THORChain v3.17.0 is a record release, with over 100 merged requests. This acceleration is largely driven by Huginn AI, which helps handle minor issues and repetitive tasks, allowing developers to focus on higher-impact work.

While no major new features are introduced, this upgrade focuses on what matters most: improving stability, security, and overall user experience across the network.

Release Overview
1️⃣ For All Chads
-RUNE Supply & Treasury Changes
-Swap Experience Improvements
-Major Chain and Token Upgrades

2️⃣ For Advanced Chads
-Chain Fixes
-Swap Engine Fixes
-Memoless Enhancements
-API & Integrator Improvements
-Bifrost and Signing
-Solvency & Accounting
-Security Hardening
-Observations & P2P
-Testing, CI, Infrastructure & Documentation

1️⃣ FOR ALL CHADS

RUNE Supply & Treasury Changes

🔹RUNE Supply Restructure (ADR-023) !4687

Implements the RUNE supply restructuring by reducing the effective supply held in the reserve, aligning total supply more closely with circulating supply. This improves transparency around tokenomics and ensures metrics like FDV better reflect the actual economic reality of the network.

🔹ADR-025: Dev Fund Migration !4699

Introduces a new governance proposal to migrate the development fund from a single custodian to a 2-of-3 multisig. This improves decentralisation of fund control and updates the long-term governance structure around development funding.

🔹Dev Fund Address Update !4698

Implements the migration of the development fund to the new multisig address, ensuring future fund distributions follow the updated governance structure.

🔹Retire Bug Bounty Program !4700

Removes the existing bug bounty program, including payout structures and scope definitions, while preserving responsible disclosure channels. This reflects a shift in how security reporting is managed going forward.

🔹Over-Solvency Sweep to Treasury !4572

Redirects over-solvency sweep proceeds to a dedicated treasury address instead of the reserve. This updates how excess funds are routed and improves treasury-level accounting.

Swap Experience Improvement

🔹Stable-to-Stable Fee Override !4686

Introduces a configurable minimum slip parameter for stable-to-stable swaps, allowing the protocol to override default fee behaviour in low-volatility pairs. This improves fee consistency and gives more control over pricing dynamics in stable asset swaps.

🔹Operational EnableMemolessOutbound !4706

Enables operational control over memoless outbound transactions via Mimir, allowing the feature to be rolled out without requiring full node consensus. This makes it easier to activate and manage memoless outbounds progressively, reducing coordination overhead for upgrades.

Major Chain and Token Upgrades

🔹XUSK Added as Switch Asset !4662

Adds support for xUSK as a switch asset, enabling users to migrate legacy Kujira USK positions into the THORChain ecosystem. This helps facilitate recovery of funds and transitions liquidity to more active infrastructure.

🔹Litecoin Taproot Address Support !4615

Adds support for Litecoin Taproot (bech32m) addresses, ensuring compatibility with newer address formats. This prevents potential outbound failures and improves reliability for LTC transactions.

2️⃣ FOR ADVANCED CHADS

Chain Fixes

🔸Solana Double Spend Prevention !4704

Fixes a critical edge case where Solana outbound transactions could be signed twice under certain conditions, leading to a potential double spend. The update ensures the signer cache is always checked before signing and properly updated even in case of broadcast failures, improving safety and reliability for Solana transactions.

🔸Solana Transaction Hash Fix !4694

Fixes an issue where Solana transaction hashes were incorrectly modified, making them invalid and untraceable on-chain. The update preserves the correct case-sensitive format, ensuring transactions can be reliably tracked and verified.

🔸SOL -> DOGE Swap Fix !4703

Fixes an issue where certain SOL - DOGE swaps could fail due to transaction outputs falling below DOGE’s dust threshold, causing outbound transactions to be rejected. The update ensures outputs meet the required minimum value, preventing stuck transactions and improving reliability of cross-chain swaps.

🔸Solana Dust Threshold Enforcement !4664

Ensures the Solana chain scanner ignores transactions below the dust threshold, preventing low-value spam transactions from being processed. This aligns Solana behaviour with other chains and improves observation quality and network efficiency.

🔸MsgDeposit Salt for Unique TXIDs !4626

Introduces a salt mechanism to ensure unique transaction IDs for deposits generated by smart contracts. This prevents collisions where multiple transactions could previously share the same identifier, improving reliability and traceability.

🔸ZEC Fee Reporting Fix !4692

Improves Zcash fee reporting by correctly accounting for worst-case transaction scenarios and supporting additional address formats. This results in more accurate fee estimation and better reliability for ZEC swaps.

🔸ZEC Network Detection Fix !4689

Fixes an issue where Zcash network identification did not correctly recognise certain environments such as stagenet or chainnet. This improves compatibility and ensures correct behaviour across different deployment environments.

🔸ZEC Checkpoint Validation Fix !4607

Improves Zcash transaction validation by checking inputs against a local spent cache, preventing reuse of already-spent inputs during retries. This reduces failed transactions and improves reliability of outbound processing.

🔸Gaia RPC Panic Fix !4647

Fixes an issue where invalid RPC responses from Gaia could cause node crashes. The update adds defensive checks to safely handle malformed data, improving node stability.

🔸UTXO Checkpoint Validation Fix !4606

Fixes an issue where transaction inputs were validated using only the transaction ID instead of the full (txid, output) reference. This ensures only the correct unspent outputs are used, preventing invalid retries and improving reliability of UTXO-based transactions.

🔸EVM Swap Observation Fix !4604

Fixes an issue where inbound swap transactions on EVM chains could be incorrectly dropped due to Router V6 handling changes. This ensures swaps are properly observed and processed.

Swap Engine Fixes

🔸Streaming Swap Quote Fix !4695

Fixes an issue where swap quotes incorrectly defaulted to non-streaming behaviour when interval was set to zero. With the advanced swap queue enabled, quotes now automatically use streaming-optimised calculations, improving accuracy and aligning quotes with actual execution behaviour.

🔸Double Swap Scoring Fix !4645

Fixes an issue where swaps involving two pools could receive artificially high priority if the second pool was unavailable. The update ensures scoring is reset correctly, improving fairness and preventing inefficient swap execution.

🔸Rapid Swap Quote Fix (MaxSwapQuantity) !4588

Fixes incorrect handling of rapid streaming swaps where interval=0 was artificially limiting swap size. The update ensures quotes reflect actual rapid execution behaviour, improving accuracy for users and integrators.

🔸Rapid Swap Correctness & Test Backfill !4522

Fixes several rapid swap issues, including stale pool data, skipped swaps consuming execution budget, and inflated telemetry counters. The update also adds extensive test coverage, improving rapid swap reliability and execution accuracy.

🔸Swap Queue State Consistency Fix !4688

Improves the reliability of the advanced swap queue by ensuring swap state updates and pool balance changes are applied atomically. This prevents inconsistencies where swaps could partially execute without properly updating their tracking state, leading to incorrect future execution.

🔸Swap Queue Sorting Fixes (Batch) !4655

Fixes multiple issues in swap queue ordering, including inefficient sorting logic and incorrect handling of limit swaps. These changes improve execution fairness, prioritisation accuracy, and overall swap efficiency.

Memoless Enhancement

🔸Memoless Preflight Eligibility Fix !4584

Fixes incorrect restrictions on memoless swaps, allowing non-gas assets to be properly validated when supported through router-based deposits. This aligns preflight checks with actual protocol behaviour.

🔸Memoless Reference Extraction Fix !4582

Fixes incorrect reference ID extraction for certain token swaps, ensuring memoless transactions are processed correctly and not mistakenly refunded.

🔸Memo Preflight Eligibility Validation !4581

Adds early validation to the memo preflight endpoint so ineligible memoless assets are rejected with clear errors. This improves user and integrator feedback before a transaction is submitted.

API & Integrator Improvements

🔸Contract Info Query Endpoints !4691

Adds new endpoints to query smart contract data, providing a single source of truth for contract indexing and management. This improves developer experience and supports the growing App Layer ecosystem.

🔸Supply Endpoints !4666

Adds new API endpoints to expose THORChain’s token supply data, including a dedicated endpoint compatible with external platforms like CoinMarketCap. This simplifies integrations and ensures consistent, reliable supply reporting across the ecosystem.

🔸Query Schedules by Sender !4605

Adds the ability to query scheduled transactions by sender address, improving visibility and usability for applications built on top of the App Layer.

Bifrost and Signing

🔸UTXO Duplicate Observation Fix !4663

Fixes an issue where UTXO-based transactions could be re-observed multiple times due to incorrect cache handling. The update ensures observed transactions remain tracked across rescans, preventing duplicate inbound processing and improving observation reliability.

🔸EVM Outbound Approval Race Fix !4656

Fixes a race condition between token approval and outbound transaction execution in Router V6. The update ensures approvals are properly confirmed before proceeding, preventing unnecessary delays and reducing the risk of failed or rescheduled outbounds.

🔸ObservedTxQuorum Behaviour Revert !4636

Reverts a restrictive validation change that required active node authorisation for observed transactions. This restores expected behaviour and prevents valid observations from being incorrectly rejected.

🔸Noop Vault Handling Fix !4631

Fixes an issue where certain internal transactions used for vault reconciliation were being rejected due to incorrect authorisation checks. The update ensures these transactions can pass through the quorum path, preventing stuck migrations and improving vault operations.

🔸AVAX Solvency Runner Timing Fix !4624

Adjusts the solvency check frequency for AVAX to ensure the network can correctly detect when solvency is restored. This prevents situations where the chain could remain halted due to missed reporting intervals, improving recovery reliability.

🔸Signed Transaction Persistence !4595

Ensures signed transactions are stored before broadcast, preventing loss of transaction data in case of crashes or failures. This improves reliability of retries and reduces the need for re-signing.

🔸Vault Lock & RPC Safety Improvements !4596

Strengthens UTXO transaction handling by ensuring vault locks are held throughout the full sign and broadcast process. Also introduces RPC timeouts and safer concurrency handling, reducing the risk of double-spends and improving resilience during network or RPC issues.

🔸Vault Lock & RPC Safety Improvements !4596

Strengthens UTXO transaction handling by ensuring vault locks are held throughout the full sign and broadcast process. Also introduces RPC timeouts and safer concurrency handling, reducing the risk of double-spends and improving resilience during network or RPC issues.

🔸Scanner Start Height Fix !4555

Ensures Bifrost always respects the configured scanner start height, even when local scanner storage has a later recorded height. This improves control over rescanning and recovery behaviour.

Solvency & Accounting

🔸Native Pool Burn Safety Fix !4684

Fixes a critical issue where native asset funds could become orphaned during pool burns if a treasury transfer failed. The update ensures the burn process is fully atomic, meaning it will only complete if all required fund transfers succeed, preventing loss of funds.

🔸Pool & Burn Logic Fixes (Batch) !4671

Fixes multiple issues in pool management and burn logic, including incorrect pool selection, accounting inconsistencies, and edge cases in asset removal. These changes improve accuracy of pool operations and prevent incorrect state transitions during liquidity adjustments.

🔸POL & Liquidity Removal Atomicity Fix !4670

Improves liquidity removal logic by making operations atomic, ensuring that pool rebalancing and state updates either fully succeed or fully revert. This prevents inconsistencies in pool state and strengthens reliability of protocol-owned liquidity operations.

🔸POL & Handler Safety Fixes (Batch) !4661

Fixes multiple edge cases in protocol-owned liquidity and handler logic, including state leakage across iterations, safer default handling, and improved error propagation. These changes ensure more predictable behaviour and reduce risk of inconsistent state during liquidity operations.

🔸Pool & Liquidity Edge Case Fixes (Batch) !4654

Fixes several edge cases in pool and liquidity logic, improving handling of asset removal, accounting consistency, and internal state transitions. These updates reduce the risk of incorrect pool behaviour under complex scenarios.

🔸Pool & Handler Fixes (Batch) !4650

Fixes multiple issues across pool and handler logic, improving consistency, error handling, and state management. These updates help ensure correct behaviour during complex liquidity and transaction flows.

🔸Solvency Endpoint Accuracy Fix !4640

Improves solvency reporting by correctly accounting for accumulated outputs from streaming swaps and other edge cases. This ensures solvency metrics reflect real network conditions more accurately.

🔸Solvency Runner Halt Logic Fix !4625

Fixes an issue where solvency checks could be triggered prematurely when a chain halt was scheduled for a future block height. The update ensures halt conditions are only applied once the specified height is reached, aligning behaviour with the rest of the protocol and improving accuracy of solvency reporting.

🔸Pool, Liquidity & Handler Fixes (Batch) !4601

Fixes multiple edge cases across liquidity, THORName handling, and accounting logic, improving error handling, preventing incorrect state transitions, and ensuring more consistent behaviour across protocol operations.

🔸Quorum, Handler & Accounting Fixes (Batch) !4593

Fixes multiple issues in quorum handling, outbound processing, and validator operations, ensuring correct sequencing of state updates and preventing inconsistent or partially applied changes.

🔸Solvency, Limits & Yield Fixes (Batch) !4592

Improves solvency handling, iteration limits, and yield calculations, preventing incorrect reward distribution and reducing risk of excessive computation or inconsistent accounting.

🔸Solvency & Halt Logic Hardening (Batch) !4591

Strengthens insolvency detection and halt logic across multiple scenarios, ensuring that edge cases such as zero liquidity or partial vault states are correctly handled. This improves safety during stressed conditions.

🔸Trade Account Withdrawal InHash Fix !4566

Fixes an incorrect transaction ID reference in trade account withdrawals that could trigger false “missing tx out” security events and unjust vault slashing.

🔸Bond Module Accounting Fix !4574

Fixes an accounting mismatch that could occur when a node’s bond was lower than a transaction fee cost. The update caps the deduction to the actual available bond, keeping individual bond accounting aligned with module balances.

🔸Gas Correction for Reorg Transactions !4573

Adds logic to correct outbound gas accounting when transactions are re-observed after a chain reorg with different gas values. This prevents small vault insolvencies caused by incorrect gas deductions.

🔸Trade Account Withdrawal InHash Fix !4566

Fixes an incorrect transaction ID reference in trade account withdrawals that could trigger false “missing tx out” security events and unjust vault slashing.

🔸ZEC Gas Reporting & Solvency Fix !4701

Fixes inaccuracies in Zcash fee reporting and solvency calculations that could significantly overestimate available gas buffers. The update ensures fees are calculated correctly and solvency checks reflect real conditions, improving accounting accuracy and preventing hidden insolvency risks.

🔸Gaia Outbound & Insolvency Fix !4697

Fixes multiple issues that could cause failed outbound transactions and incorrect insolvency signals on Gaia. The update ensures failed transactions are properly accounted for, improves balance checks during retries, and prevents incorrect slashing due to memo inconsistencies.

🔸Errata Transaction Rollback Fix !4610

Fixes an issue where errors during errata processing could result in partial state updates without correcting fund balances. The update ensures failures fully revert, preserving consistency and preventing loss of corrective actions.

Security Hardening

🔸Max Gas Validation Across EVM Chains !4614

Extends gas limit validation to all EVM chains, ensuring outbound transactions cannot exceed safe maximum thresholds. This prevents potential abuse or misconfiguration that could lead to excessive gas usage and strengthens overall transaction safety.

🔸Donate Handler Asset Restriction !4613

Prevents non-RUNE native assets from being used in donation flows, ensuring only supported assets interact with pool accounting. This avoids inconsistencies in balance tracking and protects against incorrect fund allocation.

🔸Handler Defense-in-Depth Fixes !4580

Applies a broad set of security hardening fixes across THORChain handlers, including stronger validation, overflow checks, nil checks, error propagation, and safer accounting behaviour. This reduces edge-case risk across multiple protocol flows.

🔸Consensus Failure Crash Fix !4571

Ensures nodes exit immediately when a CometBFT consensus failure occurs, rather than appearing healthy while no longer participating correctly. This improves monitoring, alerting, and automatic recovery.

🔸Limit Swap Iteration Cap !4569

Adds a configurable cap to limit swap modification searches, preventing attackers from forcing expensive unbounded reads through bloated swap indexes.

🔸Duplicate Attestation DoS Protection !4568

Deduplicates and caps attestations across quorum handlers, preventing maliciously large duplicate attestation sets from creating unnecessary verification work.

🔸Deterministic Operational Value Fix !4565

Fixes a consensus-critical edge case where validators could calculate different operational values due to non-deterministic map ordering. This ensures consistent state across nodes and protects consensus safety.

🔸Defensive Guards & Consensus Safety Fixes (Batch) !4658

Introduces multiple safety checks across core managers, including protections against division-by-zero and invalid calculations. These changes prevent potential chain halt scenarios and improve overall consensus stability under edge-case conditions.

🔸Prevent Fund Lock on Failed Settlement !4644

Fixes a critical issue where failed swap settlements could remove retry mechanisms, causing funds to become permanently locked. The update ensures failed transactions are correctly retried, preserving fund safety and preventing stuck assets.

🔸Intent Asset Validation Guard !4619

Prevents unsupported THOR-native assets from entering the intent flow, ensuring only properly supported assets follow escrow and settlement logic. This avoids inconsistent behaviour and strengthens safety around new execution paths.

🔸Keysign Signature Validation Fix !4603

Ensures the number of collected signatures matches the expected message count during transaction signing. This prevents incomplete or invalid signing processes and strengthens transaction integrity.

🔸Full Bech32 Address for Deployer Halt Keys !4554

Updates deployer halt logic to use the full bech32 address instead of a short suffix, preventing accidental halts of unrelated deployers with similar address endings.

🔸WASM Contract Security Review Fix !4551

Documents and clarifies WASM migration behaviour following security review, ensuring halted contract code can still be intentionally migrated when needed for recovery.

🔸Huginn Security Review Fixes !4540

Addresses a broad set of security findings across handlers, managers, keepers, and WASM logic, including error propagation, nil checks, integer safety, iterator handling, atomicity, and authorisation. This strengthens protocol resilience across many edge cases.

Observations & P2P

🔸Inbound Alert Handling Fix !4643

Fixes an issue where certain inbound transactions to inactive vaults could fail to trigger alerts. This ensures operators receive accurate notifications and improves monitoring visibility.

🔸Failed Transaction Alert Rate Limiting !4600

Introduces configurable rate limits for failed transaction alerts, reducing noise from repeated failures and improving signal quality for operators.

🔸Node Gate Filter Fix !4552

Fixes a P2P gating issue where jailed nodes could be prevented from reconnecting and escaping jail. The filter now only enforces minimum bond requirements, improving recovery for affected nodes.

Testing, CI, Infra & Documentation

🔸Infrastructure Reference Updates !4651

Updates references from Nine Realms to new public infrastructure endpoints, reflecting the ongoing transition to a more distributed operational setup. This ensures documentation and integrations point to the correct services.

🔸Oracle & Swap Queue Documentation Update !4649

Improves documentation for the oracle and advanced swap queue, clarifying pricing mechanisms, supported assets, and swap behaviour. This helps developers and users better understand how the system operates.

🔸Share Calculation Optimisation !4602

Replaces a decimal-based calculation with a more efficient integer-based implementation, significantly improving performance and reducing resource usage. This makes core calculations faster and more predictable.

🔸Bifrost P2P Test Coverage Expansion !4673

Adds unit test coverage across Bifrost’s peer-to-peer layer, including communication, peer management, and connection handling. This strengthens reliability of node interactions and reduces the risk of regressions in networking logic.

🔸Health Monitoring Skill !4705

Introduces a /health command-line style tool that generates a summary of network health by aggregating key data points. It can optionally connect to local logging infrastructure to provide deeper insights, giving operators a faster way to diagnose issues and understand network state.

🔸Handler Test Coverage Expansion !4682

Adds extensive unit test coverage across core handlers, including swaps, solvency, trade accounts, and WASM contract operations. This significantly improves test coverage and reduces the risk of regressions in critical parts of the protocol.

🔸Lint & Merge Pipeline Fix !4660

Fixes issues in the linting pipeline by enforcing consistent merge train usage and ensuring full lint checks run correctly. This improves code quality control and prevents broken lint states from reaching the main branch.

🔸Bifrost Version Endpoint !4627

Adds a /version endpoint to the Bifrost health server, allowing operators to easily verify running versions and improve debugging capabilities.

🔸Aggregator Simulation Coverage !4618

Extends simulation tests to cover aggregator-based swap flows across multiple chains. This improves validation of complex swap paths and ensures correct behaviour for integrations using external liquidity sources.

🔸Aggregator Test Alignment Fix !4617

Fixes test configurations to properly validate router logic in EVM aggregator flows. This ensures critical validation paths are actually tested, improving confidence in swap execution security.

🔸Protobuf CI & Breaking Change Checks !4608

Adds new CI checks for protobuf formatting, linting, and breaking changes. This improves development safety by catching incompatible changes early and ensuring consistent API definitions.

🔸Lint Concurrency Fix !4587

Prevents multiple lint jobs from running concurrently, improving CI stability and avoiding intermittent failures.

🔸Regression Export Verification !4586

Adds checks to ensure regression test outputs are properly committed, preventing CI from passing with incomplete or inconsistent test data.

🔸Release Automation Tools !4583

Introduces scripts and documentation to streamline release processes across environments, improving operational efficiency and reducing risk during deployments.

🔸Bifrost Patch Release Docs !4576

Adds clearer documentation for Bifrost patch releases, helping operators and contributors follow the release process more consistently.

🔸OpenSSL Version Pin Update !4564

Updates OpenSSL version pins to restore Docker build compatibility after Debian package updates. This keeps simulation and CI builds working correctly.

🔸Worktree Ignore Update !4561

Adds Claude worktree directories to Git ignore rules, keeping local development files out of the repository.

🔸test-go-tss Target Fix !4544

Fixes a typo in the Go TSS test target, ensuring the correct test path runs when TSS-related changes are made.

🔸Bifrost Provider Status Endpoint !4558

Adds a /status/provider endpoint to Bifrost, showing whether each chain client uses a self-hosted node or an external provider. This improves transparency for operators and removes the need to manually declare provider information through Mimir votes.