🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: established OpenTensor contributor with write permission; no Gittensor allowlist hit found; Cursor co-author disclosed; branch unconst/root-only-subnet-emission-toggle -> devnet-ready.

Static review only. The current diff tightens sudo_set_subnet_emission_enabled from subnet-owner-or-root authorization to ensure_root, removes the now-unreachable owner rate-limit recording, and adds a regression test for owner rejection plus root success. No dependencies, build scripts, workflows, .github/ai-review/*, or copilot-instruction files are changed.

Findings

No findings.

Conclusion

No malicious intent or security vulnerability found. The changed dispatch path narrows privilege and keeps the existing admin-window, subnet-existence, root-subnet, storage-write, event, and logging behavior on the root path.

🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor: LIKELY; established OpenTensor contributor with write permission, reviewed primarily for domain correctness.

PR body is substantive and matches the implementation.

Duplicate-work check: PR #2694 appears to target the same root-only subnet-emission toggle by title and overlap. This PR is the better candidate because it includes the authorization change plus a dispatch-level regression test for owner denial and root success. Recommend closing #2694; the other overlapping PRs appear to share broad files only, not scope.

I attempted the targeted test with cargo test -p pallet-admin-utils test_sudo_set_subnet_emission_enabled_root_only, but this sandbox cannot resolve GitHub to fetch the uncached w3f-bls git dependency. I also attempted the devnet specVersion query for an auto-bump decision, but DNS resolution for dev.chain.opentensor.ai failed, so no spec-version auto-fix was applied.

Findings

Other findings

• [LOW] Remove the now-impossible proxy permission (runtime/src/lib.rs:818) — runtime/src/lib.rs still allows pallet_admin_utils::Call::sudo_set_subnet_emission_enabled { .. } through ProxyType::SubnetLeaseBeneficiary. After this PR the call requires Root, while that proxy path dispatches with a signed origin, so the filter admits a call that can only fail BadOrigin. Remove it to keep proxy semantics and wallet/UI expectations aligned.

Prior-comment reconciliation

• 3cd404af: addressed — The PR now adds test_sudo_set_subnet_emission_enabled_root_only, covering signed subnet-owner rejection, unchanged storage on rejection, and root success.
• 9a9a2540: not addressed — The proxy filter still includes sudo_set_subnet_emission_enabled under ProxyType::SubnetLeaseBeneficiary.

Conclusion

The prior blocking coverage gap is addressed by the new root-only regression test, and the authorization change is narrow. One low-severity proxy cleanup remains, but it does not block merge.

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

Addressed the [MEDIUM] reviewer feedback:

Added test_sudo_set_subnet_emission_enabled_root_only in pallets/admin-utils/src/tests/mod.rs (commit 51b6645). It directly exercises the changed authorization boundary:

1. Insert a SubnetOwner for the test subnet, disable the admin freeze window.
2. A signed-origin call by that subnet owner must return Err(DispatchError::BadOrigin) and leave SubnetEmissionEnabled unchanged.
3. RuntimeOrigin::root() must still be able to toggle the flag (verified via storage read).

This test would fail under the previous ensure_sn_owner_or_root_with_limits behavior (the owner call would either succeed or return a rate-limit error — never BadOrigin), so it pins the new origin contract.

Run locally:

SKIP_WASM_BUILD=1 cargo test -p pallet-admin-utils --lib tests::test_sudo_set_subnet_emission_enabled_root_only

Result: 1 passed; 0 failed.

🔄 AI review updated — Skeptic: SAFE Auditor: 👍