April was one of the busiest months so far. The preparations for Hard Fork #2 and the integration of the Tailstorm protocol are the main developments this month. The team is already testing the implementation on private testnets. A lot of effort is going into the main blockchain infrastructure and improvements for the block explorer, wallets, SDKs, and NexScript.
Read more and find all the major developments recaps below. For more detailed information and comments, please visit the public Nexa GitLab repository.
Preparing for the Tailstorm
Tailstorm is improving on the traditional blockchain model by moving towards a DAG-hybrid architecture and introducing subblocks between summary blocks. The team is already testing implementation, polishing details, and preparing for the upcoming update. In the second Nexa hard fork, this innovative protocol will be integrated.
A thorough pre-activation cleanup was the bulk of April’s protocol work. A regtest reproducer was written that demonstrated a scenario where a conflicting transaction could survive and leak into the subsequent summary block. Rewriting the difficulty math for summary blocks was another big piece of work. Three further fixes were bundled by a 25-file omnibus: for summary block cumulative work, uncles now contribute correctly (so summary blocks tied on work no longer get incorrectly rejected as lighter than tip); the request manager no longer drops peers that already delivered a block; and on brand-new Tailstorm networks, startup crashes were closed.
Around those, sixteen more smaller surgical merges landed, covering reorg correctness, locks placement, GUI fixes, orphan-handling edge cases, and DAG consistency. One notable correction reversed a logic check that was rejecting valid Tailstorm proofs. On transactions that shared an ID but didn’t actually conflict, the false-positive double-spend detection was also closed.
Rostrum: Abuse Protection
A headline change in Rostrum was the four-merge cluster, which hardens the indexer against rate-limit abuse and proxy misconfigurations. The previous rate limiter was per-connection, meaning that a client who exhausted his budget could simply reconnect to get a new one. The new per-IP limiter survives reconnects and applies sensible caps on the number of tracked clients.
Behind Cloudflare or nginx, support for the PROXY-protocol and X-Forwarded-For headers was added so operators running Rostrum can rate-limit real clients’ IPs instead of seeing every request as a single proxy address. A regression in the same merge, where two header sources could conflict and let the client spoof its own IP, was caught and fixed before any release was shipped: Rostrum now refuses to start if both headers are configured at the same time.
Three hard caps that simply didn’t exist before were added: a JSON-RPC line size upper bound, a header-batch ceiling, and a history-row ceiling. The history cap closes a real memory exhaustion vector for anyone querying very high-volume addresses. Clients hitting it now receive a structured error that suggests pagination instead.
Nexa Explorer: Processes Split
The explorer runs as a single process that serves the web UI, the JSON API, and a set of background queues (NFT classification, token sync, and address analytics). Heavy worker jobs were blocking the user page requests. The two halves are now separate processes with independent memory budgets that communicate via the queue layer.
Deployment commands have changed: operators upgrading should note that running the old web entry point alone is no longer correct. The new setup’s updated deployment docs cover the bump and support recent Ubuntu and Redis versions.
Several merges hardened Redis reliability and API correctness: the block notification handler, a new queue that pre-warms the address cache on every block, and a hotfix. In response to real production out-of-memory incidents, retry-with-backoff was added to queues, and connections were consolidated to a single shared client.
Wallets and SDKs
The Hide asset details feature was added to both the spec and the Kotlin SDK, along with a new Trade and Display Protocol flag. Only the total cost of asset purchases for wallets that support the flag will be shown, hiding individual assets. Signed transactions are identical either way. Blind-pack purchases in the upcoming card game were a motivating use case, but for every wallet that is built on the SDK, the flag is now available.
In the Kotlin SDK, a 61-file bundle of small fixes has also landed. Wallet-state corruption bugs were the most consequential: if transactions were located in the first block where the good fork diverged from the wallet’s fork, a reorg could remove them. Also bundled: on non-HTTP schemes or local network addresses, URL redirect handling now refuses to follow redirects (SSRF defense); fee shortfalls now raise a proper exception instead of silently constructing a negative change output; and tightened SQL identifier validation.
NexScript
The old Merkle-root macro was retired from the language. The native opcode introduced into the node early last year had been available all along, but the macro had remained as a compatibility shim. Native opcodes are dramatically cheaper: where a macro cost roughly 60 opcodes for a thousand-element tree, a handful of opcodes do the same.
A larger in-flight effort is migrating the entire NexScript toolchain, compiler, CLI, and utility packages, from two older dependencies to the newer libnexa-ts library. On a faster modern runner, the end-to-end test suite was ported, the regtest Docker harness rebuilt, and along the way, several codegen issues were cleaned up (canonical opcode zero values are now emitted, multi-byte pushes are preserved correctly, and, for proper byte order, price-oracle message signing was corrected).
Conclusion
April was one of the most impactful development months for Nexa. The team is putting a lot of effort into the upcoming Hard Fork event with Tailstorm implementation. At the same time, there were many updates across the ecosystem, including the explorer and the Rostrum. Major goals such as Tailstorm are now closer than ever, and the next few months will reshape the main blockchain’s architecture.
If you have any questions, feedback, or suggestions, join our community forum, channels, and chat groups, and let’s get in touch. Thanks for following Nexa’s journey!