Skip to content

Backport hotfixes 29-06-2026#2814

Open
l0r1s wants to merge 20 commits into
devnet-readyfrom
hotfixes-29-06-2026
Open

Backport hotfixes 29-06-2026#2814
l0r1s wants to merge 20 commits into
devnet-readyfrom
hotfixes-29-06-2026

Conversation

@l0r1s

@l0r1s l0r1s commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

sam0x17 and others added 20 commits June 25, 2026 11:50
@sam0x17
Merge pull request #2769 from opentensor/testnet
06032d5
@gztensor
reduce balancer exp precision from 1024 to 512
14cd19c
@gztensor
reduce balancer exp precision from 512 to 128
bc5c024
@gztensor
Increase fuzzy test output frequency
503170f
@gztensor
cap exp_scaled at 1, set balancer exp precision to 256
98151ec
@gztensor
Forbid swaps that are too large compared to available liauidity
593de8a
@gztensor
spec bump
536c893
chore: auditor auto-fix
c4c77a2
@gztensor
Merge branch 'fix/balancer-performance' of github.com:opentensor/subt…
8bc8ef6 
…ensor into fix/balancer-performance
@gztensor @github-actions
Update pallets/swap/src/pallet/balancer.rs
566fb8c 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@gztensor
fix tests
d005de3
@gztensor
Fix tests, enforce atomic add-stake recycle/burn operations by rollin…
132b9cc 
…g back the initial stake when the recycle or burn leg fails.
@gztensor
Apply the 1000x swap input cap to simulations and limit-path max-amou…
1ad1688 
…nt probes.
@sam0x17
Merge pull request #2803 from opentensor/fix/balancer-performance
bb51677 
Fix balancer performance
@gztensor
Allow locked alpha transfers in coldkey swaps
156eeca
@sam0x17
Merge pull request #2810 from opentensor/fix/coldkey-swap-locked-alpha
34e1def
@l0r1s
Apply dispatch extension conditionally
b749a63
@l0r1s
Apply subtensor extension conditionally
ebe1ac6
@sam0x17
Merge pull request #2812 from opentensor/conditional-ext
6d81084 
Apply tx & dispatch extensions conditionally
@l0r1s
Merge branch 'main' into hotfixes-29-06-2026
cb26860
github-actions[bot]
github-actions Bot reviewed Jun 29, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/swap/swap_coldkey.rs

// Temporarily allow the destination coldkey to receive this stake even if some of it is
// locked; swap_coldkey_locks will copy the source AccountFlags over afterward.
Self::set_accept_locked_alpha(new_coldkey, true);

@github-actions github-actions Bot Jun 29, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Coldkey swap now writes AccountFlags without a weight update

This call mutates AccountFlags before every coldkey swap, and swap_coldkey_locks now also removes/inserts AccountFlags when moving the source flags to the destination. The generated weights still list AccountFlags as r:1 w:0 for both swap_coldkey_announced and swap_coldkey, and weights.rs is unchanged in this PR, so these runtime extrinsics are undercharged for the new storage writes. Regenerate the benchmarks/weights, or manually update the swap weights to include the additional AccountFlags read/write operations.

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: VULNERABLE

BASELINE scrutiny: l0r1s has repo write permission, an established account, and many prior subtensor PRs; branch hotfixes-29-06-2026 -> devnet-ready; no Gittensor allowlist match found.

The diff does not modify .github/ai-review/*, .github/copilot-instructions.md, dependency manifests, or build scripts. I found one runtime resource-accounting issue in the coldkey-swap locked-alpha change.

Findings

Sev File Finding
MEDIUM pallets/subtensor/src/swap/swap_coldkey.rs:28 Coldkey swap now writes AccountFlags without a weight update inline

Conclusion

The PR appears legitimate, but the new AccountFlags writes in coldkey swap are not reflected in generated weights, leaving the runtime undercharging these extrinsics. Regenerate or adjust weights before merge.

# 🔍 AI Review — Auditor (domain review) has not yet run on this PR.

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@l0r1s l0r1s added the skip-cargo-audit This PR fails cargo audit but needs to be merged anyway label Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments
@sam0x17 sam0x17 sam0x17 approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

skip-cargo-audit This PR fails cargo audit but needs to be merged anyway

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@l0r1s @sam0x17 @gztensor