Skip to content

PolkadotSDK stable2606#2837

Open
UnArbosSix wants to merge 17 commits into
devnet-readyfrom
upgrade-polkadot-v1.24.0
Open

PolkadotSDK stable2606#2837
UnArbosSix wants to merge 17 commits into
devnet-readyfrom
upgrade-polkadot-v1.24.0

Conversation

@UnArbosSix

@UnArbosSix UnArbosSix commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Description

Upgrades Subtensor from the previous Polkadot SDK pin to the RaoFoundation stable2606 SDK revision, along with the matching Frontier fork revision and Rust 1.93.0 toolchain pin required by that SDK line.

What Changed

  • Updated workspace Polkadot SDK, Frontier, and related dependency pins in Cargo.toml and refreshed Cargo.lock.
  • Adapted runtime and node code for stable2606 API changes, including authorized transaction creation for drand offchain submissions, updated transaction extension ordering, session key generation API changes, lazy block runtime API signatures, and block length construction.
  • Updated affected pallets, precompiles, support procedural code, scripts, Dockerfile, and Rust setup docs for the new SDK/toolchain surface.
  • Bumped runtime/src/lib.rs spec_version from 424 to 425.

Behavioral Impact

This is a runtime-affecting dependency upgrade. The drand offchain worker now submits authorized transactions through the stable2606 transaction-extension path instead of the removed bare unsigned transaction path. Transaction extension construction and metadata hash handling are updated to match the new SDK APIs.

Migration / Spec Version

No storage migration is introduced by this PR. The runtime spec_version is bumped to 425 for the SDK/runtime changes.

Testing

The original PR body did not document testing performed. CI should at minimum cover workspace build/checks, runtime compilation, drand pallet tests, precompile tests, and eco-tests after dependency pins are made consistent.

@UnArbosSix UnArbosSix added the skip-cargo-audit This PR fails cargo audit but needs to be merged anyway label Jul 7, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

eco-tests changed — indexer review required

This PR modifies files under eco-tests/. and may affect downstream indexing.
cc @evgeny-s — please review manually

Changed files
  • eco-tests/Cargo.toml
  • eco-tests/src/mock.rs

@github-actions github-actions Bot requested a review from evgeny-s July 7, 2026 21:46
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

VERY HIGH account-age/activity scrutiny moderated by repo write permission; no Gittensor association found; branch upgrade-polkadot-v1.24.0 targets devnet-ready.

Static-only review found no changes to .github/ai-review/* or .github/copilot-instructions.md. I reviewed the runtime/pallet changes around drand authorized transactions, transaction extension construction, shielded transaction decoding, scripts/workflow edits, and dependency pin changes; no actionable security issue was identified.

Findings

No findings.

Conclusion

No malicious intent or PR-introduced security vulnerability was found in the current diff.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor UNKNOWN; author is not in the trusted allowlists and has a very new GitHub profile, but has repo write permission, so calibration focused on runtime/dependency correctness.

Description discrepancy: the PR body still says spec_version changed from 424 to 425, but the current runtime has spec_version: 427 and the PR diff does not modify that value. That is stale PR text, not a merge blocker.

The prior dependency-pin concern remains addressed: eco-tests/Cargo.toml now follows the workspace stable2606 Polkadot SDK revision and the same pinned w3f-bls revision. I also checked for stale opentensor/polkadot-sdk and fix-no-std pins and found none in the touched dependency surfaces.

git diff --check passed and no auto-fixes were made. I did not run builds/tests because the review did not require runtime confirmation; the devnet spec-version RPC hostname was not resolvable from this environment, so no network-based spec auto-fix was attempted.

Findings

No findings.

Prior-comment reconciliation

  • 2502492c: addressedeco-tests/Cargo.toml now uses the same stable2606 Polkadot SDK revision as the workspace and pins w3f-bls to the workspace revision.

Conclusion

The SDK/toolchain upgrade, drand authorized transaction path, transaction-extension wiring, and dependency pins look coherent in the current diff. Approving with only the non-blocking stale PR-body spec-version text noted.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/Cargo.toml Outdated
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/Cargo.toml Outdated
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread Cargo.toml Outdated
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/utils/evm.rs Outdated
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

# Conflicts:
#	pallets/subtensor/src/utils/evm.rs
@UnArbosSix UnArbosSix force-pushed the upgrade-polkadot-v1.24.0 branch from 37711f2 to e014eeb Compare July 8, 2026 16:33
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@vercel

vercel Bot commented Jul 9, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Error Error Jul 9, 2026 4:02pm

Request Review

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip-cargo-audit This PR fails cargo audit but needs to be merged anyway

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant