Release/10.5.0#3394
Merged
Merged
Conversation
Subtensor.commit_weights and AsyncSubtensor.commit_weights accepted a version_key but never passed it to commit_weights_extrinsic, so the commit hash was built with the default version_key. A reveal made with the intended version_key then mismatched the committed hash and was rejected on-chain. Forward version_key=version_key in both wrappers, matching how reveal_weights already does. Behavior-preserving for the default (version_as_int); adds sync+async forwarding tests and sync+async symptom-level commit/reveal hash-equality tests.
…atest-release Fix after aiohttp latest release
…ts-version-key Forward version_key from commit_weights
Update docstrings for kill_pure_proxy_extrinsic
…pt-3 New balancer (attempt 3)
…ock_hash-improvement Improvement for async `determine_block_hash` method
fix flaky e2e axon test
…s-runtime-api-support Add proxy types runtime api support
…ability-support add `get_stake_availability_for_coldkeys` support
default_verify gated the signature check behind `if synapse.dendrite.signature`, so a request with an empty or absent signature skipped verification entirely. This lets anyone impersonate any dendrite hotkey (e.g. a high-stake validator) by simply omitting the signature — the request then passes verify and reaches blacklist/forward as if it were genuinely signed. Require a signature to be present, mirroring the existing "Missing Nonce" guard, then verify it. A present-but-invalid signature was already rejected; this closes the empty-signature hole.
default_verify gated the signature check behind `if synapse.dendrite.signature`, so a request with an empty or absent signature skipped verification entirely. This lets anyone impersonate any dendrite hotkey (e.g. a high-stake validator) by simply omitting the signature — the request then passes verify and reaches blacklist/forward as if it were genuinely signed. Require a signature to be present, mirroring the existing "Missing Nonce" guard, then verify it. A present-but-invalid signature was already rejected; this closes the empty-signature hole.
Exercise Axon.default_verify directly: a valid signature passes (nonce recorded), an empty or absent signature now raises "Missing Signature" (the auth-bypass regression this branch fixes), and a present-but-invalid signature still raises "Signature mismatch". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…mpo-support Support `dynamic tempo`
… test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…re-bypass fix(axon): reject requests with missing signature in default_verify
# Conflicts: # CHANGELOG.md
|
Bittensor SDK virtual environment sizes by Python version: Comparing
|
ibraheem-abe
approved these changes
Jun 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
10.5.0 /2026-06-25
What's Changed
determine_block_hashmethod by @basfroman in Improvement for asyncdetermine_block_hashmethod #3375New Contributors
Full Changelog: v10.4.1...v10.5.0