requiredCollateral = DigiDollar::CalculateRequiredCollateral(ddAmount, tier1LockBlocks, ctx);
+    BOOST_REQUIRE(requiredCollateral > 0);
+    const CTransaction tx = CreateMintTx(lockHeight, /*lock_tier=*/1, ddAmount, requiredCollateral);
     TxValidationState state;
 
     ResetVolatilityState(ctx.nHeight);
     BOOST_CHECK_MESSAGE(DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state),
-        "Matured mint should pass, got: " + state.GetRejectReason());
+        "Historical 30-day mint should pass at original validation height, got: " + state.GetRejectReason());
     BOOST_CHECK(state.IsValid());
 }
 
diff --git a/src/test/digidollar_redteam_tests.cpp b/src/test/digidollar_redteam_tests.cpp
index 75ace78ab6..a008053473 100644
--- a/src/test/digidollar_redteam_tests.cpp
+++ b/src/test/digidollar_redteam_tests.cpp
@@ -999,9 +999,16 @@ BOOST_AUTO_TEST_CASE(redteam_nums_key_legitimate_collateral_accepted)
 
     const int nHeight = 1000;
     const CAmount ddAmount = 10000;  // $100
+    const CAmount oraclePriceMicroUSD = 500000; // $0.50/DGB
     // Use tier 1 = 30 days lock, consistent lockHeight and tier
     const int64_t lockHeight = nHeight + DigiDollar::LockDaysToBlocks(30);
 
+    DigiDollar::ValidationContext ctx(nHeight, oraclePriceMicroUSD, 150, *regTestParams);
+    ctx.skipOracleValidation = true;
+    const CAmount collateralAmount = DigiDollar::CalculateRequiredCollateral(
+        ddAmount, DigiDollar::LockDaysToBlocks(30), ctx);
+    BOOST_REQUIRE_GT(collateralAmount, 0);
+
     // Create LEGITIMATE collateral with NUMS key
     DigiDollar::MintParams params;
     params.ddAmount = ddAmount;
@@ -1030,13 +1037,11 @@ BOOST_AUTO_TEST_CASE(redteam_nums_key_legitimate_collateral_accepted)
                                  << CScriptNum(1)
                                  << std::vector<unsigned char>(ownerXOnly.begin(), ownerXOnly.end());
     mintTx.vout.push_back(CTxOut(0, opReturn));
-    mintTx.vout.push_back(CTxOut(100 * COIN, collateral));
+    mintTx.vout.push_back(CTxOut(collateralAmount, collateral));
 
     CScript ddToken = DigiDollar::CreateDigiDollarP2TR(ownerXOnly, ddAmount);
     mintTx.vout.push_back(CTxOut(0, ddToken));
 
-    DigiDollar::ValidationContext ctx(nHeight, 1000, 150, *regTestParams);
-    ctx.skipOracleValidation = true;
     TxValidationState state;
 
     bool result = DigiDollar::ValidateMintTransaction(
diff --git a/src/test/digidollar_rh20_time_ordering_tests.cpp b/src/test/digidollar_rh20_time_ordering_tests.cpp
index c10794ce2a..e91bac9809 100644
--- a/src/test/digidollar_rh20_time_ordering_tests.cpp
+++ b/src/test/digidollar_rh20_time_ordering_tests.cpp
@@ -492,7 +492,9 @@ BOOST_FIXTURE_TEST_CASE(skip_oracle_validation_still_checks_structure, RH20TestS
     mtx.vout[1] = CTxOut(0, ddScript);
 
     CTransaction tx(mtx);
-    auto ctx = MakeContext(currentHeight, /*oraclePrice=*/0, /*systemCollateral=*/150, /*skipOracle=*/true);
+    // Use a live oracle price here so this fixture isolates the structural
+    // missing-collateral check rather than the consensus oracle-price gate.
+    auto ctx = MakeContext(currentHeight, /*oraclePrice=*/500000, /*systemCollateral=*/150, /*skipOracle=*/true);
     TxValidationState state;
 
     bool result = DigiDollar::ValidateMintTransaction(tx, ctx, state);
diff --git a/src/test/digidollar_script_attacks_tests.cpp b/src/test/digidollar_script_attacks_tests.cpp
index 9f92b235d4..3afdba7b13 100644
--- a/src/test/digidollar_script_attacks_tests.cpp
+++ b/src/test/digidollar_script_attacks_tests.cpp
@@ -32,15 +32,15 @@ bool EvalDD(const CScript& script, std::vector<std::vector<unsigned char>>& stac
 {
     MockSignatureChecker checker;
     ScriptExecutionData execdata;
-    return EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::BASE, execdata, &error);
+    return EvalScript(stack, script, SCRIPT_VERIFY_DIGIDOLLAR, checker, SigVersion::TAPSCRIPT, execdata, &error);
 }
 
-// Helper to evaluate without DD flags
+// Helper to evaluate Tapscript before DD activation
 bool EvalNonDD(const CScript& script, std::vector<std::vector<unsigned char>>& stack, ScriptError& error)
 {
     MockSignatureChecker checker;
     ScriptExecutionData execdata;
-    return EvalScript(stack, script, SCRIPT_VERIFY_NONE, checker, SigVersion::BASE, execdata, &error);
+    return EvalScript(stack, script, SCRIPT_VERIFY_NONE, checker, SigVersion::TAPSCRIPT, execdata, &error);
 }
 
 } // namespace
@@ -148,10 +148,10 @@ BOOST_AUTO_TEST_CASE(attack_dd_followed_by_ddverify)
 }
 
 // ============================================================================
-// ATTACK VECTOR 4: NOP-mode stack divergence
+// ATTACK VECTOR 4: pre-activation OP_SUCCESSx stack divergence
 // ============================================================================
-// Without SCRIPT_VERIFY_DIGIDOLLAR, OP_DIGIDOLLAR is a NOP but the amount
-// push still executes, leaving a number on the stack.
+// Without SCRIPT_VERIFY_DIGIDOLLAR, OP_DIGIDOLLAR remains a BIP342 OP_SUCCESSx
+// and succeeds immediately without executing the following amount push.
 // With the flag, OP_DIGIDOLLAR consumes the amount and pushes true/false.
 // This means the same script produces different stack states.
 BOOST_AUTO_TEST_CASE(attack_nop_mode_stack_divergence)
@@ -163,28 +163,27 @@ BOOST_AUTO_TEST_CASE(attack_nop_mode_stack_divergence)
 
     // With DD flags
     std::vector<std::vector<unsigned char>> stack_dd;
-    EvalDD(script, stack_dd, error);
+    bool dd_result = EvalDD(script, stack_dd, error);
+    BOOST_CHECK(dd_result);
 
     // Without DD flags
     std::vector<std::vector<unsigned char>> stack_nop;
-    EvalNonDD(script, stack_nop, error);
+    bool nop_result = EvalNonDD(script, stack_nop, error);
+    BOOST_CHECK(nop_result);
 
-    // Document the divergence — this is expected for soft fork NOPs that consume args,
-    // but we need to verify it doesn't break consensus rules
+    // Document the divergence — this is expected for soft-fork OP_SUCCESSx
+    // activation, but we need to verify it doesn't break consensus rules.
     BOOST_TEST_MESSAGE("DD-mode stack size: " << stack_dd.size());
-    BOOST_TEST_MESSAGE("NOP-mode stack size: " << stack_nop.size());
+    BOOST_TEST_MESSAGE("Pre-activation OP_SUCCESSx stack size: " << stack_nop.size());
 
-    // In NOP mode: stack has [100000] (the push is a regular push)
+    // In pre-activation OP_SUCCESSx mode: execution short-circuits immediately.
     // In DD mode: stack has [true] (OP_DIGIDOLLAR consumed the push and output true)
-    // This is CORRECT for NOP-based soft forks BUT only if old nodes can't spend these
-    BOOST_CHECK_EQUAL(stack_nop.size(), 1U); // Just the pushed number
+    // This is CORRECT for Tapscript OP_SUCCESSx-based soft forks.
+    BOOST_CHECK_EQUAL(stack_nop.size(), 0U);
     BOOST_CHECK_EQUAL(stack_dd.size(), 1U);  // The validation result
 
-    // NOP-mode should have the raw number, DD-mode should have true
-    if (stack_nop.size() == 1 && stack_dd.size() == 1) {
-        int64_t nop_val = CScriptNum(stack_nop[0], false).GetInt64();
-        BOOST_TEST_MESSAGE("NOP-mode top: " << nop_val);
-        BOOST_CHECK_EQUAL(nop_val, 100000); // The raw amount
+    // DD-mode should have true.
+    if (stack_dd.size() == 1) {
         BOOST_CHECK(CastToBool(stack_dd[0])); // true
     }
 }
diff --git a/src/test/rh53_op_checkprice_mock_weaponization_tests.cpp b/src/test/rh53_op_checkprice_mock_weaponization_tests.cpp
index 5e913f63be..1df47ea7da 100644
--- a/src/test/rh53_op_checkprice_mock_weaponization_tests.cpp
+++ b/src/test/rh53_op_checkprice_mock_weaponization_tests.cpp
@@ -10,12 +10,12 @@
  *   src/script/interpreter.cpp::EvalScript (OP_CHECKPRICE handler).
  *
  * POST-FIX invariant (this test):
- *   OP_CHECKPRICE pushes TRUE iff the stack operand equals
- *   OracleBundleManager::GetInstance().GetLatestPrice(), consulted via the
- *   `g_get_oracle_consensus_price` hook in script/interpreter.h. When no
- *   oracle consensus price is available (hook unset, cache empty, or price
- *   equals 0), the opcode fails closed — pushes vchFalse regardless of
- *   the stack operand.
+ *   In active DigiDollar Tapscript, OP_CHECKPRICE pushes TRUE iff the stack
+ *   operand equals OracleBundleManager::GetInstance().GetLatestPrice(),
+ *   consulted via the `g_get_oracle_consensus_price` hook in
+ *   script/interpreter.h. When no oracle consensus price is available (hook
+ *   unset, cache empty, or price equals 0), the opcode fails closed — pushes
+ *   vchFalse regardless of the stack operand.
  *
  * PRE-FIX behavior (documented for the historical record):
  *   - A hardcoded static `GetMockOraclePrice()` returned 100000 µUSD ($0.10)
@@ -146,17 +146,17 @@ class ScopedNoOraclePrice {
 BOOST_FIXTURE_TEST_SUITE(rh53_op_checkprice_mock_weaponization_tests, BasicTestingSetup)
 
 // ---------------------------------------------------------------------------
-// Scenario A (BASE sigversion):
+// Scenario A (TAPSCRIPT sigversion):
 //   Real oracle price is $0.50. Witness puts $0.50 on stack. Post-fix:
 //   OP_CHECKPRICE pushes TRUE via the live oracle hook.
 // ---------------------------------------------------------------------------
-BOOST_AUTO_TEST_CASE(rh53_checkprice_must_consult_real_oracle_match_base)
+BOOST_AUTO_TEST_CASE(rh53_checkprice_must_consult_real_oracle_match_tapscript)
 {
     ScopedOraclePrice seed(REAL_ORACLE_PRICE);
     auto& mgr = OracleBundleManager::GetInstance();
     BOOST_REQUIRE_EQUAL(mgr.GetLatestPrice(), REAL_ORACLE_PRICE);
 
-    EvalOutcome out = RunCheckPrice(REAL_ORACLE_PRICE, SigVersion::BASE);
+    EvalOutcome out = RunCheckPrice(REAL_ORACLE_PRICE, SigVersion::TAPSCRIPT);
     BOOST_TEST_MESSAGE("  real=" << REAL_ORACLE_PRICE
                        << " witness=" << REAL_ORACLE_PRICE
                        << " script_ok=" << out.ok
@@ -171,17 +171,17 @@ BOOST_AUTO_TEST_CASE(rh53_checkprice_must_consult_real_oracle_match_base)
 }
 
 // ---------------------------------------------------------------------------
-// Scenario B (BASE sigversion, inverse):
+// Scenario B (TAPSCRIPT sigversion, inverse):
 //   Real oracle price is $0.50. Witness puts $0.10 (the legacy mock value).
 //   Post-fix: OP_CHECKPRICE pushes FALSE because 100000 != 500000.
 // ---------------------------------------------------------------------------
-BOOST_AUTO_TEST_CASE(rh53_checkprice_must_consult_real_oracle_mismatch_base)
+BOOST_AUTO_TEST_CASE(rh53_checkprice_must_consult_real_oracle_mismatch_tapscript)
 {
     ScopedOraclePrice seed(REAL_ORACLE_PRICE);
     auto& mgr = OracleBundleManager::GetInstance();
     BOOST_REQUIRE_EQUAL(mgr.GetLatestPrice(), REAL_ORACLE_PRICE);
 
-    EvalOutcome out = RunCheckPrice(LEGACY_MOCK_ORACLE_PRICE, SigVersion::BASE);
+    EvalOutcome out = RunCheckPrice(LEGACY_MOCK_ORACLE_PRICE, SigVersion::TAPSCRIPT);
     BOOST_TEST_MESSAGE("  real=" << REAL_ORACLE_PRICE
                        << " witness=" << LEGACY_MOCK_ORACLE_PRICE
                        << " script_ok=" << out.ok
@@ -197,27 +197,28 @@ BOOST_AUTO_TEST_CASE(rh53_checkprice_must_consult_real_oracle_mismatch_base)
 }
 
 // ---------------------------------------------------------------------------
-// Scenario C (TAPSCRIPT sigversion):
-//   The OP_CHECKPRICE handler runs identically across SigVersion. This
-//   locks down the live path DD mint/redeem scripts would actually use.
+// Scenario C (legacy sigversions):
+//   DigiDollar opcodes are Tapscript-only. Legacy script versions must reject
+//   OP_CHECKPRICE as a bad opcode even when the oracle hook is installed.
 // ---------------------------------------------------------------------------
-BOOST_AUTO_TEST_CASE(rh53_checkprice_must_consult_real_oracle_match_tapscript)
+BOOST_AUTO_TEST_CASE(rh53_checkprice_rejected_outside_tapscript)
 {
     ScopedOraclePrice seed(REAL_ORACLE_PRICE);
     auto& mgr = OracleBundleManager::GetInstance();
     BOOST_REQUIRE_EQUAL(mgr.GetLatestPrice(), REAL_ORACLE_PRICE);
 
-    EvalOutcome out = RunCheckPrice(REAL_ORACLE_PRICE, SigVersion::TAPSCRIPT);
-    BOOST_TEST_MESSAGE("  [tapscript] real=" << REAL_ORACLE_PRICE
-                       << " witness=" << REAL_ORACLE_PRICE
-                       << " script_ok=" << out.ok
-                       << " top_is_true=" << out.top_is_true
-                       << " err=" << ScriptErrorString(out.err));
+    for (SigVersion sigversion : {SigVersion::BASE, SigVersion::WITNESS_V0}) {
+        EvalOutcome out = RunCheckPrice(REAL_ORACLE_PRICE, sigversion);
+        BOOST_TEST_MESSAGE("  [legacy sigversion] real=" << REAL_ORACLE_PRICE
+                           << " witness=" << REAL_ORACLE_PRICE
+                           << " script_ok=" << out.ok
+                           << " top_is_true=" << out.top_is_true
+                           << " err=" << ScriptErrorString(out.err));
 
-    BOOST_CHECK_MESSAGE(out.ok,
-        "OP_CHECKPRICE in TAPSCRIPT must evaluate without error.");
-    BOOST_CHECK_MESSAGE(out.top_is_true,
-        "OP_CHECKPRICE in TAPSCRIPT must push TRUE when witness matches live oracle.");
+        BOOST_CHECK_MESSAGE(!out.ok,
+            "OP_CHECKPRICE must be rejected outside Tapscript.");
+        BOOST_CHECK_EQUAL(out.err, SCRIPT_ERR_BAD_OPCODE);
+    }
 }
 
 // ---------------------------------------------------------------------------
@@ -232,7 +233,7 @@ BOOST_AUTO_TEST_CASE(rh53_checkprice_fails_closed_with_no_oracle_hook)
     for (CAmount witness : {CAmount{0}, CAmount{1}, LEGACY_MOCK_ORACLE_PRICE,
                             REAL_ORACLE_PRICE, CAmount{1'000'000},
                             CAmount{100'000'000}}) {
-        EvalOutcome out = RunCheckPrice(witness, SigVersion::BASE);
+        EvalOutcome out = RunCheckPrice(witness, SigVersion::TAPSCRIPT);
         BOOST_TEST_MESSAGE("  no-oracle witness=" << witness
                            << " top_is_true=" << out.top_is_true);
         BOOST_CHECK(out.ok);
@@ -258,7 +259,7 @@ BOOST_AUTO_TEST_CASE(rh53_checkprice_fails_closed_with_zero_oracle_price)
     BOOST_REQUIRE_EQUAL(OracleBundleManager::GetInstance().GetLatestPrice(), 0);
 
     for (CAmount witness : {CAmount{0}, CAmount{1}, LEGACY_MOCK_ORACLE_PRICE, REAL_ORACLE_PRICE}) {
-        EvalOutcome out = RunCheckPrice(witness, SigVersion::BASE);
+        EvalOutcome out = RunCheckPrice(witness, SigVersion::TAPSCRIPT);
         BOOST_CHECK(out.ok);
         BOOST_CHECK_MESSAGE(!out.top_is_true,
             "OP_CHECKPRICE must fail-closed when oracle returns 0 even if "
@@ -281,7 +282,7 @@ BOOST_AUTO_TEST_CASE(rh53_control_price_equals_legacy_mock_still_matches)
     auto& mgr = OracleBundleManager::GetInstance();
     BOOST_REQUIRE_EQUAL(mgr.GetLatestPrice(), LEGACY_MOCK_ORACLE_PRICE);
 
-    EvalOutcome out = RunCheckPrice(LEGACY_MOCK_ORACLE_PRICE, SigVersion::BASE);
+    EvalOutcome out = RunCheckPrice(LEGACY_MOCK_ORACLE_PRICE, SigVersion::TAPSCRIPT);
     BOOST_CHECK(out.ok);
     BOOST_CHECK(out.top_is_true);
 }
diff --git a/src/test/rh54_op_oracle_opsuccess_tests.cpp b/src/test/rh54_op_oracle_opsuccess_tests.cpp
index 4350c0a034..31a816e612 100644
--- a/src/test/rh54_op_oracle_opsuccess_tests.cpp
+++ b/src/test/rh54_op_oracle_opsuccess_tests.cpp
@@ -22,6 +22,9 @@
 
 BOOST_FIXTURE_TEST_SUITE(rh54_op_oracle_opsuccess_tests, BasicTestingSetup)
 
+static constexpr unsigned int TAPROOT_VERIFY_FLAGS =
+    SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT;
+
 static CScript MakeSingleLeafTaproot(const CScript& leaf, CScriptWitness& witness)
 {
     static const std::vector<unsigned char> NUMS_PK{ParseHex("50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0")};
@@ -68,7 +71,7 @@ BOOST_AUTO_TEST_CASE(rh54_preactivation_tapscript_matches_old_opsuccess)
 
     ScriptError error;
     BOOST_CHECK(VerifyScript(CScript{}, script_pubkey, &witness,
-        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT,
+        TAPROOT_VERIFY_FLAGS,
         BaseSignatureChecker{}, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_OK);
 }
@@ -83,7 +86,7 @@ BOOST_AUTO_TEST_CASE(rh54_activation_removes_dd_opcodes_from_opsuccess)
 
     ScriptError error;
     BOOST_CHECK(!VerifyScript(CScript{}, script_pubkey, &witness,
-        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT | SCRIPT_VERIFY_DIGIDOLLAR,
+        TAPROOT_VERIFY_FLAGS | SCRIPT_VERIFY_DIGIDOLLAR,
         BaseSignatureChecker{}, &error));
     BOOST_CHECK_EQUAL(error, SCRIPT_ERR_INVALID_DD_AMOUNT);
 }
@@ -97,7 +100,7 @@ BOOST_AUTO_TEST_CASE(rh54_op_oracle_is_opsuccess_before_activation_bad_opcode_af
     const CScript script_pubkey_pre = MakeSingleLeafTaproot(leaf, witness_pre);
     ScriptError error_pre;
     BOOST_CHECK(VerifyScript(CScript{}, script_pubkey_pre, &witness_pre,
-        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT,
+        TAPROOT_VERIFY_FLAGS,
         BaseSignatureChecker{}, &error_pre));
     BOOST_CHECK_EQUAL(error_pre, SCRIPT_ERR_OK);
 
@@ -105,7 +108,7 @@ BOOST_AUTO_TEST_CASE(rh54_op_oracle_is_opsuccess_before_activation_bad_opcode_af
     const CScript script_pubkey_post = MakeSingleLeafTaproot(leaf, witness_post);
     ScriptError error_post;
     BOOST_CHECK(!VerifyScript(CScript{}, script_pubkey_post, &witness_post,
-        SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT | SCRIPT_VERIFY_DIGIDOLLAR,
+        TAPROOT_VERIFY_FLAGS | SCRIPT_VERIFY_DIGIDOLLAR,
         BaseSignatureChecker{}, &error_post));
     BOOST_CHECK_EQUAL(error_post, SCRIPT_ERR_BAD_OPCODE);
 }

From b33606f6fe0670970643541b35b5648d931f2bc6 Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 17:31:41 -0600
Subject: [PATCH 15/22] =?UTF-8?q?test/fuzz:=20Phase=202A=20harnesses=20fai?=
 =?UTF-8?q?led=20seeded=20runs=20=E2=80=94=20fix=20init?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/test/fuzz/fuzz_algo_selection.cpp     | 4 ++--
 src/test/fuzz/fuzz_algo_work_factor.cpp   | 8 +++++++-
 src/test/fuzz/fuzz_block_algo_routing.cpp | 8 +++++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/test/fuzz/fuzz_algo_selection.cpp b/src/test/fuzz/fuzz_algo_selection.cpp
index c03b58da27..9509f3f9fa 100644
--- a/src/test/fuzz/fuzz_algo_selection.cpp
+++ b/src/test/fuzz/fuzz_algo_selection.cpp
@@ -19,8 +19,8 @@ FUZZ_TARGET(fuzz_algo_selection_phase2a, .init = initialize_algo_selection)
     h.nVersion = fdp.ConsumeIntegral<int32_t>();
 
     const int algo = h.GetAlgo();
-    if (algo == ALGO_SHA256D || algo == ALGO_SCRYPT || algo == ALGO_SKEIN || algo == ALGO_QUBIT || algo == ALGO_ODO) {
-        assert((h.nVersion & GetVersionForAlgo(algo)) != 0);
+    if (algo != ALGO_UNKNOWN) {
+        assert((h.nVersion & BLOCK_VERSION_ALGO) == GetVersionForAlgo(algo));
     }
 
     // Invalid/multi-bit mixes should never crash GetPoWAlgoHash routing.
diff --git a/src/test/fuzz/fuzz_algo_work_factor.cpp b/src/test/fuzz/fuzz_algo_work_factor.cpp
index 060a926034..5508c56394 100644
--- a/src/test/fuzz/fuzz_algo_work_factor.cpp
+++ b/src/test/fuzz/fuzz_algo_work_factor.cpp
@@ -1,14 +1,20 @@
 #include <consensus/amount.h>
+#include <chainparams.h>
 #include <primitives/block.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
+#include <util/chaintype.h>
 
 #include <cassert>
 #include <cstdint>
 
 extern int GetAlgoWorkFactor(int nHeight, int algo);
 
-FUZZ_TARGET(fuzz_algo_work_factor_phase2a)
+namespace {
+void initialize_algo_work_factor() { SelectParams(ChainType::REGTEST); }
+}
+
+FUZZ_TARGET(fuzz_algo_work_factor_phase2a, .init = initialize_algo_work_factor)
 {
     FuzzedDataProvider fdp(buffer.data(), buffer.size());
     const int height = fdp.ConsumeIntegral<int>();
diff --git a/src/test/fuzz/fuzz_block_algo_routing.cpp b/src/test/fuzz/fuzz_block_algo_routing.cpp
index 6373a13682..6f6d556472 100644
--- a/src/test/fuzz/fuzz_block_algo_routing.cpp
+++ b/src/test/fuzz/fuzz_block_algo_routing.cpp
@@ -1,11 +1,17 @@
+#include <chainparams.h>
 #include <pow.h>
 #include <primitives/block.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
+#include <util/chaintype.h>
 
 #include <cassert>
 
-FUZZ_TARGET(fuzz_block_algo_routing_phase2a)
+namespace {
+void initialize_block_algo_routing() { SelectParams(ChainType::REGTEST); }
+}
+
+FUZZ_TARGET(fuzz_block_algo_routing_phase2a, .init = initialize_block_algo_routing)
 {
     FuzzedDataProvider fdp(buffer.data(), buffer.size());
     CBlockHeader h;

From 109c34b4fe15ad7e1ccf2e59980eaf2d5ab10efd Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 17:48:40 -0600
Subject: [PATCH 16/22] =?UTF-8?q?test:=20coinstatsindex=20restart=20lost?=
 =?UTF-8?q?=20IPv4=20RPC=20bind=20=E2=80=94=20pin=20bind?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 test/functional/feature_coinstatsindex.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/functional/feature_coinstatsindex.py b/test/functional/feature_coinstatsindex.py
index 1c0ae95567..ec4baf4445 100755
--- a/test/functional/feature_coinstatsindex.py
+++ b/test/functional/feature_coinstatsindex.py
@@ -47,8 +47,8 @@ def set_test_params(self):
         self.supports_cli = False
         self.rpc_timeout = 900  # Needs extra time for reindexing under parallel load
         self.extra_args = [
-            ["-dandelion=0", "-minrelaytxfee=0.00000001"],
-            ["-coinstatsindex", "-dandelion=0", "-minrelaytxfee=0.00000001"]
+            ["-dandelion=0", "-minrelaytxfee=0.00000001", "-rpcbind=127.0.0.1"],
+            ["-coinstatsindex", "-dandelion=0", "-minrelaytxfee=0.00000001", "-rpcbind=127.0.0.1"]
         ]
 
     def _port_available(self, port):

From 713eb5bf920ee329cd2a1a0cf4d8f2d24cb7d28a Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 18:16:43 -0600
Subject: [PATCH 17/22] Add red oracle P0.5 tests

---
 src/Makefile.test.include                   |   2 +
 src/test/digidollar_oracle_musig2_tests.cpp | 402 ++++++++++++++++++++
 src/test/digidollar_oracle_roster_tests.cpp | 306 +++++++++++++++
 3 files changed, 710 insertions(+)
 create mode 100644 src/test/digidollar_oracle_musig2_tests.cpp
 create mode 100644 src/test/digidollar_oracle_roster_tests.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 5523fe486c..ca8582a3af 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -87,6 +87,8 @@ DIGIBYTE_TESTS =\
   test/digidollar_opcodes_tests.cpp \
   test/digidollar_script_attacks_tests.cpp \
   test/digidollar_oracle_tests.cpp \
+  test/digidollar_oracle_musig2_tests.cpp \
+  test/digidollar_oracle_roster_tests.cpp \
   test/digidollar_hot_path_logging_tests.cpp \
   test/rh50_oracle_keyset_alignment_tests.cpp \
   test/rh51_checkphase3_v1_split_tests.cpp \
diff --git a/src/test/digidollar_oracle_musig2_tests.cpp b/src/test/digidollar_oracle_musig2_tests.cpp
new file mode 100644
index 0000000000..58e0d937e6
--- /dev/null
+++ b/src/test/digidollar_oracle_musig2_tests.cpp
@@ -0,0 +1,402 @@
+// Copyright (c) 2026 The DigiByte Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <boost/test/unit_test.hpp>
+
+#include <chainparams.h>
+#include <consensus/merkle.h>
+#include <consensus/validation.h>
+#include <crypto/sha256.h>
+#include <hash.h>
+#include <oracle/bundle_manager.h>
+#include <primitives/block.h>
+#include <primitives/oracle.h>
+#include <primitives/transaction.h>
+#include <random.h>
+#include <script/script.h>
+#include <test/util/setup_common.h>
+#include <uint256.h>
+
+#include <secp256k1.h>
+#include <secp256k1_musig.h>
+#include <secp256k1_schnorrsig.h>
+
+#include <array>
+#include <cstring>
+#include <optional>
+#include <string>
+#include <vector>
+
+namespace {
+
+constexpr int32_t POST_DD_HEIGHT = 700;
+constexpr uint32_t BLOCK_TIME = 1735689600; // 2025-01-01T00:00:00Z
+constexpr uint64_t ORACLE_PRICE = 50000;
+
+std::array<unsigned char, 32> OracleSecret(const std::string& seed_prefix, uint8_t oracle_id)
+{
+    const std::string seed = seed_prefix + std::to_string(oracle_id);
+    uint256 hash;
+    CSHA256().Write(reinterpret_cast<const unsigned char*>(seed.data()), seed.size()).Finalize(hash.begin());
+
+    std::array<unsigned char, 32> secret{};
+    std::memcpy(secret.data(), hash.begin(), secret.size());
+    return secret;
+}
+
+CKey RegtestOracleKey(uint8_t oracle_id)
+{
+    const auto secret = OracleSecret("digibyte_regtest_oracle_", oracle_id);
+    CKey key;
+    key.Set(secret.begin(), secret.end(), true);
+    return key;
+}
+
+std::vector<unsigned char> EncodeBitmap(const std::vector<uint8_t>& oracle_ids, uint16_t total_oracles)
+{
+    std::vector<unsigned char> bitmap((total_oracles + 7) / 8, 0);
+    for (uint8_t id : oracle_ids) {
+        bitmap[id / 8] |= static_cast<unsigned char>(1U << (id % 8));
+    }
+    return bitmap;
+}
+
+bool SignV03Bundle(COracleBundle& bundle,
+                   const std::vector<uint8_t>& oracle_ids,
+                   uint16_t total_oracles,
+                   const std::optional<uint256>& override_hash = std::nullopt)
+{
+    secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
+    if (!ctx) return false;
+
+    const size_t n_signers = oracle_ids.size();
+    std::vector<std::array<unsigned char, 32>> seckeys(n_signers);
+    std::vector<secp256k1_keypair> keypairs(n_signers);
+    std::vector<secp256k1_pubkey> pubkeys(n_signers);
+
+    for (size_t i = 0; i < n_signers; ++i) {
+        seckeys[i] = OracleSecret("digibyte_regtest_oracle_", oracle_ids[i]);
+        if (!secp256k1_keypair_create(ctx, &keypairs[i], seckeys[i].data()) ||
+            !secp256k1_keypair_pub(ctx, &pubkeys[i], &keypairs[i])) {
+            secp256k1_context_destroy(ctx);
+            return false;
+        }
+    }
+
+    std::vector<const secp256k1_pubkey*> pubkey_ptrs(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        pubkey_ptrs[i] = &pubkeys[i];
+    }
+
+    secp256k1_xonly_pubkey agg_pk{};
+    secp256k1_musig_keyagg_cache cache{};
+    if (!secp256k1_musig_pubkey_agg(ctx, &agg_pk, &cache, pubkey_ptrs.data(), n_signers)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    std::vector<secp256k1_musig_secnonce> secnonces(n_signers);
+    std::vector<secp256k1_musig_pubnonce> pubnonces(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        unsigned char session_rand[32];
+        GetStrongRandBytes(Span{session_rand, 32});
+        if (!secp256k1_musig_nonce_gen(ctx, &secnonces[i], &pubnonces[i],
+                                       session_rand, seckeys[i].data(), &pubkeys[i],
+                                       nullptr, &cache, nullptr)) {
+            secp256k1_context_destroy(ctx);
+            return false;
+        }
+    }
+
+    std::vector<const secp256k1_musig_pubnonce*> nonce_ptrs(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        nonce_ptrs[i] = &pubnonces[i];
+    }
+
+    secp256k1_musig_aggnonce aggnonce{};
+    if (!secp256k1_musig_nonce_agg(ctx, &aggnonce, nonce_ptrs.data(), n_signers)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    const uint256 msg_hash = override_hash ? *override_hash : ComputeOracleBundleHash(bundle);
+    unsigned char msg32[32];
+    std::memcpy(msg32, msg_hash.begin(), sizeof(msg32));
+
+    secp256k1_musig_session session{};
+    if (!secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg32, &cache)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    std::vector<secp256k1_musig_partial_sig> partial_sigs(n_signers);
+    std::vector<const secp256k1_musig_partial_sig*> partial_ptrs(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        if (!secp256k1_musig_partial_sign(ctx, &partial_sigs[i], &secnonces[i],
+                                          &keypairs[i], &cache, &session)) {
+            secp256k1_context_destroy(ctx);
+            return false;
+        }
+        partial_ptrs[i] = &partial_sigs[i];
+    }
+
+    bundle.participation_bitmap = EncodeBitmap(oracle_ids, total_oracles);
+    bundle.aggregate_sig.assign(64, 0);
+    if (!secp256k1_musig_partial_sig_agg(ctx, bundle.aggregate_sig.data(),
+                                         &session, partial_ptrs.data(), n_signers)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    const bool verifies = secp256k1_schnorrsig_verify(ctx, bundle.aggregate_sig.data(), msg32, 32, &agg_pk);
+    secp256k1_context_destroy(ctx);
+    return verifies;
+}
+
+uint256 WrongDomainHash(const COracleBundle& bundle)
+{
+    CHashWriter ss(0);
+    ss << std::string{"DigiDollar/WrongOracleDomain"};
+    ss << bundle.epoch;
+    ss << bundle.median_price_micro_usd;
+    ss << bundle.timestamp;
+    return ss.GetHash();
+}
+
+COraclePriceMessage MakePhaseTwoMessage(uint8_t oracle_id, uint64_t price, int64_t timestamp)
+{
+    CKey key = RegtestOracleKey(oracle_id);
+    COraclePriceMessage msg(oracle_id, price, timestamp);
+    msg.oracle_pubkey = XOnlyPubKey(key.GetPubKey());
+    BOOST_REQUIRE(msg.SignPhase2(key));
+    return msg;
+}
+
+COracleBundle MakePhaseTwoBundle(int32_t height, int64_t timestamp)
+{
+    COracleBundle bundle;
+    bundle.version = 2;
+    bundle.epoch = GetCurrentEpoch(height);
+    bundle.median_price_micro_usd = ORACLE_PRICE;
+    bundle.timestamp = timestamp;
+    for (uint8_t id = 0; id < 4; ++id) {
+        bundle.messages.push_back(MakePhaseTwoMessage(id, ORACLE_PRICE, timestamp));
+    }
+    return bundle;
+}
+
+COracleBundle MakePhaseOneBundle(int64_t timestamp)
+{
+    COracleBundle bundle;
+    bundle.version = 1;
+    bundle.epoch = GetCurrentEpoch(POST_DD_HEIGHT);
+    bundle.median_price_micro_usd = ORACLE_PRICE;
+    bundle.timestamp = timestamp;
+    bundle.messages.push_back(MakePhaseTwoMessage(0, ORACLE_PRICE, timestamp));
+    return bundle;
+}
+
+COracleBundle MakeV03Bundle(int32_t height, int64_t timestamp)
+{
+    COracleBundle bundle;
+    bundle.version = 3;
+    bundle.epoch = GetCurrentEpoch(height);
+    bundle.median_price_micro_usd = ORACLE_PRICE;
+    bundle.timestamp = timestamp;
+    return bundle;
+}
+
+CScript MakeRawV03Script(const COracleBundle& bundle)
+{
+    CScript script;
+    script << OP_RETURN << OP_ORACLE << std::vector<unsigned char>{0x03};
+    script << bundle.SerializeV03Data();
+    return script;
+}
+
+CScript MakeMalformedV03Script()
+{
+    CScript script;
+    script << OP_RETURN << OP_ORACLE << std::vector<unsigned char>{0x03, 0x01, 0x02};
+    return script;
+}
+
+CTransactionRef MakeDigiDollarTx(DigiDollarTxType type, uint8_t flags = 0)
+{
+    CMutableTransaction tx;
+    tx.nVersion = MakeDigiDollarVersion(type, flags);
+    tx.vin.emplace_back(COutPoint(uint256::ONE, 0));
+    tx.vout.emplace_back(0, CScript() << OP_TRUE);
+    return MakeTransactionRef(std::move(tx));
+}
+
+CBlock MakeBlock(int32_t height,
+                 uint32_t block_time,
+                 const CScript* oracle_script,
+                 const std::vector<CTransactionRef>& extra_txs)
+{
+    CMutableTransaction coinbase;
+    coinbase.vin.resize(1);
+    coinbase.vin[0].prevout.SetNull();
+    coinbase.vin[0].scriptSig = CScript() << static_cast<int64_t>(height);
+    coinbase.vout.emplace_back(50 * COIN, CScript() << OP_TRUE);
+    if (oracle_script) {
+        coinbase.vout.emplace_back(0, *oracle_script);
+    }
+
+    CBlock block;
+    block.nVersion = 0x20000000;
+    block.nTime = block_time;
+    block.vtx.push_back(MakeTransactionRef(std::move(coinbase)));
+    block.vtx.insert(block.vtx.end(), extra_txs.begin(), extra_txs.end());
+    block.hashMerkleRoot = BlockMerkleRoot(block);
+    return block;
+}
+
+struct ValidationResult {
+    bool ok;
+    std::string reject_reason;
+};
+
+ValidationResult ValidateOracleBlock(const CBlock& block)
+{
+    BlockValidationState state;
+    const bool ok = OracleDataValidator::ValidateBlockOracleData(
+        block, /*pindex_prev=*/nullptr, Params().GetConsensus(), state);
+    return {ok, state.GetRejectReason()};
+}
+
+} // namespace
+
+BOOST_FIXTURE_TEST_SUITE(digidollar_oracle_musig2_tests, RegTestingSetup)
+
+BOOST_AUTO_TEST_CASE(legacy_oracle_formats_are_not_mined_as_fallback)
+{
+    OracleBundleManager& manager = OracleBundleManager::GetInstance();
+    manager.Clear();
+
+    const COracleBundle v01 = MakePhaseOneBundle(BLOCK_TIME);
+    const COracleBundle v02 = MakePhaseTwoBundle(POST_DD_HEIGHT, BLOCK_TIME);
+
+    const CScript v01_script = manager.CreateOracleScript(v01);
+    const CScript v02_script = manager.CreateOracleScript(v02);
+
+    BOOST_CHECK_MESSAGE(v01_script.empty(),
+        "miners must not emit legacy v0x01 oracle scripts after DigiDollar activation");
+    BOOST_CHECK_MESSAGE(v02_script.empty(),
+        "miners must not emit legacy v0x02 oracle scripts after DigiDollar activation");
+}
+
+BOOST_AUTO_TEST_CASE(legacy_v02_oracle_format_rejected_for_dd_block)
+{
+    OracleBundleManager& manager = OracleBundleManager::GetInstance();
+    manager.Clear();
+
+    const COracleBundle v02 = MakePhaseTwoBundle(POST_DD_HEIGHT, BLOCK_TIME);
+    const CScript v02_script = manager.CreateOracleScript(v02);
+    BOOST_REQUIRE(!v02_script.empty());
+
+    CBlock block = MakeBlock(POST_DD_HEIGHT, BLOCK_TIME, &v02_script,
+                             {MakeDigiDollarTx(DD_TX_MINT)});
+    ValidationResult result = ValidateOracleBlock(block);
+    BOOST_TEST_MESSAGE("legacy v0x02 DD block: ok=" << result.ok
+                       << " reject='" << result.reject_reason << "'");
+
+    BOOST_CHECK_MESSAGE(!result.ok,
+        "DD-touching blocks must reject v0x02 oracle bundles instead of treating them as a fallback");
+    if (!result.ok) {
+        BOOST_CHECK_MESSAGE(!result.reject_reason.empty(), "legacy-format rejection must set a reject reason");
+    }
+}
+
+BOOST_AUTO_TEST_CASE(non_dd_block_without_oracle_data_remains_valid)
+{
+    CBlock block = MakeBlock(POST_DD_HEIGHT, BLOCK_TIME, /*oracle_script=*/nullptr, {});
+    ValidationResult result = ValidateOracleBlock(block);
+
+    BOOST_CHECK_MESSAGE(result.ok,
+        "non-DigiDollar blocks without oracle data must remain valid");
+    BOOST_CHECK_EQUAL(result.reject_reason, "");
+}
+
+BOOST_AUTO_TEST_CASE(dd_touching_blocks_without_oracle_data_are_rejected)
+{
+    struct Case {
+        const char* label;
+        DigiDollarTxType type;
+        uint8_t flags;
+    };
+
+    const std::vector<Case> cases{
+        {"mint", DD_TX_MINT, 0},
+        {"transfer", DD_TX_TRANSFER, 0},
+        {"redeem", DD_TX_REDEEM, 0},
+        {"collateral-spend", DD_TX_REDEEM, 1},
+    };
+
+    for (const auto& c : cases) {
+        CBlock block = MakeBlock(POST_DD_HEIGHT, BLOCK_TIME, /*oracle_script=*/nullptr,
+                                 {MakeDigiDollarTx(c.type, c.flags)});
+        ValidationResult result = ValidateOracleBlock(block);
+        BOOST_TEST_MESSAGE(c.label << " without oracle: ok=" << result.ok
+                           << " reject='" << result.reject_reason << "'");
+
+        BOOST_CHECK_MESSAGE(!result.ok,
+            std::string{"DD "} + c.label + " block without oracle data must be invalid");
+        if (!result.ok) {
+            BOOST_CHECK_MESSAGE(!result.reject_reason.empty(),
+                std::string{"DD "} + c.label + " missing-oracle rejection must set a reject reason");
+        }
+    }
+}
+
+BOOST_AUTO_TEST_CASE(dd_touching_blocks_reject_bad_oracle_bundles)
+{
+    const std::vector<CTransactionRef> dd_tx{MakeDigiDollarTx(DD_TX_MINT)};
+    const std::vector<uint8_t> quorum_ids{0, 1, 2, 3};
+    const uint16_t total_oracles = static_cast<uint16_t>(Params().GetConsensus().nOracleTotalOracles);
+
+    CScript malformed_script = MakeMalformedV03Script();
+
+    COracleBundle stale = MakeV03Bundle(POST_DD_HEIGHT, BLOCK_TIME - ORACLE_MAX_AGE_SECONDS - 1);
+    BOOST_REQUIRE(SignV03Bundle(stale, quorum_ids, total_oracles));
+    CScript stale_script = MakeRawV03Script(stale);
+
+    COracleBundle wrong_domain = MakeV03Bundle(POST_DD_HEIGHT, BLOCK_TIME);
+    BOOST_REQUIRE(SignV03Bundle(wrong_domain, quorum_ids, total_oracles, WrongDomainHash(wrong_domain)));
+    CScript wrong_domain_script = MakeRawV03Script(wrong_domain);
+
+    COracleBundle insufficient = MakeV03Bundle(POST_DD_HEIGHT, BLOCK_TIME);
+    insufficient.participation_bitmap = EncodeBitmap({0, 1, 2}, total_oracles);
+    insufficient.aggregate_sig.assign(64, 0x11);
+    CScript insufficient_script = MakeRawV03Script(insufficient);
+
+    struct Case {
+        const char* label;
+        const CScript* script;
+    };
+
+    const std::vector<Case> cases{
+        {"malformed", &malformed_script},
+        {"stale", &stale_script},
+        {"wrong-domain", &wrong_domain_script},
+        {"insufficient-quorum", &insufficient_script},
+    };
+
+    for (const auto& c : cases) {
+        CBlock block = MakeBlock(POST_DD_HEIGHT, BLOCK_TIME, c.script, dd_tx);
+        ValidationResult result = ValidateOracleBlock(block);
+        BOOST_TEST_MESSAGE(c.label << " oracle DD block: ok=" << result.ok
+                           << " reject='" << result.reject_reason << "'");
+
+        BOOST_CHECK_MESSAGE(!result.ok,
+            std::string{"DD-touching block with "} + c.label + " oracle data must be invalid");
+        if (!result.ok) {
+            BOOST_CHECK_MESSAGE(!result.reject_reason.empty(),
+                std::string{"DD-touching "} + c.label + " oracle rejection must set a reject reason");
+        }
+    }
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_oracle_roster_tests.cpp b/src/test/digidollar_oracle_roster_tests.cpp
new file mode 100644
index 0000000000..a4eb7ce1d3
--- /dev/null
+++ b/src/test/digidollar_oracle_roster_tests.cpp
@@ -0,0 +1,306 @@
+// Copyright (c) 2026 The DigiByte Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <boost/test/unit_test.hpp>
+
+#include <chainparams.h>
+#include <consensus/params.h>
+#include <crypto/sha256.h>
+#include <hash.h>
+#include <key.h>
+#include <oracle/bundle_manager.h>
+#include <oracle/musig2_aggregator.h>
+#include <primitives/oracle.h>
+#include <random.h>
+#include <test/util/setup_common.h>
+#include <uint256.h>
+#include <util/strencodings.h>
+
+#include <secp256k1.h>
+#include <secp256k1_musig.h>
+#include <secp256k1_schnorrsig.h>
+
+#include <algorithm>
+#include <array>
+#include <cstring>
+#include <optional>
+#include <string>
+#include <vector>
+
+namespace {
+
+constexpr int32_t ROSTER_ACTIVE_HEIGHT = 650;
+constexpr uint64_t ROSTER_PRICE = 51000;
+constexpr int64_t ROSTER_TIMESTAMP = 1735689600;
+constexpr uint16_t ROSTER_TOTAL_SLOTS = 30;
+constexpr int ROSTER_ACTIVE_OPERATORS = 20;
+constexpr int ROSTER_QUORUM = 9;
+
+struct LocalMiniTestnetSetup : public BasicTestingSetup {
+    LocalMiniTestnetSetup()
+        : BasicTestingSetup{ChainType::TESTNET, {"-easypow=1"}}
+    {
+    }
+};
+
+std::array<unsigned char, 32> TestnetOracleSecret(uint8_t oracle_id)
+{
+    const std::string seed = "digibyte_testnet_oracle_" + std::to_string(oracle_id);
+    uint256 hash;
+    CSHA256().Write(reinterpret_cast<const unsigned char*>(seed.data()), seed.size()).Finalize(hash.begin());
+
+    std::array<unsigned char, 32> secret{};
+    std::memcpy(secret.data(), hash.begin(), secret.size());
+    return secret;
+}
+
+std::string TestnetOracleXOnlyHex(uint8_t oracle_id)
+{
+    const auto secret = TestnetOracleSecret(oracle_id);
+    CKey key;
+    key.Set(secret.begin(), secret.end(), true);
+    const CPubKey pubkey = key.GetPubKey();
+    std::vector<unsigned char> xonly(pubkey.begin() + 1, pubkey.end());
+    return HexStr(xonly);
+}
+
+std::vector<unsigned char> EncodeBitmapUnchecked(const std::vector<uint8_t>& oracle_ids, uint16_t total_oracles)
+{
+    std::vector<unsigned char> bitmap((total_oracles + 7) / 8, 0);
+    for (uint8_t id : oracle_ids) {
+        bitmap[id / 8] |= static_cast<unsigned char>(1U << (id % 8));
+    }
+    return bitmap;
+}
+
+Consensus::Params ExpandedRosterParams(int32_t activation_height)
+{
+    Consensus::Params params = Params().GetConsensus();
+    params.nOracleTotalOracles = ROSTER_TOTAL_SLOTS;
+    params.nOraclePubkeyCount = ROSTER_ACTIVE_OPERATORS;
+    params.nOracleRequiredMessages = ROSTER_QUORUM;
+    params.nOracleConsensusRequired = ROSTER_QUORUM;
+    params.nOracleActivationHeight = activation_height;
+    params.nDigiDollarPhase3Height = activation_height;
+
+    params.vOraclePublicKeys.clear();
+    for (uint8_t id = 0; id < ROSTER_ACTIVE_OPERATORS; ++id) {
+        params.vOraclePublicKeys.push_back(TestnetOracleXOnlyHex(id));
+    }
+    return params;
+}
+
+bool SignTestnetV03Bundle(COracleBundle& bundle,
+                          const std::vector<uint8_t>& oracle_ids,
+                          uint16_t total_oracles,
+                          const std::optional<uint256>& override_hash = std::nullopt)
+{
+    secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
+    if (!ctx) return false;
+
+    const size_t n_signers = oracle_ids.size();
+    std::vector<std::array<unsigned char, 32>> seckeys(n_signers);
+    std::vector<secp256k1_keypair> keypairs(n_signers);
+    std::vector<secp256k1_pubkey> pubkeys(n_signers);
+
+    for (size_t i = 0; i < n_signers; ++i) {
+        seckeys[i] = TestnetOracleSecret(oracle_ids[i]);
+        if (!secp256k1_keypair_create(ctx, &keypairs[i], seckeys[i].data()) ||
+            !secp256k1_keypair_pub(ctx, &pubkeys[i], &keypairs[i])) {
+            secp256k1_context_destroy(ctx);
+            return false;
+        }
+    }
+
+    std::vector<const secp256k1_pubkey*> pubkey_ptrs(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        pubkey_ptrs[i] = &pubkeys[i];
+    }
+
+    secp256k1_xonly_pubkey agg_pk{};
+    secp256k1_musig_keyagg_cache cache{};
+    if (!secp256k1_musig_pubkey_agg(ctx, &agg_pk, &cache, pubkey_ptrs.data(), n_signers)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    std::vector<secp256k1_musig_secnonce> secnonces(n_signers);
+    std::vector<secp256k1_musig_pubnonce> pubnonces(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        unsigned char session_rand[32];
+        GetStrongRandBytes(Span{session_rand, 32});
+        if (!secp256k1_musig_nonce_gen(ctx, &secnonces[i], &pubnonces[i],
+                                       session_rand, seckeys[i].data(), &pubkeys[i],
+                                       nullptr, &cache, nullptr)) {
+            secp256k1_context_destroy(ctx);
+            return false;
+        }
+    }
+
+    std::vector<const secp256k1_musig_pubnonce*> nonce_ptrs(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        nonce_ptrs[i] = &pubnonces[i];
+    }
+
+    secp256k1_musig_aggnonce aggnonce{};
+    if (!secp256k1_musig_nonce_agg(ctx, &aggnonce, nonce_ptrs.data(), n_signers)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    const uint256 msg_hash = override_hash ? *override_hash : ComputeOracleBundleHash(bundle);
+    unsigned char msg32[32];
+    std::memcpy(msg32, msg_hash.begin(), sizeof(msg32));
+
+    secp256k1_musig_session session{};
+    if (!secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg32, &cache)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    std::vector<secp256k1_musig_partial_sig> partial_sigs(n_signers);
+    std::vector<const secp256k1_musig_partial_sig*> partial_ptrs(n_signers);
+    for (size_t i = 0; i < n_signers; ++i) {
+        if (!secp256k1_musig_partial_sign(ctx, &partial_sigs[i], &secnonces[i],
+                                          &keypairs[i], &cache, &session)) {
+            secp256k1_context_destroy(ctx);
+            return false;
+        }
+        partial_ptrs[i] = &partial_sigs[i];
+    }
+
+    bundle.participation_bitmap = EncodeBitmapUnchecked(oracle_ids, total_oracles);
+    bundle.aggregate_sig.assign(64, 0);
+    if (!secp256k1_musig_partial_sig_agg(ctx, bundle.aggregate_sig.data(),
+                                         &session, partial_ptrs.data(), n_signers)) {
+        secp256k1_context_destroy(ctx);
+        return false;
+    }
+
+    const bool verifies = secp256k1_schnorrsig_verify(ctx, bundle.aggregate_sig.data(), msg32, 32, &agg_pk);
+    secp256k1_context_destroy(ctx);
+    return verifies;
+}
+
+COracleBundle MakeRosterBundle()
+{
+    COracleBundle bundle;
+    bundle.version = 3;
+    bundle.epoch = GetCurrentEpoch(ROSTER_ACTIVE_HEIGHT);
+    bundle.median_price_micro_usd = ROSTER_PRICE;
+    bundle.timestamp = ROSTER_TIMESTAMP;
+    return bundle;
+}
+
+uint256 WrongRosterDomainHash(const COracleBundle& bundle)
+{
+    CHashWriter ss(0);
+    ss << std::string{"DigiDollar/RosterWrongDomain"};
+    ss << bundle.epoch;
+    ss << bundle.median_price_micro_usd;
+    ss << bundle.timestamp;
+    return ss.GetHash();
+}
+
+struct PhaseThreeResult {
+    bool ok;
+    std::string error;
+};
+
+PhaseThreeResult ValidatePhaseThree(const COracleBundle& bundle,
+                                    int32_t height,
+                                    const Consensus::Params& params)
+{
+    std::string error;
+    const bool ok = OracleBundleManager::ValidatePhaseThreeBundle(bundle, height, params, error);
+    return {ok, error};
+}
+
+} // namespace
+
+BOOST_FIXTURE_TEST_SUITE(digidollar_oracle_roster_tests, LocalMiniTestnetSetup)
+
+BOOST_AUTO_TEST_CASE(expanded_roster_accepts_valid_9_sig_bundle_after_activation)
+{
+    const Consensus::Params params = ExpandedRosterParams(ROSTER_ACTIVE_HEIGHT);
+    BOOST_REQUIRE_EQUAL(params.nOraclePubkeyCount, ROSTER_ACTIVE_OPERATORS);
+    BOOST_REQUIRE_GT(params.nOraclePubkeyCount, ORACLE_ACTIVE_COUNT);
+
+    COracleBundle bundle = MakeRosterBundle();
+    const std::vector<uint8_t> signer_ids{0, 1, 2, 3, 4, 5, 6, 7, 18};
+    BOOST_REQUIRE(SignTestnetV03Bundle(bundle, signer_ids, ROSTER_TOTAL_SLOTS));
+
+    PhaseThreeResult result = ValidatePhaseThree(bundle, ROSTER_ACTIVE_HEIGHT, params);
+    BOOST_TEST_MESSAGE("expanded roster after activation: ok=" << result.ok
+                       << " error='" << result.error << "'");
+
+    BOOST_CHECK_MESSAGE(result.ok,
+        "a valid 9-sig MuSig2 bundle from a >17 active-operator roster must verify after activation");
+}
+
+BOOST_AUTO_TEST_CASE(expanded_roster_rejects_same_bundle_before_activation)
+{
+    const Consensus::Params params = ExpandedRosterParams(ROSTER_ACTIVE_HEIGHT + 1);
+
+    COracleBundle bundle = MakeRosterBundle();
+    const std::vector<uint8_t> signer_ids{0, 1, 2, 3, 4, 5, 6, 7, 18};
+    BOOST_REQUIRE(SignTestnetV03Bundle(bundle, signer_ids, ROSTER_TOTAL_SLOTS));
+
+    PhaseThreeResult result = ValidatePhaseThree(bundle, ROSTER_ACTIVE_HEIGHT, params);
+    BOOST_TEST_MESSAGE("expanded roster before activation: ok=" << result.ok
+                       << " error='" << result.error << "'");
+
+    BOOST_CHECK_MESSAGE(!result.ok,
+        "the same >17 roster bundle must be rejected before roster activation");
+    BOOST_CHECK_MESSAGE(result.error.find("activation") != std::string::npos,
+        "pre-activation rejection should identify the roster activation gate, got: " + result.error);
+}
+
+BOOST_AUTO_TEST_CASE(expanded_roster_rejects_out_of_roster_signer)
+{
+    const Consensus::Params params = ExpandedRosterParams(ROSTER_ACTIVE_HEIGHT);
+
+    COracleBundle bundle = MakeRosterBundle();
+    const std::vector<uint8_t> signer_ids{0, 1, 2, 3, 4, 5, 6, 7, 21};
+    BOOST_REQUIRE(SignTestnetV03Bundle(bundle, signer_ids, ROSTER_TOTAL_SLOTS));
+
+    PhaseThreeResult result = ValidatePhaseThree(bundle, ROSTER_ACTIVE_HEIGHT, params);
+    BOOST_TEST_MESSAGE("out-of-roster signer: ok=" << result.ok
+                       << " error='" << result.error << "'");
+
+    BOOST_CHECK_MESSAGE(!result.ok,
+        "signer id 21 is outside the 20-active-operator roster and must reject");
+    BOOST_CHECK_MESSAGE(!result.error.empty(), "out-of-roster rejection must report an error");
+}
+
+BOOST_AUTO_TEST_CASE(expanded_roster_rejects_duplicate_signer_bitmap_input)
+{
+    const std::vector<uint8_t> duplicate_signers{0, 1, 2, 3, 4, 5, 6, 7, 7, 18};
+    const std::vector<unsigned char> bitmap =
+        MuSig2OracleAggregator::EncodeBitmap(duplicate_signers, ROSTER_TOTAL_SLOTS);
+
+    BOOST_CHECK_MESSAGE(bitmap.empty(),
+        "duplicate signer ids must not produce an encodable MuSig2 participation bitmap");
+}
+
+BOOST_AUTO_TEST_CASE(expanded_roster_rejects_wrong_domain_signature)
+{
+    const Consensus::Params params = ExpandedRosterParams(ROSTER_ACTIVE_HEIGHT);
+
+    COracleBundle bundle = MakeRosterBundle();
+    const std::vector<uint8_t> signer_ids{0, 1, 2, 3, 4, 5, 6, 7, 8};
+    BOOST_REQUIRE(SignTestnetV03Bundle(bundle, signer_ids, ROSTER_TOTAL_SLOTS,
+                                       WrongRosterDomainHash(bundle)));
+
+    PhaseThreeResult result = ValidatePhaseThree(bundle, ROSTER_ACTIVE_HEIGHT, params);
+    BOOST_TEST_MESSAGE("wrong-domain signature: ok=" << result.ok
+                       << " error='" << result.error << "'");
+
+    BOOST_CHECK_MESSAGE(!result.ok,
+        "aggregate signatures from a different signing domain must reject");
+    BOOST_CHECK_MESSAGE(result.error.find("signature") != std::string::npos,
+        "wrong-domain rejection should be an aggregate signature failure, got: " + result.error);
+}
+
+BOOST_AUTO_TEST_SUITE_END()

From d8450238e8cd8b52c20131ae352bc6b1f5bece0f Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 18:17:49 -0600
Subject: [PATCH 18/22] Add DigiDollar burn tier address tests

---
 src/Makefile.test.include                     |   2 +
 src/test/digidollar_address_tests.cpp         |  39 ++-
 .../digidollar_burn_enforcement_tests.cpp     | 280 ++++++++++++++++++
 src/test/digidollar_locktier_tests.cpp        | 184 ++++++++++++
 4 files changed, 504 insertions(+), 1 deletion(-)
 create mode 100644 src/test/digidollar_burn_enforcement_tests.cpp
 create mode 100644 src/test/digidollar_locktier_tests.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index ca8582a3af..f8142ea9d2 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -75,6 +75,7 @@ DIGIBYTE_TESTS =\
   test/base64_tests.cpp \
   test/digidollar_activation_tests.cpp \
   test/digidollar_address_tests.cpp \
+  test/digidollar_burn_enforcement_tests.cpp \
   test/digidollar_consensus_tests.cpp \
   test/digidollar_dca_tests.cpp \
   test/digidollar_err_attack_tests.cpp \
@@ -193,6 +194,7 @@ DIGIBYTE_TESTS =\
   test/digidollar_restore_tests.cpp \
   test/digidollar_timelock_tests.cpp \
   test/digidollar_lock_height_tests.cpp \
+  test/digidollar_locktier_tests.cpp \
   test/bech32_tests.cpp \
   test/bip32_tests.cpp \
   test/blockchain_tests.cpp \
diff --git a/src/test/digidollar_address_tests.cpp b/src/test/digidollar_address_tests.cpp
index 1d7fa1e46d..f98f661625 100644
--- a/src/test/digidollar_address_tests.cpp
+++ b/src/test/digidollar_address_tests.cpp
@@ -285,4 +285,41 @@ BOOST_AUTO_TEST_CASE(address_format_consistency_test)
     }
 }
 
-BOOST_AUTO_TEST_SUITE_END()
\ No newline at end of file
+BOOST_AUTO_TEST_CASE(network_specific_digidollar_address_validation_test)
+{
+    struct ParamsRestorer {
+        ChainType original;
+        ~ParamsRestorer() { SelectParams(original); }
+    } restore{Params().GetChainType()};
+
+    uint256 hash;
+    hash.SetHex("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef");
+    XOnlyPubKey xonly_pubkey(hash);
+    WitnessV1Taproot taproot_dest(xonly_pubkey);
+    CTxDestination dest = taproot_dest;
+
+    CDigiDollarAddress main_addr;
+    CDigiDollarAddress test_addr;
+    CDigiDollarAddress regtest_addr;
+    BOOST_REQUIRE(main_addr.SetDigiDollar(dest, CChainParams::DIGIDOLLAR_ADDRESS));
+    BOOST_REQUIRE(test_addr.SetDigiDollar(dest, CChainParams::DIGIDOLLAR_ADDRESS_TESTNET));
+    BOOST_REQUIRE(regtest_addr.SetDigiDollar(dest, CChainParams::DIGIDOLLAR_ADDRESS_REGTEST));
+
+    const std::string mainnet_dd = main_addr.ToString();
+    const std::string testnet_td = test_addr.ToString();
+    const std::string regtest_rd = regtest_addr.ToString();
+
+    SelectParams(ChainType::MAIN);
+    BOOST_CHECK(CDigiDollarAddress::IsValidDigiDollarAddressForCurrentNetwork(mainnet_dd));
+    BOOST_CHECK(!CDigiDollarAddress::IsValidDigiDollarAddressForCurrentNetwork(testnet_td));
+
+    SelectParams(ChainType::TESTNET);
+    BOOST_CHECK(CDigiDollarAddress::IsValidDigiDollarAddressForCurrentNetwork(testnet_td));
+    BOOST_CHECK(!CDigiDollarAddress::IsValidDigiDollarAddressForCurrentNetwork(mainnet_dd));
+
+    SelectParams(ChainType::REGTEST);
+    BOOST_CHECK(CDigiDollarAddress::IsValidDigiDollarAddressForCurrentNetwork(regtest_rd));
+    BOOST_CHECK(!CDigiDollarAddress::IsValidDigiDollarAddressForCurrentNetwork(mainnet_dd));
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_burn_enforcement_tests.cpp b/src/test/digidollar_burn_enforcement_tests.cpp
new file mode 100644
index 0000000000..555f4ad99c
--- /dev/null
+++ b/src/test/digidollar_burn_enforcement_tests.cpp
@@ -0,0 +1,280 @@
+// Copyright (c) 2026 The DigiByte Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <boost/test/unit_test.hpp>
+
+#include <chainparams.h>
+#include <coins.h>
+#include <consensus/amount.h>
+#include <digidollar/scripts.h>
+#include <digidollar/validation.h>
+#include <key.h>
+#include <primitives/transaction.h>
+#include <pubkey.h>
+#include <script/script.h>
+#include <test/util/setup_common.h>
+#include <uint256.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+
+static CScript MakeP2TR(const XOnlyPubKey& key)
+{
+    return CScript() << OP_1 << std::vector<unsigned char>(key.begin(), key.end());
+}
+
+static CScript MakeMintOpReturn(CAmount dd_amount, int64_t lock_height, int64_t lock_tier, const XOnlyPubKey& owner)
+{
+    return CScript() << OP_RETURN
+                     << std::vector<unsigned char>{'D', 'D'}
+                     << CScriptNum(1)
+                     << CScriptNum(dd_amount)
+                     << CScriptNum(lock_height)
+                     << CScriptNum(lock_tier)
+                     << std::vector<unsigned char>(owner.begin(), owner.end());
+}
+
+static CScript MakeRedeemOpReturn(CAmount dd_amount)
+{
+    return CScript() << OP_RETURN
+                     << std::vector<unsigned char>{'D', 'D'}
+                     << CScriptNum(3)
+                     << CScriptNum(dd_amount);
+}
+
+struct MintData {
+    XOnlyPubKey owner;
+    CTransactionRef tx;
+    uint32_t collateral_index;
+    uint32_t dd_index;
+};
+
+enum class MintOutputOrder {
+    CollateralThenDDThenOpReturn,
+    DDThenOpReturnThenCollateral,
+};
+
+struct DigiDollarBurnEnforcementTestSetup : public TestingSetup {
+    DigiDollarBurnEnforcementTestSetup()
+        : TestingSetup(ChainType::REGTEST)
+    {
+    }
+
+    static constexpr int MINT_HEIGHT = 1000;
+    static constexpr int REDEEM_HEIGHT = 2000;
+    static constexpr CAmount ORACLE_PRICE_MICRO_USD = 1000000;
+    static constexpr int SYSTEM_COLLATERAL = 150;
+    static constexpr CAmount DD_AMOUNT = 10000;
+    static constexpr CAmount LOCKED_COLLATERAL = 500 * COIN;
+    static constexpr int64_t LOCK_HEIGHT = 1240;
+
+    MintData CreateMint(MintOutputOrder order = MintOutputOrder::CollateralThenDDThenOpReturn) const
+    {
+        CKey owner_key;
+        owner_key.MakeNewKey(true);
+        const XOnlyPubKey owner(owner_key.GetPubKey());
+
+        DigiDollar::MintParams params;
+        params.ddAmount = DD_AMOUNT;
+        params.lockHeight = LOCK_HEIGHT;
+        params.ownerKey = owner;
+        params.internalKey = DigiDollar::GetCollateralNUMSKey();
+        params.oracleKeys = DigiDollar::GetOracleKeys(15);
+
+        const CScript collateral_script = DigiDollar::CreateCollateralP2TR(params);
+        const CScript dd_script = DigiDollar::CreateDigiDollarP2TR(owner, DD_AMOUNT);
+        const CScript op_return = MakeMintOpReturn(DD_AMOUNT, LOCK_HEIGHT, /*lock_tier=*/0, owner);
+
+        CMutableTransaction mtx;
+        mtx.nVersion = 0x01000770;
+        mtx.vin.push_back(CTxIn(COutPoint(uint256S("0101010101010101010101010101010101010101010101010101010101010101"), 0)));
+
+        MintData mint;
+        mint.owner = owner;
+
+        if (order == MintOutputOrder::CollateralThenDDThenOpReturn) {
+            mint.collateral_index = 0;
+            mint.dd_index = 1;
+            mtx.vout.push_back(CTxOut(LOCKED_COLLATERAL, collateral_script));
+            mtx.vout.push_back(CTxOut(0, dd_script));
+            mtx.vout.push_back(CTxOut(0, op_return));
+        } else {
+            mint.dd_index = 0;
+            mint.collateral_index = 2;
+            mtx.vout.push_back(CTxOut(0, dd_script));
+            mtx.vout.push_back(CTxOut(0, op_return));
+            mtx.vout.push_back(CTxOut(LOCKED_COLLATERAL, collateral_script));
+        }
+
+        mint.tx = MakeTransactionRef(mtx);
+        return mint;
+    }
+
+    COutPoint CollateralOutpoint(const MintData& mint) const
+    {
+        return COutPoint(mint.tx->GetHash(), mint.collateral_index);
+    }
+
+    COutPoint DDOutpoint(const MintData& mint) const
+    {
+        return COutPoint(mint.tx->GetHash(), mint.dd_index);
+    }
+
+    void AddMintCoins(CCoinsViewCache& coins, const MintData& mint, bool include_dd = true) const
+    {
+        coins.AddCoin(CollateralOutpoint(mint), Coin(mint.tx->vout[mint.collateral_index], MINT_HEIGHT, false), false);
+        if (include_dd) {
+            coins.AddCoin(DDOutpoint(mint), Coin(mint.tx->vout[mint.dd_index], MINT_HEIGHT, false), false);
+        }
+    }
+
+    DigiDollar::TxLookupFn TxLookupFor(const MintData& mint) const
+    {
+        return [mint_ref = mint.tx](const uint256& txid, uint32_t, CTransactionRef& out) -> bool {
+            if (txid == mint_ref->GetHash()) {
+                out = mint_ref;
+                return true;
+            }
+            return false;
+        };
+    }
+
+    DigiDollar::ValidationContext MakeContext(const CCoinsViewCache& coins, DigiDollar::TxLookupFn tx_lookup) const
+    {
+        return DigiDollar::ValidationContext(REDEEM_HEIGHT,
+                                             ORACLE_PRICE_MICRO_USD,
+                                             SYSTEM_COLLATERAL,
+                                             Params(),
+                                             &coins,
+                                             /*skip_oracle=*/false,
+                                             tx_lookup);
+    }
+
+    CTransaction MakeRedeemTx(const MintData& mint, bool include_dd_input, CAmount collateral_release, CAmount dd_change = 0) const
+    {
+        CMutableTransaction mtx;
+        mtx.nVersion = 0x03000770;
+        mtx.nLockTime = LOCK_HEIGHT;
+        mtx.vin.push_back(CTxIn(CollateralOutpoint(mint), CScript(), 0xfffffffe));
+        if (include_dd_input) {
+            mtx.vin.push_back(CTxIn(DDOutpoint(mint), CScript(), 0xfffffffe));
+        }
+
+        mtx.vout.push_back(CTxOut(collateral_release, MakeP2TR(mint.owner)));
+
+        if (dd_change > 0) {
+            mtx.vout.push_back(CTxOut(0, DigiDollar::CreateDigiDollarP2TR(mint.owner, dd_change)));
+            mtx.vout.push_back(CTxOut(0, MakeRedeemOpReturn(dd_change)));
+        }
+
+        return CTransaction(mtx);
+    }
+
+    CTransaction MakeNonDDCollateralSpend(const MintData& mint) const
+    {
+        CMutableTransaction mtx;
+        mtx.nVersion = 2;
+        mtx.nLockTime = LOCK_HEIGHT;
+        mtx.vin.push_back(CTxIn(CollateralOutpoint(mint), CScript(), 0xfffffffe));
+        mtx.vout.push_back(CTxOut(LOCKED_COLLATERAL, MakeP2TR(mint.owner)));
+        return CTransaction(mtx);
+    }
+};
+
+} // namespace
+
+BOOST_FIXTURE_TEST_SUITE(digidollar_burn_enforcement_tests, DigiDollarBurnEnforcementTestSetup)
+
+BOOST_AUTO_TEST_CASE(post_timelock_non_dd_collateral_spend_is_rejected)
+{
+    const MintData mint = CreateMint();
+    CCoinsView base_view;
+    CCoinsViewCache coins(&base_view);
+    AddMintCoins(coins, mint);
+
+    TxValidationState state;
+    const DigiDollar::ValidationContext ctx = MakeContext(coins, TxLookupFor(mint));
+    const CTransaction spend = MakeNonDDCollateralSpend(mint);
+
+    const bool valid = DigiDollar::ValidateDigiDollarTransaction(spend, ctx, state);
+    BOOST_CHECK_MESSAGE(!valid,
+        "Post-timelock collateral spends must remain DD redemptions; non-DD spend was accepted. "
+        "Reject reason: " + state.GetRejectReason());
+}
+
+BOOST_AUTO_TEST_CASE(normal_redemption_succeeds_when_full_original_dd_is_burned)
+{
+    const MintData mint = CreateMint();
+    CCoinsView base_view;
+    CCoinsViewCache coins(&base_view);
+    AddMintCoins(coins, mint);
+
+    TxValidationState state;
+    const DigiDollar::ValidationContext ctx = MakeContext(coins, TxLookupFor(mint));
+    const CTransaction redeem = MakeRedeemTx(mint, /*include_dd_input=*/true, LOCKED_COLLATERAL);
+
+    BOOST_CHECK_MESSAGE(DigiDollar::ValidateRedemptionTransaction(redeem, ctx, state),
+        "Full-burn redemption should release the full collateral. Reject reason: " + state.GetRejectReason());
+}
+
+BOOST_AUTO_TEST_CASE(partial_burn_cannot_release_collateral)
+{
+    const MintData mint = CreateMint();
+    CCoinsView base_view;
+    CCoinsViewCache coins(&base_view);
+    AddMintCoins(coins, mint);
+
+    TxValidationState state;
+    const DigiDollar::ValidationContext ctx = MakeContext(coins, TxLookupFor(mint));
+    const CAmount dd_change = DD_AMOUNT / 2;
+    const CTransaction redeem = MakeRedeemTx(mint, /*include_dd_input=*/true, LOCKED_COLLATERAL, dd_change);
+
+    BOOST_CHECK_MESSAGE(!DigiDollar::ValidateRedemptionTransaction(redeem, ctx, state),
+        "Partial DD burn must not release collateral");
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "bad-collateral-release-partial-burn");
+}
+
+BOOST_AUTO_TEST_CASE(collateral_spend_with_no_dd_inputs_cannot_release_collateral)
+{
+    const MintData mint = CreateMint();
+    CCoinsView base_view;
+    CCoinsViewCache coins(&base_view);
+    AddMintCoins(coins, mint, /*include_dd=*/false);
+
+    TxValidationState state;
+    const DigiDollar::ValidationContext ctx = MakeContext(coins, TxLookupFor(mint));
+    const CTransaction redeem = MakeRedeemTx(mint, /*include_dd_input=*/false, LOCKED_COLLATERAL);
+
+    BOOST_CHECK_MESSAGE(!DigiDollar::ValidateCollateralReleaseAmount(redeem, ctx, /*ddBurned=*/0, state),
+        "Collateral spend with no DD burn must not release locked DGB");
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "bad-collateral-release-partial-burn");
+}
+
+BOOST_AUTO_TEST_CASE(reordered_mint_outputs_identify_correct_collateral_output)
+{
+    const MintData mint = CreateMint(MintOutputOrder::DDThenOpReturnThenCollateral);
+    CAmount dd_amount = 0;
+    CAmount collateral_amount = 0;
+
+    BOOST_REQUIRE(DigiDollar::ExtractMintAccountingAmounts(*mint.tx, dd_amount, collateral_amount));
+    BOOST_CHECK_EQUAL(dd_amount, DD_AMOUNT);
+    BOOST_CHECK_EQUAL(collateral_amount, LOCKED_COLLATERAL);
+
+    CCoinsView base_view;
+    CCoinsViewCache coins(&base_view);
+    AddMintCoins(coins, mint);
+
+    TxValidationState state;
+    const DigiDollar::ValidationContext ctx = MakeContext(coins, TxLookupFor(mint));
+    const CTransaction redeem = MakeRedeemTx(mint, /*include_dd_input=*/true, LOCKED_COLLATERAL);
+
+    BOOST_CHECK_MESSAGE(DigiDollar::ValidateCollateralReleaseAmount(redeem, ctx, DD_AMOUNT, state),
+        "Collateral vout index should come from the spent outpoint, not fixed output order. "
+        "Reject reason: " + state.GetRejectReason());
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_locktier_tests.cpp b/src/test/digidollar_locktier_tests.cpp
new file mode 100644
index 0000000000..c42420ece8
--- /dev/null
+++ b/src/test/digidollar_locktier_tests.cpp
@@ -0,0 +1,184 @@
+// Copyright (c) 2026 The DigiByte Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <boost/test/unit_test.hpp>
+
+#include <chainparams.h>
+#include <consensus/amount.h>
+#include <consensus/digidollar.h>
+#include <consensus/volatility.h>
+#include <digidollar/scripts.h>
+#include <digidollar/validation.h>
+#include <key.h>
+#include <primitives/transaction.h>
+#include <pubkey.h>
+#include <script/script.h>
+#include <test/util/setup_common.h>
+#include <uint256.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+
+struct LockTierCase {
+    int tier;
+    int days;
+    int ratio;
+};
+
+static const std::vector<LockTierCase>& CanonicalLockTiers()
+{
+    static const std::vector<LockTierCase> tiers{
+        {0, 0, 1000},
+        {1, 30, 500},
+        {2, 90, 400},
+        {3, 180, 350},
+        {4, 365, 300},
+        {5, 730, 275},
+        {6, 1095, 250},
+        {7, 1825, 225},
+        {8, 2555, 212},
+        {9, 3650, 200},
+    };
+    return tiers;
+}
+
+struct DigiDollarLockTierTestSetup : public TestingSetup {
+    DigiDollarLockTierTestSetup()
+        : TestingSetup(ChainType::REGTEST)
+    {
+        owner_key.MakeNewKey(true);
+        owner_xonly = XOnlyPubKey(owner_key.GetPubKey());
+        ResetVolatilityState();
+    }
+
+    static constexpr int CURRENT_HEIGHT = 1000;
+    static constexpr CAmount ORACLE_PRICE_MICRO_USD = 1000000;
+    static constexpr int SYSTEM_COLLATERAL = 150;
+    static constexpr CAmount DD_AMOUNT = 10000;
+
+    DigiDollar::ValidationContext MakeContext() const
+    {
+        return DigiDollar::ValidationContext(CURRENT_HEIGHT,
+                                             ORACLE_PRICE_MICRO_USD,
+                                             SYSTEM_COLLATERAL,
+                                             Params());
+    }
+
+    void ResetVolatilityState() const
+    {
+        DigiDollar::Volatility::VolatilityMonitor::ReconstructFromBlockData({}, CURRENT_HEIGHT);
+        DigiDollar::Volatility::VolatilityMonitor::ClearFreeze();
+    }
+
+    CAmount RequiredCollateralAtRatio(int ratio) const
+    {
+        const __int128 numerator = static_cast<__int128>(DD_AMOUNT) *
+                                   static_cast<__int128>(COIN) *
+                                   static_cast<__int128>(ratio) *
+                                   static_cast<__int128>(100);
+        const __int128 denominator = ORACLE_PRICE_MICRO_USD;
+        return static_cast<CAmount>((numerator + denominator - 1) / denominator);
+    }
+
+    CTransaction CreateMintTx(int64_t lock_blocks, int64_t lock_tier, CAmount collateral_amount) const
+    {
+        const int64_t lock_height = CURRENT_HEIGHT + lock_blocks;
+
+        DigiDollar::MintParams params;
+        params.ddAmount = DD_AMOUNT;
+        params.lockHeight = lock_height;
+        params.ownerKey = owner_xonly;
+        params.internalKey = DigiDollar::GetCollateralNUMSKey();
+        params.oracleKeys = DigiDollar::GetOracleKeys(15);
+
+        const CScript collateral_script = DigiDollar::CreateCollateralP2TR(params);
+        const CScript dd_script = DigiDollar::CreateDigiDollarP2TR(owner_xonly, DD_AMOUNT);
+        const CScript op_return = CScript() << OP_RETURN
+                                            << std::vector<unsigned char>{'D', 'D'}
+                                            << CScriptNum(1)
+                                            << CScriptNum(DD_AMOUNT)
+                                            << CScriptNum(lock_height)
+                                            << CScriptNum(lock_tier)
+                                            << std::vector<unsigned char>(owner_xonly.begin(), owner_xonly.end());
+
+        CMutableTransaction mtx;
+        mtx.nVersion = 0x01000770;
+        mtx.vin.push_back(CTxIn(COutPoint(uint256S("0202020202020202020202020202020202020202020202020202020202020202"), 0)));
+        mtx.vout.push_back(CTxOut(collateral_amount, collateral_script));
+        mtx.vout.push_back(CTxOut(0, dd_script));
+        mtx.vout.push_back(CTxOut(0, op_return));
+        return CTransaction(mtx);
+    }
+
+    CKey owner_key;
+    XOnlyPubKey owner_xonly;
+};
+
+} // namespace
+
+BOOST_FIXTURE_TEST_SUITE(digidollar_locktier_tests, DigiDollarLockTierTestSetup)
+
+BOOST_AUTO_TEST_CASE(canonical_lock_tiers_accept_exact_collateral_ratios)
+{
+    const auto& params = Params().GetDigiDollarParams();
+
+    for (const LockTierCase& tier : CanonicalLockTiers()) {
+        const int64_t lock_blocks = DigiDollar::LockDaysToBlocks(tier.days);
+        BOOST_CHECK_EQUAL(DigiDollar::GetCollateralRatioForLockTime(lock_blocks, params), tier.ratio);
+
+        const CAmount collateral = RequiredCollateralAtRatio(tier.ratio);
+        const CTransaction tx = CreateMintTx(lock_blocks, tier.tier, collateral);
+        DigiDollar::ValidationContext ctx = MakeContext();
+        TxValidationState state;
+
+        ResetVolatilityState();
+        BOOST_CHECK_MESSAGE(DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state),
+            "Canonical tier " + std::to_string(tier.tier) +
+            " should accept lock_blocks=" + std::to_string(lock_blocks) +
+            " at ratio=" + std::to_string(tier.ratio) +
+            ". Reject reason: " + state.GetRejectReason());
+    }
+}
+
+BOOST_AUTO_TEST_CASE(tier_plus_one_and_minus_one_durations_reject)
+{
+    for (const LockTierCase& tier : CanonicalLockTiers()) {
+        const int64_t canonical_blocks = DigiDollar::LockDaysToBlocks(tier.days);
+        const CAmount collateral = RequiredCollateralAtRatio(tier.ratio);
+
+        for (const int64_t lock_blocks : {canonical_blocks - 1, canonical_blocks + 1}) {
+            BOOST_REQUIRE(lock_blocks > 0);
+            const CTransaction tx = CreateMintTx(lock_blocks, tier.tier, collateral);
+            DigiDollar::ValidationContext ctx = MakeContext();
+            TxValidationState state;
+
+            ResetVolatilityState();
+            const bool valid = DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state);
+            BOOST_CHECK_MESSAGE(!valid,
+                "Non-canonical tier " + std::to_string(tier.tier) +
+                " duration lock_blocks=" + std::to_string(lock_blocks) +
+                " should reject; accepted with reject reason: " + state.GetRejectReason());
+        }
+    }
+}
+
+BOOST_AUTO_TEST_CASE(arbitrary_custom_lock_duration_rejects)
+{
+    const int64_t forty_five_days = DigiDollar::LockDaysToBlocks(45);
+    const int claimed_tier = 1;
+    const CAmount tier_one_collateral = RequiredCollateralAtRatio(/*ratio=*/500);
+    const CTransaction tx = CreateMintTx(forty_five_days, claimed_tier, tier_one_collateral);
+    DigiDollar::ValidationContext ctx = MakeContext();
+    TxValidationState state;
+
+    ResetVolatilityState();
+    const bool valid = DigiDollar::ValidateDigiDollarTransaction(tx, ctx, state);
+    BOOST_CHECK_MESSAGE(!valid,
+        "Arbitrary custom lock duration should reject; accepted with reject reason: " + state.GetRejectReason());
+}
+
+BOOST_AUTO_TEST_SUITE_END()

From 98085b1a22962dcb201b4660db77adfd2a0c091a Mon Sep 17 00:00:00 2001
From: DigiSwarm <13957390+JaredTate@users.noreply.github.com>
Date: Wed, 29 Apr 2026 18:22:12 -0600
Subject: [PATCH 19/22] Add Wave 1 DigiDollar red tests

---
 src/Makefile.test.include                |   5 +-
 src/test/digidollar_err_tests.cpp        |  85 ++++++++++-
 src/test/digidollar_health_dca_tests.cpp | 186 +++++++++++++++++++++++
 src/test/digidollar_rpc_unit_tests.cpp   | 140 +++++++++++++++++
 src/test/digidollar_volatility_tests.cpp |  50 +++++-
 src/test/digidollar_wallet_hd_tests.cpp  | 110 ++++++++++++++
 6 files changed, 573 insertions(+), 3 deletions(-)
 create mode 100644 src/test/digidollar_health_dca_tests.cpp
 create mode 100644 src/test/digidollar_rpc_unit_tests.cpp
 create mode 100644 src/test/digidollar_wallet_hd_tests.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index f8142ea9d2..0894b72221 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -83,6 +83,7 @@ DIGIBYTE_TESTS =\
   test/digidollar_rh33_mempool_relay_tests.cpp \
   test/digidollar_rh34_multiblock_state_tests.cpp \
   test/digidollar_err_tests.cpp \
+  test/digidollar_health_dca_tests.cpp \
   test/digidollar_health_tests.cpp \
   test/digidollar_t2_05_tests.cpp \
   test/digidollar_opcodes_tests.cpp \
@@ -310,7 +311,9 @@ DIGIBYTE_TESTS += \
   wallet/test/group_outputs_tests.cpp \
   wallet/test/digidollar_persistence_wallet_tests.cpp \
   wallet/test/digidollar_wallet_security_tests.cpp \
-  wallet/test/rh59_coincontrol_dd_lock_bypass_tests.cpp
+  wallet/test/rh59_coincontrol_dd_lock_bypass_tests.cpp \
+  test/digidollar_rpc_unit_tests.cpp \
+  test/digidollar_wallet_hd_tests.cpp
 
 FUZZ_SUITE_LD_COMMON +=\
  $(SQLITE_LIBS) \
diff --git a/src/test/digidollar_err_tests.cpp b/src/test/digidollar_err_tests.cpp
index 526339fdb9..f843c9403c 100644
--- a/src/test/digidollar_err_tests.cpp
+++ b/src/test/digidollar_err_tests.cpp
@@ -66,6 +66,21 @@ struct DigiDollarERRTestSetup : public TestingSetup {
     std::vector<XOnlyPubKey> oracleXOnlyKeys;
 };
 
+static CTransaction BuildWave1ERRRedemptionTx(const CKey& owner_key, int dd_input_count, uint32_t lock_time, CAmount collateral_out)
+{
+    CMutableTransaction mtx;
+    mtx.nVersion = DigiDollar::DD_TX_VERSION | DigiDollar::DD_TX_REDEEM;
+    mtx.nLockTime = lock_time;
+
+    for (int i = 0; i < dd_input_count; ++i) {
+        mtx.vin.emplace_back(COutPoint(uint256::ONE, static_cast<uint32_t>(i)), CScript(), 0xfffffffe);
+    }
+
+    CTxDestination dest{WitnessV1Taproot(XOnlyPubKey(owner_key.GetPubKey()))};
+    mtx.vout.emplace_back(collateral_out, GetScriptForDestination(dest));
+    return CTransaction(mtx);
+}
+
 // ============================================================================
 // ERR Activation Tests (GREEN Phase)
 // ============================================================================
@@ -1344,4 +1359,72 @@ BOOST_FIXTURE_TEST_CASE(bug7_err_healthy_system_no_err, DigiDollarERRTestSetup)
         "ERR should NOT be active with healthy system (150%)");
 }
 
-BOOST_AUTO_TEST_SUITE_END()
\ No newline at end of file
+// ============================================================================
+// Wave 1 P0.2 ERR Red-Phase Coverage
+// ============================================================================
+
+BOOST_FIXTURE_TEST_CASE(wave1_valid_err_redemption_does_not_return_incomplete, DigiDollarERRTestSetup)
+{
+    DigiDollar::ERR::EmergencyRedemptionRatio::ReconstructERRState(90, mockHeight);
+    DigiDollar::ValidationContext ctx(mockHeight, 10000, 90, Params());
+
+    const CTransaction tx = BuildWave1ERRRedemptionTx(testKey, 2, mockHeight - 1, 2 * COIN);
+    TxValidationState state;
+    const bool accepted = DigiDollar::ValidateERRRedemption(tx, ctx, state);
+
+    BOOST_CHECK_MESSAGE(accepted,
+        "valid ERR redemption rejected with reason=" << state.GetRejectReason());
+    BOOST_CHECK_NE(state.GetRejectReason(), "err-validation-incomplete");
+}
+
+BOOST_FIXTURE_TEST_CASE(wave1_err_requires_extra_burn_not_original_only, DigiDollarERRTestSetup)
+{
+    DigiDollar::ERR::EmergencyRedemptionRatio::ReconstructERRState(90, mockHeight);
+    DigiDollar::ValidationContext ctx(mockHeight, 10000, 90, Params());
+
+    const CAmount original_dd = 10000;
+    const CAmount required_burn = DigiDollar::ERR::EmergencyRedemptionRatio::GetRequiredDDBurn(original_dd, 90);
+    BOOST_REQUIRE_GT(required_burn, original_dd);
+
+    const CTransaction original_only = BuildWave1ERRRedemptionTx(testKey, 1, mockHeight - 1, COIN);
+    const bool original_only_accepted =
+        DigiDollar::ERR::EmergencyRedemptionRatio::ValidateERRRedemption(original_only, original_dd, COIN);
+    BOOST_CHECK_MESSAGE(!original_only_accepted,
+        "ERR accepted original-only DD burn even though required burn is "
+        << required_burn << " cents for original " << original_dd << " cents");
+
+    const CTransaction required_extra = BuildWave1ERRRedemptionTx(testKey, 2, mockHeight - 1, 2 * COIN);
+    TxValidationState state;
+    const bool extra_burn_accepted = DigiDollar::ValidateERRRedemption(required_extra, ctx, state);
+    BOOST_CHECK_MESSAGE(extra_burn_accepted,
+        "ERR redemption with required extra burn rejected with reason=" << state.GetRejectReason());
+    BOOST_CHECK_NE(state.GetRejectReason(), "err-validation-incomplete");
+}
+
+BOOST_FIXTURE_TEST_CASE(wave1_err_before_timelock_fails, DigiDollarERRTestSetup)
+{
+    DigiDollar::ERR::EmergencyRedemptionRatio::ReconstructERRState(85, mockHeight);
+    DigiDollar::ValidationContext ctx(mockHeight - 1, 10000, 85, Params());
+
+    const CTransaction tx = BuildWave1ERRRedemptionTx(testKey, 2, mockHeight, 2 * COIN);
+    TxValidationState state;
+    const bool accepted = DigiDollar::ValidateEmergencyRedemptionConditions(tx, ctx, state);
+
+    BOOST_CHECK(!accepted);
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "err-timelock-active");
+}
+
+BOOST_FIXTURE_TEST_CASE(wave1_normal_redemption_blocked_while_err_active, DigiDollarERRTestSetup)
+{
+    DigiDollar::ERR::EmergencyRedemptionRatio::ReconstructERRState(85, mockHeight);
+    DigiDollar::ValidationContext ctx(mockHeight, 10000, 85, Params());
+
+    const CTransaction tx = BuildWave1ERRRedemptionTx(testKey, 1, mockHeight - 1, COIN);
+    TxValidationState state;
+    const bool accepted = DigiDollar::ValidateNormalRedemptionConditions(tx, ctx, state);
+
+    BOOST_CHECK(!accepted);
+    BOOST_CHECK_EQUAL(state.GetRejectReason(), "redemption-err-active");
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_health_dca_tests.cpp b/src/test/digidollar_health_dca_tests.cpp
new file mode 100644
index 0000000000..0fbe221697
--- /dev/null
+++ b/src/test/digidollar_health_dca_tests.cpp
@@ -0,0 +1,186 @@
+// Copyright (c) 2026 The DigiByte Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <boost/test/unit_test.hpp>
+
+#include <chainparams.h>
+#include <consensus/amount.h>
+#include <consensus/dca.h>
+#include <consensus/digidollar.h>
+#include <consensus/err.h>
+#include <consensus/validation.h>
+#include <consensus/volatility.h>
+#include <digidollar/digidollar.h>
+#include <digidollar/health.h>
+#include <digidollar/txbuilder.h>
+#include <digidollar/validation.h>
+#include <key.h>
+#include <rpc/client.h>
+#include <rpc/server.h>
+#include <test/util/setup_common.h>
+#include <univalue.h>
+#include <util/strencodings.h>
+#include <util/string.h>
+
+#include <utility>
+#include <vector>
+
+BOOST_AUTO_TEST_SUITE(digidollar_health_dca_tests)
+
+namespace {
+
+static constexpr int WAVE1_HEIGHT{1000};
+static constexpr CAmount WAVE1_ORACLE_PRICE_MICRO_USD{500000};
+static constexpr CAmount WAVE1_DD_AMOUNT{10000};
+static constexpr int WAVE1_TEN_YEAR_DAYS{3650};
+static constexpr uint32_t WAVE1_TEN_YEAR_TIER{9};
+
+int ConsensusRatioForLockDays(int lock_days)
+{
+    return DigiDollar::GetCollateralRatioForLockTime(
+        DigiDollar::LockDaysToBlocks(lock_days), Params().GetDigiDollarParams());
+}
+
+struct DigiDollarHealthDCASetup : public TestingSetup {
+    DigiDollarHealthDCASetup() : TestingSetup(ChainType::REGTEST)
+    {
+        DigiDollar::SystemHealthMonitor::Initialize();
+        ResetSharedState();
+    }
+
+    ~DigiDollarHealthDCASetup()
+    {
+        ResetSharedState();
+        DigiDollar::SystemHealthMonitor::Shutdown();
+    }
+
+    void ResetSharedState()
+    {
+        DigiDollar::SystemHealthMonitor::ResetMetrics();
+        DigiDollar::Volatility::VolatilityMonitor::ClearHistory();
+        DigiDollar::ERR::EmergencyRedemptionRatio::ResetForTesting();
+    }
+
+    DigiDollar::SystemMetrics SeedCachedHealth120()
+    {
+        ResetSharedState();
+        DigiDollar::SystemHealthMonitor::OnMintConnected(WAVE1_DD_AMOUNT, 240 * COIN);
+        DigiDollar::SystemMetrics metrics = DigiDollar::SystemHealthMonitor::GetSystemMetrics();
+        BOOST_REQUIRE_EQUAL(metrics.systemHealth, 120);
+        return metrics;
+    }
+
+    DigiDollar::TxBuilderResult BuildBaseCollateralMint()
+    {
+        DigiDollar::MintTxBuilder builder(Params(), WAVE1_HEIGHT, WAVE1_ORACLE_PRICE_MICRO_USD);
+
+        CKey owner_key;
+        owner_key.MakeNewKey(true);
+
+        DigiDollar::TxBuilderMintParams params;
+        params.ddAmount = WAVE1_DD_AMOUNT;
+        params.lockDays = WAVE1_TEN_YEAR_DAYS;
+        params.lockTier = WAVE1_TEN_YEAR_TIER;
+        params.ownerKey = owner_key;
+        params.feeRate = 100000;
+        for (uint32_t i = 0; i < 8; ++i) {
+            params.utxos.emplace_back(uint256::ONE, i);
+        }
+
+        DigiDollar::TxBuilderResult result = builder.BuildMintTransaction(params);
+        if (result.success) {
+            bool kept_collateral_output = false;
+            std::vector<CTxOut> filtered_outputs;
+            for (const CTxOut& output : result.tx.vout) {
+                if (output.nValue > 0) {
+                    if (kept_collateral_output) continue;
+                    kept_collateral_output = true;
+                }
+                filtered_outputs.push_back(output);
+            }
+            result.tx.vout = std::move(filtered_outputs);
+        }
+        return result;
+    }
+
+    UniValue CallRPC(const std::string& args)
+    {
+        std::vector<std::string> v_args{SplitString(args, ' ')};
+        const std::string method = v_args.front();
+        v_args.erase(v_args.begin());
+
+        JSONRPCRequest request;
+        request.context = &m_node;
+        request.strMethod = method;
+        request.params = RPCConvertValues(method, v_args);
+        if (RPCIsInWarmup(nullptr)) SetRPCWarmupFinished();
+        return tableRPC.execute(request);
+    }
+};
+
+} // namespace
+
+BOOST_FIXTURE_TEST_CASE(wave1_stale_cached_health_cannot_allow_base_collateral_mint, DigiDollarHealthDCASetup)
+{
+    const DigiDollar::SystemMetrics current_metrics = SeedCachedHealth120();
+
+    DigiDollar::TxBuilderResult build = BuildBaseCollateralMint();
+    BOOST_REQUIRE_MESSAGE(build.success, build.error);
+
+    DigiDollar::ValidationContext stale_healthy_ctx(
+        WAVE1_HEIGHT, WAVE1_ORACLE_PRICE_MICRO_USD, 30000, Params());
+    TxValidationState state;
+    const bool accepted = DigiDollar::ValidateMintTransaction(CTransaction(build.tx), stale_healthy_ctx, state);
+
+    BOOST_CHECK_MESSAGE(!accepted,
+        "base-collateral mint accepted using stale healthy context while current cached health is "
+        << current_metrics.systemHealth << "%; reject_reason=" << state.GetRejectReason());
+    if (!accepted) {
+        const std::string reason = state.GetRejectReason();
+        BOOST_CHECK_MESSAGE(reason == "insufficient-collateral" || reason == "bad-collateral-ratio",
+            "expected health-source collateral rejection, observed reason=" << reason);
+    }
+}
+
+BOOST_FIXTURE_TEST_CASE(wave1_missing_post_activation_health_rejects_not_default_healthy, DigiDollarHealthDCASetup)
+{
+    ResetSharedState();
+    DigiDollar::SystemHealthMonitor::OnMintConnected(WAVE1_DD_AMOUNT, 240 * COIN);
+
+    const int health = DigiDollar::DCA::DynamicCollateralAdjustment::GetCurrentSystemHealth();
+    BOOST_CHECK_MESSAGE(health < 0,
+        "missing oracle/health data should fail closed after DD supply exists, observed health="
+        << health);
+}
+
+BOOST_FIXTURE_TEST_CASE(wave1_dca_err_rpc_quote_and_txbuilder_share_health_source, DigiDollarHealthDCASetup)
+{
+    const DigiDollar::SystemMetrics metrics = SeedCachedHealth120();
+    const int dca_health = DigiDollar::DCA::DynamicCollateralAdjustment::GetCurrentSystemHealth();
+    BOOST_REQUIRE_EQUAL(dca_health, metrics.systemHealth);
+
+    const int base_ratio = ConsensusRatioForLockDays(WAVE1_TEN_YEAR_DAYS);
+    const int expected_ratio = DigiDollar::DCA::DynamicCollateralAdjustment::ApplyDCA(base_ratio, dca_health);
+
+    BOOST_CHECK(!DigiDollar::ERR::EmergencyRedemptionRatio::ShouldBlockMinting(WAVE1_ORACLE_PRICE_MICRO_USD));
+
+    UniValue rpc_quote = CallRPC("calculatecollateralrequirement 10000 3650 500000");
+    BOOST_REQUIRE(rpc_quote.isObject());
+    BOOST_CHECK_EQUAL(rpc_quote["system_health"].getInt<int>(), dca_health);
+    BOOST_CHECK_EQUAL(rpc_quote["effective_ratio"].getInt<int>(), expected_ratio);
+
+    DigiDollar::ValidationContext current_ctx(WAVE1_HEIGHT, WAVE1_ORACLE_PRICE_MICRO_USD, dca_health, Params());
+    const CAmount consensus_required = DigiDollar::CalculateRequiredCollateral(
+        WAVE1_DD_AMOUNT, DigiDollar::LockDaysToBlocks(WAVE1_TEN_YEAR_DAYS), current_ctx);
+
+    DigiDollar::MintTxBuilder builder(Params(), WAVE1_HEIGHT, WAVE1_ORACLE_PRICE_MICRO_USD);
+    const CAmount txbuilder_required = builder.CalculateRequiredCollateral(WAVE1_DD_AMOUNT, WAVE1_TEN_YEAR_DAYS);
+
+    BOOST_CHECK_MESSAGE(txbuilder_required >= consensus_required,
+        "txbuilder collateral quote used a different health source: consensus_required="
+        << consensus_required << " txbuilder_required=" << txbuilder_required
+        << " health=" << dca_health);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_rpc_unit_tests.cpp b/src/test/digidollar_rpc_unit_tests.cpp
new file mode 100644
index 0000000000..1c3c4fd8cb
--- /dev/null
+++ b/src/test/digidollar_rpc_unit_tests.cpp
@@ -0,0 +1,140 @@
+// Copyright (c) 2026 The DigiByte Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <boost/test/unit_test.hpp>
+
+#include <chainparams.h>
+#include <consensus/amount.h>
+#include <consensus/digidollar.h>
+#include <digidollar/digidollar.h>
+#include <rpc/client.h>
+#include <rpc/digidollar.h>
+#include <rpc/server.h>
+#include <test/util/setup_common.h>
+#include <uint256.h>
+#include <univalue.h>
+#include <util/strencodings.h>
+#include <util/string.h>
+#include <wallet/context.h>
+#include <wallet/digidollarwallet.h>
+#include <wallet/test/util.h>
+#include <wallet/wallet.h>
+
+#include <algorithm>
+#include <memory>
+#include <optional>
+#include <string>
+#include <tinyformat.h>
+#include <vector>
+
+BOOST_AUTO_TEST_SUITE(digidollar_rpc_unit_tests)
+
+namespace {
+
+struct DigiDollarRPCUnitSetup : public TestingSetup {
+    DigiDollarRPCUnitSetup() : TestingSetup(ChainType::REGTEST) {}
+
+    UniValue CallNodeRPC(const std::string& args)
+    {
+        std::vector<std::string> v_args{SplitString(args, ' ')};
+        const std::string method = v_args.front();
+        v_args.erase(v_args.begin());
+
+        JSONRPCRequest request;
+        request.context = &m_node;
+        request.strMethod = method;
+        request.params = RPCConvertValues(method, v_args);
+        if (RPCIsInWarmup(nullptr)) SetRPCWarmupFinished();
+        return tableRPC.execute(request);
+    }
+
+    std::shared_ptr<wallet::CWallet> CreateWalletWithPositions()
+    {
+        auto wallet = std::make_shared<wallet::CWallet>(
+            m_node.chain.get(), "wave1-rpc-wallet", wallet::CreateMockableWalletDatabase());
+        wallet->LoadWallet();
+        wallet->EnsureDDWallet();
+        WITH_LOCK(wallet->cs_wallet, wallet->SetLastBlockProcessed(1000, uint256::ONE));
+
+        DigiDollarWallet* dd_wallet = wallet->GetDDWallet();
+        BOOST_REQUIRE(dd_wallet != nullptr);
+        dd_wallet->AddCollateralPosition(WalletCollateralPosition(
+            uint256S("00000000000000000000000000000000000000000000000000000000dd100001"),
+            50, COIN, 1, 1100));
+        dd_wallet->AddCollateralPosition(WalletCollateralPosition(
+            uint256S("00000000000000000000000000000000000000000000000000000000dd100002"),
+            150, 2 * COIN, 1, 1100));
+        dd_wallet->AddCollateralPosition(WalletCollateralPosition(
+            uint256S("00000000000000000000000000000000000000000000000000000000dd100003"),
+            10000, 300 * COIN, 9, 2000));
+
+        return wallet;
+    }
+};
+
+int LockDaysForTier(int tier)
+{
+    switch (tier) {
+    case 5: return 730;
+    case 6: return 1095;
+    case 7: return 1825;
+    case 8: return 2555;
+    default: return 3650;
+    }
+}
+
+int ConsensusRatioForTier(int tier)
+{
+    return DigiDollar::GetCollateralRatioForLockTime(
+        DigiDollar::LockDaysToBlocks(LockDaysForTier(tier)), Params().GetDigiDollarParams());
+}
+
+} // namespace
+
+BOOST_FIXTURE_TEST_CASE(wave1_list_positions_min_amount_filters_dd_cents_not_dgb_sats, DigiDollarRPCUnitSetup)
+{
+    wallet::WalletContext context;
+    context.args = m_node.args;
+    context.chain = m_node.chain.get();
+
+    std::shared_ptr<wallet::CWallet> wallet = CreateWalletWithPositions();
+    wallet::AddWallet(context, wallet);
+
+    JSONRPCRequest request;
+    request.context = &context;
+    request.strMethod = "listdigidollarpositions";
+    request.params = UniValue(UniValue::VARR);
+    request.params.push_back(true);
+    request.params.push_back(-1);
+    request.params.push_back("1.00");
+
+    UniValue result = listdigidollarpositions().HandleRequest(request);
+    wallet::RemoveWallet(context, wallet, std::nullopt);
+
+    BOOST_REQUIRE(result.isArray());
+    BOOST_CHECK_EQUAL(result.size(), 2U);
+
+    std::vector<CAmount> amounts;
+    for (const UniValue& position : result.getValues()) {
+        amounts.push_back(position["dd_minted"].getInt<int64_t>());
+    }
+    BOOST_CHECK(std::find(amounts.begin(), amounts.end(), 150) != amounts.end());
+    BOOST_CHECK(std::find(amounts.begin(), amounts.end(), 10000) != amounts.end());
+    BOOST_CHECK(std::find(amounts.begin(), amounts.end(), 50) == amounts.end());
+}
+
+BOOST_FIXTURE_TEST_CASE(wave1_estimatecollateral_matches_consensus_tiers_5_to_8, DigiDollarRPCUnitSetup)
+{
+    for (int tier = 5; tier <= 8; ++tier) {
+        UniValue result = CallNodeRPC(strprintf("estimatecollateral 10000 %d 500000", tier));
+        BOOST_REQUIRE(result.isObject());
+
+        const int expected_ratio = ConsensusRatioForTier(tier);
+        BOOST_CHECK_EQUAL(result["lock_tier"].getInt<int>(), tier);
+        BOOST_CHECK_EQUAL(result["base_ratio"].getInt<int>(), expected_ratio);
+        BOOST_CHECK_EQUAL(result["effective_ratio"].getInt<int>(), expected_ratio);
+    }
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_volatility_tests.cpp b/src/test/digidollar_volatility_tests.cpp
index b3e44676bc..5257ad3997 100644
--- a/src/test/digidollar_volatility_tests.cpp
+++ b/src/test/digidollar_volatility_tests.cpp
@@ -908,4 +908,52 @@ BOOST_FIXTURE_TEST_CASE(bug7_volatility_state_survives_restart, DigiDollarVolati
     }
 }
 
-BOOST_AUTO_TEST_SUITE_END()
\ No newline at end of file
+// ============================================================================
+// Wave 1 P0.7 Volatility Red-Phase Coverage
+// ============================================================================
+
+BOOST_FIXTURE_TEST_CASE(wave1_candidate_crossing_freeze_threshold_rejected_before_state_mutation, DigiDollarVolatilityTestSetup)
+{
+    VolatilityMonitor::RecordPrice(basePrice, mockTimestamp, mockHeight);
+    const std::vector<PricePoint> before_history = VolatilityMonitor::GetPriceHistory();
+    BOOST_REQUIRE_EQUAL(before_history.size(), 1U);
+
+    const CAmount freeze_candidate = basePrice * 121 / 100;
+    VolatilityMonitor::RecordPrice(freeze_candidate, mockTimestamp + 3600, mockHeight + 1);
+
+    const std::vector<PricePoint> after_history = VolatilityMonitor::GetPriceHistory();
+    const VolatilityState after_state = VolatilityMonitor::GetCurrentState();
+
+    BOOST_CHECK_MESSAGE(after_history.size() == before_history.size(),
+        "freeze-threshold candidate mutated price history; before="
+        << before_history.size() << " after=" << after_history.size());
+    BOOST_REQUIRE(!after_history.empty());
+    BOOST_CHECK_EQUAL(after_history.back().price, before_history.back().price);
+    BOOST_CHECK_MESSAGE(!after_state.mintingFrozen && !after_state.allOperationsFrozen,
+        "freeze-threshold candidate poisoned volatility state before acceptance");
+}
+
+BOOST_FIXTURE_TEST_CASE(wave1_invalid_candidate_price_does_not_poison_volatility_state, DigiDollarVolatilityTestSetup)
+{
+    VolatilityMonitor::RecordPrice(basePrice, mockTimestamp, mockHeight);
+    const std::vector<PricePoint> before_history = VolatilityMonitor::GetPriceHistory();
+    BOOST_REQUIRE_EQUAL(before_history.size(), 1U);
+
+    VolatilityMonitor::RecordPrice(0, mockTimestamp + 3600, mockHeight + 1);
+    VolatilityMonitor::RecordPrice(-basePrice, mockTimestamp + 7200, mockHeight + 2);
+
+    const std::vector<PricePoint> after_history = VolatilityMonitor::GetPriceHistory();
+    const VolatilityState after_state = VolatilityMonitor::GetCurrentState();
+
+    BOOST_CHECK_MESSAGE(after_history.size() == before_history.size(),
+        "invalid candidate prices mutated history; before="
+        << before_history.size() << " after=" << after_history.size());
+    BOOST_REQUIRE(!after_history.empty());
+    BOOST_CHECK_EQUAL(after_history.back().price, before_history.back().price);
+    BOOST_CHECK_SMALL(after_state.hourlyVolatility, 0.01);
+    BOOST_CHECK_SMALL(after_state.dailyVolatility, 0.01);
+    BOOST_CHECK(!after_state.mintingFrozen);
+    BOOST_CHECK(!after_state.allOperationsFrozen);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/test/digidollar_wallet_hd_tests.cpp b/src/test/digidollar_wallet_hd_tests.cpp
new file mode 100644
index 0000000000..429f49b090
--- /dev/null
+++ b/src/test/digidollar_wallet_hd_tests.cpp
@@ -0,0 +1,110 @@
+// Copyright (c) 2026 The DigiByte Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <boost/test/unit_test.hpp>
+
+#include <key.h>
+#include <test/util/setup_common.h>
+#include <uint256.h>
+#include <util/strencodings.h>
+#include <wallet/digidollarwallet.h>
+#include <wallet/test/util.h>
+#include <wallet/test/wallet_test_fixture.h>
+#include <wallet/wallet.h>
+
+#include <fstream>
+#include <iterator>
+#include <string>
+#include <vector>
+
+BOOST_FIXTURE_TEST_SUITE(digidollar_wallet_hd_tests, wallet::WalletTestingSetup)
+
+namespace {
+
+std::string ReadRepoFile(const std::vector<std::string>& candidates)
+{
+    for (const std::string& path : candidates) {
+        std::ifstream in(path);
+        if (in) {
+            return std::string(std::istreambuf_iterator<char>(in), std::istreambuf_iterator<char>());
+        }
+    }
+    BOOST_FAIL("could not read repository source file for Qt/RPC wallet-path test");
+    return {};
+}
+
+} // namespace
+
+BOOST_AUTO_TEST_CASE(wave1_qt_and_rpc_mint_paths_use_hd_owner_derivation)
+{
+    const std::string qt_source = ReadRepoFile({"src/qt/walletmodel.cpp", "qt/walletmodel.cpp"});
+    const std::string rpc_source = ReadRepoFile({"src/rpc/digidollar.cpp", "rpc/digidollar.cpp"});
+
+    BOOST_CHECK_NE(qt_source.find("GetHDKeyForDigiDollar(\"dd-owner\")"), std::string::npos);
+    BOOST_CHECK_NE(rpc_source.find("GetHDKeyForDigiDollar(\"dd-owner\")"), std::string::npos);
+}
+
+BOOST_AUTO_TEST_CASE(wave1_qt_persists_owner_key_before_broadcast)
+{
+    const std::string qt_source = ReadRepoFile({"src/qt/walletmodel.cpp", "qt/walletmodel.cpp"});
+
+    const size_t mint_pos = qt_source.find("WalletModel::mintDigiDollar");
+    BOOST_REQUIRE_NE(mint_pos, std::string::npos);
+    const size_t next_method_pos = qt_source.find("\nWalletModel::", mint_pos + 1);
+    const std::string mint_source = next_method_pos == std::string::npos
+        ? qt_source.substr(mint_pos)
+        : qt_source.substr(mint_pos, next_method_pos - mint_pos);
+
+    const size_t commit_pos = mint_source.find("commitTransaction");
+    const size_t store_pos = mint_source.find("StoreOwnerKey(positionId, ownerKey)");
+
+    BOOST_REQUIRE_NE(commit_pos, std::string::npos);
+    BOOST_REQUIRE_NE(store_pos, std::string::npos);
+    BOOST_CHECK_MESSAGE(store_pos < commit_pos,
+        "Qt mint path stores DD owner key after broadcast; StoreOwnerKey offset="
+        << store_pos << " commitTransaction offset=" << commit_pos);
+}
+
+BOOST_AUTO_TEST_CASE(wave1_non_hd_wallet_fails_clearly_for_dd_owner_key)
+{
+    wallet::CWallet non_hd_wallet(m_node.chain.get(), "wave1-non-hd", wallet::CreateMockableWalletDatabase());
+    non_hd_wallet.LoadWallet();
+    non_hd_wallet.SetWalletFlag(wallet::WALLET_FLAG_DISABLE_PRIVATE_KEYS);
+
+    CKey owner_key;
+    {
+        LOCK(non_hd_wallet.cs_wallet);
+        owner_key = non_hd_wallet.GetHDKeyForDigiDollar("dd-owner");
+    }
+
+    BOOST_CHECK_MESSAGE(!owner_key.IsValid(),
+        "non-HD/private-key-disabled wallet produced a random valid DD owner key instead of failing clearly");
+}
+
+BOOST_AUTO_TEST_CASE(wave1_persisted_qt_minted_owner_key_recovers_after_wallet_reload)
+{
+    m_wallet.EnsureDDWallet();
+    DigiDollarWallet* dd_wallet = m_wallet.GetDDWallet();
+    BOOST_REQUIRE(dd_wallet != nullptr);
+
+    const uint256 position_id = uint256S("00000000000000000000000000000000000000000000000000000000dd000001");
+    CKey owner_key;
+    owner_key.MakeNewKey(true);
+    dd_wallet->StoreOwnerKey(position_id, owner_key);
+
+    auto restored_db = wallet::DuplicateMockDatabase(m_wallet.GetDatabase());
+    wallet::CWallet restored_wallet(m_node.chain.get(), "wave1-restored", std::move(restored_db));
+    restored_wallet.LoadWallet();
+    restored_wallet.EnsureDDWallet();
+
+    DigiDollarWallet* restored_dd_wallet = restored_wallet.GetDDWallet();
+    BOOST_REQUIRE(restored_dd_wallet != nullptr);
+    BOOST_CHECK_GE(restored_dd_wallet->LoadDDOwnerKeys(), 1U);
+
+    CKey recovered_key;
+    BOOST_REQUIRE(restored_dd_wallet->GetOwnerKey(position_id, recovered_key));
+    BOOST_CHECK(recovered_key.GetPubKey() == owner_key.GetPubKey());
+}
+
+BOOST_AUTO_TEST_SUITE_END()

From d8d0583fb892c414f1e1dcc8c6c9478c2e4c5030 Mon Sep 17 00:00:00 2001
From: JohnnyLawDGB <johnnylaw2021@protonmail.com>
Date: Sun, 3 May 2026 16:39:25 -0500
Subject: [PATCH 20/22] =?UTF-8?q?fix(rpc/wallet):=20RC33=20battery=20clean?=
 =?UTF-8?q?up=20=E2=80=94=20clearer=20errors=20+=20correct=20response=20fi?=
 =?UTF-8?q?elds?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Five user-reachable defects surfaced by the Apr 30 – May 2 RC33 security battery.
None affects safety, all undermine audit posture under the commercial-grade bar.

T1-A: mintdigidollar / estimatecollateral docstrings hardcoded mainnet limits
      (max $100K) but testnet enforces $10K, regtest $1K. Docstring now
      enumerates per-network limits and points callers at runtime checks.

T1-B: calculatecollateralrequirement silently bucketed arbitrary lock_days into
      the next consensus tier (and extrapolated past 3650 to 200%). Advisory
      diverged from mintdigidollar's strict lock_tier 0-9 enforcement, so a
      caller asking "100 days?" got a quote for a position they couldn't mint.
      Now strict-matches against the consensus tier set; rejects unknown days
      with a list of valid ones.

T2-C: TransferTxBuilder::ValidateTransferParams returned a generic "Invalid
      transfer parameters" for every failure mode (bad address, sub-min amount,
      missing key, bad fee rate, etc). Now plumbs a specific reason string
      via an optional out-parameter so the caller surfaces actionable detail.

T2-D: TransferDigiDollar reported "No spendable DD UTXOs found. Make sure mint
      transaction is confirmed." for ALL SelectDDCoins failures, including
      cases where the wallet had ample confirmed UTXOs but no input combination
      produced ≥minOutput change (dust-change rejection). Now distinguishes:
      no UTXOs (original message), insufficient total (with figures), and
      dust-change-unavoidable (with min cents) so integrators can act.

T2-A/B: senddigidollar / sendmanydigidollar response always reported
        inputs_used: 0 and fee_paid: 0.00000000 because the post-build
        mapWallet lookup raced against the wallet's own indexing. Now plumbs
        the authoritative fee + vin count out of TxBuilderResult via new
        out-parameters on TransferDigiDollar{,Many}, eliminating the race.

T4-A: getoracleprice price_cents truncated sub-cent prices to 0 (integer
      division priceMicroUSD / 10000). Now uses round-half-up so the field at
      least matches the standard "round to nearest" convention; help text
      now points sub-cent callers at price_micro_usd. (At DGB's current
      ~$0.0037 price, prices below 0.5 cent still round to 0 — that's
      arithmetically correct rather than a truncation bug.)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/digidollar/txbuilder.cpp    | 49 ++++++++++---------
 src/digidollar/txbuilder.h      |  3 +-
 src/rpc/digidollar.cpp          | 83 +++++++++++++++++++++------------
 src/wallet/digidollarwallet.cpp | 41 +++++++++++++---
 src/wallet/digidollarwallet.h   |  8 +++-
 5 files changed, 123 insertions(+), 61 deletions(-)

diff --git a/src/digidollar/txbuilder.cpp b/src/digidollar/txbuilder.cpp
index bf139dd938..4ba8105808 100644
--- a/src/digidollar/txbuilder.cpp
+++ b/src/digidollar/txbuilder.cpp
@@ -457,11 +457,16 @@ CAmount TransferTxBuilder::GetDDFromUTXO(const COutPoint& outpoint) const {
     return 5000; // Default: $50.00 in cents for testing
 }
 
-bool TransferTxBuilder::ValidateTransferParams(const TxBuilderTransferParams& params) const {
+bool TransferTxBuilder::ValidateTransferParams(const TxBuilderTransferParams& params, std::string* reason) const {
+    auto fail = [&](const std::string& msg) {
+        LogPrintf("DigiDollar: ValidateTransferParams FAILED - %s\n", msg);
+        if (reason) *reason = msg;
+        return false;
+    };
+
     // Must have recipients
     if (params.recipients.empty()) {
-        LogPrintf("DigiDollar: ValidateTransferParams FAILED - No recipients\n");
-        return false;
+        return fail("No recipients specified");
     }
 
     // Validate all recipient addresses and amounts
@@ -471,25 +476,26 @@ bool TransferTxBuilder::ValidateTransferParams(const TxBuilderTransferParams& pa
     for (const auto& [address, amount] : params.recipients) {
         // Validate address format
         if (!ValidateDDAddress(address)) {
-            LogPrintf("DigiDollar: ValidateTransferParams FAILED - Invalid address: %s\n", address);
-            return false;
+            return fail(strprintf("Invalid DD address: %s", address));
         }
 
         // Validate amount ranges
         if (amount <= 0) {
-            LogPrintf("DigiDollar: ValidateTransferParams FAILED - Non-positive amount: %d\n", amount);
-            return false; // No zero or negative amounts
+            return fail(strprintf("Recipient amount must be positive (got %lld cents)",
+                                  static_cast<long long>(amount)));
         }
 
         if (amount < minOutput) {
-            LogPrintf("DigiDollar: ValidateTransferParams FAILED - Below dust threshold: %d < %d\n", amount, minOutput);
-            return false; // Below dust threshold
+            return fail(strprintf("Recipient amount %lld cents is below DD minimum output (%lld cents / $%.2f)",
+                                  static_cast<long long>(amount),
+                                  static_cast<long long>(minOutput),
+                                  static_cast<double>(minOutput) / 100.0));
         }
 
         // Check maximum single transfer limit ($100,000)
         if (amount > 10000000) { // $100,000.00 in cents
-            LogPrintf("DigiDollar: ValidateTransferParams FAILED - Exceeds max transfer: %d > 10000000\n", amount);
-            return false;
+            return fail(strprintf("Recipient amount %lld cents exceeds maximum single-transfer limit ($100,000 / 10000000 cents)",
+                                  static_cast<long long>(amount)));
         }
 
         totalOutput += amount;
@@ -497,20 +503,18 @@ bool TransferTxBuilder::ValidateTransferParams(const TxBuilderTransferParams& pa
 
     // Must have DD inputs
     if (params.ddUtxos.empty()) {
-        LogPrintf("DigiDollar: ValidateTransferParams FAILED - No DD UTXOs\n");
-        return false;
+        return fail("No DD UTXOs provided to fund the transfer");
     }
 
     // Validate key
     if (!params.spenderKey.IsValid()) {
-        LogPrintf("DigiDollar: ValidateTransferParams FAILED - Invalid spender key\n");
-        return false;
+        return fail("Spender key is missing or invalid");
     }
 
     // Validate fee rate
     if (!ValidateFeeRate(params.feeRate)) {
-        LogPrintf("DigiDollar: ValidateTransferParams FAILED - Invalid fee rate: %d\n", params.feeRate);
-        return false;
+        return fail(strprintf("Invalid DGB fee rate: %lld sat/kB",
+                              static_cast<long long>(params.feeRate)));
     }
 
     LogPrintf("DigiDollar: ValidateTransferParams PASSED\n");
@@ -588,10 +592,13 @@ bool TransferTxBuilder::SelectDDInputs(const std::vector<CTxOut>& available, CAm
 TxBuilderResult TransferTxBuilder::BuildTransferTransaction(const TxBuilderTransferParams& params) {
     TxBuilderResult result;
 
-    // Validate parameters
-    if (!ValidateTransferParams(params)) {
-        result.error = "Invalid transfer parameters";
-        return result;
+    // Validate parameters; capture specific reason instead of generic catch-all.
+    {
+        std::string reason;
+        if (!ValidateTransferParams(params, &reason)) {
+            result.error = reason.empty() ? "Invalid transfer parameters" : reason;
+            return result;
+        }
     }
 
     // Calculate totals and check DD conservation
diff --git a/src/digidollar/txbuilder.h b/src/digidollar/txbuilder.h
index 07b599197e..ece74a65da 100644
--- a/src/digidollar/txbuilder.h
+++ b/src/digidollar/txbuilder.h
@@ -190,7 +190,8 @@ class TransferTxBuilder : public TxBuilder {
 public:
     using TxBuilder::TxBuilder;
     TxBuilderResult BuildTransferTransaction(const TxBuilderTransferParams& params);
-    bool ValidateTransferParams(const TxBuilderTransferParams& params) const;
+    // If reason is non-null and validation fails, populates with a specific error message.
+    bool ValidateTransferParams(const TxBuilderTransferParams& params, std::string* reason = nullptr) const;
     CAmount CalculateTotalDDInput(const std::vector<CTxOut>& inputs,
                                   const std::vector<CAmount>& amounts) const;
     CScript CreateDDTransferScript(const CPubKey& recipient, CAmount amount) const;
diff --git a/src/rpc/digidollar.cpp b/src/rpc/digidollar.cpp
index 10dda03a8a..3f0083e495 100644
--- a/src/rpc/digidollar.cpp
+++ b/src/rpc/digidollar.cpp
@@ -534,7 +534,7 @@ static RPCHelpMan calculatecollateralrequirement()
                 "the exact amount of DGB needed for a given DD mint amount and lock period.\n",
                 {
                     {"dd_amount_cents", RPCArg::Type::NUM, RPCArg::Optional::NO, "DigiDollar amount to mint in cents (e.g., 10000 = $100)"},
-                    {"lock_days", RPCArg::Type::NUM, RPCArg::Optional::NO, "Lock period in days (30, 90, 180, 365, 1095, 1825, 2555, or 3650)"},
+                    {"lock_days", RPCArg::Type::NUM, RPCArg::Optional::NO, "Lock period in days. Must be one of the consensus tiers: 30, 90, 180, 365, 730, 1095, 1825, 2555, or 3650. (For the sub-day testing tier, use estimatecollateral with lock_tier 0.)"},
                     {"oracle_price", RPCArg::Type::NUM, RPCArg::Optional::OMITTED, "DGB price in cents per DGB (uses current price if omitted)"}
                 },
                 RPCResult{
@@ -620,11 +620,34 @@ static RPCHelpMan calculatecollateralrequirement()
             // Convert lock days to blocks
             int64_t lockBlocks = DigiDollar::LockDaysToBlocks(lockDays);
 
+            // Strict validation: lockDays must map to an exact tier. The underlying
+            // GetCollateralRatioForLockTime is intentionally lenient (silently buckets
+            // intermediate durations to the next tier), but the advisory RPC must match
+            // the strict tier set actually accepted by mintdigidollar. Otherwise callers
+            // get a quote for a position they cannot construct.
+            if (ddParams.collateralRatios.find(lockBlocks) == ddParams.collateralRatios.end()) {
+                std::string validDays;
+                bool first = true;
+                for (const auto& [blocks, ratio] : ddParams.collateralRatios) {
+                    // Skip sub-day tiers (e.g. 240-block testing tier) — they cannot
+                    // be selected via lockDays since the RPC requires lockDays > 0.
+                    int days = static_cast<int>(blocks / DigiDollar::BLOCKS_PER_DAY);
+                    if (days < 1) continue;
+                    if (!first) validDays += ", ";
+                    validDays += strprintf("%d", days);
+                    first = false;
+                }
+                throw JSONRPCError(RPC_INVALID_PARAMETER,
+                    strprintf("Invalid lock period: %d days. Valid periods (in days): %s. "
+                              "For sub-day tiers (e.g. 1-hour testing), use estimatecollateral with lock_tier 0.",
+                              lockDays, validDays));
+            }
+
             // Get base collateral ratio
             int baseRatio = DigiDollar::GetCollateralRatioForLockTime(lockBlocks, ddParams);
             if (baseRatio <= 0) {
                 throw JSONRPCError(RPC_INVALID_PARAMETER,
-                    strprintf("Invalid lock period: %d days. Valid periods: 30, 90, 180, 365, 1095, 1825, 2555, 3650", lockDays));
+                    strprintf("Invalid lock period: %d days", lockDays));
             }
 
             // Get current system health
@@ -774,7 +797,7 @@ RPCHelpMan mintdigidollar()
                 "Creates a new DigiDollar position by locking DGB as collateral.\n"
                 "The amount of collateral required depends on the lock period and current system health.\n",
                 {
-                    {"dd_amount", RPCArg::Type::NUM, RPCArg::Optional::NO, "Amount of DigiDollar to mint in cents (min 10000/$100, max 10000000/$100K)", RPCArgOptions{.skip_type_check = true}},
+                    {"dd_amount", RPCArg::Type::NUM, RPCArg::Optional::NO, "Amount of DigiDollar to mint in cents (limits per network: mainnet 10000-10000000 / $100-$100K; testnet 10000-1000000 / $100-$10K; regtest 1-100000 / $0.01-$1K). Use getdigidollarstats or estimatecollateral to check current chain limits.", RPCArgOptions{.skip_type_check = true}},
                     {"lock_tier", RPCArg::Type::NUM, RPCArg::Optional::NO, "Lock tier 0-9 (0=1h testing, 1=30d, 2=90d, 3=180d, 4=1y, 5=2y, 6=3y, 7=5y, 8=7y, 9=10y)", RPCArgOptions{.skip_type_check = true}},
                     {"fee_rate", RPCArg::Type::NUM, RPCArg::Optional::OMITTED, "Fee rate in sat/kB (default: 100000)", RPCArgOptions{.skip_type_check = true}}
                 },
@@ -1317,8 +1340,11 @@ RPCHelpMan senddigidollar()
             std::string txid;
             std::string error;
             CAmount dd_change = 0;
+            CAmount dgb_fee = 0;
+            int inputs_used = 0;
             LogPrintf("DigiDollar RPC: Calling TransferDigiDollar()...\n");
-            bool success = dd_wallet->TransferDigiDollar(dd_address, amount, txid, error, &dd_change);
+            bool success = dd_wallet->TransferDigiDollar(dd_address, amount, txid, error,
+                                                         &dd_change, &dgb_fee, &inputs_used);
             LogPrintf("DigiDollar RPC: TransferDigiDollar() returned success=%d\n", success);
 
             if (!success) {
@@ -1331,31 +1357,15 @@ RPCHelpMan senddigidollar()
                     strprintf("Transfer failed: %s", error));
             }
 
-            // Build result
+            // Build result. Fee/inputs come straight from the freshly-built tx via
+            // out-parameters so we don't race against mapWallet indexing.
             UniValue result(UniValue::VOBJ);
             result.pushKV("txid", txid);
             result.pushKV("to_address", addressStr);
             result.pushKV("amount", amount);  // Bug #11/25 fix: raw integer cents, not ValueFromAmount
             result.pushKV("status", "success");
-
-            // Bug #11/25 fix: Compute actual fee, inputs, and change from the wallet transaction
-            {
-                uint256 hash;
-                hash.SetHex(txid);
-                LOCK(pwallet->cs_wallet);
-                auto it = pwallet->mapWallet.find(hash);
-                if (it != pwallet->mapWallet.end()) {
-                    const wallet::CWalletTx& wtx = it->second;
-                    CAmount debit = wallet::CachedTxGetDebit(*pwallet, wtx, wallet::ISMINE_ALL);
-                    CAmount credit = wallet::CachedTxGetCredit(*pwallet, wtx, wallet::ISMINE_ALL);
-                    CAmount fee = debit - credit;
-                    result.pushKV("fee_paid", ValueFromAmount(fee > 0 ? fee : 0));
-                    result.pushKV("inputs_used", static_cast<int>(wtx.tx->vin.size()));
-                } else {
-                    result.pushKV("fee_paid", ValueFromAmount(0));
-                    result.pushKV("inputs_used", 0);
-                }
-            }
+            result.pushKV("fee_paid", ValueFromAmount(dgb_fee > 0 ? dgb_fee : 0));
+            result.pushKV("inputs_used", inputs_used);
             result.pushKV("change_amount", dd_change);
 
             // Optional: Add comment to wallet transaction if provided
@@ -1476,7 +1486,11 @@ RPCHelpMan sendmanydigidollar()
 
             std::string txid;
             std::string error;
-            bool success = dd_wallet->TransferDigiDollarMany(recipients, txid, error);
+            CAmount dd_change = 0;
+            CAmount dgb_fee = 0;
+            int inputs_used = 0;
+            bool success = dd_wallet->TransferDigiDollarMany(recipients, txid, error,
+                                                             &dd_change, &dgb_fee, &inputs_used);
             if (!success) {
                 if (error.find("dd-input-amounts-unknown") != std::string::npos) {
                     throw JSONRPCError(RPC_WALLET_ERROR,
@@ -1491,6 +1505,9 @@ RPCHelpMan sendmanydigidollar()
             result.pushKV("amounts", result_amounts);
             result.pushKV("total_amount", total_amount);
             result.pushKV("status", "success");
+            result.pushKV("fee_paid", ValueFromAmount(dgb_fee > 0 ? dgb_fee : 0));
+            result.pushKV("inputs_used", inputs_used);
+            result.pushKV("change_amount", dd_change);
             if (OptionalParamIsSet(request, 2) && !request.params[2].get_str().empty()) {
                 result.pushKV("comment", request.params[2].get_str());
             }
@@ -2670,7 +2687,7 @@ static RPCHelpMan estimatecollateral()
                 "\nEstimate DGB collateral requirement for minting DigiDollar.\n"
                 "Calculates the required DGB amount based on DD amount, lock tier, and current system conditions.\n",
                 {
-                    {"dd_amount", RPCArg::Type::NUM, RPCArg::Optional::NO, "DigiDollar amount to mint in cents (min 10000/$100, max 10000000/$100K)"},
+                    {"dd_amount", RPCArg::Type::NUM, RPCArg::Optional::NO, "DigiDollar amount to mint in cents (limits per network: mainnet 10000-10000000 / $100-$100K; testnet 10000-1000000 / $100-$10K; regtest 1-100000 / $0.01-$1K)."},
                     {"lock_tier", RPCArg::Type::NUM, RPCArg::Optional::NO, "Lock tier 0-9 (0=1h testing, 1=30d, 2=90d, 3=180d, 4=1y, 5=2y, 6=3y, 7=5y, 8=7y, 9=10y)"},
                     {"oracle_price_micro_usd", RPCArg::Type::NUM, RPCArg::Optional::OMITTED, "Custom DGB price in micro-USD (1,000,000 = $1.00). Uses current oracle if omitted."}
                 },
@@ -3175,7 +3192,7 @@ static RPCHelpMan getoracleprice()
                     RPCResult::Type::OBJ, "", "",
                     {
                         {RPCResult::Type::NUM, "price_micro_usd", "Current DGB price in micro-USD (1,000,000 = $1.00)"},
-                        {RPCResult::Type::NUM, "price_cents", "Current DGB price in cents per DGB"},
+                        {RPCResult::Type::NUM, "price_cents", "Current DGB price in cents per DGB (round-half-up; for sub-cent precision use price_micro_usd)"},
                         {RPCResult::Type::NUM, "price_usd", "Current DGB price in USD (full precision)"},
                         {RPCResult::Type::NUM, "last_update_height", "Block height of last price update"},
                         {RPCResult::Type::NUM, "last_update_time", "Timestamp of last update"},
@@ -3229,8 +3246,10 @@ static RPCHelpMan getoracleprice()
                     if (mockPrice > 0) {
                         usingMockOracle = true;
                         priceMicroUSD = mockPrice;
-                        // Convert micro-USD to cents with full precision
-                        priceCents = priceMicroUSD / 10000;  // integer division: micro-USD to cents
+                        // Convert micro-USD to cents using round-half-up so sub-cent prices
+                        // don't silently floor to 0. (e.g. 5000 µUSD = $0.005 → 1 cent, not 0)
+                        // For full precision, callers should use price_micro_usd.
+                        priceCents = (priceMicroUSD + 5000) / 10000;
                         priceUSD = static_cast<double>(priceMicroUSD) / 1000000.0;
                         // Mock oracle is always "current" - use current time
                         lastBundleTime = GetTime();
@@ -3246,8 +3265,10 @@ static RPCHelpMan getoracleprice()
             if (!usingMockOracle) {
                 // Get the raw micro-USD price from the oracle (full precision)
                 priceMicroUSD = oracle_manager.GetLatestPrice();
-                // Derive cents from the same micro-USD source (integer division)
-                priceCents = priceMicroUSD / 10000;
+                // Derive cents using round-half-up so sub-cent prices don't silently floor
+                // to 0. (e.g. 5000 µUSD = $0.005 → 1 cent, not 0). For full precision
+                // callers should use price_micro_usd.
+                priceCents = (priceMicroUSD + 5000) / 10000;
                 // Calculate true USD price from micro-USD (full precision)
                 priceUSD = static_cast<double>(priceMicroUSD) / 1000000.0;
 
diff --git a/src/wallet/digidollarwallet.cpp b/src/wallet/digidollarwallet.cpp
index 41b7d1d968..f4c0f8e543 100644
--- a/src/wallet/digidollarwallet.cpp
+++ b/src/wallet/digidollarwallet.cpp
@@ -1136,7 +1136,9 @@ bool DigiDollarWallet::IsLockedByDD(const COutPoint& outpoint) const
 
 bool DigiDollarWallet::TransferDigiDollarMany(const std::vector<std::pair<CDigiDollarAddress, CAmount>>& recipients,
                                              std::string& txid, std::string& error,
-                                             CAmount* dd_change_out) {
+                                             CAmount* dd_change_out,
+                                             CAmount* dgb_fee_out,
+                                             int* inputs_used_out) {
     auto locks = LockDDWallet();
     // Clear previous results
     txid.clear();
@@ -1209,9 +1211,27 @@ bool DigiDollarWallet::TransferDigiDollarMany(const std::vector<std::pair<CDigiD
         CAmount selectedDDTotal = 0;
         std::vector<CAmount> selected_dd_amounts;
         if (!SelectDDCoins(totalAmount, params.ddUtxos, selectedDDTotal, &selected_dd_amounts)) {
-            // CRITICAL: Do NOT use mock UTXOs - they cause "bad-txns-inputs-missingorspent" errors!
-            error = "No spendable DD UTXOs found. Make sure mint transaction is confirmed.";
-            LogPrintf("DigiDollar: Transfer failed - no DD UTXOs available\n");
+            // SelectDDCoins fails for three distinct reasons; report each precisely so
+            // integrators don't chase the wrong cause. The historical message conflated
+            // all three under "mint not confirmed yet."
+            auto utxos = GetDDUTXOs();
+            if (utxos.empty()) {
+                error = "No spendable DD UTXOs found. Make sure mint transaction is confirmed.";
+            } else {
+                CAmount totalSpendable = 0;
+                for (const auto& u : utxos) totalSpendable += u.dd_amount;
+                const CAmount minOut = Params().GetDigiDollarParams().minOutputAmount;
+                if (totalSpendable < totalAmount) {
+                    error = strprintf(
+                        "Insufficient DD balance for transfer: have %lld cents across %zu spendable UTXOs, need %lld cents",
+                        static_cast<long long>(totalSpendable), utxos.size(), static_cast<long long>(totalAmount));
+                } else {
+                    error = strprintf(
+                        "Cannot construct DD transfer: no input combination yields valid change (would produce sub-minimum dust output below %lld cents). Try a different amount or consolidate UTXOs.",
+                        static_cast<long long>(minOut));
+                }
+            }
+            LogPrintf("DigiDollar: Transfer failed - SelectDDCoins rejected; error=%s\n", error);
             return false;
         }
 
@@ -1448,6 +1468,12 @@ bool DigiDollarWallet::TransferDigiDollarMany(const std::vector<std::pair<CDigiD
             return false;
         }
 
+        // Capture authoritative fee + input count from the freshly-built tx so the RPC
+        // response doesn't need to round-trip through mapWallet (which is racy: the tx
+        // may not be indexed by the time the response is built).
+        if (dgb_fee_out) *dgb_fee_out = result.totalFees;
+        if (inputs_used_out) *inputs_used_out = static_cast<int>(result.tx.vin.size());
+
         // Sign the transaction before broadcasting
         LogPrintf("DigiDollar: Signing transaction with %d DD inputs and %d fee inputs\n",
                   params.ddUtxos.size(), params.feeUtxos.size());
@@ -1646,8 +1672,11 @@ bool DigiDollarWallet::TransferDigiDollarMany(const std::vector<std::pair<CDigiD
 
 bool DigiDollarWallet::TransferDigiDollar(const CDigiDollarAddress& to, CAmount amount,
                                           std::string& txid, std::string& error,
-                                          CAmount* dd_change_out) {
-    return TransferDigiDollarMany({{to, amount}}, txid, error, dd_change_out);
+                                          CAmount* dd_change_out,
+                                          CAmount* dgb_fee_out,
+                                          int* inputs_used_out) {
+    return TransferDigiDollarMany({{to, amount}}, txid, error, dd_change_out,
+                                  dgb_fee_out, inputs_used_out);
 }
 
 CAmount DigiDollarWallet::GetDDBalanceLegacy() const {
diff --git a/src/wallet/digidollarwallet.h b/src/wallet/digidollarwallet.h
index 47073331a0..9b884087f9 100644
--- a/src/wallet/digidollarwallet.h
+++ b/src/wallet/digidollarwallet.h
@@ -493,11 +493,15 @@ class DigiDollarWallet {
      */
     bool TransferDigiDollarMany(const std::vector<std::pair<CDigiDollarAddress, CAmount>>& recipients,
                                 std::string& txid, std::string& error,
-                                CAmount* dd_change_out = nullptr);
+                                CAmount* dd_change_out = nullptr,
+                                CAmount* dgb_fee_out = nullptr,
+                                int* inputs_used_out = nullptr);
 
     bool TransferDigiDollar(const CDigiDollarAddress& to, CAmount amount,
                             std::string& txid, std::string& error,
-                            CAmount* dd_change_out = nullptr);
+                            CAmount* dd_change_out = nullptr,
+                            CAmount* dgb_fee_out = nullptr,
+                            int* inputs_used_out = nullptr);
 
     /**
      * Get current DD balance (legacy method)

From f89b70055aebdc4dbbe75f7edafd00beabcccaeb Mon Sep 17 00:00:00 2001
From: JohnnyLawDGB <johnnylaw2021@protonmail.com>
Date: Tue, 5 May 2026 06:20:14 -0500
Subject: [PATCH 21/22] fix(rpc/wallet): three deeper RC33 battery defects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

T3-A (wallet stale state after redeem): redeemdigidollar would happily build a
duplicate redeem tx for an already-closed position. Consensus rejected it
(bad-collateral-release-excessive, ~460 DGB over) but the wallet had no
guard. Now checks pos.is_active before building; rejects with a clear message
and notes that the wallet will reactivate on reorg/drop.

  Reproduction (RC33): redeem position → success → redeem same position again
  → "Redemption transaction rejected by mempool: bad-collateral-release-excessive"
  Fix verified: returns "Position … has already been redeemed. If a prior redeem
  transaction was dropped or reorged out, the wallet will reactivate the
  position automatically."

T4-B (consensus_price_micro_usd=0 while reporters agree): ScanOracleDataFromChain
  only set res.consensus_price when an on-chain bundle was found within the scan
  window. If the most recent bundle was older than the freshness check, the field
  read 0 even though 16 oracles were live and agreeing. Added a fallback: derive
  the consensus from the assembled oracle_data (median), or fall back to
  OracleIntegration::GetCurrentOraclePriceMicroUSD() so getalloracleprices and
  getoracleprice stay internally consistent.

  Fix verified: getalloracleprices now returns
  consensus_price_micro_usd: 3840 (matches the 15 reporting oracles).

T5-A (wallet always consumed ALL DD UTXOs): SelectDDCoins sorted smallest-first
  and combined until target_amount + valid change. With (100×30, 7000) and a
  5000-cent target, it consumed all 31 inputs. Under nation-state bar this is a
  privacy leak (every send reveals total DD balance) and a fee-weaponization
  vector (an attacker can permanently inflate the victim's tx size by bombing
  dust DD UTXOs).

  Replaced with two-pass best-fit-then-largest-first:
    1. Best-fit single: smallest single UTXO that covers the target with valid
       change. One input, no consume-all behavior.
    2. Fallback: largest-first greedy when no single UTXO fits.
  Existing dust-change guard handles unsalvageable cases (returns false, then
  T2-D's clearer error fires).

  Fix verified: send 4900 from (100, 9900) → 1 DD input (the 9900 UTXO),
  change 5000, 100-cent UTXO preserved. Old behavior would have used 2 DD
  inputs and consumed the 100.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/rpc/digidollar.cpp          | 41 ++++++++++++++++++++++++
 src/wallet/digidollarwallet.cpp | 55 +++++++++++++++++++++++----------
 2 files changed, 80 insertions(+), 16 deletions(-)

diff --git a/src/rpc/digidollar.cpp b/src/rpc/digidollar.cpp
index 3f0083e495..1f553da05a 100644
--- a/src/rpc/digidollar.cpp
+++ b/src/rpc/digidollar.cpp
@@ -1744,8 +1744,19 @@ RPCHelpMan redeemdigidollar()
                 std::vector<WalletCollateralPosition> positions = ddWallet->GetDDTimeLocks(false);
 
                 bool found = false;
+                bool foundButClosed = false;
                 for (const auto& pos : positions) {
                     if (pos.dd_timelock_id == positionId) {
+                        if (!pos.is_active) {
+                            // Position has already been redeemed (or marked inactive).
+                            // Refuse to build a duplicate redeem tx — the original may
+                            // still be in mempool or already confirmed, and a duplicate
+                            // would over-release collateral and be rejected by consensus
+                            // (bad-collateral-release-excessive). If a prior redeem was
+                            // dropped/reorged the wallet will reactivate the position.
+                            foundButClosed = true;
+                            break;
+                        }
                         // Found the position in wallet's cache!
                         redeemParams.collateralAmount = pos.dgb_collateral;
                         redeemParams.ddMinted = pos.dd_minted;
@@ -1760,6 +1771,11 @@ RPCHelpMan redeemdigidollar()
                         break;
                     }
                 }
+                if (foundButClosed) {
+                    throw JSONRPCError(RPC_INVALID_PARAMETER,
+                        strprintf("Position %s has already been redeemed. If a prior redeem transaction was dropped or reorged out, the wallet will reactivate the position automatically.",
+                                  positionIdStr));
+                }
 
                 if (!found) {
                     LogPrintf("DigiDollar: WARNING - Position not found in wallet cache, using fallback\n");
@@ -3724,6 +3740,31 @@ static OracleScanResult ScanOracleDataFromChain(
         }
     }
 
+    // 4. Consensus fallback. If no fresh on-chain bundle was found in the scan
+    // window, derive consensus from the assembled oracle_data so the response
+    // doesn't report consensus_price=0 while listing N oracles all agreeing.
+    // Use the median of reporting oracles; this matches the IQR-median consensus
+    // logic used elsewhere and is internally consistent with the oracle list
+    // we are about to return.
+    if (res.consensus_price == 0) {
+        std::vector<uint64_t> prices;
+        prices.reserve(res.oracle_data.size());
+        for (const auto& [id, od] : res.oracle_data) {
+            if (od.has_data && od.price_micro_usd > 0) {
+                prices.push_back(od.price_micro_usd);
+            }
+        }
+        if (!prices.empty()) {
+            std::sort(prices.begin(), prices.end());
+            // Median (lower for even-count to remain deterministic).
+            res.consensus_price = prices[prices.size() / 2];
+        } else {
+            // Last resort: same source getoracleprice uses, so the two RPCs agree.
+            CAmount latest = OracleIntegration::GetCurrentOraclePriceMicroUSD();
+            if (latest > 0) res.consensus_price = static_cast<uint64_t>(latest);
+        }
+    }
+
     return res;
 }
 
diff --git a/src/wallet/digidollarwallet.cpp b/src/wallet/digidollarwallet.cpp
index f4c0f8e543..93558a5f2b 100644
--- a/src/wallet/digidollarwallet.cpp
+++ b/src/wallet/digidollarwallet.cpp
@@ -5163,12 +5163,6 @@ bool DigiDollarWallet::SelectDDCoins(const CAmount& target_amount, std::vector<C
         return false;
     }
 
-    // Greedy selection: Sort by amount (smallest first for better privacy)
-    std::sort(available_utxos.begin(), available_utxos.end(),
-              [](const DDUtxo& a, const DDUtxo& b) {
-                  return a.dd_amount < b.dd_amount;
-              });
-
     // DD outputs have a consensus-enforced minimum amount. Since DD conservation
     // is exact, any change output must be either zero (exact spend) or at least
     // minOutputAmount. A naive "first total >= target" selector can pick a UTXO
@@ -5176,19 +5170,48 @@ bool DigiDollarWallet::SelectDDCoins(const CAmount& target_amount, std::vector<C
     // only fails at mempool admission with transfer-dd-amount-below-minimum.
     const CAmount min_change = Params().GetDigiDollarParams().minOutputAmount;
 
-    // Select UTXOs until target amount met
-    // FIXED: Now selects ALL DD UTXOs (both minted and received)
-    // Signing logic properly handles both types:
-    //  - Minted DD: Uses custom owner keys from dd_owner_keys map
-    //  - Received DD: Uses wallet's regular key management
+    auto valid_change = [&](CAmount sel) {
+        CAmount c = sel - target_amount;
+        return sel >= target_amount && (c == 0 || c >= min_change);
+    };
+
+    // Pass 1: best-fit single UTXO. Find the smallest single UTXO that covers
+    // the target with valid change (exact-match or change >= min_change). Using
+    // a single input when one fits avoids the "consume-all" behavior that turned
+    // every transfer into a wallet-balance reveal and let an attacker inflate
+    // future fees by bombing the address with dust UTXOs.
+    {
+        std::vector<DDUtxo> sorted_asc(available_utxos);
+        std::sort(sorted_asc.begin(), sorted_asc.end(),
+                  [](const DDUtxo& a, const DDUtxo& b) { return a.dd_amount < b.dd_amount; });
+        for (const auto& utxo : sorted_asc) {
+            if (valid_change(utxo.dd_amount)) {
+                selected_utxos.push_back(utxo.outpoint);
+                selected_total = utxo.dd_amount;
+                if (amounts) amounts->push_back(utxo.dd_amount);
+                LogPrintf("DigiDollar: SelectDDCoins - Best-fit single UTXO %s:%u (%lld cents, change %lld)\n",
+                          utxo.outpoint.hash.ToString(), utxo.outpoint.n,
+                          static_cast<long long>(utxo.dd_amount),
+                          static_cast<long long>(selected_total - target_amount));
+                LogPrintf("DigiDollar: SelectDDCoins - SUCCESS: 1 UTXO, change %lld cents\n",
+                          static_cast<long long>(selected_total - target_amount));
+                return true;
+            }
+        }
+    }
+
+    // Pass 2: largest-first greedy. No single UTXO fit; combine starting from
+    // the largest available so we converge on the target with the fewest inputs
+    // and the smallest residual change above min. Smallest-first would consume
+    // every dust UTXO regardless of need (T5-A); largest-first uses the minimum
+    // necessary, then the existing dust-change guard rejects unsalvageable cases.
+    std::sort(available_utxos.begin(), available_utxos.end(),
+              [](const DDUtxo& a, const DDUtxo& b) { return a.dd_amount > b.dd_amount; });
     for (const auto& utxo : available_utxos) {
-        CAmount current_change = selected_total - target_amount;
-        if (selected_total >= target_amount && (current_change == 0 || current_change >= min_change)) break;
+        if (valid_change(selected_total)) break;
 
         selected_utxos.push_back(utxo.outpoint);
         selected_total += utxo.dd_amount;
-
-        // Store individual amounts if requested (CRITICAL FIX #7)
         if (amounts) amounts->push_back(utxo.dd_amount);
 
         LogPrintf("DigiDollar: SelectDDCoins - Selected UTXO %s:%u (%lld cents, total: %lld)\n",
@@ -5197,7 +5220,7 @@ bool DigiDollarWallet::SelectDDCoins(const CAmount& target_amount, std::vector<C
     }
 
     CAmount change = selected_total - target_amount;
-    bool success = selected_total >= target_amount && (change == 0 || change >= min_change);
+    bool success = valid_change(selected_total);
 
     if (!success) {
         LogPrintf("DigiDollar: SelectDDCoins - FAILED: need %lld, selected %lld, change %lld (minimum DD change is %lld unless exact)\n",

From 7f4d35875546a93e601326065c593fc2ef083173 Mon Sep 17 00:00:00 2001
From: JohnnyLawDGB <johnnylaw2021@protonmail.com>
Date: Sun, 10 May 2026 08:51:07 -0500
Subject: [PATCH 22/22] test: align unit expectations with RC33 battery cleanup
 behavior
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CI on PR #405 reported 4 unit-test failures caused by tests that hardcoded
the OLD behavior I deliberately replaced. (The other 5 failures upstream CI
reported were verified pre-existing on plain feature/digidollar-v1 HEAD —
they are wave1 red-team tests gating fixes that haven't landed yet.)

- digidollar_txbuilder_tests/transfer_transaction_invalid_address:
  expected the generic "Invalid transfer parameters" catch-all that
  ValidateTransferParams used to return. Now expects the specific
  "Invalid DD address" reason that the per-failure plumbing produces.

- digidollar_rpc_tests/test_lock_blocks_calculation:
  passed lock_days=1 (which the strict-validation T1-B fix rejects, since
  1 day is not a canonical tier) and used 5760 as the expected lock_blocks.
  Switched to the smallest documented tier (30 days, 172800 blocks).

- digidollar_rpc_tests/test_oracle_price_format:
  asserted price_cents == micro_usd / 10000 (floor). T4-A switched to
  round-half-up so sub-cent prices don't silently floor to 0; updated the
  expected formula to (micro_usd + 5000) / 10000.

- digidollar_wallet_tests/test_select_dd_coins_exact_match:
  asserted the smallest-first selector's "first total >= target" output
  (2 UTXOs, total 35000) for a target where one UTXO is an exact match.
  T5-A's best-fit-first selector now picks the single 250-DD UTXO; updated
  the assertions to selected.size() == 1, total == 25000.

- digidollar_wallet_tests/test_select_dd_coins_multiple_utxos:
  asserted ≥3 UTXOs for a 300-DD target where no single UTXO covers.
  T5-A's largest-first fallback combines 200 + 150 = 350 in 2 UTXOs.

After these test updates, this branch's failing-test set is byte-identical
to plain upstream/feature/digidollar-v1 HEAD (19 pre-existing wave1 red-team
failures, all unrelated to this PR's surface).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/test/digidollar_rpc_tests.cpp       | 18 +++++++++++-------
 src/test/digidollar_txbuilder_tests.cpp |  7 +++++--
 src/test/digidollar_wallet_tests.cpp    | 21 ++++++++++++++-------
 3 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/src/test/digidollar_rpc_tests.cpp b/src/test/digidollar_rpc_tests.cpp
index 1df804cb7a..41dac4ae37 100644
--- a/src/test/digidollar_rpc_tests.cpp
+++ b/src/test/digidollar_rpc_tests.cpp
@@ -511,8 +511,9 @@ BOOST_FIXTURE_TEST_CASE(test_oracle_price_format, DigiDollarRPCTestSetup)
         int64_t micro_usd = result["price_micro_usd"].getInt<int64_t>();
         // USD should match micro-USD exactly
         BOOST_CHECK_CLOSE(usd, static_cast<double>(micro_usd) / 1000000.0, 0.001);
-        // Cents uses integer division: micro_usd / 10000
-        BOOST_CHECK_EQUAL(cents, micro_usd / 10000);
+        // price_cents uses round-half-up so sub-cent prices don't silently floor
+        // to 0 (callers needing sub-cent precision should use price_micro_usd).
+        BOOST_CHECK_EQUAL(cents, (micro_usd + 5000) / 10000);
     }
 }
 
@@ -547,15 +548,18 @@ BOOST_FIXTURE_TEST_CASE(test_dd_amount_calculation, DigiDollarRPCTestSetup)
 // Test 26: Lock Blocks Calculation
 BOOST_FIXTURE_TEST_CASE(test_lock_blocks_calculation, DigiDollarRPCTestSetup)
 {
-    // DigiByte has 15 second blocks, so:
-    // 1 day = 86400 seconds / 15 = 5760 blocks
-    UniValue result = CallRPC("calculatecollateralrequirement 10000 1");
+    // DigiByte has 15 second blocks: 1 day = 86400 / 15 = 5760 blocks.
+    // calculatecollateralrequirement only accepts canonical tier values (the RPC
+    // rejects arbitrary lock_days to keep advisory math aligned with mintdigidollar's
+    // strict lock_tier enforcement). Use the smallest documented tier (30 days) and
+    // verify the per-day conversion factor.
+    UniValue result = CallRPC("calculatecollateralrequirement 10000 30");
 
     BOOST_CHECK(result.exists("lock_blocks"));
     int64_t lockBlocks = result["lock_blocks"].getInt<int64_t>();
 
-    // Should be approximately 5760 blocks per day (within 1%)
-    double expectedBlocks = 5760.0;
+    // 30 days * 5760 blocks/day = 172800 blocks (within 1%)
+    double expectedBlocks = 30.0 * 5760.0;
     double actualBlocks = static_cast<double>(lockBlocks);
     BOOST_CHECK_CLOSE(actualBlocks, expectedBlocks, 1.0);
 }
diff --git a/src/test/digidollar_txbuilder_tests.cpp b/src/test/digidollar_txbuilder_tests.cpp
index f3354ced7a..7ce72ba6f9 100644
--- a/src/test/digidollar_txbuilder_tests.cpp
+++ b/src/test/digidollar_txbuilder_tests.cpp
@@ -288,8 +288,11 @@ BOOST_AUTO_TEST_CASE(transfer_transaction_invalid_address)
 
     BOOST_CHECK(!result.success);
     BOOST_CHECK(!result.error.empty());
-    // Should get "Invalid transfer parameters" error
-    BOOST_CHECK(result.error.find("Invalid transfer parameters") != std::string::npos);
+    // Should get a specific "Invalid DD address" error pointing at the offending input.
+    // (Previously this returned the generic "Invalid transfer parameters" catch-all,
+    // which forced integrators to grep logs to learn what was wrong. The validator
+    // now plumbs a per-failure reason.)
+    BOOST_CHECK(result.error.find("Invalid DD address") != std::string::npos);
 }
 
 BOOST_AUTO_TEST_CASE(redeem_transaction_basic)
diff --git a/src/test/digidollar_wallet_tests.cpp b/src/test/digidollar_wallet_tests.cpp
index d8963f9fcb..0034071caa 100644
--- a/src/test/digidollar_wallet_tests.cpp
+++ b/src/test/digidollar_wallet_tests.cpp
@@ -1878,15 +1878,18 @@ BOOST_FIXTURE_TEST_CASE(test_select_dd_coins_exact_match, DDWalletTestFixture)
     wallet.AddMockPosition(InsecureRand256(), 25000, 250*COIN, 2, 100);   // 250 DD
     wallet.AddMockPosition(InsecureRand256(), 50000, 500*COIN, 3, 100);   // 500 DD
 
-    // Test: Select exactly 250 DD (greedy should select 100 + 250 = 350)
+    // Test: Select 250 DD. Best-fit-first selector picks the smallest single UTXO
+    // that covers the target with valid change — here, the 250-DD UTXO is an exact
+    // match (change == 0) so it is chosen alone. Old smallest-first selector would
+    // have combined 100 + 250 to reach 350; that wasted an input.
     std::vector<COutPoint> selected;
     CAmount total = 0;
     bool result = wallet.SelectDDCoins(25000, selected, total);
 
     BOOST_CHECK_EQUAL(result, true);
-    BOOST_CHECK_GE(total, 25000);  // Should have at least 250 DD
-    BOOST_CHECK_EQUAL(selected.size(), 2);  // Greedy: 100 + 250
-    BOOST_CHECK_EQUAL(total, 35000);  // 100 + 250 = 350 DD
+    BOOST_CHECK_GE(total, 25000);
+    BOOST_CHECK_EQUAL(selected.size(), 1);  // Best-fit single (exact match)
+    BOOST_CHECK_EQUAL(total, 25000);        // 250 DD exact
 }
 
 BOOST_FIXTURE_TEST_CASE(test_select_dd_coins_insufficient_balance, DDWalletTestFixture)
@@ -1916,14 +1919,18 @@ BOOST_FIXTURE_TEST_CASE(test_select_dd_coins_multiple_utxos, DDWalletTestFixture
     wallet.AddMockPosition(InsecureRand256(), 15000, 150*COIN, 2, 100);  // 150 DD
     wallet.AddMockPosition(InsecureRand256(), 20000, 200*COIN, 2, 100);  // 200 DD
 
-    // Test: Select 300 DD (should use greedy: 50+100+150 = 300)
+    // Test: Select 300 DD. No single UTXO ≥ 300 exists (max is 200), so the
+    // selector falls through best-fit and runs largest-first greedy: 200 + 150 =
+    // 350 covers the target with valid 50-DD change. Old smallest-first would
+    // have combined 50 + 100 + 150 = 300 (3 UTXOs); largest-first uses 2.
     std::vector<COutPoint> selected;
     CAmount total = 0;
     bool result = wallet.SelectDDCoins(30000, selected, total);
 
     BOOST_CHECK_EQUAL(result, true);
-    BOOST_CHECK_GE(total, 30000);  // At least 300 DD
-    BOOST_CHECK_GE(selected.size(), 3);  // At least 3 UTXOs (50+100+150)
+    BOOST_CHECK_GE(total, 30000);
+    BOOST_CHECK_EQUAL(selected.size(), 2);  // Largest-first greedy: 200 + 150
+    BOOST_CHECK_EQUAL(total, 35000);        // 200 + 150 = 350 DD
 }
 
 BOOST_FIXTURE_TEST_CASE(test_select_dd_coins_empty_wallet, DDWalletTestFixture)