Skip to content

Add eco-tests protecting Mentat indexer storage reads#2818

Open
gztensor wants to merge 31 commits into
devnet-readyfrom
test/eco-mentat-indexer
Open

Add eco-tests protecting Mentat indexer storage reads#2818
gztensor wants to merge 31 commits into
devnet-readyfrom
test/eco-mentat-indexer

Conversation

@gztensor

Copy link
Copy Markdown
Contributor

Description

Adds eco-tests for the Mentat indexer, as recommended by the foundation for infrastructure that relies on protocol storage reads. These tests lock the signatures of the storage items, extrinsics, and runtime APIs that Mentat depends on, so that any type change, rename, removed item, or altered argument list on the protocol side breaks compilation in CI — surfacing the change before it ships rather than after it hits production.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Other (please describe): tests

Checklist

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have run ./scripts/fix_rust.sh to ensure my code is formatted and linted correctly
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@gztensor gztensor added the skip-cargo-audit This PR fails cargo audit but needs to be merged anyway label Jun 30, 2026
@github-actions

Copy link
Copy Markdown
Contributor

eco-tests changed — indexer review required

This PR modifies files under eco-tests/. and may affect downstream indexing.
cc @evgeny-s — please review manually

Changed files
  • eco-tests/src/lib.rs
  • eco-tests/src/mock.rs
  • eco-tests/src/tests_mentat_indexer.rs

@github-actions github-actions Bot requested a review from evgeny-s June 30, 2026 13:23
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: VULNERABLE

BASELINE scrutiny: gztensor has repo write permission and substantial contribution history; not in the trusted Gittensor allowlists; branch test/eco-mentat-indexer -> devnet-ready includes non-author commits, so branch history was treated as an extra review signal.

Static Skeptic review only. No .github/, dependency, lockfile, or build-script changes were present in the prefetched diff. The review found one security-relevant regression in the production coldkey-swap path.

Findings

Sev File Finding
MEDIUM pallets/subtensor/src/swap/swap_coldkey.rs:28 Coldkey swap bypasses locked-alpha opt-out inline

Conclusion

The PR is not malicious, but the coldkey swap change bypasses the destination account's explicit locked-alpha opt-out and allows unsolicited locked stake to be assigned without the destination signing.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor LIKELY: not found in trusted allowlists, but author has repo write permission and substantial recent subtensor history; PR includes one initial commit authored by yeuyeuh.

The PR body is substantive and matches the test-only scope. No spec_version bump is required because the diff only touches eco-tests, and I did not apply any auto-fixes.

Duplicate-work check: #2817 overlaps all three changed files and appears to be the same Mentat eco-test work. Based on the fetched PR diff, this branch now includes the follow-up fix for the prior mock runtime API issue, so this PR is the better candidate. Recommend closing #2817. The other overlapping PRs appear incidental by title/scope.

Verification was static. I did not run cargo test because the local checkout is behind the pre-fetched PR context by the final Fix AI fix commit, so a compile run would exercise stale code rather than the PR diff under review.

Findings

No findings.

Prior-comment reconciliation

  • e6a01beb: addressed — The fetched PR diff now implements SubnetInfoRuntimeApi::get_block_emission() in MockApi.

Conclusion

Approving: the prior compile-blocking mock API omission is addressed in the fetched diff, and the remaining changes are scoped to compile-time eco-tests that lock Mentat-facing storage, extrinsic, and runtime API signatures.


📜 Previous run (superseded)
Sev File Finding Status
HIGH eco-tests/src/mock.rs:693 Mock runtime API is missing get_block_emission ✅ Addressed
The fetched PR diff now implements SubnetInfoRuntimeApi::get_block_emission() in MockApi.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/src/mock.rs
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/src/mock.rs
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@gztensor gztensor marked this pull request as ready for review June 30, 2026 13:45

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/src/mock.rs
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread eco-tests/src/mock.rs
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

gztensor and others added 8 commits June 30, 2026 14:56
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment on lines 25 to +28

// Temporarily allow the destination coldkey to receive this stake even if some of it is
// locked; swap_coldkey_locks will copy the source AccountFlags over afterward.
Self::set_accept_locked_alpha(new_coldkey, true);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Coldkey swap bypasses locked-alpha opt-out

This flips the destination to accept_locked_alpha before swap_coldkey_locks reads new_coldkey_rejects_locked_alpha, so an announced coldkey swap can push locked alpha into an account that is default-rejecting or explicitly called set_reject_locked_alpha(true). The public setter documents that this flag opts the caller out of locked alpha from coldkey swaps, and swap_coldkey_locks still enforces AccountRejectsLockedAlpha when called directly. Since swap_coldkey_announced only requires the old coldkey signature, not a destination signature, this becomes an unsolicited locked-stake/griefing path. Require the destination coldkey to opt in instead of overriding its flag here.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip-cargo-audit This PR fails cargo audit but needs to be merged anyway

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants