scrtlabs · cboh4 · Nov 17, 2025 · Nov 24, 2025 · Nov 26, 2025 · Nov 26, 2025
@@ -268,6 +268,19 @@ jobs:
   Build-LocalSecret:
     runs-on: ubuntu-22.04
     steps:
+      - name: Free Disk Space
+        run: |
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+          sudo docker system prune -af
+          df -h    
+      - name: Check disk space after cleanup
+        run: |
+            df -h
+            echo "=== Checking large directories ==="
+            du -sh /usr/share/dotnet 2>/dev/null || echo "dotnet not found"
+            du -sh /usr/local/lib/android 2>/dev/null || echo "android not found"
+            du -sh /opt/ghc 2>/dev/null || echo "ghc not found"
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:

@@ -91,9 +91,9 @@ block-verifier = { path = "../shared/block-verifier", optional = true }
 time = "=0.3.17"
 ed25519-dalek = { version = "1.0", default-features = false }
 sha2 = "0.10"
-tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] }
-tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false }
-tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] }
+tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] }
+tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false }
+tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] }
 rsa = { version = "0.9", default-features = false, features = ["sha2"] }
 base64ct = { version = "1.6", default-features = false, features = ["alloc"] }
 

@@ -219,9 +219,7 @@ enclave {
             [in, count=in_encrypted_random_len] const uint8_t* in_encrypted_random,
             uintptr_t in_encrypted_random_len,
             [out, count=32] uint8_t* decrypted,
-            [out, count=32] uint8_t* next_validator_set_evidence,
-            [in, count=in_cron_msgs_len] const uint8_t* in_cron_msgs,
-            uintptr_t in_cron_msgs_len
+            [out, count=32] uint8_t* next_validator_set_evidence
         );
     };
 

@@ -17,8 +17,6 @@ pub unsafe extern "C" fn ecall_submit_block_signatures(
     in_encrypted_random_len: u32,
     decrypted_random: &mut [u8; 32],
     next_validator_set_evidence: &mut [u8; 32],
-    in_cron_msgs: *const u8,
-    in_cron_msgs_len: u32,
 ) -> sgx_status_t {
     #[cfg(feature = "light-client-validation")]
     {
@@ -33,8 +31,6 @@ pub unsafe extern "C" fn ecall_submit_block_signatures(
             in_encrypted_random_len,
             decrypted_random,
             next_validator_set_evidence,
-            in_cron_msgs,
-            in_cron_msgs_len,
         )
     }
 

@@ -19,9 +19,9 @@ sgx_types = { rev = "d2d339cbb005f676bb700059bd51dc689c025f6b", git = "https://g
 
 [dependencies]
 sha2 = "0.10"
-tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] }
-tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false }
-tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] }
+tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] }
+tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false }
+tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] }
 lazy_static = "1.4.0"
 log = "0.4.17"
 

@@ -37,8 +37,6 @@ pub unsafe fn submit_block_signatures_impl(
     in_encrypted_random_len: u32,
     decrypted_random: &mut [u8; 32],
     next_validator_set_evidence: &mut [u8; 32],
-    in_cron_msgs: *const u8,
-    in_cron_msgs_len: u32,
 ) -> sgx_status_t {
     if let Err(e) = validate_inputs(
         in_header,
@@ -64,12 +62,6 @@ pub unsafe fn submit_block_signatures_impl(
         &[]
     };
 
-    let cron_msgs_slice = if in_cron_msgs_len != 0 && !in_cron_msgs.is_null() {
-        slice::from_raw_parts(in_cron_msgs, in_cron_msgs_len as usize)
-    } else {
-        &[]
-    };
-
     let (validator_set, height) = {
         let extra = KEY_MANAGER.extra_data.lock().unwrap();
         let validator_set = match extra.decode_validator_set() {
@@ -94,55 +86,13 @@ pub unsafe fn submit_block_signatures_impl(
 
     let txs = unwrap_or_return!(crate::verify::txs::validate_txs(txs_slice, &header));
 
-    let cron_msgs = if !cron_msgs_slice.is_empty() {
-        let msgs = crate::txs::txs_from_bytes(cron_msgs_slice).map_err(|e| {
-            error!("Error parsing cron msgs from proto: {:?}", e);
-            sgx_status_t::SGX_ERROR_INVALID_PARAMETER
-        });
-        if msgs.is_err() {
-            error!("Error parsing cron msgs from proto: {:?}", msgs);
-            return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
-        }
-        Some(msgs.unwrap())
-    } else {
-        None
-    };
-
     let mut message_verifier = VERIFIED_BLOCK_MESSAGES.lock().unwrap();
 
     if message_verifier.remaining() != 0 {
         // new block, clear messages
         message_verifier.clear();
     }
 
-    if let Some(implicit_hash_val) = header.header.implicit_hash {
-        let mut hasher = Sha256::new();
-        hasher.update(cron_msgs_slice);
-        let hash_result = hasher.finalize();
-        let hash_result: [u8; 32] = hash_result.into();
-
-        let implicit_hash = tendermint::Hash::Sha256(hash_result);
-
-        if implicit_hash != implicit_hash_val {
-            error!("Implicit hash does not match header implicit hash");
-            return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
-        }
-    } else if !cron_msgs_slice.is_empty() {
-        error!("Implicit hash not specified, yet implicit msgs provided");
-        return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
-    }
-
-    if let Some(cron_msgs) = cron_msgs {
-        for msg in cron_msgs {
-            let parsed_cron_msg = unwrap_or_return!(tx_from_bytes(msg.as_slice()).map_err(|_| {
-                error!("Unable to parse tx bytes from proto");
-                sgx_status_t::SGX_ERROR_INVALID_PARAMETER
-            }));
-
-            message_verifier.append_msg_from_tx(parsed_cron_msg);
-        }
-    }
-
     for tx in txs.iter() {
         // doing this a different way makes the code unreadable or requires creating a copy of
 

@@ -44,7 +44,6 @@ pub fn validate_block_header(
         signed_header: &signed_header,
         validators: validator_set,
         next_validators: None,
-        implicit_hash: signed_header.header.implicit_hash,
     };
 
     let result = verify_block(&untrusted_block);

@@ -32,6 +32,6 @@ serde = { git = "https://github.com/mesalock-linux/serde-sgx", features = [
   "derive"
 ] }
 serde_json = { git = "https://github.com/mesalock-linux/serde-json-sgx" }
-tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false }
-tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] }
+tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false }
+tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] }
 enclave_crypto = { path = "../crypto" }
@@ -18,8 +18,6 @@ extern "C" {
         in_encrypted_random_len: u32,
         decrypted_random: &mut [u8; 32],
         next_validator_set_evidence: &mut [u8; 32],
-        in_cron_msgs: *const u8,
-        in_cron_msgs_len: u32,
     ) -> sgx_status_t;
 }
 
@@ -28,7 +26,6 @@ pub fn untrusted_submit_block_signatures(
     commit: &[u8],
     txs: &[u8],
     encrypted_random: &[u8],
-    cron_msgs: &[u8],
 ) -> SgxResult<([u8; 32], [u8; 32])> {
     debug!("Hello from just before - untrusted_submit_block_signatures");
 
@@ -39,7 +36,7 @@ pub fn untrusted_submit_block_signatures(
     // this is here so we can
     loop {
         let (retval, decrypted, next_validator_set_evidence, status) =
-            submit_block_signature_impl(header, commit, txs, encrypted_random, cron_msgs)?;
+            submit_block_signature_impl(header, commit, txs, encrypted_random)?;
         if status != sgx_status_t::SGX_SUCCESS {
             return Err(status);
         } else if retval != sgx_status_t::SGX_SUCCESS {
@@ -69,7 +66,6 @@ fn submit_block_signature_impl(
     commit: &[u8],
     txs: &[u8],
     encrypted_random: &[u8],
-    cron_msgs: &[u8],
 ) -> SgxResult<(sgx_status_t, [u8; 32], [u8; 32], sgx_status_t)> {
     // Bind the token to a local variable to ensure its
     // destructor runs in the end of the function
@@ -102,8 +98,6 @@ fn submit_block_signature_impl(
             encrypted_random.len() as u32,
             &mut random_decrypted,
             &mut next_validator_set_evidence,
-            cron_msgs.as_ptr(),
-            cron_msgs.len() as u32,
         )
     };
 

@@ -70,7 +70,7 @@ ENV FEATURES=${FEATURES}
 ENV FEATURES_U=${FEATURES_U}
 ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551}
 
-RUN git clone --branch header-implicit-hash --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git
+RUN git clone --branch pass-scheduled-msgs --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git
 
 WORKDIR tm-secret-enclave
 

@@ -253,7 +253,6 @@ TwoBuffers submit_block_signatures(Buffer header,
                                    Buffer commit,
                                    Buffer txs,
                                    Buffer random,
-                                   Buffer cron_msgs,
                                    Buffer *err);
 
 void submit_validator_set_evidence(Buffer evidence, Buffer *err);

@@ -47,7 +47,7 @@ func HealthCheck() ([]byte, error) {
 	return receiveVector(res), nil
 }
 
-func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom []byte, cronMsgs []byte /* valSet []byte, nextValSet []byte */) ([]byte, []byte, error) {
+func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom []byte /* valSet []byte, nextValSet []byte */) ([]byte, []byte, error) {
 	errmsg := C.Buffer{}
 	spidSlice := sendSlice(header)
 	defer freeAfterSend(spidSlice)
@@ -57,10 +57,8 @@ func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom [
 	defer freeAfterSend(encRandomSlice)
 	txsSlice := sendSlice(txs)
 	defer freeAfterSend(txsSlice)
-	cronMsgsSlice := sendSlice(cronMsgs)
-	defer freeAfterSend(cronMsgsSlice)
 
-	res, err := C.submit_block_signatures(spidSlice, apiKeySlice, txsSlice, encRandomSlice, cronMsgsSlice /* valSetSlice, nextValSetSlice,*/, &errmsg)
+	res, err := C.submit_block_signatures(spidSlice, apiKeySlice, txsSlice, encRandomSlice /* valSetSlice, nextValSetSlice,*/, &errmsg)
 	if err != nil {
 		return nil, nil, errorWithMessage(err, errmsg)
 	}

@@ -39,7 +39,7 @@ func InitBootstrap(spid []byte, apiKey []byte) ([]byte, error) {
 	return nil, nil
 }
 
-func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, random []byte, cronmsgs []byte /* valSet []byte, nextValSet []byte*/) ([]byte, []byte, error) {
+func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, random []byte /* valSet []byte, nextValSet []byte*/) ([]byte, []byte, error) {
 	return nil, nil, nil
 }
 

@@ -247,7 +247,6 @@ pub extern "C" fn submit_block_signatures(
     commit: Buffer,
     txs: Buffer,
     random: Buffer,
-    cron_msgs: Buffer,
     // val_set: Buffer,
     // next_val_set: Buffer,
     err: Option<&mut Buffer>,
@@ -286,10 +285,6 @@ pub extern "C" fn submit_block_signatures(
         Some(r) => r,
     };
 
-    let cron_msgs_slice = match unsafe { cron_msgs.read() } {
-        None => &[],
-        Some(r) => r,
-    };
     // let val_set_slice = match unsafe { val_set.read() } {
     //     None => {
     //         set_error(Error::empty_arg("api_key"), err);
@@ -311,8 +306,8 @@ pub extern "C" fn submit_block_signatures(
         commit_slice,
         txs_slice,
         random_slice,
-        cron_msgs_slice, // val_set_slice,
-                         // next_val_set_slice,
+        // val_set_slice,
+        // next_val_set_slice,
     ) {
         Err(e) => {
             set_error(Error::enclave_err(e.to_string()), err);

@@ -8,8 +8,8 @@ replace (
 	cosmossdk.io/api => github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0
 	cosmossdk.io/store => github.com/scrtlabs/cosmos-sdk-store v1.1.1-secret.1
 	cosmossdk.io/x/tx => github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0
-	github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v0.38.19-secret.0
-	github.com/cosmos/cosmos-sdk => github.com/scrtlabs/cosmos-sdk v0.50.14-secret.4
+	github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v0.38.19-secret.1
+	github.com/cosmos/cosmos-sdk => github.com/scrtlabs/cosmos-sdk v0.50.14-secret.7
 	github.com/cosmos/iavl => github.com/scrtlabs/iavl v1.2.2-secret.0
 	github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
 
@@ -76,7 +76,7 @@ require (
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/mock v1.6.0
 	github.com/hashicorp/go-metrics v0.5.3
-	github.com/scrtlabs/tm-secret-enclave v1.13.0
+	github.com/scrtlabs/tm-secret-enclave v1.13.1
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
 	gopkg.in/yaml.v2 v2.4.0
 )

@@ -1609,8 +1609,8 @@ github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWR
 github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
 github.com/sasha-s/go-deadlock v0.3.5 h1:tNCOEEDG6tBqrNDOX35j/7hL5FcFViG6awUGROb2NsU=
 github.com/sasha-s/go-deadlock v0.3.5/go.mod h1:bugP6EGbdGYObIlx7pUZtWqlvo8k9H6vCBBsiChJQ5U=
-github.com/scrtlabs/cosmos-sdk v0.50.14-secret.4 h1:YU8JJIC2LGoZ3Z8+ezgv8WI21XKxVPMOUjsbaPtw+yc=
-github.com/scrtlabs/cosmos-sdk v0.50.14-secret.4/go.mod h1:otdpIqWbky7zjfzbcoAOHC0BwHruG9MWemfMx9f+rKk=
+github.com/scrtlabs/cosmos-sdk v0.50.14-secret.7 h1:D6KNM8+qfHA9uW3+tru36OpHp2j+Qye2i5tg5/MPCs8=
+github.com/scrtlabs/cosmos-sdk v0.50.14-secret.7/go.mod h1:/0g1Kvg6WMZRbI5KfyDEQl/Zy30n6CzAkDa2Fs5B1PU=
 github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0 h1:9IGLySVhC2qSrxT3fZvvqwjKsnXWSSKnywQDzT8y1Gs=
 github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0/go.mod h1:IcxpYS5fMemZGqyYtErK7OqvdM0C8kdW3dq8Q/XIG38=
 github.com/scrtlabs/cosmos-sdk-store v1.1.1-secret.1 h1:TELtwBkSg0xBrs2ObFE0pVVWF6E31fPCDX2tk8OiJPo=
@@ -1619,10 +1619,10 @@ github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0 h1:i3k5706sDHKhaCvzokB+n33/
 github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0/go.mod h1:V6DImnwJMTq5qFjeGWpXNiT/fjgE4HtmclRmTqRVM3w=
 github.com/scrtlabs/iavl v1.2.2-secret.0 h1:P96PL1Lf8OBSW9pMrlaRxhceZ4z9Hc7jk12g9ShWeHw=
 github.com/scrtlabs/iavl v1.2.2-secret.0/go.mod h1:GiM43q0pB+uG53mLxLDzimxM9l/5N9UuSY3/D0huuVw=
-github.com/scrtlabs/tendermint v0.38.19-secret.0 h1:LwmTBt3Wze8esiyV+EtkMzp5fUINnlovgOIXJbZFBnk=
-github.com/scrtlabs/tendermint v0.38.19-secret.0/go.mod h1:dNi/ShIl1T2f3bCYdoDY2tU4cbKGeyFgWIJSFJ9HSBI=
-github.com/scrtlabs/tm-secret-enclave v1.13.0 h1:a2xH0G96chEM8Ntwlq/Fh36r4dg0ijKWTaOy0oqFsqg=
-github.com/scrtlabs/tm-secret-enclave v1.13.0/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME=
+github.com/scrtlabs/tendermint v0.38.19-secret.1 h1:NxZ21CS6INBjL2QCL087/BJLb1NAIeoY07mHasTuqKs=
+github.com/scrtlabs/tendermint v0.38.19-secret.1/go.mod h1:CZUJG1djTJUVbpjGS9JmQx9CFfF4goKi3LzYUQtxWO8=
+github.com/scrtlabs/tm-secret-enclave v1.13.1 h1:0mXcBdoWyqEGhQEdbXMjSuTi9LKKMld2BqEj0eNpoxU=
+github.com/scrtlabs/tm-secret-enclave v1.13.1/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=