bug: PublicKeyAggregator may publish prematurely when dkg_node_proofs is empty or contains results from non-honest parties

[coderabbitai]

Summary

In crates/aggregator/src/publickey_aggregator.rs, the try_publish_complete method contains a guard that checks whether all DKG node proofs are None (indicating proof aggregation is disabled) before deciding whether to wait for the cross-node fold. The current implementation has two issues:

1. Empty map edge case: dkg_node_proofs.values().all(|p| p.is_none()) evaluates to true when the map is empty (vacuous truth). This means PublicKeyAggregated can be published with dkg_aggregated_proof: None before any DKG aggregation results have been received, as soon as the C5 proof arrives.

2. Incorrect scope: The check scans all entries in dkg_node_proofs, including results from parties that were filtered out (dishonest parties). This means a late result from a filtered-out party with a None proof could make the guard pass incorrectly and wedge the "all None" path permanently.

Expected Behavior

The check should only consider entries from honest parties (those in honest_party_ids), and should verify that all honest parties have reported before treating the "all None" condition as intentional (i.e., aggregation was disabled).

Suggested Fix

References

• Raised in PR feat: onchain verification for C7, C5 [skip-line-limit] #1443: feat: onchain verification for C7, C5 [skip-line-limit] #1443 (comment)
• Requested by @cedoor to be tracked as a separate issue.