THORChain v3.18 ships with 51 merged requests, introducing important economic upgrades such as the foundations for Protocol-Owned Liquidity (POL) and the new Dynamic Fee Model (ADR-026), both designed to strengthen THORChain’s long-term liquidity and fee architecture.

Beyond the economic changes, the upgrade also prepares the foundations for future chain integrations such as Monero, TAO or DOT, while delivering a large number of fixes and infrastructure improvements focused on solvency protection, vault safety, swap execution, validator operations, and overall network stability.

1️⃣ POL & Economic Evolution

🔹 POL Reserve System Income Routing !4709

Introduces the foundations for Protocol-Owned Liquidity (POL) on THORChain.

With this upgrade, a configurable portion of THORChain’s system income can now be redirected into a dedicated POL Reserve module instead of remaining entirely passive within the protocol. The reserve can then asymmetrically deploy RUNE liquidity into selected pools based on configurable rules and pool performance.

In practice, this means THORChain can begin using part of the revenue it generates to strengthen its own liquidity layer directly. Rather than relying exclusively on external liquidity incentives, the protocol itself can progressively become a liquidity participant inside its own ecosystem.

The system includes dedicated pool selection logic, deployment rules, governance controls, new APIs, operational Mimir settings, and event tracking. Over time, this creates a framework where THORChain can accumulate productive liquidity positions, deepen strategically important pools, and capture a larger share of the economic activity happening on the network itself.

🔹 Dynamic L1 Fee Model (ADR-026) !4752

Introduces a new dynamic fee framework that allows THORChain to automatically adjust minimum L1 slip fees based on real network activity and generated revenue.

Previously, minimum L1 fees relied on relatively static configurations. With ADR-026, THORChain now gains the ability to adjust fee floors dynamically per thorname and trading pair using an on-chain feedback mechanism. The system continuously observes whether previous fee adjustments resulted in higher or lower fee generation and gradually adapts in response.

If a fee increase results in stronger revenue generation, the controller continues adjusting in the same direction. If revenue declines, the system reverses direction. These changes occur incrementally within governance-defined boundaries, allowing THORChain to adapt over time without introducing abrupt pricing behaviour.

Importantly, the model measures activity using TOR-denominated accounting instead of raw RUNE values. This prevents fee logic from being distorted by RUNE price volatility and allows the system to optimise around actual economic usage and swap flow rather than token price movements.

The upgrade also introduces governance-controlled thorname whitelisting, dedicated APIs for fee tracking, streaming swap integration, and protections against affiliate routing bypasses. The feature ships disabled by default and can later be progressively enabled through governance once tested under real market conditions.

Strategically, this represents a significant evolution for THORChain’s fee architecture. Rather than relying entirely on fixed fee assumptions, the protocol moves toward a more adaptive model capable of reacting dynamically to integrator behaviour, liquidity conditions, and real network demand.

🔹 MinSlipBps for Rujira Virtualisation Strategy !4731

Introduces a dedicated minimum slip fee model for swaps originating from the Rujira virtualisation layer.

The rujira-thorchain-swap contract is part of the Rujira app-layer architecture and is designed to virtualise THORChain base-layer liquidity inside Rujira orderbooks. This allows app-layer liquidity to arbitrage THORChain pools more efficiently while helping reduce price dislocation between the orderbook layer and the underlying AMM pools.

With this upgrade, swaps originating from the Rujira arbitrage contract can now use a dedicated configurable minimum slip fee instead of relying exclusively on the default asset-class fee configuration. This creates more stable and predictable pricing behaviour for the orderbook system, especially across different swap sizes and arbitrage conditions.

The result is tighter spreads, more accurate quoting, and more efficient arbitrage execution between the app layer and THORChain liquidity pools. By improving how liquidity interacts between the two layers, the system can capture arbitrage opportunities more effectively while helping THORChain remain competitive on swap pricing.

The update also extends fee calculation logic so different minimum slip behaviour can be applied depending on the originating contract address, introducing additional flexibility for future app-layer integrations and execution environments.

2️⃣ Reliability, Solvency & Infrastructure

Chain-Specific Reliability

🔹XMR + Substrate Chain Registration !4788

Introduces foundational support for future Monero, TAO, and DOT integrations.

The update adds shared infrastructure for Monero stealth-address parsing, SS58 support for Substrate chains, deterministic attestation handling and chain registration for XMR, TAO, and DOT

This does not yet enable full integrations but prepares the common infrastructure required for future chain support.

🔹TRON Fullnode Readiness Checks !4762

Improves reliability of TRON simulations and transaction propagation.

Previously, simulations could start even if the TRON fullnode was stale or disconnected from the network, resulting in transactions that appeared valid locally but never propagated on-chain.

🔹Solana Signer Cache Expiry !4759

Improves handling of stuck Solana outbound transactions.

Unlike EVM chains, Solana transactions expire quickly if not confirmed within a limited number of slots. Previously, expired transactions could remain cached even after becoming invalid.

The update now ignores expired cache entries when the outbound transaction cannot be found on-chain, simplifying recovery from dropped Solana transactions and improving outbound reliability.

🔹Ethereum Outbound Approval Race Fix !4758

Fixes a race condition affecting Ethereum outbound transactions.

A previous fix introduced for Router V6 approval handling was not fully mirrored into the Ethereum package, creating edge cases where outbound execution could race ahead of approval confirmation. The update aligns Ethereum handling with the intended approval flow, improving reliability for Ethereum outbounds.

🔹Zebrad Compatibility Adjustments !4737

The update adds support for Zebrad-specific error handling and integrates Zebrad into simulation testing, improving reliability for Zcash-related operations and future compatibility testing.

Swap Execution & Quote Accuracy

🔹Rapid Swap Quote Memo Fix !4783

Improves quote accuracy for rapid streaming swaps. Previously, auto-generated rapid streaming swap quotes could return memos that did not fully reflect the actual streaming parameters used during execution.

The update rebuilds the memo after automatic streaming quantities are calculated, ensuring quotes correctly reflect final swap behaviour for users and integrators.

🔹 Double Swap Queue Scoring Accuracy Fix !4780

Improves fairness and accuracy in double-swap queue ordering. Previously, the second leg of a double swap used a spot-value RUNE estimate for scoring instead of the actual emitted RUNE amount produced by the first swap leg. This could slightly inflate swap priority under certain conditions.

The update now uses the real emitted RUNE amount, aligning queue scoring with actual execution behaviour and improving deterministic swap ordering.

🔹 Lagging Node Quote Protection !4753

Improves reliability of limit order quotes on lagging nodes.

Previously, nodes that were not fully synced could still serve /quote/limit responses using stale vault addresses. The update adds the same stale-state protection already used for swap quotes, preventing outdated nodes from returning potentially invalid limit order data.

🔹Streaming Swap Initial Height Tracking !4729

Adds initial_height support to streaming swap API responses. This gives external tools such as Track the ability to display more accurate swap age information and best-effort ETA estimates for rapid streaming swaps. The update improves visibility into streaming swap execution progress for users and interfaces.

🔹Expired Limit Swap Scan Optimisation !4715

Improves performance of expired limit swap processing.

Previously, THORChain scanned large historical block ranges every block to check for expired limit swaps. With large expiration windows, this could result in millions of unnecessary storage lookups.

The update replaces the full range scan with direct expiry lookups, significantly reducing processing overhead and improving efficiency of the advanced swap queue.

Solvency, Vault & Migration Safety

🔹Retiring Vault Error Handling Fix !4707

Fixes incorrect internal error handling during retiring vault checks.

Previously, certain retiring vault validation paths could incorrectly pass nil errors into internal error wrappers, relying on implementation-specific behaviour.

The update simplifies the logic and removes unnecessary nil error wrapping, improving reliability and code safety in unbond handling flows.

🔹 Solvency Handler Clamping Fix !4805

Improves solvency handling during vault churns and migrations. Previously, the solvency clamp logic could incorrectly interpret a vault as insolvent when pending outbounds exactly matched the remaining vault balance during the final stages of a migration. This occasionally caused temporary solvency halts during churn events.

The update refines the logic so THORChain can correctly distinguish between a genuinely insolvent vault and a vault completing a valid migration flow, reducing noisy halt events and improving churn stability.

🔹 Vault Clamping Detection & Visibility !4802

Adds visibility and automated protection around vault accounting mismatches.

Previously, if an outbound observation attempted to debit more funds than a vault’s recorded balance, THORChain would silently clamp the balance to zero without surfacing the discrepancy. This could leave phantom credit in the protocol accounting.

The update now emits security events when clamping occurs and automatically triggers a solvency halt for the affected chain. This improves operator visibility and ensures future accounting divergences can no longer occur silently.

🔹 EVM Solvency Consensus Fix !4800

Fixes a consensus issue affecting solvency reporting on EVM chains.

Under certain conditions, validators could generate slightly different solvency reports due to non-deterministic ordering behaviour, preventing solvency attestations from reaching quorum.

The update removes this inconsistency, ensuring validators produce identical solvency reports and restoring reliable insolvency detection and automated recovery flows on EVM chains.

🔹 DOGE Slash Recovery Migration !4798

Introduces a dedicated migration to reverse the effects of a historical DOGE vault incident.

The upgrade restores affected pool balances and refunds impacted providers after a retiring DOGE Asgard vault accidentally double-broadcast a migration outbound transaction, triggering large validator bond slashes.

Refunds are sent directly to provider wallets, avoiding additional bond accounting inconsistencies during future churn cycles.

🔹Checkpoint Persistence & Migration Safety Fix !4791

Improves protection against migration double-spend scenarios.

The update ensures transaction checkpoints are always stored whenever available, adding an additional layer of protection against accidental duplicate outbound broadcasts during migrations.

It also removes a temporary dust-sweep workaround introduced in v3.16, simplifying migration handling and reducing unnecessary processing of dust UTXOs.

🔹Vault Solvency Missing Asset Fix !4736

Improves accuracy of vault solvency checks for chain-specific assets.

Previously, solvency checks relied on observed wallet balances, which could incorrectly treat missing assets as solvent if the asset was absent from the wallet response entirely.

The update now compares expected vault assets directly against observed balances and treats missing assets as zero, improving solvency accuracy and insolvency detection reliability.

🔹Solvency Auto-Unhalt Fix for Chain-Specific Vaults !4754

Improves solvency auto-recovery logic for chain-specific vaults.

Previously, unrelated vaults from other chains could prevent THORChain from emitting an “all-solvent” report, even when the affected chain had fully recovered.

The update now filters vault checks to the relevant chain only, ensuring solvency auto-unhalt behaviour works correctly for chain-specific incidents.

🔹Inactive Vault Outbound Rerouting !4724

Fixes stuck outbounds assigned to drained inactive vaults.

Previously, refunds or swap outbounds assigned to inactive vaults could become trapped in retry loops if the vault had already migrated all funds to active vaults.

The update now checks whether the inactive vault still holds sufficient funds. If not, the outbound is automatically rerouted to an active vault, improving reliability for refunds and outbound execution.

🔹Gas & Outbound Synchronisation Fixes (Batch) !4710

Improves synchronisation between gas calculations, txOut state, and outbound processing.

The update ensures gas rates and max gas values are only updated after successful state transitions complete, preventing inconsistencies between txOut records and voter state.

Additional error handling improvements also reduce silent failures during gas detail retrieval.

🔹Pool, Liquidity & Migration Safety Fixes (Batch) !4730

Introduces multiple safety and accounting fixes across pool operations, migrations, and swap handling.

The update improves, liquidity withdrawal accounting, pool reward ordering, migration handling, over-solvency swap flows and atomicity during reserve and pool operations.

These changes reduce the risk of inconsistent accounting during failed transfers or edge-case migration scenarios.

🔹 Ragnarok & Pool Accounting Fixes (Batch) !4728

Introduces multiple safety improvements across Ragnarok, pool rewards, liquidity withdrawals, and migrations.

The update improves operation ordering and error handling to ensure state changes only occur after successful transfers complete. This prevents phantom balances and inconsistent accounting during edge-case failures.

Additional fixes improve migration handling and transaction ID consistency across recovery flows.

🔹 TxOut & Gas Accounting Fixes (Batch) !4727

Improves consistency between outbound transactions, gas accounting, and voter state updates.

Previously, failures during gas updates could leave txOut records and voter state partially desynchronised. The update ensures gas-related state changes only occur after successful updates complete.

This improves accounting consistency and reduces risks during outbound processing.

🔹Ragnarok Atomicity & Bond Refund Improvements (Batch) !4741

Improves safety and fairness during Ragnarok flows.

The update adds atomic rollback protections across multiple Ragnarok operations, ensuring partial failures cannot leave inconsistent state changes or duplicate payouts.

It also improves bond refund distribution by refunding providers proportionally rather than relying solely on node-level accounting, creating fairer outcomes for bond providers during Ragnarok events.

🔹Slasher & Consensus Safety Fixes (Batch) !4745

Introduces multiple security and stability improvements across slashing, swap recovery, and validator handling.

The update includes improved double-sign slashing for churned-out validators, safer swap recovery handling, overflow protections, panic guards for empty coin arrays, fixes for validator signer filtering.

These changes strengthen consensus safety and improve resilience against edge-case failures.

Validator, TSS & Node Operations

🔹Validator Churn Logic Improvement !4775

Adjusts validator churn behaviour when the active validator set is still growing.

Previously, the network could churn out the lowest-bond validator even when the validator set had not yet reached its desired capacity. This created situations where recently churned-in validators could immediately rotate back out.

The update now only applies lowest-bond churn logic once the validator set is fully populated, improving validator stability during network growth.

🔹Future Observation Attestation Fix !4774

Fixes the future observation attestation flow. A previously introduced future observation flag existed in the data model but was not fully propagated through the attestation pipeline, making the feature effectively non-functional.

The update properly propagates the flag through attestation, storage, quorum handling, and observer tracking, restoring correct behaviour for future observations.

🔹Remove Dead Keysign Party Lookup Path !4773

Removes an unused and non-functional keysign party lookup path.

The previous implementation relied on an endpoint that was never fully implemented, adding unnecessary complexity to the attestation flow.

The update simplifies the logic by relying directly on active validator counts for observed transaction quorum calculations, improving maintainability and reducing dead code paths.

🔹Signer Seed Phrase RAM-Only Handling !4786

Improves validator operational security around TSS keyshare backups. Previously, signer seed phrases could be exposed on disk through environment variables in Kubernetes deployments. The update now prioritises loading the seed phrase from an in-memory tmpfs-mounted file instead. This reduces long-term secret exposure risk and strengthens validator security.

🔹 Vault Rotation Chain Divergence Guardrail !4785

Adds protection against vault rotation failures caused by inconsistent chain configurations during churn.

Under rare edge cases, vaults participating in the same keygen process could disagree on supported chain sets, resulting in broken inbound address configurations.

The update detects these divergences before rotation completes and safely retries the churn process once configurations align.

🔹P2P Init & Status API Improvements !4789

Improves peer visibility and connection handling across the P2P layer.

The update improves bootstrap peer filtering, removes misleading peer ID reporting, and adds explicit inbound/outbound connection direction visibility to the P2P status response.

This gives operators and tooling providers a more accurate picture of node connectivity.

🔹Monotonic Block Height Protection !4746

Improves reliability of Bifrost block scanning during concurrent prefetching.

Previously, slower block fetch operations could occasionally overwrite newer scanner heights when blocks completed out of order. This could impact confirmation checks, signer fallback logic, and solvency reporting.

The update introduces monotonic atomic height tracking, ensuring scanner height can never move backwards during concurrent processing.

🔹TSS Round Normalisation & Consensus Safety Fixes !4665

Introduces multiple TSS consistency and consensus-safety improvements.

The update normalises TSS round naming, improves EdDSA failure reporting, strengthens keysign validation, improves freeze counting for retiring vault members, rejects high-S secp256k1 signatures

These changes improve consistency across TSS signing flows and reduce risks of consensus divergence caused by inconsistent round handling.

Monitoring, Debugging & Events

🔹Non-Active Vault Observation Noise Fix !4781

Reduces unnecessary event noise during vault flush operations.

Previously, delayed flush observations from non-active vaults could generate misleading inbound events around upgrades and churns, creating operational noise for node operators.

The update filters these late observations more cleanly, improving monitoring visibility and reducing unnecessary alerts.

🔹Empty TOR Price Crash Fix !4738

Prevents crashes caused by empty TOR price data.

Under rare conditions, pools with extremely low liquidity could temporarily lose depth, resulting in missing TOR price information and causing crashes during event handling.

The update safely handles empty TOR price states, improving stability during low-liquidity edge cases.

🔹Skip Halted Chains on TOR Drift Alerts !4756

Prevents false positive TOR drift alerts for halted chains.

Previously, anchor pools on paused chains could still trigger drift alerts even though trading was intentionally halted.

The update now ignores halted chains during TOR drift checks, reducing operational noise and improving monitoring accuracy.

🔹Debug Skill !4751

Introduces a new AI-assisted debugging tool for operators.

Similar to the previously added /health skill, the new /tc-debug command helps analyse issues using logs and transaction data. Operators can provide a transaction ID, vault, address, or description, and the tool attempts to identify the root cause automatically.

While primarily designed as an operational support tool, it can also provide useful debugging context for investigating complex network issues more efficiently.

🔹Liquify Snapshot Updates !4747

Updates snapshot tooling and documentation for the new Liquify infrastructure setup.

The changes align scripts and documentation with the latest snapshot distribution patterns used for THORChain mainnet infrastructure, helping operators maintain smoother node synchronisation and recovery workflows.

Testing & Infrastructure Hardening

🔹Unit Test Coverage Expansion (Scheduler, Denom, Tools, App) !4683

Expands unit test coverage across multiple core components.

The update adds new tests for scheduler modules, denom handling, tooling and application routing and swagger paths.

It also includes smaller reliability improvements around schedule querying and internal test refactoring, helping improve long-term maintainability and regression protection.

🔹THORChain Core Test Coverage Expansion !4681

Adds extensive unit test coverage across core THORChain modules.

The update backfills tests for keeper logic, memo handling, migrations, aggregators and ebifrost components. This improves regression protection across critical protocol functionality and strengthens long-term development safety.

🔹 Solana, TRON & XRP Chainclient Test Expansion !4680

Expands test coverage for Solana, TRON, and XRP chain clients.

The update adds new unit tests covering:

• Solana RPC and types
• TRON RPC handling
• XRP key management and cryptography flows

This improves reliability of chain-specific integrations and reduces the risk of regressions during future upgrades.

🔹 EVM, Runners & Gaia Test Expansion !4679

Adds broad unit test coverage across EVM clients, solvency runners, and Gaia integrations.

The update includes tests for EVM smart contract handling, solvency reporting, transaction processing, gas fee handling, outbound processing and Cosmos/Gaia client behaviour.

It also improves existing solvency tests to eliminate race conditions and goroutine leaks.

🔹UTXO & Signer Cache Test Expansion !4678

Expands test coverage for UTXO chain clients and signer cache handling. The update adds extensive tests across UTXO transaction handling, signer cache behaviour, checkpoint logic, metadata storage and transaction signing flows.This improves reliability of outbound processing and recovery behaviour for UTXO-based chains.

🔹Bifrost TSS Test Expansion !4677

Adds extensive unit test coverage across Bifrost TSS components. The update includes tests for TSS signing, blame handling, ECDSA and EdDSA keygen, keysign flows and monitoring and notifier systems. This strengthens reliability of threshold signing infrastructure and reduces regression risks across TSS operations.

🔹 Bifrost Signer & PubKey Manager Test Expansion !4676

Expands unit test coverage for Bifrost signer and pubkey management components.

The update improves testing around signer flows, vault lock handling, pubkey management and metrics safety. Additional production fixes also improve signer extensibility and metric handling safety.

🔹Bifrost Core Test Expansion !4674

Adds unit test coverage across core Bifrost infrastructure. The update includes tests for block scanners, databases, metrics, observer systems. This improves reliability of node observation and chain-scanning infrastructure.

🔹Bifrost Thorclient Test Expansion !4672

Adds unit test coverage for the Bifrost thorclient layer. The update includes new tests for thorclient behaviour, endpoint handling, fixture coverage. This improves reliability of communication between Bifrost and Thornode components.

– – – – – – – – – – – – – – –
Swap now 👉 swap.thorchain.org
Official website 👉 thorchain.org

🔽 Follow THORChain 🔽
X (Twitter) / LinkedIn / Reddit / TikTok / Instagram / Facebook / Blog

🔽 Join the community 🔽
Telegram / Discord / Discord (Developers)
– – – – – – – – – – – – – – – – –