fix: validate hotkey registration on specific subnet in serve_axon and serve_prometheus by ppolewicz · Pull Request #2545 · opentensor/subtensor

ppolewicz · 2026-03-28T19:21:10Z

Summary

serve_axon and serve_prometheus used is_hotkey_registered_on_any_network instead of is_hotkey_registered_on_network(netuid, ...), allowing a hotkey registered on any subnet to serve axon/prometheus info on a subnet it is not actually registered on
Fixed both checks to require registration on the specific target netuid
Added migrate_remove_orphan_axon_prom_cert_v2 migration to clean up the 243 orphaned Axons/NeuronCertificates entries that accumulated on mainnet due to this bug (confirmed via mainnet state inspection script)

Details

Bug: validate_serve_axon and do_serve_prometheus both called is_hotkey_registered_on_any_network, so a hotkey registered on subnet 3 could call serve_axon for subnet 7, writing garbage entries into Axons, Prometheus, and NeuronCertificates for a subnet it had no uid on.

Fix: Both checks now call is_hotkey_registered_on_network(netuid, hotkey) which checks Uids::contains_key(netuid, hotkey).

Migration: A mainnet inspection script (scripts/inspect_orphan_axons.py) found 243 orphaned entries across 41 subnets. This is well within migration safety limits (threshold: 1 000). The migration migrate_remove_orphan_axon_prom_cert_v2 clears them identically to the earlier migrate_remove_unknown_neuron_axon_cert_prom migration but with a new HasMigrationRun key so it runs again.

Test plan

test_serve_axon_rejects_hotkey_registered_on_other_network — hotkey on subnet 1 cannot serve axon on subnet 2
test_serve_axon_requires_registration_on_target_network — hotkey on correct subnet succeeds
test_serve_prometheus_rejects_hotkey_registered_on_other_network — same guard for prometheus
test_migrate_remove_orphan_axon_prom_cert_v2 — migration cleans orphaned entries and is idempotent

Note: This PR targets main and is intended to be merged after the skills-devnet-ready branch is merged. Once that merge happens, the diff here will reduce to only the serve_axon–specific commits.

🤖 Generated with Claude Code

… in the share pool

…-for-ledger-support Enable `metadata-hash` feature in localnet builds

Add balances to validators on chainspec clone.

Fixes failing types generation for e2e tests

Revert pr 2445

Introduce eco-tests

…hip workflow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…d serve_prometheus - serve_axon and serve_prometheus now check is_hotkey_registered_on_network(netuid, ...) instead of is_hotkey_registered_on_any_network, preventing hotkeys from setting axon info on subnets they are not registered on - Add migrate_remove_orphan_axon_prom_cert_v2 migration to clean up 243 orphaned entries found on mainnet (242 orphaned Axons + 1 orphaned NeuronCertificate across 41 subnets) - Add 3 new serving tests and 1 migration test

Replace saturating_add with + in migration test to comply with the custom lint that bans safe math in tests (to encourage panics on bugs).

…tion check before IP validation in prometheus; fix migration test setup - Remove redundant `validate_axon_data` call in `do_serve_axon` (already called earlier) - Move registration check before IP validation in `do_serve_prometheus` - Add `target: "runtime"` to migration log in migrate_remove_orphan_axon_prom_cert_v2 - Fix migration test: update setup_for args and matching assert - Use saturating_add in migration test - Add test_serve_axon_with_cert_rejects_unregistered_hotkey test

…et; fix doc comments

gztensor and others added 30 commits January 8, 2026 12:22

Unignore alpha fee tests

68525d9

Real swap when withdrawing alpha tx fees

7481c9a

fmt

01c8dff

Merge branch 'devnet-ready' into feat/re-enable-alpha-fees

b5416fe

Add drafty storage items for high precision alpha share pool

136f007

Add bigmath for share pool

4c8cf2a

Merge branch 'devnet-ready' into feat/re-enable-alpha-fees

1d4221f

Make SafeFloat exponent work like m*10^e, allow negative exponents

49dc08b

Fix safe float max exp type

3716b0c

Update lencode

054abb1

Fix safefloat addition and mantissa normalization, add tests

b523ff7

Add more test cases for safefloat add tests

2151c1f

fmt

e138732

Add more test cases for safefloat add

f616e11

Add safefloat tests for div and mul_div

cbb41d1

Handle overflows in safefloat

60f7153

fmt

9360f92

Add THS and Alpha migration and the test

b54f38d

Test actual coldkey alphas in share pool migration

22e2538

Add real-life scenario test when 7 TAO was lost due to precision loss…

2883569

… in the share pool

Merge branch 'devnet-ready' into feat/re-enable-alpha-fees

323e0f3

Merge branch 'devnet-ready' into feat/re-enable-alpha-fees

1206016

fix zstd error

36af1d8

Update llvm installation instructions in readme

d690e6b

Fix test_sets_a_lower_value_clears_small_nominations

dbbc3a9

Fix test_recycle_precision and test_burn_precision

0ce0a19

Fix test_share_based_staking_denominator_precision

a6a624e

Fix test_remove_99_9991_per_cent_stake_removes_all

aaeaf16

Fix test_coldkey_delegations

d83f8a4

Fix clippy

6154251

shamil-gadelshin and others added 27 commits March 20, 2026 18:54

Update node/Cargo.toml

e9f6006

add metadata-hash to features

dffe692

bumping spec version

ab0cb2e

Merge pull request #2528 from opentensor/feat/roman/add-metadata-hash…

fb99d4e

…-for-ledger-support Enable `metadata-hash` feature in localnet builds

revert pr 2445

bfd40d3

commit Cargo.lock

01ec40e

bump version

d383748

Merge remote-tracking branch 'origin/main' into devnet-ready

4aa41cc

Introduce eco-tests

b80c12b

Make eco-tests separate

c1b950f

Merge pull request #2510 from opentensor/update-chainspec-clone-command

eb332da

Add balances to validators on chainspec clone.

fix: ensure generate-types.sh exits with code 0 after cleanup

598d209

Merge pull request #2534 from opentensor/improve-e2e-types-generation

ac6ec70

Fixes failing types generation for e2e tests

Merge pull request #2531 from opentensor/revert-pr-2445

3feb9d2

Revert pr 2445

Add eco-tests workflow.

b3b5ca7

Apply github copilot suggestion.

d244bad

Merge branch 'devnet-ready' into eco-tests

7d55631

Merge pull request #2526 from opentensor/eco-tests

3708f42

Introduce eco-tests

Add /fix and /ship Claude Code skills for automated lint, test, and s…

23d2cce

…hip workflow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Fix skills location

093a7fa

Distill fix/ship skill descriptions and opening guidance

90fb2ed

hand-tweak /fix and /format

148287c

hand-tweak /ship

b93f415

Add CLAUDE.md

de5a77d

tweak CLAUDE.md

331f4e4

fix: use plain arithmetic in test (safe math is banned in tests)

b39745b

Replace saturating_add with + in migration test to comply with the custom lint that bans safe math in tests (to encourage panics on bugs).

ppolewicz added the skip-cargo-audit This PR fails cargo audit but needs to be merged anyway label Mar 28, 2026

ppolewicz added 2 commits March 29, 2026 11:59

fix(review): return AxonInfoOf from validate_serve_axon; fix log targ…

edda939

…et; fix doc comments

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: validate hotkey registration on specific subnet in serve_axon and serve_prometheus#2545

fix: validate hotkey registration on specific subnet in serve_axon and serve_prometheus#2545
ppolewicz wants to merge 198 commits intomainfrom
fix/serve-axon-registration-check

ppolewicz commented Mar 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

Conversation

ppolewicz commented Mar 28, 2026

Summary

Details

Test plan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants