diff --git a/pallets/admin-utils/src/lib.rs b/pallets/admin-utils/src/lib.rs index 0e63a1f05a..23df61e05c 100644 --- a/pallets/admin-utils/src/lib.rs +++ b/pallets/admin-utils/src/lib.rs @@ -1532,28 +1532,17 @@ pub mod pallet { Ok(()) } - /// Change the SubnetOwnerHotkey for a given subnet. - /// - /// # Arguments - /// * `origin` - The origin of the call, which must be the subnet owner. - /// * `netuid` - The unique identifier for the subnet. - /// * `hotkey` - The new hotkey for the subnet owner. - /// - /// # Errors - /// * `BadOrigin` - If the caller is not the subnet owner or root account. - /// - /// # Weight - /// Weight is handled by the `#[pallet::weight]` attribute. - #[pallet::call_index(64)] - #[pallet::weight(Weight::from_parts(3_918_000, 0) // TODO: add benchmarks - .saturating_add(T::DbWeight::get().writes(1_u64)))] - pub fn sudo_set_subnet_owner_hotkey( - origin: OriginFor, - netuid: NetUid, - hotkey: ::AccountId, - ) -> DispatchResult { - pallet_subtensor::Pallet::::do_set_sn_owner_hotkey(origin, netuid, &hotkey) - } + // Deprecated for sudo_set_sn_owner_hotkey + // #[pallet::call_index(64)] + // #[pallet::weight(Weight::from_parts(3_918_000, 0) // TODO: add benchmarks + // .saturating_add(T::DbWeight::get().writes(1_u64)))] + // pub fn sudo_set_subnet_owner_hotkey( + // origin: OriginFor, + // netuid: NetUid, + // hotkey: ::AccountId, + // ) -> DispatchResult { + // pallet_subtensor::Pallet::::do_set_sn_owner_hotkey(origin, netuid, &hotkey) + // } /// /// diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index a39c473880..831a313153 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -669,7 +669,6 @@ subtensor_macros::define_proxy_filters! { SubtensorModule::update_symbol, } except { AdminUtils::sudo_set_sn_owner_hotkey, - AdminUtils::sudo_set_subnet_owner_hotkey, } NonCritical => deny { diff --git a/runtime/tests/ghsa_repro.rs b/runtime/tests/ghsa_repro.rs index aa8651ba75..f153fc83ec 100644 --- a/runtime/tests/ghsa_repro.rs +++ b/runtime/tests/ghsa_repro.rs @@ -73,12 +73,6 @@ fn set_sn_owner_hotkey_c67() -> RuntimeCall { hotkey: acct(), }) } -fn set_subnet_owner_hotkey_c64() -> RuntimeCall { - RuntimeCall::AdminUtils(pallet_admin_utils::Call::sudo_set_subnet_owner_hotkey { - netuid: Default::default(), - hotkey: acct(), - }) -} /// GHSA-2026-001 — NonTransfer and NonFungible proxies (the two "cannot move my funds" /// types) ALLOW the new coldkey-swap lifecycle, so a restricted delegate can take over @@ -149,17 +143,10 @@ fn ghsa_2026_002_nonfungible_allows_swap_hotkey_v2_gap() { } /// GHSA-2026-003 — the Owner proxy excepts sudo_set_sn_owner_hotkey (call 67) but the -/// duplicate alias sudo_set_subnet_owner_hotkey (call 64) is allowed by the AdminUtils::* -/// wildcard, bypassing the carve-out. #[test] fn ghsa_2026_003_owner_proxy_set_owner_hotkey_alias_bypass() { assert!( !ProxyType::Owner.filter(&set_sn_owner_hotkey_c67()), "precondition: Owner correctly excepts sudo_set_sn_owner_hotkey (call 67)" ); - assert!( - !ProxyType::Owner.filter(&set_subnet_owner_hotkey_c64()), - "regression (GHSA-2026-003 fixed): Owner must DENY the alias sudo_set_subnet_owner_hotkey (call 64), \ - which calls the same do_set_sn_owner_hotkey backend" - ); }