fix conflict

Author: open-junius

node/src/mev_shield/proposer.rs

@@ -189,4 +189,43 @@ mod benches {
         // 9) Assert: submission consumed.
         assert!(Submissions::<T>::get(id).is_none());
     }
+
+    /// Benchmark `mark_decryption_failed`.
+    #[benchmark]
+    fn mark_decryption_failed() {
+        // Any account can be the author of the submission.
+        let who: T::AccountId = whitelisted_caller();
+        let submitted_in: BlockNumberFor<T> = frame_system::Pallet::<T>::block_number();
+
+        // Build a dummy commitment and ciphertext.
+        let commitment: T::Hash =
+            <T as frame_system::Config>::Hashing::hash(b"bench-mark-decryption-failed");
+        const CT_DEFAULT_LEN: usize = 32;
+        let ciphertext: BoundedVec<u8, ConstU32<8192>> =
+            BoundedVec::truncate_from(vec![0u8; CT_DEFAULT_LEN]);
+
+        // Compute the submission id exactly like `submit_encrypted` does.
+        let id: T::Hash =
+            <T as frame_system::Config>::Hashing::hash_of(&(who.clone(), commitment, &ciphertext));
+
+        // Seed Submissions with an entry for this id.
+        let sub = Submission::<T::AccountId, BlockNumberFor<T>, <T as frame_system::Config>::Hash> {
+            author: who,
+            commitment,
+            ciphertext: ciphertext.clone(),
+            submitted_in,
+        };
+        Submissions::<T>::insert(id, sub);
+
+        // Reason for failure.
+        let reason: BoundedVec<u8, ConstU32<256>> =
+            BoundedVec::truncate_from(b"benchmark-decryption-failed".to_vec());
+
+        // Measure: dispatch the unsigned extrinsic.
+        #[extrinsic_call]
+        mark_decryption_failed(RawOrigin::None, id, reason);
+
+        // Assert: submission is removed.
+        assert!(Submissions::<T>::get(id).is_none());
+    }
 }

pallets/shield/src/benchmarking.rs

@@ -142,6 +142,11 @@ pub mod pallet {
             id: T::Hash,
             reason: DispatchErrorWithPostInfo<PostDispatchInfo>,
         },
+        /// Decryption failed - validator could not decrypt the submission.
+        DecryptionFailed {
+            id: T::Hash,
+            reason: BoundedVec<u8, ConstU32<256>>,
+        },
     }
 
     #[pallet::error]
@@ -244,12 +249,13 @@ pub mod pallet {
                 .saturating_add(T::DbWeight::get().reads(1_u64))
                 .saturating_add(T::DbWeight::get().writes(1_u64)),
             DispatchClass::Operational,
-            Pays::No
+            Pays::Yes
         ))]
+        #[allow(clippy::useless_conversion)]
         pub fn announce_next_key(
             origin: OriginFor<T>,
             public_key: BoundedVec<u8, ConstU32<2048>>,
-        ) -> DispatchResult {
+        ) -> DispatchResultWithPostInfo {
             // Only a current Aura validator may call this (signed account ∈ Aura authorities)
             T::AuthorityOrigin::ensure_validator(origin)?;
 
@@ -259,9 +265,13 @@ pub mod pallet {
                 Error::<T>::BadPublicKeyLen
             );
 
-            NextKey::<T>::put(public_key.clone());
+            NextKey::<T>::put(public_key);
 
-            Ok(())
+            // Refund the fee on success by setting pays_fee = Pays::No
+            Ok(PostDispatchInfo {
+                actual_weight: None,
+                pays_fee: Pays::No,
+            })
         }
 
         /// Users submit an encrypted wrapper.
@@ -335,7 +345,7 @@ pub mod pallet {
             Weight::from_parts(77_280_000, 0)
                 .saturating_add(T::DbWeight::get().reads(4_u64))
                 .saturating_add(T::DbWeight::get().writes(1_u64)),
-            DispatchClass::Operational,
+            DispatchClass::Normal,
             Pays::No
         ))]
         #[allow(clippy::useless_conversion)]
@@ -404,6 +414,43 @@ pub mod pallet {
                 }
             }
         }
+
+        /// Marks a submission as failed to decrypt and removes it from storage.
+        ///
+        /// Called by the block author when decryption fails at any stage (e.g., ML-KEM decapsulate
+        /// failed, AEAD decrypt failed, invalid ciphertext format, etc.). This allows clients to be
+        /// notified of decryption failures through on-chain events.
+        ///
+        /// # Arguments
+        ///
+        /// * `id` - The wrapper id (hash of (author, commitment, ciphertext))
+        /// * `reason` - Human-readable reason for the decryption failure (e.g., "ML-KEM decapsulate failed")
+        #[pallet::call_index(3)]
+        #[pallet::weight((
+            Weight::from_parts(13_260_000, 0)
+                .saturating_add(T::DbWeight::get().reads(1_u64))
+                .saturating_add(T::DbWeight::get().writes(1_u64)),
+            DispatchClass::Normal,
+            Pays::No
+        ))]
+        pub fn mark_decryption_failed(
+            origin: OriginFor<T>,
+            id: T::Hash,
+            reason: BoundedVec<u8, ConstU32<256>>,
+        ) -> DispatchResult {
+            // Unsigned: only the author node may inject this via ValidateUnsigned.
+            ensure_none(origin)?;
+
+            // Load and consume the submission.
+            let Some(_sub) = Submissions::<T>::take(id) else {
+                return Err(Error::<T>::MissingSubmission.into());
+            };
+
+            // Emit event to notify clients
+            Self::deposit_event(Event::DecryptionFailed { id, reason });
+
+            Ok(())
+        }
     }
 
     impl<T: Config> Pallet<T> {
@@ -439,7 +486,20 @@ pub mod pallet {
                         // Only allow locally-submitted / already-in-block txs.
                         TransactionSource::Local | TransactionSource::InBlock => {
                             ValidTransaction::with_tag_prefix("mev-shield-exec")
-                                .priority(u64::MAX)
+                                .priority(1u64)
+                                .longevity(64) // long because propagate(false)
+                                .and_provides(id) // dedupe by wrapper id
+                                .propagate(false) // CRITICAL: no gossip, stays on author node
+                                .build()
+                        }
+                        _ => InvalidTransaction::Call.into(),
+                    }
+                }
+                Call::mark_decryption_failed { id, .. } => {
+                    match source {
+                        TransactionSource::Local | TransactionSource::InBlock => {
+                            ValidTransaction::with_tag_prefix("mev-shield-failed")
+                                .priority(1u64)
                                 .longevity(64) // long because propagate(false)
                                 .and_provides(id) // dedupe by wrapper id
                                 .propagate(false) // CRITICAL: no gossip, stays on author node
@@ -448,7 +508,6 @@ pub mod pallet {
                         _ => InvalidTransaction::Call.into(),
                     }
                 }
-
                 _ => InvalidTransaction::Call.into(),
             }
         }

pallets/shield/src/lib.rs

@@ -2,19 +2,23 @@ use crate as pallet_mev_shield;
 use crate::mock::*;
 
 use codec::Encode;
-use frame_support::pallet_prelude::ValidateUnsigned;
-use frame_support::traits::ConstU32 as FrameConstU32;
-use frame_support::traits::Hooks;
-use frame_support::{BoundedVec, assert_noop, assert_ok};
+use frame_support::{
+    BoundedVec, assert_noop, assert_ok,
+    pallet_prelude::ValidateUnsigned,
+    traits::{ConstU32 as FrameConstU32, Hooks},
+};
 use frame_system::pallet_prelude::BlockNumberFor;
 use pallet_mev_shield::{
     Call as MevShieldCall, CurrentKey, Event as MevShieldEvent, KeyHashByBlock, NextKey,
     Submissions,
 };
-use sp_core::Pair;
-use sp_core::sr25519;
-use sp_runtime::traits::{Hash, SaturatedConversion};
-use sp_runtime::{AccountId32, MultiSignature, transaction_validity::TransactionSource};
+use sp_core::{Pair, sr25519};
+use sp_runtime::{
+    AccountId32, MultiSignature, Vec,
+    traits::{Hash, SaturatedConversion},
+    transaction_validity::TransactionSource,
+};
+use sp_std::boxed::Box;
 
 // Type aliases for convenience in tests.
 type TestHash = <Test as frame_system::Config>::Hash;
@@ -588,3 +592,140 @@ fn validate_unsigned_accepts_inblock_source_for_execute_revealed() {
         assert_ok!(validity);
     });
 }
+
+#[test]
+fn mark_decryption_failed_removes_submission_and_emits_event() {
+    new_test_ext().execute_with(|| {
+        System::set_block_number(42);
+        let pair = test_sr25519_pair();
+        let who: AccountId32 = pair.public().into();
+
+        let commitment: TestHash =
+            <Test as frame_system::Config>::Hashing::hash(b"failed-decryption-commitment");
+        let ciphertext_bytes = vec![5u8; 8];
+        let ciphertext: BoundedVec<u8, FrameConstU32<8192>> =
+            BoundedVec::truncate_from(ciphertext_bytes.clone());
+
+        assert_ok!(MevShield::submit_encrypted(
+            RuntimeOrigin::signed(who.clone()),
+            commitment,
+            ciphertext.clone(),
+        ));
+
+        let id: TestHash = <Test as frame_system::Config>::Hashing::hash_of(&(
+            who.clone(),
+            commitment,
+            &ciphertext,
+        ));
+
+        // Sanity: submission exists.
+        assert!(Submissions::<Test>::get(id).is_some());
+
+        // Reason we will pass into mark_decryption_failed.
+        let reason_bytes = b"AEAD decrypt failed".to_vec();
+        let reason: BoundedVec<u8, FrameConstU32<256>> =
+            BoundedVec::truncate_from(reason_bytes.clone());
+
+        // Call mark_decryption_failed as unsigned (RuntimeOrigin::none()).
+        assert_ok!(MevShield::mark_decryption_failed(
+            RuntimeOrigin::none(),
+            id,
+            reason.clone(),
+        ));
+
+        // Submission should be removed.
+        assert!(Submissions::<Test>::get(id).is_none());
+
+        // Last event should be DecryptionFailed with the correct id and reason.
+        let events = System::events();
+        let last = events
+            .last()
+            .expect("an event should be emitted")
+            .event
+            .clone();
+
+        assert!(
+            matches!(
+                last,
+                RuntimeEvent::MevShield(
+                    MevShieldEvent::<Test>::DecryptionFailed { id: ev_id, reason: ev_reason }
+                )
+                if ev_id == id && ev_reason.to_vec() == reason_bytes
+            ),
+            "expected DecryptionFailed event with correct id & reason"
+        );
+
+        // A second call with the same id should now fail with MissingSubmission.
+        let res = MevShield::mark_decryption_failed(RuntimeOrigin::none(), id, reason);
+        assert_noop!(res, pallet_mev_shield::Error::<Test>::MissingSubmission);
+    });
+}
+
+#[test]
+fn announce_next_key_charges_then_refunds_fee() {
+    new_test_ext().execute_with(|| {
+        const KYBER_PK_LEN: usize = 1184;
+
+        // ---------------------------------------------------------------------
+        // 1. Seed Aura authorities with a single validator and derive account.
+        // ---------------------------------------------------------------------
+        let validator_pair = test_sr25519_pair();
+        let validator_account: AccountId32 = validator_pair.public().into();
+        let validator_aura_id: <Test as pallet_aura::Config>::AuthorityId =
+            validator_pair.public().into();
+
+        let authorities: BoundedVec<
+            <Test as pallet_aura::Config>::AuthorityId,
+            <Test as pallet_aura::Config>::MaxAuthorities,
+        > = BoundedVec::truncate_from(vec![validator_aura_id]);
+        pallet_aura::Authorities::<Test>::put(authorities);
+
+        // ---------------------------------------------------------------------
+        // 2. Build a valid Kyber public key and the corresponding RuntimeCall.
+        // ---------------------------------------------------------------------
+        let pk_bytes = vec![42u8; KYBER_PK_LEN];
+        let bounded_pk: BoundedVec<u8, FrameConstU32<2048>> =
+            BoundedVec::truncate_from(pk_bytes.clone());
+
+        let runtime_call = RuntimeCall::MevShield(MevShieldCall::<Test>::announce_next_key {
+            public_key: bounded_pk.clone(),
+        });
+
+        // ---------------------------------------------------------------------
+        // 3. Pre-dispatch: DispatchInfo must say Pays::Yes.
+        // ---------------------------------------------------------------------
+        let pre_info = <RuntimeCall as frame_support::dispatch::GetDispatchInfo>::get_dispatch_info(
+            &runtime_call,
+        );
+
+        assert_eq!(
+            pre_info.pays_fee,
+            frame_support::dispatch::Pays::Yes,
+            "announce_next_key must be declared as fee-paying at pre-dispatch"
+        );
+
+        // ---------------------------------------------------------------------
+        // 4. Dispatch via the pallet function.
+        // ---------------------------------------------------------------------
+        let post = MevShield::announce_next_key(
+            RuntimeOrigin::signed(validator_account.clone()),
+            bounded_pk.clone(),
+        )
+        .expect("announce_next_key should succeed for an Aura validator");
+
+        // Post-dispatch info should switch pays_fee from Yes -> No (refund).
+        assert_eq!(
+            post.pays_fee,
+            frame_support::dispatch::Pays::No,
+            "announce_next_key must refund the previously chargeable fee"
+        );
+
+        // And we don't override the actual weight (None => use pre-dispatch weight).
+        assert!(
+            post.actual_weight.is_none(),
+            "announce_next_key should not override actual_weight in PostDispatchInfo"
+        );
+        let next = NextKey::<Test>::get().expect("NextKey should be set by announce_next_key");
+        assert_eq!(next, pk_bytes);
+    });
+}

pallets/shield/src/tests.rs

@@ -18,7 +18,9 @@ impl<T: Config> Pallet<T> {
     /// # Returns
     /// * `u64` - The total alpha issuance for the specified subnet.
     pub fn get_alpha_issuance(netuid: NetUid) -> AlphaCurrency {
-        SubnetAlphaIn::<T>::get(netuid).saturating_add(SubnetAlphaOut::<T>::get(netuid))
+        SubnetAlphaIn::<T>::get(netuid)
+            .saturating_add(SubnetAlphaInProvided::<T>::get(netuid))
+            .saturating_add(SubnetAlphaOut::<T>::get(netuid))
     }
 
     pub fn get_protocol_tao(netuid: NetUid) -> TaoCurrency {

pallets/subtensor/src/staking/stake_utils.rs

@@ -237,7 +237,7 @@ pub const VERSION: RuntimeVersion = RuntimeVersion {
     //   `spec_version`, and `authoring_version` are the same between Wasm and native.
     // This value is set to 100 to notify Polkadot-JS App (https://polkadot.js.org/apps) to use
     //   the compatible custom types.
-    spec_version: 355,
+    spec_version: 357,
     impl_version: 1,
     apis: RUNTIME_API_VERSIONS,
     transaction_version: 1,
@@ -653,6 +653,9 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
                     | RuntimeCall::SubtensorModule(
                         pallet_subtensor::Call::remove_stake_full_limit { .. }
                     )
+                    | RuntimeCall::SubtensorModule(
+                        pallet_subtensor::Call::set_root_claim_type { .. }
+                    )
             ),
             ProxyType::Registration => matches!(
                 c,
@@ -743,9 +746,6 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
             ProxyType::RootClaim => matches!(
                 c,
                 RuntimeCall::SubtensorModule(pallet_subtensor::Call::claim_root { .. })
-                    | RuntimeCall::SubtensorModule(
-                        pallet_subtensor::Call::set_root_claim_type { .. }
-                    )
             ),
         }
     }