From 4036f03f87c2d73ae6849138b95bae0825746f2a Mon Sep 17 00:00:00 2001
From: 317787106 <317787106@qq.com>
Date: Sun, 10 May 2026 16:09:36 +0800
Subject: [PATCH 1/5] fix(config): fix the issue where --es fails to start
 (#6757)

* fix(config): remove redundant JSON-RPC config fields and consolidate parameter binding

Remove maxBlockFilterNum, maxAddressSize, and maxRequestTimeout from NodeConfig/CommonParameter
since they were superseded by the jsonRpcMaxBatchSize/jsonRpcMaxResponseSize parameters.
Consolidate the config binding path so all JSON-RPC size limits flow through a single
reference.conf entry, and clean up stale test-config fixtures.

* fix bug of NodeConfigTest

* remove allowShieldedTransactionApi from reference.conf

* add testcase of external.ip is null

* change comment

* fix the bug of --es and 7 failed testcases
---
 .../java/org/tron/core/config/args/Args.java  | 40 +++++++++++--------
 .../tron/core/net/peer/PeerConnection.java    |  3 +-
 .../org/tron/core/config/args/ArgsTest.java   | 18 +++++++++
 .../ChainInventoryMsgHandlerTest.java         | 14 +++++++
 4 files changed, 57 insertions(+), 18 deletions(-)

diff --git a/framework/src/main/java/org/tron/core/config/args/Args.java b/framework/src/main/java/org/tron/core/config/args/Args.java
index 2d6660f9a6a..7cc1c5b870b 100644
--- a/framework/src/main/java/org/tron/core/config/args/Args.java
+++ b/framework/src/main/java/org/tron/core/config/args/Args.java
@@ -167,16 +167,19 @@ public static void setParam(final String[] args, final String confFileName) {
         ? cmd.shellConfFileName : confFileName;
     Config config = Configuration.getByFileName(configFilePath);
 
-    // 2. Config overrides defaults
+    // 2. Config overrides defaults (event config bean is read here but not yet applied)
     applyConfigParams(config);
 
-    // 3. CLI overrides Config (highest priority)
+    // 3. CLI overrides Config (highest priority, including --es → eventSubscribe)
     applyCLIParams(cmd, jc);
 
-    // 4. Apply platform constraints (e.g. ARM64 forces RocksDB)
+    // 4. Apply event config after CLI
+    applyEventConfig(eventConfig);
+
+    // 5. Apply platform constraints (e.g. ARM64 forces RocksDB)
     applyPlatformConstraints();
 
-    // 5. Init witness (depends on CLI witness flag)
+    // 6. Init witness (depends on CLI witness flag)
     initLocalWitnesses(config, cmd);
   }
 
@@ -217,7 +220,7 @@ private static void applyStorageConfig(StorageConfig sc) {
     PARAMETER.storage.setIndexSwitch(
         org.apache.commons.lang3.StringUtils.isNotEmpty(indexSwitch) ? indexSwitch : "on");
     PARAMETER.storage.setTransactionHistorySwitch(sc.getTransHistory().getSwitch());
-    // contractParse is set in applyEventConfig — it belongs to event.subscribe domain
+    // contractParse is set in applyConfigParams alongside event config, not here
     PARAMETER.storage.setCheckpointVersion(sc.getCheckpoint().getVersion());
     PARAMETER.storage.setCheckpointSync(sc.getCheckpoint().isSync());
 
@@ -343,21 +346,21 @@ private static void applyRateLimiterConfig(RateLimiterConfig rl) {
     PARAMETER.rateLimiterInitialization = initialization;
   }
 
+  /**
+   * Package-private entry point only for tests
+   */
+  static void applyEventConfig() {
+    applyEventConfig(eventConfig);
+  }
+
   /**
    * Bridge EventConfig bean values to CommonParameter fields.
    * Converts EventConfig (raw bean) into EventPluginConfig and FilterQuery (business objects).
    */
   private static void applyEventConfig(EventConfig ec) {
-    PARAMETER.eventSubscribe = ec.isEnable();
-    // contractParse belongs to event.subscribe but Storage object holds it
-    PARAMETER.storage.setContractParseSwitch(ec.isContractParse());
-
-    // PARAMETER.eventPluginConfig and PARAMETER.eventFilter are only consumed by
-    // Manager.startEventSubscribing(), which itself is gated by isEventSubscribe()
-    // (= ec.isEnable()) at Manager.java:564. When subscribe is disabled, building
-    // these objects has no observable effect — skip both early so PARAMETER stays
-    // consistent with the runtime intent.
-    if (!ec.isEnable()) {
+    // cmd parameter has higher priority
+    PARAMETER.eventSubscribe = PARAMETER.eventSubscribe || ec.isEnable();
+    if (!PARAMETER.eventSubscribe) {
       return;
     }
 
@@ -770,9 +773,12 @@ public static void applyConfigParams(
 
     // node.shutdown — handled in applyNodeConfig
 
-    // Event config: bind from config.conf "event.subscribe" section
+    // Event config: read bean here; applyEventConfig() is called once in setParam()
+    // after applyCLIParams() so that --es is already reflected in eventSubscribe.
     eventConfig = EventConfig.fromConfig(config);
-    applyEventConfig(eventConfig);
+    // contractParse is event-domain but must be set from config before CLI can
+    // override it with --contract-parse-enable (which runs in applyCLIParams).
+    PARAMETER.storage.setContractParseSwitch(eventConfig.isContractParse());
 
     logConfig();
   }
diff --git a/framework/src/main/java/org/tron/core/net/peer/PeerConnection.java b/framework/src/main/java/org/tron/core/net/peer/PeerConnection.java
index 8d7818d1608..7d7457cf2fc 100644
--- a/framework/src/main/java/org/tron/core/net/peer/PeerConnection.java
+++ b/framework/src/main/java/org/tron/core/net/peer/PeerConnection.java
@@ -170,7 +170,8 @@ public class PeerConnection {
 
   public void setChannel(Channel channel) {
     this.channel = channel;
-    if (relayNodes.stream().anyMatch(n -> n.getAddress().equals(channel.getInetAddress()))) {
+    if (relayNodes != null
+        && relayNodes.stream().anyMatch(n -> n.getAddress().equals(channel.getInetAddress()))) {
       this.isRelayPeer = true;
     }
     this.nodeStatistics = TronStatsManager.getNodeStatistics(channel.getInetAddress());
diff --git a/framework/src/test/java/org/tron/core/config/args/ArgsTest.java b/framework/src/test/java/org/tron/core/config/args/ArgsTest.java
index 4b6b7ad0a7a..3ae5677fbda 100644
--- a/framework/src/test/java/org/tron/core/config/args/ArgsTest.java
+++ b/framework/src/test/java/org/tron/core/config/args/ArgsTest.java
@@ -344,6 +344,21 @@ public void testCliEsOverridesConfig() {
     Args.clearParam();
   }
 
+  /**
+   * Regression: when --es is the sole source of event.subscribe.enable=true
+   * (config has it disabled), eventPluginConfig must be built.
+   * Previously applyEventConfig() ran before applyCLIParams() and returned
+   * early (both flags false), leaving eventPluginConfig=null; Manager then
+   * called EventPluginLoader.start(null) and threw "Failed to load eventPlugin."
+   */
+  @Test
+  public void testCliEsBuildsEventPluginConfig() {
+    Args.setParam(new String[] {"--es"}, TestConstants.TEST_CONF);
+    Assert.assertTrue(Args.getInstance().isEventSubscribe());
+    Assert.assertNotNull(Args.getInstance().getEventPluginConfig());
+    Args.clearParam();
+  }
+
   /**
    * Verify that config file storage values are applied when no CLI override is present.
    *
@@ -454,6 +469,7 @@ public void testEventConfigDisabledSkipsEpcAndFilter() {
     Config config = ConfigFactory.parseMap(override)
         .withFallback(ConfigFactory.defaultReference());
     Args.applyConfigParams(config);
+    Args.applyEventConfig();
     Assert.assertNull(Args.getInstance().getEventPluginConfig());
     Assert.assertNull(Args.getInstance().getEventFilter());
     Args.clearParam();
@@ -467,6 +483,7 @@ public void testEventConfigEnabledBuildsEpcAndFilter() {
     Config config = ConfigFactory.parseMap(override)
         .withFallback(ConfigFactory.defaultReference());
     Args.applyConfigParams(config);
+    Args.applyEventConfig();
     Assert.assertNotNull(Args.getInstance().getEventPluginConfig());
     Assert.assertNotNull(Args.getInstance().getEventFilter());
     Args.clearParam();
@@ -481,6 +498,7 @@ public void testEventConfigEnabledWithInvalidFromBlockLeavesFilterNull() {
     Config config = ConfigFactory.parseMap(override)
         .withFallback(ConfigFactory.defaultReference());
     Args.applyConfigParams(config);
+    Args.applyEventConfig();
     // epc still built; filter rejected
     Assert.assertNotNull(Args.getInstance().getEventPluginConfig());
     Assert.assertNull(Args.getInstance().getEventFilter());
diff --git a/framework/src/test/java/org/tron/core/net/messagehandler/ChainInventoryMsgHandlerTest.java b/framework/src/test/java/org/tron/core/net/messagehandler/ChainInventoryMsgHandlerTest.java
index dab76cfcb46..56853c3dbb7 100644
--- a/framework/src/test/java/org/tron/core/net/messagehandler/ChainInventoryMsgHandlerTest.java
+++ b/framework/src/test/java/org/tron/core/net/messagehandler/ChainInventoryMsgHandlerTest.java
@@ -3,11 +3,15 @@
 import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
+import org.junit.AfterClass;
 import org.junit.Assert;
+import org.junit.BeforeClass;
 import org.junit.Test;
+import org.tron.common.TestConstants;
 import org.tron.common.utils.Pair;
 import org.tron.core.capsule.BlockCapsule.BlockId;
 import org.tron.core.config.Parameter.NetConstants;
+import org.tron.core.config.args.Args;
 import org.tron.core.exception.P2pException;
 import org.tron.core.net.message.keepalive.PingMessage;
 import org.tron.core.net.message.sync.ChainInventoryMessage;
@@ -15,6 +19,16 @@
 
 public class ChainInventoryMsgHandlerTest {
 
+  @BeforeClass
+  public static void init() {
+    Args.setParam(new String[]{}, TestConstants.TEST_CONF);
+  }
+
+  @AfterClass
+  public static void destroy() {
+    Args.clearParam();
+  }
+
   private ChainInventoryMsgHandler handler = new ChainInventoryMsgHandler();
   private PeerConnection peer = new PeerConnection();
   private ChainInventoryMessage msg = new ChainInventoryMessage(new ArrayList<>(), 0L);

From 0a26d23ef31380f29c20abb36487b2d27674f528 Mon Sep 17 00:00:00 2001
From: 317787106 <317787106@qq.com>
Date: Sun, 10 May 2026 20:46:03 +0800
Subject: [PATCH 2/5] restore useNativeQueue to false default (#6759)

---
 common/src/main/java/org/tron/core/config/args/EventConfig.java | 2 +-
 common/src/main/resources/reference.conf                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/src/main/java/org/tron/core/config/args/EventConfig.java b/common/src/main/java/org/tron/core/config/args/EventConfig.java
index ac1731de2dc..43707956845 100644
--- a/common/src/main/java/org/tron/core/config/args/EventConfig.java
+++ b/common/src/main/java/org/tron/core/config/args/EventConfig.java
@@ -43,7 +43,7 @@ public class EventConfig {
   @Getter
   @Setter
   public static class NativeConfig {
-    private boolean useNativeQueue = true;
+    private boolean useNativeQueue = false;
     private int bindport = 5555;
     private int sendqueuelength = 1000;
   }
diff --git a/common/src/main/resources/reference.conf b/common/src/main/resources/reference.conf
index 688e1590788..1e68da051e0 100644
--- a/common/src/main/resources/reference.conf
+++ b/common/src/main/resources/reference.conf
@@ -758,7 +758,7 @@ event.subscribe = {
   enable = false
 
   native = {
-    useNativeQueue = true
+    useNativeQueue = false
     bindport = 5555
     sendqueuelength = 1000
   }

From 9d28fa79ebcd445e22f14b600587a1caba5ace77 Mon Sep 17 00:00:00 2001
From: halibobo1205 <82020050+halibobo1205@users.noreply.github.com>
Date: Mon, 11 May 2026 16:33:00 +0800
Subject: [PATCH 3/5] fix(event): reject incompatible event-plugin versions
 below 3.0.0 (#6760)

Pre-3.0.0(The previous event-plugin public release is 2.2.0)
event-plugin builds still link against com.alibaba.fastjson, which
was removed from java-tron in #6701. When such a plugin is loaded, the
NoClassDefFoundError surfaces inside the plugin's own worker thread and is
swallowed by its catch(Throwable) handler. The node keeps running while
silently dropping every trigger, leaving operators with no signal that the
event subscription is broken.

Enforce a minimum Plugin-Version at startup in EventPluginLoader.startPlugin
using pf4j's VersionManager (semver). When the descriptor version is below
3.0.0, log a clear upgrade hint and return false; the existing call chain in
Manager.startEventSubscribing wraps that into TronError(EVENT_SUBSCRIBE_INIT)
and aborts node startup instead of silently degrading.
---
 .../common/logsfilter/EventPluginLoader.java  | 32 +++++++++++++++++++
 .../common/logsfilter/EventLoaderTest.java    | 31 ++++++++++++++++++
 2 files changed, 63 insertions(+)

diff --git a/framework/src/main/java/org/tron/common/logsfilter/EventPluginLoader.java b/framework/src/main/java/org/tron/common/logsfilter/EventPluginLoader.java
index 7061b2e9d57..c0b7afd6779 100644
--- a/framework/src/main/java/org/tron/common/logsfilter/EventPluginLoader.java
+++ b/framework/src/main/java/org/tron/common/logsfilter/EventPluginLoader.java
@@ -3,6 +3,7 @@
 import com.beust.jcommander.internal.Sets;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.base.Strings;
 import java.io.File;
 import java.util.HashSet;
 import java.util.List;
@@ -14,8 +15,10 @@
 import org.bouncycastle.util.encoders.Hex;
 import org.pf4j.CompoundPluginDescriptorFinder;
 import org.pf4j.DefaultPluginManager;
+import org.pf4j.DefaultVersionManager;
 import org.pf4j.ManifestPluginDescriptorFinder;
 import org.pf4j.PluginManager;
+import org.pf4j.VersionManager;
 import org.springframework.util.StringUtils;
 import org.tron.common.logsfilter.nativequeue.NativeMessageQueue;
 import org.tron.common.logsfilter.trigger.BlockLogTrigger;
@@ -29,6 +32,16 @@
 @Slf4j
 public class EventPluginLoader {
 
+  /**
+   * Minimum event-plugin Plugin-Version compatible with this node. Bumped to 3.0.0 to
+   * reject pre-fastjson-removal builds whose worker threads would fail with
+   * NoClassDefFoundError on com.alibaba.fastjson at runtime. The previous event-plugin
+   * release is 2.2.0, so 3.0.0 is the first version that ships the Jackson replacement.
+   */
+  static final String MIN_PLUGIN_VERSION = "3.0.0";
+
+  private static final VersionManager VERSION_MANAGER = new DefaultVersionManager();
+
   private static EventPluginLoader instance;
 
   private long MAX_PENDING_SIZE = 50000;
@@ -457,6 +470,10 @@ protected CompoundPluginDescriptorFinder createPluginDescriptorFinder() {
       return false;
     }
 
+    if (!isPluginVersionSupported(pluginManager, pluginId)) {
+      return false;
+    }
+
     pluginManager.startPlugins();
 
     eventListeners = pluginManager.getExtensions(IPluginEventListener.class);
@@ -471,6 +488,21 @@ protected CompoundPluginDescriptorFinder createPluginDescriptorFinder() {
     return true;
   }
 
+  static boolean isPluginVersionSupported(PluginManager pm, String pluginId) {
+    String pluginVersion = pm.getPlugin(pluginId).getDescriptor().getVersion();
+    if (Strings.isNullOrEmpty(pluginVersion)) {
+      return false;
+    }
+    boolean isSupported = VERSION_MANAGER.compareVersions(pluginVersion, MIN_PLUGIN_VERSION) >= 0;
+
+    if (!isSupported) {
+      logger.error(
+          "event-plugin '{}' version {} is older than required {}, please upgrade event-plugin",
+          pluginId, pluginVersion, MIN_PLUGIN_VERSION);
+    }
+    return isSupported;
+  }
+
   public void stopPlugin() {
     if (Objects.nonNull(pluginManager)) {
       pluginManager.stopPlugins();
diff --git a/framework/src/test/java/org/tron/common/logsfilter/EventLoaderTest.java b/framework/src/test/java/org/tron/common/logsfilter/EventLoaderTest.java
index 1e5268ddeb6..958af4f7b7b 100644
--- a/framework/src/test/java/org/tron/common/logsfilter/EventLoaderTest.java
+++ b/framework/src/test/java/org/tron/common/logsfilter/EventLoaderTest.java
@@ -3,11 +3,16 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import java.util.ArrayList;
 import java.util.List;
 import org.junit.Assert;
 import org.junit.Test;
+import org.pf4j.PluginDescriptor;
+import org.pf4j.PluginManager;
+import org.pf4j.PluginWrapper;
 import org.tron.common.logsfilter.trigger.BlockLogTrigger;
 import org.tron.common.logsfilter.trigger.TransactionLogTrigger;
 
@@ -48,6 +53,32 @@ public void launchNativeQueue() {
     EventPluginLoader.getInstance().stopPlugin();
   }
 
+  @Test
+  public void testIsPluginVersionSupported() {
+    assertEquals("3.0.0", EventPluginLoader.MIN_PLUGIN_VERSION);
+    // last releases before fastjson removal — must be rejected
+    assertFalse(checkVersion("1.0.0"));
+    assertFalse(checkVersion("2.2.0"));
+    assertFalse(checkVersion("2.9.9"));
+    // 3.0.0 onward — must be accepted
+    assertTrue(checkVersion("3.0.0"));
+    assertTrue(checkVersion("3.1.5"));
+    assertTrue(checkVersion("10.0.0"));
+    // empty/null version — reject
+    assertFalse(checkVersion(""));
+    assertFalse(checkVersion(null));
+  }
+
+  private static boolean checkVersion(String version) {
+    PluginManager pm = mock(PluginManager.class);
+    PluginWrapper wrapper = mock(PluginWrapper.class);
+    PluginDescriptor desc = mock(PluginDescriptor.class);
+    when(pm.getPlugin("test")).thenReturn(wrapper);
+    when(wrapper.getDescriptor()).thenReturn(desc);
+    when(desc.getVersion()).thenReturn(version);
+    return EventPluginLoader.isPluginVersionSupported(pm, "test");
+  }
+
   @Test
   public void testBlockLogTrigger() {
     BlockLogTrigger blt = new BlockLogTrigger();

From 5f7eeca0771536bccdd706fa2612454e8ae5eba8 Mon Sep 17 00:00:00 2001
From: xxo1_shine <wb_bupt@163.com>
Date: Tue, 12 May 2026 16:38:41 +0800
Subject: [PATCH 4/5] feat(ratelimiter): add configurable blocking mode for API
 rate limiters (#6761)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add `rate.limiter.apiNonBlocking` switch (default false). When off, callers wait for a permit; when on, they reject immediately and shed load.
- Wire the switch through `RateLimiterConfig` → `Args` → `CommonParameter`; update `reference.conf` / `config.conf`.
- Add blocking `acquire()` paths on `IRateLimiter`, `GlobalRateLimiter`, and `QpsStrategy` / `IPQpsStrategy` / `GlobalPreemptibleStrategy`. Only the semaphore-based strategy is bounded (2s); the QPS-based paths use unbounded Guava `RateLimiter.acquire()`.
- Introduce `acquirePermit()` dispatcher (default method on `IRateLimiter`; static on `GlobalRateLimiter`) that picks blocking vs non-blocking based on the switch.
- Swap `tryAcquire` → `acquirePermit` at the `RateLimiterServlet` and `RateLimiterInterceptor` call sites; preserve per-endpoint-before-global ordering to avoid consuming global quota on per-endpoint rejection.
- Extract `loadIpLimiter()` in `GlobalRateLimiter` and `loadLimiter()` in `IPQpsStrategy` to share cache+exception handling between `tryAcquire` and `acquire`.
- Add unit tests covering dispatcher routing (both directions), acquire IP-before-global ordering, and IP-loader-failure fail-closed behaviour.
---
 .../common/parameter/CommonParameter.java     |   3 +
 .../core/config/args/RateLimiterConfig.java   |   1 +
 common/src/main/resources/reference.conf      |   1 +
 .../config/args/RateLimiterConfigTest.java    |   6 +-
 .../java/org/tron/core/config/args/Args.java  |   1 +
 .../services/http/RateLimiterServlet.java     |   7 +-
 .../ratelimiter/GlobalRateLimiter.java        |  42 +++++--
 .../ratelimiter/RateLimiterInterceptor.java   |   7 +-
 .../adapter/DefaultBaseQqsAdapter.java        |   5 +
 .../adapter/GlobalPreemptibleAdapter.java     |   4 +
 .../adapter/IPQPSRateLimiterAdapter.java      |   5 +
 .../ratelimiter/adapter/IRateLimiter.java     |   8 ++
 .../adapter/QpsRateLimiterAdapter.java        |   5 +
 .../strategy/GlobalPreemptibleStrategy.java   |  24 +++-
 .../ratelimiter/strategy/IPQpsStrategy.java   |  20 +++-
 .../ratelimiter/strategy/QpsStrategy.java     |   5 +
 framework/src/main/resources/config.conf      |   5 +-
 .../services/http/RateLimiterServletTest.java |  22 ++--
 .../ratelimiter/GlobalRateLimiterTest.java    | 106 ++++++++++++++++++
 .../RateLimiterInterceptorTest.java           |  28 ++---
 .../ratelimiter/adaptor/AdaptorTest.java      |  61 ++++++++++
 21 files changed, 314 insertions(+), 52 deletions(-)

diff --git a/common/src/main/java/org/tron/common/parameter/CommonParameter.java b/common/src/main/java/org/tron/common/parameter/CommonParameter.java
index 3fe1e878ffb..8bbc52e6d87 100644
--- a/common/src/main/java/org/tron/common/parameter/CommonParameter.java
+++ b/common/src/main/java/org/tron/common/parameter/CommonParameter.java
@@ -411,6 +411,9 @@ public class CommonParameter {
   @Setter
   public double rateLimiterDisconnect; // clearParam: 1.0
   @Getter
+  @Setter
+  public boolean rateLimiterApiNonBlocking = false;
+  @Getter
   public RocksDbSettings rocksDBCustomSettings;
   @Getter
   public GenesisBlock genesisBlock;
diff --git a/common/src/main/java/org/tron/core/config/args/RateLimiterConfig.java b/common/src/main/java/org/tron/core/config/args/RateLimiterConfig.java
index eed5ef1898b..5eab6f6d92d 100644
--- a/common/src/main/java/org/tron/core/config/args/RateLimiterConfig.java
+++ b/common/src/main/java/org/tron/core/config/args/RateLimiterConfig.java
@@ -21,6 +21,7 @@ public class RateLimiterConfig {
   private P2pRateLimitConfig p2p = new P2pRateLimitConfig();
   private List<HttpRateLimitItem> http = new ArrayList<>();
   private List<RpcRateLimitItem> rpc = new ArrayList<>();
+  private boolean apiNonBlocking = false;
 
   @Getter
   @Setter
diff --git a/common/src/main/resources/reference.conf b/common/src/main/resources/reference.conf
index 1e68da051e0..3f41c556f96 100644
--- a/common/src/main/resources/reference.conf
+++ b/common/src/main/resources/reference.conf
@@ -451,6 +451,7 @@ rate.limiter = {
   global.qps = 50000
   global.ip.qps = 10000
   global.api.qps = 1000
+  apiNonBlocking = false
 }
 
 seed.node = {
diff --git a/common/src/test/java/org/tron/core/config/args/RateLimiterConfigTest.java b/common/src/test/java/org/tron/core/config/args/RateLimiterConfigTest.java
index 7b4d8a87d45..c3b827a8ba4 100644
--- a/common/src/test/java/org/tron/core/config/args/RateLimiterConfigTest.java
+++ b/common/src/test/java/org/tron/core/config/args/RateLimiterConfigTest.java
@@ -1,6 +1,7 @@
 package org.tron.core.config.args;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import com.typesafe.config.Config;
@@ -29,6 +30,7 @@ public void testDefaults() {
     assertEquals(1.0, rl.getP2p().getDisconnect(), 0.001);
     assertTrue(rl.getHttp().isEmpty());
     assertTrue(rl.getRpc().isEmpty());
+    assertFalse(rl.isApiNonBlocking());
   }
 
   @Test
@@ -40,7 +42,8 @@ public void testFromConfig() {
             + " http = [{ component = TestServlet, strategy = QpsRateLimiterAdapter,"
             + "   paramString = \"qps=10\" }],"
             + " rpc = [{ component = TestRpc, strategy = GlobalPreemptibleAdapter,"
-            + "   paramString = \"permit=1\" }]"
+            + "   paramString = \"permit=1\" }],"
+            + " apiNonBlocking = true"
             + "}");
     RateLimiterConfig rl = RateLimiterConfig.fromConfig(config);
     assertEquals(100, rl.getGlobal().getQps());
@@ -50,5 +53,6 @@ public void testFromConfig() {
     assertEquals("TestServlet", rl.getHttp().get(0).getComponent());
     assertEquals(1, rl.getRpc().size());
     assertEquals("TestRpc", rl.getRpc().get(0).getComponent());
+    assertTrue(rl.isApiNonBlocking());
   }
 }
diff --git a/framework/src/main/java/org/tron/core/config/args/Args.java b/framework/src/main/java/org/tron/core/config/args/Args.java
index 7cc1c5b870b..ec808267c75 100644
--- a/framework/src/main/java/org/tron/core/config/args/Args.java
+++ b/framework/src/main/java/org/tron/core/config/args/Args.java
@@ -328,6 +328,7 @@ private static void applyRateLimiterConfig(RateLimiterConfig rl) {
     PARAMETER.rateLimiterSyncBlockChain = rl.getP2p().getSyncBlockChain();
     PARAMETER.rateLimiterFetchInvData = rl.getP2p().getFetchInvData();
     PARAMETER.rateLimiterDisconnect = rl.getP2p().getDisconnect();
+    PARAMETER.rateLimiterApiNonBlocking = rl.isApiNonBlocking();
 
     // HTTP/RPC rate limiter items: convert bean lists to business objects
     RateLimiterInitialization initialization = new RateLimiterInitialization();
diff --git a/framework/src/main/java/org/tron/core/services/http/RateLimiterServlet.java b/framework/src/main/java/org/tron/core/services/http/RateLimiterServlet.java
index 3086cbb3619..f488c32df4c 100644
--- a/framework/src/main/java/org/tron/core/services/http/RateLimiterServlet.java
+++ b/framework/src/main/java/org/tron/core/services/http/RateLimiterServlet.java
@@ -107,9 +107,10 @@ protected void service(HttpServletRequest req, HttpServletResponse resp)
     IRateLimiter rateLimiter = container.get(KEY_PREFIX_HTTP, getClass().getSimpleName());
 
     // Check per-endpoint first to avoid consuming global IP/QPS quota for requests
-    // that would be rejected by the per-endpoint limiter anyway.
-    boolean perEndpointAcquired = rateLimiter == null || rateLimiter.tryAcquire(runtimeData);
-    boolean acquireResource = perEndpointAcquired && GlobalRateLimiter.tryAcquire(runtimeData);
+    // that would be rejected by the per-endpoint limiter anyway. acquirePermit()
+    // chooses blocking or non-blocking semantics based on rate.limiter.apiNonBlocking.
+    boolean perEndpointAcquired = rateLimiter == null || rateLimiter.acquirePermit(runtimeData);
+    boolean acquireResource = perEndpointAcquired && GlobalRateLimiter.acquirePermit(runtimeData);
 
     String contextPath = req.getContextPath();
     String url = Strings.isNullOrEmpty(req.getServletPath())
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/GlobalRateLimiter.java b/framework/src/main/java/org/tron/core/services/ratelimiter/GlobalRateLimiter.java
index 4b3043274d2..11c55e3a2c3 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/GlobalRateLimiter.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/GlobalRateLimiter.java
@@ -23,21 +23,43 @@ public class GlobalRateLimiter {
   public static boolean tryAcquire(RuntimeData runtimeData) {
     String ip = runtimeData.getRemoteAddr();
     if (!Strings.isNullOrEmpty(ip)) {
-      RateLimiter r;
-      try {
-        // cache.get is atomic: only one loader executes per key under concurrent requests,
-        // preventing multiple RateLimiter instances from being created for the same IP.
-        r = cache.get(ip, () -> RateLimiter.create(IP_QPS));
-      } catch (Exception e) {
-        logger.warn("Failed to load IP rate limiter for {}, denying request: {}",
-            ip, e.getMessage());
+      RateLimiter r = loadIpLimiter(ip);
+      if (r == null || !r.tryAcquire()) {
         return false;
       }
-      if (!r.tryAcquire()) {
+    }
+    return rateLimiter.tryAcquire();
+  }
+
+  public static boolean acquire(RuntimeData runtimeData) {
+    String ip = runtimeData.getRemoteAddr();
+    if (!Strings.isNullOrEmpty(ip)) {
+      RateLimiter r = loadIpLimiter(ip);
+      if (r == null) {
         return false;
       }
+      r.acquire();
+    }
+    rateLimiter.acquire();
+    return true;
+  }
+
+  public static boolean acquirePermit(RuntimeData runtimeData) {
+    return Args.getInstance().isRateLimiterApiNonBlocking()
+        ? tryAcquire(runtimeData)
+        : acquire(runtimeData);
+  }
+
+  private static RateLimiter loadIpLimiter(String ip) {
+    try {
+      // cache.get is atomic: only one loader executes per key under concurrent requests,
+      // preventing multiple RateLimiter instances from being created for the same IP.
+      return cache.get(ip, () -> RateLimiter.create(IP_QPS));
+    } catch (Exception e) {
+      logger.warn("Failed to load IP rate limiter for {}, denying request: {}",
+          ip, e.getMessage());
+      return null;
     }
-    return rateLimiter.tryAcquire();
   }
 
 }
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/RateLimiterInterceptor.java b/framework/src/main/java/org/tron/core/services/ratelimiter/RateLimiterInterceptor.java
index a07cf955828..85e94f2e768 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/RateLimiterInterceptor.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/RateLimiterInterceptor.java
@@ -108,9 +108,10 @@ public <ReqT, RespT> Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> call,
 
     RuntimeData runtimeData = new RuntimeData(call);
     // Check per-endpoint first to avoid consuming global IP/QPS quota for requests
-    // that would be rejected by the per-endpoint limiter anyway.
-    boolean perEndpointAcquired = rateLimiter == null || rateLimiter.tryAcquire(runtimeData);
-    boolean acquireResource = perEndpointAcquired && GlobalRateLimiter.tryAcquire(runtimeData);
+    // that would be rejected by the per-endpoint limiter anyway. acquirePermit()
+    // chooses blocking or non-blocking semantics based on rate.limiter.apiNonBlocking.
+    boolean perEndpointAcquired = rateLimiter == null || rateLimiter.acquirePermit(runtimeData);
+    boolean acquireResource = perEndpointAcquired && GlobalRateLimiter.acquirePermit(runtimeData);
 
     if (!acquireResource) {
       // Release the per-endpoint permit when global rejected, to avoid semaphore leak.
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/DefaultBaseQqsAdapter.java b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/DefaultBaseQqsAdapter.java
index 8f5b5a487bf..63d4cc77587 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/DefaultBaseQqsAdapter.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/DefaultBaseQqsAdapter.java
@@ -15,4 +15,9 @@ public DefaultBaseQqsAdapter(String paramString) {
   public boolean tryAcquire(RuntimeData data) {
     return strategy.tryAcquire();
   }
+
+  @Override
+  public boolean acquire(RuntimeData data) {
+    return strategy.acquire();
+  }
 }
\ No newline at end of file
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/GlobalPreemptibleAdapter.java b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/GlobalPreemptibleAdapter.java
index 4adc142ed28..eb85baa8b41 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/GlobalPreemptibleAdapter.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/GlobalPreemptibleAdapter.java
@@ -21,4 +21,8 @@ public boolean tryAcquire(RuntimeData data) {
     return strategy.tryAcquire();
   }
 
+  @Override
+  public boolean acquire(RuntimeData data) {
+    return strategy.acquire();
+  }
 }
\ No newline at end of file
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IPQPSRateLimiterAdapter.java b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IPQPSRateLimiterAdapter.java
index c6fb089063a..0ebd21149a7 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IPQPSRateLimiterAdapter.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IPQPSRateLimiterAdapter.java
@@ -16,4 +16,9 @@ public boolean tryAcquire(RuntimeData data) {
     return strategy.tryAcquire(data.getRemoteAddr());
   }
 
+  @Override
+  public boolean acquire(RuntimeData data) {
+    return strategy.acquire(data.getRemoteAddr());
+  }
+
 }
\ No newline at end of file
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IRateLimiter.java b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IRateLimiter.java
index 46ed8beee92..29f7b61b6a5 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IRateLimiter.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/IRateLimiter.java
@@ -1,9 +1,17 @@
 package org.tron.core.services.ratelimiter.adapter;
 
+import org.tron.core.config.args.Args;
 import org.tron.core.services.ratelimiter.RuntimeData;
 
 public interface IRateLimiter {
 
   boolean tryAcquire(RuntimeData data);
 
+  boolean acquire(RuntimeData data);
+
+  default boolean acquirePermit(RuntimeData data) {
+    return Args.getInstance().isRateLimiterApiNonBlocking()
+        ? tryAcquire(data)
+        : acquire(data);
+  }
 }
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/QpsRateLimiterAdapter.java b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/QpsRateLimiterAdapter.java
index 846a5eb1c4e..62074eac885 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/QpsRateLimiterAdapter.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/adapter/QpsRateLimiterAdapter.java
@@ -16,4 +16,9 @@ public boolean tryAcquire(RuntimeData data) {
     return strategy.tryAcquire();
   }
 
+  @Override
+  public boolean acquire(RuntimeData data) {
+    return strategy.acquire();
+  }
+
 }
\ No newline at end of file
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/GlobalPreemptibleStrategy.java b/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/GlobalPreemptibleStrategy.java
index 0a29183d762..e7b7f560b29 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/GlobalPreemptibleStrategy.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/GlobalPreemptibleStrategy.java
@@ -3,11 +3,15 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+import lombok.extern.slf4j.Slf4j;
 
+@Slf4j
 public class GlobalPreemptibleStrategy extends Strategy {
 
   public static final String STRATEGY_PARAM_PERMIT = "permit";
   public static final int DEFAULT_PERMIT_NUM = 1;
+  public static final int DEFAULT_ACQUIRE_TIMEOUT = 2;
   private Semaphore sp;
 
   public GlobalPreemptibleStrategy(String paramString) {
@@ -23,15 +27,25 @@ protected Map<String, ParamItem> defaultParam() {
     return map;
   }
 
-  // Non-blocking: immediately rejects if no permit is available.
-  // Intentional change from the previous tryAcquire(2, TimeUnit.SECONDS) behaviour:
-  // blocking the caller for up to 2 s ties up Netty IO / gRPC executor threads and
-  // masks overload rather than shedding it. All rate-limiting in this stack is now
-  // non-blocking to keep the thread model consistent with GlobalRateLimiter.
+  // Non-blocking: immediately rejects if no permit is available. Used when the
+  // apiNonBlocking switch is on, to shed overload instead of tying up Netty IO /
+  // gRPC executor threads while waiting for a permit.
   public boolean tryAcquire() {
     return sp.tryAcquire();
   }
 
+  public boolean acquire() {
+    try {
+      return sp.tryAcquire(DEFAULT_ACQUIRE_TIMEOUT, TimeUnit.SECONDS);
+    } catch (InterruptedException e) {
+      // Restore the interrupt flag and reject — caller must not release a permit
+      // it never acquired.
+      logger.error("acquire permit with error: {}", e.getMessage());
+      Thread.currentThread().interrupt();
+      return false;
+    }
+  }
+
   public void release() {
     sp.release();
   }
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/IPQpsStrategy.java b/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/IPQpsStrategy.java
index 6589c90fe1d..7ffd1f04eb7 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/IPQpsStrategy.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/IPQpsStrategy.java
@@ -22,17 +22,29 @@ public IPQpsStrategy(String paramString) {
   }
 
   public boolean tryAcquire(String ip) {
-    RateLimiter limiter;
+    RateLimiter limiter = loadLimiter(ip);
+    return limiter != null && limiter.tryAcquire();
+  }
+
+  public boolean acquire(String ip) {
+    RateLimiter limiter = loadLimiter(ip);
+    if (limiter == null) {
+      return false;
+    }
+    limiter.acquire();
+    return true;
+  }
+
+  private RateLimiter loadLimiter(String ip) {
     try {
       // cache.get is atomic: only one loader executes per key under concurrent requests,
       // preventing multiple RateLimiter instances from being created for the same IP.
-      limiter = ipLimiter.get(ip, this::newRateLimiter);
+      return ipLimiter.get(ip, this::newRateLimiter);
     } catch (Exception e) {
       logger.warn("Failed to load IP rate limiter for {}, denying request: {}",
           ip, e.getMessage());
-      return false;
+      return null;
     }
-    return limiter.tryAcquire();
   }
 
   private RateLimiter newRateLimiter() {
diff --git a/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/QpsStrategy.java b/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/QpsStrategy.java
index 7e0466448b3..9116af1b7da 100644
--- a/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/QpsStrategy.java
+++ b/framework/src/main/java/org/tron/core/services/ratelimiter/strategy/QpsStrategy.java
@@ -29,4 +29,9 @@ protected Map<String, ParamItem> defaultParam() {
   public boolean tryAcquire() {
     return rateLimiter.tryAcquire();
   }
+
+  public boolean acquire() {
+    rateLimiter.acquire();
+    return true;
+  }
 }
\ No newline at end of file
diff --git a/framework/src/main/resources/config.conf b/framework/src/main/resources/config.conf
index d00f334f4ce..d6d3ab236a6 100644
--- a/framework/src/main/resources/config.conf
+++ b/framework/src/main/resources/config.conf
@@ -415,7 +415,7 @@ node {
 
 ## rate limiter config
 rate.limiter = {
-  # Every api could only set a specific rate limit strategy. Three non-blocking strategy are supported:
+  # Every api could only set a specific rate limit strategy. Three strategy are supported:
   # GlobalPreemptibleAdapter: The number of preemptible resource or maximum concurrent requests globally.
   # QpsRateLimiterAdapter: qps is the average request count in one second supported by the server, it could be a Double or a Integer.
   # IPQPSRateLimiterAdapter: similar to the QpsRateLimiterAdapter, qps could be a Double or a Integer.
@@ -473,6 +473,9 @@ rate.limiter = {
   global.qps = 50000
   # IP-based global qps, default 10000
   global.ip.qps = 10000
+  # If true, API rate limiters reject immediately on overload (non-blocking).
+  # If false (default), callers wait for a permit (blocking, the legacy behaviour).
+  apiNonBlocking = false
 }
 
 
diff --git a/framework/src/test/java/org/tron/core/services/http/RateLimiterServletTest.java b/framework/src/test/java/org/tron/core/services/http/RateLimiterServletTest.java
index 1ae341696eb..8cca558d151 100644
--- a/framework/src/test/java/org/tron/core/services/http/RateLimiterServletTest.java
+++ b/framework/src/test/java/org/tron/core/services/http/RateLimiterServletTest.java
@@ -167,14 +167,14 @@ public void testBuildsEachWhitelistedAdapter() {
   @Test
   public void testPerEndpointRejectedDoesNotConsumeGlobalQuota() throws Exception {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(false);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(false);
     container.add(KEY_HTTP, "TestServlet", perEndpoint);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
       servlet.service(request, response);
 
-      globalMock.verify(() -> GlobalRateLimiter.tryAcquire(any()), never());
-      // tryAcquire returned false — no permit was taken, nothing to release
+      globalMock.verify(() -> GlobalRateLimiter.acquirePermit(any()), never());
+      // acquirePermit returned false — no permit was taken, nothing to release
       verify(perEndpoint, never()).release();
     }
   }
@@ -186,13 +186,13 @@ public void testPerEndpointRejectedDoesNotConsumeGlobalQuota() throws Exception
   @Test
   public void testNonPreemptiblePerEndpointRejectedDoesNotConsumeGlobal() throws Exception {
     IRateLimiter perEndpoint = Mockito.mock(IRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(false);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(false);
     container.add(KEY_HTTP, "TestServlet", perEndpoint);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
       servlet.service(request, response);
 
-      globalMock.verify(() -> GlobalRateLimiter.tryAcquire(any()), never());
+      globalMock.verify(() -> GlobalRateLimiter.acquirePermit(any()), never());
     }
   }
 
@@ -203,11 +203,11 @@ public void testNonPreemptiblePerEndpointRejectedDoesNotConsumeGlobal() throws E
   @Test
   public void testGlobalRejectedReleasesPreemptiblePermit() throws Exception {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(true);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(true);
     container.add(KEY_HTTP, "TestServlet", perEndpoint);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(false);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(false);
 
       servlet.service(request, response);
 
@@ -223,11 +223,11 @@ public void testGlobalRejectedReleasesPreemptiblePermit() throws Exception {
   @Test
   public void testBothPassPermitReleasedAfterRequest() throws Exception {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(true);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(true);
     container.add(KEY_HTTP, "TestServlet", perEndpoint);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(true);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(true);
 
       servlet.service(request, response);
 
@@ -243,11 +243,11 @@ public void testBothPassPermitReleasedAfterRequest() throws Exception {
   public void testNullRateLimiterConsultsOnlyGlobal() throws Exception {
     // No entry added to container — container.get() returns null
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(true);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(true);
 
       servlet.service(request, response);
 
-      globalMock.verify(() -> GlobalRateLimiter.tryAcquire(any()), times(1));
+      globalMock.verify(() -> GlobalRateLimiter.acquirePermit(any()), times(1));
     }
   }
 }
diff --git a/framework/src/test/java/org/tron/core/services/ratelimiter/GlobalRateLimiterTest.java b/framework/src/test/java/org/tron/core/services/ratelimiter/GlobalRateLimiterTest.java
index c34d49d9009..8ea0f908899 100644
--- a/framework/src/test/java/org/tron/core/services/ratelimiter/GlobalRateLimiterTest.java
+++ b/framework/src/test/java/org/tron/core/services/ratelimiter/GlobalRateLimiterTest.java
@@ -1,5 +1,10 @@
 package org.tron.core.services.ratelimiter;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+
 import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.util.concurrent.RateLimiter;
@@ -9,6 +14,9 @@
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
+import org.mockito.InOrder;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
 import org.tron.common.TestConstants;
 import org.tron.core.config.args.Args;
 
@@ -135,6 +143,104 @@ public void testPerIpLimitsAreIndependent() throws Exception {
     Assert.assertFalse(GlobalRateLimiter.tryAcquire(runtimeDataFor("2.2.2.2")));
   }
 
+  /**
+   * acquire() must drain the IP limiter before the global limiter, mirroring
+   * tryAcquire(). A reversed order would let one chatty IP consume global
+   * quota even when its own per-IP budget is exhausted.
+   */
+  @Test
+  public void testAcquireOrdersIpBeforeGlobal() throws Exception {
+    RateLimiter globalMock = Mockito.mock(RateLimiter.class);
+    RateLimiter ipMock = Mockito.mock(RateLimiter.class);
+    injectRateLimiter(globalMock);
+    Cache<String, RateLimiter> seeded = CacheBuilder.newBuilder()
+        .maximumSize(10).expireAfterWrite(1, TimeUnit.HOURS).build();
+    seeded.put("10.0.0.1", ipMock);
+    injectCache(seeded);
+
+    Assert.assertTrue(GlobalRateLimiter.acquire(runtimeDataFor("10.0.0.1")));
+
+    InOrder inOrder = Mockito.inOrder(ipMock, globalMock);
+    inOrder.verify(ipMock).acquire();
+    inOrder.verify(globalMock).acquire();
+  }
+
+  /**
+   * If the IP limiter cannot be created (cache loader throws), acquire()
+   * returns false without consuming a global token — same fail-closed
+   * behaviour as tryAcquire().
+   */
+  @Test
+  public void testAcquireDoesNotConsumeGlobalWhenIpLoaderFails() throws Exception {
+    RateLimiter globalMock = Mockito.mock(RateLimiter.class);
+    injectRateLimiter(globalMock);
+    // RateLimiter.create(-1.0) throws IllegalArgumentException, so the
+    // cache loader fails and loadIpLimiter() returns null.
+    injectIpQps(-1.0);
+    injectCache(CacheBuilder.newBuilder()
+        .maximumSize(10).expireAfterWrite(1, TimeUnit.HOURS).build());
+
+    Assert.assertFalse(GlobalRateLimiter.acquire(runtimeDataFor("10.0.0.1")));
+
+    Mockito.verify(globalMock, never()).acquire();
+  }
+
+  /**
+   * acquirePermit dispatches based on rate.limiter.apiNonBlocking:
+   * switch on → only tryAcquire runs; switch off → only acquire runs.
+   * These tests pin that contract on the static dispatcher; the matching
+   * default-method contract for IRateLimiter is covered in AdaptorTest.
+   */
+  @Test
+  public void testAcquirePermitDispatchesToTryAcquireWhenNonBlocking() throws Exception {
+    Args.getInstance().setRateLimiterApiNonBlocking(true);
+    RuntimeData rd = runtimeDataFor("10.0.0.1");
+
+    try (MockedStatic<GlobalRateLimiter> mock = mockStatic(GlobalRateLimiter.class)) {
+      mock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenCallRealMethod();
+      mock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(true);
+
+      Assert.assertTrue(GlobalRateLimiter.acquirePermit(rd));
+
+      mock.verify(() -> GlobalRateLimiter.tryAcquire(any()), times(1));
+      mock.verify(() -> GlobalRateLimiter.acquire(any()), never());
+    }
+  }
+
+  @Test
+  public void testAcquirePermitDispatchesToAcquireWhenBlocking() throws Exception {
+    Args.getInstance().setRateLimiterApiNonBlocking(false);
+    RuntimeData rd = runtimeDataFor("10.0.0.1");
+
+    try (MockedStatic<GlobalRateLimiter> mock = mockStatic(GlobalRateLimiter.class)) {
+      mock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenCallRealMethod();
+      mock.when(() -> GlobalRateLimiter.acquire(any())).thenReturn(true);
+
+      Assert.assertTrue(GlobalRateLimiter.acquirePermit(rd));
+
+      mock.verify(() -> GlobalRateLimiter.acquire(any()), times(1));
+      mock.verify(() -> GlobalRateLimiter.tryAcquire(any()), never());
+    }
+  }
+
+  private static void injectRateLimiter(RateLimiter rl) throws Exception {
+    Field f = GlobalRateLimiter.class.getDeclaredField("rateLimiter");
+    f.setAccessible(true);
+    f.set(null, rl);
+  }
+
+  private static void injectCache(Cache<String, RateLimiter> cache) throws Exception {
+    Field f = GlobalRateLimiter.class.getDeclaredField("cache");
+    f.setAccessible(true);
+    f.set(null, cache);
+  }
+
+  private static void injectIpQps(double qps) throws Exception {
+    Field f = GlobalRateLimiter.class.getDeclaredField("IP_QPS");
+    f.setAccessible(true);
+    f.set(null, qps);
+  }
+
   @AfterClass
   public static void destroy() {
     Args.clearParam();
diff --git a/framework/src/test/java/org/tron/core/services/ratelimiter/RateLimiterInterceptorTest.java b/framework/src/test/java/org/tron/core/services/ratelimiter/RateLimiterInterceptorTest.java
index 6cf02a25050..bbc365f3e0b 100644
--- a/framework/src/test/java/org/tron/core/services/ratelimiter/RateLimiterInterceptorTest.java
+++ b/framework/src/test/java/org/tron/core/services/ratelimiter/RateLimiterInterceptorTest.java
@@ -95,13 +95,13 @@ public void setUp() throws Exception {
   @Test
   public void testPerEndpointRejectedDoesNotConsumeGlobalQuota() {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(false);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(false);
     container.add(KEY_RPC, METHOD_NAME, perEndpoint);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
       interceptor.interceptCall(call, headers, next);
 
-      globalMock.verify(() -> GlobalRateLimiter.tryAcquire(any()), never());
+      globalMock.verify(() -> GlobalRateLimiter.acquirePermit(any()), never());
       verify(perEndpoint, never()).release();
     }
   }
@@ -112,13 +112,13 @@ public void testPerEndpointRejectedDoesNotConsumeGlobalQuota() {
   @Test
   public void testNonPreemptiblePerEndpointRejectedDoesNotConsumeGlobal() {
     IRateLimiter perEndpoint = Mockito.mock(IRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(false);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(false);
     container.add(KEY_RPC, METHOD_NAME, perEndpoint);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
       interceptor.interceptCall(call, headers, next);
 
-      globalMock.verify(() -> GlobalRateLimiter.tryAcquire(any()), never());
+      globalMock.verify(() -> GlobalRateLimiter.acquirePermit(any()), never());
     }
   }
 
@@ -129,11 +129,11 @@ public void testNonPreemptiblePerEndpointRejectedDoesNotConsumeGlobal() {
   @Test
   public void testGlobalRejectedReleasesPreemptiblePermit() {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(true);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(true);
     container.add(KEY_RPC, METHOD_NAME, perEndpoint);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(false);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(false);
 
       interceptor.interceptCall(call, headers, next);
 
@@ -153,12 +153,12 @@ public void testGlobalRejectedReleasesPreemptiblePermit() {
   @Test
   public void testStartCallExceptionReleasesPermitAndClosesCall() throws Exception {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(true);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(true);
     container.add(KEY_RPC, METHOD_NAME, perEndpoint);
     when(next.startCall(any(), any())).thenThrow(new RuntimeException("handler crash"));
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(true);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(true);
 
       interceptor.interceptCall(call, headers, next);
 
@@ -176,14 +176,14 @@ public void testStartCallExceptionReleasesPermitAndClosesCall() throws Exception
   @Test
   public void testListenerReleasesPermitOnComplete() throws Exception {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(true);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(true);
     container.add(KEY_RPC, METHOD_NAME, perEndpoint);
 
     ServerCall.Listener<Object> delegate = Mockito.mock(ServerCall.Listener.class);
     when(next.startCall(any(), any())).thenReturn(delegate);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(true);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(true);
 
       ServerCall.Listener<Object> listener = interceptor.interceptCall(call, headers, next);
       listener.onComplete();
@@ -199,14 +199,14 @@ public void testListenerReleasesPermitOnComplete() throws Exception {
   @Test
   public void testListenerReleasesPermitOnCancel() throws Exception {
     IPreemptibleRateLimiter perEndpoint = Mockito.mock(IPreemptibleRateLimiter.class);
-    when(perEndpoint.tryAcquire(any(RuntimeData.class))).thenReturn(true);
+    when(perEndpoint.acquirePermit(any(RuntimeData.class))).thenReturn(true);
     container.add(KEY_RPC, METHOD_NAME, perEndpoint);
 
     ServerCall.Listener<Object> delegate = Mockito.mock(ServerCall.Listener.class);
     when(next.startCall(any(), any())).thenReturn(delegate);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(true);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(true);
 
       ServerCall.Listener<Object> listener = interceptor.interceptCall(call, headers, next);
       listener.onCancel();
@@ -225,11 +225,11 @@ public void testNullRateLimiterConsultsOnlyGlobal() throws Exception {
     when(next.startCall(any(), any())).thenReturn(delegate);
 
     try (MockedStatic<GlobalRateLimiter> globalMock = mockStatic(GlobalRateLimiter.class)) {
-      globalMock.when(() -> GlobalRateLimiter.tryAcquire(any())).thenReturn(true);
+      globalMock.when(() -> GlobalRateLimiter.acquirePermit(any())).thenReturn(true);
 
       interceptor.interceptCall(call, headers, next);
 
-      globalMock.verify(() -> GlobalRateLimiter.tryAcquire(any()), times(1));
+      globalMock.verify(() -> GlobalRateLimiter.acquirePermit(any()), times(1));
     }
   }
 }
diff --git a/framework/src/test/java/org/tron/core/services/ratelimiter/adaptor/AdaptorTest.java b/framework/src/test/java/org/tron/core/services/ratelimiter/adaptor/AdaptorTest.java
index 69a6c688200..5ab85a42bbf 100644
--- a/framework/src/test/java/org/tron/core/services/ratelimiter/adaptor/AdaptorTest.java
+++ b/framework/src/test/java/org/tron/core/services/ratelimiter/adaptor/AdaptorTest.java
@@ -4,12 +4,18 @@
 import com.google.common.util.concurrent.RateLimiter;
 import java.util.concurrent.Semaphore;
 import java.util.concurrent.TimeUnit;
+import org.junit.AfterClass;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Test;
+import org.tron.common.TestConstants;
 import org.tron.common.es.ExecutorServiceManager;
 import org.tron.common.utils.ReflectUtils;
+import org.tron.core.config.args.Args;
+import org.tron.core.services.ratelimiter.RuntimeData;
 import org.tron.core.services.ratelimiter.adapter.GlobalPreemptibleAdapter;
 import org.tron.core.services.ratelimiter.adapter.IPQPSRateLimiterAdapter;
+import org.tron.core.services.ratelimiter.adapter.IRateLimiter;
 import org.tron.core.services.ratelimiter.adapter.QpsRateLimiterAdapter;
 import org.tron.core.services.ratelimiter.strategy.GlobalPreemptibleStrategy;
 import org.tron.core.services.ratelimiter.strategy.IPQpsStrategy;
@@ -17,6 +23,61 @@
 
 public class AdaptorTest {
 
+  @Before
+  public void setUp() {
+    Args.setParam(new String[0], TestConstants.TEST_CONF);
+  }
+
+  @AfterClass
+  public static void tearDown() {
+    Args.clearParam();
+  }
+
+  /**
+   * IRateLimiter.acquirePermit is a default method that dispatches based on
+   * rate.limiter.apiNonBlocking. The two cases below pin that contract: with
+   * the switch on, only tryAcquire is invoked; with the switch off, only
+   * acquire is invoked. Breaking either direction is a behavioural regression.
+   */
+  @Test
+  public void testAcquirePermitDispatchesToTryAcquireWhenNonBlocking() {
+    Args.getInstance().setRateLimiterApiNonBlocking(true);
+    CountingRateLimiter limiter = new CountingRateLimiter();
+
+    Assert.assertTrue(limiter.acquirePermit(null));
+
+    Assert.assertEquals(1, limiter.tryAcquireCount);
+    Assert.assertEquals(0, limiter.acquireCount);
+  }
+
+  @Test
+  public void testAcquirePermitDispatchesToAcquireWhenBlocking() {
+    Args.getInstance().setRateLimiterApiNonBlocking(false);
+    CountingRateLimiter limiter = new CountingRateLimiter();
+
+    Assert.assertTrue(limiter.acquirePermit(null));
+
+    Assert.assertEquals(0, limiter.tryAcquireCount);
+    Assert.assertEquals(1, limiter.acquireCount);
+  }
+
+  private static final class CountingRateLimiter implements IRateLimiter {
+    int tryAcquireCount;
+    int acquireCount;
+
+    @Override
+    public boolean tryAcquire(RuntimeData data) {
+      tryAcquireCount++;
+      return true;
+    }
+
+    @Override
+    public boolean acquire(RuntimeData data) {
+      acquireCount++;
+      return true;
+    }
+  }
+
   @Test
   public void testStrategy() {
     String paramString1 = "qps=5 notExist=6";

From ace64b02002976c22c5e6bb998a9a9532a21b50c Mon Sep 17 00:00:00 2001
From: federico <federico.zhen@tron.network>
Date: Tue, 19 May 2026 15:37:12 +0800
Subject: [PATCH 5/5] fix(net): enforce 65-byte signature length

---
 .../src/main/java/org/tron/core/Wallet.java   | 11 +++
 .../TransactionsMsgHandler.java               |  9 +++
 .../core/net/service/relay/RelayService.java  |  8 +++
 .../java/org/tron/core/WalletMockTest.java    | 41 +++++++++++
 .../TransactionsMsgHandlerTest.java           | 69 +++++++++++++++++++
 .../core/net/services/RelayServiceTest.java   | 24 +++++++
 6 files changed, 162 insertions(+)

diff --git a/framework/src/main/java/org/tron/core/Wallet.java b/framework/src/main/java/org/tron/core/Wallet.java
index 0482643d8d0..266c16e052f 100755
--- a/framework/src/main/java/org/tron/core/Wallet.java
+++ b/framework/src/main/java/org/tron/core/Wallet.java
@@ -24,6 +24,7 @@
 import static org.tron.common.utils.Commons.getAssetIssueStoreFinal;
 import static org.tron.common.utils.Commons.getExchangeStoreFinal;
 import static org.tron.common.utils.WalletUtil.isConstant;
+import static org.tron.core.Constant.PER_SIGN_LENGTH;
 import static org.tron.core.capsule.utils.TransactionUtil.buildInternalTransaction;
 import static org.tron.core.config.Parameter.ChainConstant.BLOCK_PRODUCED_INTERVAL;
 import static org.tron.core.config.Parameter.ChainConstant.TRX_PRECISION;
@@ -505,6 +506,16 @@ public GrpcAPI.Return broadcastTransaction(Transaction signedTransaction) {
     trx.setTime(System.currentTimeMillis());
     Sha256Hash txID = trx.getTransactionId();
     try {
+      for (ByteString sig : signedTransaction.getSignatureList()) {
+        if (sig.size() != PER_SIGN_LENGTH) {
+          String info = "Signature size is " + sig.size();
+          logger.warn("Broadcast transaction {} has failed, {}.", txID, info);
+          return builder.setResult(false).setCode(response_code.SIGERROR)
+              .setMessage(ByteString.copyFromUtf8("Validate signature error: " + info))
+              .build();
+        }
+      }
+
       if (tronNetDelegate.isBlockUnsolidified()) {
         logger.warn("Broadcast transaction {} has failed, block unsolidified.", txID);
         return builder.setResult(false).setCode(response_code.BLOCK_UNSOLIDIFIED)
diff --git a/framework/src/main/java/org/tron/core/net/messagehandler/TransactionsMsgHandler.java b/framework/src/main/java/org/tron/core/net/messagehandler/TransactionsMsgHandler.java
index e153e21f331..8d477762f14 100644
--- a/framework/src/main/java/org/tron/core/net/messagehandler/TransactionsMsgHandler.java
+++ b/framework/src/main/java/org/tron/core/net/messagehandler/TransactionsMsgHandler.java
@@ -1,5 +1,8 @@
 package org.tron.core.net.messagehandler;
 
+import static org.tron.core.Constant.PER_SIGN_LENGTH;
+
+import com.google.protobuf.ByteString;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -142,6 +145,12 @@ private void check(PeerConnection peer, TransactionsMessage msg) throws P2pExcep
         throw new P2pException(TypeEnum.BAD_TRX,
             "tx " + item.getHash() + " contract size should be greater than 0");
       }
+      for (ByteString sig : trx.getSignatureList()) {
+        if (sig.size() != PER_SIGN_LENGTH) {
+          throw new P2pException(TypeEnum.BAD_TRX,
+              "tx " + item.getHash() + " signature size is " + sig.size());
+        }
+      }
     }
   }
 
diff --git a/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java b/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java
index 61ae6326e9f..2f116d77ea2 100644
--- a/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java
+++ b/framework/src/main/java/org/tron/core/net/service/relay/RelayService.java
@@ -1,5 +1,7 @@
 package org.tron.core.net.service.relay;
 
+import static org.tron.core.Constant.PER_SIGN_LENGTH;
+
 import com.google.protobuf.ByteString;
 import java.net.InetSocketAddress;
 import java.util.Arrays;
@@ -150,6 +152,12 @@ public boolean checkHelloMessage(HelloMessage message, Channel channel) {
       return false;
     }
 
+    if (msg.getSignature().size() != PER_SIGN_LENGTH) {
+      logger.warn("HelloMessage from {}, signature size is {}.",
+          channel.getInetAddress(), msg.getSignature().size());
+      return false;
+    }
+
     boolean flag;
     try {
       Sha256Hash hash = Sha256Hash.of(CommonParameter
diff --git a/framework/src/test/java/org/tron/core/WalletMockTest.java b/framework/src/test/java/org/tron/core/WalletMockTest.java
index 3e0c1a4461d..595306b9aaf 100644
--- a/framework/src/test/java/org/tron/core/WalletMockTest.java
+++ b/framework/src/test/java/org/tron/core/WalletMockTest.java
@@ -164,6 +164,47 @@ public void testCreateTransactionCapsuleWithoutValidateWithTimeout()
   }
 
 
+  @Test
+  public void testBroadcastTxInvalidSigLength() throws Exception {
+    Wallet wallet = new Wallet();
+    TronNetDelegate tronNetDelegateMock = mock(TronNetDelegate.class);
+    Field field = wallet.getClass().getDeclaredField("tronNetDelegate");
+    field.setAccessible(true);
+    field.set(wallet, tronNetDelegateMock);
+
+    // signature shorter than 65 bytes → SIGERROR
+    Protocol.Transaction shortSig = Protocol.Transaction.newBuilder()
+        .addSignature(ByteString.copyFrom(new byte[64]))
+        .build();
+    GrpcAPI.Return ret = wallet.broadcastTransaction(shortSig);
+    assertEquals(GrpcAPI.Return.response_code.SIGERROR, ret.getCode());
+
+    // signature longer than 65 bytes → SIGERROR
+    Protocol.Transaction longSig = Protocol.Transaction.newBuilder()
+        .addSignature(ByteString.copyFrom(new byte[66]))
+        .build();
+    ret = wallet.broadcastTransaction(longSig);
+    assertEquals(GrpcAPI.Return.response_code.SIGERROR, ret.getCode());
+
+    // empty signature → SIGERROR
+    Protocol.Transaction emptySig = Protocol.Transaction.newBuilder()
+        .addSignature(ByteString.EMPTY)
+        .build();
+    ret = wallet.broadcastTransaction(emptySig);
+    assertEquals(GrpcAPI.Return.response_code.SIGERROR, ret.getCode());
+
+    // tronNetDelegate must not be consulted because the request is rejected up front
+    Mockito.verify(tronNetDelegateMock, Mockito.never()).isBlockUnsolidified();
+
+    // 65-byte signature passes the length check and proceeds to downstream logic
+    when(tronNetDelegateMock.isBlockUnsolidified()).thenReturn(true);
+    Protocol.Transaction validSig = Protocol.Transaction.newBuilder()
+        .addSignature(ByteString.copyFrom(new byte[65]))
+        .build();
+    ret = wallet.broadcastTransaction(validSig);
+    assertEquals(GrpcAPI.Return.response_code.BLOCK_UNSOLIDIFIED, ret.getCode());
+  }
+
   @Test
   public void testBroadcastTransactionBlockUnsolidified() throws Exception {
     Wallet wallet = new Wallet();
diff --git a/framework/src/test/java/org/tron/core/net/messagehandler/TransactionsMsgHandlerTest.java b/framework/src/test/java/org/tron/core/net/messagehandler/TransactionsMsgHandlerTest.java
index abe69e76ff2..9faac63914a 100644
--- a/framework/src/test/java/org/tron/core/net/messagehandler/TransactionsMsgHandlerTest.java
+++ b/framework/src/test/java/org/tron/core/net/messagehandler/TransactionsMsgHandlerTest.java
@@ -337,6 +337,75 @@ public void testDuplicateTransactionRejected() throws Exception {
     }
   }
 
+  @Test
+  public void testInvalidSigLength() throws Exception {
+    TransactionsMsgHandler handler = new TransactionsMsgHandler();
+    handler.init();
+    try {
+      PeerConnection peer = Mockito.mock(PeerConnection.class);
+
+      BalanceContract.TransferContract transferContract = BalanceContract.TransferContract
+          .newBuilder()
+          .setAmount(10)
+          .setOwnerAddress(ByteString.copyFrom(ByteArray.fromHexString("121212a9cf")))
+          .setToAddress(ByteString.copyFrom(ByteArray.fromHexString("232323a9cf")))
+          .build();
+
+      // signature shorter than 65 bytes → BAD_TRX
+      Protocol.Transaction shortSigTrx = Protocol.Transaction.newBuilder()
+          .setRawData(Protocol.Transaction.raw.newBuilder()
+              .addContract(Protocol.Transaction.Contract.newBuilder()
+                  .setType(Protocol.Transaction.Contract.ContractType.TransferContract)
+                  .setParameter(Any.pack(transferContract)).build())
+              .build())
+          .addSignature(ByteString.copyFrom(new byte[64]))
+          .build();
+
+      List<Protocol.Transaction> shortList = new ArrayList<>();
+      shortList.add(shortSigTrx);
+      stubAdvInvRequest(peer, new TransactionsMessage(shortList));
+      P2pException shortEx = Assert.assertThrows(P2pException.class,
+          () -> handler.processMessage(peer, new TransactionsMessage(shortList)));
+      Assert.assertEquals(TypeEnum.BAD_TRX, shortEx.getType());
+
+      // signature longer than 65 bytes → BAD_TRX
+      Protocol.Transaction longSigTrx = Protocol.Transaction.newBuilder()
+          .setRawData(Protocol.Transaction.raw.newBuilder()
+              .setRefBlockNum(1)
+              .addContract(Protocol.Transaction.Contract.newBuilder()
+                  .setType(Protocol.Transaction.Contract.ContractType.TransferContract)
+                  .setParameter(Any.pack(transferContract)).build())
+              .build())
+          .addSignature(ByteString.copyFrom(new byte[66]))
+          .build();
+
+      List<Protocol.Transaction> longList = new ArrayList<>();
+      longList.add(longSigTrx);
+      stubAdvInvRequest(peer, new TransactionsMessage(longList));
+      P2pException longEx = Assert.assertThrows(P2pException.class,
+          () -> handler.processMessage(peer, new TransactionsMessage(longList)));
+      Assert.assertEquals(TypeEnum.BAD_TRX, longEx.getType());
+
+      // exactly 65 bytes → passes the length check (no P2pException from check)
+      Protocol.Transaction validSigTrx = Protocol.Transaction.newBuilder()
+          .setRawData(Protocol.Transaction.raw.newBuilder()
+              .setRefBlockNum(2)
+              .addContract(Protocol.Transaction.Contract.newBuilder()
+                  .setType(Protocol.Transaction.Contract.ContractType.TransferContract)
+                  .setParameter(Any.pack(transferContract)).build())
+              .build())
+          .addSignature(ByteString.copyFrom(new byte[65]))
+          .build();
+
+      List<Protocol.Transaction> validList = new ArrayList<>();
+      validList.add(validSigTrx);
+      stubAdvInvRequest(peer, new TransactionsMessage(validList));
+      handler.processMessage(peer, new TransactionsMessage(validList));
+    } finally {
+      handler.close();
+    }
+  }
+
   @Test
   public void testIsBusyWithCachedTransactions() throws Exception {
     TransactionsMsgHandler handler = new TransactionsMsgHandler();
diff --git a/framework/src/test/java/org/tron/core/net/services/RelayServiceTest.java b/framework/src/test/java/org/tron/core/net/services/RelayServiceTest.java
index 8585244b941..8a63ff8a887 100644
--- a/framework/src/test/java/org/tron/core/net/services/RelayServiceTest.java
+++ b/framework/src/test/java/org/tron/core/net/services/RelayServiceTest.java
@@ -220,6 +220,30 @@ private void testCheckHelloMessage() {
 
       boolean res = service.checkHelloMessage(helloMessage, c1);
       Assert.assertTrue(res);
+
+      HelloMessage shortSigMsg = new HelloMessage(node, System.currentTimeMillis(),
+          ChainBaseManager.getChainBaseManager());
+      shortSigMsg.setHelloMessage(shortSigMsg.getHelloMessage().toBuilder()
+          .setAddress(address)
+          .setSignature(ByteString.copyFrom(new byte[64]))
+          .build());
+      Assert.assertFalse(service.checkHelloMessage(shortSigMsg, c1));
+
+      HelloMessage longSigMsg = new HelloMessage(node, System.currentTimeMillis(),
+          ChainBaseManager.getChainBaseManager());
+      longSigMsg.setHelloMessage(longSigMsg.getHelloMessage().toBuilder()
+          .setAddress(address)
+          .setSignature(ByteString.copyFrom(new byte[66]))
+          .build());
+      Assert.assertFalse(service.checkHelloMessage(longSigMsg, c1));
+
+      HelloMessage emptySigMsg = new HelloMessage(node, System.currentTimeMillis(),
+          ChainBaseManager.getChainBaseManager());
+      emptySigMsg.setHelloMessage(emptySigMsg.getHelloMessage().toBuilder()
+          .setAddress(address)
+          .setSignature(ByteString.EMPTY)
+          .build());
+      Assert.assertFalse(service.checkHelloMessage(emptySigMsg, c1));
     } catch (Exception e) {
       logger.info("", e);
       assert false;