Skip to content

Enforce ensure_subtoken_enabled validation for remove_stake#2823

Open
evgeny-s wants to merge 2 commits into
devnet-readyfrom
bug/subtoken-disabled-should-forbid-remove-stake
Open

Enforce ensure_subtoken_enabled validation for remove_stake#2823
evgeny-s wants to merge 2 commits into
devnet-readyfrom
bug/subtoken-disabled-should-forbid-remove-stake

Conversation

@evgeny-s

@evgeny-s evgeny-s commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Description

Removed the explicit check for ensure_subtoken_enabled and put it in validate_remove_stake to make it consistent with all the remove stake calls.

Related Issue(s)

  • Closes #[issue number]

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Other (please describe):

Breaking Change

If this PR introduces a breaking change, please provide a detailed description of the impact and the migration path for existing applications.

Checklist

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have run ./scripts/fix_rust.sh to ensure my code is formatted and linted correctly
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Screenshots (if applicable)

Please include any relevant screenshots or GIFs that demonstrate the changes made.

Additional Notes

Please provide any additional information or context that may be helpful for reviewers.

@evgeny-s evgeny-s added the skip-cargo-audit This PR fails cargo audit but needs to be merged anyway label Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: established 2012 account with write permission, substantial prior subtensor PR history, no Gittensor allowlist hit, and matching PR author/commit authors; branch bug/subtoken-disabled-should-forbid-remove-stake -> devnet-ready.

Static security review only. The diff is limited to staking remove-path validation and focused tests; it does not modify .github/, dependency manifests, lockfiles, build scripts, or review instructions. The prior Skeptic sticky contains no fid markers to reconcile.

Findings

No findings.

Conclusion

No malicious pattern or security vulnerability found. The change moves disabled-subtoken enforcement into the shared validate_remove_stake path, so direct, limit, and full-limit remove-stake calls reject before unstaking state changes.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

LIKELY gittensor-associated by recent subtensor PR history; author has write permission and substantial prior OSS activity.

The Auditor proposed a replacement PR description, but the current body is non-trivial; not overwriting. Maintainers: ask the Auditor to regenerate if you want it.

The implementation is scoped to moving disabled-subtoken enforcement into the shared remove-stake validation path, with regression coverage for remove_stake, remove_stake_limit, and remove_stake_full_limit. Overlapping open PRs touch some of the same files, but appear unrelated by title and scope.

No auto-fixes were made. I attempted cargo test -p pallet-subtensor test_remove_stake_limit_blocked_when_subtoken_disabled --no-default-features, but the sandbox cannot run it: the default rustup state under /home/runner/.rustup is read-only, and redirecting rustup to /tmp then failed on DNS while fetching the toolchain metadata.

Findings

No findings.

Prior-comment reconciliation

  • 12f0bc4c: addressedtest_subtoken_enable_reject_trading_before_enable now expects Error::<Test>::SubtokenDisabled for remove_stake_limit, and the PR adds a focused regression test for direct, limit, and full-limit remove-stake paths on a disabled subtoken.

Conclusion

Approving: the change is minimal, aligns the remove-stake variants behind the shared validation path, and adds focused regression coverage for the disabled-subtoken behavior. CI should still confirm the targeted Rust test and any devnet spec-version requirement.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@evgeny-s evgeny-s force-pushed the bug/subtoken-disabled-should-forbid-remove-stake branch from 9948169 to 81e001f Compare July 3, 2026 09:07
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@evgeny-s evgeny-s force-pushed the bug/subtoken-disabled-should-forbid-remove-stake branch from 81e001f to 42c3986 Compare July 3, 2026 09:25
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip-cargo-audit This PR fails cargo audit but needs to be merged anyway

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant