Skip to content

Subnet sale offer#2745

Open
l0r1s wants to merge 21 commits into
devnet-readyfrom
subnet-sale-offer
Open

Subnet sale offer#2745
l0r1s wants to merge 21 commits into
devnet-readyfrom
subnet-sale-offer

Conversation

@l0r1s

@l0r1s l0r1s commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Summary

This PR adds subnet sale offers to the Subtensor pallet.

The goal is to let a subnet owner announce that a subnet is for sale, optionally
restricted to a specific buyer coldkey. Once an offer exists, a later crowdloan
lease flow can target that offer, pay the seller, and transform the subnet into a
lease atomically.

Creating an offer stores the sale terms by netuid and freezes the seller coldkey
and current subnet owner hotkey while the offer is active. This prevents the seller
from mutating the relevant accounts during the sale. The seller or root can cancel
the offer, and sale-offer state is also cleaned up if the subnet is removed.

Sale offer identity

Each offer is assigned a unique, monotonically increasing SaleOfferId. Offers are
keyed by netuid, so the id lets a consumer (such as the future crowdloan lease
flow) bind to the exact offer it agreed to: if the seller cancels and recreates the
offer with different terms, the recreated offer carries a new id and the stale
binding no longer matches, rather than being silently satisfied by an offer with
modified terms.

Freeze enforcement

A CheckSubnetSale dispatch extension rejects frozen sale accounts at dispatch time:

  • A frozen seller coldkey may only cancel its sale offer; every other call is rejected.
  • A frozen owner hotkey is fully locked and may submit no calls.
  • Root bypasses the guard, and non-signed origins pass through.

Because this is a dispatch extension (not a transaction extension), the check fires
at every call.dispatch(origin) site, including indirectly dispatched calls (e.g.
proxy) with the resolved signer, so the freeze cannot be bypassed by wrapping a call
in another dispatch layer.

To keep the freeze consistent, swap_hotkey also refuses to swap a hotkey that is
currently frozen by a sale offer, which would otherwise move the subnet owner hotkey
out from under the offer (the owner hotkey can be owned by a coldkey other than the
frozen seller, so the coldkey freeze alone does not cover this).

Same-account owner

When the subnet owner coldkey and owner hotkey are the same account, only the coldkey
is frozen. Freezing the same account in the hotkey map as well would block
cancellation (a coldkey action) and permanently lock the seller out of their own
offer.

Other changes

  • New storage: SubnetSaleOffers, SubnetSaleFrozenColdkeys,
    SubnetSaleFrozenHotkeys, and the NextSubnetSaleOfferId counter.
  • New create_sale_offer and cancel_sale_offer extrinsics, with the associated
    events and errors.
  • Benchmarks and weights for both extrinsics and for the CheckSubnetSale dispatch
    extension.
  • Unit tests covering offer creation/cancellation, key freezing, cleanup on subnet
    removal, the same-account case, the swap_hotkey interaction, and the
    dispatch-extension guard (including proxied and nested-proxy dispatch).

Follow-up

The buyer/finalize side is intentionally not included yet. When it lands,
finalization should re-verify that the subnet owner coldkey and hotkey still match
the values snapshotted in the offer (alongside the SaleOfferId) as a fail-safe
against any owner-identity drift during the sale.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/guards/check_subnet_sale.rs Outdated
@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: l0r1s has write permission, an established 2018 account, substantial prior contribution history, no Gittensor allowlist match found, and commit authors match except the benchmark bot commit. Branch subnet-sale-offer -> devnet-ready.

No .github/ai-review/*, .github/copilot-instructions.md, dependency, lockfile, or build-script changes are present. The current diff keeps sale-offer creation owner-signed, cancellation seller-or-root only, blocks frozen accounts through the new dispatch extension, excludes sale-offer creation from broad proxy allowlists, and includes generated/fallback weights for the new storage reads and writes.

Findings

No findings.

Prior-comment reconciliation

  • 82c134bf: addressed — The generated create_sale_offer weight documents NextSubnetSaleOfferId and charges 8 reads / 4 writes.
  • 610bde28: addressed — The fallback create_sale_offer weight also documents NextSubnetSaleOfferId and charges 8 reads / 4 writes.

Conclusion

I found no malicious indicators or security vulnerabilities in the current diff. The prior sale-offer weight findings remain addressed.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor: LIKELY by repo-history heuristic; author has write access and substantial recent subtensor contribution history, so review focused on runtime correctness and permission boundaries.

PR body is substantive and matches the implementation. The current diff keeps create_sale_offer owner-signed and excluded from broad proxy allowlists, leaves cancel_sale_offer available so frozen sellers can exit, wires CheckSubnetSale into the transaction and nested-dispatch paths, and covers offer lifecycle, freezes, cleanup, swap-hotkey interaction, and proxy behavior with focused tests.

No duplicate-work recommendation from the cached overlapping PR list. Auto-fix: no workspace changes. I attempted the devnet spec_version RPC check, but DNS resolution for dev.chain.opentensor.ai failed in this environment; local/base spec_version are both 426, so I left the worktree unchanged. I did not run targeted tests because no finding required runtime confirmation.

Findings

No findings.

Prior-comment reconciliation

  • 232a1ea5: addressedcreate_sale_offer is isolated in SubnetSaleCalls and denied to broad proxy types; only direct calls or Any can create sale offers, while cancellation remains broadly available.

Conclusion

Approving: the previously blocking proxy boundary remains fixed, and the sale-offer state transitions have appropriate guard wiring, weights, and test coverage. No current domain blocker found.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/guards/check_subnet_sale.rs Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/guards/check_subnet_sale.rs Outdated
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/guards/check_subnet_sale.rs Outdated
Comment thread pallets/subtensor/src/weights.rs Outdated
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/weights.rs Outdated
Comment thread pallets/subtensor/src/weights.rs Outdated
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/weights.rs Outdated
Comment thread pallets/subtensor/src/weights.rs Outdated
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread pallets/subtensor/src/weights.rs Outdated
Comment thread pallets/subtensor/src/weights.rs Outdated
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@l0r1s l0r1s added apply-benchmark-patch skip-cargo-audit This PR fails cargo audit but needs to be merged anyway labels Jul 6, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread runtime/src/proxy_filters/call_groups.rs Outdated
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

UnArbosSix
UnArbosSix previously approved these changes Jul 7, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@vercel

vercel Bot commented Jul 9, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 9, 2026 2:17pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip-cargo-audit This PR fails cargo audit but needs to be merged anyway

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants