BLS related fixes based on Certik audit

[libermans]

BLS Audit Fixes Included in This PR

The following security findings from Certik bridge audit have been resolved in this PR:

ID	Severity	Title	Fixed In
GEB-03	Major	Duplicate Slot Indices Inflate Threshold Coverage	inference-chain/x/bls/types/message_submit_partial_signature.go inference-chain/x/bls/types/validate_basic_test.go
GEB-04	Medium	Incorrect Signing Threshold	inference-chain/x/bls/keeper/msg_server_group_validation.go inference-chain/x/bls/keeper/msg_server_group_validation_timing_test.go inference-chain/x/bls/keeper/threshold_signing.go
GEB-12	Major	Dealer Commitments Not Bound to Threshold Degree	decentralized-api/internal/bls/verifier.go inference-chain/x/bls/keeper/msg_server_dealer.go inference-chain/x/bls/keeper/msg_server_dealer_test.go
GEB-13	Medium	Aggregation of BLS Partial Signature Does Not Eliminate Duplicates	inference-chain/x/bls/keeper/bls_crypto.go inference-chain/x/bls/keeper/bls_crypto_aggregation_test.go
GEB-17	Major	Dealer Validation Majority Is Too Weak for Safe Key Recovery	inference-chain/x/bls/keeper/phase_transitions.go inference-chain/x/bls/keeper/phase_transitions_test.go
GEB-18	Minor	Slot Donation Picks Under-Allocated Donor, Enabling Sybil Weight Inflation	inference-chain/x/bls/keeper/dkg_initiation.go inference-chain/x/bls/keeper/dkg_initiation_internal_test.go
GEB-19	Minor	Secret Shares Logged in logging.Debug	decentralized-api/internal/bls/verifier.go
GEB-23	Minor	Missing Validation of MsgRequestThresholdSignature.ValidateBasic()	inference-chain/x/bls/types/message_request_threshold_signature.go inference-chain/x/bls/types/validate_basic_test.go
GEB-24	Minor	Insufficient Validation for Dealer Part Submissions in MsgSubmitDealerPart.ValidateBasic()	inference-chain/x/bls/types/message_submit_dealer_part.go inference-chain/x/bls/types/validate_basic_test.go
GEB-25	Minor	Missing Validation in Group Key Validation Signatures in MsgSubmitGroupKeyValidationSignature.ValidateBasic()	inference-chain/x/bls/types/message_submit_group_key_validation_signature.go inference-chain/x/bls/types/validate_basic_test.go
GEB-26/27	Minor	Harden ValidateBasic() for threshold and verification submissions	inference-chain/x/bls/types/message_submit_partial_signature.go inference-chain/x/bls/types/message_submit_verification_vector.go inference-chain/x/bls/types/validate_basic_test.go

Summary of Fixes

• GEB-03: Duplicate Slot Indices Inflate Threshold Coverage — checkThresholdAndAggregate() no longer accepts duplicate slot indices in a single submission, preventing signers from tripping the threshold early.
• GEB-04: Incorrect Signing Threshold in checkThresholdAndAggregate() — The signing logic now uses the correct mathematical threshold tSlotsDegree + 1 instead of hardcoding totalSlots/2 + 1.
• GEB-12: Dealer Commitments Not Bound to Threshold Degree — The system now enforces that the number of commitments matches the polynomial degree, preventing malicious dealers from manipulating the reconstruction threshold.
• GEB-13: Aggregation of BLS Partial Signature Does Not Eliminate Duplicates — Duplicate slot indices are now deduplicated during signature accumulation, ensuring only valid aggregate signatures are produced.
• GEB-17: Dealer Validation Majority Is Too Weak for Safe Key Recovery — Consensus for dealer validity now uses a strict majority against all participants, preventing unsafe key recovery majorities that could be caused by abstentions.
• GEB-18: Slot Donation Picks Under-Allocated Donor, Enabling Sybil Weight Inflation — The tie-breaking mechanism for slot donation was fixed to prefer participants with larger remainders instead of smaller remainders, mitigating Sybil weight inflation attacks.
• GEB-19: Secret Shares Logged in logging.Debug — Reconstructed secret key shares are no longer completely logged in logging.Debug, preventing leakage of sensitive private key material.
• GEB-23: Missing Validation of MsgRequestThresholdSignature.ValidateBasic() — Added validation to ensure ChainId and RequestId are exactly 32 bytes and that data chunks follow the correct sizes, preventing EVM-incompatible payloads.
• GEB-24: Insufficient Validation for Dealer Part Submissions in MsgSubmitDealerPart.ValidateBasic() — Enforces strict size bounds for compressed G2 commitments and limits per-participant encrypted shares to prevent malformed or oversized payloads during DKG.
• GEB-25: Missing Validation in Group Key Validation Signatures in MsgSubmitGroupKeyValidationSignature.ValidateBasic() — Added missing presence and length validations for signature fields and set boundary limits on the SlotIndices array.
• GEB-26: Missing Validation in Partial Signature Submissions in MsgSubmitPartialSignature.ValidateBasic() — Added validation on partial signature bytes and sets an upper bound on the list of slot indices to prevent state bloat and processing errors.
• GEB-27: Unbounded DealerValidity in Verification Vector Submissions of MsgSubmitVerificationVector.ValidateBasic() — Properly bounds and limits DealerValidity bitmaps from exceeding the maximum allowed limits to prevent memory and state inflation.

[jacky6block]

Reviewed all 11 Certik audit findings. Fixes look correct and well-structured — each commit maps cleanly to an audit finding, implementations are sound, and test coverage is solid.

A couple of minor non-blocking observations:

• The upper-bound constants in ValidateBasic (e.g. 4096, 65536) could benefit from brief comments explaining their derivation.
• The stricter dealer majority in GEB-17 (absolute majority of all participants vs. only submitters) is the right call for security, but worth keeping an eye on DKG liveness under high node offline scenarios.

LGTM overall.