From 78597d1f6bba04fbbe77940595061dfb1f7a11c8 Mon Sep 17 00:00:00 2001 From: memosr Date: Sun, 14 Jun 2026 22:42:27 +0300 Subject: [PATCH 1/4] docs: clarify Arc Testnet chain ID is 5042002, not 1516 Add a Networks section to the README documenting Arc's official chain IDs and the correct wallet configuration for Arc Testnet, with a prominent note that the incorrectly-circulated value 1516 is wrong. Fixes #94 --- README.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/README.md b/README.md index 98318c4..75018aa 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,39 @@ Arc is an open EVM-compatible layer 1 built on [Malachite](https://github.com/ci - 🗳️ **[Consensus](crates/malachite-app/README.md)** - Consensus binary and configuration - More: see Arc [developer docs](https://docs.arc.network/arc/concepts/welcome-to-arc) for guides, APIs, and specs +## Networks + +Arc's official chain IDs: + +| Network | Chain ID | Hex | +| ------- | --------- | ---------- | +| Mainnet | `5042` | `0x13b2` | +| Testnet | `5042002` | `0x4cef52` | +| Devnet | `5042001` | `0x4cef51` | + +To connect a wallet to Arc Testnet: + +| Parameter | Value | +| --------------- | ------------------------------- | +| Network name | Arc Testnet | +| Chain ID | `5042002` (`0x4cef52`) | +| RPC URL | https://rpc.testnet.arc.network | +| Currency symbol | USDC | +| Block explorer | https://testnet.arcscan.app | + +> [!IMPORTANT] +> Arc Testnet's chain ID is **`5042002`** (`0x4cef52`). Some third-party chain +> registries and older community guides incorrectly list `1516` — that value is +> **wrong** and will cause wallet connection failures. You can verify the chain +> ID returned by a node directly: +> +> ```bash +> curl -X POST https://rpc.testnet.arc.network \ +> -H "Content-Type: application/json" \ +> -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' +> # {"result":"0x4cef52"} = 5042002 +> ``` + ## Install and Run a Node ### Install From 364e7610829d5ee6ffeaaedb41f72f7118db72a1 Mon Sep 17 00:00:00 2001 From: memosr Date: Sun, 14 Jun 2026 22:55:26 +0300 Subject: [PATCH 2/4] docs: note canonical explorer/docs URLs and flag dead ones Document that testnet.arcscan.app and docs.arc.network are the canonical Arc Testnet explorer and docs, and that the dead explorer.testnet.arc.network, explorer.arc.io, and docs.arc.io URLs should not be used. Fixes #81 --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 75018aa..457de99 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,13 @@ To connect a wallet to Arc Testnet: > # {"result":"0x4cef52"} = 5042002 > ``` +> [!NOTE] +> The canonical Arc Testnet block explorer is **https://testnet.arcscan.app** and +> documentation lives at **https://docs.arc.network**. Older explorer URLs such as +> `explorer.testnet.arc.network`, `explorer.arc.io`, and `docs.arc.io` are dead +> (unreachable, login-gated, or 404) — do not use them in wallet `blockExplorerUrls` +> configs or transaction links. + ## Install and Run a Node ### Install From 8f7e9aeeda4cb39126ed64472feb0aaf573fecf2 Mon Sep 17 00:00:00 2001 From: memosr Date: Mon, 15 Jun 2026 09:56:58 +0300 Subject: [PATCH 3/4] =?UTF-8?q?docs:=20correct=20explorer=20note=20?= =?UTF-8?q?=E2=80=94=20drop=20inaccurate=20docs.arc.io=20dead-link=20claim?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit docs.arc.io is the live canonical docs host (docs.arc.network 301-redirects to it), so it does not belong in the dead-URL list. Keep the note focused on the block explorer: testnet.arcscan.app is canonical; explorer.testnet.arc.network (unreachable) and explorer.arc.io (team-login-gated) are not publicly usable. --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 457de99..1b6b2c6 100644 --- a/README.md +++ b/README.md @@ -65,11 +65,10 @@ To connect a wallet to Arc Testnet: > ``` > [!NOTE] -> The canonical Arc Testnet block explorer is **https://testnet.arcscan.app** and -> documentation lives at **https://docs.arc.network**. Older explorer URLs such as -> `explorer.testnet.arc.network`, `explorer.arc.io`, and `docs.arc.io` are dead -> (unreachable, login-gated, or 404) — do not use them in wallet `blockExplorerUrls` -> configs or transaction links. +> The canonical Arc Testnet block explorer is **https://testnet.arcscan.app**. Other +> explorer URLs that circulate in older guides — `explorer.testnet.arc.network` +> (unreachable) and `explorer.arc.io` (team-login-gated) — are not publicly usable; +> don't put them in wallet `blockExplorerUrls` configs or transaction links. ## Install and Run a Node From f5fa39c33fad3e5ac43abe7a0b65592bbf89aa22 Mon Sep 17 00:00:00 2001 From: memosr Date: Sat, 4 Jul 2026 09:56:54 +0300 Subject: [PATCH 4/4] fix: saturate Fin sequence arithmetic in proposal-part streaming MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A Fin stream message carries an unvalidated u64 `sequence` straight off the wire. `StreamState::insert` computed the stream's expected message count as `msg.sequence as usize + 1`, which a malicious peer could drive to overflow by sending `sequence = u64::MAX`: a panic under debug-assertions and a wrap-to-zero in release builds. Release builds happened to stay safe because the subsequent `buffer.len() == expected_messages` check never matches a wrapped-to-zero target, so the stream is left incomplete and later evicted. But the guarantee rested on wrapping behaviour rather than intent, and the accompanying comment justified the arithmetic with a false invariant: `expected_messages` is assigned from the unbounded `msg.sequence`, not from the bounded `message_count`. Use `saturating_add(1)` so the worst case is `usize::MAX` — an unreachable completion target the stream is evicted for — instead of a panic or a silent wrap. Comment corrected to describe the real bound. Co-Authored-By: Claude Opus 4.8 --- crates/malachite-app/src/streaming.rs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/crates/malachite-app/src/streaming.rs b/crates/malachite-app/src/streaming.rs index 56f1bf5..4ec45be 100644 --- a/crates/malachite-app/src/streaming.rs +++ b/crates/malachite-app/src/streaming.rs @@ -280,11 +280,16 @@ impl StreamState { // If we have received the fin message, we can determine when we will be done. // We are done if we have already received all messages from 0 to fin.sequence, // included. That is to say, if we have received `fin.sequence + 1` messages. - // Sequence is a u64 protocol field; on 64-bit targets usize == u64. - // The +1 cannot overflow because MAX_MESSAGES_PER_STREAM << u64::MAX. - #[allow(clippy::cast_possible_truncation, clippy::arithmetic_side_effects)] + // + // `msg.sequence` is an unvalidated u64 straight off the wire, so a + // malicious peer can set it to `u64::MAX`. `as usize + 1` would then + // overflow: panic under debug-assertions, wrap to 0 in release. Use a + // saturating add so the worst case is `usize::MAX` (an unreachable + // completion target the stream is later evicted for), never a panic + // or a spurious wrap-to-zero. + #[allow(clippy::cast_possible_truncation)] { - self.expected_messages = msg.sequence as usize + 1; + self.expected_messages = (msg.sequence as usize).saturating_add(1); } }