feat(nano): implement address balance in global state RFC

[msbrogli]

Motivation

Implements the RFC HathorNetwork/rfcs#108, introducing a protocol-level global address-balance map and a TransferHeader that bridges UTXO balances and this shared balance domain. See the linked RFC for the full motivation, design, and rationale.

The implementation is gated behind the TRANSFER_HEADER feature activation bit so the new transaction shape and global-state semantics only apply once the feature is active.

Acceptance Criteria

• A new TransferHeader transaction header is parseable, serializable, and included in the transaction sighash, with at most one allowed per transaction.
• TransferHeader verification enforces the RFC's structural rules (positive amounts, referenced InputAddress entries, unique (address, token) pairs on each side, no overlap between debit and credit sides, valid regular addresses, resolved token_index, script authorization).
• Transaction-level balance verification extends Hathor's per-token accounting equation to include transfer inputs as sources and transfer outputs as sinks, enabling UTXO<->global transfers, pure global-balance transfers, and caller-funded nano calls.
• Per-address replay protection via monotonic seqnums is implemented, reusing the nano-contract seqnum window constants (MAX_SEQNUM_JUMP_SIZE at block execution, MAX_SEQNUM_DIFF_MEMPOOL in the mempool).
• Block execution atomically applies transfer-header debits/credits and seqnum updates alongside nano-contract state changes, with rollback on failure; the block executor's topological sorter respects address-seqnum ordering.
• Global address balances and seqnums are persisted in the same patricia-trie structure used for nano-contract state, exposed through block_storage APIs (get_address_balance, get_address_seqnum).
• Nano-contract blueprint-facing syscalls get_address_balance, get_address_balance_before_current_call, and transfer_to_address are available, with transfer_to_address rejecting contract IDs and raising on insufficient treasury balance.
• When a transaction carries both TransferHeader and NanoHeader with non-empty transfer inputs, only the caller address may be debited and all TxTransferInputs must reference address_index = 0.
• GET /thin_wallet/address_balance returns the address's global balances per token and current global seqnum alongside the existing UTXO-derived tokens_data.
• The feature is behind the TRANSFER_HEADER feature-activation bit.

Checklist

• If you are requesting a merge into master, confirm this code is production-ready and can be included in future releases as soon as it gets merged
• RFC Address balance in global state RFC rfcs#108 is merged

[github-actions]

Bencher Report

Branch	feat/nano-address-balance
Testbed	ubuntu-22.04

🚨 1 Alert

Benchmark	Measure Units	View	Benchmark Result (Result Δ%)	Lower Boundary (Limit %)
sync-v2 (up to 20000 blocks)	Latency minutes (m)	📈 plot 🚷 threshold 🚨 alert (🔔)	1.37 m (-19.74%) Baseline: 1.70 m	1.53 m (112.14%)

Click to view all benchmark results

Benchmark	Latency	Benchmark Result minutes (m) (Result Δ%)	Lower Boundary minutes (m) (Limit %)	Upper Boundary minutes (m) (Limit %)
sync-v2 (up to 20000 blocks)	📈 view plot 🚷 view threshold 🚨 view alert (🔔)	1.37 m (-19.74%) Baseline: 1.70 m	1.53 m (112.14%)	2.04 m (66.88%)

🐰 View full continuous benchmarking report in Bencher

[codecov]

Codecov Report

❌ Patch coverage is 82.76836% with 61 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.15%. Comparing base (5b9ebbe) to head (f0cff82).
⚠️ Report is 5 commits behind head on master.

Files with missing lines	Patch %	Lines
hathor/verification/transfer_header_verifier.py	73.52%	9 Missing and 9 partials ⚠️
hathor/consensus/consensus.py	11.11%	7 Missing and 1 partial ⚠️
hathor/dag_builder/vertex_exporter.py	84.09%	5 Missing and 2 partials ⚠️
hathor/transaction/vertex_parser/_headers.py	64.70%	4 Missing and 2 partials ⚠️
...thor/transaction/vertex_parser/_transfer_header.py	87.75%	3 Missing and 3 partials ⚠️
hathor/dag_builder/builder.py	75.00%	2 Missing and 2 partials ⚠️
hathor/nanocontracts/execution/block_executor.py	90.24%	2 Missing and 2 partials ⚠️
hathor/nanocontracts/runner/runner.py	66.66%	2 Missing and 2 partials ⚠️
hathor/transaction/transaction.py	85.71%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1431      +/-   ##
==========================================
- Coverage   85.25%   85.15%   -0.11%     
==========================================
  Files         464      467       +3     
  Lines       30439    30778     +339     
  Branches     4612     4675      +63     
==========================================
+ Hits        25951    26209     +258     
- Misses       3601     3657      +56     
- Partials      887      912      +25     

Flag	Coverage Δ
test-lib	85.15% <82.76%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[msbrogli]

Yes! Transfer to contracts should be made exclusively by deposits.

[jansegre]

Fixed.

[msbrogli]

Maybe rename TokenProxy to RestrictedBlockProxy?

[jansegre]

Done.

[msbrogli]

Missing docstring.

[jansegre]

Added docstring.

[msbrogli]

Shouldn't we assert that address is an actual address (never a contract id)?

[jansegre]

Yes. Done.

[msbrogli]

What about the token id?

[jansegre]

Done. I've added support for the storing arbitrary tokens in the global address balance from the contracts.

[msbrogli]

Make sure it works properly for P2SH.

[jansegre]

Done. I've added some tests.

[msbrogli]

Should we allow an input and an output of the same token? I guess not.

[msbrogli]

I just checked the verifier and it is not allowed. How's this test passing? Are they using different addresses?

[msbrogli]

Missing test adding to the mempool with an output greater than the available balance.

[msbrogli]

Missing test where the execution with transfer headers is successful. Actually, at least three tests, one with transfer headers, another with a contract transfer, and, finally, another with transfer headers and contract transfer.

[jansegre]

I've added those 3 success tests.

[msbrogli]

Missing test where the execution fails (but not because of the transfer). In this case, the transfer should not be persisted. Another test where the execution fails because of the transfer (low balance). In this case, the transfer should be persisted as well.

[jansegre]

I've added execution fail tests. Do you mean "the transfer should not be persisted as well"? A transfer that tries to move more than the available balance should fail without affecting the balance, no?

[jansegre]

Replaced by this sequence:

• feat(nano): add global address-balance state and syscalls #1652
• feat(nano): add transfer header format and validation #1653
• feat(nano): execute standalone transfer headers #1654
• feat(nano): compose transfer headers with nano execution #1655
• feat(api): expose global address balances in thin wallet #1656