Convert transaction extensions to dispatch extensions#2773
Conversation
l0r1s
added
the
skip-cargo-audit
eco-tests changed — indexer review requiredThis PR modifies files under Changed files
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| } | ||
|
|
||
| fn commit_epoch(hash: H256) -> Result<u64, Error<T>> { | ||
| Pallet::<T>::find_commit_epoch_via_hash(hash).ok_or(Error::<T>::NoWeightsCommitFound) |
There was a problem hiding this comment.
[HIGH] Unbounded commit scan now runs during dispatch
commit_epoch() calls Pallet::<T>::find_commit_epoch_via_hash, which is implemented as WeightCommits::<T>::iter() over all stored commits. Because this helper now runs from CheckWeights::pre_dispatch, every reveal_weights, reveal_mechanism_weights, and each item in batch_reveal_weights can perform a global storage scan during block execution, proxy dispatch, or EVM-precompile dispatch. The extension weight is fixed, so a staked caller can force work proportional to global commit storage while paying only the normal fixed/no-fee reveal weight, creating a block-weight underestimation and DoS path.
Bound this check to the caller's own commit queue, e.g. read WeightCommits for (netuid_index, who) and search that bounded deque, matching the dispatch body's logic. Alternatively, keep the global pre-admission scan only in the transaction-pool adapter and rely on the dispatch body for execution-time validation.
🛡️ AI Review — Skeptic (security review)VERDICT: VULNERABLE BASELINE scrutiny: l0r1s has write permission, a long-lived account, substantive prior subtensor history, and no Gittensor allowlist hit; branch tx-ext-to-dispatch-ext -> devnet-ready. No Findings
ConclusionThis looks like a legitimate refactor, but moving the reveal commit lookup into a runtime # 🔍 AI Review — Auditor (domain review) has not yet run on this PR. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
1 participant
Summary
This PR moves Subtensor-specific pre-dispatch checks out of
SubtensorTransactionExtensionand into FRAMEDispatchExtensions.The dispatch extensions are now the source of truth for these checks, so they run for both top-level extrinsics and nested dispatch paths such as proxies and precompile-dispatched runtime calls.
SubtensorTransactionExtensionremains only as a transaction-pool adapter for top-level validation, includingPays::Noadmission checks.Changes
CheckWeights: input length checks, minimum stake checks, commit/reveal validation, and invalid reveal-round checks.CheckRateLimits: weight commit/set rate limits and network registration rate limits.CheckDelegateTake: delegate-take bounds and hotkey owner checks.CheckServingEndpoints: axon, axon TLS, and prometheus serving endpoint validation.CheckEvmKeyAssociation: subnet UID existence and EVM-key association cooldown checks.CheckColdkeySwapas a dispatch extension and expanded tests to cover direct, proxied, and nested-proxy execution paths.frame_system::Config::DispatchExtensionas a tuple in the runtime and test runtimes.SubtensorTransactionExtension:validate.DispatchError::Modulevalues intoCustomTransactionError.SubtensorTransactionExtensionvalidate/prepare/post-dispatch calls.call.dispatch(origin), which invokes dispatch extensions.transaction_extension_pays_notest module and colocated transaction-extension adapter tests withSubtensorTransactionExtension.