Skip to content

PolkadotSDK stable2606#2837

Open
UnArbosSix wants to merge 14 commits into
devnet-readyfrom
upgrade-polkadot-v1.24.0
Open

PolkadotSDK stable2606#2837
UnArbosSix wants to merge 14 commits into
devnet-readyfrom
upgrade-polkadot-v1.24.0

Conversation

@UnArbosSix

@UnArbosSix UnArbosSix commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Description

Upgrades Subtensor from the previous Polkadot SDK pin to the RaoFoundation stable2606 SDK revision, along with the matching Frontier fork revision and Rust 1.93.0 toolchain pin required by that SDK line.

What Changed

  • Updated workspace Polkadot SDK, Frontier, and related dependency pins in Cargo.toml and refreshed Cargo.lock.
  • Adapted runtime and node code for stable2606 API changes, including authorized transaction creation for drand offchain submissions, updated transaction extension ordering, session key generation API changes, lazy block runtime API signatures, and block length construction.
  • Updated affected pallets, precompiles, support procedural code, scripts, Dockerfile, and Rust setup docs for the new SDK/toolchain surface.
  • Bumped runtime/src/lib.rs spec_version from 424 to 425.

Behavioral Impact

This is a runtime-affecting dependency upgrade. The drand offchain worker now submits authorized transactions through the stable2606 transaction-extension path instead of the removed bare unsigned transaction path. Transaction extension construction and metadata hash handling are updated to match the new SDK APIs.

Migration / Spec Version

No storage migration is introduced by this PR. The runtime spec_version is bumped to 425 for the SDK/runtime changes.

Testing

The original PR body did not document testing performed. CI should at minimum cover workspace build/checks, runtime compilation, drand pallet tests, precompile tests, and eco-tests after dependency pins are made consistent.

@UnArbosSix UnArbosSix added the skip-cargo-audit This PR fails cargo audit but needs to be merged anyway label Jul 7, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

eco-tests changed — indexer review required

This PR modifies files under eco-tests/. and may affect downstream indexing.
cc @evgeny-s — please review manually

Changed files
  • eco-tests/Cargo.toml
  • eco-tests/src/mock.rs

@github-actions github-actions Bot requested a review from evgeny-s July 7, 2026 21:46
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

VERY HIGH account-age/activity scrutiny reduced by repo write permission; no Gittensor association found; branch upgrade-polkadot-v1.24.0 targets devnet-ready.

Static-only Skeptic review found no changes to .github/ai-review/* or .github/copilot-instructions.md. The dependency upgrade moves the Polkadot SDK and Frontier pins to RaoFoundation revisions, pins the previously branch-based w3f-bls dependency to a fixed commit, and leaves the new transitive rust-ethereum/evm git source locked to a concrete Cargo.lock commit. I did not find a PR-introduced security vulnerability or malicious pattern in the runtime, drand authorization conversion, scripts, workflow, or dependency hunks reviewed.

Findings

No findings.

Conclusion

No malicious intent or PR-introduced security vulnerability was found in the current diff. The prior blocker remains no longer applicable to this patch set.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor UNKNOWN; author is not in trusted allowlists and has a very new GitHub profile, but has repo write permission, so calibration focused on runtime/dependency correctness.

Spec version is bumped in the diff from 426 to 427. The prior dependency-pin concern remains resolved: workspace and eco-tests Polkadot SDK dependencies use d093659e72bd8edaa0192bd0a726bd3ad3e12686, Frontier dependencies use 93d0b345fdb4bf1342d61b002369f6b0be8ebf46, and w3f-bls is pinned to 0972366fd481b0c000ecd29350108bdeac6f8ae9.

Description discrepancy: the PR body still says the spec version changed from 424 to 425, but the current diff changes it from 426 to 427. This should be corrected in the body, but it is not a merge blocker.

git diff --check passed and no auto-fixes were made.

Findings

No findings.

Prior-comment reconciliation

  • 2502492c: addressedeco-tests/Cargo.toml now pins its Polkadot SDK dependencies to the same stable2606 RaoFoundation revision as the workspace.

Conclusion

The SDK/toolchain upgrade, authorized drand transaction path, transaction-extension wiring, and dependency pins are coherent in the current diff. Approving with the PR-body spec-version range noted as a non-blocking documentation discrepancy.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/Cargo.toml Outdated
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/Cargo.toml Outdated
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread Cargo.toml Outdated
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/utils/evm.rs Outdated
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

# Conflicts:
#	pallets/subtensor/src/utils/evm.rs
@UnArbosSix UnArbosSix force-pushed the upgrade-polkadot-v1.24.0 branch from 37711f2 to e014eeb Compare July 8, 2026 16:33
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@vercel

vercel Bot commented Jul 9, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 9, 2026 1:30am

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip-cargo-audit This PR fails cargo audit but needs to be merged anyway

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant