From a37cc79f2bc2f20e7f2a4c5074e4e7cdfbe327e5 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 17 Oct 2025 15:09:46 +0300 Subject: [PATCH 01/46] Initialize pallet-rate-limiting --- Cargo.lock | 11 ++ Cargo.toml | 1 + pallets/rate-limiting/Cargo.toml | 31 +++++ pallets/rate-limiting/src/lib.rs | 225 +++++++++++++++++++++++++++++++ 4 files changed, 268 insertions(+) create mode 100644 pallets/rate-limiting/Cargo.toml create mode 100644 pallets/rate-limiting/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index 6cc892ad7c..79ed81c6a7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10205,6 +10205,17 @@ dependencies = [ "sp-runtime", ] +[[package]] +name = "pallet-rate-limiting" +version = "0.1.0" +dependencies = [ + "frame-support", + "frame-system", + "parity-scale-codec", + "scale-info", + "sp-std", +] + [[package]] name = "pallet-recovery" version = "41.0.0" diff --git a/Cargo.toml b/Cargo.toml index ce2f3cf2ed..5a8d1742d9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -59,6 +59,7 @@ pallet-subtensor = { path = "pallets/subtensor", default-features = false } pallet-subtensor-swap = { path = "pallets/swap", default-features = false } pallet-subtensor-swap-runtime-api = { path = "pallets/swap/runtime-api", default-features = false } pallet-subtensor-swap-rpc = { path = "pallets/swap/rpc", default-features = false } +pallet-rate-limiting = { path = "pallets/rate-limiting", default-features = false } procedural-fork = { path = "support/procedural-fork", default-features = false } safe-math = { path = "primitives/safe-math", default-features = false } share-pool = { path = "primitives/share-pool", default-features = false } diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml new file mode 100644 index 0000000000..559dbaf816 --- /dev/null +++ b/pallets/rate-limiting/Cargo.toml @@ -0,0 +1,31 @@ +[package] +name = "pallet-rate-limiting" +version = "0.1.0" +edition.workspace = true + +[lints] +workspace = true + +[package.metadata.docs.rs] +targets = ["x86_64-unknown-linux-gnu"] + +[dependencies] +codec = { workspace = true, features = ["derive"] } +frame-support.workspace = true +frame-system.workspace = true +scale-info = { workspace = true, features = ["derive"] } +sp-std.workspace = true + +[features] +default = ["std"] +std = [ + "codec/std", + "frame-support/std", + "frame-system/std", + "scale-info/std", + "sp-std/std", +] +try-runtime = [ + "frame-support/try-runtime", + "frame-system/try-runtime", +] diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs new file mode 100644 index 0000000000..1b52782826 --- /dev/null +++ b/pallets/rate-limiting/src/lib.rs @@ -0,0 +1,225 @@ +#![cfg_attr(not(feature = "std"), no_std)] + +//! Basic rate limiting pallet. + +pub use pallet::*; + +use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; +use scale_info::TypeInfo; +use sp_std::fmt; + +#[frame_support::pallet] +pub mod pallet { + use crate::TransactionIdentifier; + use codec::Codec; + use frame_support::{ + pallet_prelude::*, sp_runtime::traits::Saturating, traits::GetCallMetadata, + }; + use frame_system::pallet_prelude::*; + use sp_std::vec::Vec; + + /// Configuration trait for the rate limiting pallet. + #[pallet::config] + pub trait Config: frame_system::Config { + /// The overarching runtime call type. + type RuntimeCall: Parameter + + Codec + + GetCallMetadata + + IsType<::RuntimeCall>; + } + + /// Storage mapping from transaction identifier to its block-based rate limit. + #[pallet::storage] + #[pallet::getter(fn limits)] + pub type Limits = + StorageMap<_, Blake2_128Concat, TransactionIdentifier, BlockNumberFor, OptionQuery>; + + /// Tracks when a transaction was last observed. + #[pallet::storage] + pub type LastSeen = + StorageMap<_, Blake2_128Concat, TransactionIdentifier, BlockNumberFor, OptionQuery>; + + /// Events emitted by the rate limiting pallet. + #[pallet::event] + #[pallet::generate_deposit(pub(super) fn deposit_event)] + pub enum Event { + /// A rate limit was set or updated. + RateLimitSet { + /// Identifier of the affected transaction. + transaction: TransactionIdentifier, + /// The new limit expressed in blocks. + limit: BlockNumberFor, + /// Pallet name associated with the transaction. + pallet: Vec, + /// Extrinsic name associated with the transaction. + extrinsic: Vec, + }, + /// A rate limit was cleared. + RateLimitCleared { + /// Identifier of the affected transaction. + transaction: TransactionIdentifier, + /// Pallet name associated with the transaction. + pallet: Vec, + /// Extrinsic name associated with the transaction. + extrinsic: Vec, + }, + } + + /// Errors that can occur while configuring rate limits. + #[pallet::error] + pub enum Error { + /// Failed to extract the pallet and extrinsic indices from the call. + InvalidRuntimeCall, + /// Attempted to remove a limit that is not present. + MissingRateLimit, + } + + #[pallet::pallet] + #[pallet::without_storage_info] + pub struct Pallet(_); + + impl Pallet { + /// Returns `true` when the given transaction identifier passes its configured rate limit. + pub fn is_within_limit(identifier: &TransactionIdentifier) -> Result { + let Some(limit) = Limits::::get(identifier) else { + return Ok(true); + }; + + let current = frame_system::Pallet::::block_number(); + if let Some(last) = LastSeen::::get(identifier) { + let delta = current.saturating_sub(last); + if delta < limit { + return Ok(false); + } + } + + Ok(true) + } + } + + #[pallet::call] + impl Pallet { + /// Sets the rate limit, in blocks, for the given call. + /// + /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any + /// arguments embedded in the call are ignored**. + #[pallet::call_index(0)] + #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] + pub fn set_rate_limit( + origin: OriginFor, + call: Box<::RuntimeCall>, + limit: BlockNumberFor, + ) -> DispatchResult { + ensure_root(origin)?; + + let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + Limits::::insert(&identifier, limit); + + let (pallet_name, extrinsic_name) = identifier.names::()?; + let pallet = Vec::from(pallet_name.as_bytes()); + let extrinsic = Vec::from(extrinsic_name.as_bytes()); + + Self::deposit_event(Event::RateLimitSet { + transaction: identifier, + limit, + pallet, + extrinsic, + }); + + Ok(()) + } + + /// Clears the rate limit for the given call, if present. + /// + /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any + /// arguments embedded in the call are ignored**. + #[pallet::call_index(1)] + #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] + pub fn clear_rate_limit( + origin: OriginFor, + call: Box<::RuntimeCall>, + ) -> DispatchResult { + ensure_root(origin)?; + + let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + + let (pallet_name, extrinsic_name) = identifier.names::()?; + let pallet = Vec::from(pallet_name.as_bytes()); + let extrinsic = Vec::from(extrinsic_name.as_bytes()); + + ensure!( + Limits::::take(&identifier).is_some(), + Error::::MissingRateLimit + ); + + Self::deposit_event(Event::RateLimitCleared { + transaction: identifier, + pallet, + extrinsic, + }); + + Ok(()) + } + } +} + +/// Identifies a runtime call by pallet and extrinsic indices. +#[derive( + Clone, Copy, PartialEq, Eq, Encode, Decode, DecodeWithMemTracking, TypeInfo, MaxEncodedLen, +)] +pub struct TransactionIdentifier { + /// Index of the pallet containing the extrinsic. + pub pallet_index: u8, + /// Variant index of the extrinsic within the pallet. + pub extrinsic_index: u8, +} + +impl TransactionIdentifier { + /// Builds a new identifier from pallet/extrinsic indices. + const fn new(pallet_index: u8, extrinsic_index: u8) -> Self { + Self { + pallet_index, + extrinsic_index, + } + } + + /// Returns the pallet and extrinsic name associated with this identifier. + fn names(&self) -> Result<(&'static str, &'static str), DispatchError> + where + T: Config, + { + let modules = ::RuntimeCall::get_module_names(); + let pallet_name = modules + .get(self.pallet_index as usize) + .copied() + .ok_or(Error::::InvalidRuntimeCall)?; + let call_names = ::RuntimeCall::get_call_names(pallet_name); + let extrinsic_name = call_names + .get(self.extrinsic_index as usize) + .copied() + .ok_or(Error::::InvalidRuntimeCall)?; + Ok((pallet_name, extrinsic_name)) + } + + /// Builds an identifier from a runtime call by extracting its pallet/extrinsic indices. + fn from_call(call: &::RuntimeCall) -> Result + where + T: Config, + { + call.using_encoded(|encoded| { + let pallet_index = *encoded.get(0).ok_or(Error::::InvalidRuntimeCall)?; + let extrinsic_index = *encoded.get(1).ok_or(Error::::InvalidRuntimeCall)?; + Ok(TransactionIdentifier::new(pallet_index, extrinsic_index)) + }) + } +} + +impl fmt::Debug for TransactionIdentifier { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("TransactionIdentifier") + .field("pallet_index", &self.pallet_index) + .field("extrinsic_index", &self.extrinsic_index) + .finish() + } +} From e903915b076c93a2b71a4ab695984bb7b2385700 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 17 Oct 2025 16:04:53 +0300 Subject: [PATCH 02/46] Add transaction extension for rate limiting --- Cargo.lock | 1 + pallets/rate-limiting/Cargo.toml | 2 + pallets/rate-limiting/src/lib.rs | 93 +++------------ .../src/transaction_extension.rs | 108 ++++++++++++++++++ pallets/rate-limiting/src/types.rs | 81 +++++++++++++ 5 files changed, 211 insertions(+), 74 deletions(-) create mode 100644 pallets/rate-limiting/src/transaction_extension.rs create mode 100644 pallets/rate-limiting/src/types.rs diff --git a/Cargo.lock b/Cargo.lock index 79ed81c6a7..4295ea61a8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10214,6 +10214,7 @@ dependencies = [ "parity-scale-codec", "scale-info", "sp-std", + "subtensor-runtime-common", ] [[package]] diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml index 559dbaf816..76c6e18142 100644 --- a/pallets/rate-limiting/Cargo.toml +++ b/pallets/rate-limiting/Cargo.toml @@ -15,6 +15,7 @@ frame-support.workspace = true frame-system.workspace = true scale-info = { workspace = true, features = ["derive"] } sp-std.workspace = true +subtensor-runtime-common.workspace = true [features] default = ["std"] @@ -24,6 +25,7 @@ std = [ "frame-system/std", "scale-info/std", "sp-std/std", + "subtensor-runtime-common/std", ] try-runtime = [ "frame-support/try-runtime", diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 1b52782826..16a1130769 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -3,22 +3,24 @@ //! Basic rate limiting pallet. pub use pallet::*; +pub use transaction_extension::RateLimitTransactionExtension; +pub use types::{Scope, TransactionIdentifier}; -use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; -use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; -use scale_info::TypeInfo; -use sp_std::fmt; +mod transaction_extension; +mod types; #[frame_support::pallet] pub mod pallet { - use crate::TransactionIdentifier; use codec::Codec; + use core::fmt::Debug; use frame_support::{ pallet_prelude::*, sp_runtime::traits::Saturating, traits::GetCallMetadata, }; - use frame_system::pallet_prelude::*; + use frame_system::{ensure_root, pallet_prelude::*}; use sp_std::vec::Vec; + use crate::types::TransactionIdentifier; + /// Configuration trait for the rate limiting pallet. #[pallet::config] pub trait Config: frame_system::Config { @@ -27,9 +29,12 @@ pub mod pallet { + Codec + GetCallMetadata + IsType<::RuntimeCall>; + + /// Context type used for contextual (per-group) rate limits. + type ScopeContext: Parameter + Clone + PartialEq + Eq + Debug; } - /// Storage mapping from transaction identifier to its block-based rate limit. + /// Storage mapping from transaction identifier to its configured rate limit. #[pallet::storage] #[pallet::getter(fn limits)] pub type Limits = @@ -49,7 +54,7 @@ pub mod pallet { /// Identifier of the affected transaction. transaction: TransactionIdentifier, /// The new limit expressed in blocks. - limit: BlockNumberFor, + block_span: BlockNumberFor, /// Pallet name associated with the transaction. pallet: Vec, /// Extrinsic name associated with the transaction. @@ -82,14 +87,14 @@ pub mod pallet { impl Pallet { /// Returns `true` when the given transaction identifier passes its configured rate limit. pub fn is_within_limit(identifier: &TransactionIdentifier) -> Result { - let Some(limit) = Limits::::get(identifier) else { + let Some(block_span) = Limits::::get(identifier) else { return Ok(true); }; let current = frame_system::Pallet::::block_number(); if let Some(last) = LastSeen::::get(identifier) { let delta = current.saturating_sub(last); - if delta < limit { + if delta < block_span { return Ok(false); } } @@ -100,7 +105,7 @@ pub mod pallet { #[pallet::call] impl Pallet { - /// Sets the rate limit, in blocks, for the given call. + /// Sets the rate limit configuration for the given call. /// /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any /// arguments embedded in the call are ignored**. @@ -109,12 +114,12 @@ pub mod pallet { pub fn set_rate_limit( origin: OriginFor, call: Box<::RuntimeCall>, - limit: BlockNumberFor, + block_span: BlockNumberFor, ) -> DispatchResult { ensure_root(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - Limits::::insert(&identifier, limit); + Limits::::insert(&identifier, block_span); let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); @@ -122,7 +127,7 @@ pub mod pallet { Self::deposit_event(Event::RateLimitSet { transaction: identifier, - limit, + block_span, pallet, extrinsic, }); @@ -163,63 +168,3 @@ pub mod pallet { } } } - -/// Identifies a runtime call by pallet and extrinsic indices. -#[derive( - Clone, Copy, PartialEq, Eq, Encode, Decode, DecodeWithMemTracking, TypeInfo, MaxEncodedLen, -)] -pub struct TransactionIdentifier { - /// Index of the pallet containing the extrinsic. - pub pallet_index: u8, - /// Variant index of the extrinsic within the pallet. - pub extrinsic_index: u8, -} - -impl TransactionIdentifier { - /// Builds a new identifier from pallet/extrinsic indices. - const fn new(pallet_index: u8, extrinsic_index: u8) -> Self { - Self { - pallet_index, - extrinsic_index, - } - } - - /// Returns the pallet and extrinsic name associated with this identifier. - fn names(&self) -> Result<(&'static str, &'static str), DispatchError> - where - T: Config, - { - let modules = ::RuntimeCall::get_module_names(); - let pallet_name = modules - .get(self.pallet_index as usize) - .copied() - .ok_or(Error::::InvalidRuntimeCall)?; - let call_names = ::RuntimeCall::get_call_names(pallet_name); - let extrinsic_name = call_names - .get(self.extrinsic_index as usize) - .copied() - .ok_or(Error::::InvalidRuntimeCall)?; - Ok((pallet_name, extrinsic_name)) - } - - /// Builds an identifier from a runtime call by extracting its pallet/extrinsic indices. - fn from_call(call: &::RuntimeCall) -> Result - where - T: Config, - { - call.using_encoded(|encoded| { - let pallet_index = *encoded.get(0).ok_or(Error::::InvalidRuntimeCall)?; - let extrinsic_index = *encoded.get(1).ok_or(Error::::InvalidRuntimeCall)?; - Ok(TransactionIdentifier::new(pallet_index, extrinsic_index)) - }) - } -} - -impl fmt::Debug for TransactionIdentifier { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("TransactionIdentifier") - .field("pallet_index", &self.pallet_index) - .field("extrinsic_index", &self.extrinsic_index) - .finish() - } -} diff --git a/pallets/rate-limiting/src/transaction_extension.rs b/pallets/rate-limiting/src/transaction_extension.rs new file mode 100644 index 0000000000..deacab0874 --- /dev/null +++ b/pallets/rate-limiting/src/transaction_extension.rs @@ -0,0 +1,108 @@ +use codec::{Decode, DecodeWithMemTracking, Encode}; +use frame_support::{ + dispatch::{DispatchInfo, DispatchResult, PostDispatchInfo}, + pallet_prelude::Weight, + sp_runtime::{ + traits::{ + DispatchInfoOf, DispatchOriginOf, Dispatchable, Implication, TransactionExtension, + ValidateResult, + }, + transaction_validity::{ + InvalidTransaction, TransactionSource, TransactionValidityError, ValidTransaction, + }, + }, +}; +use scale_info::TypeInfo; +use sp_std::{marker::PhantomData, result::Result}; + +use crate::{Config, LastSeen, Limits, Pallet, types::TransactionIdentifier}; + +/// Identifier returned in the transaction metadata for the rate limiting extension. +const IDENTIFIER: &str = "RateLimitTransactionExtension"; + +/// Custom error code used to signal a rate limit violation. +const RATE_LIMIT_DENIED: u8 = 1; + +/// Transaction extension that enforces pallet rate limiting rules. +#[derive(Default, Encode, Decode, DecodeWithMemTracking, Clone, Eq, PartialEq, TypeInfo)] +pub struct RateLimitTransactionExtension(PhantomData); + +impl core::fmt::Debug for RateLimitTransactionExtension { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.write_str(IDENTIFIER) + } +} + +impl TransactionExtension<::RuntimeCall> for RateLimitTransactionExtension +where + T: Config + Send + Sync + TypeInfo, + ::RuntimeCall: Dispatchable, +{ + const IDENTIFIER: &'static str = IDENTIFIER; + + type Implicit = (); + type Val = Option; + type Pre = Option; + + fn weight(&self, _call: &::RuntimeCall) -> Weight { + Weight::zero() + } + + fn validate( + &self, + origin: DispatchOriginOf<::RuntimeCall>, + call: &::RuntimeCall, + _info: &DispatchInfoOf<::RuntimeCall>, + _len: usize, + _self_implicit: Self::Implicit, + _inherited_implication: &impl Implication, + _source: TransactionSource, + ) -> ValidateResult::RuntimeCall> { + let identifier = match TransactionIdentifier::from_call::(call) { + Ok(identifier) => identifier, + Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), + }; + + if Limits::::get(&identifier).is_none() { + return Ok((ValidTransaction::default(), None, origin)); + } + + let within_limit = Pallet::::is_within_limit(&identifier) + .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; + + if !within_limit { + return Err(TransactionValidityError::Invalid( + InvalidTransaction::Custom(RATE_LIMIT_DENIED), + )); + } + + Ok((ValidTransaction::default(), Some(identifier), origin)) + } + + fn prepare( + self, + val: Self::Val, + _origin: &DispatchOriginOf<::RuntimeCall>, + _call: &::RuntimeCall, + _info: &DispatchInfoOf<::RuntimeCall>, + _len: usize, + ) -> Result { + Ok(val) + } + + fn post_dispatch( + pre: Self::Pre, + _info: &DispatchInfoOf<::RuntimeCall>, + _post_info: &mut PostDispatchInfo, + _len: usize, + result: &DispatchResult, + ) -> Result<(), TransactionValidityError> { + if result.is_ok() { + if let Some(identifier) = pre { + let block_number = frame_system::Pallet::::block_number(); + LastSeen::::insert(&identifier, block_number); + } + } + Ok(()) + } +} diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs new file mode 100644 index 0000000000..88143c84fb --- /dev/null +++ b/pallets/rate-limiting/src/types.rs @@ -0,0 +1,81 @@ +use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; +use scale_info::TypeInfo; + +/// Defines the scope within which a rate limit applies. +#[derive( + Clone, PartialEq, Eq, Encode, Decode, DecodeWithMemTracking, TypeInfo, MaxEncodedLen, Debug, +)] +pub enum Scope { + /// Rate limit applies chain-wide. + Global, + /// Rate limit applies to a specific context (e.g., subnet). + Contextual(Context), +} + +/// Identifies a runtime call by pallet and extrinsic indices. +#[derive( + Clone, + Copy, + PartialEq, + Eq, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub struct TransactionIdentifier { + /// Pallet variant index. + pub pallet_index: u8, + /// Call variant index within the pallet. + pub extrinsic_index: u8, +} + +impl TransactionIdentifier { + /// Builds a new identifier from pallet/extrinsic indices. + pub const fn new(pallet_index: u8, extrinsic_index: u8) -> Self { + Self { + pallet_index, + extrinsic_index, + } + } + + /// Returns the pallet and extrinsic names associated with this identifier. + pub fn names(&self) -> Result<(&'static str, &'static str), DispatchError> + where + T: crate::pallet::Config, + ::RuntimeCall: GetCallMetadata, + { + let modules = ::RuntimeCall::get_module_names(); + let pallet_name = modules + .get(self.pallet_index as usize) + .copied() + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + let call_names = ::RuntimeCall::get_call_names(pallet_name); + let extrinsic_name = call_names + .get(self.extrinsic_index as usize) + .copied() + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + Ok((pallet_name, extrinsic_name)) + } + + /// Builds an identifier from a runtime call by extracting pallet/extrinsic indices. + pub fn from_call( + call: &::RuntimeCall, + ) -> Result + where + T: crate::pallet::Config, + { + call.using_encoded(|encoded| { + let pallet_index = *encoded + .get(0) + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + let extrinsic_index = *encoded + .get(1) + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + Ok(TransactionIdentifier::new(pallet_index, extrinsic_index)) + }) + } +} From ea289efdb4ad960be3c18597bed6c147bf32e5fb Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 17 Oct 2025 19:13:46 +0300 Subject: [PATCH 03/46] Implement contextual scope --- pallets/rate-limiting/src/lib.rs | 32 ++++++++++++++----- .../src/transaction_extension.rs | 12 ++++--- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 16a1130769..5affba481c 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -12,14 +12,13 @@ mod types; #[frame_support::pallet] pub mod pallet { use codec::Codec; - use core::fmt::Debug; use frame_support::{ pallet_prelude::*, sp_runtime::traits::Saturating, traits::GetCallMetadata, }; use frame_system::{ensure_root, pallet_prelude::*}; use sp_std::vec::Vec; - use crate::types::TransactionIdentifier; + use crate::types::{Scope, TransactionIdentifier}; /// Configuration trait for the rate limiting pallet. #[pallet::config] @@ -31,7 +30,7 @@ pub mod pallet { + IsType<::RuntimeCall>; /// Context type used for contextual (per-group) rate limits. - type ScopeContext: Parameter + Clone + PartialEq + Eq + Debug; + type ScopeContext: Parameter + Clone + PartialEq + Eq; } /// Storage mapping from transaction identifier to its configured rate limit. @@ -41,9 +40,18 @@ pub mod pallet { StorageMap<_, Blake2_128Concat, TransactionIdentifier, BlockNumberFor, OptionQuery>; /// Tracks when a transaction was last observed. + /// + /// The second key is `None` for `Scope::Global` and `Some(context)` for `Scope::Contextual`. #[pallet::storage] - pub type LastSeen = - StorageMap<_, Blake2_128Concat, TransactionIdentifier, BlockNumberFor, OptionQuery>; + pub type LastSeen = StorageDoubleMap< + _, + Blake2_128Concat, + TransactionIdentifier, + Blake2_128Concat, + Option<::ScopeContext>, + BlockNumberFor, + OptionQuery, + >; /// Events emitted by the rate limiting pallet. #[pallet::event] @@ -85,14 +93,22 @@ pub mod pallet { pub struct Pallet(_); impl Pallet { - /// Returns `true` when the given transaction identifier passes its configured rate limit. - pub fn is_within_limit(identifier: &TransactionIdentifier) -> Result { + /// Returns `true` when the given transaction identifier passes its configured rate limit within the provided scope. + pub fn is_within_limit( + identifier: &TransactionIdentifier, + scope: Scope<::ScopeContext>, + ) -> Result { let Some(block_span) = Limits::::get(identifier) else { return Ok(true); }; let current = frame_system::Pallet::::block_number(); - if let Some(last) = LastSeen::::get(identifier) { + let context_key = match scope { + Scope::Global => None, + Scope::Contextual(ctx) => Some(ctx), + }; + + if let Some(last) = LastSeen::::get(identifier, context_key.clone()) { let delta = current.saturating_sub(last); if delta < block_span { return Ok(false); diff --git a/pallets/rate-limiting/src/transaction_extension.rs b/pallets/rate-limiting/src/transaction_extension.rs index deacab0874..a109d9c8c1 100644 --- a/pallets/rate-limiting/src/transaction_extension.rs +++ b/pallets/rate-limiting/src/transaction_extension.rs @@ -15,7 +15,10 @@ use frame_support::{ use scale_info::TypeInfo; use sp_std::{marker::PhantomData, result::Result}; -use crate::{Config, LastSeen, Limits, Pallet, types::TransactionIdentifier}; +use crate::{ + Config, LastSeen, Limits, Pallet, + types::{Scope, TransactionIdentifier}, +}; /// Identifier returned in the transaction metadata for the rate limiting extension. const IDENTIFIER: &str = "RateLimitTransactionExtension"; @@ -67,8 +70,9 @@ where return Ok((ValidTransaction::default(), None, origin)); } - let within_limit = Pallet::::is_within_limit(&identifier) - .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; + let within_limit = + Pallet::::is_within_limit(&identifier, Scope::::Global) + .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; if !within_limit { return Err(TransactionValidityError::Invalid( @@ -100,7 +104,7 @@ where if result.is_ok() { if let Some(identifier) = pre { let block_number = frame_system::Pallet::::block_number(); - LastSeen::::insert(&identifier, block_number); + LastSeen::::insert(&identifier, Option::::None, block_number); } } Ok(()) From ebcec75740e978111443fd47f64a97e67343266e Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 17 Oct 2025 19:38:16 +0300 Subject: [PATCH 04/46] Add context resolver --- pallets/rate-limiting/src/lib.rs | 28 +++++++++---------- ...ansaction_extension.rs => tx_extension.rs} | 23 +++++++++------ pallets/rate-limiting/src/types.rs | 14 ++++------ 3 files changed, 33 insertions(+), 32 deletions(-) rename pallets/rate-limiting/src/{transaction_extension.rs => tx_extension.rs} (82%) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 5affba481c..528fab3943 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -3,10 +3,10 @@ //! Basic rate limiting pallet. pub use pallet::*; -pub use transaction_extension::RateLimitTransactionExtension; -pub use types::{Scope, TransactionIdentifier}; +pub use tx_extension::RateLimitTransactionExtension; +pub use types::{RateLimitContextResolver, TransactionIdentifier}; -mod transaction_extension; +mod tx_extension; mod types; #[frame_support::pallet] @@ -18,7 +18,7 @@ pub mod pallet { use frame_system::{ensure_root, pallet_prelude::*}; use sp_std::vec::Vec; - use crate::types::{Scope, TransactionIdentifier}; + use crate::types::{RateLimitContextResolver, TransactionIdentifier}; /// Configuration trait for the rate limiting pallet. #[pallet::config] @@ -30,7 +30,10 @@ pub mod pallet { + IsType<::RuntimeCall>; /// Context type used for contextual (per-group) rate limits. - type ScopeContext: Parameter + Clone + PartialEq + Eq; + type LimitContext: Parameter + Clone + PartialEq + Eq; + + /// Resolves the context for a given runtime call. + type ContextResolver: RateLimitContextResolver<::RuntimeCall, Self::LimitContext>; } /// Storage mapping from transaction identifier to its configured rate limit. @@ -41,14 +44,14 @@ pub mod pallet { /// Tracks when a transaction was last observed. /// - /// The second key is `None` for `Scope::Global` and `Some(context)` for `Scope::Contextual`. + /// The second key is `None` for global limits and `Some(context)` for contextual limits. #[pallet::storage] pub type LastSeen = StorageDoubleMap< _, Blake2_128Concat, TransactionIdentifier, Blake2_128Concat, - Option<::ScopeContext>, + Option<::LimitContext>, BlockNumberFor, OptionQuery, >; @@ -93,22 +96,19 @@ pub mod pallet { pub struct Pallet(_); impl Pallet { - /// Returns `true` when the given transaction identifier passes its configured rate limit within the provided scope. + /// Returns `true` when the given transaction identifier passes its configured rate limit + /// within the provided context. pub fn is_within_limit( identifier: &TransactionIdentifier, - scope: Scope<::ScopeContext>, + context: Option<::LimitContext>, ) -> Result { let Some(block_span) = Limits::::get(identifier) else { return Ok(true); }; let current = frame_system::Pallet::::block_number(); - let context_key = match scope { - Scope::Global => None, - Scope::Contextual(ctx) => Some(ctx), - }; - if let Some(last) = LastSeen::::get(identifier, context_key.clone()) { + if let Some(last) = LastSeen::::get(identifier, &context) { let delta = current.saturating_sub(last); if delta < block_span { return Ok(false); diff --git a/pallets/rate-limiting/src/transaction_extension.rs b/pallets/rate-limiting/src/tx_extension.rs similarity index 82% rename from pallets/rate-limiting/src/transaction_extension.rs rename to pallets/rate-limiting/src/tx_extension.rs index a109d9c8c1..b7e55e1222 100644 --- a/pallets/rate-limiting/src/transaction_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -17,7 +17,7 @@ use sp_std::{marker::PhantomData, result::Result}; use crate::{ Config, LastSeen, Limits, Pallet, - types::{Scope, TransactionIdentifier}, + types::{RateLimitContextResolver, TransactionIdentifier}, }; /// Identifier returned in the transaction metadata for the rate limiting extension. @@ -44,8 +44,8 @@ where const IDENTIFIER: &'static str = IDENTIFIER; type Implicit = (); - type Val = Option; - type Pre = Option; + type Val = Option<(TransactionIdentifier, Option)>; + type Pre = Option<(TransactionIdentifier, Option)>; fn weight(&self, _call: &::RuntimeCall) -> Weight { Weight::zero() @@ -70,9 +70,10 @@ where return Ok((ValidTransaction::default(), None, origin)); } - let within_limit = - Pallet::::is_within_limit(&identifier, Scope::::Global) - .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; + let context = ::ContextResolver::context(call); + + let within_limit = Pallet::::is_within_limit(&identifier, context.clone()) + .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; if !within_limit { return Err(TransactionValidityError::Invalid( @@ -80,7 +81,11 @@ where )); } - Ok((ValidTransaction::default(), Some(identifier), origin)) + Ok(( + ValidTransaction::default(), + Some((identifier, context)), + origin, + )) } fn prepare( @@ -102,9 +107,9 @@ where result: &DispatchResult, ) -> Result<(), TransactionValidityError> { if result.is_ok() { - if let Some(identifier) = pre { + if let Some((identifier, context)) = pre { let block_number = frame_system::Pallet::::block_number(); - LastSeen::::insert(&identifier, Option::::None, block_number); + LastSeen::::insert(&identifier, context, block_number); } } Ok(()) diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 88143c84fb..ee62ed894e 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -2,15 +2,11 @@ use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; use scale_info::TypeInfo; -/// Defines the scope within which a rate limit applies. -#[derive( - Clone, PartialEq, Eq, Encode, Decode, DecodeWithMemTracking, TypeInfo, MaxEncodedLen, Debug, -)] -pub enum Scope { - /// Rate limit applies chain-wide. - Global, - /// Rate limit applies to a specific context (e.g., subnet). - Contextual(Context), +/// Resolves the optional context within which a rate limit applies. +pub trait RateLimitContextResolver { + /// Returns `Some(context)` when the limit should be applied per-context, or `None` for global + /// limits. + fn context(call: &Call) -> Option; } /// Identifies a runtime call by pallet and extrinsic indices. From 56333c9fd4fbc98b9b618eab74cd5a2938068f86 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 21 Oct 2025 15:41:52 +0300 Subject: [PATCH 05/46] Add default rate limit --- pallets/rate-limiting/src/lib.rs | 59 +++++++++++++++++++---- pallets/rate-limiting/src/tx_extension.rs | 15 ++++-- pallets/rate-limiting/src/types.rs | 20 ++++++++ 3 files changed, 81 insertions(+), 13 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 528fab3943..761cbed270 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -4,7 +4,7 @@ pub use pallet::*; pub use tx_extension::RateLimitTransactionExtension; -pub use types::{RateLimitContextResolver, TransactionIdentifier}; +pub use types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; mod tx_extension; mod types; @@ -18,7 +18,7 @@ pub mod pallet { use frame_system::{ensure_root, pallet_prelude::*}; use sp_std::vec::Vec; - use crate::types::{RateLimitContextResolver, TransactionIdentifier}; + use crate::types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; /// Configuration trait for the rate limiting pallet. #[pallet::config] @@ -39,8 +39,13 @@ pub mod pallet { /// Storage mapping from transaction identifier to its configured rate limit. #[pallet::storage] #[pallet::getter(fn limits)] - pub type Limits = - StorageMap<_, Blake2_128Concat, TransactionIdentifier, BlockNumberFor, OptionQuery>; + pub type Limits = StorageMap< + _, + Blake2_128Concat, + TransactionIdentifier, + RateLimit>, + OptionQuery, + >; /// Tracks when a transaction was last observed. /// @@ -56,6 +61,11 @@ pub mod pallet { OptionQuery, >; + /// Default block span applied when an extrinsic uses the default rate limit. + #[pallet::storage] + #[pallet::getter(fn default_limit)] + pub type DefaultLimit = StorageValue<_, BlockNumberFor, ValueQuery>; + /// Events emitted by the rate limiting pallet. #[pallet::event] #[pallet::generate_deposit(pub(super) fn deposit_event)] @@ -64,8 +74,8 @@ pub mod pallet { RateLimitSet { /// Identifier of the affected transaction. transaction: TransactionIdentifier, - /// The new limit expressed in blocks. - block_span: BlockNumberFor, + /// The new limit configuration applied to the transaction. + limit: RateLimit>, /// Pallet name associated with the transaction. pallet: Vec, /// Extrinsic name associated with the transaction. @@ -80,6 +90,11 @@ pub mod pallet { /// Extrinsic name associated with the transaction. extrinsic: Vec, }, + /// The default rate limit was set or updated. + DefaultRateLimitSet { + /// The new default limit expressed in blocks. + block_span: BlockNumberFor, + }, } /// Errors that can occur while configuring rate limits. @@ -102,7 +117,7 @@ pub mod pallet { identifier: &TransactionIdentifier, context: Option<::LimitContext>, ) -> Result { - let Some(block_span) = Limits::::get(identifier) else { + let Some(block_span) = Self::resolved_limit(identifier) else { return Ok(true); }; @@ -117,6 +132,14 @@ pub mod pallet { Ok(true) } + + fn resolved_limit(identifier: &TransactionIdentifier) -> Option> { + let limit = Limits::::get(identifier)?; + Some(match limit { + RateLimit::Default => DefaultLimit::::get(), + RateLimit::Exact(block_span) => block_span, + }) + } } #[pallet::call] @@ -130,12 +153,12 @@ pub mod pallet { pub fn set_rate_limit( origin: OriginFor, call: Box<::RuntimeCall>, - block_span: BlockNumberFor, + limit: RateLimit>, ) -> DispatchResult { ensure_root(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - Limits::::insert(&identifier, block_span); + Limits::::insert(&identifier, limit); let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); @@ -143,7 +166,7 @@ pub mod pallet { Self::deposit_event(Event::RateLimitSet { transaction: identifier, - block_span, + limit, pallet, extrinsic, }); @@ -182,5 +205,21 @@ pub mod pallet { Ok(()) } + + /// Sets the default rate limit in blocks applied to calls configured to use it. + #[pallet::call_index(2)] + #[pallet::weight(T::DbWeight::get().writes(1))] + pub fn set_default_rate_limit( + origin: OriginFor, + block_span: BlockNumberFor, + ) -> DispatchResult { + ensure_root(origin)?; + + DefaultLimit::::put(block_span); + + Self::deposit_event(Event::DefaultRateLimitSet { block_span }); + + Ok(()) + } } } diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index b7e55e1222..097b23b961 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -5,7 +5,7 @@ use frame_support::{ sp_runtime::{ traits::{ DispatchInfoOf, DispatchOriginOf, Dispatchable, Implication, TransactionExtension, - ValidateResult, + ValidateResult, Zero, }, transaction_validity::{ InvalidTransaction, TransactionSource, TransactionValidityError, ValidTransaction, @@ -17,7 +17,7 @@ use sp_std::{marker::PhantomData, result::Result}; use crate::{ Config, LastSeen, Limits, Pallet, - types::{RateLimitContextResolver, TransactionIdentifier}, + types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}, }; /// Identifier returned in the transaction metadata for the rate limiting extension. @@ -66,7 +66,16 @@ where Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), }; - if Limits::::get(&identifier).is_none() { + let Some(limit) = Limits::::get(&identifier) else { + return Ok((ValidTransaction::default(), None, origin)); + }; + + let block_span = match limit { + RateLimit::Default => Pallet::::default_limit(), + RateLimit::Exact(block_span) => block_span, + }; + + if block_span.is_zero() { return Ok((ValidTransaction::default(), None, origin)); } diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index ee62ed894e..124dbbe3ab 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -75,3 +75,23 @@ impl TransactionIdentifier { }) } } + +/// Configuration value for a rate limit. +#[derive( + Clone, + Copy, + PartialEq, + Eq, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub enum RateLimit { + /// Use the pallet-level default rate limit. + Default, + /// Apply an exact rate limit measured in blocks. + Exact(BlockNumber), +} From 1b6b03cbe77a551a7500f29c9f38fc69c28a8fd1 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 21 Oct 2025 16:26:09 +0300 Subject: [PATCH 06/46] Add genesis config for pallet-rate-limiting --- Cargo.lock | 1 + pallets/rate-limiting/Cargo.toml | 2 ++ pallets/rate-limiting/src/lib.rs | 31 +++++++++++++++++++++++++++++- pallets/rate-limiting/src/types.rs | 2 ++ 4 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 4295ea61a8..e315f31c63 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10213,6 +10213,7 @@ dependencies = [ "frame-system", "parity-scale-codec", "scale-info", + "serde", "sp-std", "subtensor-runtime-common", ] diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml index 76c6e18142..24620e2d54 100644 --- a/pallets/rate-limiting/Cargo.toml +++ b/pallets/rate-limiting/Cargo.toml @@ -16,6 +16,7 @@ frame-system.workspace = true scale-info = { workspace = true, features = ["derive"] } sp-std.workspace = true subtensor-runtime-common.workspace = true +serde = { workspace = true, features = ["derive"], optional = true } [features] default = ["std"] @@ -26,6 +27,7 @@ std = [ "scale-info/std", "sp-std/std", "subtensor-runtime-common/std", + "serde", ] try-runtime = [ "frame-support/try-runtime", diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 761cbed270..0b132c3dda 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -13,7 +13,9 @@ mod types; pub mod pallet { use codec::Codec; use frame_support::{ - pallet_prelude::*, sp_runtime::traits::Saturating, traits::GetCallMetadata, + pallet_prelude::*, + sp_runtime::traits::{Saturating, Zero}, + traits::{BuildGenesisConfig, GetCallMetadata}, }; use frame_system::{ensure_root, pallet_prelude::*}; use sp_std::vec::Vec; @@ -106,6 +108,33 @@ pub mod pallet { MissingRateLimit, } + #[pallet::genesis_config] + pub struct GenesisConfig { + pub default_limit: BlockNumberFor, + pub limits: Vec<(TransactionIdentifier, RateLimit>)>, + } + + #[cfg(feature = "std")] + impl Default for GenesisConfig { + fn default() -> Self { + Self { + default_limit: Zero::zero(), + limits: Vec::new(), + } + } + } + + #[pallet::genesis_build] + impl BuildGenesisConfig for GenesisConfig { + fn build(&self) { + DefaultLimit::::put(self.default_limit); + + for (identifier, limit) in &self.limits { + Limits::::insert(identifier, limit.clone()); + } + } + } + #[pallet::pallet] #[pallet::without_storage_info] pub struct Pallet(_); diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 124dbbe3ab..4e00053ec7 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -10,6 +10,7 @@ pub trait RateLimitContextResolver { } /// Identifies a runtime call by pallet and extrinsic indices. +#[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] #[derive( Clone, Copy, @@ -77,6 +78,7 @@ impl TransactionIdentifier { } /// Configuration value for a rate limit. +#[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] #[derive( Clone, Copy, From 220c9052ad73a8bf7906ec6aa2c9469bdeca33f8 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 21 Oct 2025 19:26:54 +0300 Subject: [PATCH 07/46] Add rpc method to fetch rate limit --- Cargo.lock | 25 ++++++ Cargo.toml | 4 + pallets/rate-limiting/rpc/Cargo.toml | 22 ++++++ pallets/rate-limiting/rpc/src/lib.rs | 82 ++++++++++++++++++++ pallets/rate-limiting/runtime-api/Cargo.toml | 26 +++++++ pallets/rate-limiting/runtime-api/src/lib.rs | 24 ++++++ pallets/rate-limiting/src/lib.rs | 37 ++++++++- pallets/rate-limiting/src/tx_extension.rs | 2 +- 8 files changed, 218 insertions(+), 4 deletions(-) create mode 100644 pallets/rate-limiting/rpc/Cargo.toml create mode 100644 pallets/rate-limiting/rpc/src/lib.rs create mode 100644 pallets/rate-limiting/runtime-api/Cargo.toml create mode 100644 pallets/rate-limiting/runtime-api/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index e315f31c63..6e9eba1a5a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10218,6 +10218,31 @@ dependencies = [ "subtensor-runtime-common", ] +[[package]] +name = "pallet-rate-limiting-rpc" +version = "0.1.0" +dependencies = [ + "jsonrpsee", + "pallet-rate-limiting-runtime-api", + "sp-api", + "sp-blockchain", + "sp-runtime", + "subtensor-runtime-common", +] + +[[package]] +name = "pallet-rate-limiting-runtime-api" +version = "0.1.0" +dependencies = [ + "pallet-rate-limiting", + "parity-scale-codec", + "scale-info", + "serde", + "sp-api", + "sp-std", + "subtensor-runtime-common", +] + [[package]] name = "pallet-recovery" version = "41.0.0" diff --git a/Cargo.toml b/Cargo.toml index 5a8d1742d9..ed71cc537e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,6 +28,8 @@ members = [ "common", "node", "pallets/*", + "pallets/rate-limiting/runtime-api", + "pallets/rate-limiting/rpc", "precompiles", "primitives/*", "runtime", @@ -60,6 +62,8 @@ pallet-subtensor-swap = { path = "pallets/swap", default-features = false } pallet-subtensor-swap-runtime-api = { path = "pallets/swap/runtime-api", default-features = false } pallet-subtensor-swap-rpc = { path = "pallets/swap/rpc", default-features = false } pallet-rate-limiting = { path = "pallets/rate-limiting", default-features = false } +pallet-rate-limiting-runtime-api = { path = "pallets/rate-limiting/runtime-api", default-features = false } +pallet-rate-limiting-rpc = { path = "pallets/rate-limiting/rpc", default-features = false } procedural-fork = { path = "support/procedural-fork", default-features = false } safe-math = { path = "primitives/safe-math", default-features = false } share-pool = { path = "primitives/share-pool", default-features = false } diff --git a/pallets/rate-limiting/rpc/Cargo.toml b/pallets/rate-limiting/rpc/Cargo.toml new file mode 100644 index 0000000000..d5bf689e8b --- /dev/null +++ b/pallets/rate-limiting/rpc/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "pallet-rate-limiting-rpc" +version = "0.1.0" +description = "RPC interface for the rate limiting pallet" +edition.workspace = true + +[dependencies] +jsonrpsee = { workspace = true, features = ["client-core", "server", "macros"] } +sp-api.workspace = true +sp-blockchain.workspace = true +sp-runtime.workspace = true +pallet-rate-limiting-runtime-api.workspace = true +subtensor-runtime-common = { workspace = true, default-features = false } + +[features] +default = ["std"] +std = [ + "sp-api/std", + "sp-runtime/std", + "pallet-rate-limiting-runtime-api/std", + "subtensor-runtime-common/std", +] diff --git a/pallets/rate-limiting/rpc/src/lib.rs b/pallets/rate-limiting/rpc/src/lib.rs new file mode 100644 index 0000000000..ca7452a7a0 --- /dev/null +++ b/pallets/rate-limiting/rpc/src/lib.rs @@ -0,0 +1,82 @@ +//! RPC interface for the rate limiting pallet. + +use jsonrpsee::{ + core::RpcResult, + proc_macros::rpc, + types::{ErrorObjectOwned, error::ErrorObject}, +}; +use sp_api::ProvideRuntimeApi; +use sp_blockchain::HeaderBackend; +use sp_runtime::traits::Block as BlockT; +use std::sync::Arc; + +pub use pallet_rate_limiting_runtime_api::{RateLimitRpcResponse, RateLimitingRuntimeApi}; + +#[rpc(client, server)] +pub trait RateLimitingRpcApi { + #[method(name = "rateLimiting_getRateLimit")] + fn get_rate_limit( + &self, + pallet: Vec, + extrinsic: Vec, + at: Option, + ) -> RpcResult>; +} + +/// Error type of this RPC api. +pub enum Error { + /// The call to runtime failed. + RuntimeError(String), +} + +impl From for ErrorObjectOwned { + fn from(e: Error) -> Self { + match e { + Error::RuntimeError(e) => ErrorObject::owned(1, e, None::<()>), + } + } +} + +impl From for i32 { + fn from(e: Error) -> i32 { + match e { + Error::RuntimeError(_) => 1, + } + } +} + +/// RPC implementation for the rate limiting pallet. +pub struct RateLimiting { + client: Arc, + _marker: std::marker::PhantomData, +} + +impl RateLimiting { + /// Creates a new instance of the rate limiting RPC helper. + pub fn new(client: Arc) -> Self { + Self { + client, + _marker: Default::default(), + } + } +} + +impl RateLimitingRpcApiServer<::Hash> for RateLimiting +where + Block: BlockT, + C: ProvideRuntimeApi + HeaderBackend + Send + Sync + 'static, + C::Api: RateLimitingRuntimeApi, +{ + fn get_rate_limit( + &self, + pallet: Vec, + extrinsic: Vec, + at: Option<::Hash>, + ) -> RpcResult> { + let api = self.client.runtime_api(); + let at = at.unwrap_or_else(|| self.client.info().best_hash); + + api.get_rate_limit(at, pallet, extrinsic) + .map_err(|e| Error::RuntimeError(format!("Unable to fetch rate limit: {e:?}")).into()) + } +} diff --git a/pallets/rate-limiting/runtime-api/Cargo.toml b/pallets/rate-limiting/runtime-api/Cargo.toml new file mode 100644 index 0000000000..2847d865dd --- /dev/null +++ b/pallets/rate-limiting/runtime-api/Cargo.toml @@ -0,0 +1,26 @@ +[package] +name = "pallet-rate-limiting-runtime-api" +version = "0.1.0" +description = "Runtime API for the rate limiting pallet" +edition.workspace = true + +[dependencies] +codec = { workspace = true, features = ["derive"] } +scale-info = { workspace = true, features = ["derive"] } +sp-api.workspace = true +sp-std.workspace = true +pallet-rate-limiting.workspace = true +subtensor-runtime-common = { workspace = true, default-features = false } +serde = { workspace = true, features = ["derive"], optional = true } + +[features] +default = ["std"] +std = [ + "codec/std", + "scale-info/std", + "sp-api/std", + "sp-std/std", + "pallet-rate-limiting/std", + "subtensor-runtime-common/std", + "serde", +] diff --git a/pallets/rate-limiting/runtime-api/src/lib.rs b/pallets/rate-limiting/runtime-api/src/lib.rs new file mode 100644 index 0000000000..1a32c094ea --- /dev/null +++ b/pallets/rate-limiting/runtime-api/src/lib.rs @@ -0,0 +1,24 @@ +#![cfg_attr(not(feature = "std"), no_std)] + +use codec::{Decode, Encode}; +use pallet_rate_limiting::RateLimit; +use scale_info::TypeInfo; +use sp_std::vec::Vec; +use subtensor_runtime_common::BlockNumber; + +#[cfg(feature = "std")] +use serde::{Deserialize, Serialize}; + +#[cfg_attr(feature = "std", derive(Serialize, Deserialize))] +#[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] +pub struct RateLimitRpcResponse { + pub limit: Option>, + pub default_limit: BlockNumber, + pub resolved: Option, +} + +sp_api::decl_runtime_apis! { + pub trait RateLimitingRuntimeApi { + fn get_rate_limit(pallet: Vec, extrinsic: Vec) -> Option; + } +} diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 0b132c3dda..a07d75d618 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -18,7 +18,7 @@ pub mod pallet { traits::{BuildGenesisConfig, GetCallMetadata}, }; use frame_system::{ensure_root, pallet_prelude::*}; - use sp_std::vec::Vec; + use sp_std::{convert::TryFrom, vec::Vec}; use crate::types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; @@ -144,7 +144,7 @@ pub mod pallet { /// within the provided context. pub fn is_within_limit( identifier: &TransactionIdentifier, - context: Option<::LimitContext>, + context: &Option<::LimitContext>, ) -> Result { let Some(block_span) = Self::resolved_limit(identifier) else { return Ok(true); @@ -152,7 +152,7 @@ pub mod pallet { let current = frame_system::Pallet::::block_number(); - if let Some(last) = LastSeen::::get(identifier, &context) { + if let Some(last) = LastSeen::::get(identifier, context) { let delta = current.saturating_sub(last); if delta < block_span { return Ok(false); @@ -169,6 +169,37 @@ pub mod pallet { RateLimit::Exact(block_span) => block_span, }) } + + /// Returns the configured limit for the specified pallet/extrinsic names, if any. + pub fn limit_for_call_names( + pallet_name: &str, + extrinsic_name: &str, + ) -> Option>> { + let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; + Limits::::get(&identifier) + } + + /// Returns the resolved block span for the specified pallet/extrinsic names, if any. + pub fn resolved_limit_for_call_names( + pallet_name: &str, + extrinsic_name: &str, + ) -> Option> { + let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; + Self::resolved_limit(&identifier) + } + + fn identifier_for_call_names( + pallet_name: &str, + extrinsic_name: &str, + ) -> Option { + let modules = ::RuntimeCall::get_module_names(); + let pallet_pos = modules.iter().position(|name| *name == pallet_name)?; + let call_names = ::RuntimeCall::get_call_names(pallet_name); + let extrinsic_pos = call_names.iter().position(|name| *name == extrinsic_name)?; + let pallet_index = u8::try_from(pallet_pos).ok()?; + let extrinsic_index = u8::try_from(extrinsic_pos).ok()?; + Some(TransactionIdentifier::new(pallet_index, extrinsic_index)) + } } #[pallet::call] diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 097b23b961..6ccfe8160b 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -81,7 +81,7 @@ where let context = ::ContextResolver::context(call); - let within_limit = Pallet::::is_within_limit(&identifier, context.clone()) + let within_limit = Pallet::::is_within_limit(&identifier, &context) .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; if !within_limit { From 69151b1b9ed8cba06e03f785274cf276dd74bad8 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 27 Oct 2025 17:11:18 +0300 Subject: [PATCH 08/46] Add tests to pallet-rate-limiting --- Cargo.lock | 3 + pallets/rate-limiting/Cargo.toml | 5 + pallets/rate-limiting/src/lib.rs | 6 + pallets/rate-limiting/src/mock.rs | 90 +++++++ pallets/rate-limiting/src/tests.rs | 281 ++++++++++++++++++++++ pallets/rate-limiting/src/tx_extension.rs | 181 ++++++++++++++ 6 files changed, 566 insertions(+) create mode 100644 pallets/rate-limiting/src/mock.rs create mode 100644 pallets/rate-limiting/src/tests.rs diff --git a/Cargo.lock b/Cargo.lock index 6e9eba1a5a..d116651d33 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10214,6 +10214,9 @@ dependencies = [ "parity-scale-codec", "scale-info", "serde", + "sp-core", + "sp-io", + "sp-runtime", "sp-std", "subtensor-runtime-common", ] diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml index 24620e2d54..b24ff40ea5 100644 --- a/pallets/rate-limiting/Cargo.toml +++ b/pallets/rate-limiting/Cargo.toml @@ -18,6 +18,11 @@ sp-std.workspace = true subtensor-runtime-common.workspace = true serde = { workspace = true, features = ["derive"], optional = true } +[dev-dependencies] +sp-core.workspace = true +sp-io.workspace = true +sp-runtime.workspace = true + [features] default = ["std"] std = [ diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index a07d75d618..2ac9c76114 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -9,6 +9,12 @@ pub use types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; mod tx_extension; mod types; +#[cfg(test)] +mod mock; + +#[cfg(test)] +mod tests; + #[frame_support::pallet] pub mod pallet { use codec::Codec; diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs new file mode 100644 index 0000000000..d7b9fde20b --- /dev/null +++ b/pallets/rate-limiting/src/mock.rs @@ -0,0 +1,90 @@ +#![allow(dead_code)] + +use frame_support::{ + derive_impl, + sp_runtime::{ + BuildStorage, + traits::{BlakeTwo256, IdentityLookup}, + }, + traits::{ConstU16, ConstU32, ConstU64, Everything}, +}; +use sp_core::H256; +use sp_io::TestExternalities; + +use crate as pallet_rate_limiting; +use crate::TransactionIdentifier; + +pub type UncheckedExtrinsic = frame_system::mocking::MockUncheckedExtrinsic; +pub type Block = frame_system::mocking::MockBlock; + +frame_support::construct_runtime!( + pub enum Test { + System: frame_system, + RateLimiting: pallet_rate_limiting, + } +); + +#[derive_impl(frame_system::config_preludes::TestDefaultConfig)] +impl frame_system::Config for Test { + type BaseCallFilter = Everything; + type BlockWeights = (); + type BlockLength = (); + type DbWeight = (); + type RuntimeOrigin = RuntimeOrigin; + type RuntimeCall = RuntimeCall; + type Nonce = u64; + type Hash = H256; + type Hashing = BlakeTwo256; + type AccountId = u64; + type Lookup = IdentityLookup; + type RuntimeEvent = RuntimeEvent; + type BlockHashCount = ConstU64<250>; + type Version = (); + type PalletInfo = PalletInfo; + type AccountData = (); + type OnNewAccount = (); + type OnKilledAccount = (); + type SystemWeightInfo = (); + type SS58Prefix = ConstU16<42>; + type OnSetCode = (); + type MaxConsumers = ConstU32<16>; + type Block = Block; +} + +pub type LimitContext = u16; + +pub struct TestContextResolver; + +impl pallet_rate_limiting::RateLimitContextResolver + for TestContextResolver +{ + fn context(_call: &RuntimeCall) -> Option { + None + } +} + +impl pallet_rate_limiting::Config for Test { + type RuntimeCall = RuntimeCall; + type LimitContext = LimitContext; + type ContextResolver = TestContextResolver; +} + +pub type RateLimitingCall = crate::Call; + +pub fn new_test_ext() -> TestExternalities { + let storage = frame_system::GenesisConfig::::default() + .build_storage() + .expect("genesis build succeeds"); + + let mut ext = TestExternalities::new(storage); + ext.execute_with(|| System::set_block_number(1)); + ext +} + +pub(crate) fn identifier_for(call: &RuntimeCall) -> TransactionIdentifier { + TransactionIdentifier::from_call::(call).expect("identifier for call") +} + +pub(crate) fn pop_last_event() -> RuntimeEvent { + System::events().pop().expect("event expected").event +} diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs new file mode 100644 index 0000000000..4eb07ad926 --- /dev/null +++ b/pallets/rate-limiting/src/tests.rs @@ -0,0 +1,281 @@ +use frame_support::{assert_noop, assert_ok, error::BadOrigin}; +use sp_runtime::DispatchError; + +use crate::{ + DefaultLimit, LastSeen, Limits, RateLimit, mock::*, pallet::Error, types::TransactionIdentifier, +}; + +#[test] +fn limit_for_call_names_returns_none_if_not_set() { + new_test_ext().execute_with(|| { + assert!( + RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit").is_none() + ); + }); +} + +#[test] +fn limit_for_call_names_returns_stored_limit() { + new_test_ext().execute_with(|| { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::Exact(7)); + + let fetched = RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit") + .expect("limit should exist"); + assert_eq!(fetched, RateLimit::Exact(7)); + }); +} + +#[test] +fn resolved_limit_for_call_names_resolves_default_value() { + new_test_ext().execute_with(|| { + DefaultLimit::::put(3); + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::Default); + + let resolved = + RateLimiting::resolved_limit_for_call_names("RateLimiting", "set_default_rate_limit") + .expect("resolved limit"); + assert_eq!(resolved, 3); + }); +} + +#[test] +fn resolved_limit_for_call_names_returns_none_when_unset() { + new_test_ext().execute_with(|| { + assert!( + RateLimiting::resolved_limit_for_call_names("RateLimiting", "set_default_rate_limit") + .is_none() + ); + }); +} + +#[test] +fn is_within_limit_is_true_when_no_limit() { + new_test_ext().execute_with(|| { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&call); + + let result = RateLimiting::is_within_limit(&identifier, &None); + assert_eq!(result.expect("no error expected"), true); + }); +} + +#[test] +fn is_within_limit_false_when_rate_limited() { + new_test_ext().execute_with(|| { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::Exact(5)); + LastSeen::::insert(identifier, Some(1 as LimitContext), 9); + + System::set_block_number(13); + + let within = RateLimiting::is_within_limit(&identifier, &Some(1 as LimitContext)) + .expect("call succeeds"); + assert!(!within); + }); +} + +#[test] +fn is_within_limit_true_after_required_span() { + new_test_ext().execute_with(|| { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::Exact(5)); + LastSeen::::insert(identifier, Some(2 as LimitContext), 10); + + System::set_block_number(20); + + let within = RateLimiting::is_within_limit(&identifier, &Some(2 as LimitContext)) + .expect("call succeeds"); + assert!(within); + }); +} + +#[test] +fn transaction_identifier_from_call_matches_expected_indices() { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + + let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); + + // System is the first pallet in the mock runtime, RateLimiting is second. + assert_eq!(identifier.pallet_index, 1); + // set_default_rate_limit has call_index 2. + assert_eq!(identifier.extrinsic_index, 2); +} + +#[test] +fn transaction_identifier_names_matches_call_metadata() { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); + + let (pallet, extrinsic) = identifier.names::().expect("call metadata"); + assert_eq!(pallet, "RateLimiting"); + assert_eq!(extrinsic, "set_default_rate_limit"); +} + +#[test] +fn transaction_identifier_names_error_for_unknown_indices() { + let identifier = TransactionIdentifier::new(99, 0); + + let err = identifier.names::().expect_err("should fail"); + let expected: DispatchError = Error::::InvalidRuntimeCall.into(); + assert_eq!(err, expected); +} + +#[test] +fn set_rate_limit_updates_storage_and_emits_event() { + new_test_ext().execute_with(|| { + System::reset_events(); + + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let limit = RateLimit::Exact(9); + + assert_ok!(RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + Box::new(target_call.clone()), + limit + )); + + let identifier = identifier_for(&target_call); + assert_eq!(Limits::::get(identifier), Some(limit)); + + match pop_last_event() { + RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitSet { + transaction, + limit: emitted_limit, + pallet, + extrinsic, + }) => { + assert_eq!(transaction, identifier); + assert_eq!(emitted_limit, limit); + assert_eq!(pallet, b"RateLimiting".to_vec()); + assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); + } + other => panic!("unexpected event: {:?}", other), + } + }); +} + +#[test] +fn set_rate_limit_requires_root() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + + assert_noop!( + RateLimiting::set_rate_limit( + RuntimeOrigin::signed(1), + Box::new(target_call), + RateLimit::Exact(1) + ), + BadOrigin + ); + }); +} + +#[test] +fn set_rate_limit_accepts_default_variant() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + + assert_ok!(RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + Box::new(target_call.clone()), + RateLimit::Default + )); + + let identifier = identifier_for(&target_call); + assert_eq!(Limits::::get(identifier), Some(RateLimit::Default)); + }); +} + +#[test] +fn clear_rate_limit_removes_entry_and_emits_event() { + new_test_ext().execute_with(|| { + System::reset_events(); + + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&target_call); + Limits::::insert(identifier, RateLimit::Exact(4)); + + assert_ok!(RateLimiting::clear_rate_limit( + RuntimeOrigin::root(), + Box::new(target_call.clone()) + )); + + assert_eq!(Limits::::get(identifier), None); + + match pop_last_event() { + RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { + transaction, + pallet, + extrinsic, + }) => { + assert_eq!(transaction, identifier); + assert_eq!(pallet, b"RateLimiting".to_vec()); + assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); + } + other => panic!("unexpected event: {:?}", other), + } + }); +} + +#[test] +fn clear_rate_limit_fails_when_missing() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + + assert_noop!( + RateLimiting::clear_rate_limit(RuntimeOrigin::root(), Box::new(target_call)), + Error::::MissingRateLimit + ); + }); +} + +#[test] +fn set_default_rate_limit_updates_storage_and_emits_event() { + new_test_ext().execute_with(|| { + System::reset_events(); + + assert_ok!(RateLimiting::set_default_rate_limit( + RuntimeOrigin::root(), + 42 + )); + + assert_eq!(DefaultLimit::::get(), 42); + + match pop_last_event() { + RuntimeEvent::RateLimiting(crate::pallet::Event::DefaultRateLimitSet { + block_span, + }) => { + assert_eq!(block_span, 42); + } + other => panic!("unexpected event: {:?}", other), + } + }); +} + +#[test] +fn set_default_rate_limit_requires_root() { + new_test_ext().execute_with(|| { + assert_noop!( + RateLimiting::set_default_rate_limit(RuntimeOrigin::signed(1), 5), + BadOrigin + ); + }); +} diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 6ccfe8160b..f06e72975e 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -124,3 +124,184 @@ where Ok(()) } } + +#[cfg(test)] +mod tests { + use codec::Encode; + use frame_support::dispatch::{GetDispatchInfo, PostDispatchInfo}; + use sp_runtime::{ + traits::{TransactionExtension, TxBaseImplication}, + transaction_validity::{InvalidTransaction, TransactionSource, TransactionValidityError}, + }; + + use crate::{LastSeen, Limits, RateLimit, types::TransactionIdentifier}; + + use super::*; + use crate::mock::*; + + fn remark_call() -> RuntimeCall { + RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }) + } + + fn new_tx_extension() -> RateLimitTransactionExtension { + RateLimitTransactionExtension(Default::default()) + } + + fn validate_with_tx_extension( + extension: &RateLimitTransactionExtension, + call: &RuntimeCall, + ) -> Result< + ( + sp_runtime::transaction_validity::ValidTransaction, + Option<(TransactionIdentifier, Option)>, + RuntimeOrigin, + ), + TransactionValidityError, + > { + let info = call.get_dispatch_info(); + let len = call.encode().len(); + extension.validate( + RuntimeOrigin::signed(42), + call, + &info, + len, + (), + &TxBaseImplication(()), + TransactionSource::External, + ) + } + + #[test] + fn tx_extension_allows_calls_without_limit() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + let call = remark_call(); + + let (_valid, val, _origin) = + validate_with_tx_extension(&extension, &call).expect("valid"); + assert!(val.is_none()); + + let info = call.get_dispatch_info(); + let len = call.encode().len(); + let origin_for_prepare = RuntimeOrigin::signed(42); + let pre = extension + .clone() + .prepare(val.clone(), &origin_for_prepare, &call, &info, len) + .expect("prepare succeeds"); + + let mut post = PostDispatchInfo::default(); + RateLimitTransactionExtension::::post_dispatch( + pre, + &info, + &mut post, + len, + &Ok(()), + ) + .expect("post_dispatch succeeds"); + + let identifier = identifier_for(&call); + assert_eq!( + LastSeen::::get(identifier, None::), + None + ); + }); + } + + #[test] + fn tx_extension_records_last_seen_for_successful_call() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + let call = remark_call(); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::Exact(5)); + + System::set_block_number(10); + + let (_valid, val, _) = validate_with_tx_extension(&extension, &call).expect("valid"); + assert!(val.is_some()); + + let info = call.get_dispatch_info(); + let len = call.encode().len(); + let origin_for_prepare = RuntimeOrigin::signed(42); + let pre = extension + .clone() + .prepare(val.clone(), &origin_for_prepare, &call, &info, len) + .expect("prepare succeeds"); + + let mut post = PostDispatchInfo::default(); + RateLimitTransactionExtension::::post_dispatch( + pre, + &info, + &mut post, + len, + &Ok(()), + ) + .expect("post_dispatch succeeds"); + + assert_eq!( + LastSeen::::get(identifier, None::), + Some(10) + ); + }); + } + + #[test] + fn tx_extension_rejects_when_call_occurs_too_soon() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + let call = remark_call(); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::Exact(5)); + LastSeen::::insert(identifier, None::, 20); + + System::set_block_number(22); + + let err = + validate_with_tx_extension(&extension, &call).expect_err("should be rate limited"); + match err { + TransactionValidityError::Invalid(InvalidTransaction::Custom(code)) => { + assert_eq!(code, 1); + } + other => panic!("unexpected error: {:?}", other), + } + }); + } + + #[test] + fn tx_extension_skips_last_seen_when_span_zero() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + let call = remark_call(); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::Exact(0)); + + System::set_block_number(30); + + let (_valid, val, _) = validate_with_tx_extension(&extension, &call).expect("valid"); + assert!(val.is_none()); + + let info = call.get_dispatch_info(); + let len = call.encode().len(); + let origin_for_prepare = RuntimeOrigin::signed(42); + let pre = extension + .clone() + .prepare(val.clone(), &origin_for_prepare, &call, &info, len) + .expect("prepare succeeds"); + + let mut post = PostDispatchInfo::default(); + RateLimitTransactionExtension::::post_dispatch( + pre, + &info, + &mut post, + len, + &Ok(()), + ) + .expect("post_dispatch succeeds"); + + assert_eq!( + LastSeen::::get(identifier, None::), + None + ); + }); + } +} From 13b8774bdfb1bfdb6dcebbb30045fb2282da02d7 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 27 Oct 2025 18:18:27 +0300 Subject: [PATCH 09/46] Add crate-level documentation for pallet-rate-limiting --- pallets/rate-limiting/src/lib.rs | 70 +++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 2ac9c76114..e9659c7abd 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -1,6 +1,74 @@ #![cfg_attr(not(feature = "std"), no_std)] -//! Basic rate limiting pallet. +//! Rate limiting for runtime calls with optional contextual restrictions. +//! +//! # Overview +//! +//! `pallet-rate-limiting` lets a runtime restrict how frequently particular calls can execute. +//! Limits are stored on-chain, keyed by the call's pallet/variant pair. Each entry can specify an +//! exact block span or defer to a configured default. The pallet exposes three roots-only +//! extrinsics to manage this data: +//! +//! - [`set_rate_limit`](pallet::Pallet::set_rate_limit): assign a limit to an extrinsic, either as +//! `RateLimit::Exact(blocks)` or `RateLimit::Default`. +//! - [`clear_rate_limit`](pallet::Pallet::clear_rate_limit): remove a stored limit. +//! - [`set_default_rate_limit`](pallet::Pallet::set_default_rate_limit): set the global default +//! block span used by `RateLimit::Default` entries. +//! +//! The pallet also tracks the last block in which a rate-limited call was executed, per optional +//! *context*. Context allows one limit definition (for example, “set weights”) to be enforced per +//! subnet, account, or other grouping chosen by the runtime. The storage layout is: +//! +//! - [`Limits`](pallet::Limits): `TransactionIdentifier → RateLimit` +//! - [`DefaultLimit`](pallet::DefaultLimit): `BlockNumber` +//! - [`LastSeen`](pallet::LastSeen): `(TransactionIdentifier, Option) → BlockNumber` +//! +//! # Transaction extension +//! +//! Enforcement happens via [`RateLimitTransactionExtension`], which implements +//! `sp_runtime::traits::TransactionExtension`. The extension consults `Limits`, fetches the current +//! block, and decides whether the call is eligible. If successful, it returns metadata that causes +//! [`LastSeen`](pallet::LastSeen) to update after dispatch. A rejected call yields +//! `InvalidTransaction::Custom(1)`. +//! +//! To enable the extension, add it to your runtime's transaction extension tuple. For example: +//! +//! ```rust +//! pub type TransactionExtensions = ( +//! // ... other extensions ... +//! pallet_rate_limiting::RateLimitTransactionExtension, +//! ); +//! ``` +//! +//! # Context resolver +//! +//! The extension needs to know when two invocations should share a rate limit. This is controlled +//! by implementing [`RateLimitContextResolver`] for the runtime call type (or for a helper that the +//! runtime wires into [`Config::ContextResolver`]). The resolver receives the call and returns +//! `Some(context)` if the rate should be scoped (e.g. by `netuid`), or `None` for a global limit. +//! +//! ```rust +//! pub struct WeightsContextResolver; +//! +//! impl pallet_rate_limiting::RateLimitContextResolver +//! for WeightsContextResolver +//! { +//! fn context(call: &RuntimeCall) -> Option { +//! match call { +//! RuntimeCall::Subtensor(pallet_subtensor::Call::set_weights { netuid, .. }) => { +//! Some(*netuid) +//! } +//! _ => None, +//! } +//! } +//! } +//! +//! impl pallet_rate_limiting::Config for Runtime { +//! type RuntimeCall = RuntimeCall; +//! type LimitContext = NetUid; +//! type ContextResolver = WeightsContextResolver; +//! } +//! ``` pub use pallet::*; pub use tx_extension::RateLimitTransactionExtension; From a4a1c88b1764bbe777246846f25c542a95d0460f Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 27 Oct 2025 18:24:18 +0300 Subject: [PATCH 10/46] Add benchmarks for pallet-rate-limiting --- Cargo.lock | 1 + pallets/rate-limiting/Cargo.toml | 9 ++- pallets/rate-limiting/src/benchmarking.rs | 72 +++++++++++++++++++++++ pallets/rate-limiting/src/lib.rs | 14 ++++- pallets/rate-limiting/src/mock.rs | 13 ++++ pallets/rate-limiting/src/tests.rs | 38 +----------- pallets/rate-limiting/src/types.rs | 41 +++++++++++++ 7 files changed, 147 insertions(+), 41 deletions(-) create mode 100644 pallets/rate-limiting/src/benchmarking.rs diff --git a/Cargo.lock b/Cargo.lock index d116651d33..ee22c024f6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10209,6 +10209,7 @@ dependencies = [ name = "pallet-rate-limiting" version = "0.1.0" dependencies = [ + "frame-benchmarking", "frame-support", "frame-system", "parity-scale-codec", diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml index b24ff40ea5..3447145622 100644 --- a/pallets/rate-limiting/Cargo.toml +++ b/pallets/rate-limiting/Cargo.toml @@ -11,12 +11,13 @@ targets = ["x86_64-unknown-linux-gnu"] [dependencies] codec = { workspace = true, features = ["derive"] } +frame-benchmarking = { workspace = true, optional = true } frame-support.workspace = true frame-system.workspace = true scale-info = { workspace = true, features = ["derive"] } +serde = { workspace = true, features = ["derive"], optional = true } sp-std.workspace = true subtensor-runtime-common.workspace = true -serde = { workspace = true, features = ["derive"], optional = true } [dev-dependencies] sp-core.workspace = true @@ -27,12 +28,16 @@ sp-runtime.workspace = true default = ["std"] std = [ "codec/std", + "frame-benchmarking?/std", "frame-support/std", "frame-system/std", "scale-info/std", + "serde", "sp-std/std", "subtensor-runtime-common/std", - "serde", +] +runtime-benchmarks = [ + "frame-benchmarking", ] try-runtime = [ "frame-support/try-runtime", diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs new file mode 100644 index 0000000000..3266674ac7 --- /dev/null +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -0,0 +1,72 @@ +//! Benchmarking setup for pallet-rate-limiting +#![cfg(feature = "runtime-benchmarks")] +#![allow(clippy::arithmetic_side_effects)] + +use codec::Decode; +use frame_benchmarking::v2::*; +use frame_system::{RawOrigin, pallet_prelude::BlockNumberFor}; + +use super::*; + +pub trait BenchmarkHelper { + fn sample_call() -> Call; +} + +impl BenchmarkHelper for () +where + Call: Decode, +{ + fn sample_call() -> Call { + Decode::decode(&mut &[][..]).expect("Provide a call via BenchmarkHelper::sample_call") + } +} + +fn sample_call() -> Box<::RuntimeCall> +where + T::BenchmarkHelper: BenchmarkHelper<::RuntimeCall>, +{ + Box::new(T::BenchmarkHelper::sample_call()) +} + +#[benchmarks] +mod benchmarks { + use super::*; + + #[benchmark] + fn set_rate_limit() { + let call = sample_call::(); + let limit = RateLimit::>::Exact(BlockNumberFor::::from(10u32)); + + #[extrinsic_call] + _(RawOrigin::Root, call, limit.clone()); + + assert!(Limits::::iter().any(|(_, stored)| stored == limit)); + } + + #[benchmark] + fn clear_rate_limit() { + let call = sample_call::(); + let limit = RateLimit::>::Exact(BlockNumberFor::::from(10u32)); + + // Pre-populate limit for benchmark call + let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); + Limits::::insert(identifier, limit); + + #[extrinsic_call] + _(RawOrigin::Root, call); + + assert!(Limits::::get(identifier).is_none()); + } + + #[benchmark] + fn set_default_rate_limit() { + let block_span = BlockNumberFor::::from(10u32); + + #[extrinsic_call] + _(RawOrigin::Root, block_span); + + assert_eq!(DefaultLimit::::get(), block_span); + } + + impl_benchmark_test_suite!(Pallet, crate::mock::new_test_ext(), crate::mock::Test); +} diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index e9659c7abd..637216e71b 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -33,7 +33,7 @@ //! //! To enable the extension, add it to your runtime's transaction extension tuple. For example: //! -//! ```rust +//! ```ignore //! pub type TransactionExtensions = ( //! // ... other extensions ... //! pallet_rate_limiting::RateLimitTransactionExtension, @@ -47,7 +47,7 @@ //! runtime wires into [`Config::ContextResolver`]). The resolver receives the call and returns //! `Some(context)` if the rate should be scoped (e.g. by `netuid`), or `None` for a global limit. //! -//! ```rust +//! ```ignore //! pub struct WeightsContextResolver; //! //! impl pallet_rate_limiting::RateLimitContextResolver @@ -70,10 +70,14 @@ //! } //! ``` +#[cfg(feature = "runtime-benchmarks")] +pub use benchmarking::BenchmarkHelper; pub use pallet::*; pub use tx_extension::RateLimitTransactionExtension; pub use types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; +#[cfg(feature = "runtime-benchmarks")] +mod benchmarking; mod tx_extension; mod types; @@ -94,6 +98,8 @@ pub mod pallet { use frame_system::{ensure_root, pallet_prelude::*}; use sp_std::{convert::TryFrom, vec::Vec}; + #[cfg(feature = "runtime-benchmarks")] + use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; use crate::types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; /// Configuration trait for the rate limiting pallet. @@ -110,6 +116,10 @@ pub mod pallet { /// Resolves the context for a given runtime call. type ContextResolver: RateLimitContextResolver<::RuntimeCall, Self::LimitContext>; + + /// Helper used to construct runtime calls for benchmarking. + #[cfg(feature = "runtime-benchmarks")] + type BenchmarkHelper: BenchmarkHelperTrait<::RuntimeCall>; } /// Storage mapping from transaction identifier to its configured rate limit. diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index d7b9fde20b..4218e757a1 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -10,6 +10,7 @@ use frame_support::{ }; use sp_core::H256; use sp_io::TestExternalities; +use sp_std::vec::Vec; use crate as pallet_rate_limiting; use crate::TransactionIdentifier; @@ -67,6 +68,18 @@ impl pallet_rate_limiting::Config for Test { type RuntimeCall = RuntimeCall; type LimitContext = LimitContext; type ContextResolver = TestContextResolver; + #[cfg(feature = "runtime-benchmarks")] + type BenchmarkHelper = BenchHelper; +} + +#[cfg(feature = "runtime-benchmarks")] +pub struct BenchHelper; + +#[cfg(feature = "runtime-benchmarks")] +impl crate::BenchmarkHelper for BenchHelper { + fn sample_call() -> RuntimeCall { + RuntimeCall::System(frame_system::Call::remark { remark: Vec::new() }) + } } pub type RateLimitingCall = crate::Call; diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 4eb07ad926..5a8d2dd933 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -1,9 +1,6 @@ use frame_support::{assert_noop, assert_ok, error::BadOrigin}; -use sp_runtime::DispatchError; -use crate::{ - DefaultLimit, LastSeen, Limits, RateLimit, mock::*, pallet::Error, types::TransactionIdentifier, -}; +use crate::{DefaultLimit, LastSeen, Limits, RateLimit, mock::*, pallet::Error}; #[test] fn limit_for_call_names_returns_none_if_not_set() { @@ -100,39 +97,6 @@ fn is_within_limit_true_after_required_span() { }); } -#[test] -fn transaction_identifier_from_call_matches_expected_indices() { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - - let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); - - // System is the first pallet in the mock runtime, RateLimiting is second. - assert_eq!(identifier.pallet_index, 1); - // set_default_rate_limit has call_index 2. - assert_eq!(identifier.extrinsic_index, 2); -} - -#[test] -fn transaction_identifier_names_matches_call_metadata() { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); - - let (pallet, extrinsic) = identifier.names::().expect("call metadata"); - assert_eq!(pallet, "RateLimiting"); - assert_eq!(extrinsic, "set_default_rate_limit"); -} - -#[test] -fn transaction_identifier_names_error_for_unknown_indices() { - let identifier = TransactionIdentifier::new(99, 0); - - let err = identifier.names::().expect_err("should fail"); - let expected: DispatchError = Error::::InvalidRuntimeCall.into(); - assert_eq!(err, expected); -} - #[test] fn set_rate_limit_updates_storage_and_emits_event() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 4e00053ec7..72e2a43777 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -97,3 +97,44 @@ pub enum RateLimit { /// Apply an exact rate limit measured in blocks. Exact(BlockNumber), } + +#[cfg(test)] +mod tests { + use sp_runtime::DispatchError; + + use super::*; + use crate::{mock::*, pallet::Error}; + + #[test] + fn transaction_identifier_from_call_matches_expected_indices() { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + + let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); + + // System is the first pallet in the mock runtime, RateLimiting is second. + assert_eq!(identifier.pallet_index, 1); + // set_default_rate_limit has call_index 2. + assert_eq!(identifier.extrinsic_index, 2); + } + + #[test] + fn transaction_identifier_names_matches_call_metadata() { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); + + let (pallet, extrinsic) = identifier.names::().expect("call metadata"); + assert_eq!(pallet, "RateLimiting"); + assert_eq!(extrinsic, "set_default_rate_limit"); + } + + #[test] + fn transaction_identifier_names_error_for_unknown_indices() { + let identifier = TransactionIdentifier::new(99, 0); + + let err = identifier.names::().expect_err("should fail"); + let expected: DispatchError = Error::::InvalidRuntimeCall.into(); + assert_eq!(err, expected); + } +} From 6ccc421e94f866ed99f85499de05673107ea142d Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Wed, 29 Oct 2025 15:18:52 +0300 Subject: [PATCH 11/46] Extend rate limit setting with context --- pallets/rate-limiting/src/benchmarking.rs | 13 +- pallets/rate-limiting/src/lib.rs | 67 ++++++--- pallets/rate-limiting/src/tests.rs | 175 +++++++++++++++++++--- pallets/rate-limiting/src/tx_extension.rs | 21 +-- 4 files changed, 217 insertions(+), 59 deletions(-) diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index 3266674ac7..bf4a3b37b5 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -36,11 +36,13 @@ mod benchmarks { fn set_rate_limit() { let call = sample_call::(); let limit = RateLimit::>::Exact(BlockNumberFor::::from(10u32)); + let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); + let context = ::ContextResolver::context(call.as_ref()); #[extrinsic_call] - _(RawOrigin::Root, call, limit.clone()); + _(RawOrigin::Root, call, limit.clone(), None); - assert!(Limits::::iter().any(|(_, stored)| stored == limit)); + assert_eq!(Limits::::get(&identifier, context), Some(limit)); } #[benchmark] @@ -50,12 +52,13 @@ mod benchmarks { // Pre-populate limit for benchmark call let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); - Limits::::insert(identifier, limit); + let context = ::ContextResolver::context(call.as_ref()); + Limits::::insert(identifier, context.clone(), limit); #[extrinsic_call] - _(RawOrigin::Root, call); + _(RawOrigin::Root, call, None); - assert!(Limits::::get(identifier).is_none()); + assert!(Limits::::get(identifier, context).is_none()); } #[benchmark] diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 637216e71b..23eff3cf9a 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -10,8 +10,10 @@ //! extrinsics to manage this data: //! //! - [`set_rate_limit`](pallet::Pallet::set_rate_limit): assign a limit to an extrinsic, either as -//! `RateLimit::Exact(blocks)` or `RateLimit::Default`. -//! - [`clear_rate_limit`](pallet::Pallet::clear_rate_limit): remove a stored limit. +//! `RateLimit::Exact(blocks)` or `RateLimit::Default`. The optional context parameter lets you +//! scope the configuration to a particular subnet/key/account while keeping a global fallback. +//! - [`clear_rate_limit`](pallet::Pallet::clear_rate_limit): remove a stored limit for the provided +//! context (or for the global entry when `None` is supplied). //! - [`set_default_rate_limit`](pallet::Pallet::set_default_rate_limit): set the global default //! block span used by `RateLimit::Default` entries. //! @@ -45,7 +47,9 @@ //! The extension needs to know when two invocations should share a rate limit. This is controlled //! by implementing [`RateLimitContextResolver`] for the runtime call type (or for a helper that the //! runtime wires into [`Config::ContextResolver`]). The resolver receives the call and returns -//! `Some(context)` if the rate should be scoped (e.g. by `netuid`), or `None` for a global limit. +//! `Some(context)` if the rate should be scoped (e.g. by `netuid`), or `None` to use the global +//! entry. The resolver is only used when *tracking* executions; you still configure limits via the +//! explicit `context` argument on `set_rate_limit`/`clear_rate_limit`. //! //! ```ignore //! pub struct WeightsContextResolver; @@ -112,7 +116,7 @@ pub mod pallet { + IsType<::RuntimeCall>; /// Context type used for contextual (per-group) rate limits. - type LimitContext: Parameter + Clone + PartialEq + Eq; + type LimitContext: Parameter + Clone + PartialEq + Eq + MaybeSerializeDeserialize; /// Resolves the context for a given runtime call. type ContextResolver: RateLimitContextResolver<::RuntimeCall, Self::LimitContext>; @@ -122,13 +126,15 @@ pub mod pallet { type BenchmarkHelper: BenchmarkHelperTrait<::RuntimeCall>; } - /// Storage mapping from transaction identifier to its configured rate limit. + /// Storage mapping from transaction identifier and optional context to its configured rate limit. #[pallet::storage] #[pallet::getter(fn limits)] - pub type Limits = StorageMap< + pub type Limits = StorageDoubleMap< _, Blake2_128Concat, TransactionIdentifier, + Blake2_128Concat, + Option<::LimitContext>, RateLimit>, OptionQuery, >; @@ -160,6 +166,8 @@ pub mod pallet { RateLimitSet { /// Identifier of the affected transaction. transaction: TransactionIdentifier, + /// Context to which the limit applies, if any. + context: Option<::LimitContext>, /// The new limit configuration applied to the transaction. limit: RateLimit>, /// Pallet name associated with the transaction. @@ -171,6 +179,8 @@ pub mod pallet { RateLimitCleared { /// Identifier of the affected transaction. transaction: TransactionIdentifier, + /// Context from which the limit was cleared, if any. + context: Option<::LimitContext>, /// Pallet name associated with the transaction. pallet: Vec, /// Extrinsic name associated with the transaction. @@ -195,7 +205,11 @@ pub mod pallet { #[pallet::genesis_config] pub struct GenesisConfig { pub default_limit: BlockNumberFor, - pub limits: Vec<(TransactionIdentifier, RateLimit>)>, + pub limits: Vec<( + TransactionIdentifier, + Option<::LimitContext>, + RateLimit>, + )>, } #[cfg(feature = "std")] @@ -213,8 +227,8 @@ pub mod pallet { fn build(&self) { DefaultLimit::::put(self.default_limit); - for (identifier, limit) in &self.limits { - Limits::::insert(identifier, limit.clone()); + for (identifier, context, limit) in &self.limits { + Limits::::insert(identifier, context.clone(), limit.clone()); } } } @@ -230,7 +244,7 @@ pub mod pallet { identifier: &TransactionIdentifier, context: &Option<::LimitContext>, ) -> Result { - let Some(block_span) = Self::resolved_limit(identifier) else { + let Some(block_span) = Self::resolved_limit(identifier, context) else { return Ok(true); }; @@ -246,8 +260,13 @@ pub mod pallet { Ok(true) } - fn resolved_limit(identifier: &TransactionIdentifier) -> Option> { - let limit = Limits::::get(identifier)?; + pub(crate) fn resolved_limit( + identifier: &TransactionIdentifier, + context: &Option<::LimitContext>, + ) -> Option> { + let lookup = Limits::::get(identifier, context.clone()) + .or_else(|| Limits::::get(identifier, None::<::LimitContext>)); + let limit = lookup?; Some(match limit { RateLimit::Default => DefaultLimit::::get(), RateLimit::Exact(block_span) => block_span, @@ -258,18 +277,21 @@ pub mod pallet { pub fn limit_for_call_names( pallet_name: &str, extrinsic_name: &str, + context: Option<::LimitContext>, ) -> Option>> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; - Limits::::get(&identifier) + Limits::::get(&identifier, context.clone()) + .or_else(|| Limits::::get(&identifier, None::<::LimitContext>)) } /// Returns the resolved block span for the specified pallet/extrinsic names, if any. pub fn resolved_limit_for_call_names( pallet_name: &str, extrinsic_name: &str, + context: Option<::LimitContext>, ) -> Option> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; - Self::resolved_limit(&identifier) + Self::resolved_limit(&identifier, &context) } fn identifier_for_call_names( @@ -288,21 +310,24 @@ pub mod pallet { #[pallet::call] impl Pallet { - /// Sets the rate limit configuration for the given call. + /// Sets the rate limit configuration for the given call and optional context. /// /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any - /// arguments embedded in the call are ignored**. + /// arguments embedded in the call are ignored**. The `context` parameter determines which + /// scoped entry is updated (for example a subnet identifier). Passing `None` updates the + /// global entry, which acts as a fallback when no context-specific limit exists. #[pallet::call_index(0)] #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn set_rate_limit( origin: OriginFor, call: Box<::RuntimeCall>, limit: RateLimit>, + context: Option<::LimitContext>, ) -> DispatchResult { ensure_root(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - Limits::::insert(&identifier, limit); + Limits::::insert(&identifier, context.clone(), limit.clone()); let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); @@ -310,6 +335,7 @@ pub mod pallet { Self::deposit_event(Event::RateLimitSet { transaction: identifier, + context, limit, pallet, extrinsic, @@ -321,12 +347,14 @@ pub mod pallet { /// Clears the rate limit for the given call, if present. /// /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any - /// arguments embedded in the call are ignored**. + /// arguments embedded in the call are ignored**. The `context` parameter must match the + /// entry that should be removed (use `None` to remove the global configuration). #[pallet::call_index(1)] #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn clear_rate_limit( origin: OriginFor, call: Box<::RuntimeCall>, + context: Option<::LimitContext>, ) -> DispatchResult { ensure_root(origin)?; @@ -337,12 +365,13 @@ pub mod pallet { let extrinsic = Vec::from(extrinsic_name.as_bytes()); ensure!( - Limits::::take(&identifier).is_some(), + Limits::::take(&identifier, context.clone()).is_some(), Error::::MissingRateLimit ); Self::deposit_event(Event::RateLimitCleared { transaction: identifier, + context, pallet, extrinsic, }); diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 5a8d2dd933..ce5b6d25ab 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -6,7 +6,8 @@ use crate::{DefaultLimit, LastSeen, Limits, RateLimit, mock::*, pallet::Error}; fn limit_for_call_names_returns_none_if_not_set() { new_test_ext().execute_with(|| { assert!( - RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit").is_none() + RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", None) + .is_none() ); }); } @@ -17,14 +18,36 @@ fn limit_for_call_names_returns_stored_limit() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::Exact(7)); + Limits::::insert(identifier, None::, RateLimit::Exact(7)); - let fetched = RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit") - .expect("limit should exist"); + let fetched = + RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", None) + .expect("limit should exist"); assert_eq!(fetched, RateLimit::Exact(7)); }); } +#[test] +fn limit_for_call_names_prefers_context_specific_limit() { + new_test_ext().execute_with(|| { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&call); + Limits::::insert(identifier, None::, RateLimit::Exact(3)); + Limits::::insert(identifier, Some(5), RateLimit::Exact(8)); + + let fetched = + RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", Some(5)) + .expect("limit should exist"); + assert_eq!(fetched, RateLimit::Exact(8)); + + let fallback = + RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", Some(1)) + .expect("limit should exist"); + assert_eq!(fallback, RateLimit::Exact(3)); + }); +} + #[test] fn resolved_limit_for_call_names_resolves_default_value() { new_test_ext().execute_with(|| { @@ -32,21 +55,55 @@ fn resolved_limit_for_call_names_resolves_default_value() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::Default); - - let resolved = - RateLimiting::resolved_limit_for_call_names("RateLimiting", "set_default_rate_limit") - .expect("resolved limit"); + Limits::::insert(identifier, None::, RateLimit::Default); + + let resolved = RateLimiting::resolved_limit_for_call_names( + "RateLimiting", + "set_default_rate_limit", + None, + ) + .expect("resolved limit"); assert_eq!(resolved, 3); }); } +#[test] +fn resolved_limit_for_call_names_prefers_context_specific_value() { + new_test_ext().execute_with(|| { + let call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&call); + Limits::::insert(identifier, None::, RateLimit::Exact(4)); + Limits::::insert(identifier, Some(6), RateLimit::Exact(9)); + + let resolved = RateLimiting::resolved_limit_for_call_names( + "RateLimiting", + "set_default_rate_limit", + Some(6), + ) + .expect("resolved limit"); + assert_eq!(resolved, 9); + + let fallback = RateLimiting::resolved_limit_for_call_names( + "RateLimiting", + "set_default_rate_limit", + Some(1), + ) + .expect("resolved limit"); + assert_eq!(fallback, 4); + }); +} + #[test] fn resolved_limit_for_call_names_returns_none_when_unset() { new_test_ext().execute_with(|| { assert!( - RateLimiting::resolved_limit_for_call_names("RateLimiting", "set_default_rate_limit") - .is_none() + RateLimiting::resolved_limit_for_call_names( + "RateLimiting", + "set_default_rate_limit", + None, + ) + .is_none() ); }); } @@ -69,7 +126,7 @@ fn is_within_limit_false_when_rate_limited() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::Exact(5)); + Limits::::insert(identifier, Some(1 as LimitContext), RateLimit::Exact(5)); LastSeen::::insert(identifier, Some(1 as LimitContext), 9); System::set_block_number(13); @@ -86,7 +143,7 @@ fn is_within_limit_true_after_required_span() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::Exact(5)); + Limits::::insert(identifier, Some(2 as LimitContext), RateLimit::Exact(5)); LastSeen::::insert(identifier, Some(2 as LimitContext), 10); System::set_block_number(20); @@ -109,20 +166,26 @@ fn set_rate_limit_updates_storage_and_emits_event() { assert_ok!(RateLimiting::set_rate_limit( RuntimeOrigin::root(), Box::new(target_call.clone()), - limit + limit, + None, )); let identifier = identifier_for(&target_call); - assert_eq!(Limits::::get(identifier), Some(limit)); + assert_eq!( + Limits::::get(identifier, None::), + Some(limit) + ); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitSet { transaction, + context, limit: emitted_limit, pallet, extrinsic, }) => { assert_eq!(transaction, identifier); + assert_eq!(context, None); assert_eq!(emitted_limit, limit); assert_eq!(pallet, b"RateLimiting".to_vec()); assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); @@ -132,6 +195,29 @@ fn set_rate_limit_updates_storage_and_emits_event() { }); } +#[test] +fn set_rate_limit_supports_context_specific_limit() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let context = Some(7u16); + assert_ok!(RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + Box::new(target_call.clone()), + RateLimit::Exact(11), + context, + )); + + let identifier = identifier_for(&target_call); + assert_eq!( + Limits::::get(identifier, Some(7)), + Some(RateLimit::Exact(11)) + ); + // global remains untouched + assert_eq!(Limits::::get(identifier, None::), None); + }); +} + #[test] fn set_rate_limit_requires_root() { new_test_ext().execute_with(|| { @@ -142,7 +228,8 @@ fn set_rate_limit_requires_root() { RateLimiting::set_rate_limit( RuntimeOrigin::signed(1), Box::new(target_call), - RateLimit::Exact(1) + RateLimit::Exact(1), + None, ), BadOrigin ); @@ -158,11 +245,15 @@ fn set_rate_limit_accepts_default_variant() { assert_ok!(RateLimiting::set_rate_limit( RuntimeOrigin::root(), Box::new(target_call.clone()), - RateLimit::Default + RateLimit::Default, + None, )); let identifier = identifier_for(&target_call); - assert_eq!(Limits::::get(identifier), Some(RateLimit::Default)); + assert_eq!( + Limits::::get(identifier, None::), + Some(RateLimit::Default) + ); }); } @@ -174,22 +265,25 @@ fn clear_rate_limit_removes_entry_and_emits_event() { let target_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&target_call); - Limits::::insert(identifier, RateLimit::Exact(4)); + Limits::::insert(identifier, None::, RateLimit::Exact(4)); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), - Box::new(target_call.clone()) + Box::new(target_call.clone()), + None, )); - assert_eq!(Limits::::get(identifier), None); + assert_eq!(Limits::::get(identifier, None::), None); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { transaction, + context, pallet, extrinsic, }) => { assert_eq!(transaction, identifier); + assert_eq!(context, None); assert_eq!(pallet, b"RateLimiting".to_vec()); assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); } @@ -205,12 +299,49 @@ fn clear_rate_limit_fails_when_missing() { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); assert_noop!( - RateLimiting::clear_rate_limit(RuntimeOrigin::root(), Box::new(target_call)), + RateLimiting::clear_rate_limit(RuntimeOrigin::root(), Box::new(target_call), None), Error::::MissingRateLimit ); }); } +#[test] +fn clear_rate_limit_removes_only_selected_context() { + new_test_ext().execute_with(|| { + System::reset_events(); + + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&target_call); + Limits::::insert(identifier, None::, RateLimit::Exact(5)); + Limits::::insert(identifier, Some(9), RateLimit::Exact(7)); + + assert_ok!(RateLimiting::clear_rate_limit( + RuntimeOrigin::root(), + Box::new(target_call.clone()), + Some(9), + )); + + assert_eq!(Limits::::get(identifier, Some(9u16)), None); + assert_eq!( + Limits::::get(identifier, None::), + Some(RateLimit::Exact(5)) + ); + + match pop_last_event() { + RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { + transaction, + context, + .. + }) => { + assert_eq!(transaction, identifier); + assert_eq!(context, Some(9)); + } + other => panic!("unexpected event: {:?}", other), + } + }); +} + #[test] fn set_default_rate_limit_updates_storage_and_emits_event() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index f06e72975e..af02bfa453 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -16,8 +16,8 @@ use scale_info::TypeInfo; use sp_std::{marker::PhantomData, result::Result}; use crate::{ - Config, LastSeen, Limits, Pallet, - types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}, + Config, LastSeen, Pallet, + types::{RateLimitContextResolver, TransactionIdentifier}, }; /// Identifier returned in the transaction metadata for the rate limiting extension. @@ -66,21 +66,16 @@ where Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), }; - let Some(limit) = Limits::::get(&identifier) else { - return Ok((ValidTransaction::default(), None, origin)); - }; + let context = ::ContextResolver::context(call); - let block_span = match limit { - RateLimit::Default => Pallet::::default_limit(), - RateLimit::Exact(block_span) => block_span, + let Some(block_span) = Pallet::::resolved_limit(&identifier, &context) else { + return Ok((ValidTransaction::default(), None, origin)); }; if block_span.is_zero() { return Ok((ValidTransaction::default(), None, origin)); } - let context = ::ContextResolver::context(call); - let within_limit = Pallet::::is_within_limit(&identifier, &context) .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; @@ -213,7 +208,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::Exact(5)); + Limits::::insert(identifier, None::, RateLimit::Exact(5)); System::set_block_number(10); @@ -251,7 +246,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::Exact(5)); + Limits::::insert(identifier, None::, RateLimit::Exact(5)); LastSeen::::insert(identifier, None::, 20); System::set_block_number(22); @@ -273,7 +268,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::Exact(0)); + Limits::::insert(identifier, None::, RateLimit::Exact(0)); System::set_block_number(30); From be9d4f7ffc7a9be1c71cf652285cb4694367d636 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Wed, 29 Oct 2025 17:46:43 +0300 Subject: [PATCH 12/46] Make rate limiting pallet instantiable --- pallets/rate-limiting/src/benchmarking.rs | 19 ++-- pallets/rate-limiting/src/lib.rs | 98 +++++++++++---------- pallets/rate-limiting/src/mock.rs | 2 +- pallets/rate-limiting/src/tests.rs | 52 ++++++----- pallets/rate-limiting/src/tx_extension.rs | 102 +++++++++++++++------- pallets/rate-limiting/src/types.rs | 36 ++++---- 6 files changed, 184 insertions(+), 125 deletions(-) diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index bf4a3b37b5..8392109772 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -36,13 +36,16 @@ mod benchmarks { fn set_rate_limit() { let call = sample_call::(); let limit = RateLimit::>::Exact(BlockNumberFor::::from(10u32)); - let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); - let context = ::ContextResolver::context(call.as_ref()); + let identifier = + TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); #[extrinsic_call] _(RawOrigin::Root, call, limit.clone(), None); - assert_eq!(Limits::::get(&identifier, context), Some(limit)); + assert_eq!( + Limits::::get(&identifier, None::<::LimitContext>), + Some(limit) + ); } #[benchmark] @@ -51,14 +54,14 @@ mod benchmarks { let limit = RateLimit::>::Exact(BlockNumberFor::::from(10u32)); // Pre-populate limit for benchmark call - let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); - let context = ::ContextResolver::context(call.as_ref()); - Limits::::insert(identifier, context.clone(), limit); + let identifier = + TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); + Limits::::insert(identifier, None::<::LimitContext>, limit); #[extrinsic_call] _(RawOrigin::Root, call, None); - assert!(Limits::::get(identifier, context).is_none()); + assert!(Limits::::get(identifier, None::<::LimitContext>).is_none()); } #[benchmark] @@ -68,7 +71,7 @@ mod benchmarks { #[extrinsic_call] _(RawOrigin::Root, block_span); - assert_eq!(DefaultLimit::::get(), block_span); + assert_eq!(DefaultLimit::::get(), block_span); } impl_benchmark_test_suite!(Pallet, crate::mock::new_test_ext(), crate::mock::Test); diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 23eff3cf9a..2ca3ab87ba 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -25,6 +25,9 @@ //! - [`DefaultLimit`](pallet::DefaultLimit): `BlockNumber` //! - [`LastSeen`](pallet::LastSeen): `(TransactionIdentifier, Option) → BlockNumber` //! +//! Each storage map is namespaced by pallet instance; runtimes can deploy multiple independent +//! instances to manage distinct rate-limiting scopes. +//! //! # Transaction extension //! //! Enforcement happens via [`RateLimitTransactionExtension`], which implements @@ -100,7 +103,7 @@ pub mod pallet { traits::{BuildGenesisConfig, GetCallMetadata}, }; use frame_system::{ensure_root, pallet_prelude::*}; - use sp_std::{convert::TryFrom, vec::Vec}; + use sp_std::{convert::TryFrom, marker::PhantomData, vec::Vec}; #[cfg(feature = "runtime-benchmarks")] use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; @@ -108,7 +111,7 @@ pub mod pallet { /// Configuration trait for the rate limiting pallet. #[pallet::config] - pub trait Config: frame_system::Config { + pub trait Config: frame_system::Config { /// The overarching runtime call type. type RuntimeCall: Parameter + Codec @@ -119,22 +122,22 @@ pub mod pallet { type LimitContext: Parameter + Clone + PartialEq + Eq + MaybeSerializeDeserialize; /// Resolves the context for a given runtime call. - type ContextResolver: RateLimitContextResolver<::RuntimeCall, Self::LimitContext>; + type ContextResolver: RateLimitContextResolver<>::RuntimeCall, Self::LimitContext>; /// Helper used to construct runtime calls for benchmarking. #[cfg(feature = "runtime-benchmarks")] - type BenchmarkHelper: BenchmarkHelperTrait<::RuntimeCall>; + type BenchmarkHelper: BenchmarkHelperTrait<>::RuntimeCall>; } /// Storage mapping from transaction identifier and optional context to its configured rate limit. #[pallet::storage] #[pallet::getter(fn limits)] - pub type Limits = StorageDoubleMap< + pub type Limits, I: 'static = ()> = StorageDoubleMap< _, Blake2_128Concat, TransactionIdentifier, Blake2_128Concat, - Option<::LimitContext>, + Option<>::LimitContext>, RateLimit>, OptionQuery, >; @@ -143,12 +146,12 @@ pub mod pallet { /// /// The second key is `None` for global limits and `Some(context)` for contextual limits. #[pallet::storage] - pub type LastSeen = StorageDoubleMap< + pub type LastSeen, I: 'static = ()> = StorageDoubleMap< _, Blake2_128Concat, TransactionIdentifier, Blake2_128Concat, - Option<::LimitContext>, + Option<>::LimitContext>, BlockNumberFor, OptionQuery, >; @@ -156,18 +159,19 @@ pub mod pallet { /// Default block span applied when an extrinsic uses the default rate limit. #[pallet::storage] #[pallet::getter(fn default_limit)] - pub type DefaultLimit = StorageValue<_, BlockNumberFor, ValueQuery>; + pub type DefaultLimit, I: 'static = ()> = + StorageValue<_, BlockNumberFor, ValueQuery>; /// Events emitted by the rate limiting pallet. #[pallet::event] #[pallet::generate_deposit(pub(super) fn deposit_event)] - pub enum Event { + pub enum Event, I: 'static = ()> { /// A rate limit was set or updated. RateLimitSet { /// Identifier of the affected transaction. transaction: TransactionIdentifier, /// Context to which the limit applies, if any. - context: Option<::LimitContext>, + context: Option<>::LimitContext>, /// The new limit configuration applied to the transaction. limit: RateLimit>, /// Pallet name associated with the transaction. @@ -180,7 +184,7 @@ pub mod pallet { /// Identifier of the affected transaction. transaction: TransactionIdentifier, /// Context from which the limit was cleared, if any. - context: Option<::LimitContext>, + context: Option<>::LimitContext>, /// Pallet name associated with the transaction. pallet: Vec, /// Extrinsic name associated with the transaction. @@ -195,7 +199,7 @@ pub mod pallet { /// Errors that can occur while configuring rate limits. #[pallet::error] - pub enum Error { + pub enum Error { /// Failed to extract the pallet and extrinsic indices from the call. InvalidRuntimeCall, /// Attempted to remove a limit that is not present. @@ -203,17 +207,17 @@ pub mod pallet { } #[pallet::genesis_config] - pub struct GenesisConfig { + pub struct GenesisConfig, I: 'static = ()> { pub default_limit: BlockNumberFor, pub limits: Vec<( TransactionIdentifier, - Option<::LimitContext>, + Option<>::LimitContext>, RateLimit>, )>, } #[cfg(feature = "std")] - impl Default for GenesisConfig { + impl, I: 'static> Default for GenesisConfig { fn default() -> Self { Self { default_limit: Zero::zero(), @@ -223,26 +227,26 @@ pub mod pallet { } #[pallet::genesis_build] - impl BuildGenesisConfig for GenesisConfig { + impl, I: 'static> BuildGenesisConfig for GenesisConfig { fn build(&self) { - DefaultLimit::::put(self.default_limit); + DefaultLimit::::put(self.default_limit); for (identifier, context, limit) in &self.limits { - Limits::::insert(identifier, context.clone(), limit.clone()); + Limits::::insert(identifier, context.clone(), limit.clone()); } } } #[pallet::pallet] #[pallet::without_storage_info] - pub struct Pallet(_); + pub struct Pallet(PhantomData<(T, I)>); - impl Pallet { + impl, I: 'static> Pallet { /// Returns `true` when the given transaction identifier passes its configured rate limit /// within the provided context. pub fn is_within_limit( identifier: &TransactionIdentifier, - context: &Option<::LimitContext>, + context: &Option<>::LimitContext>, ) -> Result { let Some(block_span) = Self::resolved_limit(identifier, context) else { return Ok(true); @@ -250,7 +254,7 @@ pub mod pallet { let current = frame_system::Pallet::::block_number(); - if let Some(last) = LastSeen::::get(identifier, context) { + if let Some(last) = LastSeen::::get(identifier, context) { let delta = current.saturating_sub(last); if delta < block_span { return Ok(false); @@ -262,13 +266,14 @@ pub mod pallet { pub(crate) fn resolved_limit( identifier: &TransactionIdentifier, - context: &Option<::LimitContext>, + context: &Option<>::LimitContext>, ) -> Option> { - let lookup = Limits::::get(identifier, context.clone()) - .or_else(|| Limits::::get(identifier, None::<::LimitContext>)); + let lookup = Limits::::get(identifier, context).or_else(|| { + Limits::::get(identifier, None::<>::LimitContext>) + }); let limit = lookup?; Some(match limit { - RateLimit::Default => DefaultLimit::::get(), + RateLimit::Default => DefaultLimit::::get(), RateLimit::Exact(block_span) => block_span, }) } @@ -277,18 +282,19 @@ pub mod pallet { pub fn limit_for_call_names( pallet_name: &str, extrinsic_name: &str, - context: Option<::LimitContext>, + context: Option<>::LimitContext>, ) -> Option>> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; - Limits::::get(&identifier, context.clone()) - .or_else(|| Limits::::get(&identifier, None::<::LimitContext>)) + Limits::::get(&identifier, context.clone()).or_else(|| { + Limits::::get(&identifier, None::<>::LimitContext>) + }) } /// Returns the resolved block span for the specified pallet/extrinsic names, if any. pub fn resolved_limit_for_call_names( pallet_name: &str, extrinsic_name: &str, - context: Option<::LimitContext>, + context: Option<>::LimitContext>, ) -> Option> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; Self::resolved_limit(&identifier, &context) @@ -298,9 +304,9 @@ pub mod pallet { pallet_name: &str, extrinsic_name: &str, ) -> Option { - let modules = ::RuntimeCall::get_module_names(); + let modules = >::RuntimeCall::get_module_names(); let pallet_pos = modules.iter().position(|name| *name == pallet_name)?; - let call_names = ::RuntimeCall::get_call_names(pallet_name); + let call_names = >::RuntimeCall::get_call_names(pallet_name); let extrinsic_pos = call_names.iter().position(|name| *name == extrinsic_name)?; let pallet_index = u8::try_from(pallet_pos).ok()?; let extrinsic_index = u8::try_from(extrinsic_pos).ok()?; @@ -309,7 +315,7 @@ pub mod pallet { } #[pallet::call] - impl Pallet { + impl, I: 'static> Pallet { /// Sets the rate limit configuration for the given call and optional context. /// /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any @@ -320,16 +326,16 @@ pub mod pallet { #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn set_rate_limit( origin: OriginFor, - call: Box<::RuntimeCall>, + call: Box<>::RuntimeCall>, limit: RateLimit>, - context: Option<::LimitContext>, + context: Option<>::LimitContext>, ) -> DispatchResult { ensure_root(origin)?; - let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - Limits::::insert(&identifier, context.clone(), limit.clone()); + let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + Limits::::insert(&identifier, context.clone(), limit.clone()); - let (pallet_name, extrinsic_name) = identifier.names::()?; + let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); let extrinsic = Vec::from(extrinsic_name.as_bytes()); @@ -353,20 +359,20 @@ pub mod pallet { #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn clear_rate_limit( origin: OriginFor, - call: Box<::RuntimeCall>, - context: Option<::LimitContext>, + call: Box<>::RuntimeCall>, + context: Option<>::LimitContext>, ) -> DispatchResult { ensure_root(origin)?; - let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - let (pallet_name, extrinsic_name) = identifier.names::()?; + let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); let extrinsic = Vec::from(extrinsic_name.as_bytes()); ensure!( - Limits::::take(&identifier, context.clone()).is_some(), - Error::::MissingRateLimit + Limits::::take(&identifier, context.clone()).is_some(), + Error::::MissingRateLimit ); Self::deposit_event(Event::RateLimitCleared { @@ -388,7 +394,7 @@ pub mod pallet { ) -> DispatchResult { ensure_root(origin)?; - DefaultLimit::::put(block_span); + DefaultLimit::::put(block_span); Self::deposit_event(Event::DefaultRateLimitSet { block_span }); diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index 4218e757a1..b80862edd5 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -95,7 +95,7 @@ pub fn new_test_ext() -> TestExternalities { } pub(crate) fn identifier_for(call: &RuntimeCall) -> TransactionIdentifier { - TransactionIdentifier::from_call::(call).expect("identifier for call") + TransactionIdentifier::from_call::(call).expect("identifier for call") } pub(crate) fn pop_last_event() -> RuntimeEvent { diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index ce5b6d25ab..62aae069db 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -18,7 +18,7 @@ fn limit_for_call_names_returns_stored_limit() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(7)); + Limits::::insert(identifier, None::, RateLimit::Exact(7)); let fetched = RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", None) @@ -33,8 +33,8 @@ fn limit_for_call_names_prefers_context_specific_limit() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(3)); - Limits::::insert(identifier, Some(5), RateLimit::Exact(8)); + Limits::::insert(identifier, None::, RateLimit::Exact(3)); + Limits::::insert(identifier, Some(5), RateLimit::Exact(8)); let fetched = RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", Some(5)) @@ -51,11 +51,11 @@ fn limit_for_call_names_prefers_context_specific_limit() { #[test] fn resolved_limit_for_call_names_resolves_default_value() { new_test_ext().execute_with(|| { - DefaultLimit::::put(3); + DefaultLimit::::put(3); let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Default); + Limits::::insert(identifier, None::, RateLimit::Default); let resolved = RateLimiting::resolved_limit_for_call_names( "RateLimiting", @@ -73,8 +73,8 @@ fn resolved_limit_for_call_names_prefers_context_specific_value() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(4)); - Limits::::insert(identifier, Some(6), RateLimit::Exact(9)); + Limits::::insert(identifier, None::, RateLimit::Exact(4)); + Limits::::insert(identifier, Some(6), RateLimit::Exact(9)); let resolved = RateLimiting::resolved_limit_for_call_names( "RateLimiting", @@ -126,8 +126,8 @@ fn is_within_limit_false_when_rate_limited() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, Some(1 as LimitContext), RateLimit::Exact(5)); - LastSeen::::insert(identifier, Some(1 as LimitContext), 9); + Limits::::insert(identifier, Some(1 as LimitContext), RateLimit::Exact(5)); + LastSeen::::insert(identifier, Some(1 as LimitContext), 9); System::set_block_number(13); @@ -143,8 +143,8 @@ fn is_within_limit_true_after_required_span() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, Some(2 as LimitContext), RateLimit::Exact(5)); - LastSeen::::insert(identifier, Some(2 as LimitContext), 10); + Limits::::insert(identifier, Some(2 as LimitContext), RateLimit::Exact(5)); + LastSeen::::insert(identifier, Some(2 as LimitContext), 10); System::set_block_number(20); @@ -172,7 +172,7 @@ fn set_rate_limit_updates_storage_and_emits_event() { let identifier = identifier_for(&target_call); assert_eq!( - Limits::::get(identifier, None::), + Limits::::get(identifier, None::), Some(limit) ); @@ -210,11 +210,14 @@ fn set_rate_limit_supports_context_specific_limit() { let identifier = identifier_for(&target_call); assert_eq!( - Limits::::get(identifier, Some(7)), + Limits::::get(identifier, Some(7)), Some(RateLimit::Exact(11)) ); // global remains untouched - assert_eq!(Limits::::get(identifier, None::), None); + assert_eq!( + Limits::::get(identifier, None::), + None + ); }); } @@ -251,7 +254,7 @@ fn set_rate_limit_accepts_default_variant() { let identifier = identifier_for(&target_call); assert_eq!( - Limits::::get(identifier, None::), + Limits::::get(identifier, None::), Some(RateLimit::Default) ); }); @@ -265,7 +268,7 @@ fn clear_rate_limit_removes_entry_and_emits_event() { let target_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&target_call); - Limits::::insert(identifier, None::, RateLimit::Exact(4)); + Limits::::insert(identifier, None::, RateLimit::Exact(4)); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), @@ -273,7 +276,10 @@ fn clear_rate_limit_removes_entry_and_emits_event() { None, )); - assert_eq!(Limits::::get(identifier, None::), None); + assert_eq!( + Limits::::get(identifier, None::), + None + ); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { @@ -300,7 +306,7 @@ fn clear_rate_limit_fails_when_missing() { assert_noop!( RateLimiting::clear_rate_limit(RuntimeOrigin::root(), Box::new(target_call), None), - Error::::MissingRateLimit + Error::::MissingRateLimit ); }); } @@ -313,8 +319,8 @@ fn clear_rate_limit_removes_only_selected_context() { let target_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&target_call); - Limits::::insert(identifier, None::, RateLimit::Exact(5)); - Limits::::insert(identifier, Some(9), RateLimit::Exact(7)); + Limits::::insert(identifier, None::, RateLimit::Exact(5)); + Limits::::insert(identifier, Some(9), RateLimit::Exact(7)); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), @@ -322,9 +328,9 @@ fn clear_rate_limit_removes_only_selected_context() { Some(9), )); - assert_eq!(Limits::::get(identifier, Some(9u16)), None); + assert_eq!(Limits::::get(identifier, Some(9u16)), None); assert_eq!( - Limits::::get(identifier, None::), + Limits::::get(identifier, None::), Some(RateLimit::Exact(5)) ); @@ -352,7 +358,7 @@ fn set_default_rate_limit_updates_storage_and_emits_event() { 42 )); - assert_eq!(DefaultLimit::::get(), 42); + assert_eq!(DefaultLimit::::get(), 42); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::DefaultRateLimitSet { diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index af02bfa453..119ad9c707 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -27,48 +27,90 @@ const IDENTIFIER: &str = "RateLimitTransactionExtension"; const RATE_LIMIT_DENIED: u8 = 1; /// Transaction extension that enforces pallet rate limiting rules. -#[derive(Default, Encode, Decode, DecodeWithMemTracking, Clone, Eq, PartialEq, TypeInfo)] -pub struct RateLimitTransactionExtension(PhantomData); +#[derive(Default, Encode, Decode, DecodeWithMemTracking, TypeInfo)] +pub struct RateLimitTransactionExtension(PhantomData<(T, I)>) +where + T: Config + Send + Sync + TypeInfo, + I: 'static + TypeInfo; + +impl Clone for RateLimitTransactionExtension +where + T: Config + Send + Sync + TypeInfo, + I: 'static + TypeInfo, +{ + fn clone(&self) -> Self { + Self(PhantomData) + } +} + +impl PartialEq for RateLimitTransactionExtension +where + T: Config + Send + Sync + TypeInfo, + I: 'static + TypeInfo, +{ + fn eq(&self, _other: &Self) -> bool { + true + } +} -impl core::fmt::Debug for RateLimitTransactionExtension { +impl Eq for RateLimitTransactionExtension +where + T: Config + Send + Sync + TypeInfo, + I: 'static + TypeInfo, +{ +} + +impl core::fmt::Debug for RateLimitTransactionExtension +where + T: Config + Send + Sync + TypeInfo, + I: 'static + TypeInfo, +{ fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { f.write_str(IDENTIFIER) } } -impl TransactionExtension<::RuntimeCall> for RateLimitTransactionExtension +impl TransactionExtension<>::RuntimeCall> + for RateLimitTransactionExtension where - T: Config + Send + Sync + TypeInfo, - ::RuntimeCall: Dispatchable, + T: Config + Send + Sync + TypeInfo, + I: 'static + TypeInfo + Send + Sync, + >::RuntimeCall: Dispatchable, { const IDENTIFIER: &'static str = IDENTIFIER; type Implicit = (); - type Val = Option<(TransactionIdentifier, Option)>; - type Pre = Option<(TransactionIdentifier, Option)>; - - fn weight(&self, _call: &::RuntimeCall) -> Weight { + type Val = Option<( + TransactionIdentifier, + Option<>::LimitContext>, + )>; + type Pre = Option<( + TransactionIdentifier, + Option<>::LimitContext>, + )>; + + fn weight(&self, _call: &>::RuntimeCall) -> Weight { Weight::zero() } fn validate( &self, - origin: DispatchOriginOf<::RuntimeCall>, - call: &::RuntimeCall, - _info: &DispatchInfoOf<::RuntimeCall>, + origin: DispatchOriginOf<>::RuntimeCall>, + call: &>::RuntimeCall, + _info: &DispatchInfoOf<>::RuntimeCall>, _len: usize, _self_implicit: Self::Implicit, _inherited_implication: &impl Implication, _source: TransactionSource, - ) -> ValidateResult::RuntimeCall> { - let identifier = match TransactionIdentifier::from_call::(call) { + ) -> ValidateResult>::RuntimeCall> { + let identifier = match TransactionIdentifier::from_call::(call) { Ok(identifier) => identifier, Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), }; - let context = ::ContextResolver::context(call); + let context = >::ContextResolver::context(call); - let Some(block_span) = Pallet::::resolved_limit(&identifier, &context) else { + let Some(block_span) = Pallet::::resolved_limit(&identifier, &context) else { return Ok((ValidTransaction::default(), None, origin)); }; @@ -76,7 +118,7 @@ where return Ok((ValidTransaction::default(), None, origin)); } - let within_limit = Pallet::::is_within_limit(&identifier, &context) + let within_limit = Pallet::::is_within_limit(&identifier, &context) .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; if !within_limit { @@ -95,9 +137,9 @@ where fn prepare( self, val: Self::Val, - _origin: &DispatchOriginOf<::RuntimeCall>, - _call: &::RuntimeCall, - _info: &DispatchInfoOf<::RuntimeCall>, + _origin: &DispatchOriginOf<>::RuntimeCall>, + _call: &>::RuntimeCall, + _info: &DispatchInfoOf<>::RuntimeCall>, _len: usize, ) -> Result { Ok(val) @@ -105,7 +147,7 @@ where fn post_dispatch( pre: Self::Pre, - _info: &DispatchInfoOf<::RuntimeCall>, + _info: &DispatchInfoOf<>::RuntimeCall>, _post_info: &mut PostDispatchInfo, _len: usize, result: &DispatchResult, @@ -113,7 +155,7 @@ where if result.is_ok() { if let Some((identifier, context)) = pre { let block_number = frame_system::Pallet::::block_number(); - LastSeen::::insert(&identifier, context, block_number); + LastSeen::::insert(&identifier, context, block_number); } } Ok(()) @@ -196,7 +238,7 @@ mod tests { let identifier = identifier_for(&call); assert_eq!( - LastSeen::::get(identifier, None::), + LastSeen::::get(identifier, None::), None ); }); @@ -208,7 +250,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(5)); + Limits::::insert(identifier, None::, RateLimit::Exact(5)); System::set_block_number(10); @@ -234,7 +276,7 @@ mod tests { .expect("post_dispatch succeeds"); assert_eq!( - LastSeen::::get(identifier, None::), + LastSeen::::get(identifier, None::), Some(10) ); }); @@ -246,8 +288,8 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(5)); - LastSeen::::insert(identifier, None::, 20); + Limits::::insert(identifier, None::, RateLimit::Exact(5)); + LastSeen::::insert(identifier, None::, 20); System::set_block_number(22); @@ -268,7 +310,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(0)); + Limits::::insert(identifier, None::, RateLimit::Exact(0)); System::set_block_number(30); @@ -294,7 +336,7 @@ mod tests { .expect("post_dispatch succeeds"); assert_eq!( - LastSeen::::get(identifier, None::), + LastSeen::::get(identifier, None::), None ); }); diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 72e2a43777..7d53a34ac6 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -40,38 +40,40 @@ impl TransactionIdentifier { } /// Returns the pallet and extrinsic names associated with this identifier. - pub fn names(&self) -> Result<(&'static str, &'static str), DispatchError> + pub fn names(&self) -> Result<(&'static str, &'static str), DispatchError> where - T: crate::pallet::Config, - ::RuntimeCall: GetCallMetadata, + T: crate::pallet::Config, + I: 'static, + >::RuntimeCall: GetCallMetadata, { - let modules = ::RuntimeCall::get_module_names(); + let modules = >::RuntimeCall::get_module_names(); let pallet_name = modules .get(self.pallet_index as usize) .copied() - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; - let call_names = ::RuntimeCall::get_call_names(pallet_name); + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + let call_names = >::RuntimeCall::get_call_names(pallet_name); let extrinsic_name = call_names .get(self.extrinsic_index as usize) .copied() - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; Ok((pallet_name, extrinsic_name)) } /// Builds an identifier from a runtime call by extracting pallet/extrinsic indices. - pub fn from_call( - call: &::RuntimeCall, + pub fn from_call( + call: &>::RuntimeCall, ) -> Result where - T: crate::pallet::Config, + T: crate::pallet::Config, + I: 'static, { call.using_encoded(|encoded| { let pallet_index = *encoded .get(0) - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; let extrinsic_index = *encoded .get(1) - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; + .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; Ok(TransactionIdentifier::new(pallet_index, extrinsic_index)) }) } @@ -110,7 +112,7 @@ mod tests { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); + let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); // System is the first pallet in the mock runtime, RateLimiting is second. assert_eq!(identifier.pallet_index, 1); @@ -122,9 +124,9 @@ mod tests { fn transaction_identifier_names_matches_call_metadata() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); + let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); - let (pallet, extrinsic) = identifier.names::().expect("call metadata"); + let (pallet, extrinsic) = identifier.names::().expect("call metadata"); assert_eq!(pallet, "RateLimiting"); assert_eq!(extrinsic, "set_default_rate_limit"); } @@ -133,8 +135,8 @@ mod tests { fn transaction_identifier_names_error_for_unknown_indices() { let identifier = TransactionIdentifier::new(99, 0); - let err = identifier.names::().expect_err("should fail"); - let expected: DispatchError = Error::::InvalidRuntimeCall.into(); + let err = identifier.names::().expect_err("should fail"); + let expected: DispatchError = Error::::InvalidRuntimeCall.into(); assert_eq!(err, expected); } } From 61eb4d286d6621d21e428841f6947cc00d3d77d7 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Thu, 30 Oct 2025 15:56:19 +0300 Subject: [PATCH 13/46] Refactor RateLimit type --- pallets/rate-limiting/runtime-api/src/lib.rs | 5 +- pallets/rate-limiting/src/benchmarking.rs | 12 +- pallets/rate-limiting/src/lib.rs | 143 ++++++++++++------- pallets/rate-limiting/src/mock.rs | 9 +- pallets/rate-limiting/src/tests.rs | 120 ++++++++++------ pallets/rate-limiting/src/tx_extension.rs | 11 +- pallets/rate-limiting/src/types.rs | 76 +++++++++- 7 files changed, 263 insertions(+), 113 deletions(-) diff --git a/pallets/rate-limiting/runtime-api/src/lib.rs b/pallets/rate-limiting/runtime-api/src/lib.rs index 1a32c094ea..98b55e9a26 100644 --- a/pallets/rate-limiting/runtime-api/src/lib.rs +++ b/pallets/rate-limiting/runtime-api/src/lib.rs @@ -1,7 +1,7 @@ #![cfg_attr(not(feature = "std"), no_std)] use codec::{Decode, Encode}; -use pallet_rate_limiting::RateLimit; +use pallet_rate_limiting::RateLimitKind; use scale_info::TypeInfo; use sp_std::vec::Vec; use subtensor_runtime_common::BlockNumber; @@ -12,7 +12,8 @@ use serde::{Deserialize, Serialize}; #[cfg_attr(feature = "std", derive(Serialize, Deserialize))] #[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] pub struct RateLimitRpcResponse { - pub limit: Option>, + pub global: Option>, + pub contextual: Vec<(Vec, RateLimitKind)>, pub default_limit: BlockNumber, pub resolved: Option, } diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index 8392109772..4c9ce17708 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -35,7 +35,7 @@ mod benchmarks { #[benchmark] fn set_rate_limit() { let call = sample_call::(); - let limit = RateLimit::>::Exact(BlockNumberFor::::from(10u32)); + let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); @@ -43,25 +43,25 @@ mod benchmarks { _(RawOrigin::Root, call, limit.clone(), None); assert_eq!( - Limits::::get(&identifier, None::<::LimitContext>), - Some(limit) + Limits::::get(&identifier), + Some(RateLimit::global(limit)) ); } #[benchmark] fn clear_rate_limit() { let call = sample_call::(); - let limit = RateLimit::>::Exact(BlockNumberFor::::from(10u32)); + let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); // Pre-populate limit for benchmark call let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); - Limits::::insert(identifier, None::<::LimitContext>, limit); + Limits::::insert(identifier, RateLimit::global(limit)); #[extrinsic_call] _(RawOrigin::Root, call, None); - assert!(Limits::::get(identifier, None::<::LimitContext>).is_none()); + assert!(Limits::::get(identifier).is_none()); } #[benchmark] diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 2ca3ab87ba..cf0ebeefb6 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -6,24 +6,20 @@ //! //! `pallet-rate-limiting` lets a runtime restrict how frequently particular calls can execute. //! Limits are stored on-chain, keyed by the call's pallet/variant pair. Each entry can specify an -//! exact block span or defer to a configured default. The pallet exposes three roots-only -//! extrinsics to manage this data: +//! exact block span or defer to a configured default. The pallet exposes three extrinsics, +//! restricted by [`Config::AdminOrigin`], to manage this data: //! -//! - [`set_rate_limit`](pallet::Pallet::set_rate_limit): assign a limit to an extrinsic, either as -//! `RateLimit::Exact(blocks)` or `RateLimit::Default`. The optional context parameter lets you -//! scope the configuration to a particular subnet/key/account while keeping a global fallback. +//! - [`set_rate_limit`](pallet::Pallet::set_rate_limit): assign a limit to an extrinsic by +//! supplying a [`RateLimitKind`] span and optionally a contextual identifier. When a contextual +//! span is stored, any previously configured global span is replaced. //! - [`clear_rate_limit`](pallet::Pallet::clear_rate_limit): remove a stored limit for the provided -//! context (or for the global entry when `None` is supplied). +//! scope (either the global entry when `None` is supplied, or a specific context). //! - [`set_default_rate_limit`](pallet::Pallet::set_default_rate_limit): set the global default -//! block span used by `RateLimit::Default` entries. +//! block span used by `RateLimitKind::Default` entries. //! //! The pallet also tracks the last block in which a rate-limited call was executed, per optional //! *context*. Context allows one limit definition (for example, “set weights”) to be enforced per -//! subnet, account, or other grouping chosen by the runtime. The storage layout is: -//! -//! - [`Limits`](pallet::Limits): `TransactionIdentifier → RateLimit` -//! - [`DefaultLimit`](pallet::DefaultLimit): `BlockNumber` -//! - [`LastSeen`](pallet::LastSeen): `(TransactionIdentifier, Option) → BlockNumber` +//! subnet, account, or other grouping chosen by the runtime. //! //! Each storage map is namespaced by pallet instance; runtimes can deploy multiple independent //! instances to manage distinct rate-limiting scopes. @@ -74,6 +70,7 @@ //! type RuntimeCall = RuntimeCall; //! type LimitContext = NetUid; //! type ContextResolver = WeightsContextResolver; +//! type AdminOrigin = frame_system::EnsureRoot; //! } //! ``` @@ -81,7 +78,7 @@ pub use benchmarking::BenchmarkHelper; pub use pallet::*; pub use tx_extension::RateLimitTransactionExtension; -pub use types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; +pub use types::{RateLimit, RateLimitContextResolver, RateLimitKind, TransactionIdentifier}; #[cfg(feature = "runtime-benchmarks")] mod benchmarking; @@ -100,26 +97,32 @@ pub mod pallet { use frame_support::{ pallet_prelude::*, sp_runtime::traits::{Saturating, Zero}, - traits::{BuildGenesisConfig, GetCallMetadata}, + traits::{BuildGenesisConfig, EnsureOrigin, GetCallMetadata}, }; - use frame_system::{ensure_root, pallet_prelude::*}; + use frame_system::pallet_prelude::*; use sp_std::{convert::TryFrom, marker::PhantomData, vec::Vec}; #[cfg(feature = "runtime-benchmarks")] use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; - use crate::types::{RateLimit, RateLimitContextResolver, TransactionIdentifier}; + use crate::types::{RateLimit, RateLimitContextResolver, RateLimitKind, TransactionIdentifier}; /// Configuration trait for the rate limiting pallet. #[pallet::config] - pub trait Config: frame_system::Config { + pub trait Config: frame_system::Config + where + BlockNumberFor: MaybeSerializeDeserialize, + { /// The overarching runtime call type. type RuntimeCall: Parameter + Codec + GetCallMetadata + IsType<::RuntimeCall>; + /// Origin permitted to configure rate limits. + type AdminOrigin: EnsureOrigin>; + /// Context type used for contextual (per-group) rate limits. - type LimitContext: Parameter + Clone + PartialEq + Eq + MaybeSerializeDeserialize; + type LimitContext: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; /// Resolves the context for a given runtime call. type ContextResolver: RateLimitContextResolver<>::RuntimeCall, Self::LimitContext>; @@ -129,16 +132,14 @@ pub mod pallet { type BenchmarkHelper: BenchmarkHelperTrait<>::RuntimeCall>; } - /// Storage mapping from transaction identifier and optional context to its configured rate limit. + /// Storage mapping from transaction identifier to its configured rate limit. #[pallet::storage] #[pallet::getter(fn limits)] - pub type Limits, I: 'static = ()> = StorageDoubleMap< + pub type Limits, I: 'static = ()> = StorageMap< _, Blake2_128Concat, TransactionIdentifier, - Blake2_128Concat, - Option<>::LimitContext>, - RateLimit>, + RateLimit<>::LimitContext, BlockNumberFor>, OptionQuery, >; @@ -172,8 +173,8 @@ pub mod pallet { transaction: TransactionIdentifier, /// Context to which the limit applies, if any. context: Option<>::LimitContext>, - /// The new limit configuration applied to the transaction. - limit: RateLimit>, + /// The rate limit policy applied to the transaction. + limit: RateLimitKind>, /// Pallet name associated with the transaction. pallet: Vec, /// Extrinsic name associated with the transaction. @@ -204,6 +205,8 @@ pub mod pallet { InvalidRuntimeCall, /// Attempted to remove a limit that is not present. MissingRateLimit, + /// Contextual configuration was requested but no context can be resolved for the call. + ContextUnavailable, } #[pallet::genesis_config] @@ -212,7 +215,7 @@ pub mod pallet { pub limits: Vec<( TransactionIdentifier, Option<>::LimitContext>, - RateLimit>, + RateLimitKind>, )>, } @@ -231,8 +234,19 @@ pub mod pallet { fn build(&self) { DefaultLimit::::put(self.default_limit); - for (identifier, context, limit) in &self.limits { - Limits::::insert(identifier, context.clone(), limit.clone()); + for (identifier, context, kind) in &self.limits { + Limits::::mutate(identifier, |entry| match context { + None => { + *entry = Some(RateLimit::global(*kind)); + } + Some(ctx) => { + if let Some(config) = entry { + config.upsert_context(ctx.clone(), *kind); + } else { + *entry = Some(RateLimit::contextual_single(ctx.clone(), *kind)); + } + } + }); } } } @@ -268,13 +282,11 @@ pub mod pallet { identifier: &TransactionIdentifier, context: &Option<>::LimitContext>, ) -> Option> { - let lookup = Limits::::get(identifier, context).or_else(|| { - Limits::::get(identifier, None::<>::LimitContext>) - }); - let limit = lookup?; - Some(match limit { - RateLimit::Default => DefaultLimit::::get(), - RateLimit::Exact(block_span) => block_span, + let config = Limits::::get(identifier)?; + let kind = config.kind_for(context.as_ref())?; + Some(match *kind { + RateLimitKind::Default => DefaultLimit::::get(), + RateLimitKind::Exact(block_span) => block_span, }) } @@ -283,11 +295,10 @@ pub mod pallet { pallet_name: &str, extrinsic_name: &str, context: Option<>::LimitContext>, - ) -> Option>> { + ) -> Option>> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; - Limits::::get(&identifier, context.clone()).or_else(|| { - Limits::::get(&identifier, None::<>::LimitContext>) - }) + Limits::::get(&identifier) + .and_then(|config| config.kind_for(context.as_ref()).copied()) } /// Returns the resolved block span for the specified pallet/extrinsic names, if any. @@ -327,13 +338,28 @@ pub mod pallet { pub fn set_rate_limit( origin: OriginFor, call: Box<>::RuntimeCall>, - limit: RateLimit>, + limit: RateLimitKind>, context: Option<>::LimitContext>, ) -> DispatchResult { - ensure_root(origin)?; + T::AdminOrigin::ensure_origin(origin)?; + + if context.is_some() + && >::ContextResolver::context(call.as_ref()).is_none() + { + return Err(Error::::ContextUnavailable.into()); + } let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - Limits::::insert(&identifier, context.clone(), limit.clone()); + let context_for_event = context.clone(); + + if let Some(ref ctx) = context { + Limits::::mutate(&identifier, |slot| match slot { + Some(config) => config.upsert_context(ctx.clone(), limit), + None => *slot = Some(RateLimit::contextual_single(ctx.clone(), limit)), + }); + } else { + Limits::::insert(&identifier, RateLimit::global(limit)); + } let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); @@ -341,12 +367,11 @@ pub mod pallet { Self::deposit_event(Event::RateLimitSet { transaction: identifier, - context, + context: context_for_event, limit, pallet, extrinsic, }); - Ok(()) } @@ -362,7 +387,7 @@ pub mod pallet { call: Box<>::RuntimeCall>, context: Option<>::LimitContext>, ) -> DispatchResult { - ensure_root(origin)?; + T::AdminOrigin::ensure_origin(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; @@ -370,10 +395,28 @@ pub mod pallet { let pallet = Vec::from(pallet_name.as_bytes()); let extrinsic = Vec::from(extrinsic_name.as_bytes()); - ensure!( - Limits::::take(&identifier, context.clone()).is_some(), - Error::::MissingRateLimit - ); + let mut removed = false; + Limits::::mutate_exists(&identifier, |maybe_config| { + if let Some(config) = maybe_config { + match (&context, config) { + (None, _) => { + removed = true; + *maybe_config = None; + } + (Some(ctx), RateLimit::Contextual(map)) => { + if map.remove(ctx).is_some() { + removed = true; + if map.is_empty() { + *maybe_config = None; + } + } + } + (Some(_), RateLimit::Global(_)) => {} + } + } + }); + + ensure!(removed, Error::::MissingRateLimit); Self::deposit_event(Event::RateLimitCleared { transaction: identifier, @@ -392,7 +435,7 @@ pub mod pallet { origin: OriginFor, block_span: BlockNumberFor, ) -> DispatchResult { - ensure_root(origin)?; + T::AdminOrigin::ensure_origin(origin)?; DefaultLimit::::put(block_span); diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index b80862edd5..1c792dde16 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -8,6 +8,7 @@ use frame_support::{ }, traits::{ConstU16, ConstU32, ConstU64, Everything}, }; +use frame_system::EnsureRoot; use sp_core::H256; use sp_io::TestExternalities; use sp_std::vec::Vec; @@ -59,8 +60,11 @@ pub struct TestContextResolver; impl pallet_rate_limiting::RateLimitContextResolver for TestContextResolver { - fn context(_call: &RuntimeCall) -> Option { - None + fn context(call: &RuntimeCall) -> Option { + match call { + RuntimeCall::RateLimiting(_) => Some(1), + _ => None, + } } } @@ -68,6 +72,7 @@ impl pallet_rate_limiting::Config for Test { type RuntimeCall = RuntimeCall; type LimitContext = LimitContext; type ContextResolver = TestContextResolver; + type AdminOrigin = EnsureRoot; #[cfg(feature = "runtime-benchmarks")] type BenchmarkHelper = BenchHelper; } diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 62aae069db..27bf6e5472 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -1,6 +1,7 @@ use frame_support::{assert_noop, assert_ok, error::BadOrigin}; +use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; -use crate::{DefaultLimit, LastSeen, Limits, RateLimit, mock::*, pallet::Error}; +use crate::{DefaultLimit, LastSeen, Limits, RateLimit, RateLimitKind, mock::*, pallet::Error}; #[test] fn limit_for_call_names_returns_none_if_not_set() { @@ -18,12 +19,12 @@ fn limit_for_call_names_returns_stored_limit() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(7)); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(7))); let fetched = RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", None) .expect("limit should exist"); - assert_eq!(fetched, RateLimit::Exact(7)); + assert_eq!(fetched, RateLimitKind::Exact(7)); }); } @@ -33,18 +34,20 @@ fn limit_for_call_names_prefers_context_specific_limit() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(3)); - Limits::::insert(identifier, Some(5), RateLimit::Exact(8)); + Limits::::insert( + identifier, + RateLimit::contextual_single(5u16, RateLimitKind::Exact(8)), + ); let fetched = RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", Some(5)) .expect("limit should exist"); - assert_eq!(fetched, RateLimit::Exact(8)); + assert_eq!(fetched, RateLimitKind::Exact(8)); - let fallback = + assert!( RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", Some(1)) - .expect("limit should exist"); - assert_eq!(fallback, RateLimit::Exact(3)); + .is_none() + ); }); } @@ -55,7 +58,7 @@ fn resolved_limit_for_call_names_resolves_default_value() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Default); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Default)); let resolved = RateLimiting::resolved_limit_for_call_names( "RateLimiting", @@ -73,8 +76,10 @@ fn resolved_limit_for_call_names_prefers_context_specific_value() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(4)); - Limits::::insert(identifier, Some(6), RateLimit::Exact(9)); + let mut map = BTreeMap::new(); + map.insert(6u16, RateLimitKind::Exact(9)); + map.insert(2u16, RateLimitKind::Exact(4)); + Limits::::insert(identifier, RateLimit::Contextual(map)); let resolved = RateLimiting::resolved_limit_for_call_names( "RateLimiting", @@ -84,13 +89,14 @@ fn resolved_limit_for_call_names_prefers_context_specific_value() { .expect("resolved limit"); assert_eq!(resolved, 9); - let fallback = RateLimiting::resolved_limit_for_call_names( - "RateLimiting", - "set_default_rate_limit", - Some(1), - ) - .expect("resolved limit"); - assert_eq!(fallback, 4); + assert!( + RateLimiting::resolved_limit_for_call_names( + "RateLimiting", + "set_default_rate_limit", + Some(1), + ) + .is_none() + ); }); } @@ -126,7 +132,10 @@ fn is_within_limit_false_when_rate_limited() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, Some(1 as LimitContext), RateLimit::Exact(5)); + Limits::::insert( + identifier, + RateLimit::contextual_single(1 as LimitContext, RateLimitKind::Exact(5)), + ); LastSeen::::insert(identifier, Some(1 as LimitContext), 9); System::set_block_number(13); @@ -143,7 +152,10 @@ fn is_within_limit_true_after_required_span() { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - Limits::::insert(identifier, Some(2 as LimitContext), RateLimit::Exact(5)); + Limits::::insert( + identifier, + RateLimit::contextual_single(2 as LimitContext, RateLimitKind::Exact(5)), + ); LastSeen::::insert(identifier, Some(2 as LimitContext), 10); System::set_block_number(20); @@ -161,7 +173,7 @@ fn set_rate_limit_updates_storage_and_emits_event() { let target_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let limit = RateLimit::Exact(9); + let limit = RateLimitKind::Exact(9); assert_ok!(RateLimiting::set_rate_limit( RuntimeOrigin::root(), @@ -172,8 +184,8 @@ fn set_rate_limit_updates_storage_and_emits_event() { let identifier = identifier_for(&target_call); assert_eq!( - Limits::::get(identifier, None::), - Some(limit) + Limits::::get(identifier), + Some(RateLimit::global(limit)) ); match pop_last_event() { @@ -204,19 +216,15 @@ fn set_rate_limit_supports_context_specific_limit() { assert_ok!(RateLimiting::set_rate_limit( RuntimeOrigin::root(), Box::new(target_call.clone()), - RateLimit::Exact(11), - context, + RateLimitKind::Exact(11), + context.clone(), )); let identifier = identifier_for(&target_call); + let config = Limits::::get(identifier).expect("config stored"); assert_eq!( - Limits::::get(identifier, Some(7)), - Some(RateLimit::Exact(11)) - ); - // global remains untouched - assert_eq!( - Limits::::get(identifier, None::), - None + config.kind_for(context.as_ref()).copied(), + Some(RateLimitKind::Exact(11)) ); }); } @@ -231,7 +239,7 @@ fn set_rate_limit_requires_root() { RateLimiting::set_rate_limit( RuntimeOrigin::signed(1), Box::new(target_call), - RateLimit::Exact(1), + RateLimitKind::Exact(1), None, ), BadOrigin @@ -248,14 +256,14 @@ fn set_rate_limit_accepts_default_variant() { assert_ok!(RateLimiting::set_rate_limit( RuntimeOrigin::root(), Box::new(target_call.clone()), - RateLimit::Default, + RateLimitKind::Default, None, )); let identifier = identifier_for(&target_call); assert_eq!( - Limits::::get(identifier, None::), - Some(RateLimit::Default) + Limits::::get(identifier), + Some(RateLimit::global(RateLimitKind::Default)) ); }); } @@ -268,7 +276,7 @@ fn clear_rate_limit_removes_entry_and_emits_event() { let target_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&target_call); - Limits::::insert(identifier, None::, RateLimit::Exact(4)); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(4))); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), @@ -276,10 +284,7 @@ fn clear_rate_limit_removes_entry_and_emits_event() { None, )); - assert_eq!( - Limits::::get(identifier, None::), - None - ); + assert!(Limits::::get(identifier).is_none()); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { @@ -319,8 +324,10 @@ fn clear_rate_limit_removes_only_selected_context() { let target_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&target_call); - Limits::::insert(identifier, None::, RateLimit::Exact(5)); - Limits::::insert(identifier, Some(9), RateLimit::Exact(7)); + let mut map = BTreeMap::new(); + map.insert(9u16, RateLimitKind::Exact(7)); + map.insert(10u16, RateLimitKind::Exact(5)); + Limits::::insert(identifier, RateLimit::Contextual(map)); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), @@ -328,10 +335,11 @@ fn clear_rate_limit_removes_only_selected_context() { Some(9), )); - assert_eq!(Limits::::get(identifier, Some(9u16)), None); + let config = Limits::::get(identifier).expect("config remains"); + assert!(config.kind_for(Some(&9u16)).is_none()); assert_eq!( - Limits::::get(identifier, None::), - Some(RateLimit::Exact(5)) + config.kind_for(Some(&10u16)).copied(), + Some(RateLimitKind::Exact(5)) ); match pop_last_event() { @@ -348,6 +356,24 @@ fn clear_rate_limit_removes_only_selected_context() { }); } +#[test] +fn set_rate_limit_rejects_unresolvable_context() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); + + assert_noop!( + RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + Box::new(target_call), + RateLimitKind::Exact(5), + Some(42), + ), + Error::::ContextUnavailable + ); + }); +} + #[test] fn set_default_rate_limit_updates_storage_and_emits_event() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 119ad9c707..e72b473fd4 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -171,7 +171,10 @@ mod tests { transaction_validity::{InvalidTransaction, TransactionSource, TransactionValidityError}, }; - use crate::{LastSeen, Limits, RateLimit, types::TransactionIdentifier}; + use crate::{ + LastSeen, Limits, + types::{RateLimit, RateLimitKind, TransactionIdentifier}, + }; use super::*; use crate::mock::*; @@ -250,7 +253,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(5)); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(5))); System::set_block_number(10); @@ -288,7 +291,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(5)); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(5))); LastSeen::::insert(identifier, None::, 20); System::set_block_number(22); @@ -310,7 +313,7 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, None::, RateLimit::Exact(0)); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(0))); System::set_block_number(30); diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 7d53a34ac6..a18fff37c6 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -1,6 +1,7 @@ use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; use scale_info::TypeInfo; +use sp_std::collections::btree_map::BTreeMap; /// Resolves the optional context within which a rate limit applies. pub trait RateLimitContextResolver { @@ -79,7 +80,7 @@ impl TransactionIdentifier { } } -/// Configuration value for a rate limit. +/// Policy describing the block span enforced by a rate limit. #[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] #[derive( Clone, @@ -93,13 +94,84 @@ impl TransactionIdentifier { MaxEncodedLen, Debug, )] -pub enum RateLimit { +pub enum RateLimitKind { /// Use the pallet-level default rate limit. Default, /// Apply an exact rate limit measured in blocks. Exact(BlockNumber), } +/// Stored rate limit configuration for a transaction identifier. +/// +/// The configuration is mutually exclusive: either the call is globally limited or it stores a set +/// of per-context spans. +#[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] +#[cfg_attr( + feature = "std", + serde( + bound = "Context: Ord + serde::Serialize + serde::de::DeserializeOwned, BlockNumber: serde::Serialize + serde::de::DeserializeOwned" + ) +)] +#[derive(Clone, PartialEq, Eq, Encode, Decode, DecodeWithMemTracking, TypeInfo, Debug)] +pub enum RateLimit { + /// Global span applied to every invocation. + Global(RateLimitKind), + /// Per-context spans keyed by `Context`. + Contextual(BTreeMap>), +} + +impl RateLimit +where + Context: Ord, +{ + /// Convenience helper to build a global configuration. + pub fn global(kind: RateLimitKind) -> Self { + Self::Global(kind) + } + + /// Convenience helper to build a contextual configuration containing a single entry. + pub fn contextual_single(context: Context, kind: RateLimitKind) -> Self { + let mut map = BTreeMap::new(); + map.insert(context, kind); + Self::Contextual(map) + } + + /// Returns the span configured for the provided context, if any. + pub fn kind_for(&self, context: Option<&Context>) -> Option<&RateLimitKind> { + match self { + RateLimit::Global(kind) => Some(kind), + RateLimit::Contextual(map) => context.and_then(|ctx| map.get(ctx)), + } + } + + /// Inserts or updates a contextual entry, converting from a global configuration if needed. + pub fn upsert_context(&mut self, context: Context, kind: RateLimitKind) { + match self { + RateLimit::Global(_) => { + let mut map = BTreeMap::new(); + map.insert(context, kind); + *self = RateLimit::Contextual(map); + } + RateLimit::Contextual(map) => { + map.insert(context, kind); + } + } + } + + /// Removes a contextual entry, returning whether one existed. + pub fn remove_context(&mut self, context: &Context) -> bool { + match self { + RateLimit::Global(_) => false, + RateLimit::Contextual(map) => map.remove(context).is_some(), + } + } + + /// Returns true when the contextual configuration contains no entries. + pub fn is_contextual_empty(&self) -> bool { + matches!(self, RateLimit::Contextual(map) if map.is_empty()) + } +} + #[cfg(test)] mod tests { use sp_runtime::DispatchError; From c84cb92ec13ccdc8f05e2140add73087a0dbb678 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Thu, 30 Oct 2025 17:17:19 +0300 Subject: [PATCH 14/46] Separate context between usage key and limit scope --- pallets/rate-limiting/src/benchmarking.rs | 29 ++-- pallets/rate-limiting/src/lib.rs | 166 +++++++++++++--------- pallets/rate-limiting/src/mock.rs | 35 +++-- pallets/rate-limiting/src/tests.rs | 128 +++++++++-------- pallets/rate-limiting/src/tx_extension.rs | 33 ++--- pallets/rate-limiting/src/types.rs | 54 +++---- 6 files changed, 252 insertions(+), 193 deletions(-) diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index 4c9ce17708..65d547ab0b 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -36,30 +36,43 @@ mod benchmarks { fn set_rate_limit() { let call = sample_call::(); let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); + let scope = ::LimitScopeResolver::context(call.as_ref()); let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); #[extrinsic_call] - _(RawOrigin::Root, call, limit.clone(), None); - - assert_eq!( - Limits::::get(&identifier), - Some(RateLimit::global(limit)) - ); + _(RawOrigin::Root, call, limit.clone()); + + let stored = Limits::::get(&identifier).expect("limit stored"); + match (scope, &stored) { + (Some(ref sc), RateLimit::Scoped(map)) => { + assert_eq!(map.get(sc), Some(&limit)); + } + (None, RateLimit::Global(kind)) | (Some(_), RateLimit::Global(kind)) => { + assert_eq!(kind, &limit); + } + (None, RateLimit::Scoped(map)) => { + assert!(map.values().any(|k| k == &limit)); + } + } } #[benchmark] fn clear_rate_limit() { let call = sample_call::(); let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); + let scope = ::LimitScopeResolver::context(call.as_ref()); // Pre-populate limit for benchmark call let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); - Limits::::insert(identifier, RateLimit::global(limit)); + match scope.clone() { + Some(sc) => Limits::::insert(identifier, RateLimit::scoped_single(sc, limit)), + None => Limits::::insert(identifier, RateLimit::global(limit)), + } #[extrinsic_call] - _(RawOrigin::Root, call, None); + _(RawOrigin::Root, call); assert!(Limits::::get(identifier).is_none()); } diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index cf0ebeefb6..0579249b36 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -10,16 +10,18 @@ //! restricted by [`Config::AdminOrigin`], to manage this data: //! //! - [`set_rate_limit`](pallet::Pallet::set_rate_limit): assign a limit to an extrinsic by -//! supplying a [`RateLimitKind`] span and optionally a contextual identifier. When a contextual -//! span is stored, any previously configured global span is replaced. -//! - [`clear_rate_limit`](pallet::Pallet::clear_rate_limit): remove a stored limit for the provided -//! scope (either the global entry when `None` is supplied, or a specific context). +//! supplying a [`RateLimitKind`] span. The pallet infers the *limit scope* (for example a +//! `netuid`) using [`Config::LimitScopeResolver`] and stores the configuration for that scope, or +//! globally when no scope is resolved. +//! - [`clear_rate_limit`](pallet::Pallet::clear_rate_limit): remove a stored limit for the scope +//! derived from the provided call (or the global entry when no scope resolves). //! - [`set_default_rate_limit`](pallet::Pallet::set_default_rate_limit): set the global default //! block span used by `RateLimitKind::Default` entries. //! //! The pallet also tracks the last block in which a rate-limited call was executed, per optional -//! *context*. Context allows one limit definition (for example, “set weights”) to be enforced per -//! subnet, account, or other grouping chosen by the runtime. +//! *usage key*. A usage key may refine tracking beyond the limit scope (for example combining a +//! `netuid` with a hyperparameter name), so the two concepts are explicitly separated in the +//! configuration. //! //! Each storage map is namespaced by pallet instance; runtimes can deploy multiple independent //! instances to manage distinct rate-limiting scopes. @@ -41,21 +43,27 @@ //! ); //! ``` //! -//! # Context resolver +//! # Context resolvers //! -//! The extension needs to know when two invocations should share a rate limit. This is controlled -//! by implementing [`RateLimitContextResolver`] for the runtime call type (or for a helper that the -//! runtime wires into [`Config::ContextResolver`]). The resolver receives the call and returns -//! `Some(context)` if the rate should be scoped (e.g. by `netuid`), or `None` to use the global -//! entry. The resolver is only used when *tracking* executions; you still configure limits via the -//! explicit `context` argument on `set_rate_limit`/`clear_rate_limit`. +//! The pallet relies on two resolvers, both implementing [`RateLimitContextResolver`]: +//! +//! - [`Config::LimitScopeResolver`], which determines how limits are stored (for example by +//! returning a `netuid`). When this resolver returns `None`, the configuration is stored as a +//! global fallback. +//! - [`Config::UsageResolver`], which decides how executions are tracked in +//! [`LastSeen`](pallet::LastSeen). This can refine the limit scope (for example by returning a +//! tuple of `(netuid, hyperparameter)`). +//! +//! Each resolver receives the call and may return `Some(identifier)` when scoping is required, or +//! `None` to use the global entry. Extrinsics such as +//! [`set_rate_limit`](pallet::Pallet::set_rate_limit) automatically consult these resolvers. //! //! ```ignore //! pub struct WeightsContextResolver; //! -//! impl pallet_rate_limiting::RateLimitContextResolver -//! for WeightsContextResolver -//! { +//! // Limits are scoped per netuid. +//! pub struct ScopeResolver; +//! impl pallet_rate_limiting::RateLimitContextResolver for ScopeResolver { //! fn context(call: &RuntimeCall) -> Option { //! match call { //! RuntimeCall::Subtensor(pallet_subtensor::Call::set_weights { netuid, .. }) => { @@ -66,10 +74,29 @@ //! } //! } //! +//! // Usage tracking distinguishes hyperparameter + netuid. +//! pub struct UsageResolver; +//! impl pallet_rate_limiting::RateLimitContextResolver +//! for UsageResolver +//! { +//! fn context(call: &RuntimeCall) -> Option<(NetUid, HyperParam)> { +//! match call { +//! RuntimeCall::Subtensor(pallet_subtensor::Call::set_hyperparam { +//! netuid, +//! hyper, +//! .. +//! }) => Some((*netuid, *hyper)), +//! _ => None, +//! } +//! } +//! } +//! //! impl pallet_rate_limiting::Config for Runtime { //! type RuntimeCall = RuntimeCall; -//! type LimitContext = NetUid; -//! type ContextResolver = WeightsContextResolver; +//! type LimitScope = NetUid; +//! type LimitScopeResolver = ScopeResolver; +//! type UsageKey = (NetUid, HyperParam); +//! type UsageResolver = UsageResolver; //! type AdminOrigin = frame_system::EnsureRoot; //! } //! ``` @@ -121,11 +148,17 @@ pub mod pallet { /// Origin permitted to configure rate limits. type AdminOrigin: EnsureOrigin>; - /// Context type used for contextual (per-group) rate limits. - type LimitContext: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; + /// Scope identifier used to namespace stored rate limits. + type LimitScope: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; + + /// Resolves the scope for the given runtime call when configuring limits. + type LimitScopeResolver: RateLimitContextResolver<>::RuntimeCall, Self::LimitScope>; - /// Resolves the context for a given runtime call. - type ContextResolver: RateLimitContextResolver<>::RuntimeCall, Self::LimitContext>; + /// Usage key tracked in [`LastSeen`] for rate-limited calls. + type UsageKey: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; + + /// Resolves the usage key for the given runtime call when enforcing limits. + type UsageResolver: RateLimitContextResolver<>::RuntimeCall, Self::UsageKey>; /// Helper used to construct runtime calls for benchmarking. #[cfg(feature = "runtime-benchmarks")] @@ -139,20 +172,20 @@ pub mod pallet { _, Blake2_128Concat, TransactionIdentifier, - RateLimit<>::LimitContext, BlockNumberFor>, + RateLimit<>::LimitScope, BlockNumberFor>, OptionQuery, >; /// Tracks when a transaction was last observed. /// - /// The second key is `None` for global limits and `Some(context)` for contextual limits. + /// The second key is `None` for global tracking and `Some(key)` for scoped usage tracking. #[pallet::storage] pub type LastSeen, I: 'static = ()> = StorageDoubleMap< _, Blake2_128Concat, TransactionIdentifier, Blake2_128Concat, - Option<>::LimitContext>, + Option<>::UsageKey>, BlockNumberFor, OptionQuery, >; @@ -171,8 +204,8 @@ pub mod pallet { RateLimitSet { /// Identifier of the affected transaction. transaction: TransactionIdentifier, - /// Context to which the limit applies, if any. - context: Option<>::LimitContext>, + /// Limit scope to which the configuration applies, if any. + scope: Option<>::LimitScope>, /// The rate limit policy applied to the transaction. limit: RateLimitKind>, /// Pallet name associated with the transaction. @@ -184,8 +217,8 @@ pub mod pallet { RateLimitCleared { /// Identifier of the affected transaction. transaction: TransactionIdentifier, - /// Context from which the limit was cleared, if any. - context: Option<>::LimitContext>, + /// Limit scope from which the configuration was cleared, if any. + scope: Option<>::LimitScope>, /// Pallet name associated with the transaction. pallet: Vec, /// Extrinsic name associated with the transaction. @@ -205,8 +238,6 @@ pub mod pallet { InvalidRuntimeCall, /// Attempted to remove a limit that is not present. MissingRateLimit, - /// Contextual configuration was requested but no context can be resolved for the call. - ContextUnavailable, } #[pallet::genesis_config] @@ -214,7 +245,7 @@ pub mod pallet { pub default_limit: BlockNumberFor, pub limits: Vec<( TransactionIdentifier, - Option<>::LimitContext>, + Option<>::LimitScope>, RateLimitKind>, )>, } @@ -234,16 +265,16 @@ pub mod pallet { fn build(&self) { DefaultLimit::::put(self.default_limit); - for (identifier, context, kind) in &self.limits { - Limits::::mutate(identifier, |entry| match context { + for (identifier, scope, kind) in &self.limits { + Limits::::mutate(identifier, |entry| match scope { None => { *entry = Some(RateLimit::global(*kind)); } - Some(ctx) => { + Some(sc) => { if let Some(config) = entry { - config.upsert_context(ctx.clone(), *kind); + config.upsert_scope(sc.clone(), *kind); } else { - *entry = Some(RateLimit::contextual_single(ctx.clone(), *kind)); + *entry = Some(RateLimit::scoped_single(sc.clone(), *kind)); } } }); @@ -257,18 +288,19 @@ pub mod pallet { impl, I: 'static> Pallet { /// Returns `true` when the given transaction identifier passes its configured rate limit - /// within the provided context. + /// within the provided usage scope. pub fn is_within_limit( identifier: &TransactionIdentifier, - context: &Option<>::LimitContext>, + scope: &Option<>::LimitScope>, + usage_key: &Option<>::UsageKey>, ) -> Result { - let Some(block_span) = Self::resolved_limit(identifier, context) else { + let Some(block_span) = Self::resolved_limit(identifier, scope) else { return Ok(true); }; let current = frame_system::Pallet::::block_number(); - if let Some(last) = LastSeen::::get(identifier, context) { + if let Some(last) = LastSeen::::get(identifier, usage_key) { let delta = current.saturating_sub(last); if delta < block_span { return Ok(false); @@ -280,10 +312,10 @@ pub mod pallet { pub(crate) fn resolved_limit( identifier: &TransactionIdentifier, - context: &Option<>::LimitContext>, + scope: &Option<>::LimitScope>, ) -> Option> { let config = Limits::::get(identifier)?; - let kind = config.kind_for(context.as_ref())?; + let kind = config.kind_for(scope.as_ref())?; Some(match *kind { RateLimitKind::Default => DefaultLimit::::get(), RateLimitKind::Exact(block_span) => block_span, @@ -294,21 +326,21 @@ pub mod pallet { pub fn limit_for_call_names( pallet_name: &str, extrinsic_name: &str, - context: Option<>::LimitContext>, + scope: Option<>::LimitScope>, ) -> Option>> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; Limits::::get(&identifier) - .and_then(|config| config.kind_for(context.as_ref()).copied()) + .and_then(|config| config.kind_for(scope.as_ref()).copied()) } /// Returns the resolved block span for the specified pallet/extrinsic names, if any. pub fn resolved_limit_for_call_names( pallet_name: &str, extrinsic_name: &str, - context: Option<>::LimitContext>, + scope: Option<>::LimitScope>, ) -> Option> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; - Self::resolved_limit(&identifier, &context) + Self::resolved_limit(&identifier, &scope) } fn identifier_for_call_names( @@ -327,35 +359,29 @@ pub mod pallet { #[pallet::call] impl, I: 'static> Pallet { - /// Sets the rate limit configuration for the given call and optional context. + /// Sets the rate limit configuration for the given call. /// /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any - /// arguments embedded in the call are ignored**. The `context` parameter determines which - /// scoped entry is updated (for example a subnet identifier). Passing `None` updates the - /// global entry, which acts as a fallback when no context-specific limit exists. + /// arguments embedded in the call are ignored**. The applicable scope is discovered via + /// [`Config::LimitScopeResolver`]. When a scope resolves, the configuration is stored + /// against that scope; otherwise the global entry is updated. #[pallet::call_index(0)] #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn set_rate_limit( origin: OriginFor, call: Box<>::RuntimeCall>, limit: RateLimitKind>, - context: Option<>::LimitContext>, ) -> DispatchResult { T::AdminOrigin::ensure_origin(origin)?; - if context.is_some() - && >::ContextResolver::context(call.as_ref()).is_none() - { - return Err(Error::::ContextUnavailable.into()); - } - let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - let context_for_event = context.clone(); + let scope = >::LimitScopeResolver::context(call.as_ref()); + let scope_for_event = scope.clone(); - if let Some(ref ctx) = context { + if let Some(ref sc) = scope { Limits::::mutate(&identifier, |slot| match slot { - Some(config) => config.upsert_context(ctx.clone(), limit), - None => *slot = Some(RateLimit::contextual_single(ctx.clone(), limit)), + Some(config) => config.upsert_scope(sc.clone(), limit), + None => *slot = Some(RateLimit::scoped_single(sc.clone(), limit)), }); } else { Limits::::insert(&identifier, RateLimit::global(limit)); @@ -367,7 +393,7 @@ pub mod pallet { Self::deposit_event(Event::RateLimitSet { transaction: identifier, - context: context_for_event, + scope: scope_for_event, limit, pallet, extrinsic, @@ -378,18 +404,18 @@ pub mod pallet { /// Clears the rate limit for the given call, if present. /// /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any - /// arguments embedded in the call are ignored**. The `context` parameter must match the - /// entry that should be removed (use `None` to remove the global configuration). + /// arguments embedded in the call are ignored**. The configuration scope is determined via + /// [`Config::LimitScopeResolver`]. When no scope resolves, the global entry is cleared. #[pallet::call_index(1)] #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn clear_rate_limit( origin: OriginFor, call: Box<>::RuntimeCall>, - context: Option<>::LimitContext>, ) -> DispatchResult { T::AdminOrigin::ensure_origin(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + let scope = >::LimitScopeResolver::context(call.as_ref()); let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); @@ -398,13 +424,13 @@ pub mod pallet { let mut removed = false; Limits::::mutate_exists(&identifier, |maybe_config| { if let Some(config) = maybe_config { - match (&context, config) { + match (&scope, config) { (None, _) => { removed = true; *maybe_config = None; } - (Some(ctx), RateLimit::Contextual(map)) => { - if map.remove(ctx).is_some() { + (Some(sc), RateLimit::Scoped(map)) => { + if map.remove(sc).is_some() { removed = true; if map.is_empty() { *maybe_config = None; @@ -420,7 +446,7 @@ pub mod pallet { Self::deposit_event(Event::RateLimitCleared { transaction: identifier, - context, + scope, pallet, extrinsic, }); diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index 1c792dde16..aec00b45bb 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -1,5 +1,7 @@ #![allow(dead_code)] +use core::convert::TryInto; + use frame_support::{ derive_impl, sp_runtime::{ @@ -53,15 +55,30 @@ impl frame_system::Config for Test { type Block = Block; } -pub type LimitContext = u16; +pub type LimitScope = u16; +pub type UsageKey = u16; + +pub struct TestScopeResolver; +pub struct TestUsageResolver; -pub struct TestContextResolver; +impl pallet_rate_limiting::RateLimitContextResolver for TestScopeResolver { + fn context(call: &RuntimeCall) -> Option { + match call { + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { + (*block_span).try_into().ok() + } + RuntimeCall::RateLimiting(_) => Some(1), + _ => None, + } + } +} -impl pallet_rate_limiting::RateLimitContextResolver - for TestContextResolver -{ - fn context(call: &RuntimeCall) -> Option { +impl pallet_rate_limiting::RateLimitContextResolver for TestUsageResolver { + fn context(call: &RuntimeCall) -> Option { match call { + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { + (*block_span).try_into().ok() + } RuntimeCall::RateLimiting(_) => Some(1), _ => None, } @@ -70,8 +87,10 @@ impl pallet_rate_limiting::RateLimitContextResolver impl pallet_rate_limiting::Config for Test { type RuntimeCall = RuntimeCall; - type LimitContext = LimitContext; - type ContextResolver = TestContextResolver; + type LimitScope = LimitScope; + type LimitScopeResolver = TestScopeResolver; + type UsageKey = UsageKey; + type UsageResolver = TestUsageResolver; type AdminOrigin = EnsureRoot; #[cfg(feature = "runtime-benchmarks")] type BenchmarkHelper = BenchHelper; diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 27bf6e5472..f02c2c52b0 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -29,14 +29,14 @@ fn limit_for_call_names_returns_stored_limit() { } #[test] -fn limit_for_call_names_prefers_context_specific_limit() { +fn limit_for_call_names_prefers_scope_specific_limit() { new_test_ext().execute_with(|| { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); Limits::::insert( identifier, - RateLimit::contextual_single(5u16, RateLimitKind::Exact(8)), + RateLimit::scoped_single(5u16, RateLimitKind::Exact(8)), ); let fetched = @@ -71,7 +71,7 @@ fn resolved_limit_for_call_names_resolves_default_value() { } #[test] -fn resolved_limit_for_call_names_prefers_context_specific_value() { +fn resolved_limit_for_call_names_prefers_scope_specific_value() { new_test_ext().execute_with(|| { let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); @@ -79,7 +79,7 @@ fn resolved_limit_for_call_names_prefers_context_specific_value() { let mut map = BTreeMap::new(); map.insert(6u16, RateLimitKind::Exact(9)); map.insert(2u16, RateLimitKind::Exact(4)); - Limits::::insert(identifier, RateLimit::Contextual(map)); + Limits::::insert(identifier, RateLimit::Scoped(map)); let resolved = RateLimiting::resolved_limit_for_call_names( "RateLimiting", @@ -121,7 +121,7 @@ fn is_within_limit_is_true_when_no_limit() { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - let result = RateLimiting::is_within_limit(&identifier, &None); + let result = RateLimiting::is_within_limit(&identifier, &None, &None); assert_eq!(result.expect("no error expected"), true); }); } @@ -134,14 +134,18 @@ fn is_within_limit_false_when_rate_limited() { let identifier = identifier_for(&call); Limits::::insert( identifier, - RateLimit::contextual_single(1 as LimitContext, RateLimitKind::Exact(5)), + RateLimit::scoped_single(1 as LimitScope, RateLimitKind::Exact(5)), ); - LastSeen::::insert(identifier, Some(1 as LimitContext), 9); + LastSeen::::insert(identifier, Some(1 as UsageKey), 9); System::set_block_number(13); - let within = RateLimiting::is_within_limit(&identifier, &Some(1 as LimitContext)) - .expect("call succeeds"); + let within = RateLimiting::is_within_limit( + &identifier, + &Some(1 as LimitScope), + &Some(1 as UsageKey), + ) + .expect("call succeeds"); assert!(!within); }); } @@ -154,14 +158,18 @@ fn is_within_limit_true_after_required_span() { let identifier = identifier_for(&call); Limits::::insert( identifier, - RateLimit::contextual_single(2 as LimitContext, RateLimitKind::Exact(5)), + RateLimit::scoped_single(2 as LimitScope, RateLimitKind::Exact(5)), ); - LastSeen::::insert(identifier, Some(2 as LimitContext), 10); + LastSeen::::insert(identifier, Some(2 as UsageKey), 10); System::set_block_number(20); - let within = RateLimiting::is_within_limit(&identifier, &Some(2 as LimitContext)) - .expect("call succeeds"); + let within = RateLimiting::is_within_limit( + &identifier, + &Some(2 as LimitScope), + &Some(2 as UsageKey), + ) + .expect("call succeeds"); assert!(within); }); } @@ -179,25 +187,24 @@ fn set_rate_limit_updates_storage_and_emits_event() { RuntimeOrigin::root(), Box::new(target_call.clone()), limit, - None, )); let identifier = identifier_for(&target_call); assert_eq!( Limits::::get(identifier), - Some(RateLimit::global(limit)) + Some(RateLimit::scoped_single(0, limit)) ); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitSet { transaction, - context, + scope, limit: emitted_limit, pallet, extrinsic, }) => { assert_eq!(transaction, identifier); - assert_eq!(context, None); + assert_eq!(scope, Some(0)); assert_eq!(emitted_limit, limit); assert_eq!(pallet, b"RateLimiting".to_vec()); assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); @@ -208,24 +215,42 @@ fn set_rate_limit_updates_storage_and_emits_event() { } #[test] -fn set_rate_limit_supports_context_specific_limit() { +fn set_rate_limit_stores_global_when_scope_absent() { new_test_ext().execute_with(|| { + System::reset_events(); + let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let context = Some(7u16); + RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); + let limit = RateLimitKind::Exact(11); + assert_ok!(RateLimiting::set_rate_limit( RuntimeOrigin::root(), Box::new(target_call.clone()), - RateLimitKind::Exact(11), - context.clone(), + limit, )); let identifier = identifier_for(&target_call); - let config = Limits::::get(identifier).expect("config stored"); assert_eq!( - config.kind_for(context.as_ref()).copied(), - Some(RateLimitKind::Exact(11)) + Limits::::get(identifier), + Some(RateLimit::global(limit)) ); + + match pop_last_event() { + RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitSet { + transaction, + scope, + limit: emitted_limit, + pallet, + extrinsic, + }) => { + assert_eq!(transaction, identifier); + assert_eq!(scope, None); + assert_eq!(emitted_limit, limit); + assert_eq!(pallet, b"System".to_vec()); + assert_eq!(extrinsic, b"remark".to_vec()); + } + other => panic!("unexpected event: {:?}", other), + } }); } @@ -240,7 +265,6 @@ fn set_rate_limit_requires_root() { RuntimeOrigin::signed(1), Box::new(target_call), RateLimitKind::Exact(1), - None, ), BadOrigin ); @@ -257,13 +281,12 @@ fn set_rate_limit_accepts_default_variant() { RuntimeOrigin::root(), Box::new(target_call.clone()), RateLimitKind::Default, - None, )); let identifier = identifier_for(&target_call); assert_eq!( Limits::::get(identifier), - Some(RateLimit::global(RateLimitKind::Default)) + Some(RateLimit::scoped_single(0, RateLimitKind::Default)) ); }); } @@ -274,14 +297,13 @@ fn clear_rate_limit_removes_entry_and_emits_event() { System::reset_events(); let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); let identifier = identifier_for(&target_call); Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(4))); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), Box::new(target_call.clone()), - None, )); assert!(Limits::::get(identifier).is_none()); @@ -289,14 +311,14 @@ fn clear_rate_limit_removes_entry_and_emits_event() { match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { transaction, - context, + scope, pallet, extrinsic, }) => { assert_eq!(transaction, identifier); - assert_eq!(context, None); - assert_eq!(pallet, b"RateLimiting".to_vec()); - assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); + assert_eq!(scope, None); + assert_eq!(pallet, b"System".to_vec()); + assert_eq!(extrinsic, b"remark".to_vec()); } other => panic!("unexpected event: {:?}", other), } @@ -310,29 +332,31 @@ fn clear_rate_limit_fails_when_missing() { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); assert_noop!( - RateLimiting::clear_rate_limit(RuntimeOrigin::root(), Box::new(target_call), None), + RateLimiting::clear_rate_limit(RuntimeOrigin::root(), Box::new(target_call)), Error::::MissingRateLimit ); }); } #[test] -fn clear_rate_limit_removes_only_selected_context() { +fn clear_rate_limit_removes_only_selected_scope() { new_test_ext().execute_with(|| { System::reset_events(); - let target_call = + let base_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&target_call); + let identifier = identifier_for(&base_call); let mut map = BTreeMap::new(); map.insert(9u16, RateLimitKind::Exact(7)); map.insert(10u16, RateLimitKind::Exact(5)); - Limits::::insert(identifier, RateLimit::Contextual(map)); + Limits::::insert(identifier, RateLimit::Scoped(map)); + + let scoped_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 9 }); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), - Box::new(target_call.clone()), - Some(9), + Box::new(scoped_call.clone()), )); let config = Limits::::get(identifier).expect("config remains"); @@ -345,35 +369,17 @@ fn clear_rate_limit_removes_only_selected_context() { match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { transaction, - context, + scope, .. }) => { assert_eq!(transaction, identifier); - assert_eq!(context, Some(9)); + assert_eq!(scope, Some(9)); } other => panic!("unexpected event: {:?}", other), } }); } -#[test] -fn set_rate_limit_rejects_unresolvable_context() { - new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); - - assert_noop!( - RateLimiting::set_rate_limit( - RuntimeOrigin::root(), - Box::new(target_call), - RateLimitKind::Exact(5), - Some(42), - ), - Error::::ContextUnavailable - ); - }); -} - #[test] fn set_default_rate_limit_updates_storage_and_emits_event() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index e72b473fd4..5276f1f396 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -80,14 +80,8 @@ where const IDENTIFIER: &'static str = IDENTIFIER; type Implicit = (); - type Val = Option<( - TransactionIdentifier, - Option<>::LimitContext>, - )>; - type Pre = Option<( - TransactionIdentifier, - Option<>::LimitContext>, - )>; + type Val = Option<(TransactionIdentifier, Option<>::UsageKey>)>; + type Pre = Option<(TransactionIdentifier, Option<>::UsageKey>)>; fn weight(&self, _call: &>::RuntimeCall) -> Weight { Weight::zero() @@ -108,9 +102,10 @@ where Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), }; - let context = >::ContextResolver::context(call); + let scope = >::LimitScopeResolver::context(call); + let usage = >::UsageResolver::context(call); - let Some(block_span) = Pallet::::resolved_limit(&identifier, &context) else { + let Some(block_span) = Pallet::::resolved_limit(&identifier, &scope) else { return Ok((ValidTransaction::default(), None, origin)); }; @@ -118,7 +113,7 @@ where return Ok((ValidTransaction::default(), None, origin)); } - let within_limit = Pallet::::is_within_limit(&identifier, &context) + let within_limit = Pallet::::is_within_limit(&identifier, &scope, &usage) .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; if !within_limit { @@ -129,7 +124,7 @@ where Ok(( ValidTransaction::default(), - Some((identifier, context)), + Some((identifier, usage)), origin, )) } @@ -153,9 +148,9 @@ where result: &DispatchResult, ) -> Result<(), TransactionValidityError> { if result.is_ok() { - if let Some((identifier, context)) = pre { + if let Some((identifier, usage)) = pre { let block_number = frame_system::Pallet::::block_number(); - LastSeen::::insert(&identifier, context, block_number); + LastSeen::::insert(&identifier, usage, block_number); } } Ok(()) @@ -193,7 +188,7 @@ mod tests { ) -> Result< ( sp_runtime::transaction_validity::ValidTransaction, - Option<(TransactionIdentifier, Option)>, + Option<(TransactionIdentifier, Option)>, RuntimeOrigin, ), TransactionValidityError, @@ -241,7 +236,7 @@ mod tests { let identifier = identifier_for(&call); assert_eq!( - LastSeen::::get(identifier, None::), + LastSeen::::get(identifier, None::), None ); }); @@ -279,7 +274,7 @@ mod tests { .expect("post_dispatch succeeds"); assert_eq!( - LastSeen::::get(identifier, None::), + LastSeen::::get(identifier, None::), Some(10) ); }); @@ -292,7 +287,7 @@ mod tests { let call = remark_call(); let identifier = identifier_for(&call); Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(5))); - LastSeen::::insert(identifier, None::, 20); + LastSeen::::insert(identifier, None::, 20); System::set_block_number(22); @@ -339,7 +334,7 @@ mod tests { .expect("post_dispatch succeeds"); assert_eq!( - LastSeen::::get(identifier, None::), + LastSeen::::get(identifier, None::), None ); }); diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index a18fff37c6..1daf2915b3 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -3,7 +3,7 @@ use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; use scale_info::TypeInfo; use sp_std::collections::btree_map::BTreeMap; -/// Resolves the optional context within which a rate limit applies. +/// Resolves the optional identifier within which a rate limit applies. pub trait RateLimitContextResolver { /// Returns `Some(context)` when the limit should be applied per-context, or `None` for global /// limits. @@ -104,71 +104,71 @@ pub enum RateLimitKind { /// Stored rate limit configuration for a transaction identifier. /// /// The configuration is mutually exclusive: either the call is globally limited or it stores a set -/// of per-context spans. +/// of per-scope spans. #[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] #[cfg_attr( feature = "std", serde( - bound = "Context: Ord + serde::Serialize + serde::de::DeserializeOwned, BlockNumber: serde::Serialize + serde::de::DeserializeOwned" + bound = "Scope: Ord + serde::Serialize + serde::de::DeserializeOwned, BlockNumber: serde::Serialize + serde::de::DeserializeOwned" ) )] #[derive(Clone, PartialEq, Eq, Encode, Decode, DecodeWithMemTracking, TypeInfo, Debug)] -pub enum RateLimit { +pub enum RateLimit { /// Global span applied to every invocation. Global(RateLimitKind), - /// Per-context spans keyed by `Context`. - Contextual(BTreeMap>), + /// Per-scope spans keyed by `Scope`. + Scoped(BTreeMap>), } -impl RateLimit +impl RateLimit where - Context: Ord, + Scope: Ord, { /// Convenience helper to build a global configuration. pub fn global(kind: RateLimitKind) -> Self { Self::Global(kind) } - /// Convenience helper to build a contextual configuration containing a single entry. - pub fn contextual_single(context: Context, kind: RateLimitKind) -> Self { + /// Convenience helper to build a scoped configuration containing a single entry. + pub fn scoped_single(scope: Scope, kind: RateLimitKind) -> Self { let mut map = BTreeMap::new(); - map.insert(context, kind); - Self::Contextual(map) + map.insert(scope, kind); + Self::Scoped(map) } - /// Returns the span configured for the provided context, if any. - pub fn kind_for(&self, context: Option<&Context>) -> Option<&RateLimitKind> { + /// Returns the span configured for the provided scope, if any. + pub fn kind_for(&self, scope: Option<&Scope>) -> Option<&RateLimitKind> { match self { RateLimit::Global(kind) => Some(kind), - RateLimit::Contextual(map) => context.and_then(|ctx| map.get(ctx)), + RateLimit::Scoped(map) => scope.and_then(|key| map.get(key)), } } - /// Inserts or updates a contextual entry, converting from a global configuration if needed. - pub fn upsert_context(&mut self, context: Context, kind: RateLimitKind) { + /// Inserts or updates a scoped entry, converting from a global configuration if needed. + pub fn upsert_scope(&mut self, scope: Scope, kind: RateLimitKind) { match self { RateLimit::Global(_) => { let mut map = BTreeMap::new(); - map.insert(context, kind); - *self = RateLimit::Contextual(map); + map.insert(scope, kind); + *self = RateLimit::Scoped(map); } - RateLimit::Contextual(map) => { - map.insert(context, kind); + RateLimit::Scoped(map) => { + map.insert(scope, kind); } } } - /// Removes a contextual entry, returning whether one existed. - pub fn remove_context(&mut self, context: &Context) -> bool { + /// Removes a scoped entry, returning whether one existed. + pub fn remove_scope(&mut self, scope: &Scope) -> bool { match self { RateLimit::Global(_) => false, - RateLimit::Contextual(map) => map.remove(context).is_some(), + RateLimit::Scoped(map) => map.remove(scope).is_some(), } } - /// Returns true when the contextual configuration contains no entries. - pub fn is_contextual_empty(&self) -> bool { - matches!(self, RateLimit::Contextual(map) if map.is_empty()) + /// Returns true when the scoped configuration contains no entries. + pub fn is_scoped_empty(&self) -> bool { + matches!(self, RateLimit::Scoped(map) if map.is_empty()) } } From 2df6d4b8c95e15f024dcf4e961f9d30d14391542 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 31 Oct 2025 14:48:38 +0300 Subject: [PATCH 15/46] Update docs --- pallets/rate-limiting/src/lib.rs | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 0579249b36..e1c7a1665a 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -361,10 +361,11 @@ pub mod pallet { impl, I: 'static> Pallet { /// Sets the rate limit configuration for the given call. /// - /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any - /// arguments embedded in the call are ignored**. The applicable scope is discovered via - /// [`Config::LimitScopeResolver`]. When a scope resolves, the configuration is stored - /// against that scope; otherwise the global entry is updated. + /// The supplied `call` is inspected to derive the pallet/extrinsic indices and passed to + /// [`Config::LimitScopeResolver`] to determine the applicable scope. The pallet never + /// persists the call arguments directly, but a resolver may read them in order to resolve + /// its context. When a scope resolves, the configuration is stored against that scope; + /// otherwise the global entry is updated. #[pallet::call_index(0)] #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn set_rate_limit( @@ -403,9 +404,10 @@ pub mod pallet { /// Clears the rate limit for the given call, if present. /// - /// The supplied `call` is only used to derive the pallet and extrinsic indices; **any - /// arguments embedded in the call are ignored**. The configuration scope is determined via - /// [`Config::LimitScopeResolver`]. When no scope resolves, the global entry is cleared. + /// The supplied `call` is inspected to derive the pallet/extrinsic indices and passed to + /// [`Config::LimitScopeResolver`] when determining which scoped configuration to clear. + /// The pallet does not persist the call arguments, but resolvers may read them while + /// computing the scope. When no scope resolves, the global entry is cleared. #[pallet::call_index(1)] #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] pub fn clear_rate_limit( From 15c9aa9b7072fd98618b193cccf7fe3c7744371a Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 31 Oct 2025 14:58:02 +0300 Subject: [PATCH 16/46] Add an extrinsic to clear all scoped rate limits in pallet-rate-limiting --- pallets/rate-limiting/src/lib.rs | 44 +++++++++++++++++++++++- pallets/rate-limiting/src/tests.rs | 54 ++++++++++++++++++++++++++++++ pallets/rate-limiting/src/types.rs | 2 +- 3 files changed, 98 insertions(+), 2 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index e1c7a1665a..7b960e566e 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -224,6 +224,15 @@ pub mod pallet { /// Extrinsic name associated with the transaction. extrinsic: Vec, }, + /// All scoped and global rate limits for a call were cleared. + AllRateLimitsCleared { + /// Identifier of the affected transaction. + transaction: TransactionIdentifier, + /// Pallet name associated with the transaction. + pallet: Vec, + /// Extrinsic name associated with the transaction. + extrinsic: Vec, + }, /// The default rate limit was set or updated. DefaultRateLimitSet { /// The new default limit expressed in blocks. @@ -456,8 +465,41 @@ pub mod pallet { Ok(()) } - /// Sets the default rate limit in blocks applied to calls configured to use it. + /// Clears every stored rate limit configuration for the given call, including scoped + /// entries. + /// + /// The supplied `call` is inspected to derive the pallet and extrinsic indices. All stored + /// scopes for that call, along with any associated usage tracking entries, are removed when + /// this extrinsic succeeds. #[pallet::call_index(2)] + #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] + pub fn clear_all_rate_limits( + origin: OriginFor, + call: Box<>::RuntimeCall>, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + let (pallet_name, extrinsic_name) = identifier.names::()?; + let pallet = Vec::from(pallet_name.as_bytes()); + let extrinsic = Vec::from(extrinsic_name.as_bytes()); + + let removed = Limits::::take(&identifier).is_some(); + ensure!(removed, Error::::MissingRateLimit); + + let _ = LastSeen::::clear_prefix(&identifier, u32::MAX, None); + + Self::deposit_event(Event::AllRateLimitsCleared { + transaction: identifier, + pallet, + extrinsic, + }); + + Ok(()) + } + + /// Sets the default rate limit in blocks applied to calls configured to use it. + #[pallet::call_index(3)] #[pallet::weight(T::DbWeight::get().writes(1))] pub fn set_default_rate_limit( origin: OriginFor, diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index f02c2c52b0..1a89951193 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -380,6 +380,60 @@ fn clear_rate_limit_removes_only_selected_scope() { }); } +#[test] +fn clear_all_rate_limits_removes_entire_configuration() { + new_test_ext().execute_with(|| { + System::reset_events(); + + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&target_call); + + let mut map = BTreeMap::new(); + map.insert(3u16, RateLimitKind::Exact(6)); + map.insert(4u16, RateLimitKind::Exact(7)); + Limits::::insert(identifier, RateLimit::Scoped(map)); + + LastSeen::::insert(identifier, Some(3u16), 11); + LastSeen::::insert(identifier, None::, 12); + + assert_ok!(RateLimiting::clear_all_rate_limits( + RuntimeOrigin::root(), + Box::new(target_call.clone()), + )); + + assert!(Limits::::get(identifier).is_none()); + assert!(LastSeen::::get(identifier, Some(3u16)).is_none()); + assert!(LastSeen::::get(identifier, None::).is_none()); + + match pop_last_event() { + RuntimeEvent::RateLimiting(crate::pallet::Event::AllRateLimitsCleared { + transaction, + pallet, + extrinsic, + }) => { + assert_eq!(transaction, identifier); + assert_eq!(pallet, b"RateLimiting".to_vec()); + assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); + } + other => panic!("unexpected event: {:?}", other), + } + }); +} + +#[test] +fn clear_all_rate_limits_fails_when_missing() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); + + assert_noop!( + RateLimiting::clear_all_rate_limits(RuntimeOrigin::root(), Box::new(target_call)), + Error::::MissingRateLimit + ); + }); +} + #[test] fn set_default_rate_limit_updates_storage_and_emits_event() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 1daf2915b3..4e68d0205a 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -189,7 +189,7 @@ mod tests { // System is the first pallet in the mock runtime, RateLimiting is second. assert_eq!(identifier.pallet_index, 1); // set_default_rate_limit has call_index 2. - assert_eq!(identifier.extrinsic_index, 2); + assert_eq!(identifier.extrinsic_index, 3); } #[test] From e74d65015d33e2ef116c7ec1b970e25f37da9410 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 31 Oct 2025 15:15:17 +0300 Subject: [PATCH 17/46] Clear LastSeen on clear_rate_limit call --- pallets/rate-limiting/src/lib.rs | 18 ++++++++++++++++++ pallets/rate-limiting/src/tests.rs | 13 +++++++++++++ 2 files changed, 31 insertions(+) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 7b960e566e..38cfce1a5e 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -427,6 +427,7 @@ pub mod pallet { let identifier = TransactionIdentifier::from_call::(call.as_ref())?; let scope = >::LimitScopeResolver::context(call.as_ref()); + let usage = >::UsageResolver::context(call.as_ref()); let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); @@ -455,6 +456,23 @@ pub mod pallet { ensure!(removed, Error::::MissingRateLimit); + if removed { + match (scope.as_ref(), usage) { + (None, _) => { + let _ = LastSeen::::clear_prefix(&identifier, u32::MAX, None); + } + (_, Some(key)) => { + LastSeen::::remove(&identifier, Some(key)); + } + (_, None) => { + LastSeen::::remove( + &identifier, + Option::<>::UsageKey>::None, + ); + } + } + } + Self::deposit_event(Event::RateLimitCleared { transaction: identifier, scope, diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 1a89951193..16639e2d5b 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -300,6 +300,8 @@ fn clear_rate_limit_removes_entry_and_emits_event() { RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); let identifier = identifier_for(&target_call); Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(4))); + LastSeen::::insert(identifier, None::, 7); + LastSeen::::insert(identifier, Some(88u16), 9); assert_ok!(RateLimiting::clear_rate_limit( RuntimeOrigin::root(), @@ -307,6 +309,8 @@ fn clear_rate_limit_removes_entry_and_emits_event() { )); assert!(Limits::::get(identifier).is_none()); + assert!(LastSeen::::get(identifier, None::).is_none()); + assert!(LastSeen::::get(identifier, Some(88u16)).is_none()); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { @@ -350,6 +354,9 @@ fn clear_rate_limit_removes_only_selected_scope() { map.insert(9u16, RateLimitKind::Exact(7)); map.insert(10u16, RateLimitKind::Exact(5)); Limits::::insert(identifier, RateLimit::Scoped(map)); + LastSeen::::insert(identifier, Some(9u16), 11); + LastSeen::::insert(identifier, Some(10u16), 12); + LastSeen::::insert(identifier, None::, 13); let scoped_call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 9 }); @@ -365,6 +372,12 @@ fn clear_rate_limit_removes_only_selected_scope() { config.kind_for(Some(&10u16)).copied(), Some(RateLimitKind::Exact(5)) ); + assert!(LastSeen::::get(identifier, Some(9u16)).is_none()); + assert_eq!(LastSeen::::get(identifier, Some(10u16)), Some(12)); + assert_eq!( + LastSeen::::get(identifier, None::), + Some(13) + ); match pop_last_event() { RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { From fc60465b506b26f62aa71685ef2e0fae3dc6d99b Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 31 Oct 2025 16:02:15 +0300 Subject: [PATCH 18/46] Add rate limit bypassing --- pallets/rate-limiting/src/lib.rs | 27 ++++++++++--------- pallets/rate-limiting/src/mock.rs | 11 ++++++-- pallets/rate-limiting/src/tx_extension.rs | 33 ++++++++++++++++++++++- pallets/rate-limiting/src/types.rs | 24 +++++++++++++---- 4 files changed, 74 insertions(+), 21 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 38cfce1a5e..a5c5982307 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -45,7 +45,7 @@ //! //! # Context resolvers //! -//! The pallet relies on two resolvers, both implementing [`RateLimitContextResolver`]: +//! The pallet relies on two resolvers: //! //! - [`Config::LimitScopeResolver`], which determines how limits are stored (for example by //! returning a `netuid`). When this resolver returns `None`, the configuration is stored as a @@ -63,7 +63,7 @@ //! //! // Limits are scoped per netuid. //! pub struct ScopeResolver; -//! impl pallet_rate_limiting::RateLimitContextResolver for ScopeResolver { +//! impl pallet_rate_limiting::RateLimitScopeResolver for ScopeResolver { //! fn context(call: &RuntimeCall) -> Option { //! match call { //! RuntimeCall::Subtensor(pallet_subtensor::Call::set_weights { netuid, .. }) => { @@ -76,9 +76,8 @@ //! //! // Usage tracking distinguishes hyperparameter + netuid. //! pub struct UsageResolver; -//! impl pallet_rate_limiting::RateLimitContextResolver -//! for UsageResolver -//! { +//! impl pallet_rate_limiting::RateLimitUsageResolver +//! for UsageResolver { //! fn context(call: &RuntimeCall) -> Option<(NetUid, HyperParam)> { //! match call { //! RuntimeCall::Subtensor(pallet_subtensor::Call::set_hyperparam { @@ -105,7 +104,9 @@ pub use benchmarking::BenchmarkHelper; pub use pallet::*; pub use tx_extension::RateLimitTransactionExtension; -pub use types::{RateLimit, RateLimitContextResolver, RateLimitKind, TransactionIdentifier}; +pub use types::{ + RateLimit, RateLimitKind, RateLimitScopeResolver, RateLimitUsageResolver, TransactionIdentifier, +}; #[cfg(feature = "runtime-benchmarks")] mod benchmarking; @@ -131,7 +132,10 @@ pub mod pallet { #[cfg(feature = "runtime-benchmarks")] use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; - use crate::types::{RateLimit, RateLimitContextResolver, RateLimitKind, TransactionIdentifier}; + use crate::types::{ + RateLimit, RateLimitKind, RateLimitScopeResolver, RateLimitUsageResolver, + TransactionIdentifier, + }; /// Configuration trait for the rate limiting pallet. #[pallet::config] @@ -152,13 +156,13 @@ pub mod pallet { type LimitScope: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; /// Resolves the scope for the given runtime call when configuring limits. - type LimitScopeResolver: RateLimitContextResolver<>::RuntimeCall, Self::LimitScope>; + type LimitScopeResolver: RateLimitScopeResolver<>::RuntimeCall, Self::LimitScope>; /// Usage key tracked in [`LastSeen`] for rate-limited calls. type UsageKey: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; /// Resolves the usage key for the given runtime call when enforcing limits. - type UsageResolver: RateLimitContextResolver<>::RuntimeCall, Self::UsageKey>; + type UsageResolver: RateLimitUsageResolver<>::RuntimeCall, Self::UsageKey>; /// Helper used to construct runtime calls for benchmarking. #[cfg(feature = "runtime-benchmarks")] @@ -465,10 +469,7 @@ pub mod pallet { LastSeen::::remove(&identifier, Some(key)); } (_, None) => { - LastSeen::::remove( - &identifier, - Option::<>::UsageKey>::None, - ); + LastSeen::::remove(&identifier, None::<>::UsageKey>); } } } diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index aec00b45bb..5fab86e4ab 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -61,7 +61,7 @@ pub type UsageKey = u16; pub struct TestScopeResolver; pub struct TestUsageResolver; -impl pallet_rate_limiting::RateLimitContextResolver for TestScopeResolver { +impl pallet_rate_limiting::RateLimitScopeResolver for TestScopeResolver { fn context(call: &RuntimeCall) -> Option { match call { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { @@ -71,9 +71,16 @@ impl pallet_rate_limiting::RateLimitContextResolver for _ => None, } } + + fn should_bypass(call: &RuntimeCall) -> bool { + matches!( + call, + RuntimeCall::RateLimiting(RateLimitingCall::clear_rate_limit { .. }) + ) + } } -impl pallet_rate_limiting::RateLimitContextResolver for TestUsageResolver { +impl pallet_rate_limiting::RateLimitUsageResolver for TestUsageResolver { fn context(call: &RuntimeCall) -> Option { match call { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 5276f1f396..95696409ee 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -17,7 +17,7 @@ use sp_std::{marker::PhantomData, result::Result}; use crate::{ Config, LastSeen, Pallet, - types::{RateLimitContextResolver, TransactionIdentifier}, + types::{RateLimitScopeResolver, RateLimitUsageResolver, TransactionIdentifier}, }; /// Identifier returned in the transaction metadata for the rate limiting extension. @@ -97,6 +97,10 @@ where _inherited_implication: &impl Implication, _source: TransactionSource, ) -> ValidateResult>::RuntimeCall> { + if >::LimitScopeResolver::should_bypass(call) { + return Ok((ValidTransaction::default(), None, origin)); + } + let identifier = match TransactionIdentifier::from_call::(call) { Ok(identifier) => identifier, Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), @@ -178,6 +182,12 @@ mod tests { RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }) } + fn bypass_call() -> RuntimeCall { + RuntimeCall::RateLimiting(RateLimitingCall::clear_rate_limit { + call: Box::new(remark_call()), + }) + } + fn new_tx_extension() -> RateLimitTransactionExtension { RateLimitTransactionExtension(Default::default()) } @@ -242,6 +252,27 @@ mod tests { }); } + #[test] + fn tx_extension_honors_bypass_signal() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + let call = bypass_call(); + + let (valid, val, _) = + validate_with_tx_extension(&extension, &call).expect("bypass should succeed"); + assert_eq!(valid.priority, 0); + assert!(val.is_none()); + + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(3))); + LastSeen::::insert(identifier, None::, 1); + + let (_valid, post_val, _) = + validate_with_tx_extension(&extension, &call).expect("still bypassed"); + assert!(post_val.is_none()); + }); + } + #[test] fn tx_extension_records_last_seen_for_successful_call() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 4e68d0205a..0f4d4948f1 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -3,11 +3,25 @@ use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; use scale_info::TypeInfo; use sp_std::collections::btree_map::BTreeMap; -/// Resolves the optional identifier within which a rate limit applies. -pub trait RateLimitContextResolver { - /// Returns `Some(context)` when the limit should be applied per-context, or `None` for global - /// limits. - fn context(call: &Call) -> Option; +/// Resolves the optional identifier within which a rate limit applies and can optionally bypass +/// enforcement. +pub trait RateLimitScopeResolver { + /// Returns `Some(scope)` when the limit should be applied per-scope, or `None` for global + /// limits. + fn context(call: &Call) -> Option; + + /// Returns `true` when the rate limit should be bypassed for the provided call. Defaults to + /// `false`. + fn should_bypass(_call: &Call) -> bool { + false + } +} + +/// Resolves the optional usage tracking key applied when enforcing limits. +pub trait RateLimitUsageResolver { + /// Returns `Some(usage)` when usage should be tracked per-key, or `None` for global usage + /// tracking. + fn context(call: &Call) -> Option; } /// Identifies a runtime call by pallet and extrinsic indices. From 5c8a8abf746681bf18ef47c62cfa9c9aba212a04 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 31 Oct 2025 16:31:48 +0300 Subject: [PATCH 19/46] Add rate limit adjuster --- pallets/rate-limiting/src/lib.rs | 69 +++++++++++++++++------ pallets/rate-limiting/src/mock.rs | 15 ++++- pallets/rate-limiting/src/tests.rs | 4 +- pallets/rate-limiting/src/tx_extension.rs | 34 ++++++++++- pallets/rate-limiting/src/types.rs | 24 +++++--- 5 files changed, 115 insertions(+), 31 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index a5c5982307..e40b857ed6 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -48,8 +48,9 @@ //! The pallet relies on two resolvers: //! //! - [`Config::LimitScopeResolver`], which determines how limits are stored (for example by -//! returning a `netuid`). When this resolver returns `None`, the configuration is stored as a -//! global fallback. +//! returning a `netuid`). The resolver can also signal that a call should bypass rate limiting or +//! adjust the effective span at validation time. When it returns `None`, the configuration is +//! stored as a global fallback. //! - [`Config::UsageResolver`], which decides how executions are tracked in //! [`LastSeen`](pallet::LastSeen). This can refine the limit scope (for example by returning a //! tuple of `(netuid, hyperparameter)`). @@ -63,7 +64,7 @@ //! //! // Limits are scoped per netuid. //! pub struct ScopeResolver; -//! impl pallet_rate_limiting::RateLimitScopeResolver for ScopeResolver { +//! impl pallet_rate_limiting::RateLimitScopeResolver for ScopeResolver { //! fn context(call: &RuntimeCall) -> Option { //! match call { //! RuntimeCall::Subtensor(pallet_subtensor::Call::set_weights { netuid, .. }) => { @@ -72,12 +73,15 @@ //! _ => None, //! } //! } +//! +//! fn adjust_span(_call: &RuntimeCall, span: BlockNumber) -> BlockNumber { +//! span +//! } //! } //! //! // Usage tracking distinguishes hyperparameter + netuid. //! pub struct UsageResolver; -//! impl pallet_rate_limiting::RateLimitUsageResolver -//! for UsageResolver { +//! impl pallet_rate_limiting::RateLimitUsageResolver for UsageResolver { //! fn context(call: &RuntimeCall) -> Option<(NetUid, HyperParam)> { //! match call { //! RuntimeCall::Subtensor(pallet_subtensor::Call::set_hyperparam { @@ -156,7 +160,11 @@ pub mod pallet { type LimitScope: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; /// Resolves the scope for the given runtime call when configuring limits. - type LimitScopeResolver: RateLimitScopeResolver<>::RuntimeCall, Self::LimitScope>; + type LimitScopeResolver: RateLimitScopeResolver< + >::RuntimeCall, + Self::LimitScope, + BlockNumberFor, + >; /// Usage key tracked in [`LastSeen`] for rate-limited calls. type UsageKey: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; @@ -306,21 +314,17 @@ pub mod pallet { identifier: &TransactionIdentifier, scope: &Option<>::LimitScope>, usage_key: &Option<>::UsageKey>, + call: &>::RuntimeCall, ) -> Result { - let Some(block_span) = Self::resolved_limit(identifier, scope) else { + if >::LimitScopeResolver::should_bypass(call) { return Ok(true); - }; - - let current = frame_system::Pallet::::block_number(); - - if let Some(last) = LastSeen::::get(identifier, usage_key) { - let delta = current.saturating_sub(last); - if delta < block_span { - return Ok(false); - } } - Ok(true) + let Some(block_span) = Self::effective_span(call, identifier, scope) else { + return Ok(true); + }; + + Ok(Self::within_span(identifier, usage_key, block_span)) } pub(crate) fn resolved_limit( @@ -335,6 +339,37 @@ pub mod pallet { }) } + pub(crate) fn effective_span( + call: &>::RuntimeCall, + identifier: &TransactionIdentifier, + scope: &Option<>::LimitScope>, + ) -> Option> { + let span = Self::resolved_limit(identifier, scope)?; + Some(>::LimitScopeResolver::adjust_span( + call, span, + )) + } + + pub(crate) fn within_span( + identifier: &TransactionIdentifier, + usage_key: &Option<>::UsageKey>, + block_span: BlockNumberFor, + ) -> bool { + if block_span.is_zero() { + return true; + } + + if let Some(last) = LastSeen::::get(identifier, usage_key) { + let current = frame_system::Pallet::::block_number(); + let delta = current.saturating_sub(last); + if delta < block_span { + return false; + } + } + + true + } + /// Returns the configured limit for the specified pallet/extrinsic names, if any. pub fn limit_for_call_names( pallet_name: &str, diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index 5fab86e4ab..67321731a1 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -61,7 +61,9 @@ pub type UsageKey = u16; pub struct TestScopeResolver; pub struct TestUsageResolver; -impl pallet_rate_limiting::RateLimitScopeResolver for TestScopeResolver { +impl pallet_rate_limiting::RateLimitScopeResolver + for TestScopeResolver +{ fn context(call: &RuntimeCall) -> Option { match call { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { @@ -78,6 +80,17 @@ impl pallet_rate_limiting::RateLimitScopeResolver for T RuntimeCall::RateLimiting(RateLimitingCall::clear_rate_limit { .. }) ) } + + fn adjust_span(call: &RuntimeCall, span: u64) -> u64 { + if matches!( + call, + RuntimeCall::RateLimiting(RateLimitingCall::clear_all_rate_limits { .. }) + ) { + span.saturating_mul(2) + } else { + span + } + } } impl pallet_rate_limiting::RateLimitUsageResolver for TestUsageResolver { diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 16639e2d5b..c89543ae4b 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -121,7 +121,7 @@ fn is_within_limit_is_true_when_no_limit() { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - let result = RateLimiting::is_within_limit(&identifier, &None, &None); + let result = RateLimiting::is_within_limit(&identifier, &None, &None, &call); assert_eq!(result.expect("no error expected"), true); }); } @@ -144,6 +144,7 @@ fn is_within_limit_false_when_rate_limited() { &identifier, &Some(1 as LimitScope), &Some(1 as UsageKey), + &call, ) .expect("call succeeds"); assert!(!within); @@ -168,6 +169,7 @@ fn is_within_limit_true_after_required_span() { &identifier, &Some(2 as LimitScope), &Some(2 as UsageKey), + &call, ) .expect("call succeeds"); assert!(within); diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 95696409ee..623a6af3ac 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -109,7 +109,7 @@ where let scope = >::LimitScopeResolver::context(call); let usage = >::UsageResolver::context(call); - let Some(block_span) = Pallet::::resolved_limit(&identifier, &scope) else { + let Some(block_span) = Pallet::::effective_span(call, &identifier, &scope) else { return Ok((ValidTransaction::default(), None, origin)); }; @@ -117,8 +117,7 @@ where return Ok((ValidTransaction::default(), None, origin)); } - let within_limit = Pallet::::is_within_limit(&identifier, &scope, &usage) - .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; + let within_limit = Pallet::::within_span(&identifier, &usage, block_span); if !within_limit { return Err(TransactionValidityError::Invalid( @@ -188,6 +187,12 @@ mod tests { }) } + fn adjustable_call() -> RuntimeCall { + RuntimeCall::RateLimiting(RateLimitingCall::clear_all_rate_limits { + call: Box::new(remark_call()), + }) + } + fn new_tx_extension() -> RateLimitTransactionExtension { RateLimitTransactionExtension(Default::default()) } @@ -273,6 +278,29 @@ mod tests { }); } + #[test] + fn tx_extension_applies_adjusted_span() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + let call = adjustable_call(); + let identifier = identifier_for(&call); + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(4))); + LastSeen::::insert(identifier, Some(1u16), 10); + + System::set_block_number(14); + + // Stored span (4) would allow the call, but adjusted span (8) should block it. + let err = validate_with_tx_extension(&extension, &call) + .expect_err("adjusted span should apply"); + match err { + TransactionValidityError::Invalid(InvalidTransaction::Custom(code)) => { + assert_eq!(code, RATE_LIMIT_DENIED); + } + other => panic!("unexpected error: {:?}", other), + } + }); + } + #[test] fn tx_extension_records_last_seen_for_successful_call() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 0f4d4948f1..5d537bf64f 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -3,24 +3,30 @@ use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; use scale_info::TypeInfo; use sp_std::collections::btree_map::BTreeMap; -/// Resolves the optional identifier within which a rate limit applies and can optionally bypass -/// enforcement. -pub trait RateLimitScopeResolver { - /// Returns `Some(scope)` when the limit should be applied per-scope, or `None` for global - /// limits. +/// Resolves the optional identifier within which a rate limit applies and can optionally adjust +/// enforcement behaviour. +pub trait RateLimitScopeResolver { + /// Returns `Some(scope)` when the limit should be applied per-scope, or `None` for global + /// limits. fn context(call: &Call) -> Option; - /// Returns `true` when the rate limit should be bypassed for the provided call. Defaults to - /// `false`. + /// Returns `true` when the rate limit should be bypassed for the provided call. Defaults to + /// `false`. fn should_bypass(_call: &Call) -> bool { false } + + /// Optionally adjusts the effective span used during enforcement. Defaults to the original + /// `span`. + fn adjust_span(_call: &Call, span: Span) -> Span { + span + } } /// Resolves the optional usage tracking key applied when enforcing limits. pub trait RateLimitUsageResolver { - /// Returns `Some(usage)` when usage should be tracked per-key, or `None` for global usage - /// tracking. + /// Returns `Some(usage)` when usage should be tracked per-key, or `None` for global usage + /// tracking. fn context(call: &Call) -> Option; } From 1e8db7db79ef51089efa1b74923e1f95bc1206db Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 3 Nov 2025 15:28:09 +0300 Subject: [PATCH 20/46] Add api to migrate scope and usage keys --- pallets/rate-limiting/src/lib.rs | 70 +++++++++++++++++++ pallets/rate-limiting/src/tests.rs | 104 +++++++++++++++++++++++++++++ 2 files changed, 174 insertions(+) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index e40b857ed6..f57b9f0074 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -370,6 +370,76 @@ pub mod pallet { true } + /// Migrates a stored rate limit configuration from one scope to another. + /// + /// Returns `true` when an entry was moved. Passing identical `from`/`to` scopes simply + /// checks that a configuration exists. + pub fn migrate_limit_scope( + identifier: &TransactionIdentifier, + from: Option<>::LimitScope>, + to: Option<>::LimitScope>, + ) -> bool { + if from == to { + return Limits::::contains_key(identifier); + } + + let mut migrated = false; + Limits::::mutate(identifier, |maybe_config| { + if let Some(config) = maybe_config { + match (from.as_ref(), to.as_ref()) { + (None, Some(target)) => { + if let RateLimit::Global(kind) = config { + *config = RateLimit::scoped_single(target.clone(), *kind); + migrated = true; + } + } + (Some(source), Some(target)) => { + if let RateLimit::Scoped(map) = config { + if let Some(kind) = map.remove(source) { + map.insert(target.clone(), kind); + migrated = true; + } + } + } + (Some(source), None) => { + if let RateLimit::Scoped(map) = config { + if map.len() == 1 && map.contains_key(source) { + if let Some(kind) = map.remove(source) { + *config = RateLimit::global(kind); + migrated = true; + } + } + } + } + _ => {} + } + } + }); + + migrated + } + + /// Migrates the cached usage information for a rate-limited call to a new key. + /// + /// Returns `true` when an entry was moved. Passing identical keys simply checks that an + /// entry exists. + pub fn migrate_usage_key( + identifier: &TransactionIdentifier, + from: Option<>::UsageKey>, + to: Option<>::UsageKey>, + ) -> bool { + if from == to { + return LastSeen::::contains_key(identifier, &to); + } + + let Some(block) = LastSeen::::take(identifier, from) else { + return false; + }; + + LastSeen::::insert(identifier, to, block); + true + } + /// Returns the configured limit for the specified pallet/extrinsic names, if any. pub fn limit_for_call_names( pallet_name: &str, diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index c89543ae4b..0e051e9eb0 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -176,6 +176,110 @@ fn is_within_limit_true_after_required_span() { }); } +#[test] +fn migrate_limit_scope_global_to_scoped() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); + let identifier = identifier_for(&target_call); + + Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(3))); + + assert!(RateLimiting::migrate_limit_scope( + &identifier, + None, + Some(9) + )); + + match RateLimiting::limits(identifier).expect("config") { + RateLimit::Scoped(map) => { + assert_eq!(map.len(), 1); + assert_eq!(map.get(&9), Some(&RateLimitKind::Exact(3))); + } + other => panic!("unexpected config: {:?}", other), + } + }); +} + +#[test] +fn migrate_limit_scope_scoped_to_scoped() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&target_call); + + let mut map = sp_std::collections::btree_map::BTreeMap::new(); + map.insert(1u16, RateLimitKind::Exact(4)); + map.insert(2u16, RateLimitKind::Exact(6)); + Limits::::insert(identifier, RateLimit::Scoped(map)); + + assert!(RateLimiting::migrate_limit_scope( + &identifier, + Some(1), + Some(3) + )); + + match RateLimiting::limits(identifier).expect("config") { + RateLimit::Scoped(map) => { + assert!(map.get(&1).is_none()); + assert_eq!(map.get(&3), Some(&RateLimitKind::Exact(4))); + assert_eq!(map.get(&2), Some(&RateLimitKind::Exact(6))); + } + other => panic!("unexpected config: {:?}", other), + } + }); +} + +#[test] +fn migrate_limit_scope_scoped_to_global() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&target_call); + + let mut map = sp_std::collections::btree_map::BTreeMap::new(); + map.insert(7u16, RateLimitKind::Exact(8)); + Limits::::insert(identifier, RateLimit::Scoped(map)); + + assert!(RateLimiting::migrate_limit_scope( + &identifier, + Some(7), + None + )); + + match RateLimiting::limits(identifier).expect("config") { + RateLimit::Global(kind) => assert_eq!(kind, RateLimitKind::Exact(8)), + other => panic!("unexpected config: {:?}", other), + } + }); +} + +#[test] +fn migrate_usage_key_moves_entry() { + new_test_ext().execute_with(|| { + let target_call = + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let identifier = identifier_for(&target_call); + + LastSeen::::insert(identifier, Some(5u16), 11); + + assert!(RateLimiting::migrate_usage_key( + &identifier, + Some(5), + Some(6) + )); + assert!(LastSeen::::get(identifier, Some(5u16)).is_none()); + assert_eq!(LastSeen::::get(identifier, Some(6u16)), Some(11)); + + assert!(RateLimiting::migrate_usage_key(&identifier, Some(6), None)); + assert!(LastSeen::::get(identifier, Some(6u16)).is_none()); + assert_eq!( + LastSeen::::get(identifier, None::), + Some(11) + ); + }); +} + #[test] fn set_rate_limit_updates_storage_and_emits_event() { new_test_ext().execute_with(|| { From 232de64664e7cc9affe9394e45fcbf68023cdf55 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 3 Nov 2025 18:47:54 +0300 Subject: [PATCH 21/46] Pass origin to rate limit context resolvers --- pallets/rate-limiting/Cargo.toml | 2 + pallets/rate-limiting/src/benchmarking.rs | 11 +++- pallets/rate-limiting/src/lib.rs | 65 +++++++++++++++++------ pallets/rate-limiting/src/mock.rs | 14 ++--- pallets/rate-limiting/src/tests.rs | 11 ++-- pallets/rate-limiting/src/tx_extension.rs | 9 ++-- pallets/rate-limiting/src/types.rs | 16 +++--- 7 files changed, 88 insertions(+), 40 deletions(-) diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml index 3447145622..36343ec2cf 100644 --- a/pallets/rate-limiting/Cargo.toml +++ b/pallets/rate-limiting/Cargo.toml @@ -17,6 +17,7 @@ frame-system.workspace = true scale-info = { workspace = true, features = ["derive"] } serde = { workspace = true, features = ["derive"], optional = true } sp-std.workspace = true +sp-runtime.workspace = true subtensor-runtime-common.workspace = true [dev-dependencies] @@ -34,6 +35,7 @@ std = [ "scale-info/std", "serde", "sp-std/std", + "sp-runtime/std", "subtensor-runtime-common/std", ] runtime-benchmarks = [ diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index 65d547ab0b..2d700a4ef6 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -5,6 +5,7 @@ use codec::Decode; use frame_benchmarking::v2::*; use frame_system::{RawOrigin, pallet_prelude::BlockNumberFor}; +use sp_runtime::traits::DispatchOriginOf; use super::*; @@ -36,7 +37,10 @@ mod benchmarks { fn set_rate_limit() { let call = sample_call::(); let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); - let scope = ::LimitScopeResolver::context(call.as_ref()); + let origin = T::RuntimeOrigin::from(RawOrigin::Root); + let resolver_origin: DispatchOriginOf<::RuntimeCall> = + Into::::RuntimeCall>>::into(origin.clone()); + let scope = ::LimitScopeResolver::context(&resolver_origin, call.as_ref()); let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); @@ -61,7 +65,10 @@ mod benchmarks { fn clear_rate_limit() { let call = sample_call::(); let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); - let scope = ::LimitScopeResolver::context(call.as_ref()); + let origin = T::RuntimeOrigin::from(RawOrigin::Root); + let resolver_origin: DispatchOriginOf<::RuntimeCall> = + Into::::RuntimeCall>>::into(origin.clone()); + let scope = ::LimitScopeResolver::context(&resolver_origin, call.as_ref()); // Pre-populate limit for benchmark call let identifier = diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index f57b9f0074..4389b833a8 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -55,8 +55,8 @@ //! [`LastSeen`](pallet::LastSeen). This can refine the limit scope (for example by returning a //! tuple of `(netuid, hyperparameter)`). //! -//! Each resolver receives the call and may return `Some(identifier)` when scoping is required, or -//! `None` to use the global entry. Extrinsics such as +//! Each resolver receives the origin and call and may return `Some(identifier)` when scoping is +//! required, or `None` to use the global entry. Extrinsics such as //! [`set_rate_limit`](pallet::Pallet::set_rate_limit) automatically consult these resolvers. //! //! ```ignore @@ -64,8 +64,13 @@ //! //! // Limits are scoped per netuid. //! pub struct ScopeResolver; -//! impl pallet_rate_limiting::RateLimitScopeResolver for ScopeResolver { -//! fn context(call: &RuntimeCall) -> Option { +//! impl pallet_rate_limiting::RateLimitScopeResolver< +//! RuntimeOrigin, +//! RuntimeCall, +//! NetUid, +//! BlockNumber, +//! > for ScopeResolver { +//! fn context(origin: &RuntimeOrigin, call: &RuntimeCall) -> Option { //! match call { //! RuntimeCall::Subtensor(pallet_subtensor::Call::set_weights { netuid, .. }) => { //! Some(*netuid) @@ -74,15 +79,23 @@ //! } //! } //! -//! fn adjust_span(_call: &RuntimeCall, span: BlockNumber) -> BlockNumber { +//! fn should_bypass(origin: &RuntimeOrigin, _call: &RuntimeCall) -> bool { +//! matches!(origin, RuntimeOrigin::Root) +//! } +//! +//! fn adjust_span(_origin: &RuntimeOrigin, _call: &RuntimeCall, span: BlockNumber) -> BlockNumber { //! span //! } //! } //! //! // Usage tracking distinguishes hyperparameter + netuid. //! pub struct UsageResolver; -//! impl pallet_rate_limiting::RateLimitUsageResolver for UsageResolver { -//! fn context(call: &RuntimeCall) -> Option<(NetUid, HyperParam)> { +//! impl pallet_rate_limiting::RateLimitUsageResolver< +//! RuntimeOrigin, +//! RuntimeCall, +//! (NetUid, HyperParam), +//! > for UsageResolver { +//! fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option<(NetUid, HyperParam)> { //! match call { //! RuntimeCall::Subtensor(pallet_subtensor::Call::set_hyperparam { //! netuid, @@ -128,10 +141,10 @@ pub mod pallet { use codec::Codec; use frame_support::{ pallet_prelude::*, - sp_runtime::traits::{Saturating, Zero}, traits::{BuildGenesisConfig, EnsureOrigin, GetCallMetadata}, }; use frame_system::pallet_prelude::*; + use sp_runtime::traits::{DispatchOriginOf, Dispatchable, Saturating, Zero}; use sp_std::{convert::TryFrom, marker::PhantomData, vec::Vec}; #[cfg(feature = "runtime-benchmarks")] @@ -146,11 +159,14 @@ pub mod pallet { pub trait Config: frame_system::Config where BlockNumberFor: MaybeSerializeDeserialize, + <>::RuntimeCall as Dispatchable>::RuntimeOrigin: + From<::RuntimeOrigin>, { /// The overarching runtime call type. type RuntimeCall: Parameter + Codec + GetCallMetadata + + Dispatchable + IsType<::RuntimeCall>; /// Origin permitted to configure rate limits. @@ -161,6 +177,7 @@ pub mod pallet { /// Resolves the scope for the given runtime call when configuring limits. type LimitScopeResolver: RateLimitScopeResolver< + DispatchOriginOf<>::RuntimeCall>, >::RuntimeCall, Self::LimitScope, BlockNumberFor, @@ -170,7 +187,11 @@ pub mod pallet { type UsageKey: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; /// Resolves the usage key for the given runtime call when enforcing limits. - type UsageResolver: RateLimitUsageResolver<>::RuntimeCall, Self::UsageKey>; + type UsageResolver: RateLimitUsageResolver< + DispatchOriginOf<>::RuntimeCall>, + >::RuntimeCall, + Self::UsageKey, + >; /// Helper used to construct runtime calls for benchmarking. #[cfg(feature = "runtime-benchmarks")] @@ -311,16 +332,17 @@ pub mod pallet { /// Returns `true` when the given transaction identifier passes its configured rate limit /// within the provided usage scope. pub fn is_within_limit( + origin: &DispatchOriginOf<>::RuntimeCall>, + call: &>::RuntimeCall, identifier: &TransactionIdentifier, scope: &Option<>::LimitScope>, usage_key: &Option<>::UsageKey>, - call: &>::RuntimeCall, ) -> Result { - if >::LimitScopeResolver::should_bypass(call) { + if >::LimitScopeResolver::should_bypass(origin, call) { return Ok(true); } - let Some(block_span) = Self::effective_span(call, identifier, scope) else { + let Some(block_span) = Self::effective_span(origin, call, identifier, scope) else { return Ok(true); }; @@ -340,13 +362,14 @@ pub mod pallet { } pub(crate) fn effective_span( + origin: &DispatchOriginOf<>::RuntimeCall>, call: &>::RuntimeCall, identifier: &TransactionIdentifier, scope: &Option<>::LimitScope>, ) -> Option> { let span = Self::resolved_limit(identifier, scope)?; Some(>::LimitScopeResolver::adjust_span( - call, span, + origin, call, span, )) } @@ -491,11 +514,15 @@ pub mod pallet { call: Box<>::RuntimeCall>, limit: RateLimitKind>, ) -> DispatchResult { + let resolver_origin: DispatchOriginOf<>::RuntimeCall> = + Into::>::RuntimeCall>>::into(origin.clone()); + let scope = + >::LimitScopeResolver::context(&resolver_origin, call.as_ref()); + let scope_for_event = scope.clone(); + T::AdminOrigin::ensure_origin(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - let scope = >::LimitScopeResolver::context(call.as_ref()); - let scope_for_event = scope.clone(); if let Some(ref sc) = scope { Limits::::mutate(&identifier, |slot| match slot { @@ -532,11 +559,15 @@ pub mod pallet { origin: OriginFor, call: Box<>::RuntimeCall>, ) -> DispatchResult { + let resolver_origin: DispatchOriginOf<>::RuntimeCall> = + Into::>::RuntimeCall>>::into(origin.clone()); + let scope = + >::LimitScopeResolver::context(&resolver_origin, call.as_ref()); + let usage = >::UsageResolver::context(&resolver_origin, call.as_ref()); + T::AdminOrigin::ensure_origin(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - let scope = >::LimitScopeResolver::context(call.as_ref()); - let usage = >::UsageResolver::context(call.as_ref()); let (pallet_name, extrinsic_name) = identifier.names::()?; let pallet = Vec::from(pallet_name.as_bytes()); diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index 67321731a1..fb7de0a400 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -61,10 +61,10 @@ pub type UsageKey = u16; pub struct TestScopeResolver; pub struct TestUsageResolver; -impl pallet_rate_limiting::RateLimitScopeResolver +impl pallet_rate_limiting::RateLimitScopeResolver for TestScopeResolver { - fn context(call: &RuntimeCall) -> Option { + fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option { match call { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { (*block_span).try_into().ok() @@ -74,14 +74,14 @@ impl pallet_rate_limiting::RateLimitScopeResolver } } - fn should_bypass(call: &RuntimeCall) -> bool { + fn should_bypass(_origin: &RuntimeOrigin, call: &RuntimeCall) -> bool { matches!( call, RuntimeCall::RateLimiting(RateLimitingCall::clear_rate_limit { .. }) ) } - fn adjust_span(call: &RuntimeCall, span: u64) -> u64 { + fn adjust_span(_origin: &RuntimeOrigin, call: &RuntimeCall, span: u64) -> u64 { if matches!( call, RuntimeCall::RateLimiting(RateLimitingCall::clear_all_rate_limits { .. }) @@ -93,8 +93,10 @@ impl pallet_rate_limiting::RateLimitScopeResolver } } -impl pallet_rate_limiting::RateLimitUsageResolver for TestUsageResolver { - fn context(call: &RuntimeCall) -> Option { +impl pallet_rate_limiting::RateLimitUsageResolver + for TestUsageResolver +{ + fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option { match call { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { (*block_span).try_into().ok() diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 0e051e9eb0..a377d71656 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -121,7 +121,8 @@ fn is_within_limit_is_true_when_no_limit() { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); let identifier = identifier_for(&call); - let result = RateLimiting::is_within_limit(&identifier, &None, &None, &call); + let origin = RuntimeOrigin::signed(1); + let result = RateLimiting::is_within_limit(&origin, &call, &identifier, &None, &None); assert_eq!(result.expect("no error expected"), true); }); } @@ -140,11 +141,13 @@ fn is_within_limit_false_when_rate_limited() { System::set_block_number(13); + let origin = RuntimeOrigin::signed(1); let within = RateLimiting::is_within_limit( + &origin, + &call, &identifier, &Some(1 as LimitScope), &Some(1 as UsageKey), - &call, ) .expect("call succeeds"); assert!(!within); @@ -165,11 +168,13 @@ fn is_within_limit_true_after_required_span() { System::set_block_number(20); + let origin = RuntimeOrigin::signed(1); let within = RateLimiting::is_within_limit( + &origin, + &call, &identifier, &Some(2 as LimitScope), &Some(2 as UsageKey), - &call, ) .expect("call succeeds"); assert!(within); diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 623a6af3ac..c6c3eb745c 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -97,7 +97,7 @@ where _inherited_implication: &impl Implication, _source: TransactionSource, ) -> ValidateResult>::RuntimeCall> { - if >::LimitScopeResolver::should_bypass(call) { + if >::LimitScopeResolver::should_bypass(&origin, call) { return Ok((ValidTransaction::default(), None, origin)); } @@ -106,10 +106,11 @@ where Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), }; - let scope = >::LimitScopeResolver::context(call); - let usage = >::UsageResolver::context(call); + let scope = >::LimitScopeResolver::context(&origin, call); + let usage = >::UsageResolver::context(&origin, call); - let Some(block_span) = Pallet::::effective_span(call, &identifier, &scope) else { + let Some(block_span) = Pallet::::effective_span(&origin, call, &identifier, &scope) + else { return Ok((ValidTransaction::default(), None, origin)); }; diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 5d537bf64f..f2f46a6beb 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -5,29 +5,29 @@ use sp_std::collections::btree_map::BTreeMap; /// Resolves the optional identifier within which a rate limit applies and can optionally adjust /// enforcement behaviour. -pub trait RateLimitScopeResolver { +pub trait RateLimitScopeResolver { /// Returns `Some(scope)` when the limit should be applied per-scope, or `None` for global /// limits. - fn context(call: &Call) -> Option; + fn context(origin: &Origin, call: &Call) -> Option; - /// Returns `true` when the rate limit should be bypassed for the provided call. Defaults to - /// `false`. - fn should_bypass(_call: &Call) -> bool { + /// Returns `true` when the rate limit should be bypassed for the provided origin/call pair. + /// Defaults to `false`. + fn should_bypass(_origin: &Origin, _call: &Call) -> bool { false } /// Optionally adjusts the effective span used during enforcement. Defaults to the original /// `span`. - fn adjust_span(_call: &Call, span: Span) -> Span { + fn adjust_span(_origin: &Origin, _call: &Call, span: Span) -> Span { span } } /// Resolves the optional usage tracking key applied when enforcing limits. -pub trait RateLimitUsageResolver { +pub trait RateLimitUsageResolver { /// Returns `Some(usage)` when usage should be tracked per-key, or `None` for global usage /// tracking. - fn context(call: &Call) -> Option; + fn context(origin: &Origin, call: &Call) -> Option; } /// Identifies a runtime call by pallet and extrinsic indices. From e00342fc612ce0ae6b1b44684d4f34f03979bc0e Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 10 Nov 2025 18:03:52 +0300 Subject: [PATCH 22/46] Implement rate-limiting resolvers for pallet-subtensor --- Cargo.lock | 1 + common/src/lib.rs | 2 + common/src/rate_limiting.rs | 66 +++++ pallets/rate-limiting/Cargo.toml | 4 +- pallets/rate-limiting/src/lib.rs | 2 +- pallets/rate-limiting/src/types.rs | 28 +- pallets/subtensor/src/utils/rate_limiting.rs | 2 + runtime/Cargo.toml | 3 + runtime/src/lib.rs | 5 + runtime/src/rate_limiting.rs | 256 +++++++++++++++++++ 10 files changed, 357 insertions(+), 12 deletions(-) create mode 100644 common/src/rate_limiting.rs create mode 100644 runtime/src/rate_limiting.rs diff --git a/Cargo.lock b/Cargo.lock index a919bc7486..df6e2f9266 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8297,6 +8297,7 @@ dependencies = [ "pallet-nomination-pools-runtime-api", "pallet-offences", "pallet-preimage", + "pallet-rate-limiting", "pallet-registry", "pallet-safe-mode", "pallet-scheduler", diff --git a/common/src/lib.rs b/common/src/lib.rs index a98a957ad8..db4c314bbe 100644 --- a/common/src/lib.rs +++ b/common/src/lib.rs @@ -15,8 +15,10 @@ use sp_runtime::{ use subtensor_macros::freeze_struct; pub use currency::*; +pub use rate_limiting::{RateLimitScope, RateLimitUsageKey}; mod currency; +mod rate_limiting; /// Balance of an account. pub type Balance = u64; diff --git a/common/src/rate_limiting.rs b/common/src/rate_limiting.rs new file mode 100644 index 0000000000..3c88758943 --- /dev/null +++ b/common/src/rate_limiting.rs @@ -0,0 +1,66 @@ +use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::pallet_prelude::Parameter; +use scale_info::TypeInfo; +use serde::{Deserialize, Serialize}; + +use crate::{MechId, NetUid}; + +#[derive( + Serialize, + Deserialize, + Encode, + Decode, + DecodeWithMemTracking, + Clone, + Copy, + PartialEq, + Eq, + PartialOrd, + Ord, + Debug, + TypeInfo, + MaxEncodedLen, +)] +pub enum RateLimitScope { + Subnet(NetUid), + SubnetMechanism { netuid: NetUid, mecid: MechId }, +} + +#[derive( + Serialize, + Deserialize, + Encode, + Decode, + DecodeWithMemTracking, + Clone, + PartialEq, + Eq, + PartialOrd, + Ord, + Debug, + TypeInfo, + MaxEncodedLen, +)] +#[scale_info(skip_type_params(AccountId))] +pub enum RateLimitUsageKey { + Account(AccountId), + Subnet(NetUid), + AccountSubnet { + account: AccountId, + netuid: NetUid, + }, + ColdkeyHotkeySubnet { + coldkey: AccountId, + hotkey: AccountId, + netuid: NetUid, + }, + SubnetNeuron { + netuid: NetUid, + uid: u16, + }, + SubnetMechanismNeuron { + netuid: NetUid, + mecid: MechId, + uid: u16, + }, +} diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml index 36343ec2cf..67e2710f4b 100644 --- a/pallets/rate-limiting/Cargo.toml +++ b/pallets/rate-limiting/Cargo.toml @@ -15,7 +15,7 @@ frame-benchmarking = { workspace = true, optional = true } frame-support.workspace = true frame-system.workspace = true scale-info = { workspace = true, features = ["derive"] } -serde = { workspace = true, features = ["derive"], optional = true } +serde = { workspace = true, features = ["derive"] } sp-std.workspace = true sp-runtime.workspace = true subtensor-runtime-common.workspace = true @@ -33,7 +33,7 @@ std = [ "frame-support/std", "frame-system/std", "scale-info/std", - "serde", + "serde/std", "sp-std/std", "sp-runtime/std", "subtensor-runtime-common/std", diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 4389b833a8..54dd54f5f2 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -145,7 +145,7 @@ pub mod pallet { }; use frame_system::pallet_prelude::*; use sp_runtime::traits::{DispatchOriginOf, Dispatchable, Saturating, Zero}; - use sp_std::{convert::TryFrom, marker::PhantomData, vec::Vec}; + use sp_std::{boxed::Box, convert::TryFrom, marker::PhantomData, vec::Vec}; #[cfg(feature = "runtime-benchmarks")] use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index f2f46a6beb..4748f1576e 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -1,6 +1,7 @@ use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; use scale_info::TypeInfo; +use serde::{Deserialize, Serialize}; use sp_std::collections::btree_map::BTreeMap; /// Resolves the optional identifier within which a rate limit applies and can optionally adjust @@ -31,8 +32,9 @@ pub trait RateLimitUsageResolver { } /// Identifies a runtime call by pallet and extrinsic indices. -#[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] #[derive( + Serialize, + Deserialize, Clone, Copy, PartialEq, @@ -101,8 +103,9 @@ impl TransactionIdentifier { } /// Policy describing the block span enforced by a rate limit. -#[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] #[derive( + Serialize, + Deserialize, Clone, Copy, PartialEq, @@ -125,14 +128,21 @@ pub enum RateLimitKind { /// /// The configuration is mutually exclusive: either the call is globally limited or it stores a set /// of per-scope spans. -#[cfg_attr(feature = "std", derive(serde::Deserialize, serde::Serialize))] -#[cfg_attr( - feature = "std", - serde( - bound = "Scope: Ord + serde::Serialize + serde::de::DeserializeOwned, BlockNumber: serde::Serialize + serde::de::DeserializeOwned" - ) +#[derive( + Serialize, + Deserialize, + Clone, + PartialEq, + Eq, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + Debug, +)] +#[serde( + bound = "Scope: Ord + serde::Serialize + serde::de::DeserializeOwned, BlockNumber: serde::Serialize + serde::de::DeserializeOwned" )] -#[derive(Clone, PartialEq, Eq, Encode, Decode, DecodeWithMemTracking, TypeInfo, Debug)] pub enum RateLimit { /// Global span applied to every invocation. Global(RateLimitKind), diff --git a/pallets/subtensor/src/utils/rate_limiting.rs b/pallets/subtensor/src/utils/rate_limiting.rs index 85f58cfc64..468aecd1c1 100644 --- a/pallets/subtensor/src/utils/rate_limiting.rs +++ b/pallets/subtensor/src/utils/rate_limiting.rs @@ -1,3 +1,5 @@ +use codec::{Decode, Encode}; +use scale_info::TypeInfo; use subtensor_runtime_common::NetUid; use super::*; diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index 9760ac1b53..b363eb4f5f 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -38,6 +38,7 @@ frame-system = { workspace = true } frame-try-runtime = { workspace = true, optional = true } pallet-timestamp.workspace = true pallet-transaction-payment.workspace = true +pallet-rate-limiting.workspace = true pallet-subtensor-utility.workspace = true frame-executive.workspace = true frame-metadata-hash-extension.workspace = true @@ -187,6 +188,7 @@ std = [ "pallet-timestamp/std", "pallet-transaction-payment-rpc-runtime-api/std", "pallet-transaction-payment/std", + "pallet-rate-limiting/std", "pallet-subtensor-utility/std", "pallet-sudo/std", "pallet-multisig/std", @@ -328,6 +330,7 @@ try-runtime = [ "pallet-insecure-randomness-collective-flip/try-runtime", "pallet-timestamp/try-runtime", "pallet-transaction-payment/try-runtime", + "pallet-rate-limiting/try-runtime", "pallet-subtensor-utility/try-runtime", "pallet-safe-mode/try-runtime", "pallet-subtensor/try-runtime", diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 266a755708..9d80693ddb 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -12,6 +12,7 @@ use core::num::NonZeroU64; pub mod check_nonce; mod migrations; +mod rate_limiting; pub mod transaction_payment_wrapper; extern crate alloc; @@ -70,6 +71,10 @@ use subtensor_precompiles::Precompiles; use subtensor_runtime_common::{AlphaCurrency, TaoCurrency, time::*, *}; use subtensor_swap_interface::{Order, SwapHandler}; +pub use rate_limiting::{ + ScopeResolver as RuntimeScopeResolver, UsageResolver as RuntimeUsageResolver, +}; + // A few exports that help ease life for downstream crates. pub use frame_support::{ StorageValue, construct_runtime, parameter_types, diff --git a/runtime/src/rate_limiting.rs b/runtime/src/rate_limiting.rs new file mode 100644 index 0000000000..4f569c2daf --- /dev/null +++ b/runtime/src/rate_limiting.rs @@ -0,0 +1,256 @@ +use frame_system::RawOrigin; +use pallet_admin_utils::Call as AdminUtilsCall; +use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; +use pallet_subtensor::{Call as SubtensorCall, Tempo}; +use subtensor_runtime_common::{BlockNumber, MechId, NetUid, RateLimitScope, RateLimitUsageKey}; + +use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; + +fn signed_origin(origin: &RuntimeOrigin) -> Option { + match origin.clone().into() { + Ok(RawOrigin::Signed(who)) => Some(who), + _ => None, + } +} + +fn tempo_scaled(netuid: NetUid, span: BlockNumber) -> BlockNumber { + if span == 0 { + return span; + } + let tempo = BlockNumber::from(Tempo::::get(netuid) as u32); + span.saturating_mul(tempo) +} + +fn neuron_identity(origin: &RuntimeOrigin, netuid: NetUid) -> Option<(AccountId, u16)> { + let hotkey = signed_origin(origin)?; + let uid = + pallet_subtensor::Pallet::::get_uid_for_net_and_hotkey(netuid, &hotkey).ok()?; + Some((hotkey, uid)) +} + +fn owner_hparam_netuid(call: &AdminUtilsCall) -> Option { + match call { + AdminUtilsCall::sudo_set_activity_cutoff { netuid, .. } + | AdminUtilsCall::sudo_set_adjustment_alpha { netuid, .. } + | AdminUtilsCall::sudo_set_alpha_sigmoid_steepness { netuid, .. } + | AdminUtilsCall::sudo_set_alpha_values { netuid, .. } + | AdminUtilsCall::sudo_set_bonds_moving_average { netuid, .. } + | AdminUtilsCall::sudo_set_bonds_penalty { netuid, .. } + | AdminUtilsCall::sudo_set_bonds_reset_enabled { netuid, .. } + | AdminUtilsCall::sudo_set_commit_reveal_weights_enabled { netuid, .. } + | AdminUtilsCall::sudo_set_commit_reveal_weights_interval { netuid, .. } + | AdminUtilsCall::sudo_set_immunity_period { netuid, .. } + | AdminUtilsCall::sudo_set_liquid_alpha_enabled { netuid, .. } + | AdminUtilsCall::sudo_set_max_allowed_uids { netuid, .. } + | AdminUtilsCall::sudo_set_max_burn { netuid, .. } + | AdminUtilsCall::sudo_set_max_difficulty { netuid, .. } + | AdminUtilsCall::sudo_set_min_allowed_weights { netuid, .. } + | AdminUtilsCall::sudo_set_min_burn { netuid, .. } + | AdminUtilsCall::sudo_set_network_pow_registration_allowed { netuid, .. } + | AdminUtilsCall::sudo_set_owner_immune_neuron_limit { netuid, .. } + | AdminUtilsCall::sudo_set_recycle_or_burn { netuid, .. } + | AdminUtilsCall::sudo_set_rho { netuid, .. } + | AdminUtilsCall::sudo_set_serving_rate_limit { netuid, .. } + | AdminUtilsCall::sudo_set_sn_owner_hotkey { netuid, .. } + | AdminUtilsCall::sudo_set_toggle_transfer { netuid, .. } + | AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } + | AdminUtilsCall::sudo_set_yuma3_enabled { netuid, .. } => Some(*netuid), + _ => None, + } +} + +fn admin_scope_netuid(call: &AdminUtilsCall) -> Option { + owner_hparam_netuid(call).or_else(|| match call { + AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } + | AdminUtilsCall::sudo_set_mechanism_emission_split { netuid, .. } + | AdminUtilsCall::sudo_trim_to_max_allowed_uids { netuid, .. } => Some(*netuid), + _ => None, + }) +} + +#[derive(Default)] +pub struct UsageResolver; + +impl RateLimitUsageResolver> + for UsageResolver +{ + fn context(origin: &RuntimeOrigin, call: &RuntimeCall) -> Option> { + match call { + RuntimeCall::SubtensorModule(inner) => match inner { + SubtensorCall::swap_hotkey { .. } => { + signed_origin(origin).map(RateLimitUsageKey::::Account) + } + SubtensorCall::register_network { .. } + | SubtensorCall::register_network_with_identity { .. } => { + signed_origin(origin).map(RateLimitUsageKey::::Account) + } + SubtensorCall::increase_take { hotkey, .. } => { + Some(RateLimitUsageKey::::Account(hotkey.clone())) + } + SubtensorCall::set_childkey_take { hotkey, netuid, .. } + | SubtensorCall::set_children { hotkey, netuid, .. } => { + Some(RateLimitUsageKey::::AccountSubnet { + account: hotkey.clone(), + netuid: *netuid, + }) + } + SubtensorCall::set_weights { netuid, .. } + | SubtensorCall::commit_weights { netuid, .. } + | SubtensorCall::reveal_weights { netuid, .. } + | SubtensorCall::batch_reveal_weights { netuid, .. } + | SubtensorCall::commit_timelocked_weights { netuid, .. } => { + let (_, uid) = neuron_identity(origin, netuid)?; + Some(RateLimitUsageKey::::SubnetNeuron { netuid, uid }) + } + SubtensorCall::set_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::commit_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::reveal_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::commit_crv3_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::commit_timelocked_mechanism_weights { netuid, mecid, .. } => { + let (_, uid) = neuron_identity(origin, netuid)?; + Some(RateLimitUsageKey::::SubnetMechanismNeuron { + netuid, + mecid, + uid, + }) + } + SubtensorCall::serve_axon { netuid, .. } + | SubtensorCall::serve_axon_tls { netuid, .. } + | SubtensorCall::serve_prometheus { netuid, .. } => { + let hotkey = signed_origin(origin)?; + Some(RateLimitUsageKey::::AccountSubnet { + account: hotkey, + netuid: *netuid, + }) + } + SubtensorCall::associate_evm_key { netuid, .. } => { + let hotkey = signed_origin(origin)?; + let uid = pallet_subtensor::Pallet::::get_uid_for_net_and_hotkey( + *netuid, &hotkey, + ) + .ok()?; + Some(RateLimitUsageKey::::SubnetNeuron { + netuid: *netuid, + uid, + }) + } + SubtensorCall::add_stake { hotkey, netuid, .. } + | SubtensorCall::add_stake_limit { hotkey, netuid, .. } + | SubtensorCall::remove_stake { hotkey, netuid, .. } + | SubtensorCall::remove_stake_limit { hotkey, netuid, .. } + | SubtensorCall::remove_stake_full_limit { hotkey, netuid, .. } + | SubtensorCall::transfer_stake { + hotkey, + origin_netuid: netuid, + .. + } + | SubtensorCall::swap_stake { + hotkey, + origin_netuid: netuid, + .. + } + | SubtensorCall::swap_stake_limit { + hotkey, + origin_netuid: netuid, + .. + } + | SubtensorCall::move_stake { + origin_hotkey: hotkey, + origin_netuid: netuid, + .. + } + | SubtensorCall::recycle_alpha { hotkey, netuid, .. } + | SubtensorCall::burn_alpha { hotkey, netuid, .. } => { + let coldkey = signed_origin(origin)?; + Some(RateLimitUsageKey::::ColdkeyHotkeySubnet { + coldkey, + hotkey: hotkey.clone(), + netuid: *netuid, + }) + } + _ => None, + }, + RuntimeCall::AdminUtils(inner) => { + if let Some(netuid) = owner_hparam_netuid(inner) { + // Hyperparameter setters share a global span but are tracked per subnet. + Some(RateLimitUsageKey::::Subnet(netuid)) + } else { + match inner { + AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } + | AdminUtilsCall::sudo_set_mechanism_emission_split { netuid, .. } + | AdminUtilsCall::sudo_trim_to_max_allowed_uids { netuid, .. } => { + let who = signed_origin(origin)?; + Some(RateLimitUsageKey::::AccountSubnet { + account: who, + netuid: *netuid, + }) + } + _ => None, + } + } + } + _ => None, + } + } +} + +#[derive(Default)] +pub struct ScopeResolver; + +impl RateLimitScopeResolver + for ScopeResolver +{ + fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option { + match call { + RuntimeCall::SubtensorModule(inner) => match inner { + SubtensorCall::serve_axon { netuid, .. } + | SubtensorCall::serve_axon_tls { netuid, .. } + | SubtensorCall::serve_prometheus { netuid, .. } + | SubtensorCall::set_weights { netuid, .. } + | SubtensorCall::commit_weights { netuid, .. } + | SubtensorCall::reveal_weights { netuid, .. } + | SubtensorCall::batch_reveal_weights { netuid, .. } + | SubtensorCall::commit_timelocked_weights { netuid, .. } => { + Some(RateLimitScope::Subnet(*netuid)) + } + SubtensorCall::set_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::commit_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::reveal_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::commit_crv3_mechanism_weights { netuid, mecid, .. } + | SubtensorCall::commit_timelocked_mechanism_weights { netuid, mecid, .. } => { + Some(RateLimitScope::SubnetMechanism { + netuid: *netuid, + mecid: *mecid, + }) + } + _ => None, + }, + RuntimeCall::AdminUtils(inner) => { + if owner_hparam_netuid(inner).is_some() { + // Hyperparameter setters share a global limit span; usage is tracked per subnet. + None + } else { + admin_scope_netuid(inner).map(RateLimitScope::Subnet) + } + } + _ => None, + } + } + + fn should_bypass(origin: &RuntimeOrigin, _call: &RuntimeCall) -> bool { + matches!(origin.clone().into(), Ok(RawOrigin::Root)) + } + + fn adjust_span(_origin: &RuntimeOrigin, call: &RuntimeCall, span: BlockNumber) -> BlockNumber { + match call { + RuntimeCall::AdminUtils(inner) => { + if let Some(netuid) = owner_hparam_netuid(inner) { + tempo_scaled(netuid, span) + } else { + span + } + } + _ => span, + } + } +} From 69715be7c0d3b185c47812302b6563af7aedd58e Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Wed, 12 Nov 2025 20:00:37 +0300 Subject: [PATCH 23/46] Migrate pallet-subtensor's rate limiting to pallet-rate-limiting --- Cargo.lock | 1 + pallets/rate-limiting/src/lib.rs | 12 + pallets/subtensor/Cargo.toml | 2 + runtime/Cargo.toml | 2 +- runtime/src/rate_limiting/migration.rs | 733 ++++++++++++++++++ .../mod.rs} | 2 + 6 files changed, 751 insertions(+), 1 deletion(-) create mode 100644 runtime/src/rate_limiting/migration.rs rename runtime/src/{rate_limiting.rs => rate_limiting/mod.rs} (99%) diff --git a/Cargo.lock b/Cargo.lock index df6e2f9266..04686202fa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10757,6 +10757,7 @@ dependencies = [ "pallet-crowdloan", "pallet-drand", "pallet-preimage", + "pallet-rate-limiting", "pallet-scheduler", "pallet-subtensor-proxy", "pallet-subtensor-swap", diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 54dd54f5f2..d823a94cd5 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -393,6 +393,18 @@ pub mod pallet { true } + /// Inserts or updates the cached usage timestamp for a rate-limited call. + /// + /// This is primarily intended for migrations that need to hydrate the new tracking storage + /// from legacy pallets. + pub fn record_last_seen( + identifier: &TransactionIdentifier, + usage_key: Option<>::UsageKey>, + block_number: BlockNumberFor, + ) { + LastSeen::::insert(identifier, usage_key, block_number); + } + /// Migrates a stored rate limit configuration from one scope to another. /// /// Returns `true` when an entry was moved. Passing identical `from`/`to` scopes simply diff --git a/pallets/subtensor/Cargo.toml b/pallets/subtensor/Cargo.toml index fdd5e5f9ab..3cde2ee24b 100644 --- a/pallets/subtensor/Cargo.toml +++ b/pallets/subtensor/Cargo.toml @@ -55,6 +55,7 @@ sha2.workspace = true rand_chacha.workspace = true pallet-crowdloan.workspace = true pallet-subtensor-proxy.workspace = true +pallet-rate-limiting.workspace = true [dev-dependencies] pallet-balances = { workspace = true, features = ["std"] } @@ -112,6 +113,7 @@ std = [ "pallet-crowdloan/std", "pallet-drand/std", "pallet-subtensor-proxy/std", + "pallet-rate-limiting/std", "pallet-subtensor-swap/std", "subtensor-swap-interface/std", "pallet-subtensor-utility/std", diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index b363eb4f5f..5d40215c49 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -53,6 +53,7 @@ sp-inherents.workspace = true sp-offchain.workspace = true sp-runtime.workspace = true sp-session.workspace = true +sp-io.workspace = true sp-std.workspace = true sp-transaction-pool.workspace = true sp-version.workspace = true @@ -154,7 +155,6 @@ ethereum.workspace = true [dev-dependencies] frame-metadata.workspace = true -sp-io.workspace = true sp-tracing.workspace = true [build-dependencies] diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs new file mode 100644 index 0000000000..243c43b7ea --- /dev/null +++ b/runtime/src/rate_limiting/migration.rs @@ -0,0 +1,733 @@ +use core::convert::TryFrom; + +use codec::Encode; +use frame_support::{pallet_prelude::Parameter, traits::Get, weights::Weight}; +use frame_system::pallet_prelude::BlockNumberFor; +use log::info; +use pallet_rate_limiting::{RateLimit, RateLimitKind, TransactionIdentifier}; +use sp_io::{ + hashing::{blake2_128, twox_128}, + storage, +}; +use sp_runtime::traits::SaturatedConversion; +use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; +use subtensor_runtime_common::{MechId, NetUid, RateLimitScope, RateLimitUsageKey}; + +use pallet_subtensor::{ + self, + utils::rate_limiting::{Hyperparameter, TransactionType}, + AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, LastRateLimitedBlock, + LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountCurrent, MechanismCountSetRateLimit, + MechanismEmissionRateLimit, NetworkRateLimit, OwnerHyperparamRateLimit, Pallet, Prometheus, + RateLimitKey, TransactionKeyLastBlock, TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, + TxRateLimit, WeightsVersionKeyRateLimit, +}; + +/// Pallet index assigned to `pallet_subtensor` in `construct_runtime!`. +const SUBTENSOR_PALLET_INDEX: u8 = 7; +/// Pallet index assigned to `pallet_admin_utils` in `construct_runtime!`. +const ADMIN_UTILS_PALLET_INDEX: u8 = 19; + +/// Marker stored in `HasMigrationRun` once the migration finishes. +const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; + +/// `set_children` is rate-limited to once every 150 blocks. +const SET_CHILDREN_RATE_LIMIT: u64 = 150; +/// `set_sn_owner_hotkey` default interval (blocks). +const DEFAULT_SET_SN_OWNER_HOTKEY_LIMIT: u64 = 50_400; + +/// Subtensor call indices that reuse the serving rate-limit configuration. +/// TODO(grouped-rate-limits): `serve_axon` (4), `serve_axon_tls` (40), and +/// `serve_prometheus` (5) share one cooldown today. The new pallet still misses +/// grouped identifiers, so we simply port the timers as-is. +const SERVE_CALLS: [u8; 3] = [4, 40, 5]; +/// Subtensor call indices that reuse the per-subnet weight limit. +/// TODO(grouped-rate-limits): Weight commits via call 100 still touch the same +/// `LastUpdate` entries but cannot be expressed here until grouping exists. +const WEIGHT_CALLS_SUBNET: [u8; 3] = [0, 96, 113]; +/// Subtensor call indices that reuse the per-mechanism weight limit. +const WEIGHT_CALLS_MECHANISM: [u8; 4] = [119, 115, 117, 118]; +/// Subtensor call indices for register-network extrinsics. +/// TODO(grouped-rate-limits): `register_network` (59) and +/// `register_network_with_identity` (79) still share the same helper and should +/// remain grouped once pallet-rate-limiting supports aliases. +const REGISTER_NETWORK_CALLS: [u8; 2] = [59, 79]; + +/// Hyperparameter extrinsics routed through owner-or-root rate limiting. +const HYPERPARAMETERS: &[Hyperparameter] = &[ + Hyperparameter::ServingRateLimit, + Hyperparameter::MaxDifficulty, + Hyperparameter::AdjustmentAlpha, + Hyperparameter::ImmunityPeriod, + Hyperparameter::MinAllowedWeights, + Hyperparameter::MaxAllowedUids, + Hyperparameter::Kappa, + Hyperparameter::Rho, + Hyperparameter::ActivityCutoff, + Hyperparameter::PowRegistrationAllowed, + Hyperparameter::MinBurn, + Hyperparameter::MaxBurn, + Hyperparameter::BondsMovingAverage, + Hyperparameter::BondsPenalty, + Hyperparameter::CommitRevealEnabled, + Hyperparameter::LiquidAlphaEnabled, + Hyperparameter::AlphaValues, + Hyperparameter::WeightCommitInterval, + Hyperparameter::TransferEnabled, + Hyperparameter::AlphaSigmoidSteepness, + Hyperparameter::Yuma3Enabled, + Hyperparameter::BondsResetEnabled, + Hyperparameter::ImmuneNeuronLimit, + Hyperparameter::RecycleOrBurn, +]; + +type RateLimitConfigOf = RateLimit>; +type LimitEntries = Vec<(TransactionIdentifier, RateLimitConfigOf)>; +type LastSeenKey = ( + TransactionIdentifier, + Option::AccountId>>, +); +type LastSeenEntries = Vec<(LastSeenKey, BlockNumberFor)>; + +pub fn migrate_rate_limiting() -> Weight { + let mut weight = T::DbWeight::get().reads(1); + if HasMigrationRun::::get(MIGRATION_NAME) { + info!("Rate-limiting migration already executed. Skipping."); + return weight; + } + + let (limits, limit_reads) = build_limits::(); + let (last_seen, seen_reads) = build_last_seen::(); + + let limit_writes = write_limits::(&limits); + let seen_writes = write_last_seen::(&last_seen); + + HasMigrationRun::::insert(MIGRATION_NAME, true); + + weight = weight + .saturating_add(T::DbWeight::get().reads(limit_reads.saturating_add(seen_reads))) + .saturating_add( + T::DbWeight::get().writes(limit_writes.saturating_add(seen_writes).saturating_add(1)), + ); + + info!( + "Migrated {} rate-limit configs and {} last-seen entries into pallet-rate-limiting", + limits.len(), + last_seen.len() + ); + + weight +} + +fn build_limits() -> (LimitEntries, u64) { + let mut limits = LimitEntries::::new(); + let mut reads: u64 = 0; + + reads += gather_simple_limits::(&mut limits); + reads += gather_owner_hparam_limits::(&mut limits); + reads += gather_serving_limits::(&mut limits); + reads += gather_weight_limits::(&mut limits); + + (limits, reads) +} + +fn gather_simple_limits(limits: &mut LimitEntries) -> u64 { + let mut reads: u64 = 0; + + reads += 1; + if let Some(span) = block_number::(TxRateLimit::::get()) { + set_global_limit::(limits, subtensor_identifier(70), span); + } + + reads += 1; + if let Some(span) = block_number::(TxDelegateTakeRateLimit::::get()) { + // TODO(grouped-rate-limits): `decrease_take` shares the same timestamp but + // does not have its own ID here yet. + set_global_limit::(limits, subtensor_identifier(66), span); + } + + reads += 1; + if let Some(span) = block_number::(TxChildkeyTakeRateLimit::::get()) { + set_global_limit::(limits, subtensor_identifier(75), span); + } + + reads += 1; + if let Some(span) = block_number::(NetworkRateLimit::::get()) { + for call in REGISTER_NETWORK_CALLS { + set_global_limit::(limits, subtensor_identifier(call), span); + } + } + + reads += 1; + if let Some(span) = block_number::(WeightsVersionKeyRateLimit::::get()) { + set_global_limit::(limits, admin_utils_identifier(6), span); + } + + if let Some(span) = block_number::(DEFAULT_SET_SN_OWNER_HOTKEY_LIMIT) { + set_global_limit::(limits, admin_utils_identifier(67), span); + } + + if let Some(span) = block_number::(::EvmKeyAssociateRateLimit::get()) { + set_global_limit::(limits, subtensor_identifier(93), span); + } + + if let Some(span) = block_number::(MechanismCountSetRateLimit::::get()) { + set_global_limit::(limits, admin_utils_identifier(76), span); + } + + if let Some(span) = block_number::(MechanismEmissionRateLimit::::get()) { + set_global_limit::(limits, admin_utils_identifier(77), span); + } + + if let Some(span) = block_number::(MaxUidsTrimmingRateLimit::::get()) { + set_global_limit::(limits, admin_utils_identifier(78), span); + } + + if let Some(span) = block_number::(SET_CHILDREN_RATE_LIMIT) { + set_global_limit::(limits, subtensor_identifier(67), span); + } + + reads +} + +fn gather_owner_hparam_limits(limits: &mut LimitEntries) -> u64 { + let mut reads: u64 = 0; + + reads += 1; + if let Some(span) = block_number::(u64::from(OwnerHyperparamRateLimit::::get())) { + for hparam in HYPERPARAMETERS { + if let Some(identifier) = identifier_for_hyperparameter(*hparam) { + set_global_limit::(limits, identifier, span); + } + } + } + + reads +} + +fn gather_serving_limits(limits: &mut LimitEntries) -> u64 { + let mut reads: u64 = 0; + let netuids = Pallet::::get_all_subnet_netuids(); + + for netuid in netuids { + reads += 1; + if let Some(span) = block_number::(Pallet::::get_serving_rate_limit(netuid)) { + for call in SERVE_CALLS { + set_scoped_limit::( + limits, + subtensor_identifier(call), + RateLimitScope::Subnet(netuid), + span, + ); + } + } + } + + reads +} + +fn gather_weight_limits(limits: &mut LimitEntries) -> u64 { + let mut reads: u64 = 0; + let netuids = Pallet::::get_all_subnet_netuids(); + + let mut subnet_limits = BTreeMap::>::new(); + for netuid in &netuids { + reads += 1; + if let Some(span) = block_number::(Pallet::::get_weights_set_rate_limit(*netuid)) { + subnet_limits.insert(*netuid, span); + for call in WEIGHT_CALLS_SUBNET { + set_scoped_limit::( + limits, + subtensor_identifier(call), + RateLimitScope::Subnet(*netuid), + span, + ); + } + } + } + + for netuid in &netuids { + reads += 1; + let mech_count: u8 = MechanismCountCurrent::::get(*netuid).into(); + if mech_count <= 1 { + continue; + } + let Some(span) = subnet_limits.get(netuid).copied() else { + continue; + }; + for mecid in 1..mech_count { + let scope = RateLimitScope::SubnetMechanism { + netuid: *netuid, + mecid: MechId::from(mecid), + }; + for call in WEIGHT_CALLS_MECHANISM { + set_scoped_limit::(limits, subtensor_identifier(call), scope.clone(), span); + } + } + } + + reads +} + +fn build_last_seen() -> (LastSeenEntries, u64) { + let mut last_seen = LastSeenEntries::::new(); + let mut reads: u64 = 0; + + reads += import_last_rate_limited_blocks::(&mut last_seen); + reads += import_transaction_key_last_blocks::(&mut last_seen); + reads += import_last_update_entries::(&mut last_seen); + reads += import_serving_entries::(&mut last_seen); + reads += import_evm_entries::(&mut last_seen); + + (last_seen, reads) +} + +fn import_last_rate_limited_blocks(entries: &mut LastSeenEntries) -> u64 { + let mut reads: u64 = 0; + for (key, block) in LastRateLimitedBlock::::iter() { + reads += 1; + if block == 0 { + continue; + } + match key { + RateLimitKey::SetSNOwnerHotkey(netuid) => { + if let Some(identifier) = + identifier_for_transaction_type(TransactionType::SetSNOwnerHotkey) + { + record_last_seen_entry::( + entries, + identifier, + Some(RateLimitUsageKey::Subnet(netuid)), + block, + ); + } + } + RateLimitKey::OwnerHyperparamUpdate(netuid, hyper) => { + if let Some(identifier) = identifier_for_hyperparameter(hyper) { + record_last_seen_entry::( + entries, + identifier, + Some(RateLimitUsageKey::Subnet(netuid)), + block, + ); + } + } + RateLimitKey::LastTxBlock(account) => { + record_last_seen_entry::( + entries, + subtensor_identifier(70), + Some(RateLimitUsageKey::Account(account.clone())), + block, + ); + } + RateLimitKey::LastTxBlockDelegateTake(account) => { + record_last_seen_entry::( + entries, + subtensor_identifier(66), + Some(RateLimitUsageKey::Account(account.clone())), + block, + ); + } + RateLimitKey::NetworkLastRegistered | RateLimitKey::LastTxBlockChildKeyTake(_) => { + // TODO(grouped-rate-limits): Global network registration lock is still outside + // pallet-rate-limiting. We will migrate it once grouped identifiers land. + } + } + } + reads +} + +fn import_transaction_key_last_blocks(entries: &mut LastSeenEntries) -> u64 { + let mut reads: u64 = 0; + for ((account, netuid, tx_kind), block) in TransactionKeyLastBlock::::iter() { + reads += 1; + if block == 0 { + continue; + } + let tx_type = TransactionType::from(tx_kind); + let Some(identifier) = identifier_for_transaction_type(tx_type) else { + continue; + }; + let Some(usage) = usage_key_from_transaction_type(tx_type, &account, netuid) else { + continue; + }; + record_last_seen_entry::(entries, identifier, Some(usage), block); + } + reads +} + +fn import_last_update_entries(entries: &mut LastSeenEntries) -> u64 { + let mut reads: u64 = 0; + for (index, blocks) in LastUpdate::::iter() { + reads += 1; + let netuid = Pallet::::get_netuid(index); + let sub_id = u16::from(index) + .checked_div(pallet_subtensor::subnets::mechanism::GLOBAL_MAX_SUBNET_COUNT) + .unwrap_or_default(); + let is_mechanism = sub_id != 0; + let Ok(sub_id) = u8::try_from(sub_id) else { + continue; + }; + let mecid = MechId::from(sub_id); + + for (uid, last_block) in blocks.into_iter().enumerate() { + if last_block == 0 { + continue; + } + let Ok(uid_u16) = u16::try_from(uid) else { + continue; + }; + let usage = if is_mechanism { + RateLimitUsageKey::SubnetMechanismNeuron { + netuid, + mecid, + uid: uid_u16, + } + } else { + RateLimitUsageKey::SubnetNeuron { + netuid, + uid: uid_u16, + } + }; + + let call_set: &[u8] = if is_mechanism { + &WEIGHT_CALLS_MECHANISM + } else { + &WEIGHT_CALLS_SUBNET + }; + + for call in call_set { + record_last_seen_entry::( + entries, + subtensor_identifier(*call), + Some(usage.clone()), + last_block, + ); + } + } + } + reads +} + +fn import_serving_entries(entries: &mut LastSeenEntries) -> u64 { + let mut reads: u64 = 0; + for (netuid, hotkey, axon) in Axons::::iter() { + reads += 1; + if axon.block == 0 { + continue; + } + let usage = RateLimitUsageKey::AccountSubnet { + account: hotkey.clone(), + netuid, + }; + for call in [4u8, 40u8] { + record_last_seen_entry::( + entries, + subtensor_identifier(call), + Some(usage.clone()), + axon.block, + ); + } + } + + for (netuid, hotkey, prom) in Prometheus::::iter() { + reads += 1; + if prom.block == 0 { + continue; + } + let usage = RateLimitUsageKey::AccountSubnet { + account: hotkey, + netuid, + }; + record_last_seen_entry::(entries, subtensor_identifier(5), Some(usage), prom.block); + } + + reads +} + +fn import_evm_entries(entries: &mut LastSeenEntries) -> u64 { + let mut reads: u64 = 0; + for (netuid, uid, (_, block)) in AssociatedEvmAddress::::iter() { + reads += 1; + if block == 0 { + continue; + } + record_last_seen_entry::( + entries, + subtensor_identifier(93), + Some(RateLimitUsageKey::SubnetNeuron { netuid, uid }), + block, + ); + } + reads +} + +/// TODO(rate-limiting-storage): Swap these manual writes for +/// `pallet_rate_limiting::Pallet` APIs once the runtime wires the pallet in. +fn write_limits(limits: &LimitEntries) -> u64 { + if limits.is_empty() { + return 0; + } + let prefix = storage_prefix("RateLimiting", "Limits"); + let mut writes = 0; + for (identifier, limit) in limits.iter() { + let key = map_storage_key(&prefix, identifier); + storage::set(&key, &limit.encode()); + writes += 1; + } + writes +} + +fn write_last_seen(entries: &LastSeenEntries) -> u64 { + if entries.is_empty() { + return 0; + } + let prefix = storage_prefix("RateLimiting", "LastSeen"); + let mut writes = 0; + for ((identifier, usage), block) in entries.iter() { + let key = double_map_storage_key(&prefix, identifier, usage); + storage::set(&key, &block.encode()); + writes += 1; + } + writes +} + +fn block_number(value: u64) -> Option> { + if value == 0 { + return None; + } + Some(value.saturated_into::>()) +} + +fn set_global_limit( + limits: &mut LimitEntries, + identifier: TransactionIdentifier, + span: BlockNumberFor, +) { + if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == identifier) { + *config = RateLimit::global(RateLimitKind::Exact(span)); + } else { + limits.push((identifier, RateLimit::global(RateLimitKind::Exact(span)))); + } +} + +fn set_scoped_limit( + limits: &mut LimitEntries, + identifier: TransactionIdentifier, + scope: RateLimitScope, + span: BlockNumberFor, +) { + if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == identifier) { + match config { + RateLimit::Global(_) => { + *config = RateLimit::scoped_single(scope, RateLimitKind::Exact(span)); + } + RateLimit::Scoped(map) => { + map.insert(scope, RateLimitKind::Exact(span)); + } + } + } else { + limits.push(( + identifier, + RateLimit::scoped_single(scope, RateLimitKind::Exact(span)), + )); + } +} + +fn record_last_seen_entry( + entries: &mut LastSeenEntries, + identifier: TransactionIdentifier, + usage: Option>, + block: u64, +) { + let Some(block_number) = block_number::(block) else { + return; + }; + + let key = (identifier, usage); + if let Some((_, existing)) = entries.iter_mut().find(|(entry_key, _)| *entry_key == key) { + if block_number > *existing { + *existing = block_number; + } + } else { + entries.push((key, block_number)); + } +} + +fn storage_prefix(pallet: &str, storage: &str) -> Vec { + let mut out = Vec::with_capacity(32); + out.extend_from_slice(&twox_128(pallet.as_bytes())); + out.extend_from_slice(&twox_128(storage.as_bytes())); + out +} + +fn map_storage_key(prefix: &[u8], key: impl Encode) -> Vec { + let mut final_key = Vec::with_capacity(prefix.len() + 32); + final_key.extend_from_slice(prefix); + let encoded = key.encode(); + let hash = blake2_128(&encoded); + final_key.extend_from_slice(&hash); + final_key.extend_from_slice(&encoded); + final_key +} + +fn double_map_storage_key(prefix: &[u8], key1: impl Encode, key2: impl Encode) -> Vec { + let mut final_key = Vec::with_capacity(prefix.len() + 64); + final_key.extend_from_slice(prefix); + let first = map_storage_key(&[], key1); + final_key.extend_from_slice(&first); + let second = map_storage_key(&[], key2); + final_key.extend_from_slice(&second); + final_key +} + +const fn admin_utils_identifier(call_index: u8) -> TransactionIdentifier { + TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, call_index) +} + +const fn subtensor_identifier(call_index: u8) -> TransactionIdentifier { + TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, call_index) +} + +/// Returns the `TransactionIdentifier` for the admin-utils extrinsic that controls `hparam`. +/// +/// Only hyperparameters that are currently rate-limited (i.e. routed through +/// `ensure_sn_owner_or_root_with_limits`) are mapped; others return `None`. +pub fn identifier_for_hyperparameter(hparam: Hyperparameter) -> Option { + use Hyperparameter::*; + + let identifier = match hparam { + Unknown | MaxWeightLimit => return None, + ServingRateLimit => admin_utils_identifier(3), + MaxDifficulty => admin_utils_identifier(5), + AdjustmentAlpha => admin_utils_identifier(9), + ImmunityPeriod => admin_utils_identifier(13), + MinAllowedWeights => admin_utils_identifier(14), + MaxAllowedUids => admin_utils_identifier(15), + Kappa => admin_utils_identifier(16), + Rho => admin_utils_identifier(17), + ActivityCutoff => admin_utils_identifier(18), + PowRegistrationAllowed => admin_utils_identifier(20), + MinBurn => admin_utils_identifier(22), + MaxBurn => admin_utils_identifier(23), + BondsMovingAverage => admin_utils_identifier(26), + BondsPenalty => admin_utils_identifier(60), + CommitRevealEnabled => admin_utils_identifier(49), + LiquidAlphaEnabled => admin_utils_identifier(50), + AlphaValues => admin_utils_identifier(51), + WeightCommitInterval => admin_utils_identifier(57), + TransferEnabled => admin_utils_identifier(61), + AlphaSigmoidSteepness => admin_utils_identifier(68), + Yuma3Enabled => admin_utils_identifier(69), + BondsResetEnabled => admin_utils_identifier(70), + ImmuneNeuronLimit => admin_utils_identifier(72), + RecycleOrBurn => admin_utils_identifier(80), + _ => return None, + }; + + Some(identifier) +} + +/// Returns the `TransactionIdentifier` for the extrinsic associated with the given transaction +/// type, mirroring current rate-limit enforcement. +pub fn identifier_for_transaction_type(tx: TransactionType) -> Option { + use TransactionType::*; + + let identifier = match tx { + SetChildren => subtensor_identifier(67), + SetChildkeyTake => subtensor_identifier(75), + RegisterNetwork => subtensor_identifier(59), + SetWeightsVersionKey => admin_utils_identifier(6), + SetSNOwnerHotkey => admin_utils_identifier(67), + OwnerHyperparamUpdate(hparam) => return identifier_for_hyperparameter(hparam), + MechanismCountUpdate => admin_utils_identifier(76), + MechanismEmission => admin_utils_identifier(77), + MaxUidsTrimming => admin_utils_identifier(78), + Unknown => return None, + _ => return None, + }; + + Some(identifier) +} + +/// Maps legacy `RateLimitKey` entries to the new usage-key representation. +pub fn usage_key_from_legacy_key( + key: &RateLimitKey, +) -> Option> +where + AccountId: Parameter + Clone, +{ + match key { + RateLimitKey::SetSNOwnerHotkey(netuid) => Some(RateLimitUsageKey::Subnet(*netuid)), + RateLimitKey::OwnerHyperparamUpdate(netuid, _) => Some(RateLimitUsageKey::Subnet(*netuid)), + RateLimitKey::NetworkLastRegistered => None, + RateLimitKey::LastTxBlock(account) + | RateLimitKey::LastTxBlockChildKeyTake(account) + | RateLimitKey::LastTxBlockDelegateTake(account) => { + Some(RateLimitUsageKey::Account(account.clone())) + } + } +} + +/// Produces the usage key for a `TransactionType` that was stored in `TransactionKeyLastBlock`. +pub fn usage_key_from_transaction_type( + tx: TransactionType, + account: &AccountId, + netuid: NetUid, +) -> Option> +where + AccountId: Parameter + Clone, +{ + match tx { + TransactionType::SetChildren | TransactionType::SetChildkeyTake => { + Some(RateLimitUsageKey::AccountSubnet { + account: account.clone(), + netuid, + }) + } + TransactionType::SetWeightsVersionKey => Some(RateLimitUsageKey::Subnet(netuid)), + TransactionType::MechanismCountUpdate + | TransactionType::MechanismEmission + | TransactionType::MaxUidsTrimming => Some(RateLimitUsageKey::AccountSubnet { + account: account.clone(), + netuid, + }), + TransactionType::OwnerHyperparamUpdate(_) => Some(RateLimitUsageKey::Subnet(netuid)), + TransactionType::RegisterNetwork => Some(RateLimitUsageKey::Account(account.clone())), + TransactionType::SetSNOwnerHotkey => Some(RateLimitUsageKey::Subnet(netuid)), + TransactionType::Unknown => None, + _ => None, + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn maps_hyperparameters() { + assert_eq!( + identifier_for_hyperparameter(Hyperparameter::ServingRateLimit), + Some(admin_utils_identifier(3)) + ); + assert!(identifier_for_hyperparameter(Hyperparameter::MaxWeightLimit).is_none()); + } + + #[test] + fn maps_transaction_types() { + assert_eq!( + identifier_for_transaction_type(TransactionType::SetChildren), + Some(subtensor_identifier(67)) + ); + assert!(identifier_for_transaction_type(TransactionType::Unknown).is_none()); + } + + #[test] + fn maps_usage_keys() { + let acct = 42u64; + assert!(matches!( + usage_key_from_legacy_key(&RateLimitKey::LastTxBlock(acct)), + Some(RateLimitUsageKey::Account(42)) + )); + } +} diff --git a/runtime/src/rate_limiting.rs b/runtime/src/rate_limiting/mod.rs similarity index 99% rename from runtime/src/rate_limiting.rs rename to runtime/src/rate_limiting/mod.rs index 019cdcd458..713c8bacf6 100644 --- a/runtime/src/rate_limiting.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -6,6 +6,8 @@ use subtensor_runtime_common::{BlockNumber, NetUid, RateLimitScope, RateLimitUsa use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; +pub(crate) mod migration; + fn signed_origin(origin: &RuntimeOrigin) -> Option { match origin.clone().into() { Ok(RawOrigin::Signed(who)) => Some(who), From 821f1ff5ebce853d040c4c9acfdb5735ba29c1bc Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Wed, 19 Nov 2025 16:07:37 +0300 Subject: [PATCH 24/46] Add grouped targets for pallet-rate-limiting --- pallets/rate-limiting/src/benchmarking.rs | 161 +++- pallets/rate-limiting/src/lib.rs | 822 +++++++++++++++---- pallets/rate-limiting/src/mock.rs | 8 +- pallets/rate-limiting/src/tests.rs | 928 ++++++++++++---------- pallets/rate-limiting/src/tx_extension.rs | 163 +++- pallets/rate-limiting/src/types.rs | 108 ++- runtime/src/rate_limiting/migration.rs | 29 +- 7 files changed, 1525 insertions(+), 694 deletions(-) diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index 2d700a4ef6..23dfecec85 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -5,7 +5,7 @@ use codec::Decode; use frame_benchmarking::v2::*; use frame_system::{RawOrigin, pallet_prelude::BlockNumberFor}; -use sp_runtime::traits::DispatchOriginOf; +use sp_runtime::traits::{One, Saturating}; use super::*; @@ -29,59 +29,144 @@ where Box::new(T::BenchmarkHelper::sample_call()) } +fn seed_group(name: &[u8], sharing: GroupSharing) -> ::GroupId { + Pallet::::create_group(RawOrigin::Root.into(), name.to_vec(), sharing) + .expect("group created"); + Pallet::::next_group_id().saturating_sub(::GroupId::one()) +} + +fn register_call_with_group( + group: Option<::GroupId>, +) -> TransactionIdentifier { + let call = sample_call::(); + let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("id"); + Pallet::::register_call(RawOrigin::Root.into(), call, group).expect("registered"); + identifier +} + #[benchmarks] mod benchmarks { use super::*; + use sp_std::vec::Vec; #[benchmark] - fn set_rate_limit() { + fn register_call() { let call = sample_call::(); - let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); - let origin = T::RuntimeOrigin::from(RawOrigin::Root); - let resolver_origin: DispatchOriginOf<::RuntimeCall> = - Into::::RuntimeCall>>::into(origin.clone()); - let scope = ::LimitScopeResolver::context(&resolver_origin, call.as_ref()); - let identifier = - TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); + let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("id"); + let target = RateLimitTarget::Transaction(identifier); #[extrinsic_call] - _(RawOrigin::Root, call, limit.clone()); - - let stored = Limits::::get(&identifier).expect("limit stored"); - match (scope, &stored) { - (Some(ref sc), RateLimit::Scoped(map)) => { - assert_eq!(map.get(sc), Some(&limit)); - } - (None, RateLimit::Global(kind)) | (Some(_), RateLimit::Global(kind)) => { - assert_eq!(kind, &limit); - } - (None, RateLimit::Scoped(map)) => { - assert!(map.values().any(|k| k == &limit)); - } - } + _(RawOrigin::Root, call, None); + + assert!(Limits::::contains_key(target)); } #[benchmark] - fn clear_rate_limit() { + fn set_rate_limit() { let call = sample_call::(); + let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("id"); + let target = RateLimitTarget::Transaction(identifier); + Limits::::insert(target, RateLimit::global(RateLimitKind::Default)); + let limit = RateLimitKind::>::Exact(BlockNumberFor::::from(10u32)); - let origin = T::RuntimeOrigin::from(RawOrigin::Root); - let resolver_origin: DispatchOriginOf<::RuntimeCall> = - Into::::RuntimeCall>>::into(origin.clone()); - let scope = ::LimitScopeResolver::context(&resolver_origin, call.as_ref()); - - // Pre-populate limit for benchmark call - let identifier = - TransactionIdentifier::from_call::(call.as_ref()).expect("identifier"); - match scope.clone() { - Some(sc) => Limits::::insert(identifier, RateLimit::scoped_single(sc, limit)), - None => Limits::::insert(identifier, RateLimit::global(limit)), - } #[extrinsic_call] - _(RawOrigin::Root, call); + _(RawOrigin::Root, target, None, limit); + + let stored = Limits::::get(target).expect("limit stored"); + assert!( + matches!(stored, RateLimit::Global(RateLimitKind::Exact(span)) if span == BlockNumberFor::::from(10u32)) + ); + } + + #[benchmark] + fn assign_call_to_group() { + let group = seed_group::(b"grp", GroupSharing::UsageOnly); + let identifier = register_call_with_group::(None); + + #[extrinsic_call] + _(RawOrigin::Root, identifier, group); + + assert_eq!(CallGroups::::get(identifier), Some(group)); + assert!(GroupMembers::::get(group).contains(&identifier)); + } + + #[benchmark] + fn remove_call_from_group() { + let group = seed_group::(b"team", GroupSharing::ConfigOnly); + let identifier = register_call_with_group::(Some(group)); + + #[extrinsic_call] + _(RawOrigin::Root, identifier); + + assert!(CallGroups::::get(identifier).is_none()); + assert!(!GroupMembers::::get(group).contains(&identifier)); + } + + #[benchmark] + fn create_group() { + let name = b"bench".to_vec(); + let sharing = GroupSharing::ConfigAndUsage; + + #[extrinsic_call] + _(RawOrigin::Root, name.clone(), sharing); + + let group = Pallet::::next_group_id().saturating_sub(::GroupId::one()); + let details = Groups::::get(group).expect("group stored"); + let stored: Vec = details.name.into(); + assert_eq!(stored, name); + assert_eq!(details.sharing, sharing); + } + + #[benchmark] + fn update_group() { + let group = seed_group::(b"old", GroupSharing::UsageOnly); + let new_name = b"new".to_vec(); + let new_sharing = GroupSharing::ConfigAndUsage; + + #[extrinsic_call] + _( + RawOrigin::Root, + group, + Some(new_name.clone()), + Some(new_sharing), + ); + + let details = Groups::::get(group).expect("group exists"); + let stored: Vec = details.name.into(); + assert_eq!(stored, new_name); + assert_eq!(details.sharing, new_sharing); + } + + #[benchmark] + fn delete_group() { + let group = seed_group::(b"delete", GroupSharing::UsageOnly); + + #[extrinsic_call] + _(RawOrigin::Root, group); + + assert!(Groups::::get(group).is_none()); + } + + #[benchmark] + fn deregister_call() { + let group = seed_group::(b"dreg", GroupSharing::ConfigAndUsage); + let identifier = register_call_with_group::(Some(group)); + let target = RateLimitTarget::Transaction(identifier); + let usage_target = Pallet::::usage_target(&identifier).expect("usage target"); + LastSeen::::insert( + usage_target, + None::, + BlockNumberFor::::from(1u32), + ); + + #[extrinsic_call] + _(RawOrigin::Root, identifier, None, true); - assert!(Limits::::get(identifier).is_none()); + assert!(Limits::::get(target).is_none()); + assert!(LastSeen::::get(usage_target, None::).is_none()); + assert!(CallGroups::::get(identifier).is_none()); + assert!(!GroupMembers::::get(group).contains(&identifier)); } #[benchmark] diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index d823a94cd5..2782e32cd0 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -5,26 +5,38 @@ //! # Overview //! //! `pallet-rate-limiting` lets a runtime restrict how frequently particular calls can execute. -//! Limits are stored on-chain, keyed by the call's pallet/variant pair. Each entry can specify an -//! exact block span or defer to a configured default. The pallet exposes three extrinsics, -//! restricted by [`Config::AdminOrigin`], to manage this data: +//! Limits are stored on-chain, keyed by explicit [`RateLimitTarget`] values. A target is either a +//! single [`TransactionIdentifier`] (the pallet/extrinsic indices) or a named *group* managed by the +//! admin APIs. Groups provide a way to give multiple calls the same configuration and/or usage +//! tracking without duplicating storage. Each target entry stores either a global span or a set of +//! scoped spans resolved at runtime. The pallet exposes a handful of extrinsics, restricted by +//! [`Config::AdminOrigin`], to manage this data: //! -//! - [`set_rate_limit`](pallet::Pallet::set_rate_limit): assign a limit to an extrinsic by -//! supplying a [`RateLimitKind`] span. The pallet infers the *limit scope* (for example a -//! `netuid`) using [`Config::LimitScopeResolver`] and stores the configuration for that scope, or -//! globally when no scope is resolved. -//! - [`clear_rate_limit`](pallet::Pallet::clear_rate_limit): remove a stored limit for the scope -//! derived from the provided call (or the global entry when no scope resolves). +//! - [`register_call`](pallet::Pallet::register_call): register a call for rate limiting, seed its +//! initial configuration using [`Config::LimitScopeResolver`], and optionally place it into a +//! group. +//! - [`set_rate_limit`](pallet::Pallet::set_rate_limit): assign or override the limit at a specific +//! target/scope by supplying a [`RateLimitKind`] span. +//! - [`assign_call_to_group`](pallet::Pallet::assign_call_to_group) and +//! [`remove_call_from_group`](pallet::Pallet::remove_call_from_group): manage group membership for +//! registered calls. +//! - [`deregister_call`](pallet::Pallet::deregister_call): remove scoped configuration or wipe the +//! registration entirely. //! - [`set_default_rate_limit`](pallet::Pallet::set_default_rate_limit): set the global default //! block span used by `RateLimitKind::Default` entries. //! -//! The pallet also tracks the last block in which a rate-limited call was executed, per optional -//! *usage key*. A usage key may refine tracking beyond the limit scope (for example combining a -//! `netuid` with a hyperparameter name), so the two concepts are explicitly separated in the -//! configuration. +//! The pallet also tracks the last block in which a target was observed, per optional *usage key*. +//! A usage key may refine tracking beyond the limit scope (for example combining a `netuid` with a +//! hyperparameter), so the two concepts are explicitly separated in the configuration. When the +//! admin puts several calls into a group and marks usage as shared, each dispatch still runs the +//! resolver: the group only chooses the storage target, while the resolver output (or `None`) picks +//! the row under that target. Calls that resolve to the same usage key update the same timestamp; +//! calls that resolve to different keys keep isolated timers even when they share a group. The same +//! rule applies to limit scopes—grouping funnels configuration into the same target, but the scope +//! resolver decides whether that entry is global or per-context. //! //! Each storage map is namespaced by pallet instance; runtimes can deploy multiple independent -//! instances to manage distinct rate-limiting scopes. +//! instances to manage distinct rate-limiting scopes (in the global sense). //! //! # Transaction extension //! @@ -57,7 +69,11 @@ //! //! Each resolver receives the origin and call and may return `Some(identifier)` when scoping is //! required, or `None` to use the global entry. Extrinsics such as -//! [`set_rate_limit`](pallet::Pallet::set_rate_limit) automatically consult these resolvers. +//! [`set_rate_limit`](pallet::Pallet::set_rate_limit) automatically consult these resolvers. When a +//! call belongs to a group the pallet still runs the resolver—instead of indexing storage at the +//! transaction-level target, it indexes at the group target. Resolving to different contexts keeps +//! independent limit/usage rows even though the calls share a group; resolving to the same context +//! causes them to share enforcement state. //! //! ```ignore //! pub struct WeightsContextResolver; @@ -122,7 +138,8 @@ pub use benchmarking::BenchmarkHelper; pub use pallet::*; pub use tx_extension::RateLimitTransactionExtension; pub use types::{ - RateLimit, RateLimitKind, RateLimitScopeResolver, RateLimitUsageResolver, TransactionIdentifier, + GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitScopeResolver, + RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, }; #[cfg(feature = "runtime-benchmarks")] @@ -140,20 +157,28 @@ mod tests; pub mod pallet { use codec::Codec; use frame_support::{ + BoundedBTreeSet, BoundedVec, pallet_prelude::*, traits::{BuildGenesisConfig, EnsureOrigin, GetCallMetadata}, }; use frame_system::pallet_prelude::*; - use sp_runtime::traits::{DispatchOriginOf, Dispatchable, Saturating, Zero}; + use sp_runtime::traits::{ + AtLeast32BitUnsigned, DispatchOriginOf, Dispatchable, Member, One, Saturating, Zero, + }; use sp_std::{boxed::Box, convert::TryFrom, marker::PhantomData, vec::Vec}; #[cfg(feature = "runtime-benchmarks")] use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; use crate::types::{ - RateLimit, RateLimitKind, RateLimitScopeResolver, RateLimitUsageResolver, - TransactionIdentifier, + GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitScopeResolver, + RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, }; + type GroupNameOf = BoundedVec>::MaxGroupNameLength>; + type GroupMembersOf = + BoundedBTreeSet>::MaxGroupMembers>; + type GroupDetailsOf = RateLimitGroup<>::GroupId, GroupNameOf>; + /// Configuration trait for the rate limiting pallet. #[pallet::config] pub trait Config: frame_system::Config @@ -193,30 +218,45 @@ pub mod pallet { Self::UsageKey, >; + /// Identifier assigned to managed groups. + type GroupId: Parameter + + Member + + Copy + + MaybeSerializeDeserialize + + MaxEncodedLen + + AtLeast32BitUnsigned + + Default; + + /// Maximum number of extrinsics that may belong to a single group. + #[pallet::constant] + type MaxGroupMembers: Get; + + /// Maximum length (in bytes) of a group name. + #[pallet::constant] + type MaxGroupNameLength: Get; + /// Helper used to construct runtime calls for benchmarking. #[cfg(feature = "runtime-benchmarks")] type BenchmarkHelper: BenchmarkHelperTrait<>::RuntimeCall>; } - /// Storage mapping from transaction identifier to its configured rate limit. + /// Storage mapping from rate limit target to its configured rate limit. #[pallet::storage] #[pallet::getter(fn limits)] pub type Limits, I: 'static = ()> = StorageMap< _, Blake2_128Concat, - TransactionIdentifier, + RateLimitTarget<>::GroupId>, RateLimit<>::LimitScope, BlockNumberFor>, OptionQuery, >; - /// Tracks when a transaction was last observed. - /// - /// The second key is `None` for global tracking and `Some(key)` for scoped usage tracking. + /// Tracks when a rate-limited target was last observed per usage key. #[pallet::storage] pub type LastSeen, I: 'static = ()> = StorageDoubleMap< _, Blake2_128Concat, - TransactionIdentifier, + RateLimitTarget<>::GroupId>, Blake2_128Concat, Option<>::UsageKey>, BlockNumberFor, @@ -229,48 +269,131 @@ pub mod pallet { pub type DefaultLimit, I: 'static = ()> = StorageValue<_, BlockNumberFor, ValueQuery>; + /// Maps a transaction identifier to its assigned group. + #[pallet::storage] + #[pallet::getter(fn call_group)] + pub type CallGroups, I: 'static = ()> = StorageMap< + _, + Blake2_128Concat, + TransactionIdentifier, + >::GroupId, + OptionQuery, + >; + + /// Metadata for each configured group. + #[pallet::storage] + #[pallet::getter(fn groups)] + pub type Groups, I: 'static = ()> = StorageMap< + _, + Blake2_128Concat, + >::GroupId, + GroupDetailsOf, + OptionQuery, + >; + + /// Tracks membership for each group. + #[pallet::storage] + #[pallet::getter(fn group_members)] + pub type GroupMembers, I: 'static = ()> = StorageMap< + _, + Blake2_128Concat, + >::GroupId, + GroupMembersOf, + ValueQuery, + >; + + /// Enforces unique group names. + #[pallet::storage] + #[pallet::getter(fn group_id_by_name)] + pub type GroupNameIndex, I: 'static = ()> = + StorageMap<_, Blake2_128Concat, GroupNameOf, >::GroupId, OptionQuery>; + + /// Identifier used for the next group creation. + #[pallet::storage] + #[pallet::getter(fn next_group_id)] + pub type NextGroupId, I: 'static = ()> = + StorageValue<_, >::GroupId, ValueQuery>; + /// Events emitted by the rate limiting pallet. #[pallet::event] #[pallet::generate_deposit(pub(super) fn deposit_event)] pub enum Event, I: 'static = ()> { - /// A rate limit was set or updated. - RateLimitSet { - /// Identifier of the affected transaction. + /// A call was registered for rate limiting. + CallRegistered { + /// Identifier of the registered transaction. transaction: TransactionIdentifier, - /// Limit scope to which the configuration applies, if any. + /// Scope seeded during registration (if any). scope: Option<>::LimitScope>, - /// The rate limit policy applied to the transaction. - limit: RateLimitKind>, + /// Optional group assignment applied at registration time. + group: Option<>::GroupId>, /// Pallet name associated with the transaction. pallet: Vec, /// Extrinsic name associated with the transaction. extrinsic: Vec, }, - /// A rate limit was cleared. - RateLimitCleared { - /// Identifier of the affected transaction. - transaction: TransactionIdentifier, - /// Limit scope from which the configuration was cleared, if any. + /// A rate limit was set or updated for the specified target. + RateLimitSet { + /// Target whose configuration changed. + target: RateLimitTarget<>::GroupId>, + /// Identifier of the transaction when the target represents a call. + transaction: Option, + /// Limit scope to which the configuration applies, if any. scope: Option<>::LimitScope>, - /// Pallet name associated with the transaction. - pallet: Vec, - /// Extrinsic name associated with the transaction. - extrinsic: Vec, + /// The rate limit policy applied to the target. + limit: RateLimitKind>, + /// Pallet name associated with the transaction, when available. + pallet: Option>, + /// Extrinsic name associated with the transaction, when available. + extrinsic: Option>, }, - /// All scoped and global rate limits for a call were cleared. - AllRateLimitsCleared { - /// Identifier of the affected transaction. - transaction: TransactionIdentifier, - /// Pallet name associated with the transaction. - pallet: Vec, - /// Extrinsic name associated with the transaction. - extrinsic: Vec, + /// A rate-limited call was deregistered or had a scoped entry cleared. + CallDeregistered { + /// Target whose configuration changed. + target: RateLimitTarget<>::GroupId>, + /// Identifier of the transaction when the target represents a call. + transaction: Option, + /// Limit scope from which the configuration was cleared, if any. + scope: Option<>::LimitScope>, + /// Pallet name associated with the transaction, when available. + pallet: Option>, + /// Extrinsic name associated with the transaction, when available. + extrinsic: Option>, }, /// The default rate limit was set or updated. DefaultRateLimitSet { /// The new default limit expressed in blocks. block_span: BlockNumberFor, }, + /// A group was created. + GroupCreated { + /// Identifier of the new group. + group: >::GroupId, + /// Human readable group name. + name: Vec, + /// Sharing policy configured for the group. + sharing: GroupSharing, + }, + /// A group's metadata or policy changed. + GroupUpdated { + /// Identifier of the group. + group: >::GroupId, + /// Human readable name. + name: Vec, + /// Updated sharing configuration. + sharing: GroupSharing, + }, + /// A group was deleted. + GroupDeleted { + /// Identifier of the removed group. + group: >::GroupId, + }, + /// A transaction was assigned to or removed from a group. + CallGroupUpdated { + /// Identifier of the transaction. + transaction: TransactionIdentifier, + /// Updated group assignment (None when cleared). + group: Option<>::GroupId>, + }, } /// Errors that can occur while configuring rate limits. @@ -280,6 +403,30 @@ pub mod pallet { InvalidRuntimeCall, /// Attempted to remove a limit that is not present. MissingRateLimit, + /// Group metadata was not found. + UnknownGroup, + /// Attempted to create or rename a group to an existing name. + DuplicateGroupName, + /// Group name exceeds the configured maximum length. + GroupNameTooLong, + /// Operation requires the group to have no members. + GroupHasMembers, + /// Adding a member would exceed the configured limit. + GroupMemberLimitExceeded, + /// Call already belongs to the requested group. + CallAlreadyInGroup, + /// Call is not assigned to a group. + CallNotInGroup, + /// Operation requires the call to be registered first. + CallNotRegistered, + /// Attempted to register a call that already exists. + CallAlreadyRegistered, + /// Rate limit for this call must be configured via its group target. + MustTargetGroup, + /// Resolver failed to supply a required context value. + MissingScope, + /// Group cannot be removed because configuration or usage entries remain. + GroupInUse, } #[pallet::genesis_config] @@ -306,9 +453,12 @@ pub mod pallet { impl, I: 'static> BuildGenesisConfig for GenesisConfig { fn build(&self) { DefaultLimit::::put(self.default_limit); + let initial: >::GroupId = Zero::zero(); + NextGroupId::::put(initial); for (identifier, scope, kind) in &self.limits { - Limits::::mutate(identifier, |entry| match scope { + let target = RateLimitTarget::Transaction(*identifier); + Limits::::mutate(target, |entry| match scope { None => { *entry = Some(RateLimit::global(*kind)); } @@ -342,18 +492,22 @@ pub mod pallet { return Ok(true); } - let Some(block_span) = Self::effective_span(origin, call, identifier, scope) else { + let target = Self::config_target(identifier)?; + Self::ensure_scope_available(&target, scope)?; + + let Some(block_span) = Self::effective_span(origin, call, &target, scope) else { return Ok(true); }; - Ok(Self::within_span(identifier, usage_key, block_span)) + let usage_target = Self::usage_target(identifier)?; + Ok(Self::within_span(&usage_target, usage_key, block_span)) } pub(crate) fn resolved_limit( - identifier: &TransactionIdentifier, + target: &RateLimitTarget<>::GroupId>, scope: &Option<>::LimitScope>, ) -> Option> { - let config = Limits::::get(identifier)?; + let config = Limits::::get(target)?; let kind = config.kind_for(scope.as_ref())?; Some(match *kind { RateLimitKind::Default => DefaultLimit::::get(), @@ -364,17 +518,17 @@ pub mod pallet { pub(crate) fn effective_span( origin: &DispatchOriginOf<>::RuntimeCall>, call: &>::RuntimeCall, - identifier: &TransactionIdentifier, + target: &RateLimitTarget<>::GroupId>, scope: &Option<>::LimitScope>, ) -> Option> { - let span = Self::resolved_limit(identifier, scope)?; + let span = Self::resolved_limit(target, scope)?; Some(>::LimitScopeResolver::adjust_span( origin, call, span, )) } pub(crate) fn within_span( - identifier: &TransactionIdentifier, + target: &RateLimitTarget<>::GroupId>, usage_key: &Option<>::UsageKey>, block_span: BlockNumberFor, ) -> bool { @@ -382,7 +536,7 @@ pub mod pallet { return true; } - if let Some(last) = LastSeen::::get(identifier, usage_key) { + if let Some(last) = LastSeen::::get(target, usage_key.clone()) { let current = frame_system::Pallet::::block_number(); let delta = current.saturating_sub(last); if delta < block_span { @@ -398,11 +552,11 @@ pub mod pallet { /// This is primarily intended for migrations that need to hydrate the new tracking storage /// from legacy pallets. pub fn record_last_seen( - identifier: &TransactionIdentifier, + target: RateLimitTarget<>::GroupId>, usage_key: Option<>::UsageKey>, block_number: BlockNumberFor, ) { - LastSeen::::insert(identifier, usage_key, block_number); + LastSeen::::insert(target, usage_key, block_number); } /// Migrates a stored rate limit configuration from one scope to another. @@ -410,16 +564,16 @@ pub mod pallet { /// Returns `true` when an entry was moved. Passing identical `from`/`to` scopes simply /// checks that a configuration exists. pub fn migrate_limit_scope( - identifier: &TransactionIdentifier, + target: RateLimitTarget<>::GroupId>, from: Option<>::LimitScope>, to: Option<>::LimitScope>, ) -> bool { if from == to { - return Limits::::contains_key(identifier); + return Limits::::contains_key(target); } let mut migrated = false; - Limits::::mutate(identifier, |maybe_config| { + Limits::::mutate(target, |maybe_config| { if let Some(config) = maybe_config { match (from.as_ref(), to.as_ref()) { (None, Some(target)) => { @@ -459,19 +613,19 @@ pub mod pallet { /// Returns `true` when an entry was moved. Passing identical keys simply checks that an /// entry exists. pub fn migrate_usage_key( - identifier: &TransactionIdentifier, + target: RateLimitTarget<>::GroupId>, from: Option<>::UsageKey>, to: Option<>::UsageKey>, ) -> bool { if from == to { - return LastSeen::::contains_key(identifier, &to); + return LastSeen::::contains_key(target, to); } - let Some(block) = LastSeen::::take(identifier, from) else { + let Some(block) = LastSeen::::take(target, from) else { return false; }; - LastSeen::::insert(identifier, to, block); + LastSeen::::insert(target, to, block); true } @@ -482,8 +636,8 @@ pub mod pallet { scope: Option<>::LimitScope>, ) -> Option>> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; - Limits::::get(&identifier) - .and_then(|config| config.kind_for(scope.as_ref()).copied()) + let target = Self::config_target(&identifier).ok()?; + Limits::::get(target).and_then(|config| config.kind_for(scope.as_ref()).copied()) } /// Returns the resolved block span for the specified pallet/extrinsic names, if any. @@ -493,7 +647,8 @@ pub mod pallet { scope: Option<>::LimitScope>, ) -> Option> { let identifier = Self::identifier_for_call_names(pallet_name, extrinsic_name)?; - Self::resolved_limit(&identifier, &scope) + let target = Self::config_target(&identifier).ok()?; + Self::resolved_limit(&target, &scope) } fn identifier_for_call_names( @@ -508,165 +663,323 @@ pub mod pallet { let extrinsic_index = u8::try_from(extrinsic_pos).ok()?; Some(TransactionIdentifier::new(pallet_index, extrinsic_index)) } + + fn ensure_call_registered(identifier: &TransactionIdentifier) -> DispatchResult { + let target = RateLimitTarget::Transaction(*identifier); + ensure!( + Limits::::contains_key(target), + Error::::CallNotRegistered + ); + Ok(()) + } + + fn ensure_call_unregistered(identifier: &TransactionIdentifier) -> DispatchResult { + let target = RateLimitTarget::Transaction(*identifier); + ensure!( + !Limits::::contains_key(target), + Error::::CallAlreadyRegistered + ); + Ok(()) + } + + fn call_metadata( + identifier: &TransactionIdentifier, + ) -> Result<(Vec, Vec), DispatchError> { + let (pallet_name, extrinsic_name) = identifier.names::()?; + Ok(( + Vec::from(pallet_name.as_bytes()), + Vec::from(extrinsic_name.as_bytes()), + )) + } + + pub(crate) fn config_target( + identifier: &TransactionIdentifier, + ) -> Result>::GroupId>, DispatchError> { + Self::target_for(identifier, GroupSharing::config_uses_group) + } + + pub(crate) fn usage_target( + identifier: &TransactionIdentifier, + ) -> Result>::GroupId>, DispatchError> { + Self::target_for(identifier, GroupSharing::usage_uses_group) + } + + fn target_for( + identifier: &TransactionIdentifier, + predicate: impl Fn(GroupSharing) -> bool, + ) -> Result>::GroupId>, DispatchError> { + let group = Self::group_assignment(identifier)?; + Ok(Self::target_from_details( + identifier, + group.as_ref(), + predicate, + )) + } + + fn group_assignment( + identifier: &TransactionIdentifier, + ) -> Result>, DispatchError> { + let Some(group) = CallGroups::::get(identifier) else { + return Ok(None); + }; + let details = Self::ensure_group_details(group)?; + Ok(Some(details)) + } + + fn target_from_details( + identifier: &TransactionIdentifier, + details: Option<&GroupDetailsOf>, + predicate: impl Fn(GroupSharing) -> bool, + ) -> RateLimitTarget<>::GroupId> { + if let Some(details) = details { + if predicate(details.sharing) { + return RateLimitTarget::Group(details.id); + } + } + RateLimitTarget::Transaction(*identifier) + } + + fn ensure_group_details( + group: >::GroupId, + ) -> Result, DispatchError> { + Groups::::get(group).ok_or(Error::::UnknownGroup.into()) + } + + fn ensure_scope_available( + target: &RateLimitTarget<>::GroupId>, + scope: &Option<>::LimitScope>, + ) -> Result<(), DispatchError> { + if scope.is_some() { + return Ok(()); + } + + if let Some(RateLimit::Scoped(map)) = Limits::::get(target) { + if !map.is_empty() { + return Err(Error::::MissingScope.into()); + } + } + + Ok(()) + } + + fn bounded_group_name(name: Vec) -> Result, DispatchError> { + GroupNameOf::::try_from(name).map_err(|_| Error::::GroupNameTooLong.into()) + } + + fn ensure_group_name_available( + name: &GroupNameOf, + current: Option<>::GroupId>, + ) -> DispatchResult { + if let Some(existing) = GroupNameIndex::::get(name) { + ensure!(Some(existing) == current, Error::::DuplicateGroupName); + } + Ok(()) + } + + fn ensure_group_deletable(group: >::GroupId) -> DispatchResult { + ensure!( + GroupMembers::::get(group).is_empty(), + Error::::GroupHasMembers + ); + let target = RateLimitTarget::Group(group); + ensure!( + !Limits::::contains_key(target), + Error::::GroupInUse + ); + ensure!( + LastSeen::::iter_prefix(target).next().is_none(), + Error::::GroupInUse + ); + Ok(()) + } + + fn insert_call_into_group( + identifier: &TransactionIdentifier, + group: >::GroupId, + ) -> DispatchResult { + GroupMembers::::try_mutate(group, |members| -> DispatchResult { + match members.try_insert(*identifier) { + Ok(true) => Ok(()), + Ok(false) => Err(Error::::CallAlreadyInGroup.into()), + Err(_) => Err(Error::::GroupMemberLimitExceeded.into()), + } + })?; + Ok(()) + } + + fn detach_call_from_group( + identifier: &TransactionIdentifier, + group: >::GroupId, + ) -> bool { + GroupMembers::::mutate(group, |members| members.remove(identifier)) + } } #[pallet::call] impl, I: 'static> Pallet { - /// Sets the rate limit configuration for the given call. - /// - /// The supplied `call` is inspected to derive the pallet/extrinsic indices and passed to - /// [`Config::LimitScopeResolver`] to determine the applicable scope. The pallet never - /// persists the call arguments directly, but a resolver may read them in order to resolve - /// its context. When a scope resolves, the configuration is stored against that scope; - /// otherwise the global entry is updated. + /// Registers a call for rate limiting and seeds its initial configuration. #[pallet::call_index(0)] - #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] - pub fn set_rate_limit( + #[pallet::weight(T::DbWeight::get().reads_writes(3, 3))] + pub fn register_call( origin: OriginFor, call: Box<>::RuntimeCall>, - limit: RateLimitKind>, + group: Option<>::GroupId>, ) -> DispatchResult { let resolver_origin: DispatchOriginOf<>::RuntimeCall> = Into::>::RuntimeCall>>::into(origin.clone()); let scope = >::LimitScopeResolver::context(&resolver_origin, call.as_ref()); - let scope_for_event = scope.clone(); T::AdminOrigin::ensure_origin(origin)?; let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + Self::ensure_call_unregistered(&identifier)?; + + let target = RateLimitTarget::Transaction(identifier); if let Some(ref sc) = scope { - Limits::::mutate(&identifier, |slot| match slot { - Some(config) => config.upsert_scope(sc.clone(), limit), - None => *slot = Some(RateLimit::scoped_single(sc.clone(), limit)), - }); + Limits::::insert( + target, + RateLimit::scoped_single(sc.clone(), RateLimitKind::Default), + ); } else { - Limits::::insert(&identifier, RateLimit::global(limit)); + Limits::::insert(target, RateLimit::global(RateLimitKind::Default)); } - let (pallet_name, extrinsic_name) = identifier.names::()?; - let pallet = Vec::from(pallet_name.as_bytes()); - let extrinsic = Vec::from(extrinsic_name.as_bytes()); + let mut assigned_group = None; + if let Some(group_id) = group { + Self::ensure_group_details(group_id)?; + Self::insert_call_into_group(&identifier, group_id)?; + CallGroups::::insert(&identifier, group_id); + assigned_group = Some(group_id); + } - Self::deposit_event(Event::RateLimitSet { + let (pallet, extrinsic) = Self::call_metadata(&identifier)?; + Self::deposit_event(Event::CallRegistered { transaction: identifier, - scope: scope_for_event, - limit, - pallet, - extrinsic, + scope: scope.clone(), + group: assigned_group, + pallet: pallet.clone(), + extrinsic: extrinsic.clone(), }); + + if let Some(group_id) = assigned_group { + Self::deposit_event(Event::CallGroupUpdated { + transaction: identifier, + group: Some(group_id), + }); + } + Ok(()) } - /// Clears the rate limit for the given call, if present. - /// - /// The supplied `call` is inspected to derive the pallet/extrinsic indices and passed to - /// [`Config::LimitScopeResolver`] when determining which scoped configuration to clear. - /// The pallet does not persist the call arguments, but resolvers may read them while - /// computing the scope. When no scope resolves, the global entry is cleared. + /// Configures a rate limit for either a transaction or group target. #[pallet::call_index(1)] - #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] - pub fn clear_rate_limit( + #[pallet::weight(T::DbWeight::get().reads_writes(2, 2))] + pub fn set_rate_limit( origin: OriginFor, - call: Box<>::RuntimeCall>, + target: RateLimitTarget<>::GroupId>, + scope: Option<>::LimitScope>, + limit: RateLimitKind>, ) -> DispatchResult { - let resolver_origin: DispatchOriginOf<>::RuntimeCall> = - Into::>::RuntimeCall>>::into(origin.clone()); - let scope = - >::LimitScopeResolver::context(&resolver_origin, call.as_ref()); - let usage = >::UsageResolver::context(&resolver_origin, call.as_ref()); - T::AdminOrigin::ensure_origin(origin)?; - let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - - let (pallet_name, extrinsic_name) = identifier.names::()?; - let pallet = Vec::from(pallet_name.as_bytes()); - let extrinsic = Vec::from(extrinsic_name.as_bytes()); - - let mut removed = false; - Limits::::mutate_exists(&identifier, |maybe_config| { - if let Some(config) = maybe_config { - match (&scope, config) { - (None, _) => { - removed = true; - *maybe_config = None; - } - (Some(sc), RateLimit::Scoped(map)) => { - if map.remove(sc).is_some() { - removed = true; - if map.is_empty() { - *maybe_config = None; - } - } - } - (Some(_), RateLimit::Global(_)) => {} + let (transaction, pallet, extrinsic) = match target { + RateLimitTarget::Transaction(identifier) => { + Self::ensure_call_registered(&identifier)?; + if let Some(group) = CallGroups::::get(&identifier) { + let details = Self::ensure_group_details(group)?; + ensure!( + !details.sharing.config_uses_group(), + Error::::MustTargetGroup + ); } + let (pallet, extrinsic) = Self::call_metadata(&identifier)?; + (Some(identifier), Some(pallet), Some(extrinsic)) } - }); - - ensure!(removed, Error::::MissingRateLimit); - - if removed { - match (scope.as_ref(), usage) { - (None, _) => { - let _ = LastSeen::::clear_prefix(&identifier, u32::MAX, None); - } - (_, Some(key)) => { - LastSeen::::remove(&identifier, Some(key)); - } - (_, None) => { - LastSeen::::remove(&identifier, None::<>::UsageKey>); - } + RateLimitTarget::Group(group) => { + Self::ensure_group_details(group)?; + (None, None, None) } + }; + + if let Some(ref scoped) = scope { + Limits::::mutate(target, |slot| match slot { + Some(config) => config.upsert_scope(scoped.clone(), limit), + None => *slot = Some(RateLimit::scoped_single(scoped.clone(), limit)), + }); + } else { + Limits::::insert(target, RateLimit::global(limit)); } - Self::deposit_event(Event::RateLimitCleared { - transaction: identifier, + Self::deposit_event(Event::RateLimitSet { + target, + transaction, scope, + limit, pallet, extrinsic, }); - Ok(()) } - /// Clears every stored rate limit configuration for the given call, including scoped - /// entries. - /// - /// The supplied `call` is inspected to derive the pallet and extrinsic indices. All stored - /// scopes for that call, along with any associated usage tracking entries, are removed when - /// this extrinsic succeeds. + /// Assigns a registered call to the specified group. #[pallet::call_index(2)] - #[pallet::weight(T::DbWeight::get().reads_writes(1, 1))] - pub fn clear_all_rate_limits( + #[pallet::weight(T::DbWeight::get().reads_writes(3, 3))] + pub fn assign_call_to_group( origin: OriginFor, - call: Box<>::RuntimeCall>, + transaction: TransactionIdentifier, + group: >::GroupId, ) -> DispatchResult { T::AdminOrigin::ensure_origin(origin)?; - let identifier = TransactionIdentifier::from_call::(call.as_ref())?; - let (pallet_name, extrinsic_name) = identifier.names::()?; - let pallet = Vec::from(pallet_name.as_bytes()); - let extrinsic = Vec::from(extrinsic_name.as_bytes()); + Self::ensure_call_registered(&transaction)?; + Self::ensure_group_details(group)?; - let removed = Limits::::take(&identifier).is_some(); - ensure!(removed, Error::::MissingRateLimit); + let current = CallGroups::::get(&transaction); + if current == Some(group) { + return Err(Error::::CallAlreadyInGroup.into()); + } - let _ = LastSeen::::clear_prefix(&identifier, u32::MAX, None); + Self::insert_call_into_group(&transaction, group)?; + if let Some(existing) = current { + Self::detach_call_from_group(&transaction, existing); + } + CallGroups::::insert(&transaction, group); - Self::deposit_event(Event::AllRateLimitsCleared { - transaction: identifier, - pallet, - extrinsic, + Self::deposit_event(Event::CallGroupUpdated { + transaction, + group: Some(group), }); Ok(()) } - /// Sets the default rate limit in blocks applied to calls configured to use it. + /// Removes a registered call from its current group assignment. #[pallet::call_index(3)] + #[pallet::weight(T::DbWeight::get().reads_writes(2, 2))] + pub fn remove_call_from_group( + origin: OriginFor, + transaction: TransactionIdentifier, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + Self::ensure_call_registered(&transaction)?; + let Some(group) = CallGroups::::take(&transaction) else { + return Err(Error::::CallNotInGroup.into()); + }; + Self::detach_call_from_group(&transaction, group); + + Self::deposit_event(Event::CallGroupUpdated { + transaction, + group: None, + }); + + Ok(()) + } + + /// Sets the default rate limit that applies when an extrinsic uses [`RateLimitKind::Default`]. + #[pallet::call_index(4)] #[pallet::weight(T::DbWeight::get().writes(1))] pub fn set_default_rate_limit( origin: OriginFor, @@ -675,8 +988,175 @@ pub mod pallet { T::AdminOrigin::ensure_origin(origin)?; DefaultLimit::::put(block_span); - Self::deposit_event(Event::DefaultRateLimitSet { block_span }); + Ok(()) + } + + /// Creates a new rate-limiting group with the provided name and sharing configuration. + #[pallet::call_index(5)] + #[pallet::weight(T::DbWeight::get().reads_writes(1, 3))] + pub fn create_group( + origin: OriginFor, + name: Vec, + sharing: GroupSharing, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + let bounded = Self::bounded_group_name(name)?; + Self::ensure_group_name_available(&bounded, None)?; + + let group = NextGroupId::::mutate(|current| { + let next = current.saturating_add(One::one()); + sp_std::mem::replace(current, next) + }); + + Groups::::insert( + group, + RateLimitGroup { + id: group, + name: bounded.clone(), + sharing, + }, + ); + GroupNameIndex::::insert(&bounded, group); + GroupMembers::::insert(group, GroupMembersOf::::new()); + + let name_bytes: Vec = bounded.into(); + Self::deposit_event(Event::GroupCreated { + group, + name: name_bytes, + sharing, + }); + Ok(()) + } + + /// Updates the metadata or sharing configuration of an existing group. + #[pallet::call_index(6)] + #[pallet::weight(T::DbWeight::get().reads_writes(3, 3))] + pub fn update_group( + origin: OriginFor, + group: >::GroupId, + name: Option>, + sharing: Option, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + Groups::::try_mutate(group, |maybe_details| -> DispatchResult { + let details = maybe_details.as_mut().ok_or(Error::::UnknownGroup)?; + + if let Some(new_name) = name { + let bounded = Self::bounded_group_name(new_name)?; + Self::ensure_group_name_available(&bounded, Some(group))?; + GroupNameIndex::::remove(&details.name); + GroupNameIndex::::insert(&bounded, group); + details.name = bounded; + } + + if let Some(new_sharing) = sharing { + details.sharing = new_sharing; + } + + Ok(()) + })?; + + let updated = Self::ensure_group_details(group)?; + let name_bytes: Vec = updated.name.clone().into(); + Self::deposit_event(Event::GroupUpdated { + group, + name: name_bytes, + sharing: updated.sharing, + }); + + Ok(()) + } + + /// Deletes an existing group. The group must be empty and unused. + #[pallet::call_index(7)] + #[pallet::weight(T::DbWeight::get().reads_writes(3, 3))] + pub fn delete_group( + origin: OriginFor, + group: >::GroupId, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + Self::ensure_group_deletable(group)?; + + let details = Groups::::take(group).ok_or(Error::::UnknownGroup)?; + GroupNameIndex::::remove(&details.name); + GroupMembers::::remove(group); + + Self::deposit_event(Event::GroupDeleted { group }); + + Ok(()) + } + + /// Deregisters a call or removes a scoped entry from its configuration. + #[pallet::call_index(8)] + #[pallet::weight(T::DbWeight::get().reads_writes(4, 4))] + pub fn deregister_call( + origin: OriginFor, + transaction: TransactionIdentifier, + scope: Option<>::LimitScope>, + clear_usage: bool, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + Self::ensure_call_registered(&transaction)?; + let target = Self::config_target(&transaction)?; + let tx_target = RateLimitTarget::Transaction(transaction); + let usage_target = Self::usage_target(&transaction)?; + + match &scope { + Some(sc) => { + let mut removed = false; + Limits::::mutate_exists(target, |maybe_config| { + if let Some(RateLimit::Scoped(map)) = maybe_config { + if map.remove(sc).is_some() { + removed = true; + if map.is_empty() { + *maybe_config = None; + } + } + } + }); + ensure!(removed, Error::::MissingRateLimit); + + if let Some(group) = CallGroups::::take(&transaction) { + Self::detach_call_from_group(&transaction, group); + Self::deposit_event(Event::CallGroupUpdated { + transaction, + group: None, + }); + } + } + None => { + Limits::::remove(target); + if target != tx_target { + Limits::::remove(tx_target); + } + + if let Some(group) = CallGroups::::take(&transaction) { + Self::detach_call_from_group(&transaction, group); + Self::deposit_event(Event::CallGroupUpdated { + transaction, + group: None, + }); + } + } + } + + if clear_usage { + let _ = LastSeen::::clear_prefix(&usage_target, u32::MAX, None); + } + + let (pallet, extrinsic) = Self::call_metadata(&transaction)?; + Self::deposit_event(Event::CallDeregistered { + target, + transaction: Some(transaction), + scope, + pallet: Some(pallet), + extrinsic: Some(extrinsic), + }); Ok(()) } diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index fb7de0a400..b643dec64d 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -57,6 +57,7 @@ impl frame_system::Config for Test { pub type LimitScope = u16; pub type UsageKey = u16; +pub type GroupId = u32; pub struct TestScopeResolver; pub struct TestUsageResolver; @@ -77,14 +78,14 @@ impl pallet_rate_limiting::RateLimitScopeResolver bool { matches!( call, - RuntimeCall::RateLimiting(RateLimitingCall::clear_rate_limit { .. }) + RuntimeCall::RateLimiting(RateLimitingCall::remove_call_from_group { .. }) ) } fn adjust_span(_origin: &RuntimeOrigin, call: &RuntimeCall, span: u64) -> u64 { if matches!( call, - RuntimeCall::RateLimiting(RateLimitingCall::clear_all_rate_limits { .. }) + RuntimeCall::RateLimiting(RateLimitingCall::deregister_call { .. }) ) { span.saturating_mul(2) } else { @@ -114,6 +115,9 @@ impl pallet_rate_limiting::Config for Test { type UsageKey = UsageKey; type UsageResolver = TestUsageResolver; type AdminOrigin = EnsureRoot; + type GroupId = GroupId; + type MaxGroupMembers = ConstU32<32>; + type MaxGroupNameLength = ConstU32<64>; #[cfg(feature = "runtime-benchmarks")] type BenchmarkHelper = BenchHelper; } diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index a377d71656..5027909b67 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -1,592 +1,656 @@ -use frame_support::{assert_noop, assert_ok, error::BadOrigin}; -use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; +use frame_support::{assert_noop, assert_ok}; +use sp_std::vec::Vec; -use crate::{DefaultLimit, LastSeen, Limits, RateLimit, RateLimitKind, mock::*, pallet::Error}; +use crate::{ + CallGroups, Config, GroupMembers, GroupSharing, LastSeen, Limits, RateLimit, RateLimitKind, + RateLimitTarget, TransactionIdentifier, mock::*, pallet::Error, +}; +use frame_support::traits::Get; -#[test] -fn limit_for_call_names_returns_none_if_not_set() { - new_test_ext().execute_with(|| { - assert!( - RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", None) - .is_none() - ); - }); +fn target(identifier: TransactionIdentifier) -> RateLimitTarget { + RateLimitTarget::Transaction(identifier) } -#[test] -fn limit_for_call_names_returns_stored_limit() { - new_test_ext().execute_with(|| { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(7))); +fn remark_call() -> RuntimeCall { + RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }) +} - let fetched = - RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", None) - .expect("limit should exist"); - assert_eq!(fetched, RateLimitKind::Exact(7)); - }); +fn scoped_call() -> RuntimeCall { + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 1 }) } -#[test] -fn limit_for_call_names_prefers_scope_specific_limit() { - new_test_ext().execute_with(|| { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&call); - Limits::::insert( - identifier, - RateLimit::scoped_single(5u16, RateLimitKind::Exact(8)), - ); +fn register(call: RuntimeCall, group: Option) -> TransactionIdentifier { + let identifier = identifier_for(&call); + assert_ok!(RateLimiting::register_call( + RuntimeOrigin::root(), + Box::new(call), + group + )); + identifier +} - let fetched = - RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", Some(5)) - .expect("limit should exist"); - assert_eq!(fetched, RateLimitKind::Exact(8)); +fn create_group(name: &[u8], sharing: GroupSharing) -> GroupId { + assert_ok!(RateLimiting::create_group( + RuntimeOrigin::root(), + name.to_vec(), + sharing, + )); + RateLimiting::next_group_id().saturating_sub(1) +} - assert!( - RateLimiting::limit_for_call_names("RateLimiting", "set_default_rate_limit", Some(1)) - .is_none() - ); - }); +fn last_event() -> RuntimeEvent { + pop_last_event() } #[test] -fn resolved_limit_for_call_names_resolves_default_value() { +fn register_call_seeds_global_limit() { new_test_ext().execute_with(|| { - DefaultLimit::::put(3); - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Default)); - - let resolved = RateLimiting::resolved_limit_for_call_names( - "RateLimiting", - "set_default_rate_limit", - None, - ) - .expect("resolved limit"); - assert_eq!(resolved, 3); + let identifier = register(remark_call(), None); + let tx_target = target(identifier); + let stored = Limits::::get(tx_target).expect("limit"); + assert!(matches!(stored, RateLimit::Global(RateLimitKind::Default))); + + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::CallRegistered { transaction, .. }) + if transaction == identifier + )); }); } #[test] -fn resolved_limit_for_call_names_prefers_scope_specific_value() { +fn register_call_seeds_scoped_limit() { new_test_ext().execute_with(|| { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&call); - let mut map = BTreeMap::new(); - map.insert(6u16, RateLimitKind::Exact(9)); - map.insert(2u16, RateLimitKind::Exact(4)); - Limits::::insert(identifier, RateLimit::Scoped(map)); - - let resolved = RateLimiting::resolved_limit_for_call_names( - "RateLimiting", - "set_default_rate_limit", - Some(6), - ) - .expect("resolved limit"); - assert_eq!(resolved, 9); + let identifier = register(scoped_call(), None); + let tx_target = target(identifier); + let stored = Limits::::get(tx_target).expect("limit"); + match stored { + RateLimit::Scoped(map) => { + assert_eq!(map.get(&1u16), Some(&RateLimitKind::Default)); + } + _ => panic!("expected scoped entry"), + } - assert!( - RateLimiting::resolved_limit_for_call_names( - "RateLimiting", - "set_default_rate_limit", - Some(1), - ) - .is_none() - ); + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::CallRegistered { transaction, scope, .. }) + if transaction == identifier && scope == Some(1u16) + )); }); } #[test] -fn resolved_limit_for_call_names_returns_none_when_unset() { +fn set_rate_limit_updates_transaction_target() { new_test_ext().execute_with(|| { - assert!( - RateLimiting::resolved_limit_for_call_names( - "RateLimiting", - "set_default_rate_limit", - None, - ) - .is_none() - ); + let identifier = register(remark_call(), None); + let tx_target = target(identifier); + let limit = RateLimitKind::Exact(9); + assert_ok!(RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + tx_target, + None, + limit, + )); + let stored = Limits::::get(tx_target).expect("limit"); + assert!(matches!(stored, RateLimit::Global(RateLimitKind::Exact(9)))); + + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::RateLimitSet { + target: RateLimitTarget::Transaction(t), + limit: RateLimitKind::Exact(9), + .. + }) if t == identifier + )); }); } #[test] -fn is_within_limit_is_true_when_no_limit() { +fn set_rate_limit_requires_registration_and_group_targeting() { new_test_ext().execute_with(|| { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&call); + let identifier = register(remark_call(), None); + let target = target(identifier); + + // Unregistered call. + let unknown = TransactionIdentifier::new(99, 0); + assert_noop!( + RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + RateLimitTarget::Transaction(unknown), + None, + RateLimitKind::Exact(1), + ), + Error::::CallNotRegistered + ); - let origin = RuntimeOrigin::signed(1); - let result = RateLimiting::is_within_limit(&origin, &call, &identifier, &None, &None); - assert_eq!(result.expect("no error expected"), true); + // Group requires targeting the group. + let group = create_group(b"cfg", GroupSharing::ConfigAndUsage); + assert_ok!(RateLimiting::assign_call_to_group( + RuntimeOrigin::root(), + identifier, + group, + )); + assert_noop!( + RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + target, + None, + RateLimitKind::Exact(2), + ), + Error::::MustTargetGroup + ); }); } #[test] -fn is_within_limit_false_when_rate_limited() { +fn set_rate_limit_respects_group_config_sharing() { new_test_ext().execute_with(|| { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&call); - Limits::::insert( + let identifier = register(remark_call(), None); + let group = create_group(b"test", GroupSharing::ConfigAndUsage); + assert_ok!(RateLimiting::assign_call_to_group( + RuntimeOrigin::root(), identifier, - RateLimit::scoped_single(1 as LimitScope, RateLimitKind::Exact(5)), + group, + )); + assert_noop!( + RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + RateLimitTarget::Transaction(identifier), + None, + RateLimitKind::Exact(5), + ), + Error::::MustTargetGroup ); - LastSeen::::insert(identifier, Some(1 as UsageKey), 9); - - System::set_block_number(13); - let origin = RuntimeOrigin::signed(1); - let within = RateLimiting::is_within_limit( - &origin, - &call, - &identifier, - &Some(1 as LimitScope), - &Some(1 as UsageKey), - ) - .expect("call succeeds"); - assert!(!within); + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::CallGroupUpdated { + transaction, + group: Some(g), + }) if transaction == identifier && g == group + )); }); } #[test] -fn is_within_limit_true_after_required_span() { +fn assign_and_remove_group_membership() { new_test_ext().execute_with(|| { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&call); - Limits::::insert( + let identifier = register(remark_call(), None); + let group = create_group(b"team", GroupSharing::UsageOnly); + assert_ok!(RateLimiting::assign_call_to_group( + RuntimeOrigin::root(), identifier, - RateLimit::scoped_single(2 as LimitScope, RateLimitKind::Exact(5)), - ); - LastSeen::::insert(identifier, Some(2 as UsageKey), 10); - - System::set_block_number(20); - - let origin = RuntimeOrigin::signed(1); - let within = RateLimiting::is_within_limit( - &origin, - &call, - &identifier, - &Some(2 as LimitScope), - &Some(2 as UsageKey), - ) - .expect("call succeeds"); - assert!(within); + group, + )); + assert_eq!(CallGroups::::get(identifier), Some(group)); + assert!(GroupMembers::::get(group).contains(&identifier)); + assert_ok!(RateLimiting::remove_call_from_group( + RuntimeOrigin::root(), + identifier, + )); + assert!(CallGroups::::get(identifier).is_none()); + + // Last event should signal removal. + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::CallGroupUpdated { transaction, group: None }) + if transaction == identifier + )); }); } #[test] -fn migrate_limit_scope_global_to_scoped() { +fn set_rate_limit_on_group_updates_storage() { new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); - let identifier = identifier_for(&target_call); - - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(3))); - - assert!(RateLimiting::migrate_limit_scope( - &identifier, + let group = create_group(b"grp", GroupSharing::ConfigOnly); + let target = RateLimitTarget::Group(group); + assert_ok!(RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + target, None, - Some(9) + RateLimitKind::Exact(3), + )); + assert!(matches!( + Limits::::get(target), + Some(RateLimit::Global(RateLimitKind::Exact(3))) )); - match RateLimiting::limits(identifier).expect("config") { - RateLimit::Scoped(map) => { - assert_eq!(map.len(), 1); - assert_eq!(map.get(&9), Some(&RateLimitKind::Exact(3))); - } - other => panic!("unexpected config: {:?}", other), - } + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::RateLimitSet { + target: RateLimitTarget::Group(g), + limit: RateLimitKind::Exact(3), + .. + }) if g == group + )); }); } #[test] -fn migrate_limit_scope_scoped_to_scoped() { +fn create_and_delete_group_emit_events() { new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&target_call); - - let mut map = sp_std::collections::btree_map::BTreeMap::new(); - map.insert(1u16, RateLimitKind::Exact(4)); - map.insert(2u16, RateLimitKind::Exact(6)); - Limits::::insert(identifier, RateLimit::Scoped(map)); - - assert!(RateLimiting::migrate_limit_scope( - &identifier, - Some(1), - Some(3) + assert_ok!(RateLimiting::create_group( + RuntimeOrigin::root(), + b"ev".to_vec(), + GroupSharing::UsageOnly, + )); + let group = RateLimiting::next_group_id().saturating_sub(1); + let created = last_event(); + assert!(matches!( + created, + RuntimeEvent::RateLimiting(crate::Event::GroupCreated { group: g, .. }) if g == group )); - match RateLimiting::limits(identifier).expect("config") { - RateLimit::Scoped(map) => { - assert!(map.get(&1).is_none()); - assert_eq!(map.get(&3), Some(&RateLimitKind::Exact(4))); - assert_eq!(map.get(&2), Some(&RateLimitKind::Exact(6))); - } - other => panic!("unexpected config: {:?}", other), - } + assert_ok!(RateLimiting::delete_group(RuntimeOrigin::root(), group)); + let deleted = last_event(); + assert!(matches!( + deleted, + RuntimeEvent::RateLimiting(crate::Event::GroupDeleted { group: g }) if g == group + )); }); } #[test] -fn migrate_limit_scope_scoped_to_global() { +fn deregister_call_scope_removes_entry() { new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&target_call); - - let mut map = sp_std::collections::btree_map::BTreeMap::new(); - map.insert(7u16, RateLimitKind::Exact(8)); - Limits::::insert(identifier, RateLimit::Scoped(map)); - - assert!(RateLimiting::migrate_limit_scope( - &identifier, - Some(7), - None + let identifier = register(scoped_call(), None); + let tx_target = target(identifier); + assert_ok!(RateLimiting::set_rate_limit( + RuntimeOrigin::root(), + tx_target, + Some(2u16), + RateLimitKind::Exact(4), )); - - match RateLimiting::limits(identifier).expect("config") { - RateLimit::Global(kind) => assert_eq!(kind, RateLimitKind::Exact(8)), + LastSeen::::insert(tx_target, Some(9u16), 10); + assert_ok!(RateLimiting::deregister_call( + RuntimeOrigin::root(), + identifier, + Some(2u16), + false, + )); + match Limits::::get(tx_target) { + Some(RateLimit::Scoped(map)) => { + assert!(map.contains_key(&1u16)); + assert!(!map.contains_key(&2u16)); + } other => panic!("unexpected config: {:?}", other), } + // usage remains intact when clear_usage is false + assert_eq!(LastSeen::::get(tx_target, Some(9u16)), Some(10)); + + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::CallDeregistered { + target, + transaction: Some(t), + scope: Some(sc), + .. + }) if target == tx_target && t == identifier && sc == 2u16 + )); + + // No group assigned in this test. + assert!(CallGroups::::get(identifier).is_none()); }); } #[test] -fn migrate_usage_key_moves_entry() { +fn register_call_rejects_duplicates_and_unknown_group() { new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&target_call); - - LastSeen::::insert(identifier, Some(5u16), 11); - - assert!(RateLimiting::migrate_usage_key( - &identifier, - Some(5), - Some(6) - )); - assert!(LastSeen::::get(identifier, Some(5u16)).is_none()); - assert_eq!(LastSeen::::get(identifier, Some(6u16)), Some(11)); + let identifier = register(remark_call(), None); + // Duplicate should fail. + assert_noop!( + RateLimiting::register_call(RuntimeOrigin::root(), Box::new(remark_call()), None), + Error::::CallAlreadyRegistered + ); - assert!(RateLimiting::migrate_usage_key(&identifier, Some(6), None)); - assert!(LastSeen::::get(identifier, Some(6u16)).is_none()); - assert_eq!( - LastSeen::::get(identifier, None::), - Some(11) + // Unknown group should fail. + assert_noop!( + RateLimiting::register_call(RuntimeOrigin::root(), Box::new(scoped_call()), Some(99)), + Error::::UnknownGroup ); + + assert!(Limits::::contains_key(target(identifier))); }); } #[test] -fn set_rate_limit_updates_storage_and_emits_event() { +fn group_name_limits_and_uniqueness_enforced() { new_test_ext().execute_with(|| { - System::reset_events(); + // Overlong name. + let max_name = <::MaxGroupNameLength as Get>::get() as usize; + let long_name = vec![0u8; max_name + 1]; + assert_noop!( + RateLimiting::create_group(RuntimeOrigin::root(), long_name, GroupSharing::UsageOnly), + Error::::GroupNameTooLong + ); - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let limit = RateLimitKind::Exact(9); + // Duplicate names rejected on create and update. + let first = create_group(b"alpha", GroupSharing::UsageOnly); + let second = create_group(b"beta", GroupSharing::UsageOnly); - assert_ok!(RateLimiting::set_rate_limit( - RuntimeOrigin::root(), - Box::new(target_call.clone()), - limit, - )); + assert_noop!( + RateLimiting::create_group( + RuntimeOrigin::root(), + b"alpha".to_vec(), + GroupSharing::UsageOnly + ), + Error::::DuplicateGroupName + ); + + assert_noop!( + RateLimiting::update_group( + RuntimeOrigin::root(), + second, + Some(b"alpha".to_vec()), + None + ), + Error::::DuplicateGroupName + ); + + // Unknown group update. + assert_noop!( + RateLimiting::update_group(RuntimeOrigin::root(), 99, None, None), + Error::::UnknownGroup + ); - let identifier = identifier_for(&target_call); assert_eq!( - Limits::::get(identifier), - Some(RateLimit::scoped_single(0, limit)) + RateLimiting::groups(first).unwrap().name.into_inner(), + b"alpha".to_vec() ); - match pop_last_event() { - RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitSet { - transaction, - scope, - limit: emitted_limit, - pallet, - extrinsic, - }) => { - assert_eq!(transaction, identifier); - assert_eq!(scope, Some(0)); - assert_eq!(emitted_limit, limit); - assert_eq!(pallet, b"RateLimiting".to_vec()); - assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); - } - other => panic!("unexpected event: {:?}", other), - } + // Updating first group emits event. + assert_ok!(RateLimiting::update_group( + RuntimeOrigin::root(), + first, + Some(b"gamma".to_vec()), + None, + )); + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::GroupUpdated { group, .. }) if group == first + )); }); } #[test] -fn set_rate_limit_stores_global_when_scope_absent() { +fn group_member_limit_and_removal_errors() { new_test_ext().execute_with(|| { - System::reset_events(); - - let target_call = - RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); - let limit = RateLimitKind::Exact(11); + let group = create_group(b"cap", GroupSharing::UsageOnly); - assert_ok!(RateLimiting::set_rate_limit( - RuntimeOrigin::root(), - Box::new(target_call.clone()), - limit, - )); + let max_members = <::MaxGroupMembers as Get>::get(); + GroupMembers::::mutate(group, |members| { + for i in 0..max_members { + let _ = members.try_insert(TransactionIdentifier::new(0, (i + 1) as u8)); + } + }); - let identifier = identifier_for(&target_call); - assert_eq!( - Limits::::get(identifier), - Some(RateLimit::global(limit)) + // Next insert should fail. + let extra = register(remark_call(), None); + assert_noop!( + RateLimiting::assign_call_to_group(RuntimeOrigin::root(), extra, group), + Error::::GroupMemberLimitExceeded ); - match pop_last_event() { - RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitSet { - transaction, - scope, - limit: emitted_limit, - pallet, - extrinsic, - }) => { - assert_eq!(transaction, identifier); - assert_eq!(scope, None); - assert_eq!(emitted_limit, limit); - assert_eq!(pallet, b"System".to_vec()); - assert_eq!(extrinsic, b"remark".to_vec()); - } - other => panic!("unexpected event: {:?}", other), - } + // Removing a call not in a group errors. + assert_noop!( + RateLimiting::remove_call_from_group(RuntimeOrigin::root(), extra), + Error::::CallNotInGroup + ); }); } #[test] -fn set_rate_limit_requires_root() { +fn cannot_delete_group_in_use_or_unknown() { new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); + let group = create_group(b"busy", GroupSharing::ConfigOnly); + let identifier = register(remark_call(), Some(group)); + let target = RateLimitTarget::Group(group); + Limits::::insert(target, RateLimit::global(RateLimitKind::Exact(1))); + LastSeen::::insert(target, None::, 10); + + // Remove member so only config/usage keep the group in-use. + assert_ok!(RateLimiting::remove_call_from_group( + RuntimeOrigin::root(), + identifier + )); + // Cannot delete when in use. assert_noop!( - RateLimiting::set_rate_limit( - RuntimeOrigin::signed(1), - Box::new(target_call), - RateLimitKind::Exact(1), - ), - BadOrigin + RateLimiting::delete_group(RuntimeOrigin::root(), group), + Error::::GroupInUse + ); + + // Clear state then delete. + Limits::::remove(target); + let _ = LastSeen::::clear_prefix(&target, u32::MAX, None); + assert_ok!(RateLimiting::delete_group(RuntimeOrigin::root(), group)); + + // Unknown group. + assert_noop!( + RateLimiting::delete_group(RuntimeOrigin::root(), 999), + Error::::UnknownGroup ); }); } #[test] -fn set_rate_limit_accepts_default_variant() { +fn deregister_call_clears_registration() { new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - - assert_ok!(RateLimiting::set_rate_limit( + let identifier = register(remark_call(), None); + let tx_target = target(identifier); + LastSeen::::insert(tx_target, None::, 5); + assert_ok!(RateLimiting::deregister_call( RuntimeOrigin::root(), - Box::new(target_call.clone()), - RateLimitKind::Default, + identifier, + None, + true, + )); + assert!(Limits::::get(tx_target).is_none()); + assert!(LastSeen::::get(tx_target, None::).is_none()); + assert!(CallGroups::::get(identifier).is_none()); + + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::CallDeregistered { + target, + transaction: Some(t), + scope: None, + .. + }) if target == tx_target && t == identifier )); - - let identifier = identifier_for(&target_call); - assert_eq!( - Limits::::get(identifier), - Some(RateLimit::scoped_single(0, RateLimitKind::Default)) - ); }); } #[test] -fn clear_rate_limit_removes_entry_and_emits_event() { +fn deregister_errors_for_unknown_or_missing_scope() { new_test_ext().execute_with(|| { - System::reset_events(); + let unknown = TransactionIdentifier::new(10, 1); + assert_noop!( + RateLimiting::deregister_call(RuntimeOrigin::root(), unknown, None, true), + Error::::CallNotRegistered + ); - let target_call = - RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); - let identifier = identifier_for(&target_call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(4))); - LastSeen::::insert(identifier, None::, 7); - LastSeen::::insert(identifier, Some(88u16), 9); + let identifier = register(scoped_call(), None); + let tx_target = target(identifier); + // Removing a non-existent scoped entry fails. + assert_noop!( + RateLimiting::deregister_call(RuntimeOrigin::root(), identifier, Some(99u16), false), + Error::::MissingRateLimit + ); - assert_ok!(RateLimiting::clear_rate_limit( + // Removing the last scoped entry clears Limits and LastSeen. + LastSeen::::insert(tx_target, Some(1u16), 5); + assert_ok!(RateLimiting::deregister_call( RuntimeOrigin::root(), - Box::new(target_call.clone()), + identifier, + Some(1u16), + true, )); - - assert!(Limits::::get(identifier).is_none()); - assert!(LastSeen::::get(identifier, None::).is_none()); - assert!(LastSeen::::get(identifier, Some(88u16)).is_none()); - - match pop_last_event() { - RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { - transaction, - scope, - pallet, - extrinsic, - }) => { - assert_eq!(transaction, identifier); - assert_eq!(scope, None); - assert_eq!(pallet, b"System".to_vec()); - assert_eq!(extrinsic, b"remark".to_vec()); - } - other => panic!("unexpected event: {:?}", other), - } + assert!(Limits::::get(tx_target).is_none()); + assert!(LastSeen::::get(tx_target, Some(1u16)).is_none()); }); } #[test] -fn clear_rate_limit_fails_when_missing() { +fn is_within_limit_detects_rate_limited_scope() { new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - - assert_noop!( - RateLimiting::clear_rate_limit(RuntimeOrigin::root(), Box::new(target_call)), - Error::::MissingRateLimit + let call = scoped_call(); + let identifier = identifier_for(&call); + let tx_target = target(identifier); + Limits::::insert( + tx_target, + RateLimit::scoped_single(7u16, RateLimitKind::Exact(3)), ); + LastSeen::::insert(tx_target, Some(1u16), 9); + System::set_block_number(11); + let result = RateLimiting::is_within_limit( + &RuntimeOrigin::signed(1), + &call, + &identifier, + &Some(7u16), + &Some(1u16), + ) + .expect("ok"); + assert!(!result); }); } #[test] -fn clear_rate_limit_removes_only_selected_scope() { +fn migrate_usage_key_tracks_scope() { new_test_ext().execute_with(|| { - System::reset_events(); - - let base_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&base_call); - let mut map = BTreeMap::new(); - map.insert(9u16, RateLimitKind::Exact(7)); - map.insert(10u16, RateLimitKind::Exact(5)); - Limits::::insert(identifier, RateLimit::Scoped(map)); - LastSeen::::insert(identifier, Some(9u16), 11); - LastSeen::::insert(identifier, Some(10u16), 12); - LastSeen::::insert(identifier, None::, 13); - - let scoped_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 9 }); - - assert_ok!(RateLimiting::clear_rate_limit( - RuntimeOrigin::root(), - Box::new(scoped_call.clone()), + let call = scoped_call(); + let identifier = identifier_for(&call); + let tx_target = target(identifier); + LastSeen::::insert(tx_target, Some(6u16), 10); + assert!(RateLimiting::migrate_usage_key( + tx_target, + Some(6u16), + Some(7u16) )); - - let config = Limits::::get(identifier).expect("config remains"); - assert!(config.kind_for(Some(&9u16)).is_none()); - assert_eq!( - config.kind_for(Some(&10u16)).copied(), - Some(RateLimitKind::Exact(5)) - ); - assert!(LastSeen::::get(identifier, Some(9u16)).is_none()); - assert_eq!(LastSeen::::get(identifier, Some(10u16)), Some(12)); - assert_eq!( - LastSeen::::get(identifier, None::), - Some(13) - ); - - match pop_last_event() { - RuntimeEvent::RateLimiting(crate::pallet::Event::RateLimitCleared { - transaction, - scope, - .. - }) => { - assert_eq!(transaction, identifier); - assert_eq!(scope, Some(9)); - } - other => panic!("unexpected event: {:?}", other), - } + assert_eq!(LastSeen::::get(tx_target, Some(7u16)), Some(10)); }); } #[test] -fn clear_all_rate_limits_removes_entire_configuration() { +fn migrate_limit_scope_covers_transitions() { new_test_ext().execute_with(|| { - System::reset_events(); + let identifier = register(remark_call(), None); + let tx_target = target(identifier); - let target_call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = identifier_for(&target_call); - - let mut map = BTreeMap::new(); - map.insert(3u16, RateLimitKind::Exact(6)); - map.insert(4u16, RateLimitKind::Exact(7)); - Limits::::insert(identifier, RateLimit::Scoped(map)); - - LastSeen::::insert(identifier, Some(3u16), 11); - LastSeen::::insert(identifier, None::, 12); - - assert_ok!(RateLimiting::clear_all_rate_limits( - RuntimeOrigin::root(), - Box::new(target_call.clone()), + // global -> scoped + assert!(RateLimiting::migrate_limit_scope( + tx_target, + None, + Some(42u16) )); + match Limits::::get(tx_target) { + Some(RateLimit::Scoped(map)) => { + assert_eq!(map.get(&42u16), Some(&RateLimitKind::Default)) + } + other => panic!("unexpected config: {:?}", other), + } - assert!(Limits::::get(identifier).is_none()); - assert!(LastSeen::::get(identifier, Some(3u16)).is_none()); - assert!(LastSeen::::get(identifier, None::).is_none()); - - match pop_last_event() { - RuntimeEvent::RateLimiting(crate::pallet::Event::AllRateLimitsCleared { - transaction, - pallet, - extrinsic, - }) => { - assert_eq!(transaction, identifier); - assert_eq!(pallet, b"RateLimiting".to_vec()); - assert_eq!(extrinsic, b"set_default_rate_limit".to_vec()); + // scoped -> scoped + assert!(RateLimiting::migrate_limit_scope( + tx_target, + Some(42u16), + Some(43u16) + )); + match Limits::::get(tx_target) { + Some(RateLimit::Scoped(map)) => { + assert_eq!(map.get(&43u16), Some(&RateLimitKind::Default)) } - other => panic!("unexpected event: {:?}", other), + other => panic!("unexpected config: {:?}", other), } - }); -} -#[test] -fn clear_all_rate_limits_fails_when_missing() { - new_test_ext().execute_with(|| { - let target_call = - RuntimeCall::System(frame_system::Call::::remark { remark: Vec::new() }); + // scoped -> global (only entry) + assert!(RateLimiting::migrate_limit_scope( + tx_target, + Some(43u16), + None + )); + assert!(matches!( + Limits::::get(tx_target), + Some(RateLimit::Global(RateLimitKind::Default)) + )); - assert_noop!( - RateLimiting::clear_all_rate_limits(RuntimeOrigin::root(), Box::new(target_call)), - Error::::MissingRateLimit - ); + // no-op when scopes identical + assert!(RateLimiting::migrate_limit_scope(tx_target, None, None)); }); } #[test] -fn set_default_rate_limit_updates_storage_and_emits_event() { +fn set_default_limit_updates_span_and_resolves_in_enforcement() { new_test_ext().execute_with(|| { - System::reset_events(); - + assert_eq!(RateLimiting::default_limit(), 0); assert_ok!(RateLimiting::set_default_rate_limit( RuntimeOrigin::root(), - 42 + 5 )); + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::DefaultRateLimitSet { block_span: 5 }) + )); + assert_eq!(RateLimiting::default_limit(), 5); - assert_eq!(DefaultLimit::::get(), 42); + let call = remark_call(); + let identifier = register(call.clone(), None); + let tx_target = target(identifier); - match pop_last_event() { - RuntimeEvent::RateLimiting(crate::pallet::Event::DefaultRateLimitSet { - block_span, - }) => { - assert_eq!(block_span, 42); - } - other => panic!("unexpected event: {:?}", other), - } + System::set_block_number(10); + // No last-seen yet, first call passes. + assert!( + RateLimiting::is_within_limit( + &RuntimeOrigin::signed(1), + &call, + &identifier, + &None, + &None, + ) + .unwrap() + ); + + LastSeen::::insert(tx_target, None::, 12); + System::set_block_number(15); + // Span 5 should block when delta < 5. + assert!( + !RateLimiting::is_within_limit( + &RuntimeOrigin::signed(1), + &call, + &identifier, + &None, + &None, + ) + .unwrap() + ); }); } #[test] -fn set_default_rate_limit_requires_root() { +fn limit_for_call_names_prefers_scoped_value() { new_test_ext().execute_with(|| { - assert_noop!( - RateLimiting::set_default_rate_limit(RuntimeOrigin::signed(1), 5), - BadOrigin + let call = scoped_call(); + let identifier = identifier_for(&call); + Limits::::insert( + target(identifier), + RateLimit::scoped_single(9u16, RateLimitKind::Exact(8)), ); + let fetched = RateLimiting::limit_for_call_names( + "RateLimiting", + "set_default_rate_limit", + Some(9u16), + ) + .expect("limit"); + assert_eq!(fetched, RateLimitKind::Exact(8)); }); } diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index c6c3eb745c..41b4add270 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -17,7 +17,9 @@ use sp_std::{marker::PhantomData, result::Result}; use crate::{ Config, LastSeen, Pallet, - types::{RateLimitScopeResolver, RateLimitUsageResolver, TransactionIdentifier}, + types::{ + RateLimitScopeResolver, RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, + }, }; /// Identifier returned in the transaction metadata for the rate limiting extension. @@ -80,8 +82,14 @@ where const IDENTIFIER: &'static str = IDENTIFIER; type Implicit = (); - type Val = Option<(TransactionIdentifier, Option<>::UsageKey>)>; - type Pre = Option<(TransactionIdentifier, Option<>::UsageKey>)>; + type Val = Option<( + RateLimitTarget<>::GroupId>, + Option<>::UsageKey>, + )>; + type Pre = Option<( + RateLimitTarget<>::GroupId>, + Option<>::UsageKey>, + )>; fn weight(&self, _call: &>::RuntimeCall) -> Weight { Weight::zero() @@ -109,7 +117,13 @@ where let scope = >::LimitScopeResolver::context(&origin, call); let usage = >::UsageResolver::context(&origin, call); - let Some(block_span) = Pallet::::effective_span(&origin, call, &identifier, &scope) + let config_target = Pallet::::config_target(&identifier) + .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; + let usage_target = Pallet::::usage_target(&identifier) + .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; + + let Some(block_span) = + Pallet::::effective_span(&origin, call, &config_target, &scope) else { return Ok((ValidTransaction::default(), None, origin)); }; @@ -118,7 +132,7 @@ where return Ok((ValidTransaction::default(), None, origin)); } - let within_limit = Pallet::::within_span(&identifier, &usage, block_span); + let within_limit = Pallet::::within_span(&usage_target, &usage, block_span); if !within_limit { return Err(TransactionValidityError::Invalid( @@ -128,7 +142,7 @@ where Ok(( ValidTransaction::default(), - Some((identifier, usage)), + Some((usage_target, usage)), origin, )) } @@ -152,9 +166,9 @@ where result: &DispatchResult, ) -> Result<(), TransactionValidityError> { if result.is_ok() { - if let Some((identifier, usage)) = pre { + if let Some((target, usage)) = pre { let block_number = frame_system::Pallet::::block_number(); - LastSeen::::insert(&identifier, usage, block_number); + LastSeen::::insert(target, usage, block_number); } } Ok(()) @@ -164,15 +178,18 @@ where #[cfg(test)] mod tests { use codec::Encode; - use frame_support::dispatch::{GetDispatchInfo, PostDispatchInfo}; + use frame_support::{ + assert_ok, + dispatch::{GetDispatchInfo, PostDispatchInfo}, + }; use sp_runtime::{ traits::{TransactionExtension, TxBaseImplication}, transaction_validity::{InvalidTransaction, TransactionSource, TransactionValidityError}, }; use crate::{ - LastSeen, Limits, - types::{RateLimit, RateLimitKind, TransactionIdentifier}, + GroupSharing, LastSeen, Limits, + types::{RateLimit, RateLimitKind}, }; use super::*; @@ -183,14 +200,16 @@ mod tests { } fn bypass_call() -> RuntimeCall { - RuntimeCall::RateLimiting(RateLimitingCall::clear_rate_limit { - call: Box::new(remark_call()), + RuntimeCall::RateLimiting(RateLimitingCall::remove_call_from_group { + transaction: TransactionIdentifier::new(0, 0), }) } fn adjustable_call() -> RuntimeCall { - RuntimeCall::RateLimiting(RateLimitingCall::clear_all_rate_limits { - call: Box::new(remark_call()), + RuntimeCall::RateLimiting(RateLimitingCall::deregister_call { + transaction: TransactionIdentifier::new(0, 0), + scope: None, + clear_usage: false, }) } @@ -198,13 +217,17 @@ mod tests { RateLimitTransactionExtension(Default::default()) } + fn target_for_call(call: &RuntimeCall) -> RateLimitTarget { + RateLimitTarget::Transaction(identifier_for(call)) + } + fn validate_with_tx_extension( extension: &RateLimitTransactionExtension, call: &RuntimeCall, ) -> Result< ( sp_runtime::transaction_validity::ValidTransaction, - Option<(TransactionIdentifier, Option)>, + Option<(RateLimitTarget, Option)>, RuntimeOrigin, ), TransactionValidityError, @@ -250,11 +273,8 @@ mod tests { ) .expect("post_dispatch succeeds"); - let identifier = identifier_for(&call); - assert_eq!( - LastSeen::::get(identifier, None::), - None - ); + let target = target_for_call(&call); + assert_eq!(LastSeen::::get(target, None::), None); }); } @@ -270,8 +290,9 @@ mod tests { assert!(val.is_none()); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(3))); - LastSeen::::insert(identifier, None::, 1); + let target = RateLimitTarget::Transaction(identifier); + Limits::::insert(target, RateLimit::global(RateLimitKind::Exact(3))); + LastSeen::::insert(target, None::, 1); let (_valid, post_val, _) = validate_with_tx_extension(&extension, &call).expect("still bypassed"); @@ -285,8 +306,9 @@ mod tests { let extension = new_tx_extension(); let call = adjustable_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(4))); - LastSeen::::insert(identifier, Some(1u16), 10); + let target = RateLimitTarget::Transaction(identifier); + Limits::::insert(target, RateLimit::global(RateLimitKind::Exact(4))); + LastSeen::::insert(target, Some(1u16), 10); System::set_block_number(14); @@ -308,7 +330,8 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(5))); + let target = RateLimitTarget::Transaction(identifier); + Limits::::insert(target, RateLimit::global(RateLimitKind::Exact(5))); System::set_block_number(10); @@ -334,7 +357,7 @@ mod tests { .expect("post_dispatch succeeds"); assert_eq!( - LastSeen::::get(identifier, None::), + LastSeen::::get(target, None::), Some(10) ); }); @@ -346,8 +369,9 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(5))); - LastSeen::::insert(identifier, None::, 20); + let target = RateLimitTarget::Transaction(identifier); + Limits::::insert(target, RateLimit::global(RateLimitKind::Exact(5))); + LastSeen::::insert(target, None::, 20); System::set_block_number(22); @@ -368,7 +392,8 @@ mod tests { let extension = new_tx_extension(); let call = remark_call(); let identifier = identifier_for(&call); - Limits::::insert(identifier, RateLimit::global(RateLimitKind::Exact(0))); + let target = RateLimitTarget::Transaction(identifier); + Limits::::insert(target, RateLimit::global(RateLimitKind::Exact(0))); System::set_block_number(30); @@ -393,10 +418,80 @@ mod tests { ) .expect("post_dispatch succeeds"); - assert_eq!( - LastSeen::::get(identifier, None::), - None - ); + assert_eq!(LastSeen::::get(target, None::), None); + }); + } + + #[test] + fn tx_extension_respects_usage_group_sharing() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + assert_ok!(RateLimiting::create_group( + RuntimeOrigin::root(), + b"use".to_vec(), + GroupSharing::UsageOnly, + )); + let group = RateLimiting::next_group_id().saturating_sub(1); + + let call = remark_call(); + let identifier = identifier_for(&call); + assert_ok!(RateLimiting::register_call( + RuntimeOrigin::root(), + Box::new(call.clone()), + Some(group), + )); + + let tx_target = RateLimitTarget::Transaction(identifier); + let usage_target = RateLimitTarget::Group(group); + Limits::::insert(tx_target, RateLimit::global(RateLimitKind::Exact(5))); + LastSeen::::insert(usage_target, None::, 10); + System::set_block_number(12); + + let err = validate_with_tx_extension(&extension, &call) + .expect_err("usage grouping should rate limit"); + match err { + TransactionValidityError::Invalid(InvalidTransaction::Custom(code)) => { + assert_eq!(code, RATE_LIMIT_DENIED); + } + other => panic!("unexpected error: {:?}", other), + } + }); + } + + #[test] + fn tx_extension_respects_config_group_sharing() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + assert_ok!(RateLimiting::create_group( + RuntimeOrigin::root(), + b"cfg".to_vec(), + GroupSharing::ConfigOnly, + )); + let group = RateLimiting::next_group_id().saturating_sub(1); + + let call = remark_call(); + let identifier = identifier_for(&call); + assert_ok!(RateLimiting::register_call( + RuntimeOrigin::root(), + Box::new(call.clone()), + Some(group), + )); + + let tx_target = RateLimitTarget::Transaction(identifier); + let group_target = RateLimitTarget::Group(group); + Limits::::remove(tx_target); + Limits::::insert(group_target, RateLimit::global(RateLimitKind::Exact(5))); + LastSeen::::insert(tx_target, None::, 10); + System::set_block_number(12); + + let err = validate_with_tx_extension(&extension, &call) + .expect_err("config grouping should rate limit"); + match err { + TransactionValidityError::Invalid(InvalidTransaction::Custom(code)) => { + assert_eq!(code, RATE_LIMIT_DENIED); + } + other => panic!("unexpected error: {:?}", other), + } }); } } diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 4748f1576e..1faff7c300 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -39,6 +39,8 @@ pub trait RateLimitUsageResolver { Copy, PartialEq, Eq, + PartialOrd, + Ord, Encode, Decode, DecodeWithMemTracking, @@ -53,6 +55,108 @@ pub struct TransactionIdentifier { pub extrinsic_index: u8, } +/// Target identifier for rate limit and usage configuration. +#[derive( + Serialize, + Deserialize, + Clone, + Copy, + PartialEq, + Eq, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub enum RateLimitTarget { + /// Per-transaction configuration keyed by pallet/extrinsic indices. + Transaction(TransactionIdentifier), + /// Shared configuration for a named group. + Group(GroupId), +} + +impl RateLimitTarget { + /// Returns the transaction identifier when the target represents a single extrinsic. + pub fn as_transaction(&self) -> Option<&TransactionIdentifier> { + match self { + RateLimitTarget::Transaction(identifier) => Some(identifier), + RateLimitTarget::Group(_) => None, + } + } + + /// Returns the group identifier when the target represents a group configuration. + pub fn as_group(&self) -> Option<&GroupId> { + match self { + RateLimitTarget::Transaction(_) => None, + RateLimitTarget::Group(id) => Some(id), + } + } +} + +/// Sharing mode configured for a group. +#[derive( + Serialize, + Deserialize, + Clone, + Copy, + PartialEq, + Eq, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub enum GroupSharing { + /// Limits remain per transaction; usage is shared by the group. + UsageOnly, + /// Limits are shared by the group; usage remains per transaction. + ConfigOnly, + /// Both limits and usage are shared by the group. + ConfigAndUsage, +} + +impl GroupSharing { + /// Returns `true` when configuration for this group should use the group target key. + pub fn config_uses_group(self) -> bool { + matches!( + self, + GroupSharing::ConfigOnly | GroupSharing::ConfigAndUsage + ) + } + + /// Returns `true` when usage tracking for this group should use the group target key. + pub fn usage_uses_group(self) -> bool { + matches!(self, GroupSharing::UsageOnly | GroupSharing::ConfigAndUsage) + } +} + +/// Metadata describing a configured group. +#[derive( + Serialize, + Deserialize, + Clone, + PartialEq, + Eq, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub struct RateLimitGroup { + /// Stable identifier assigned to the group. + pub id: GroupId, + /// Human readable group name. + pub name: Name, + /// Sharing configuration enforced for the group. + pub sharing: GroupSharing, +} + impl TransactionIdentifier { /// Builds a new identifier from pallet/extrinsic indices. pub const fn new(pallet_index: u8, extrinsic_index: u8) -> Self { @@ -218,8 +322,8 @@ mod tests { // System is the first pallet in the mock runtime, RateLimiting is second. assert_eq!(identifier.pallet_index, 1); - // set_default_rate_limit has call_index 2. - assert_eq!(identifier.extrinsic_index, 3); + // set_default_rate_limit has call_index 4. + assert_eq!(identifier.extrinsic_index, 4); } #[test] diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 243c43b7ea..6582db52ed 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -14,13 +14,12 @@ use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; use subtensor_runtime_common::{MechId, NetUid, RateLimitScope, RateLimitUsageKey}; use pallet_subtensor::{ - self, + self, AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, + LastRateLimitedBlock, LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountCurrent, + MechanismCountSetRateLimit, MechanismEmissionRateLimit, NetworkRateLimit, + OwnerHyperparamRateLimit, Pallet, Prometheus, RateLimitKey, TransactionKeyLastBlock, + TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, TxRateLimit, WeightsVersionKeyRateLimit, utils::rate_limiting::{Hyperparameter, TransactionType}, - AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, LastRateLimitedBlock, - LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountCurrent, MechanismCountSetRateLimit, - MechanismEmissionRateLimit, NetworkRateLimit, OwnerHyperparamRateLimit, Pallet, Prometheus, - RateLimitKey, TransactionKeyLastBlock, TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, - TxRateLimit, WeightsVersionKeyRateLimit, }; /// Pallet index assigned to `pallet_subtensor` in `construct_runtime!`. @@ -139,12 +138,12 @@ fn gather_simple_limits(limits: &mut LimitEntries) -> u64 set_global_limit::(limits, subtensor_identifier(70), span); } - reads += 1; - if let Some(span) = block_number::(TxDelegateTakeRateLimit::::get()) { - // TODO(grouped-rate-limits): `decrease_take` shares the same timestamp but - // does not have its own ID here yet. - set_global_limit::(limits, subtensor_identifier(66), span); - } + reads += 1; + if let Some(span) = block_number::(TxDelegateTakeRateLimit::::get()) { + // TODO(grouped-rate-limits): `decrease_take` shares the same timestamp but + // does not have its own ID here yet. + set_global_limit::(limits, subtensor_identifier(66), span); + } reads += 1; if let Some(span) = block_number::(TxChildkeyTakeRateLimit::::get()) { @@ -468,11 +467,11 @@ fn write_limits(limits: &LimitEntries) -> u64 { if limits.is_empty() { return 0; } - let prefix = storage_prefix("RateLimiting", "Limits"); + let limits_prefix = storage_prefix("RateLimiting", "Limits"); let mut writes = 0; for (identifier, limit) in limits.iter() { - let key = map_storage_key(&prefix, identifier); - storage::set(&key, &limit.encode()); + let limit_key = map_storage_key(&limits_prefix, identifier); + storage::set(&limit_key, &limit.encode()); writes += 1; } writes From 434f7e31faac27f19c9288a31465ec54a3ddee44 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 21 Nov 2025 18:44:40 +0300 Subject: [PATCH 25/46] Add groups to rate-limiting migration --- runtime/src/rate_limiting/migration.rs | 510 ++++++++++++++++++++----- 1 file changed, 408 insertions(+), 102 deletions(-) diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 6582db52ed..c4217b6dd4 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -4,15 +4,9 @@ use codec::Encode; use frame_support::{pallet_prelude::Parameter, traits::Get, weights::Weight}; use frame_system::pallet_prelude::BlockNumberFor; use log::info; -use pallet_rate_limiting::{RateLimit, RateLimitKind, TransactionIdentifier}; -use sp_io::{ - hashing::{blake2_128, twox_128}, - storage, +use pallet_rate_limiting::{ + GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitTarget, TransactionIdentifier, }; -use sp_runtime::traits::SaturatedConversion; -use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; -use subtensor_runtime_common::{MechId, NetUid, RateLimitScope, RateLimitUsageKey}; - use pallet_subtensor::{ self, AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, LastRateLimitedBlock, LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountCurrent, @@ -21,6 +15,27 @@ use pallet_subtensor::{ TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, TxRateLimit, WeightsVersionKeyRateLimit, utils::rate_limiting::{Hyperparameter, TransactionType}, }; +use sp_io::{ + hashing::{blake2_128, twox_128}, + storage, +}; +use sp_runtime::traits::SaturatedConversion; +use sp_std::{ + collections::{btree_map::BTreeMap, btree_set::BTreeSet}, + vec, + vec::Vec, +}; +use subtensor_runtime_common::{MechId, NetUid, RateLimitScope, RateLimitUsageKey}; + +type RateLimitConfigOf = RateLimit>; +type RateLimitTargetOf = RateLimitTarget; +type RateLimitGroupOf = RateLimitGroup>; +type LimitEntries = Vec<(RateLimitTargetOf, RateLimitConfigOf)>; +type LastSeenKey = ( + RateLimitTargetOf, + Option::AccountId>>, +); +type LastSeenEntries = Vec<(LastSeenKey, BlockNumberFor)>; /// Pallet index assigned to `pallet_subtensor` in `construct_runtime!`. const SUBTENSOR_PALLET_INDEX: u8 = 7; @@ -35,22 +50,79 @@ const SET_CHILDREN_RATE_LIMIT: u64 = 150; /// `set_sn_owner_hotkey` default interval (blocks). const DEFAULT_SET_SN_OWNER_HOTKEY_LIMIT: u64 = 50_400; -/// Subtensor call indices that reuse the serving rate-limit configuration. -/// TODO(grouped-rate-limits): `serve_axon` (4), `serve_axon_tls` (40), and -/// `serve_prometheus` (5) share one cooldown today. The new pallet still misses -/// grouped identifiers, so we simply port the timers as-is. -const SERVE_CALLS: [u8; 3] = [4, 40, 5]; -/// Subtensor call indices that reuse the per-subnet weight limit. -/// TODO(grouped-rate-limits): Weight commits via call 100 still touch the same -/// `LastUpdate` entries but cannot be expressed here until grouping exists. -const WEIGHT_CALLS_SUBNET: [u8; 3] = [0, 96, 113]; -/// Subtensor call indices that reuse the per-mechanism weight limit. -const WEIGHT_CALLS_MECHANISM: [u8; 4] = [119, 115, 117, 118]; -/// Subtensor call indices for register-network extrinsics. -/// TODO(grouped-rate-limits): `register_network` (59) and -/// `register_network_with_identity` (79) still share the same helper and should -/// remain grouped once pallet-rate-limiting supports aliases. -const REGISTER_NETWORK_CALLS: [u8; 2] = [59, 79]; +type GroupId = u32; + +struct GroupDefinition { + id: GroupId, + name: &'static [u8], + sharing: GroupSharing, + members: Vec, +} + +const GROUP_SERVE_AXON: GroupId = 0; +const GROUP_DELEGATE_TAKE: GroupId = 1; +const GROUP_WEIGHTS_SUBNET: GroupId = 2; +const GROUP_WEIGHTS_MECHANISM: GroupId = 3; +const GROUP_REGISTER_NETWORK: GroupId = 4; +const GROUP_OWNER_HPARAMS: GroupId = 5; + +fn hyperparameter_identifiers() -> Vec { + HYPERPARAMETERS + .iter() + .filter_map(|h| identifier_for_hyperparameter(*h)) + .collect() +} + +fn group_definitions() -> Vec { + vec![ + GroupDefinition { + id: GROUP_SERVE_AXON, + name: b"serve-axon", + sharing: GroupSharing::ConfigAndUsage, + members: vec![subtensor_identifier(4), subtensor_identifier(40)], + }, + GroupDefinition { + id: GROUP_DELEGATE_TAKE, + name: b"delegate-take", + sharing: GroupSharing::ConfigAndUsage, + members: vec![subtensor_identifier(66), subtensor_identifier(65)], + }, + GroupDefinition { + id: GROUP_WEIGHTS_SUBNET, + name: b"weights-subnet", + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(0), + subtensor_identifier(96), + subtensor_identifier(100), + subtensor_identifier(113), + ], + }, + GroupDefinition { + id: GROUP_WEIGHTS_MECHANISM, + name: b"weights-mechanism", + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(119), + subtensor_identifier(115), + subtensor_identifier(117), + subtensor_identifier(118), + ], + }, + GroupDefinition { + id: GROUP_REGISTER_NETWORK, + name: b"register-network", + sharing: GroupSharing::ConfigAndUsage, + members: vec![subtensor_identifier(59), subtensor_identifier(79)], + }, + GroupDefinition { + id: GROUP_OWNER_HPARAMS, + name: b"owner-hparams", + sharing: GroupSharing::ConfigOnly, + members: hyperparameter_identifiers(), + }, + ] +} /// Hyperparameter extrinsics routed through owner-or-root rate limiting. const HYPERPARAMETERS: &[Hyperparameter] = &[ @@ -80,13 +152,111 @@ const HYPERPARAMETERS: &[Hyperparameter] = &[ Hyperparameter::RecycleOrBurn, ]; -type RateLimitConfigOf = RateLimit>; -type LimitEntries = Vec<(TransactionIdentifier, RateLimitConfigOf)>; -type LastSeenKey = ( - TransactionIdentifier, - Option::AccountId>>, -); -type LastSeenEntries = Vec<(LastSeenKey, BlockNumberFor)>; +#[derive(Clone, Copy)] +struct GroupInfo { + id: GroupId, + sharing: GroupSharing, +} + +#[derive(Default)] +struct Grouping { + assignments: BTreeMap, + members: BTreeMap>, + details: Vec, + next_group_id: GroupId, + max_group_id: Option, +} + +impl Grouping { + fn members(&self, id: GroupId) -> Option<&BTreeSet> { + self.members.get(&id) + } + + fn insert_group( + &mut self, + id: GroupId, + name: &[u8], + sharing: GroupSharing, + members: &[TransactionIdentifier], + ) { + let entry = self.members.entry(id).or_insert_with(BTreeSet::new); + for member in members { + self.assignments.insert(*member, GroupInfo { id, sharing }); + entry.insert(*member); + } + + self.details.push(RateLimitGroup { + id, + name: name.to_vec(), + sharing, + }); + + self.max_group_id = Some(self.max_group_id.map_or(id, |current| current.max(id))); + } + + fn finalize_next_id(&mut self) { + self.next_group_id = self.max_group_id.map_or(0, |id| id.saturating_add(1)); + } + + fn config_target(&self, identifier: TransactionIdentifier) -> RateLimitTargetOf { + if let Some(info) = self.assignments.get(&identifier) { + if info.sharing.config_uses_group() { + return RateLimitTarget::Group(info.id); + } + } + RateLimitTarget::Transaction(identifier) + } + + fn usage_target(&self, identifier: TransactionIdentifier) -> RateLimitTargetOf { + if let Some(info) = self.assignments.get(&identifier) { + if info.sharing.usage_uses_group() { + return RateLimitTarget::Group(info.id); + } + } + RateLimitTarget::Transaction(identifier) + } +} + +const SERVE_PROM_IDENTIFIER: TransactionIdentifier = subtensor_identifier(5); + +fn serve_calls(grouping: &Grouping) -> Vec { + let mut calls = Vec::new(); + if let Some(members) = grouping.members(GROUP_SERVE_AXON) { + calls.extend(members.iter().copied()); + } + calls.push(SERVE_PROM_IDENTIFIER); + calls +} + +fn weight_calls_subnet(grouping: &Grouping) -> Vec { + grouping + .members(GROUP_WEIGHTS_SUBNET) + .map(|m| m.iter().copied().collect()) + .unwrap_or_default() +} + +fn weight_calls_mechanism(grouping: &Grouping) -> Vec { + grouping + .members(GROUP_WEIGHTS_MECHANISM) + .map(|m| m.iter().copied().collect()) + .unwrap_or_default() +} + +fn build_grouping() -> Grouping { + let mut grouping = Grouping::default(); + + for definition in group_definitions() { + grouping.insert_group( + definition.id, + definition.name, + definition.sharing, + &definition.members, + ); + } + + grouping.finalize_next_id(); + grouping +} pub fn migrate_rate_limiting() -> Weight { let mut weight = T::DbWeight::get().reads(1); @@ -95,108 +265,162 @@ pub fn migrate_rate_limiting() -> Weight { return weight; } - let (limits, limit_reads) = build_limits::(); - let (last_seen, seen_reads) = build_last_seen::(); + let grouping = build_grouping(); + let (limits, limit_reads) = build_limits::(&grouping); + let (last_seen, seen_reads) = build_last_seen::(&grouping); let limit_writes = write_limits::(&limits); let seen_writes = write_last_seen::(&last_seen); + let group_writes = write_groups::(&grouping); HasMigrationRun::::insert(MIGRATION_NAME, true); weight = weight .saturating_add(T::DbWeight::get().reads(limit_reads.saturating_add(seen_reads))) .saturating_add( - T::DbWeight::get().writes(limit_writes.saturating_add(seen_writes).saturating_add(1)), + T::DbWeight::get().writes( + limit_writes + .saturating_add(seen_writes) + .saturating_add(group_writes) + .saturating_add(1), + ), ); info!( - "Migrated {} rate-limit configs and {} last-seen entries into pallet-rate-limiting", + "Migrated {} rate-limit configs, {} last-seen entries, and {} groups into pallet-rate-limiting", limits.len(), - last_seen.len() + last_seen.len(), + grouping.details.len() ); weight } -fn build_limits() -> (LimitEntries, u64) { +fn build_limits(grouping: &Grouping) -> (LimitEntries, u64) { let mut limits = LimitEntries::::new(); let mut reads: u64 = 0; - reads += gather_simple_limits::(&mut limits); - reads += gather_owner_hparam_limits::(&mut limits); - reads += gather_serving_limits::(&mut limits); - reads += gather_weight_limits::(&mut limits); + reads += gather_simple_limits::(&mut limits, grouping); + reads += gather_owner_hparam_limits::(&mut limits, grouping); + reads += gather_serving_limits::(&mut limits, grouping); + reads += gather_weight_limits::(&mut limits, grouping); (limits, reads) } -fn gather_simple_limits(limits: &mut LimitEntries) -> u64 { +fn gather_simple_limits( + limits: &mut LimitEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; reads += 1; if let Some(span) = block_number::(TxRateLimit::::get()) { - set_global_limit::(limits, subtensor_identifier(70), span); + set_global_limit::( + limits, + grouping.config_target(subtensor_identifier(70)), + span, + ); } reads += 1; if let Some(span) = block_number::(TxDelegateTakeRateLimit::::get()) { - // TODO(grouped-rate-limits): `decrease_take` shares the same timestamp but - // does not have its own ID here yet. - set_global_limit::(limits, subtensor_identifier(66), span); + if let Some(members) = grouping.members(GROUP_DELEGATE_TAKE) { + for call in members { + set_global_limit::(limits, grouping.config_target(*call), span); + } + } } reads += 1; if let Some(span) = block_number::(TxChildkeyTakeRateLimit::::get()) { - set_global_limit::(limits, subtensor_identifier(75), span); + set_global_limit::( + limits, + grouping.config_target(subtensor_identifier(75)), + span, + ); } reads += 1; if let Some(span) = block_number::(NetworkRateLimit::::get()) { - for call in REGISTER_NETWORK_CALLS { - set_global_limit::(limits, subtensor_identifier(call), span); + if let Some(members) = grouping.members(GROUP_REGISTER_NETWORK) { + for call in members { + set_global_limit::(limits, grouping.config_target(*call), span); + } } } reads += 1; if let Some(span) = block_number::(WeightsVersionKeyRateLimit::::get()) { - set_global_limit::(limits, admin_utils_identifier(6), span); + set_global_limit::( + limits, + grouping.config_target(admin_utils_identifier(6)), + span, + ); } if let Some(span) = block_number::(DEFAULT_SET_SN_OWNER_HOTKEY_LIMIT) { - set_global_limit::(limits, admin_utils_identifier(67), span); + set_global_limit::( + limits, + grouping.config_target(admin_utils_identifier(67)), + span, + ); } if let Some(span) = block_number::(::EvmKeyAssociateRateLimit::get()) { - set_global_limit::(limits, subtensor_identifier(93), span); + set_global_limit::( + limits, + grouping.config_target(subtensor_identifier(93)), + span, + ); } if let Some(span) = block_number::(MechanismCountSetRateLimit::::get()) { - set_global_limit::(limits, admin_utils_identifier(76), span); + set_global_limit::( + limits, + grouping.config_target(admin_utils_identifier(76)), + span, + ); } if let Some(span) = block_number::(MechanismEmissionRateLimit::::get()) { - set_global_limit::(limits, admin_utils_identifier(77), span); + set_global_limit::( + limits, + grouping.config_target(admin_utils_identifier(77)), + span, + ); } if let Some(span) = block_number::(MaxUidsTrimmingRateLimit::::get()) { - set_global_limit::(limits, admin_utils_identifier(78), span); + set_global_limit::( + limits, + grouping.config_target(admin_utils_identifier(78)), + span, + ); } if let Some(span) = block_number::(SET_CHILDREN_RATE_LIMIT) { - set_global_limit::(limits, subtensor_identifier(67), span); + set_global_limit::( + limits, + grouping.config_target(subtensor_identifier(67)), + span, + ); } reads } -fn gather_owner_hparam_limits(limits: &mut LimitEntries) -> u64 { +fn gather_owner_hparam_limits( + limits: &mut LimitEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; reads += 1; if let Some(span) = block_number::(u64::from(OwnerHyperparamRateLimit::::get())) { for hparam in HYPERPARAMETERS { if let Some(identifier) = identifier_for_hyperparameter(*hparam) { - set_global_limit::(limits, identifier, span); + set_global_limit::(limits, grouping.config_target(identifier), span); } } } @@ -204,17 +428,20 @@ fn gather_owner_hparam_limits(limits: &mut LimitEntries) reads } -fn gather_serving_limits(limits: &mut LimitEntries) -> u64 { +fn gather_serving_limits( + limits: &mut LimitEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; let netuids = Pallet::::get_all_subnet_netuids(); for netuid in netuids { reads += 1; if let Some(span) = block_number::(Pallet::::get_serving_rate_limit(netuid)) { - for call in SERVE_CALLS { + for call in serve_calls(grouping) { set_scoped_limit::( limits, - subtensor_identifier(call), + grouping.config_target(call), RateLimitScope::Subnet(netuid), span, ); @@ -225,19 +452,24 @@ fn gather_serving_limits(limits: &mut LimitEntries) -> u6 reads } -fn gather_weight_limits(limits: &mut LimitEntries) -> u64 { +fn gather_weight_limits( + limits: &mut LimitEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; let netuids = Pallet::::get_all_subnet_netuids(); let mut subnet_limits = BTreeMap::>::new(); + let subnet_calls = weight_calls_subnet(grouping); + let mechanism_calls = weight_calls_mechanism(grouping); for netuid in &netuids { reads += 1; if let Some(span) = block_number::(Pallet::::get_weights_set_rate_limit(*netuid)) { subnet_limits.insert(*netuid, span); - for call in WEIGHT_CALLS_SUBNET { + for call in &subnet_calls { set_scoped_limit::( limits, - subtensor_identifier(call), + grouping.config_target(*call), RateLimitScope::Subnet(*netuid), span, ); @@ -259,8 +491,8 @@ fn gather_weight_limits(limits: &mut LimitEntries) -> u64 netuid: *netuid, mecid: MechId::from(mecid), }; - for call in WEIGHT_CALLS_MECHANISM { - set_scoped_limit::(limits, subtensor_identifier(call), scope.clone(), span); + for call in &mechanism_calls { + set_scoped_limit::(limits, grouping.config_target(*call), scope.clone(), span); } } } @@ -268,20 +500,23 @@ fn gather_weight_limits(limits: &mut LimitEntries) -> u64 reads } -fn build_last_seen() -> (LastSeenEntries, u64) { +fn build_last_seen(grouping: &Grouping) -> (LastSeenEntries, u64) { let mut last_seen = LastSeenEntries::::new(); let mut reads: u64 = 0; - reads += import_last_rate_limited_blocks::(&mut last_seen); - reads += import_transaction_key_last_blocks::(&mut last_seen); - reads += import_last_update_entries::(&mut last_seen); - reads += import_serving_entries::(&mut last_seen); - reads += import_evm_entries::(&mut last_seen); + reads += import_last_rate_limited_blocks::(&mut last_seen, grouping); + reads += import_transaction_key_last_blocks::(&mut last_seen, grouping); + reads += import_last_update_entries::(&mut last_seen, grouping); + reads += import_serving_entries::(&mut last_seen, grouping); + reads += import_evm_entries::(&mut last_seen, grouping); (last_seen, reads) } -fn import_last_rate_limited_blocks(entries: &mut LastSeenEntries) -> u64 { +fn import_last_rate_limited_blocks( + entries: &mut LastSeenEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; for (key, block) in LastRateLimitedBlock::::iter() { reads += 1; @@ -295,7 +530,7 @@ fn import_last_rate_limited_blocks(entries: &mut LastSeenEnt { record_last_seen_entry::( entries, - identifier, + grouping.usage_target(identifier), Some(RateLimitUsageKey::Subnet(netuid)), block, ); @@ -305,7 +540,7 @@ fn import_last_rate_limited_blocks(entries: &mut LastSeenEnt if let Some(identifier) = identifier_for_hyperparameter(hyper) { record_last_seen_entry::( entries, - identifier, + grouping.usage_target(identifier), Some(RateLimitUsageKey::Subnet(netuid)), block, ); @@ -314,7 +549,7 @@ fn import_last_rate_limited_blocks(entries: &mut LastSeenEnt RateLimitKey::LastTxBlock(account) => { record_last_seen_entry::( entries, - subtensor_identifier(70), + grouping.usage_target(subtensor_identifier(70)), Some(RateLimitUsageKey::Account(account.clone())), block, ); @@ -322,21 +557,31 @@ fn import_last_rate_limited_blocks(entries: &mut LastSeenEnt RateLimitKey::LastTxBlockDelegateTake(account) => { record_last_seen_entry::( entries, - subtensor_identifier(66), + grouping.usage_target(subtensor_identifier(66)), Some(RateLimitUsageKey::Account(account.clone())), block, ); } - RateLimitKey::NetworkLastRegistered | RateLimitKey::LastTxBlockChildKeyTake(_) => { - // TODO(grouped-rate-limits): Global network registration lock is still outside - // pallet-rate-limiting. We will migrate it once grouped identifiers land. + RateLimitKey::NetworkLastRegistered => { + record_last_seen_entry::( + entries, + grouping.usage_target(subtensor_identifier(59)), + None, + block, + ); + } + RateLimitKey::LastTxBlockChildKeyTake(_) => { + // Deprecated storage; ignored. } } } reads } -fn import_transaction_key_last_blocks(entries: &mut LastSeenEntries) -> u64 { +fn import_transaction_key_last_blocks( + entries: &mut LastSeenEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; for ((account, netuid, tx_kind), block) in TransactionKeyLastBlock::::iter() { reads += 1; @@ -350,13 +595,23 @@ fn import_transaction_key_last_blocks(entries: &mut LastSeen let Some(usage) = usage_key_from_transaction_type(tx_type, &account, netuid) else { continue; }; - record_last_seen_entry::(entries, identifier, Some(usage), block); + record_last_seen_entry::( + entries, + grouping.usage_target(identifier), + Some(usage), + block, + ); } reads } -fn import_last_update_entries(entries: &mut LastSeenEntries) -> u64 { +fn import_last_update_entries( + entries: &mut LastSeenEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; + let subnet_calls = weight_calls_subnet(grouping); + let mechanism_calls = weight_calls_mechanism(grouping); for (index, blocks) in LastUpdate::::iter() { reads += 1; let netuid = Pallet::::get_netuid(index); @@ -389,16 +644,16 @@ fn import_last_update_entries(entries: &mut LastSeenEntries< } }; - let call_set: &[u8] = if is_mechanism { - &WEIGHT_CALLS_MECHANISM + let call_set: &[TransactionIdentifier] = if is_mechanism { + mechanism_calls.as_slice() } else { - &WEIGHT_CALLS_SUBNET + subnet_calls.as_slice() }; for call in call_set { record_last_seen_entry::( entries, - subtensor_identifier(*call), + grouping.usage_target(*call), Some(usage.clone()), last_block, ); @@ -408,7 +663,10 @@ fn import_last_update_entries(entries: &mut LastSeenEntries< reads } -fn import_serving_entries(entries: &mut LastSeenEntries) -> u64 { +fn import_serving_entries( + entries: &mut LastSeenEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; for (netuid, hotkey, axon) in Axons::::iter() { reads += 1; @@ -419,10 +677,14 @@ fn import_serving_entries(entries: &mut LastSeenEntries) account: hotkey.clone(), netuid, }; - for call in [4u8, 40u8] { + let axon_calls: Vec<_> = grouping + .members(GROUP_SERVE_AXON) + .map(|m| m.iter().copied().collect()) + .unwrap_or_else(|| vec![subtensor_identifier(4), subtensor_identifier(40)]); + for call in axon_calls { record_last_seen_entry::( entries, - subtensor_identifier(call), + grouping.usage_target(call), Some(usage.clone()), axon.block, ); @@ -438,13 +700,21 @@ fn import_serving_entries(entries: &mut LastSeenEntries) account: hotkey, netuid, }; - record_last_seen_entry::(entries, subtensor_identifier(5), Some(usage), prom.block); + record_last_seen_entry::( + entries, + grouping.usage_target(SERVE_PROM_IDENTIFIER), + Some(usage), + prom.block, + ); } reads } -fn import_evm_entries(entries: &mut LastSeenEntries) -> u64 { +fn import_evm_entries( + entries: &mut LastSeenEntries, + grouping: &Grouping, +) -> u64 { let mut reads: u64 = 0; for (netuid, uid, (_, block)) in AssociatedEvmAddress::::iter() { reads += 1; @@ -453,7 +723,7 @@ fn import_evm_entries(entries: &mut LastSeenEntries) -> u } record_last_seen_entry::( entries, - subtensor_identifier(93), + grouping.usage_target(subtensor_identifier(93)), Some(RateLimitUsageKey::SubnetNeuron { netuid, uid }), block, ); @@ -491,6 +761,42 @@ fn write_last_seen(entries: &LastSeenEntries) -> u64 { writes } +fn write_groups(grouping: &Grouping) -> u64 { + let mut writes = 0; + let groups_prefix = storage_prefix("RateLimiting", "Groups"); + let members_prefix = storage_prefix("RateLimiting", "GroupMembers"); + let name_index_prefix = storage_prefix("RateLimiting", "GroupNameIndex"); + let call_groups_prefix = storage_prefix("RateLimiting", "CallGroups"); + let next_group_id_prefix = storage_prefix("RateLimiting", "NextGroupId"); + + for detail in &grouping.details { + let group_key = map_storage_key(&groups_prefix, detail.id); + storage::set(&group_key, &detail.encode()); + writes += 1; + + let name_key = map_storage_key(&name_index_prefix, detail.name.clone()); + storage::set(&name_key, &detail.id.encode()); + writes += 1; + } + + for (group, members) in &grouping.members { + let members_key = map_storage_key(&members_prefix, *group); + storage::set(&members_key, &members.encode()); + writes += 1; + } + + for (identifier, info) in &grouping.assignments { + let call_key = map_storage_key(&call_groups_prefix, *identifier); + storage::set(&call_key, &info.id.encode()); + writes += 1; + } + + storage::set(&next_group_id_prefix, &grouping.next_group_id.encode()); + writes += 1; + + writes +} + fn block_number(value: u64) -> Option> { if value == 0 { return None; @@ -500,23 +806,23 @@ fn block_number(value: u64) -> Option> { fn set_global_limit( limits: &mut LimitEntries, - identifier: TransactionIdentifier, + target: RateLimitTargetOf, span: BlockNumberFor, ) { - if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == identifier) { + if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == target) { *config = RateLimit::global(RateLimitKind::Exact(span)); } else { - limits.push((identifier, RateLimit::global(RateLimitKind::Exact(span)))); + limits.push((target, RateLimit::global(RateLimitKind::Exact(span)))); } } fn set_scoped_limit( limits: &mut LimitEntries, - identifier: TransactionIdentifier, + target: RateLimitTargetOf, scope: RateLimitScope, span: BlockNumberFor, ) { - if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == identifier) { + if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == target) { match config { RateLimit::Global(_) => { *config = RateLimit::scoped_single(scope, RateLimitKind::Exact(span)); @@ -527,7 +833,7 @@ fn set_scoped_limit( } } else { limits.push(( - identifier, + target, RateLimit::scoped_single(scope, RateLimitKind::Exact(span)), )); } @@ -535,7 +841,7 @@ fn set_scoped_limit( fn record_last_seen_entry( entries: &mut LastSeenEntries, - identifier: TransactionIdentifier, + target: RateLimitTargetOf, usage: Option>, block: u64, ) { @@ -543,7 +849,7 @@ fn record_last_seen_entry( return; }; - let key = (identifier, usage); + let key = (target, usage); if let Some((_, existing)) = entries.iter_mut().find(|(entry_key, _)| *entry_key == key) { if block_number > *existing { *existing = block_number; @@ -692,7 +998,7 @@ where netuid, }), TransactionType::OwnerHyperparamUpdate(_) => Some(RateLimitUsageKey::Subnet(netuid)), - TransactionType::RegisterNetwork => Some(RateLimitUsageKey::Account(account.clone())), + TransactionType::RegisterNetwork => None, TransactionType::SetSNOwnerHotkey => Some(RateLimitUsageKey::Subnet(netuid)), TransactionType::Unknown => None, _ => None, From eaca7aaa6ec8c4b945e477cb25a472dd54d3be75 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 24 Nov 2025 16:41:43 +0300 Subject: [PATCH 26/46] Configure pallet-rate-limiting for the runtime --- Cargo.lock | 1 + pallets/rate-limiting/src/lib.rs | 12 +- pallets/rate-limiting/src/tx_extension.rs | 10 + runtime/Cargo.toml | 2 + runtime/src/lib.rs | 77 ++++- runtime/src/rate_limiting/migration.rs | 354 +++++++++++++++------- 6 files changed, 341 insertions(+), 115 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 04686202fa..c714894796 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8298,6 +8298,7 @@ dependencies = [ "pallet-offences", "pallet-preimage", "pallet-rate-limiting", + "pallet-rate-limiting-runtime-api", "pallet-registry", "pallet-safe-mode", "pallet-scheduler", diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 8b7cc1072f..b40976f018 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -440,7 +440,6 @@ pub mod pallet { pub groups: Vec<(>::GroupId, Vec, GroupSharing)>, } - #[cfg(feature = "std")] impl, I: 'static> Default for GenesisConfig { fn default() -> Self { Self { @@ -541,7 +540,9 @@ pub mod pallet { Ok(Self::within_span(&usage_target, usage_key, block_span)) } - pub(crate) fn resolved_limit( + /// Resolves the configured span for the provided target/scope, applying the pallet default + /// when the stored value uses [`RateLimitKind::Default`]. + pub fn resolved_limit( target: &RateLimitTarget<>::GroupId>, scope: &Option<>::LimitScope>, ) -> Option> { @@ -689,7 +690,8 @@ pub mod pallet { Self::resolved_limit(&target, &scope) } - fn identifier_for_call_names( + /// Looks up the transaction identifier for a pallet/extrinsic name pair. + pub fn identifier_for_call_names( pallet_name: &str, extrinsic_name: &str, ) -> Option { @@ -730,7 +732,9 @@ pub mod pallet { )) } - pub(crate) fn config_target( + /// Returns the storage target used to store configuration for the provided identifier, + /// respecting any configured group assignment. + pub fn config_target( identifier: &TransactionIdentifier, ) -> Result>::GroupId>, DispatchError> { Self::target_for(identifier, GroupSharing::config_uses_group) diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 41b4add270..3d400e6918 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -35,6 +35,16 @@ where T: Config + Send + Sync + TypeInfo, I: 'static + TypeInfo; +impl RateLimitTransactionExtension +where + T: Config + Send + Sync + TypeInfo, + I: 'static + TypeInfo, +{ + pub fn new() -> Self { + Self(PhantomData) + } +} + impl Clone for RateLimitTransactionExtension where T: Config + Send + Sync + TypeInfo, diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index 5d40215c49..e3b926e859 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -39,6 +39,7 @@ frame-try-runtime = { workspace = true, optional = true } pallet-timestamp.workspace = true pallet-transaction-payment.workspace = true pallet-rate-limiting.workspace = true +pallet-rate-limiting-runtime-api.workspace = true pallet-subtensor-utility.workspace = true frame-executive.workspace = true frame-metadata-hash-extension.workspace = true @@ -189,6 +190,7 @@ std = [ "pallet-transaction-payment-rpc-runtime-api/std", "pallet-transaction-payment/std", "pallet-rate-limiting/std", + "pallet-rate-limiting-runtime-api/std", "pallet-subtensor-utility/std", "pallet-sudo/std", "pallet-multisig/std", diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 2c642c9af5..6bddb38350 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -24,7 +24,9 @@ use frame_support::{ dispatch::DispatchResult, genesis_builder_helper::{build_state, get_preset}, pallet_prelude::Get, - traits::{Contains, InsideBoth, LinearStoragePrice, fungible::HoldConsideration}, + traits::{ + Contains, GetCallMetadata, InsideBoth, LinearStoragePrice, fungible::HoldConsideration, + }, }; use frame_system::{EnsureRoot, EnsureRootWithSuccess, EnsureSigned}; use pallet_commitments::{CanCommit, OnMetadataCommitment}; @@ -74,6 +76,8 @@ use subtensor_swap_interface::{Order, SwapHandler}; pub use rate_limiting::{ ScopeResolver as RuntimeScopeResolver, UsageResolver as RuntimeUsageResolver, }; +pub type RateLimitingInstance = (); +pub type RateLimitGroupId = u32; // A few exports that help ease life for downstream crates. pub use frame_support::{ @@ -158,6 +162,7 @@ impl frame_system::offchain::CreateSignedTransaction frame_system::CheckEra::::from(Era::Immortal), check_nonce::CheckNonce::::from(nonce).into(), frame_system::CheckWeight::::new(), + pallet_rate_limiting::RateLimitTransactionExtension::::new(), ChargeTransactionPaymentWrapper::new( pallet_transaction_payment::ChargeTransactionPayment::::from(0), ), @@ -225,10 +230,10 @@ pub const VERSION: RuntimeVersion = RuntimeVersion { // `spec_version`, and `authoring_version` are the same between Wasm and native. // This value is set to 100 to notify Polkadot-JS App (https://polkadot.js.org/apps) to use // the compatible custom types. - spec_version: 347, + spec_version: 348, impl_version: 1, apis: RUNTIME_API_VERSIONS, - transaction_version: 1, + transaction_version: 2, system_version: 1, }; @@ -1121,6 +1126,25 @@ impl pallet_subtensor::Config for Runtime { type EvmKeyAssociateRateLimit = EvmKeyAssociateRateLimit; } +parameter_types! { + pub const RateLimitingMaxGroupMembers: u32 = 64; + pub const RateLimitingMaxGroupNameLength: u32 = 64; +} + +impl pallet_rate_limiting::Config for Runtime { + type RuntimeCall = RuntimeCall; + type AdminOrigin = EnsureRoot; + type LimitScope = RateLimitScope; + type LimitScopeResolver = RuntimeScopeResolver; + type UsageKey = RateLimitUsageKey; + type UsageResolver = RuntimeUsageResolver; + type GroupId = u32; + type MaxGroupMembers = RateLimitingMaxGroupMembers; + type MaxGroupNameLength = RateLimitingMaxGroupNameLength; + #[cfg(feature = "runtime-benchmarks")] + type BenchmarkHelper = (); +} + parameter_types! { pub const SwapProtocolId: PalletId = PalletId(*b"ten/swap"); pub const SwapMaxFeeRate: u16 = 10000; // 15.26% @@ -1574,6 +1598,7 @@ construct_runtime!( Crowdloan: pallet_crowdloan = 27, Swap: pallet_subtensor_swap = 28, Contracts: pallet_contracts = 29, + RateLimiting: pallet_rate_limiting = 30, } ); @@ -1592,6 +1617,7 @@ pub type TransactionExtensions = ( frame_system::CheckEra, check_nonce::CheckNonce, frame_system::CheckWeight, + pallet_rate_limiting::RateLimitTransactionExtension, ChargeTransactionPaymentWrapper, pallet_subtensor::transaction_extension::SubtensorTransactionExtension, pallet_drand::drand_priority::DrandPriority, @@ -1610,6 +1636,7 @@ type Migrations = ( pallet_subtensor::migrations::migrate_init_total_issuance::initialise_total_issuance::Migration< Runtime, >, + rate_limiting::migration::Migration, // Remove storage from removed governance pallets frame_support::migrations::RemovePallet, frame_support::migrations::RemovePallet, @@ -2162,6 +2189,50 @@ impl_runtime_apis! { } } + impl pallet_rate_limiting_runtime_api::RateLimitingRuntimeApi for Runtime { + fn get_rate_limit( + pallet: Vec, + extrinsic: Vec, + ) -> Option { + use pallet_rate_limiting::{Pallet as RateLimiting, RateLimit}; + use pallet_rate_limiting_runtime_api::RateLimitRpcResponse; + + let pallet_name = sp_std::str::from_utf8(&pallet).ok()?; + let extrinsic_name = sp_std::str::from_utf8(&extrinsic).ok()?; + + let identifier = RateLimiting::::identifier_for_call_names( + pallet_name, + extrinsic_name, + )?; + let target = + RateLimiting::::config_target(&identifier).ok()?; + let limits = + pallet_rate_limiting::Limits::::get(target)?; + let default_limit = + pallet_rate_limiting::DefaultLimit::::get(); + let resolved = + RateLimiting::::resolved_limit(&target, &None); + + let (global, contextual) = match limits { + RateLimit::Global(kind) => (Some(kind), sp_std::vec::Vec::new()), + RateLimit::Scoped(entries) => ( + None, + entries + .into_iter() + .map(|(scope, kind)| (scope.encode(), kind)) + .collect(), + ), + }; + + Some(RateLimitRpcResponse { + global, + contextual, + default_limit, + resolved, + }) + } + } + impl pallet_contracts::ContractsApi for Runtime { diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index c4217b6dd4..57bfde1319 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -1,9 +1,10 @@ -use core::convert::TryFrom; +use core::{convert::TryFrom, marker::PhantomData}; -use codec::Encode; -use frame_support::{pallet_prelude::Parameter, traits::Get, weights::Weight}; +use frame_support::{ + BoundedBTreeSet, BoundedVec, pallet_prelude::Parameter, traits::Get, weights::Weight, +}; use frame_system::pallet_prelude::BlockNumberFor; -use log::info; +use log::{info, warn}; use pallet_rate_limiting::{ GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitTarget, TransactionIdentifier, }; @@ -15,10 +16,6 @@ use pallet_subtensor::{ TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, TxRateLimit, WeightsVersionKeyRateLimit, utils::rate_limiting::{Hyperparameter, TransactionType}, }; -use sp_io::{ - hashing::{blake2_128, twox_128}, - storage, -}; use sp_runtime::traits::SaturatedConversion; use sp_std::{ collections::{btree_map::BTreeMap, btree_set::BTreeSet}, @@ -27,15 +24,26 @@ use sp_std::{ }; use subtensor_runtime_common::{MechId, NetUid, RateLimitScope, RateLimitUsageKey}; -type RateLimitConfigOf = RateLimit>; -type RateLimitTargetOf = RateLimitTarget; -type RateLimitGroupOf = RateLimitGroup>; -type LimitEntries = Vec<(RateLimitTargetOf, RateLimitConfigOf)>; -type LastSeenKey = ( - RateLimitTargetOf, - Option::AccountId>>, -); -type LastSeenEntries = Vec<(LastSeenKey, BlockNumberFor)>; +use crate::RateLimitingInstance; + +type GroupIdOf = >::GroupId; +type LimitEntries = Vec<( + RateLimitTarget, + RateLimit>, +)>; +type LastSeenEntries = Vec<( + ( + RateLimitTarget, + Option::AccountId>>, + ), + BlockNumberFor, +)>; +type GroupNameOf = + BoundedVec>::MaxGroupNameLength>; +type GroupMembersOf = BoundedBTreeSet< + TransactionIdentifier, + >::MaxGroupMembers, +>; /// Pallet index assigned to `pallet_subtensor` in `construct_runtime!`. const SUBTENSOR_PALLET_INDEX: u8 = 7; @@ -162,7 +170,7 @@ struct GroupInfo { struct Grouping { assignments: BTreeMap, members: BTreeMap>, - details: Vec, + details: Vec>>, next_group_id: GroupId, max_group_id: Option, } @@ -198,7 +206,7 @@ impl Grouping { self.next_group_id = self.max_group_id.map_or(0, |id| id.saturating_add(1)); } - fn config_target(&self, identifier: TransactionIdentifier) -> RateLimitTargetOf { + fn config_target(&self, identifier: TransactionIdentifier) -> RateLimitTarget { if let Some(info) = self.assignments.get(&identifier) { if info.sharing.config_uses_group() { return RateLimitTarget::Group(info.id); @@ -207,7 +215,7 @@ impl Grouping { RateLimitTarget::Transaction(identifier) } - fn usage_target(&self, identifier: TransactionIdentifier) -> RateLimitTargetOf { + fn usage_target(&self, identifier: TransactionIdentifier) -> RateLimitTarget { if let Some(info) = self.assignments.get(&identifier) { if info.sharing.usage_uses_group() { return RateLimitTarget::Group(info.id); @@ -258,7 +266,17 @@ fn build_grouping() -> Grouping { grouping } -pub fn migrate_rate_limiting() -> Weight { +pub fn migrate_rate_limiting() -> Weight +where + T: SubtensorConfig + + pallet_rate_limiting::Config< + RateLimitingInstance, + LimitScope = RateLimitScope, + GroupId = GroupId, + >, + RateLimitUsageKey: + Into<>::UsageKey>, +{ let mut weight = T::DbWeight::get().reads(1); if HasMigrationRun::::get(MIGRATION_NAME) { info!("Rate-limiting migration already executed. Skipping."); @@ -731,67 +749,120 @@ fn import_evm_entries( reads } -/// TODO(rate-limiting-storage): Swap these manual writes for -/// `pallet_rate_limiting::Pallet` APIs once the runtime wires the pallet in. -fn write_limits(limits: &LimitEntries) -> u64 { - if limits.is_empty() { - return 0; +fn convert_target(target: &RateLimitTarget) -> RateLimitTarget> +where + T: SubtensorConfig + + pallet_rate_limiting::Config< + RateLimitingInstance, + LimitScope = RateLimitScope, + GroupId = GroupId, + >, + RateLimitUsageKey: + Into<>::UsageKey>, +{ + match target { + RateLimitTarget::Transaction(identifier) => RateLimitTarget::Transaction(*identifier), + RateLimitTarget::Group(id) => RateLimitTarget::Group((*id).saturated_into()), } - let limits_prefix = storage_prefix("RateLimiting", "Limits"); - let mut writes = 0; +} + +fn write_limits(limits: &LimitEntries) -> u64 +where + T: SubtensorConfig + + pallet_rate_limiting::Config< + RateLimitingInstance, + LimitScope = RateLimitScope, + GroupId = GroupId, + >, + RateLimitUsageKey: + Into<>::UsageKey>, +{ + let mut writes: u64 = 0; for (identifier, limit) in limits.iter() { - let limit_key = map_storage_key(&limits_prefix, identifier); - storage::set(&limit_key, &limit.encode()); + let target = convert_target::(identifier); + pallet_rate_limiting::Limits::::insert(target, limit.clone()); writes += 1; } writes } -fn write_last_seen(entries: &LastSeenEntries) -> u64 { - if entries.is_empty() { - return 0; - } - let prefix = storage_prefix("RateLimiting", "LastSeen"); - let mut writes = 0; +fn write_last_seen(entries: &LastSeenEntries) -> u64 +where + T: SubtensorConfig + + pallet_rate_limiting::Config< + RateLimitingInstance, + LimitScope = RateLimitScope, + GroupId = GroupId, + >, + RateLimitUsageKey: + Into<>::UsageKey>, +{ + let mut writes: u64 = 0; for ((identifier, usage), block) in entries.iter() { - let key = double_map_storage_key(&prefix, identifier, usage); - storage::set(&key, &block.encode()); + let target = convert_target::(identifier); + let usage_key = usage.clone().map(Into::into); + pallet_rate_limiting::LastSeen::::insert( + target, usage_key, *block, + ); writes += 1; } writes } -fn write_groups(grouping: &Grouping) -> u64 { - let mut writes = 0; - let groups_prefix = storage_prefix("RateLimiting", "Groups"); - let members_prefix = storage_prefix("RateLimiting", "GroupMembers"); - let name_index_prefix = storage_prefix("RateLimiting", "GroupNameIndex"); - let call_groups_prefix = storage_prefix("RateLimiting", "CallGroups"); - let next_group_id_prefix = storage_prefix("RateLimiting", "NextGroupId"); +fn write_groups(grouping: &Grouping) -> u64 +where + T: SubtensorConfig + + pallet_rate_limiting::Config< + RateLimitingInstance, + LimitScope = RateLimitScope, + GroupId = GroupId, + >, + RateLimitUsageKey: + Into<>::UsageKey>, +{ + let mut writes: u64 = 0; for detail in &grouping.details { - let group_key = map_storage_key(&groups_prefix, detail.id); - storage::set(&group_key, &detail.encode()); - writes += 1; + let Ok(name) = GroupNameOf::::try_from(detail.name.clone()) else { + warn!( + "rate-limiting migration: group name exceeds bounds, skipping id {}", + detail.id + ); + continue; + }; + let group_id = detail.id.saturated_into::>(); + let stored = RateLimitGroup { + id: group_id, + name: name.clone(), + sharing: detail.sharing, + }; - let name_key = map_storage_key(&name_index_prefix, detail.name.clone()); - storage::set(&name_key, &detail.id.encode()); - writes += 1; + pallet_rate_limiting::Groups::::insert(group_id, stored); + pallet_rate_limiting::GroupNameIndex::::insert(name, group_id); + writes += 2; } for (group, members) in &grouping.members { - let members_key = map_storage_key(&members_prefix, *group); - storage::set(&members_key, &members.encode()); + let group_id = (*group).saturated_into::>(); + let Ok(bounded) = GroupMembersOf::::try_from(members.clone()) else { + warn!( + "rate-limiting migration: group {} has too many members, skipping assignment", + group + ); + continue; + }; + pallet_rate_limiting::GroupMembers::::insert(group_id, bounded); writes += 1; } for (identifier, info) in &grouping.assignments { - let call_key = map_storage_key(&call_groups_prefix, *identifier); - storage::set(&call_key, &info.id.encode()); + let group_id = info.id.saturated_into::>(); + pallet_rate_limiting::CallGroups::::insert(*identifier, group_id); writes += 1; } - storage::set(&next_group_id_prefix, &grouping.next_group_id.encode()); + let next_group_id = grouping.next_group_id.saturated_into::>(); + pallet_rate_limiting::NextGroupId::::put(next_group_id); writes += 1; writes @@ -806,7 +877,7 @@ fn block_number(value: u64) -> Option> { fn set_global_limit( limits: &mut LimitEntries, - target: RateLimitTargetOf, + target: RateLimitTarget, span: BlockNumberFor, ) { if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == target) { @@ -818,7 +889,7 @@ fn set_global_limit( fn set_scoped_limit( limits: &mut LimitEntries, - target: RateLimitTargetOf, + target: RateLimitTarget, scope: RateLimitScope, span: BlockNumberFor, ) { @@ -841,7 +912,7 @@ fn set_scoped_limit( fn record_last_seen_entry( entries: &mut LastSeenEntries, - target: RateLimitTargetOf, + target: RateLimitTarget, usage: Option>, block: u64, ) { @@ -859,31 +930,23 @@ fn record_last_seen_entry( } } -fn storage_prefix(pallet: &str, storage: &str) -> Vec { - let mut out = Vec::with_capacity(32); - out.extend_from_slice(&twox_128(pallet.as_bytes())); - out.extend_from_slice(&twox_128(storage.as_bytes())); - out -} +/// Runtime hook that executes the rate-limiting migration. +pub struct Migration(PhantomData); -fn map_storage_key(prefix: &[u8], key: impl Encode) -> Vec { - let mut final_key = Vec::with_capacity(prefix.len() + 32); - final_key.extend_from_slice(prefix); - let encoded = key.encode(); - let hash = blake2_128(&encoded); - final_key.extend_from_slice(&hash); - final_key.extend_from_slice(&encoded); - final_key -} - -fn double_map_storage_key(prefix: &[u8], key1: impl Encode, key2: impl Encode) -> Vec { - let mut final_key = Vec::with_capacity(prefix.len() + 64); - final_key.extend_from_slice(prefix); - let first = map_storage_key(&[], key1); - final_key.extend_from_slice(&first); - let second = map_storage_key(&[], key2); - final_key.extend_from_slice(&second); - final_key +impl frame_support::traits::OnRuntimeUpgrade for Migration +where + T: SubtensorConfig + + pallet_rate_limiting::Config< + RateLimitingInstance, + LimitScope = RateLimitScope, + GroupId = GroupId, + >, + RateLimitUsageKey: + Into<>::UsageKey>, +{ + fn on_runtime_upgrade() -> Weight { + migrate_rate_limiting::() + } } const fn admin_utils_identifier(call_index: u8) -> TransactionIdentifier { @@ -955,25 +1018,6 @@ pub fn identifier_for_transaction_type(tx: TransactionType) -> Option( - key: &RateLimitKey, -) -> Option> -where - AccountId: Parameter + Clone, -{ - match key { - RateLimitKey::SetSNOwnerHotkey(netuid) => Some(RateLimitUsageKey::Subnet(*netuid)), - RateLimitKey::OwnerHyperparamUpdate(netuid, _) => Some(RateLimitUsageKey::Subnet(*netuid)), - RateLimitKey::NetworkLastRegistered => None, - RateLimitKey::LastTxBlock(account) - | RateLimitKey::LastTxBlockChildKeyTake(account) - | RateLimitKey::LastTxBlockDelegateTake(account) => { - Some(RateLimitUsageKey::Account(account.clone())) - } - } -} - /// Produces the usage key for a `TransactionType` that was stored in `TransactionKeyLastBlock`. pub fn usage_key_from_transaction_type( tx: TransactionType, @@ -1008,6 +1052,23 @@ where #[cfg(test)] mod tests { use super::*; + use crate::{AccountId, BuildStorage, RateLimitingInstance, Runtime}; + use sp_io::TestExternalities; + use sp_runtime::traits::{SaturatedConversion, Zero}; + use subtensor_runtime_common::RateLimitUsageKey; + + const ACCOUNT: [u8; 32] = [7u8; 32]; + const DELEGATE_TAKE_GROUP_ID: GroupId = GROUP_DELEGATE_TAKE; + + fn new_test_ext() -> TestExternalities { + sp_tracing::try_init_simple(); + let mut ext: TestExternalities = crate::RuntimeGenesisConfig::default() + .build_storage() + .expect("runtime storage") + .into(); + ext.execute_with(|| crate::System::set_block_number(1)); + ext + } #[test] fn maps_hyperparameters() { @@ -1028,11 +1089,88 @@ mod tests { } #[test] - fn maps_usage_keys() { - let acct = 42u64; - assert!(matches!( - usage_key_from_legacy_key(&RateLimitKey::LastTxBlock(acct)), - Some(RateLimitUsageKey::Account(42)) - )); + fn migration_populates_limits_last_seen_and_groups() { + new_test_ext().execute_with(|| { + let account: AccountId = ACCOUNT.into(); + pallet_subtensor::HasMigrationRun::::remove(MIGRATION_NAME); + + pallet_subtensor::TxRateLimit::::put(10); + pallet_subtensor::TxDelegateTakeRateLimit::::put(3); + pallet_subtensor::LastRateLimitedBlock::::insert( + RateLimitKey::LastTxBlock(account.clone()), + 5, + ); + + let weight = migrate_rate_limiting::(); + assert!(!weight.is_zero()); + assert!(pallet_subtensor::HasMigrationRun::::get( + MIGRATION_NAME + )); + + let tx_target = RateLimitTarget::Transaction(subtensor_identifier(70)); + let delegate_group = RateLimitTarget::Group(DELEGATE_TAKE_GROUP_ID); + + assert_eq!( + pallet_rate_limiting::Limits::::get(tx_target), + Some(RateLimit::Global(RateLimitKind::Exact( + 10u64.saturated_into() + ))) + ); + assert_eq!( + pallet_rate_limiting::Limits::::get(delegate_group), + Some(RateLimit::Global(RateLimitKind::Exact( + 3u64.saturated_into() + ))) + ); + + let usage_key = RateLimitUsageKey::Account(account.clone()); + assert_eq!( + pallet_rate_limiting::LastSeen::::get( + tx_target, + Some(usage_key.clone()) + ), + Some(5u64.saturated_into()) + ); + + let group = pallet_rate_limiting::Groups::::get( + DELEGATE_TAKE_GROUP_ID, + ) + .expect("group stored"); + assert_eq!(group.id, DELEGATE_TAKE_GROUP_ID); + assert_eq!(group.name.as_slice(), b"delegate-take"); + assert_eq!( + pallet_rate_limiting::CallGroups::::get( + subtensor_identifier(66) + ), + Some(DELEGATE_TAKE_GROUP_ID) + ); + assert_eq!( + pallet_rate_limiting::NextGroupId::::get(), + 6 + ); + }); + } + + #[test] + fn migration_skips_when_already_run() { + new_test_ext().execute_with(|| { + pallet_subtensor::HasMigrationRun::::insert(MIGRATION_NAME, true); + pallet_subtensor::TxRateLimit::::put(99); + + let base_weight = ::DbWeight::get().reads(1); + let weight = migrate_rate_limiting::(); + + assert_eq!(weight, base_weight); + assert!( + pallet_rate_limiting::Limits::::iter() + .next() + .is_none() + ); + assert!( + pallet_rate_limiting::LastSeen::::iter() + .next() + .is_none() + ); + }); } } From f7050e14d14ef9e928843a8e5c1300fbe50c228f Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 25 Nov 2025 12:46:08 +0300 Subject: [PATCH 27/46] Clean up --- Cargo.lock | 1 + common/src/lib.rs | 2 - common/src/rate_limiting.rs | 66 -------------- runtime/Cargo.toml | 2 + runtime/src/lib.rs | 43 ++++----- runtime/src/rate_limiting/migration.rs | 119 ++++++++----------------- runtime/src/rate_limiting/mod.rs | 75 ++++++++++++++-- 7 files changed, 128 insertions(+), 180 deletions(-) delete mode 100644 common/src/rate_limiting.rs diff --git a/Cargo.lock b/Cargo.lock index c714894796..4a9a31b68c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8321,6 +8321,7 @@ dependencies = [ "precompile-utils", "rand_chacha 0.3.1", "scale-info", + "serde", "serde_json", "sha2 0.10.9", "smallvec", diff --git a/common/src/lib.rs b/common/src/lib.rs index b08bed0696..28a33c2ae6 100644 --- a/common/src/lib.rs +++ b/common/src/lib.rs @@ -15,10 +15,8 @@ use sp_runtime::{ use subtensor_macros::freeze_struct; pub use currency::*; -pub use rate_limiting::{RateLimitScope, RateLimitUsageKey}; mod currency; -mod rate_limiting; /// Balance of an account. pub type Balance = u64; diff --git a/common/src/rate_limiting.rs b/common/src/rate_limiting.rs deleted file mode 100644 index 3c88758943..0000000000 --- a/common/src/rate_limiting.rs +++ /dev/null @@ -1,66 +0,0 @@ -use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; -use frame_support::pallet_prelude::Parameter; -use scale_info::TypeInfo; -use serde::{Deserialize, Serialize}; - -use crate::{MechId, NetUid}; - -#[derive( - Serialize, - Deserialize, - Encode, - Decode, - DecodeWithMemTracking, - Clone, - Copy, - PartialEq, - Eq, - PartialOrd, - Ord, - Debug, - TypeInfo, - MaxEncodedLen, -)] -pub enum RateLimitScope { - Subnet(NetUid), - SubnetMechanism { netuid: NetUid, mecid: MechId }, -} - -#[derive( - Serialize, - Deserialize, - Encode, - Decode, - DecodeWithMemTracking, - Clone, - PartialEq, - Eq, - PartialOrd, - Ord, - Debug, - TypeInfo, - MaxEncodedLen, -)] -#[scale_info(skip_type_params(AccountId))] -pub enum RateLimitUsageKey { - Account(AccountId), - Subnet(NetUid), - AccountSubnet { - account: AccountId, - netuid: NetUid, - }, - ColdkeyHotkeySubnet { - coldkey: AccountId, - hotkey: AccountId, - netuid: NetUid, - }, - SubnetNeuron { - netuid: NetUid, - uid: u16, - }, - SubnetMechanismNeuron { - netuid: NetUid, - mecid: MechId, - uid: u16, - }, -} diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index e3b926e859..aaede7537e 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -43,6 +43,7 @@ pallet-rate-limiting-runtime-api.workspace = true pallet-subtensor-utility.workspace = true frame-executive.workspace = true frame-metadata-hash-extension.workspace = true +serde.workspace = true sp-api.workspace = true sp-block-builder.workspace = true sp-consensus-aura.workspace = true @@ -199,6 +200,7 @@ std = [ "pallet-preimage/std", "pallet-commitments/std", "precompile-utils/std", + "serde/std", "sp-api/std", "sp-block-builder/std", "sp-core/std", diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 7a7431a7da..99a10e8198 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -8,6 +8,7 @@ #[cfg(feature = "std")] include!(concat!(env!("OUT_DIR"), "/wasm_binary.rs")); +use core::marker::PhantomData; use core::num::NonZeroU64; pub mod check_nonce; @@ -24,9 +25,7 @@ use frame_support::{ dispatch::DispatchResult, genesis_builder_helper::{build_state, get_preset}, pallet_prelude::Get, - traits::{ - Contains, GetCallMetadata, InsideBoth, LinearStoragePrice, fungible::HoldConsideration, - }, + traits::{Contains, InsideBoth, LinearStoragePrice, fungible::HoldConsideration}, }; use frame_system::{EnsureRoot, EnsureRootWithSuccess, EnsureSigned}; use pallet_commitments::{CanCommit, OnMetadataCommitment}; @@ -46,6 +45,7 @@ use pallet_subtensor_proxy as pallet_proxy; use pallet_subtensor_swap_runtime_api::SimSwapResult; use pallet_subtensor_utility as pallet_utility; use runtime_common::prod_or_fast; +use scale_info::TypeInfo; use sp_api::impl_runtime_apis; use sp_consensus_aura::sr25519::AuthorityId as AuraId; use sp_consensus_babe::BabeConfiguration; @@ -72,12 +72,13 @@ use sp_version::RuntimeVersion; use subtensor_precompiles::Precompiles; use subtensor_runtime_common::{AlphaCurrency, TaoCurrency, time::*, *}; use subtensor_swap_interface::{Order, SwapHandler}; - -pub use rate_limiting::{ - ScopeResolver as RuntimeScopeResolver, UsageResolver as RuntimeUsageResolver, +use subtensor_transaction_fee::{SubtensorTxFeeHandler, TransactionFeeHandler}; +// Frontier +use fp_rpc::TransactionStatus; +use pallet_ethereum::{Call::transact, PostLogContent, Transaction as EthereumTransaction}; +use pallet_evm::{ + Account as EVMAccount, BalanceConverter, EvmBalance, FeeCalculator, Runner, SubstrateBalance, }; -pub type RateLimitingInstance = (); -pub type RateLimitGroupId = u32; // A few exports that help ease life for downstream crates. pub use frame_support::{ @@ -99,21 +100,13 @@ pub use pallet_balances::Call as BalancesCall; use pallet_commitments::GetCommitments; pub use pallet_timestamp::Call as TimestampCall; use pallet_transaction_payment::{ConstFeeMultiplier, Multiplier}; +pub use rate_limiting::{ + RateLimitScope, RateLimitUsageKey, ScopeResolver as RuntimeScopeResolver, + UsageResolver as RuntimeUsageResolver, +}; #[cfg(any(feature = "std", test))] pub use sp_runtime::BuildStorage; pub use sp_runtime::{Perbill, Permill}; -use subtensor_transaction_fee::{SubtensorTxFeeHandler, TransactionFeeHandler}; - -use core::marker::PhantomData; - -use scale_info::TypeInfo; - -// Frontier -use fp_rpc::TransactionStatus; -use pallet_ethereum::{Call::transact, PostLogContent, Transaction as EthereumTransaction}; -use pallet_evm::{ - Account as EVMAccount, BalanceConverter, EvmBalance, FeeCalculator, Runner, SubstrateBalance, -}; // Drand impl pallet_drand::Config for Runtime { @@ -2200,18 +2193,18 @@ impl_runtime_apis! { let pallet_name = sp_std::str::from_utf8(&pallet).ok()?; let extrinsic_name = sp_std::str::from_utf8(&extrinsic).ok()?; - let identifier = RateLimiting::::identifier_for_call_names( + let identifier = RateLimiting::::identifier_for_call_names( pallet_name, extrinsic_name, )?; let target = - RateLimiting::::config_target(&identifier).ok()?; + RateLimiting::::config_target(&identifier).ok()?; let limits = - pallet_rate_limiting::Limits::::get(target)?; + pallet_rate_limiting::Limits::::get(target)?; let default_limit = - pallet_rate_limiting::DefaultLimit::::get(); + pallet_rate_limiting::DefaultLimit::::get(); let resolved = - RateLimiting::::resolved_limit(&target, &None); + RateLimiting::::resolved_limit(&target, &None); let (global, contextual) = match limits { RateLimit::Global(kind) => (Some(kind), sp_std::vec::Vec::new()), diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 57bfde1319..549e847606 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -22,11 +22,11 @@ use sp_std::{ vec, vec::Vec, }; -use subtensor_runtime_common::{MechId, NetUid, RateLimitScope, RateLimitUsageKey}; +use subtensor_runtime_common::{MechId, NetUid}; -use crate::RateLimitingInstance; +use super::{RateLimitScope, RateLimitUsageKey}; -type GroupIdOf = >::GroupId; +type GroupIdOf = ::GroupId; type LimitEntries = Vec<( RateLimitTarget, RateLimit>, @@ -38,12 +38,9 @@ type LastSeenEntries = Vec<( ), BlockNumberFor, )>; -type GroupNameOf = - BoundedVec>::MaxGroupNameLength>; -type GroupMembersOf = BoundedBTreeSet< - TransactionIdentifier, - >::MaxGroupMembers, ->; +type GroupNameOf = BoundedVec::MaxGroupNameLength>; +type GroupMembersOf = + BoundedBTreeSet::MaxGroupMembers>; /// Pallet index assigned to `pallet_subtensor` in `construct_runtime!`. const SUBTENSOR_PALLET_INDEX: u8 = 7; @@ -269,13 +266,8 @@ fn build_grouping() -> Grouping { pub fn migrate_rate_limiting() -> Weight where T: SubtensorConfig - + pallet_rate_limiting::Config< - RateLimitingInstance, - LimitScope = RateLimitScope, - GroupId = GroupId, - >, - RateLimitUsageKey: - Into<>::UsageKey>, + + pallet_rate_limiting::Config, + RateLimitUsageKey: Into<::UsageKey>, { let mut weight = T::DbWeight::get().reads(1); if HasMigrationRun::::get(MIGRATION_NAME) { @@ -752,13 +744,8 @@ fn import_evm_entries( fn convert_target(target: &RateLimitTarget) -> RateLimitTarget> where T: SubtensorConfig - + pallet_rate_limiting::Config< - RateLimitingInstance, - LimitScope = RateLimitScope, - GroupId = GroupId, - >, - RateLimitUsageKey: - Into<>::UsageKey>, + + pallet_rate_limiting::Config, + RateLimitUsageKey: Into<::UsageKey>, { match target { RateLimitTarget::Transaction(identifier) => RateLimitTarget::Transaction(*identifier), @@ -769,18 +756,13 @@ where fn write_limits(limits: &LimitEntries) -> u64 where T: SubtensorConfig - + pallet_rate_limiting::Config< - RateLimitingInstance, - LimitScope = RateLimitScope, - GroupId = GroupId, - >, - RateLimitUsageKey: - Into<>::UsageKey>, + + pallet_rate_limiting::Config, + RateLimitUsageKey: Into<::UsageKey>, { let mut writes: u64 = 0; for (identifier, limit) in limits.iter() { let target = convert_target::(identifier); - pallet_rate_limiting::Limits::::insert(target, limit.clone()); + pallet_rate_limiting::Limits::::insert(target, limit.clone()); writes += 1; } writes @@ -789,21 +771,14 @@ where fn write_last_seen(entries: &LastSeenEntries) -> u64 where T: SubtensorConfig - + pallet_rate_limiting::Config< - RateLimitingInstance, - LimitScope = RateLimitScope, - GroupId = GroupId, - >, - RateLimitUsageKey: - Into<>::UsageKey>, + + pallet_rate_limiting::Config, + RateLimitUsageKey: Into<::UsageKey>, { let mut writes: u64 = 0; for ((identifier, usage), block) in entries.iter() { let target = convert_target::(identifier); let usage_key = usage.clone().map(Into::into); - pallet_rate_limiting::LastSeen::::insert( - target, usage_key, *block, - ); + pallet_rate_limiting::LastSeen::::insert(target, usage_key, *block); writes += 1; } writes @@ -812,13 +787,8 @@ where fn write_groups(grouping: &Grouping) -> u64 where T: SubtensorConfig - + pallet_rate_limiting::Config< - RateLimitingInstance, - LimitScope = RateLimitScope, - GroupId = GroupId, - >, - RateLimitUsageKey: - Into<>::UsageKey>, + + pallet_rate_limiting::Config, + RateLimitUsageKey: Into<::UsageKey>, { let mut writes: u64 = 0; @@ -837,8 +807,8 @@ where sharing: detail.sharing, }; - pallet_rate_limiting::Groups::::insert(group_id, stored); - pallet_rate_limiting::GroupNameIndex::::insert(name, group_id); + pallet_rate_limiting::Groups::::insert(group_id, stored); + pallet_rate_limiting::GroupNameIndex::::insert(name, group_id); writes += 2; } @@ -851,18 +821,18 @@ where ); continue; }; - pallet_rate_limiting::GroupMembers::::insert(group_id, bounded); + pallet_rate_limiting::GroupMembers::::insert(group_id, bounded); writes += 1; } for (identifier, info) in &grouping.assignments { let group_id = info.id.saturated_into::>(); - pallet_rate_limiting::CallGroups::::insert(*identifier, group_id); + pallet_rate_limiting::CallGroups::::insert(*identifier, group_id); writes += 1; } let next_group_id = grouping.next_group_id.saturated_into::>(); - pallet_rate_limiting::NextGroupId::::put(next_group_id); + pallet_rate_limiting::NextGroupId::::put(next_group_id); writes += 1; writes @@ -936,13 +906,8 @@ pub struct Migration(PhantomData); impl frame_support::traits::OnRuntimeUpgrade for Migration where T: SubtensorConfig - + pallet_rate_limiting::Config< - RateLimitingInstance, - LimitScope = RateLimitScope, - GroupId = GroupId, - >, - RateLimitUsageKey: - Into<>::UsageKey>, + + pallet_rate_limiting::Config, + RateLimitUsageKey: Into<::UsageKey>, { fn on_runtime_upgrade() -> Weight { migrate_rate_limiting::() @@ -1051,11 +1016,11 @@ where #[cfg(test)] mod tests { - use super::*; - use crate::{AccountId, BuildStorage, RateLimitingInstance, Runtime}; use sp_io::TestExternalities; use sp_runtime::traits::{SaturatedConversion, Zero}; - use subtensor_runtime_common::RateLimitUsageKey; + + use super::*; + use crate::{AccountId, BuildStorage, Runtime}; const ACCOUNT: [u8; 32] = [7u8; 32]; const DELEGATE_TAKE_GROUP_ID: GroupId = GROUP_DELEGATE_TAKE; @@ -1111,13 +1076,13 @@ mod tests { let delegate_group = RateLimitTarget::Group(DELEGATE_TAKE_GROUP_ID); assert_eq!( - pallet_rate_limiting::Limits::::get(tx_target), + pallet_rate_limiting::Limits::::get(tx_target), Some(RateLimit::Global(RateLimitKind::Exact( 10u64.saturated_into() ))) ); assert_eq!( - pallet_rate_limiting::Limits::::get(delegate_group), + pallet_rate_limiting::Limits::::get(delegate_group), Some(RateLimit::Global(RateLimitKind::Exact( 3u64.saturated_into() ))) @@ -1125,29 +1090,19 @@ mod tests { let usage_key = RateLimitUsageKey::Account(account.clone()); assert_eq!( - pallet_rate_limiting::LastSeen::::get( - tx_target, - Some(usage_key.clone()) - ), + pallet_rate_limiting::LastSeen::::get(tx_target, Some(usage_key.clone())), Some(5u64.saturated_into()) ); - let group = pallet_rate_limiting::Groups::::get( - DELEGATE_TAKE_GROUP_ID, - ) - .expect("group stored"); + let group = pallet_rate_limiting::Groups::::get(DELEGATE_TAKE_GROUP_ID) + .expect("group stored"); assert_eq!(group.id, DELEGATE_TAKE_GROUP_ID); assert_eq!(group.name.as_slice(), b"delegate-take"); assert_eq!( - pallet_rate_limiting::CallGroups::::get( - subtensor_identifier(66) - ), + pallet_rate_limiting::CallGroups::::get(subtensor_identifier(66)), Some(DELEGATE_TAKE_GROUP_ID) ); - assert_eq!( - pallet_rate_limiting::NextGroupId::::get(), - 6 - ); + assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 6); }); } @@ -1162,12 +1117,12 @@ mod tests { assert_eq!(weight, base_weight); assert!( - pallet_rate_limiting::Limits::::iter() + pallet_rate_limiting::Limits::::iter() .next() .is_none() ); assert!( - pallet_rate_limiting::LastSeen::::iter() + pallet_rate_limiting::LastSeen::::iter() .next() .is_none() ); diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 713c8bacf6..fb8109202f 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -1,13 +1,77 @@ +use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::pallet_prelude::Parameter; use frame_system::RawOrigin; use pallet_admin_utils::Call as AdminUtilsCall; use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; use pallet_subtensor::{Call as SubtensorCall, Tempo}; -use subtensor_runtime_common::{BlockNumber, NetUid, RateLimitScope, RateLimitUsageKey}; +use scale_info::TypeInfo; +use serde::{Deserialize, Serialize}; +use subtensor_runtime_common::{BlockNumber, MechId, NetUid}; use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; pub(crate) mod migration; +#[derive( + Serialize, + Deserialize, + Encode, + Decode, + DecodeWithMemTracking, + Clone, + Copy, + PartialEq, + Eq, + PartialOrd, + Ord, + Debug, + TypeInfo, + MaxEncodedLen, +)] +pub enum RateLimitScope { + Subnet(NetUid), + SubnetMechanism { netuid: NetUid, mecid: MechId }, +} + +#[derive( + Serialize, + Deserialize, + Encode, + Decode, + DecodeWithMemTracking, + Clone, + PartialEq, + Eq, + PartialOrd, + Ord, + Debug, + TypeInfo, + MaxEncodedLen, +)] +#[scale_info(skip_type_params(AccountId))] +pub enum RateLimitUsageKey { + Account(AccountId), + Subnet(NetUid), + AccountSubnet { + account: AccountId, + netuid: NetUid, + }, + ColdkeyHotkeySubnet { + coldkey: AccountId, + hotkey: AccountId, + netuid: NetUid, + }, + SubnetNeuron { + netuid: NetUid, + uid: u16, + }, + SubnetMechanismNeuron { + netuid: NetUid, + mecid: MechId, + uid: u16, + }, +} + fn signed_origin(origin: &RuntimeOrigin) -> Option { match origin.clone().into() { Ok(RawOrigin::Signed(who)) => Some(who), @@ -53,7 +117,6 @@ fn owner_hparam_netuid(call: &AdminUtilsCall) -> Option { | AdminUtilsCall::sudo_set_recycle_or_burn { netuid, .. } | AdminUtilsCall::sudo_set_rho { netuid, .. } | AdminUtilsCall::sudo_set_serving_rate_limit { netuid, .. } - | AdminUtilsCall::sudo_set_sn_owner_hotkey { netuid, .. } | AdminUtilsCall::sudo_set_toggle_transfer { netuid, .. } | AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } | AdminUtilsCall::sudo_set_yuma3_enabled { netuid, .. } => Some(*netuid), @@ -65,6 +128,7 @@ fn admin_scope_netuid(call: &AdminUtilsCall) -> Option { owner_hparam_netuid(call).or_else(|| match call { AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } | AdminUtilsCall::sudo_set_mechanism_emission_split { netuid, .. } + | AdminUtilsCall::sudo_set_sn_owner_hotkey { netuid, .. } | AdminUtilsCall::sudo_trim_to_max_allowed_uids { netuid, .. } => Some(*netuid), _ => None, }) @@ -83,9 +147,7 @@ impl RateLimitUsageResolver::Account) } SubtensorCall::register_network { .. } - | SubtensorCall::register_network_with_identity { .. } => { - signed_origin(origin).map(RateLimitUsageKey::::Account) - } + | SubtensorCall::register_network_with_identity { .. } => None, SubtensorCall::increase_take { hotkey, .. } => { Some(RateLimitUsageKey::::Account(hotkey.clone())) } @@ -181,6 +243,9 @@ impl RateLimitUsageResolver::Subnet(netuid)) } else { match inner { + AdminUtilsCall::sudo_set_sn_owner_hotkey { netuid, .. } => { + Some(RateLimitUsageKey::::Subnet(*netuid)) + } AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } | AdminUtilsCall::sudo_set_mechanism_emission_split { netuid, .. } | AdminUtilsCall::sudo_trim_to_max_allowed_uids { netuid, .. } => { From 42ea14e4f8f43b40cea0f2da3762736ced83bf3b Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 25 Nov 2025 17:25:07 +0300 Subject: [PATCH 28/46] Add more tests for rate-limiting migration --- runtime/src/lib.rs | 2 +- runtime/src/rate_limiting/mod.rs | 2 +- runtime/tests/rate_limiting_migration.rs | 98 ++++++++++++++++++++++++ 3 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 runtime/tests/rate_limiting_migration.rs diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 99a10e8198..aea33bacca 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -13,7 +13,7 @@ use core::num::NonZeroU64; pub mod check_nonce; mod migrations; -mod rate_limiting; +pub mod rate_limiting; pub mod transaction_payment_wrapper; extern crate alloc; diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index fb8109202f..7b86d87dad 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -10,7 +10,7 @@ use subtensor_runtime_common::{BlockNumber, MechId, NetUid}; use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; -pub(crate) mod migration; +pub mod migration; #[derive( Serialize, diff --git a/runtime/tests/rate_limiting_migration.rs b/runtime/tests/rate_limiting_migration.rs new file mode 100644 index 0000000000..23a16e3fe4 --- /dev/null +++ b/runtime/tests/rate_limiting_migration.rs @@ -0,0 +1,98 @@ +#![allow(clippy::unwrap_used)] + +use frame_support::traits::OnRuntimeUpgrade; +use frame_system::pallet_prelude::BlockNumberFor; +use node_subtensor_runtime::{ + rate_limiting, + rate_limiting::migration::{identifier_for_transaction_type, Migration}, + BuildStorage, Runtime, RuntimeGenesisConfig, SubtensorModule, System, +}; +use pallet_rate_limiting::{RateLimit, RateLimitKind, RateLimitTarget}; +use pallet_subtensor::{HasMigrationRun, LastRateLimitedBlock, RateLimitKey, utils::rate_limiting::TransactionType}; +use sp_runtime::traits::SaturatedConversion; +use subtensor_runtime_common::NetUid; + +type GroupId = ::GroupId; +const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; +type AccountId = ::AccountId; +type UsageKey = rate_limiting::RateLimitUsageKey; + +fn new_test_ext() -> sp_io::TestExternalities { + sp_tracing::try_init_simple(); + let mut ext: sp_io::TestExternalities = RuntimeGenesisConfig::default() + .build_storage() + .unwrap() + .into(); + ext.execute_with(|| System::set_block_number(1)); + ext +} + +fn resolve_target(identifier: pallet_rate_limiting::TransactionIdentifier) -> RateLimitTarget { + if let Some(group) = pallet_rate_limiting::CallGroups::::get(identifier) { + RateLimitTarget::Group(group) + } else { + RateLimitTarget::Transaction(identifier) + } +} + +fn exact_span(span: u64) -> RateLimitKind> { + RateLimitKind::Exact(span.saturated_into()) +} + +#[test] +fn migrates_global_register_network_last_seen() { + new_test_ext().execute_with(|| { + HasMigrationRun::::remove(MIGRATION_NAME); + + // Seed legacy global register rate-limit state. + LastRateLimitedBlock::::insert(RateLimitKey::NetworkLastRegistered, 10u64); + System::set_block_number(12); + + // Run migration. + Migration::::on_runtime_upgrade(); + + let identifier = + identifier_for_transaction_type(TransactionType::RegisterNetwork).expect("identifier"); + let target = resolve_target(identifier); + + // LastSeen preserved globally (usage = None). + let stored = pallet_rate_limiting::LastSeen::::get(target, None::) + .expect("last seen entry"); + assert_eq!( + stored, + 10u64.saturated_into::>() + ); + }); +} + +#[test] +fn sn_owner_hotkey_limit_not_tempo_scaled_and_last_seen_preserved() { + new_test_ext().execute_with(|| { + HasMigrationRun::::remove(MIGRATION_NAME); + + let netuid = NetUid::from(1); + // Give the subnet a non-1 tempo to catch accidental scaling. + SubtensorModule::set_tempo(netuid, 5); + LastRateLimitedBlock::::insert(RateLimitKey::SetSNOwnerHotkey(netuid), 100u64); + + Migration::::on_runtime_upgrade(); + + let identifier = + identifier_for_transaction_type(TransactionType::SetSNOwnerHotkey).expect("identifier"); + let target = resolve_target(identifier); + + // Limit should remain the fixed default (50400 blocks), not tempo-scaled. + let limit = pallet_rate_limiting::Limits::::get(target).expect("limit stored"); + assert!(matches!(limit, RateLimit::Global(kind) if kind == exact_span(50_400))); + + // LastSeen preserved per subnet. + let usage: Option<::UsageKey> = + Some(UsageKey::Subnet(netuid).into()); + let stored = pallet_rate_limiting::LastSeen::::get(target, usage) + .expect("last seen entry"); + assert_eq!( + stored, + 100u64.saturated_into::>() + ); + }); +} From 662a5ed4f0353bc0492bd838e35d4fc6e0e3f47a Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Wed, 26 Nov 2025 18:25:42 +0300 Subject: [PATCH 29/46] Fix rate limit scope resolver implementation --- runtime/src/lib.rs | 5 +- runtime/src/rate_limiting/migration.rs | 109 ++---- runtime/src/rate_limiting/mod.rs | 212 +++++------- runtime/tests/rate_limiting_behavior.rs | 420 +++++++++++++++++++++++ runtime/tests/rate_limiting_migration.rs | 27 +- 5 files changed, 535 insertions(+), 238 deletions(-) create mode 100644 runtime/tests/rate_limiting_behavior.rs diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index aea33bacca..95f943731f 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -101,8 +101,7 @@ use pallet_commitments::GetCommitments; pub use pallet_timestamp::Call as TimestampCall; use pallet_transaction_payment::{ConstFeeMultiplier, Multiplier}; pub use rate_limiting::{ - RateLimitScope, RateLimitUsageKey, ScopeResolver as RuntimeScopeResolver, - UsageResolver as RuntimeUsageResolver, + RateLimitUsageKey, ScopeResolver as RuntimeScopeResolver, UsageResolver as RuntimeUsageResolver, }; #[cfg(any(feature = "std", test))] pub use sp_runtime::BuildStorage; @@ -1127,7 +1126,7 @@ parameter_types! { impl pallet_rate_limiting::Config for Runtime { type RuntimeCall = RuntimeCall; type AdminOrigin = EnsureRoot; - type LimitScope = RateLimitScope; + type LimitScope = NetUid; type LimitScopeResolver = RuntimeScopeResolver; type UsageKey = RateLimitUsageKey; type UsageResolver = RuntimeUsageResolver; diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 549e847606..54cc99d109 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -10,10 +10,10 @@ use pallet_rate_limiting::{ }; use pallet_subtensor::{ self, AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, - LastRateLimitedBlock, LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountCurrent, - MechanismCountSetRateLimit, MechanismEmissionRateLimit, NetworkRateLimit, - OwnerHyperparamRateLimit, Pallet, Prometheus, RateLimitKey, TransactionKeyLastBlock, - TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, TxRateLimit, WeightsVersionKeyRateLimit, + LastRateLimitedBlock, LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountSetRateLimit, + MechanismEmissionRateLimit, NetworkRateLimit, OwnerHyperparamRateLimit, Pallet, Prometheus, + RateLimitKey, TransactionKeyLastBlock, TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, + TxRateLimit, WeightsVersionKeyRateLimit, utils::rate_limiting::{Hyperparameter, TransactionType}, }; use sp_runtime::traits::SaturatedConversion; @@ -22,14 +22,14 @@ use sp_std::{ vec, vec::Vec, }; -use subtensor_runtime_common::{MechId, NetUid}; +use subtensor_runtime_common::NetUid; -use super::{RateLimitScope, RateLimitUsageKey}; +use super::RateLimitUsageKey; type GroupIdOf = ::GroupId; type LimitEntries = Vec<( RateLimitTarget, - RateLimit>, + RateLimit>, )>; type LastSeenEntries = Vec<( ( @@ -240,13 +240,6 @@ fn weight_calls_subnet(grouping: &Grouping) -> Vec { .unwrap_or_default() } -fn weight_calls_mechanism(grouping: &Grouping) -> Vec { - grouping - .members(GROUP_WEIGHTS_MECHANISM) - .map(|m| m.iter().copied().collect()) - .unwrap_or_default() -} - fn build_grouping() -> Grouping { let mut grouping = Grouping::default(); @@ -265,8 +258,7 @@ fn build_grouping() -> Grouping { pub fn migrate_rate_limiting() -> Weight where - T: SubtensorConfig - + pallet_rate_limiting::Config, + T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, { let mut weight = T::DbWeight::get().reads(1); @@ -449,12 +441,7 @@ fn gather_serving_limits( reads += 1; if let Some(span) = block_number::(Pallet::::get_serving_rate_limit(netuid)) { for call in serve_calls(grouping) { - set_scoped_limit::( - limits, - grouping.config_target(call), - RateLimitScope::Subnet(netuid), - span, - ); + set_scoped_limit::(limits, grouping.config_target(call), netuid, span); } } } @@ -469,40 +456,12 @@ fn gather_weight_limits( let mut reads: u64 = 0; let netuids = Pallet::::get_all_subnet_netuids(); - let mut subnet_limits = BTreeMap::>::new(); let subnet_calls = weight_calls_subnet(grouping); - let mechanism_calls = weight_calls_mechanism(grouping); for netuid in &netuids { reads += 1; if let Some(span) = block_number::(Pallet::::get_weights_set_rate_limit(*netuid)) { - subnet_limits.insert(*netuid, span); for call in &subnet_calls { - set_scoped_limit::( - limits, - grouping.config_target(*call), - RateLimitScope::Subnet(*netuid), - span, - ); - } - } - } - - for netuid in &netuids { - reads += 1; - let mech_count: u8 = MechanismCountCurrent::::get(*netuid).into(); - if mech_count <= 1 { - continue; - } - let Some(span) = subnet_limits.get(netuid).copied() else { - continue; - }; - for mecid in 1..mech_count { - let scope = RateLimitScope::SubnetMechanism { - netuid: *netuid, - mecid: MechId::from(mecid), - }; - for call in &mechanism_calls { - set_scoped_limit::(limits, grouping.config_target(*call), scope.clone(), span); + set_scoped_limit::(limits, grouping.config_target(*call), *netuid, span); } } } @@ -621,18 +580,9 @@ fn import_last_update_entries( ) -> u64 { let mut reads: u64 = 0; let subnet_calls = weight_calls_subnet(grouping); - let mechanism_calls = weight_calls_mechanism(grouping); for (index, blocks) in LastUpdate::::iter() { reads += 1; let netuid = Pallet::::get_netuid(index); - let sub_id = u16::from(index) - .checked_div(pallet_subtensor::subnets::mechanism::GLOBAL_MAX_SUBNET_COUNT) - .unwrap_or_default(); - let is_mechanism = sub_id != 0; - let Ok(sub_id) = u8::try_from(sub_id) else { - continue; - }; - let mecid = MechId::from(sub_id); for (uid, last_block) in blocks.into_iter().enumerate() { if last_block == 0 { @@ -641,26 +591,12 @@ fn import_last_update_entries( let Ok(uid_u16) = u16::try_from(uid) else { continue; }; - let usage = if is_mechanism { - RateLimitUsageKey::SubnetMechanismNeuron { - netuid, - mecid, - uid: uid_u16, - } - } else { - RateLimitUsageKey::SubnetNeuron { - netuid, - uid: uid_u16, - } - }; - - let call_set: &[TransactionIdentifier] = if is_mechanism { - mechanism_calls.as_slice() - } else { - subnet_calls.as_slice() + let usage = RateLimitUsageKey::SubnetNeuron { + netuid, + uid: uid_u16, }; - for call in call_set { + for call in &subnet_calls { record_last_seen_entry::( entries, grouping.usage_target(*call), @@ -743,8 +679,7 @@ fn import_evm_entries( fn convert_target(target: &RateLimitTarget) -> RateLimitTarget> where - T: SubtensorConfig - + pallet_rate_limiting::Config, + T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, { match target { @@ -755,8 +690,7 @@ where fn write_limits(limits: &LimitEntries) -> u64 where - T: SubtensorConfig - + pallet_rate_limiting::Config, + T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, { let mut writes: u64 = 0; @@ -770,8 +704,7 @@ where fn write_last_seen(entries: &LastSeenEntries) -> u64 where - T: SubtensorConfig - + pallet_rate_limiting::Config, + T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, { let mut writes: u64 = 0; @@ -786,8 +719,7 @@ where fn write_groups(grouping: &Grouping) -> u64 where - T: SubtensorConfig - + pallet_rate_limiting::Config, + T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, { let mut writes: u64 = 0; @@ -860,7 +792,7 @@ fn set_global_limit( fn set_scoped_limit( limits: &mut LimitEntries, target: RateLimitTarget, - scope: RateLimitScope, + scope: NetUid, span: BlockNumberFor, ) { if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == target) { @@ -905,8 +837,7 @@ pub struct Migration(PhantomData); impl frame_support::traits::OnRuntimeUpgrade for Migration where - T: SubtensorConfig - + pallet_rate_limiting::Config, + T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, { fn on_runtime_upgrade() -> Weight { diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 7b86d87dad..5b4a97248a 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -12,27 +12,6 @@ use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; pub mod migration; -#[derive( - Serialize, - Deserialize, - Encode, - Decode, - DecodeWithMemTracking, - Clone, - Copy, - PartialEq, - Eq, - PartialOrd, - Ord, - Debug, - TypeInfo, - MaxEncodedLen, -)] -pub enum RateLimitScope { - Subnet(NetUid), - SubnetMechanism { netuid: NetUid, mecid: MechId }, -} - #[derive( Serialize, Deserialize, @@ -72,66 +51,54 @@ pub enum RateLimitUsageKey { }, } -fn signed_origin(origin: &RuntimeOrigin) -> Option { - match origin.clone().into() { - Ok(RawOrigin::Signed(who)) => Some(who), - _ => None, - } -} +#[derive(Default)] +pub struct ScopeResolver; -fn tempo_scaled(netuid: NetUid, span: BlockNumber) -> BlockNumber { - if span == 0 { - return span; +impl RateLimitScopeResolver for ScopeResolver { + fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option { + match call { + RuntimeCall::SubtensorModule(inner) => match inner { + SubtensorCall::serve_axon { netuid, .. } + | SubtensorCall::serve_axon_tls { netuid, .. } + | SubtensorCall::serve_prometheus { netuid, .. } + | SubtensorCall::set_weights { netuid, .. } + | SubtensorCall::commit_weights { netuid, .. } + | SubtensorCall::reveal_weights { netuid, .. } + | SubtensorCall::batch_reveal_weights { netuid, .. } + | SubtensorCall::commit_timelocked_weights { netuid, .. } + | SubtensorCall::set_mechanism_weights { netuid, .. } + | SubtensorCall::commit_mechanism_weights { netuid, .. } + | SubtensorCall::reveal_mechanism_weights { netuid, .. } + | SubtensorCall::commit_crv3_mechanism_weights { netuid, .. } + | SubtensorCall::commit_timelocked_mechanism_weights { netuid, .. } => { + Some(*netuid) + } + _ => None, + }, + _ => None, + } } - let tempo = BlockNumber::from(Tempo::::get(netuid) as u32); - span.saturating_mul(tempo) -} -fn neuron_identity(origin: &RuntimeOrigin, netuid: NetUid) -> Option<(AccountId, u16)> { - let hotkey = signed_origin(origin)?; - let uid = - pallet_subtensor::Pallet::::get_uid_for_net_and_hotkey(netuid, &hotkey).ok()?; - Some((hotkey, uid)) -} - -fn owner_hparam_netuid(call: &AdminUtilsCall) -> Option { - match call { - AdminUtilsCall::sudo_set_activity_cutoff { netuid, .. } - | AdminUtilsCall::sudo_set_adjustment_alpha { netuid, .. } - | AdminUtilsCall::sudo_set_alpha_sigmoid_steepness { netuid, .. } - | AdminUtilsCall::sudo_set_alpha_values { netuid, .. } - | AdminUtilsCall::sudo_set_bonds_moving_average { netuid, .. } - | AdminUtilsCall::sudo_set_bonds_penalty { netuid, .. } - | AdminUtilsCall::sudo_set_bonds_reset_enabled { netuid, .. } - | AdminUtilsCall::sudo_set_commit_reveal_weights_enabled { netuid, .. } - | AdminUtilsCall::sudo_set_commit_reveal_weights_interval { netuid, .. } - | AdminUtilsCall::sudo_set_immunity_period { netuid, .. } - | AdminUtilsCall::sudo_set_liquid_alpha_enabled { netuid, .. } - | AdminUtilsCall::sudo_set_max_allowed_uids { netuid, .. } - | AdminUtilsCall::sudo_set_max_burn { netuid, .. } - | AdminUtilsCall::sudo_set_max_difficulty { netuid, .. } - | AdminUtilsCall::sudo_set_min_allowed_weights { netuid, .. } - | AdminUtilsCall::sudo_set_min_burn { netuid, .. } - | AdminUtilsCall::sudo_set_network_pow_registration_allowed { netuid, .. } - | AdminUtilsCall::sudo_set_owner_immune_neuron_limit { netuid, .. } - | AdminUtilsCall::sudo_set_recycle_or_burn { netuid, .. } - | AdminUtilsCall::sudo_set_rho { netuid, .. } - | AdminUtilsCall::sudo_set_serving_rate_limit { netuid, .. } - | AdminUtilsCall::sudo_set_toggle_transfer { netuid, .. } - | AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } - | AdminUtilsCall::sudo_set_yuma3_enabled { netuid, .. } => Some(*netuid), - _ => None, + fn should_bypass(origin: &RuntimeOrigin, _call: &RuntimeCall) -> bool { + matches!(origin.clone().into(), Ok(RawOrigin::Root)) } -} -fn admin_scope_netuid(call: &AdminUtilsCall) -> Option { - owner_hparam_netuid(call).or_else(|| match call { - AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } - | AdminUtilsCall::sudo_set_mechanism_emission_split { netuid, .. } - | AdminUtilsCall::sudo_set_sn_owner_hotkey { netuid, .. } - | AdminUtilsCall::sudo_trim_to_max_allowed_uids { netuid, .. } => Some(*netuid), - _ => None, - }) + fn adjust_span(_origin: &RuntimeOrigin, call: &RuntimeCall, span: BlockNumber) -> BlockNumber { + match call { + RuntimeCall::AdminUtils(inner) => { + if let Some(netuid) = owner_hparam_netuid(inner) { + if span == 0 { + return span; + } + let tempo = BlockNumber::from(Tempo::::get(netuid) as u32); + span.saturating_mul(tempo) + } else { + span + } + } + _ => span, + } + } } #[derive(Default)] @@ -264,63 +231,46 @@ impl RateLimitUsageResolver - for ScopeResolver -{ - fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option { - match call { - RuntimeCall::SubtensorModule(inner) => match inner { - SubtensorCall::serve_axon { netuid, .. } - | SubtensorCall::serve_axon_tls { netuid, .. } - | SubtensorCall::serve_prometheus { netuid, .. } - | SubtensorCall::set_weights { netuid, .. } - | SubtensorCall::commit_weights { netuid, .. } - | SubtensorCall::reveal_weights { netuid, .. } - | SubtensorCall::batch_reveal_weights { netuid, .. } - | SubtensorCall::commit_timelocked_weights { netuid, .. } => { - Some(RateLimitScope::Subnet(*netuid)) - } - SubtensorCall::set_mechanism_weights { netuid, mecid, .. } - | SubtensorCall::commit_mechanism_weights { netuid, mecid, .. } - | SubtensorCall::reveal_mechanism_weights { netuid, mecid, .. } - | SubtensorCall::commit_crv3_mechanism_weights { netuid, mecid, .. } - | SubtensorCall::commit_timelocked_mechanism_weights { netuid, mecid, .. } => { - Some(RateLimitScope::SubnetMechanism { - netuid: *netuid, - mecid: *mecid, - }) - } - _ => None, - }, - RuntimeCall::AdminUtils(inner) => { - if owner_hparam_netuid(inner).is_some() { - // Hyperparameter setters share a global limit span; usage is tracked per subnet. - None - } else { - admin_scope_netuid(inner).map(RateLimitScope::Subnet) - } - } - _ => None, - } - } +fn neuron_identity(origin: &RuntimeOrigin, netuid: NetUid) -> Option<(AccountId, u16)> { + let hotkey = signed_origin(origin)?; + let uid = + pallet_subtensor::Pallet::::get_uid_for_net_and_hotkey(netuid, &hotkey).ok()?; + Some((hotkey, uid)) +} - fn should_bypass(origin: &RuntimeOrigin, _call: &RuntimeCall) -> bool { - matches!(origin.clone().into(), Ok(RawOrigin::Root)) +fn signed_origin(origin: &RuntimeOrigin) -> Option { + match origin.clone().into() { + Ok(RawOrigin::Signed(who)) => Some(who), + _ => None, } +} - fn adjust_span(_origin: &RuntimeOrigin, call: &RuntimeCall, span: BlockNumber) -> BlockNumber { - match call { - RuntimeCall::AdminUtils(inner) => { - if let Some(netuid) = owner_hparam_netuid(inner) { - tempo_scaled(netuid, span) - } else { - span - } - } - _ => span, - } +fn owner_hparam_netuid(call: &AdminUtilsCall) -> Option { + match call { + AdminUtilsCall::sudo_set_activity_cutoff { netuid, .. } + | AdminUtilsCall::sudo_set_adjustment_alpha { netuid, .. } + | AdminUtilsCall::sudo_set_alpha_sigmoid_steepness { netuid, .. } + | AdminUtilsCall::sudo_set_alpha_values { netuid, .. } + | AdminUtilsCall::sudo_set_bonds_moving_average { netuid, .. } + | AdminUtilsCall::sudo_set_bonds_penalty { netuid, .. } + | AdminUtilsCall::sudo_set_bonds_reset_enabled { netuid, .. } + | AdminUtilsCall::sudo_set_commit_reveal_weights_enabled { netuid, .. } + | AdminUtilsCall::sudo_set_commit_reveal_weights_interval { netuid, .. } + | AdminUtilsCall::sudo_set_immunity_period { netuid, .. } + | AdminUtilsCall::sudo_set_liquid_alpha_enabled { netuid, .. } + | AdminUtilsCall::sudo_set_max_allowed_uids { netuid, .. } + | AdminUtilsCall::sudo_set_max_burn { netuid, .. } + | AdminUtilsCall::sudo_set_max_difficulty { netuid, .. } + | AdminUtilsCall::sudo_set_min_allowed_weights { netuid, .. } + | AdminUtilsCall::sudo_set_min_burn { netuid, .. } + | AdminUtilsCall::sudo_set_network_pow_registration_allowed { netuid, .. } + | AdminUtilsCall::sudo_set_owner_immune_neuron_limit { netuid, .. } + | AdminUtilsCall::sudo_set_recycle_or_burn { netuid, .. } + | AdminUtilsCall::sudo_set_rho { netuid, .. } + | AdminUtilsCall::sudo_set_serving_rate_limit { netuid, .. } + | AdminUtilsCall::sudo_set_toggle_transfer { netuid, .. } + | AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } + | AdminUtilsCall::sudo_set_yuma3_enabled { netuid, .. } => Some(*netuid), + _ => None, } } diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs new file mode 100644 index 0000000000..c513409db7 --- /dev/null +++ b/runtime/tests/rate_limiting_behavior.rs @@ -0,0 +1,420 @@ +#![allow(clippy::unwrap_used)] + +use frame_support::traits::OnRuntimeUpgrade; +use frame_system::pallet_prelude::BlockNumberFor; +use node_subtensor_runtime::{ + BuildStorage, Runtime, RuntimeCall, RuntimeGenesisConfig, RuntimeOrigin, RuntimeScopeResolver, + RuntimeUsageResolver, SubtensorModule, System, rate_limiting::RateLimitUsageKey, + rate_limiting::migration::Migration, +}; +use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; +use pallet_rate_limiting::{RateLimitTarget, TransactionIdentifier}; +use pallet_subtensor::Call as SubtensorCall; +use pallet_subtensor::{ + AxonInfo, HasMigrationRun, LastRateLimitedBlock, LastUpdate, NetworksAdded, PrometheusInfo, + RateLimitKey, ServingRateLimit, TransactionKeyLastBlock, WeightsSetRateLimit, + WeightsVersionKeyRateLimit, utils::rate_limiting::TransactionType, +}; +use sp_core::{H160, ecdsa}; +use sp_runtime::traits::SaturatedConversion; +use subtensor_runtime_common::{NetUid, NetUidStorageIndex}; + +type AccountId = ::AccountId; +type GroupId = ::GroupId; +type UsageKey = RateLimitUsageKey; + +const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; + +fn new_ext() -> sp_io::TestExternalities { + sp_tracing::try_init_simple(); + let mut ext: sp_io::TestExternalities = RuntimeGenesisConfig::default() + .build_storage() + .unwrap() + .into(); + ext.execute_with(|| System::set_block_number(1)); + ext +} + +fn account(n: u8) -> AccountId { + AccountId::from([n; 32]) +} + +fn resolve_target(identifier: TransactionIdentifier) -> RateLimitTarget { + if let Some(group) = pallet_rate_limiting::CallGroups::::get(identifier) { + RateLimitTarget::Group(group) + } else { + RateLimitTarget::Transaction(identifier) + } +} + +fn exact_span(span: u64) -> BlockNumberFor { + span.saturated_into::>() +} + +fn clear_rate_limiting_storage() { + let limit = u32::MAX; + let _ = pallet_rate_limiting::Limits::::clear(limit, None); + let _ = pallet_rate_limiting::LastSeen::::clear(limit, None); + let _ = pallet_rate_limiting::Groups::::clear(limit, None); + let _ = pallet_rate_limiting::GroupMembers::::clear(limit, None); + let _ = pallet_rate_limiting::GroupNameIndex::::clear(limit, None); + let _ = pallet_rate_limiting::CallGroups::::clear(limit, None); + pallet_rate_limiting::NextGroupId::::kill(); +} + +fn parity_check( + now: u64, + call: RuntimeCall, + origin: RuntimeOrigin, + usage_override: Option, + scope_override: Option, + legacy_check: F, +) where + F: Fn() -> bool, +{ + System::set_block_number(now.saturated_into()); + HasMigrationRun::::remove(MIGRATION_NAME); + clear_rate_limiting_storage(); + + // Run migration to hydrate pallet-rate-limiting state. + Migration::::on_runtime_upgrade(); + + let identifier = + TransactionIdentifier::from_call::(&call).expect("identifier for call"); + let scope = scope_override.or_else(|| RuntimeScopeResolver::context(&origin, &call)); + let usage: Option<::UsageKey> = usage_override + .map(Into::into) + .or_else(|| RuntimeUsageResolver::context(&origin, &call).map(Into::into)); + let target = resolve_target(identifier); + + let span = pallet_rate_limiting::Pallet::::resolved_limit(&target, &scope) + .unwrap_or_default(); + let span_u64: u64 = span.saturated_into(); + + let within = pallet_rate_limiting::Pallet::::is_within_limit( + &origin.clone().into(), + &call, + &identifier, + &scope, + &usage, + ) + .expect("pallet rate limit result"); + assert_eq!(within, legacy_check(), "parity at now for {:?}", identifier); + + // Advance beyond the span and re-check (span==0 treated as allow). + let advance: BlockNumberFor = span.saturating_add(exact_span(1)); + System::set_block_number(System::block_number().saturating_add(advance)); + + let within_after = pallet_rate_limiting::Pallet::::is_within_limit( + &origin.into(), + &call, + &identifier, + &scope, + &usage, + ) + .expect("pallet rate limit result (after)"); + assert!( + within_after || span_u64 == 0, + "parity after window for {:?}", + identifier + ); +} + +#[test] +fn register_network_parity() { + new_ext().execute_with(|| { + let now = 100u64; + let cold = account(1); + let hot = account(2); + let span = 5u64; + LastRateLimitedBlock::::insert(RateLimitKey::NetworkLastRegistered, now - 1); + pallet_subtensor::NetworkRateLimit::::put(span); + + let call = RuntimeCall::SubtensorModule(SubtensorCall::register_network { hotkey: hot }); + let origin = RuntimeOrigin::signed(cold.clone()); + let legacy = || TransactionType::RegisterNetwork.passes_rate_limit::(&cold); + parity_check(now, call, origin, None, None, legacy); + }); +} + +#[test] +fn swap_hotkey_parity() { + new_ext().execute_with(|| { + let now = 200u64; + let cold = account(10); + let old_hot = account(11); + let new_hot = account(12); + let span = 10u64; + LastRateLimitedBlock::::insert(RateLimitKey::LastTxBlock(cold.clone()), now - 1); + pallet_subtensor::TxRateLimit::::put(span); + + let call = RuntimeCall::SubtensorModule(SubtensorCall::swap_hotkey { + hotkey: old_hot, + new_hotkey: new_hot, + netuid: None, + }); + let origin = RuntimeOrigin::signed(cold.clone()); + let legacy = || !SubtensorModule::exceeds_tx_rate_limit(now - 1, now); + parity_check(now, call, origin, None, None, legacy); + }); +} + +#[test] +fn increase_take_parity() { + new_ext().execute_with(|| { + let now = 300u64; + let hot = account(20); + let span = 3u64; + LastRateLimitedBlock::::insert( + RateLimitKey::LastTxBlockDelegateTake(hot.clone()), + now - 1, + ); + pallet_subtensor::TxDelegateTakeRateLimit::::put(span); + + let call = RuntimeCall::SubtensorModule(SubtensorCall::increase_take { + hotkey: hot.clone(), + take: 5, + }); + let origin = RuntimeOrigin::signed(account(21)); + let legacy = || !SubtensorModule::exceeds_tx_delegate_take_rate_limit(now - 1, now); + parity_check(now, call, origin, None, None, legacy); + }); +} + +#[test] +fn set_childkey_take_parity() { + new_ext().execute_with(|| { + let now = 400u64; + let hot = account(30); + let netuid = NetUid::from(1u16); + let span = 7u64; + let tx_kind: u16 = TransactionType::SetChildkeyTake.into(); + TransactionKeyLastBlock::::insert((hot.clone(), netuid, tx_kind), now - 1); + pallet_subtensor::TxChildkeyTakeRateLimit::::put(span); + + let call = RuntimeCall::SubtensorModule(SubtensorCall::set_childkey_take { + hotkey: hot.clone(), + netuid, + take: 1, + }); + let origin = RuntimeOrigin::signed(account(31)); + let legacy = || { + TransactionType::SetChildkeyTake.passes_rate_limit_on_subnet::(&hot, netuid) + }; + parity_check(now, call, origin, None, None, legacy); + }); +} + +#[test] +fn set_children_parity() { + new_ext().execute_with(|| { + let now = 500u64; + let hot = account(40); + let netuid = NetUid::from(2u16); + let tx_kind: u16 = TransactionType::SetChildren.into(); + TransactionKeyLastBlock::::insert((hot.clone(), netuid, tx_kind), now - 1); + + let call = RuntimeCall::SubtensorModule(SubtensorCall::set_children { + hotkey: hot.clone(), + netuid, + children: Vec::new(), + }); + let origin = RuntimeOrigin::signed(account(41)); + let legacy = + || TransactionType::SetChildren.passes_rate_limit_on_subnet::(&hot, netuid); + parity_check(now, call, origin, None, None, legacy); + }); +} + +#[test] +fn serving_parity() { + new_ext().execute_with(|| { + let now = 600u64; + let hot = account(50); + let netuid = NetUid::from(3u16); + let span = 5u64; + ServingRateLimit::::insert(netuid, span); + pallet_subtensor::Axons::::insert( + netuid, + hot.clone(), + AxonInfo { + block: now - 1, + ..Default::default() + }, + ); + pallet_subtensor::Prometheus::::insert( + netuid, + hot.clone(), + PrometheusInfo { + block: now - 1, + ..Default::default() + }, + ); + + // Axon + let axon_call = RuntimeCall::SubtensorModule(SubtensorCall::serve_axon { + netuid, + version: 1, + ip: 0, + port: 0, + ip_type: 4, + protocol: 0, + placeholder1: 0, + placeholder2: 0, + }); + let origin = RuntimeOrigin::signed(hot.clone()); + let legacy_axon = || { + SubtensorModule::axon_passes_rate_limit( + netuid, + &AxonInfo { + block: now - 1, + ..Default::default() + }, + now, + ) + }; + parity_check(now, axon_call, origin.clone(), None, None, legacy_axon); + + // Prometheus + let prom_call = RuntimeCall::SubtensorModule(SubtensorCall::serve_prometheus { + netuid, + version: 1, + ip: 0, + port: 0, + ip_type: 4, + }); + let legacy_prom = || { + SubtensorModule::prometheus_passes_rate_limit( + netuid, + &PrometheusInfo { + block: now - 1, + ..Default::default() + }, + now, + ) + }; + parity_check(now, prom_call, origin, None, None, legacy_prom); + }); +} + +#[test] +fn weights_and_hparam_parity() { + new_ext().execute_with(|| { + let now = 700u64; + let hot = account(60); + let netuid = NetUid::from(4u16); + let uid: u16 = 0; + let weights_span = 4u64; + let tempo = 3u16; + // Ensure subnet exists so LastUpdate is imported. + NetworksAdded::::insert(netuid, true); + SubtensorModule::set_tempo(netuid, tempo); + WeightsSetRateLimit::::insert(netuid, weights_span); + LastUpdate::::insert(NetUidStorageIndex::from(netuid), vec![now - 1]); + + let weights_call = RuntimeCall::SubtensorModule(SubtensorCall::set_weights { + netuid, + dests: Vec::new(), + weights: Vec::new(), + version_key: 0, + }); + let origin = RuntimeOrigin::signed(hot.clone()); + let scope = Some(netuid); + let usage = Some(UsageKey::SubnetNeuron { netuid, uid }); + let legacy_weights = || SubtensorModule::check_rate_limit(netuid.into(), uid, now); + parity_check( + now, + weights_call, + origin.clone(), + usage, + scope, + legacy_weights, + ); + + // Hyperparam (activity_cutoff) with tempo scaling. + let hparam_span_epochs = 2u16; + pallet_subtensor::OwnerHyperparamRateLimit::::put(hparam_span_epochs); + LastRateLimitedBlock::::insert( + RateLimitKey::OwnerHyperparamUpdate( + netuid, + pallet_subtensor::utils::rate_limiting::Hyperparameter::ActivityCutoff, + ), + now - 1, + ); + let hparam_call = + RuntimeCall::AdminUtils(pallet_admin_utils::Call::sudo_set_activity_cutoff { + netuid, + activity_cutoff: 1, + }); + let hparam_origin = RuntimeOrigin::signed(hot); + let legacy_hparam = || { + let span = (tempo as u64) * (hparam_span_epochs as u64); + let last = now - 1; + // same logic as TransactionType::OwnerHyperparamUpdate in legacy: passes if delta >= span. + let delta = now.saturating_sub(last); + delta >= span + }; + parity_check(now, hparam_call, hparam_origin, None, None, legacy_hparam); + }); +} + +#[test] +fn weights_version_parity() { + new_ext().execute_with(|| { + let now = 800u64; + let hot = account(70); + let netuid = NetUid::from(5u16); + NetworksAdded::::insert(netuid, true); + SubtensorModule::set_tempo(netuid, 4); + WeightsVersionKeyRateLimit::::put(2u64); + let tx_kind_wvk: u16 = TransactionType::SetWeightsVersionKey.into(); + TransactionKeyLastBlock::::insert((hot.clone(), netuid, tx_kind_wvk), now - 1); + + let wvk_call = + RuntimeCall::AdminUtils(pallet_admin_utils::Call::sudo_set_weights_version_key { + netuid, + weights_version_key: 0, + }); + let origin = RuntimeOrigin::signed(hot.clone()); + let legacy_wvk = || { + let limit = SubtensorModule::get_tempo(netuid) as u64 + * WeightsVersionKeyRateLimit::::get(); + let delta = now.saturating_sub(now - 1); + delta >= limit + }; + parity_check(now, wvk_call, origin, None, None, legacy_wvk); + }); +} + +#[test] +fn associate_evm_key_parity() { + new_ext().execute_with(|| { + let now = 900u64; + let hot = account(80); + let netuid = NetUid::from(6u16); + let uid: u16 = 0; + NetworksAdded::::insert(netuid, true); + pallet_subtensor::AssociatedEvmAddress::::insert( + netuid, + uid, + (H160::zero(), now - 1), + ); + + let call = RuntimeCall::SubtensorModule(SubtensorCall::associate_evm_key { + netuid, + evm_key: H160::zero(), + block_number: now, + signature: ecdsa::Signature::from_raw([0u8; 65]), + }); + let origin = RuntimeOrigin::signed(hot.clone()); + let usage = Some(UsageKey::SubnetNeuron { netuid, uid }); + let scope = Some(netuid); + let limit = ::EvmKeyAssociateRateLimit::get(); + let legacy = || { + let last = now - 1; + let delta = now.saturating_sub(last); + delta >= limit + }; + parity_check(now, call, origin, usage, scope, legacy); + }); +} diff --git a/runtime/tests/rate_limiting_migration.rs b/runtime/tests/rate_limiting_migration.rs index 23a16e3fe4..40f68151ff 100644 --- a/runtime/tests/rate_limiting_migration.rs +++ b/runtime/tests/rate_limiting_migration.rs @@ -3,12 +3,13 @@ use frame_support::traits::OnRuntimeUpgrade; use frame_system::pallet_prelude::BlockNumberFor; use node_subtensor_runtime::{ - rate_limiting, - rate_limiting::migration::{identifier_for_transaction_type, Migration}, - BuildStorage, Runtime, RuntimeGenesisConfig, SubtensorModule, System, + BuildStorage, Runtime, RuntimeGenesisConfig, SubtensorModule, System, rate_limiting, + rate_limiting::migration::{Migration, identifier_for_transaction_type}, }; use pallet_rate_limiting::{RateLimit, RateLimitKind, RateLimitTarget}; -use pallet_subtensor::{HasMigrationRun, LastRateLimitedBlock, RateLimitKey, utils::rate_limiting::TransactionType}; +use pallet_subtensor::{ + HasMigrationRun, LastRateLimitedBlock, RateLimitKey, utils::rate_limiting::TransactionType, +}; use sp_runtime::traits::SaturatedConversion; use subtensor_runtime_common::NetUid; @@ -27,7 +28,9 @@ fn new_test_ext() -> sp_io::TestExternalities { ext } -fn resolve_target(identifier: pallet_rate_limiting::TransactionIdentifier) -> RateLimitTarget { +fn resolve_target( + identifier: pallet_rate_limiting::TransactionIdentifier, +) -> RateLimitTarget { if let Some(group) = pallet_rate_limiting::CallGroups::::get(identifier) { RateLimitTarget::Group(group) } else { @@ -58,10 +61,7 @@ fn migrates_global_register_network_last_seen() { // LastSeen preserved globally (usage = None). let stored = pallet_rate_limiting::LastSeen::::get(target, None::) .expect("last seen entry"); - assert_eq!( - stored, - 10u64.saturated_into::>() - ); + assert_eq!(stored, 10u64.saturated_into::>()); }); } @@ -88,11 +88,8 @@ fn sn_owner_hotkey_limit_not_tempo_scaled_and_last_seen_preserved() { // LastSeen preserved per subnet. let usage: Option<::UsageKey> = Some(UsageKey::Subnet(netuid).into()); - let stored = pallet_rate_limiting::LastSeen::::get(target, usage) - .expect("last seen entry"); - assert_eq!( - stored, - 100u64.saturated_into::>() - ); + let stored = + pallet_rate_limiting::LastSeen::::get(target, usage).expect("last seen entry"); + assert_eq!(stored, 100u64.saturated_into::>()); }); } From 34d5f26509cb4a40a9c66349c7e6c72bd97f67ee Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 1 Dec 2025 16:23:17 +0300 Subject: [PATCH 30/46] Remove register-network calls from rate limit usage resolver --- runtime/src/rate_limiting/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 5b4a97248a..2e5bc85d24 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -113,8 +113,6 @@ impl RateLimitUsageResolver { signed_origin(origin).map(RateLimitUsageKey::::Account) } - SubtensorCall::register_network { .. } - | SubtensorCall::register_network_with_identity { .. } => None, SubtensorCall::increase_take { hotkey, .. } => { Some(RateLimitUsageKey::::Account(hotkey.clone())) } @@ -136,6 +134,8 @@ impl RateLimitUsageResolver Date: Mon, 1 Dec 2025 16:56:04 +0300 Subject: [PATCH 31/46] Add read-only flag to grouped calls in pallet-rate-limiting --- pallets/rate-limiting/src/benchmarking.rs | 4 +- pallets/rate-limiting/src/lib.rs | 82 ++++++++++++++++++-- pallets/rate-limiting/src/tests.rs | 93 ++++++++++++++++++++--- pallets/rate-limiting/src/tx_extension.rs | 67 +++++++++++++++- 4 files changed, 222 insertions(+), 24 deletions(-) diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index 23dfecec85..38568dea28 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -8,6 +8,7 @@ use frame_system::{RawOrigin, pallet_prelude::BlockNumberFor}; use sp_runtime::traits::{One, Saturating}; use super::*; +use crate::CallReadOnly; pub trait BenchmarkHelper { fn sample_call() -> Call; @@ -85,9 +86,10 @@ mod benchmarks { let identifier = register_call_with_group::(None); #[extrinsic_call] - _(RawOrigin::Root, identifier, group); + _(RawOrigin::Root, identifier, group, false); assert_eq!(CallGroups::::get(identifier), Some(group)); + assert_eq!(CallReadOnly::::get(identifier), Some(false)); assert!(GroupMembers::::get(group).contains(&identifier)); } diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index b40976f018..af9149f8dd 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -20,6 +20,8 @@ //! - [`assign_call_to_group`](pallet::Pallet::assign_call_to_group) and //! [`remove_call_from_group`](pallet::Pallet::remove_call_from_group): manage group membership for //! registered calls. +//! - [`set_call_read_only`](pallet::Pallet::set_call_read_only): for grouped calls, choose whether +//! successful dispatches should update the shared usage row (`false` by default). //! - [`deregister_call`](pallet::Pallet::deregister_call): remove scoped configuration or wipe the //! registration entirely. //! - [`set_default_rate_limit`](pallet::Pallet::set_default_rate_limit): set the global default @@ -280,6 +282,12 @@ pub mod pallet { OptionQuery, >; + /// Tracks whether a grouped call should skip writing usage metadata on success. + #[pallet::storage] + #[pallet::getter(fn call_read_only)] + pub type CallReadOnly, I: 'static = ()> = + StorageMap<_, Blake2_128Concat, TransactionIdentifier, bool, OptionQuery>; + /// Metadata for each configured group. #[pallet::storage] #[pallet::getter(fn groups)] @@ -394,6 +402,15 @@ pub mod pallet { /// Updated group assignment (None when cleared). group: Option<>::GroupId>, }, + /// A grouped call toggled whether it writes usage after enforcement. + CallReadOnlyUpdated { + /// Identifier of the transaction. + transaction: TransactionIdentifier, + /// Group to which the call belongs. + group: >::GroupId, + /// Current read-only flag. + read_only: bool, + }, } /// Errors that can occur while configuring rate limits. @@ -586,6 +603,18 @@ pub mod pallet { true } + pub(crate) fn should_record_usage( + identifier: &TransactionIdentifier, + usage_target: &RateLimitTarget<>::GroupId>, + ) -> bool { + match usage_target { + RateLimitTarget::Group(_) => { + !CallReadOnly::::get(identifier).unwrap_or(false) + } + RateLimitTarget::Transaction(_) => true, + } + } + /// Inserts or updates the cached usage timestamp for a rate-limited call. /// /// This is primarily intended for migrations that need to hydrate the new tracking storage @@ -893,6 +922,7 @@ pub mod pallet { Self::ensure_group_details(group_id)?; Self::insert_call_into_group(&identifier, group_id)?; CallGroups::::insert(&identifier, group_id); + CallReadOnly::::insert(&identifier, false); assigned_group = Some(group_id); } @@ -910,6 +940,11 @@ pub mod pallet { transaction: identifier, group: Some(group_id), }); + Self::deposit_event(Event::CallReadOnlyUpdated { + transaction: identifier, + group: group_id, + read_only: false, + }); } Ok(()) @@ -965,13 +1000,15 @@ pub mod pallet { Ok(()) } - /// Assigns a registered call to the specified group. + /// Assigns a registered call to the specified group and optionally marks it as read-only + /// for usage tracking. #[pallet::call_index(2)] #[pallet::weight(T::DbWeight::get().reads_writes(3, 3))] pub fn assign_call_to_group( origin: OriginFor, transaction: TransactionIdentifier, group: >::GroupId, + read_only: bool, ) -> DispatchResult { T::AdminOrigin::ensure_origin(origin)?; @@ -979,20 +1016,20 @@ pub mod pallet { Self::ensure_group_details(group)?; let current = CallGroups::::get(&transaction); - if current == Some(group) { - return Err(Error::::CallAlreadyInGroup.into()); - } - + ensure!(current.is_none(), Error::::CallAlreadyInGroup); Self::insert_call_into_group(&transaction, group)?; - if let Some(existing) = current { - Self::detach_call_from_group(&transaction, existing); - } CallGroups::::insert(&transaction, group); + CallReadOnly::::insert(&transaction, read_only); Self::deposit_event(Event::CallGroupUpdated { transaction, group: Some(group), }); + Self::deposit_event(Event::CallReadOnlyUpdated { + transaction, + group, + read_only, + }); Ok(()) } @@ -1010,6 +1047,7 @@ pub mod pallet { let Some(group) = CallGroups::::take(&transaction) else { return Err(Error::::CallNotInGroup.into()); }; + CallReadOnly::::remove(&transaction); Self::detach_call_from_group(&transaction, group); Self::deposit_event(Event::CallGroupUpdated { @@ -1164,6 +1202,7 @@ pub mod pallet { ensure!(removed, Error::::MissingRateLimit); if let Some(group) = CallGroups::::take(&transaction) { + CallReadOnly::::remove(&transaction); Self::detach_call_from_group(&transaction, group); Self::deposit_event(Event::CallGroupUpdated { transaction, @@ -1178,6 +1217,7 @@ pub mod pallet { } if let Some(group) = CallGroups::::take(&transaction) { + CallReadOnly::::remove(&transaction); Self::detach_call_from_group(&transaction, group); Self::deposit_event(Event::CallGroupUpdated { transaction, @@ -1202,5 +1242,31 @@ pub mod pallet { Ok(()) } + + /// Updates whether a grouped call should skip writing usage metadata after enforcement. + /// + /// The call must already be assigned to a group. + #[pallet::call_index(9)] + #[pallet::weight(T::DbWeight::get().reads_writes(2, 1))] + pub fn set_call_read_only( + origin: OriginFor, + transaction: TransactionIdentifier, + read_only: bool, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + Self::ensure_call_registered(&transaction)?; + let group = + CallGroups::::get(&transaction).ok_or(Error::::CallNotInGroup)?; + CallReadOnly::::insert(&transaction, read_only); + + Self::deposit_event(Event::CallReadOnlyUpdated { + transaction, + group, + read_only, + }); + + Ok(()) + } } } diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 5027909b67..1b4fc170b4 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -2,8 +2,8 @@ use frame_support::{assert_noop, assert_ok}; use sp_std::vec::Vec; use crate::{ - CallGroups, Config, GroupMembers, GroupSharing, LastSeen, Limits, RateLimit, RateLimitKind, - RateLimitTarget, TransactionIdentifier, mock::*, pallet::Error, + CallGroups, CallReadOnly, Config, GroupMembers, GroupSharing, LastSeen, Limits, RateLimit, + RateLimitKind, RateLimitTarget, TransactionIdentifier, mock::*, pallet::Error, }; use frame_support::traits::Get; @@ -132,6 +132,7 @@ fn set_rate_limit_requires_registration_and_group_targeting() { RuntimeOrigin::root(), identifier, group, + false, )); assert_noop!( RateLimiting::set_rate_limit( @@ -150,11 +151,42 @@ fn set_rate_limit_respects_group_config_sharing() { new_test_ext().execute_with(|| { let identifier = register(remark_call(), None); let group = create_group(b"test", GroupSharing::ConfigAndUsage); + // Consume group creation event to keep ordering predictable. + let created = last_event(); + assert!(matches!( + created, + RuntimeEvent::RateLimiting(crate::Event::GroupCreated { group: g, .. }) if g == group + )); assert_ok!(RateLimiting::assign_call_to_group( RuntimeOrigin::root(), identifier, group, + false, )); + let events: Vec<_> = System::events() + .into_iter() + .map(|e| e.event) + .filter(|evt| matches!(evt, RuntimeEvent::RateLimiting(_))) + .collect(); + assert!(events.iter().any(|evt| { + matches!( + evt, + RuntimeEvent::RateLimiting(crate::Event::CallReadOnlyUpdated { + transaction, + group: g, + read_only: false, + }) if *transaction == identifier && *g == group + ) + })); + assert!(events.iter().any(|evt| { + matches!( + evt, + RuntimeEvent::RateLimiting(crate::Event::CallGroupUpdated { + transaction, + group: Some(g), + }) if *transaction == identifier && *g == group + ) + })); assert_noop!( RateLimiting::set_rate_limit( RuntimeOrigin::root(), @@ -164,15 +196,6 @@ fn set_rate_limit_respects_group_config_sharing() { ), Error::::MustTargetGroup ); - - let event = last_event(); - assert!(matches!( - event, - RuntimeEvent::RateLimiting(crate::Event::CallGroupUpdated { - transaction, - group: Some(g), - }) if transaction == identifier && g == group - )); }); } @@ -185,8 +208,10 @@ fn assign_and_remove_group_membership() { RuntimeOrigin::root(), identifier, group, + false, )); assert_eq!(CallGroups::::get(identifier), Some(group)); + assert_eq!(CallReadOnly::::get(identifier), Some(false)); assert!(GroupMembers::::get(group).contains(&identifier)); assert_ok!(RateLimiting::remove_call_from_group( RuntimeOrigin::root(), @@ -395,7 +420,7 @@ fn group_member_limit_and_removal_errors() { // Next insert should fail. let extra = register(remark_call(), None); assert_noop!( - RateLimiting::assign_call_to_group(RuntimeOrigin::root(), extra, group), + RateLimiting::assign_call_to_group(RuntimeOrigin::root(), extra, group, false), Error::::GroupMemberLimitExceeded ); @@ -407,6 +432,50 @@ fn group_member_limit_and_removal_errors() { }); } +#[test] +fn set_call_read_only_requires_group() { + new_test_ext().execute_with(|| { + let identifier = register(remark_call(), None); + assert_noop!( + RateLimiting::set_call_read_only(RuntimeOrigin::root(), identifier, true), + Error::::CallNotInGroup + ); + }); +} + +#[test] +fn set_call_read_only_updates_assignment_and_emits_event() { + new_test_ext().execute_with(|| { + let group = create_group(b"ro", GroupSharing::UsageOnly); + let identifier = register(remark_call(), None); + assert_ok!(RateLimiting::assign_call_to_group( + RuntimeOrigin::root(), + identifier, + group, + false, + )); + + assert_ok!(RateLimiting::set_call_read_only( + RuntimeOrigin::root(), + identifier, + true + )); + + assert_eq!(CallGroups::::get(identifier), Some(group)); + assert_eq!(CallReadOnly::::get(identifier), Some(true)); + + let event = last_event(); + assert!(matches!( + event, + RuntimeEvent::RateLimiting(crate::Event::CallReadOnlyUpdated { + transaction, + group: g, + read_only: true, + }) if transaction == identifier && g == group + )); + }); +} + #[test] fn cannot_delete_group_in_use_or_unknown() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 3d400e6918..e1ffd4f14f 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -95,10 +95,12 @@ where type Val = Option<( RateLimitTarget<>::GroupId>, Option<>::UsageKey>, + bool, )>; type Pre = Option<( RateLimitTarget<>::GroupId>, Option<>::UsageKey>, + bool, )>; fn weight(&self, _call: &>::RuntimeCall) -> Weight { @@ -131,6 +133,7 @@ where .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; let usage_target = Pallet::::usage_target(&identifier) .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; + let should_record = Pallet::::should_record_usage(&identifier, &usage_target); let Some(block_span) = Pallet::::effective_span(&origin, call, &config_target, &scope) @@ -152,7 +155,7 @@ where Ok(( ValidTransaction::default(), - Some((usage_target, usage)), + Some((usage_target, usage, should_record)), origin, )) } @@ -176,7 +179,10 @@ where result: &DispatchResult, ) -> Result<(), TransactionValidityError> { if result.is_ok() { - if let Some((target, usage)) = pre { + if let Some((target, usage, should_record)) = pre { + if !should_record { + return Ok(()); + } let block_number = frame_system::Pallet::::block_number(); LastSeen::::insert(target, usage, block_number); } @@ -237,7 +243,7 @@ mod tests { ) -> Result< ( sp_runtime::transaction_validity::ValidTransaction, - Option<(RateLimitTarget, Option)>, + Option<(RateLimitTarget, Option, bool)>, RuntimeOrigin, ), TransactionValidityError, @@ -432,6 +438,61 @@ mod tests { }); } + #[test] + fn tx_extension_skips_write_for_read_only_group_member() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + assert_ok!(RateLimiting::create_group( + RuntimeOrigin::root(), + b"use-ro".to_vec(), + GroupSharing::UsageOnly, + )); + let group = RateLimiting::next_group_id().saturating_sub(1); + + let call = remark_call(); + let identifier = identifier_for(&call); + assert_ok!(RateLimiting::register_call( + RuntimeOrigin::root(), + Box::new(call.clone()), + Some(group), + )); + assert_ok!(RateLimiting::set_call_read_only( + RuntimeOrigin::root(), + identifier, + true + )); + + let tx_target = RateLimitTarget::Transaction(identifier); + let usage_target = RateLimitTarget::Group(group); + Limits::::insert(tx_target, RateLimit::global(RateLimitKind::Exact(2))); + LastSeen::::insert(usage_target, Some(1u16), 2); + + System::set_block_number(5); + + let (_valid, val, _) = validate_with_tx_extension(&extension, &call).expect("valid"); + let info = call.get_dispatch_info(); + let len = call.encode().len(); + let origin_for_prepare = RuntimeOrigin::signed(42); + let pre = extension + .clone() + .prepare(val.clone(), &origin_for_prepare, &call, &info, len) + .expect("prepare succeeds"); + + let mut post = PostDispatchInfo::default(); + RateLimitTransactionExtension::::post_dispatch( + pre, + &info, + &mut post, + len, + &Ok(()), + ) + .expect("post_dispatch succeeds"); + + // Usage key should remain untouched because the call is read-only. + assert_eq!(LastSeen::::get(usage_target, Some(1u16)), Some(2)); + }); + } + #[test] fn tx_extension_respects_usage_group_sharing() { new_test_ext().execute_with(|| { From b4fef3223367aea77f2ad138bd5fa07d1fbc0143 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 1 Dec 2025 17:29:58 +0300 Subject: [PATCH 32/46] Fix staking ops rate limiting migration --- runtime/src/rate_limiting/migration.rs | 46 +++++++++++++++++++++++++- runtime/src/rate_limiting/mod.rs | 6 ++-- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 54cc99d109..f02be4e422 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -70,6 +70,7 @@ const GROUP_WEIGHTS_SUBNET: GroupId = 2; const GROUP_WEIGHTS_MECHANISM: GroupId = 3; const GROUP_REGISTER_NETWORK: GroupId = 4; const GROUP_OWNER_HPARAMS: GroupId = 5; +const GROUP_STAKING_OPS: GroupId = 6; fn hyperparameter_identifiers() -> Vec { HYPERPARAMETERS @@ -126,6 +127,22 @@ fn group_definitions() -> Vec { sharing: GroupSharing::ConfigOnly, members: hyperparameter_identifiers(), }, + GroupDefinition { + id: GROUP_STAKING_OPS, + name: b"staking-ops", + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(2), // add_stake + subtensor_identifier(88), // add_stake_limit + subtensor_identifier(3), // remove_stake + subtensor_identifier(89), // remove_stake_limit + subtensor_identifier(103), // remove_stake_full_limit + subtensor_identifier(85), // move_stake + subtensor_identifier(86), // transfer_stake + subtensor_identifier(87), // swap_stake + subtensor_identifier(90), // swap_stake_limit + ], + }, ] } @@ -166,6 +183,7 @@ struct GroupInfo { #[derive(Default)] struct Grouping { assignments: BTreeMap, + read_only: BTreeMap, members: BTreeMap>, details: Vec>>, next_group_id: GroupId, @@ -177,6 +195,10 @@ impl Grouping { self.members.get(&id) } + fn set_read_only(&mut self, id: TransactionIdentifier, read_only: bool) { + self.read_only.insert(id, read_only); + } + fn insert_group( &mut self, id: GroupId, @@ -188,6 +210,7 @@ impl Grouping { for member in members { self.assignments.insert(*member, GroupInfo { id, sharing }); entry.insert(*member); + self.read_only.entry(*member).or_insert(false); } self.details.push(RateLimitGroup { @@ -252,6 +275,15 @@ fn build_grouping() -> Grouping { ); } + // Mark staking operations that should not update usage after enforcement. + for readonly in [ + subtensor_identifier(3), + subtensor_identifier(89), + subtensor_identifier(103), + ] { + grouping.set_read_only(readonly, true); + } + grouping.finalize_next_id(); grouping } @@ -409,6 +441,13 @@ fn gather_simple_limits( ); } + // Staking operations use a 1-block lock shared by the group. + set_global_limit::( + limits, + grouping.config_target(subtensor_identifier(2)), + BlockNumberFor::::from(1u32), + ); + reads } @@ -761,6 +800,11 @@ where let group_id = info.id.saturated_into::>(); pallet_rate_limiting::CallGroups::::insert(*identifier, group_id); writes += 1; + + if grouping.read_only.get(identifier).copied().unwrap_or(false) { + pallet_rate_limiting::CallReadOnly::::insert(*identifier, true); + writes += 1; + } } let next_group_id = grouping.next_group_id.saturated_into::>(); @@ -1033,7 +1077,7 @@ mod tests { pallet_rate_limiting::CallGroups::::get(subtensor_identifier(66)), Some(DELEGATE_TAKE_GROUP_ID) ); - assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 6); + assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 7); }); } diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 2e5bc85d24..87a565b4c9 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -168,6 +168,8 @@ impl RateLimitUsageResolver { + } => { let coldkey = signed_origin(origin)?; Some(RateLimitUsageKey::::ColdkeyHotkeySubnet { coldkey, From cd091537eaed5ad2a196039213b8eba0c031beee Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Wed, 3 Dec 2025 16:42:49 +0300 Subject: [PATCH 33/46] Fix sudo_set_weights_version_key rate-limiting migration - fix scope resolver --- runtime/src/rate_limiting/migration.rs | 19 +++++++------------ runtime/src/rate_limiting/mod.rs | 19 ++++++++++++++++--- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index f02be4e422..e4a73d484d 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -968,23 +968,18 @@ where AccountId: Parameter + Clone, { match tx { - TransactionType::SetChildren | TransactionType::SetChildkeyTake => { - Some(RateLimitUsageKey::AccountSubnet { - account: account.clone(), - netuid, - }) - } - TransactionType::SetWeightsVersionKey => Some(RateLimitUsageKey::Subnet(netuid)), TransactionType::MechanismCountUpdate + | TransactionType::MaxUidsTrimming | TransactionType::MechanismEmission - | TransactionType::MaxUidsTrimming => Some(RateLimitUsageKey::AccountSubnet { + | TransactionType::SetChildkeyTake + | TransactionType::SetChildren + | TransactionType::SetWeightsVersionKey => Some(RateLimitUsageKey::AccountSubnet { account: account.clone(), netuid, }), - TransactionType::OwnerHyperparamUpdate(_) => Some(RateLimitUsageKey::Subnet(netuid)), - TransactionType::RegisterNetwork => None, - TransactionType::SetSNOwnerHotkey => Some(RateLimitUsageKey::Subnet(netuid)), - TransactionType::Unknown => None, + TransactionType::SetSNOwnerHotkey | TransactionType::OwnerHyperparamUpdate(_) => { + Some(RateLimitUsageKey::Subnet(netuid)) + } _ => None, } } diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 87a565b4c9..535b8e9b60 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -92,10 +92,24 @@ impl RateLimitScopeResolver for } let tempo = BlockNumber::from(Tempo::::get(netuid) as u32); span.saturating_mul(tempo) + } else if let AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } = inner { + if span == 0 { + return span; + } + let tempo = BlockNumber::from(Tempo::::get(netuid) as u32); + span.saturating_mul(tempo) } else { span } } + RuntimeCall::SubtensorModule(inner) => match inner { + // Marker-only staking ops: allow but still record usage. + pallet_subtensor::Call::add_stake { .. } + | pallet_subtensor::Call::add_stake_limit { .. } => BlockNumber::from(0u32), + // Decrease take is marker-only; increase uses configured span. + pallet_subtensor::Call::decrease_take { .. } => BlockNumber::from(0u32), + _ => span, + }, _ => span, } } @@ -206,14 +220,14 @@ impl RateLimitUsageResolver { if let Some(netuid) = owner_hparam_netuid(inner) { - // Hyperparameter setters share a global span but are tracked per subnet. Some(RateLimitUsageKey::::Subnet(netuid)) } else { match inner { AdminUtilsCall::sudo_set_sn_owner_hotkey { netuid, .. } => { Some(RateLimitUsageKey::::Subnet(*netuid)) } - AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } + AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } + | AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } | AdminUtilsCall::sudo_set_mechanism_emission_split { netuid, .. } | AdminUtilsCall::sudo_trim_to_max_allowed_uids { netuid, .. } => { let who = signed_origin(origin)?; @@ -269,7 +283,6 @@ fn owner_hparam_netuid(call: &AdminUtilsCall) -> Option { | AdminUtilsCall::sudo_set_rho { netuid, .. } | AdminUtilsCall::sudo_set_serving_rate_limit { netuid, .. } | AdminUtilsCall::sudo_set_toggle_transfer { netuid, .. } - | AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } | AdminUtilsCall::sudo_set_yuma3_enabled { netuid, .. } => Some(*netuid), _ => None, } From 0d3a1d5d99ceeae0bb2798990abae8ad60cdd101 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Thu, 4 Dec 2025 16:15:50 +0300 Subject: [PATCH 34/46] Refactor rate-limiting migration --- pallets/rate-limiting/src/lib.rs | 4 +- runtime/src/rate_limiting/migration.rs | 565 +++++++++++++++++------- runtime/tests/rate_limiting_behavior.rs | 10 +- 3 files changed, 421 insertions(+), 158 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index af9149f8dd..8760ce7269 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -571,7 +571,9 @@ pub mod pallet { }) } - pub(crate) fn effective_span( + /// Resolves the span for a target/scope and applies the configured span adjustment + /// (e.g., tempo scaling) using the pallet's scope resolver. + pub fn effective_span( origin: &DispatchOriginOf<>::RuntimeCall>, call: &>::RuntimeCall, target: &RateLimitTarget<>::GroupId>, diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index e4a73d484d..47446650aa 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -12,8 +12,8 @@ use pallet_subtensor::{ self, AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, LastRateLimitedBlock, LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountSetRateLimit, MechanismEmissionRateLimit, NetworkRateLimit, OwnerHyperparamRateLimit, Pallet, Prometheus, - RateLimitKey, TransactionKeyLastBlock, TxChildkeyTakeRateLimit, TxDelegateTakeRateLimit, - TxRateLimit, WeightsVersionKeyRateLimit, + RateLimitKey, ServingRateLimit, TransactionKeyLastBlock, TxChildkeyTakeRateLimit, + TxDelegateTakeRateLimit, TxRateLimit, WeightsVersionKeyRateLimit, utils::rate_limiting::{Hyperparameter, TransactionType}, }; use sp_runtime::traits::SaturatedConversion; @@ -24,9 +24,9 @@ use sp_std::{ }; use subtensor_runtime_common::NetUid; -use super::RateLimitUsageKey; +use super::{RateLimitUsageKey, Runtime}; -type GroupIdOf = ::GroupId; +type GroupId = ::GroupId; type LimitEntries = Vec<( RateLimitTarget, RateLimit>, @@ -47,22 +47,13 @@ const SUBTENSOR_PALLET_INDEX: u8 = 7; /// Pallet index assigned to `pallet_admin_utils` in `construct_runtime!`. const ADMIN_UTILS_PALLET_INDEX: u8 = 19; -/// Marker stored in `HasMigrationRun` once the migration finishes. +const SERVE_PROM_IDENTIFIER: TransactionIdentifier = subtensor_identifier(5); + +/// Marker stored in `pallet_subtensor::HasMigrationRun` once the migration finishes. const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; -/// `set_children` is rate-limited to once every 150 blocks. +/// `set_children` is rate-limited to once every 150 blocks, it's hard-coded in the legacy code. const SET_CHILDREN_RATE_LIMIT: u64 = 150; -/// `set_sn_owner_hotkey` default interval (blocks). -const DEFAULT_SET_SN_OWNER_HOTKEY_LIMIT: u64 = 50_400; - -type GroupId = u32; - -struct GroupDefinition { - id: GroupId, - name: &'static [u8], - sharing: GroupSharing, - members: Vec, -} const GROUP_SERVE_AXON: GroupId = 0; const GROUP_DELEGATE_TAKE: GroupId = 1; @@ -72,80 +63,6 @@ const GROUP_REGISTER_NETWORK: GroupId = 4; const GROUP_OWNER_HPARAMS: GroupId = 5; const GROUP_STAKING_OPS: GroupId = 6; -fn hyperparameter_identifiers() -> Vec { - HYPERPARAMETERS - .iter() - .filter_map(|h| identifier_for_hyperparameter(*h)) - .collect() -} - -fn group_definitions() -> Vec { - vec![ - GroupDefinition { - id: GROUP_SERVE_AXON, - name: b"serve-axon", - sharing: GroupSharing::ConfigAndUsage, - members: vec![subtensor_identifier(4), subtensor_identifier(40)], - }, - GroupDefinition { - id: GROUP_DELEGATE_TAKE, - name: b"delegate-take", - sharing: GroupSharing::ConfigAndUsage, - members: vec![subtensor_identifier(66), subtensor_identifier(65)], - }, - GroupDefinition { - id: GROUP_WEIGHTS_SUBNET, - name: b"weights-subnet", - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(0), - subtensor_identifier(96), - subtensor_identifier(100), - subtensor_identifier(113), - ], - }, - GroupDefinition { - id: GROUP_WEIGHTS_MECHANISM, - name: b"weights-mechanism", - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(119), - subtensor_identifier(115), - subtensor_identifier(117), - subtensor_identifier(118), - ], - }, - GroupDefinition { - id: GROUP_REGISTER_NETWORK, - name: b"register-network", - sharing: GroupSharing::ConfigAndUsage, - members: vec![subtensor_identifier(59), subtensor_identifier(79)], - }, - GroupDefinition { - id: GROUP_OWNER_HPARAMS, - name: b"owner-hparams", - sharing: GroupSharing::ConfigOnly, - members: hyperparameter_identifiers(), - }, - GroupDefinition { - id: GROUP_STAKING_OPS, - name: b"staking-ops", - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(2), // add_stake - subtensor_identifier(88), // add_stake_limit - subtensor_identifier(3), // remove_stake - subtensor_identifier(89), // remove_stake_limit - subtensor_identifier(103), // remove_stake_full_limit - subtensor_identifier(85), // move_stake - subtensor_identifier(86), // transfer_stake - subtensor_identifier(87), // swap_stake - subtensor_identifier(90), // swap_stake_limit - ], - }, - ] -} - /// Hyperparameter extrinsics routed through owner-or-root rate limiting. const HYPERPARAMETERS: &[Hyperparameter] = &[ Hyperparameter::ServingRateLimit, @@ -174,6 +91,60 @@ const HYPERPARAMETERS: &[Hyperparameter] = &[ Hyperparameter::RecycleOrBurn, ]; +/// Identifies whether a rate-limited entry applies to a single call or a named group. +#[derive(Clone, Debug, PartialEq, Eq)] +pub enum TargetKind { + Standalone(TransactionIdentifier), + Group { + id: GroupId, + name: Vec, + sharing: GroupSharing, + members: Vec, + }, +} + +/// Describes how a limit is scoped in storage. +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub enum LimitScopeKind { + Global, + Netuid, +} + +/// Describes the shape of the usage key recorded after a call executes. +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub enum UsageKind { + None, + Account, + Subnet, + AccountSubnet, + ColdkeyHotkeySubnet, + SubnetNeuron, + SubnetMechanismNeuron, +} + +/// Human-friendly description of a rate-limited call or group. +#[derive(Clone, Debug, PartialEq, Eq)] +pub struct RateLimitedCall { + pub target: TargetKind, + pub scope: LimitScopeKind, + pub usage: UsageKind, + /// Calls that should not record usage when dispatched (only relevant for groups). + pub read_only: Vec, + /// Legacy storage sources used by the migration. + pub legacy: LegacySources, +} + +/// Summarizes where legacy limits and last-seen data are sourced from. +#[derive(Clone, Debug, PartialEq, Eq)] +pub struct LegacySources { + pub limits: &'static [&'static str], + pub last_seen: &'static [&'static str], +} + +fn sources(limits: &'static [&'static str], last_seen: &'static [&'static str]) -> LegacySources { + LegacySources { limits, last_seen } +} + #[derive(Clone, Copy)] struct GroupInfo { id: GroupId, @@ -245,8 +216,6 @@ impl Grouping { } } -const SERVE_PROM_IDENTIFIER: TransactionIdentifier = subtensor_identifier(5); - fn serve_calls(grouping: &Grouping) -> Vec { let mut calls = Vec::new(); if let Some(members) = grouping.members(GROUP_SERVE_AXON) { @@ -263,31 +232,276 @@ fn weight_calls_subnet(grouping: &Grouping) -> Vec { .unwrap_or_default() } +fn weight_calls_mechanism(grouping: &Grouping) -> Vec { + grouping + .members(GROUP_WEIGHTS_MECHANISM) + .map(|m| m.iter().copied().collect()) + .unwrap_or_default() +} + fn build_grouping() -> Grouping { let mut grouping = Grouping::default(); - for definition in group_definitions() { - grouping.insert_group( - definition.id, - definition.name, - definition.sharing, - &definition.members, - ); - } - - // Mark staking operations that should not update usage after enforcement. - for readonly in [ - subtensor_identifier(3), - subtensor_identifier(89), - subtensor_identifier(103), - ] { - grouping.set_read_only(readonly, true); + for entry in rate_limited_calls() { + match entry.target { + TargetKind::Group { + id, + name, + sharing, + members, + } => { + grouping.insert_group(id, &name, sharing, &members); + for member in members { + if entry.read_only.contains(&member) { + grouping.set_read_only(member, true); + } + } + } + TargetKind::Standalone(call) => { + if entry.read_only.contains(&call) { + grouping.set_read_only(call, true); + } + } + } } grouping.finalize_next_id(); grouping } +/// Returns a readable listing of all calls covered by the migration. +/// Each entry captures how the call is grouped, scoped, and which legacy +/// storage sources feed its limits and last-seen values. +pub fn rate_limited_calls() -> Vec { + vec![ + RateLimitedCall { + target: TargetKind::Group { + id: GROUP_SERVE_AXON, + name: b"serve-axon".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(4), // serve_axon + subtensor_identifier(40), // serve_axon_tls + ], + }, + scope: LimitScopeKind::Netuid, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources(&["ServingRateLimit (per netuid)"], &["Axons"]), + }, + RateLimitedCall { + target: TargetKind::Standalone(SERVE_PROM_IDENTIFIER), // serve_prometheus + scope: LimitScopeKind::Netuid, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources(&["ServingRateLimit (per netuid)"], &["Prometheus"]), + }, + RateLimitedCall { + target: TargetKind::Group { + id: GROUP_DELEGATE_TAKE, + name: b"delegate-take".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(66), // increase_take + subtensor_identifier(65), // decrease_take + ], + }, + scope: LimitScopeKind::Global, + usage: UsageKind::Account, + read_only: Vec::new(), + legacy: sources(&["TxDelegateTakeRateLimit"], &["LastTxBlockDelegateTake"]), + }, + RateLimitedCall { + target: TargetKind::Group { + id: GROUP_WEIGHTS_SUBNET, + name: b"weights-subnet".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(0), // set_weights + subtensor_identifier(96), // commit_weights + subtensor_identifier(100), // batch_commit_weights + subtensor_identifier(113), // commit_timelocked_weights + subtensor_identifier(97), // reveal_weights + subtensor_identifier(98), // batch_reveal_weights + ], + }, + scope: LimitScopeKind::Netuid, + usage: UsageKind::SubnetNeuron, + read_only: Vec::new(), + legacy: sources(&["SubnetWeightsSetRateLimit"], &["LastUpdate (subnet)"]), + }, + RateLimitedCall { + target: TargetKind::Group { + id: GROUP_WEIGHTS_MECHANISM, + name: b"weights-mechanism".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(119), // set_mechanism_weights + subtensor_identifier(115), // commit_mechanism_weights + subtensor_identifier(117), // commit_crv3_mechanism_weights + subtensor_identifier(118), // commit_timelocked_mechanism_weights + subtensor_identifier(116), // reveal_mechanism_weights + ], + }, + scope: LimitScopeKind::Netuid, + usage: UsageKind::SubnetMechanismNeuron, + read_only: Vec::new(), + legacy: sources(&["SubnetWeightsSetRateLimit"], &["LastUpdate (mechanism)"]), + }, + RateLimitedCall { + target: TargetKind::Group { + id: GROUP_REGISTER_NETWORK, + name: b"register-network".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(59), // register_network + subtensor_identifier(79), // register_network_with_identity + ], + }, + scope: LimitScopeKind::Global, + usage: UsageKind::None, + read_only: Vec::new(), + legacy: sources(&["NetworkRateLimit"], &["NetworkLastRegistered"]), + }, + RateLimitedCall { + target: TargetKind::Group { + id: GROUP_OWNER_HPARAMS, + name: b"owner-hparams".to_vec(), + sharing: GroupSharing::ConfigOnly, + members: HYPERPARAMETERS + .iter() + .filter_map(|h| identifier_for_hyperparameter(*h)) + .collect(), + }, + scope: LimitScopeKind::Netuid, + usage: UsageKind::Subnet, + read_only: Vec::new(), + legacy: sources( + &["OwnerHyperparamRateLimit * tempo"], + &["LastRateLimitedBlock::OwnerHyperparamUpdate"], + ), + }, + RateLimitedCall { + target: TargetKind::Group { + id: GROUP_STAKING_OPS, + name: b"staking-ops".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + subtensor_identifier(2), // add_stake + subtensor_identifier(88), // add_stake_limit + subtensor_identifier(3), // remove_stake + subtensor_identifier(89), // remove_stake_limit + subtensor_identifier(103), // remove_stake_full_limit + subtensor_identifier(85), // move_stake + subtensor_identifier(86), // transfer_stake + subtensor_identifier(87), // swap_stake + subtensor_identifier(90), // swap_stake_limit + ], + }, + scope: LimitScopeKind::Global, + usage: UsageKind::ColdkeyHotkeySubnet, + read_only: vec![ + subtensor_identifier(3), // remove_stake + subtensor_identifier(89), // remove_stake_limit + subtensor_identifier(103), // remove_stake_full_limit + subtensor_identifier(86), // transfer_stake + subtensor_identifier(85), // move_stake + subtensor_identifier(87), // swap_stake + subtensor_identifier(90), // swap_stake_limit + ], + legacy: sources(&["TxRateLimit"], &[]), + }, + RateLimitedCall { + target: TargetKind::Standalone(subtensor_identifier(70)), // swap_hotkey + scope: LimitScopeKind::Global, + usage: UsageKind::Account, + read_only: Vec::new(), + legacy: sources(&["TxRateLimit"], &["LastRateLimitedBlock::LastTxBlock"]), + }, + RateLimitedCall { + target: TargetKind::Standalone(subtensor_identifier(75)), // set_childkey_take + scope: LimitScopeKind::Global, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources(&["TxChildkeyTakeRateLimit"], &["TransactionKeyLastBlock::SetChildkeyTake"]), + }, + RateLimitedCall { + target: TargetKind::Standalone(subtensor_identifier(67)), // set_children + scope: LimitScopeKind::Global, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources( + &["SET_CHILDREN_RATE_LIMIT (constant 150)"], + &["TransactionKeyLastBlock::SetChildren"], + ), + }, + RateLimitedCall { + // sudo_set_weights_version_key + target: TargetKind::Standalone(admin_utils_identifier(6)), + scope: LimitScopeKind::Netuid, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources( + &["WeightsVersionKeyRateLimit * tempo"], + &["TransactionKeyLastBlock::SetWeightsVersionKey"], + ), + }, + RateLimitedCall { + // sudo_set_sn_owner_hotkey + target: TargetKind::Standalone(admin_utils_identifier(67)), + scope: LimitScopeKind::Global, + usage: UsageKind::Subnet, + read_only: Vec::new(), + legacy: sources( + &["DefaultSetSNOwnerHotkeyRateLimit"], + &["LastRateLimitedBlock::SetSNOwnerHotkey"], + ), + }, + RateLimitedCall { + target: TargetKind::Standalone(subtensor_identifier(93)), // associate_evm_key + scope: LimitScopeKind::Global, + usage: UsageKind::SubnetNeuron, + read_only: Vec::new(), + legacy: sources( + &["EvmKeyAssociateRateLimit"], + &["AssociatedEvmAddress"], + ), + }, + RateLimitedCall { + target: TargetKind::Standalone(admin_utils_identifier(76)), // sudo_set_mechanism_count + scope: LimitScopeKind::Global, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources( + &["MechanismCountSetRateLimit"], + &["TransactionKeyLastBlock::MechanismCountUpdate"], + ), + }, + RateLimitedCall { + // sudo_set_mechanism_emission_split + target: TargetKind::Standalone(admin_utils_identifier(77)), + scope: LimitScopeKind::Global, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources( + &["MechanismEmissionRateLimit"], + &["TransactionKeyLastBlock::MechanismEmission"], + ), + }, + RateLimitedCall { + // sudo_trim_to_max_allowed_uids + target: TargetKind::Standalone(admin_utils_identifier(78)), + scope: LimitScopeKind::Global, + usage: UsageKind::AccountSubnet, + read_only: Vec::new(), + legacy: sources( + &["MaxUidsTrimmingRateLimit"], + &["TransactionKeyLastBlock::MaxUidsTrimming"], + ), + }, + ] +} + pub fn migrate_rate_limiting() -> Weight where T: SubtensorConfig + pallet_rate_limiting::Config, @@ -330,21 +544,31 @@ where weight } +type LimitImporter = fn(&Grouping, &mut LimitEntries) -> u64; + +fn limit_importers() -> [LimitImporter; 4] { + [ + import_simple_limits::, // Tx/childkey/delegate/staking lock, register, sudo, evm, children + import_owner_hparam_limits::, // Owner hyperparams + import_serving_limits::, // Axon/prometheus serving rate limit per subnet + import_weight_limits::, // Weight/commit/reveal per subnet and mechanism + ] +} + fn build_limits(grouping: &Grouping) -> (LimitEntries, u64) { let mut limits = LimitEntries::::new(); let mut reads: u64 = 0; - reads += gather_simple_limits::(&mut limits, grouping); - reads += gather_owner_hparam_limits::(&mut limits, grouping); - reads += gather_serving_limits::(&mut limits, grouping); - reads += gather_weight_limits::(&mut limits, grouping); + for importer in limit_importers::() { + reads += importer(grouping, &mut limits); + } (limits, reads) } -fn gather_simple_limits( - limits: &mut LimitEntries, +fn import_simple_limits( grouping: &Grouping, + limits: &mut LimitEntries, ) -> u64 { let mut reads: u64 = 0; @@ -357,15 +581,24 @@ fn gather_simple_limits( ); } - reads += 1; - if let Some(span) = block_number::(TxDelegateTakeRateLimit::::get()) { - if let Some(members) = grouping.members(GROUP_DELEGATE_TAKE) { + // Share the TxRateLimit span across staking operations; add_* are marker-only via span tweaks. + if let Some(span) = block_number::(TxRateLimit::::get()) { + if let Some(members) = grouping.members(GROUP_STAKING_OPS) { for call in members { set_global_limit::(limits, grouping.config_target(*call), span); } } } + reads += 1; + if let Some(span) = block_number::(TxDelegateTakeRateLimit::::get()) { + set_global_limit::( + limits, + grouping.config_target(subtensor_identifier(66)), + span, + ); + } + reads += 1; if let Some(span) = block_number::(TxChildkeyTakeRateLimit::::get()) { set_global_limit::( @@ -384,7 +617,6 @@ fn gather_simple_limits( } } - reads += 1; if let Some(span) = block_number::(WeightsVersionKeyRateLimit::::get()) { set_global_limit::( limits, @@ -393,7 +625,9 @@ fn gather_simple_limits( ); } - if let Some(span) = block_number::(DEFAULT_SET_SN_OWNER_HOTKEY_LIMIT) { + if let Some(span) = + block_number::(pallet_subtensor::pallet::DefaultSetSNOwnerHotkeyRateLimit::::get()) + { set_global_limit::( limits, grouping.config_target(admin_utils_identifier(67)), @@ -441,19 +675,12 @@ fn gather_simple_limits( ); } - // Staking operations use a 1-block lock shared by the group. - set_global_limit::( - limits, - grouping.config_target(subtensor_identifier(2)), - BlockNumberFor::::from(1u32), - ); - reads } -fn gather_owner_hparam_limits( - limits: &mut LimitEntries, +fn import_owner_hparam_limits( grouping: &Grouping, + limits: &mut LimitEntries, ) -> u64 { let mut reads: u64 = 0; @@ -469,12 +696,17 @@ fn gather_owner_hparam_limits( reads } -fn gather_serving_limits( - limits: &mut LimitEntries, +fn import_serving_limits( grouping: &Grouping, + limits: &mut LimitEntries, ) -> u64 { let mut reads: u64 = 0; - let netuids = Pallet::::get_all_subnet_netuids(); + let mut netuids = Pallet::::get_all_subnet_netuids(); + for (netuid, _) in ServingRateLimit::::iter() { + if !netuids.contains(&netuid) { + netuids.push(netuid); + } + } for netuid in netuids { reads += 1; @@ -488,20 +720,24 @@ fn gather_serving_limits( reads } -fn gather_weight_limits( - limits: &mut LimitEntries, +fn import_weight_limits( grouping: &Grouping, + limits: &mut LimitEntries, ) -> u64 { let mut reads: u64 = 0; let netuids = Pallet::::get_all_subnet_netuids(); let subnet_calls = weight_calls_subnet(grouping); + let mechanism_calls = weight_calls_mechanism(grouping); for netuid in &netuids { reads += 1; if let Some(span) = block_number::(Pallet::::get_weights_set_rate_limit(*netuid)) { for call in &subnet_calls { set_scoped_limit::(limits, grouping.config_target(*call), *netuid, span); } + for call in &mechanism_calls { + set_scoped_limit::(limits, grouping.config_target(*call), *netuid, span); + } } } @@ -512,18 +748,28 @@ fn build_last_seen(grouping: &Grouping) -> (LastSeenEntries< let mut last_seen = LastSeenEntries::::new(); let mut reads: u64 = 0; - reads += import_last_rate_limited_blocks::(&mut last_seen, grouping); - reads += import_transaction_key_last_blocks::(&mut last_seen, grouping); - reads += import_last_update_entries::(&mut last_seen, grouping); - reads += import_serving_entries::(&mut last_seen, grouping); - reads += import_evm_entries::(&mut last_seen, grouping); + for importer in last_seen_importers::() { + reads += importer(grouping, &mut last_seen); + } (last_seen, reads) } +type LastSeenImporter = fn(&Grouping, &mut LastSeenEntries) -> u64; + +fn last_seen_importers() -> [LastSeenImporter; 5] { + [ + import_last_rate_limited_blocks::, // LastRateLimitedBlock (tx, delegate, owner hyperparams, sn owner) + import_transaction_key_last_blocks::, // TransactionKeyLastBlock (children, version key, mechanisms) + import_last_update_entries::, // LastUpdate (weights/mechanism weights) + import_serving_entries::, // Axons/Prometheus + import_evm_entries::, // AssociatedEvmAddress + ] +} + fn import_last_rate_limited_blocks( - entries: &mut LastSeenEntries, grouping: &Grouping, + entries: &mut LastSeenEntries, ) -> u64 { let mut reads: u64 = 0; for (key, block) in LastRateLimitedBlock::::iter() { @@ -587,8 +833,8 @@ fn import_last_rate_limited_blocks( } fn import_transaction_key_last_blocks( - entries: &mut LastSeenEntries, grouping: &Grouping, + entries: &mut LastSeenEntries, ) -> u64 { let mut reads: u64 = 0; for ((account, netuid, tx_kind), block) in TransactionKeyLastBlock::::iter() { @@ -614,14 +860,19 @@ fn import_transaction_key_last_blocks( } fn import_last_update_entries( - entries: &mut LastSeenEntries, grouping: &Grouping, + entries: &mut LastSeenEntries, ) -> u64 { let mut reads: u64 = 0; - let subnet_calls = weight_calls_subnet(grouping); for (index, blocks) in LastUpdate::::iter() { reads += 1; - let netuid = Pallet::::get_netuid(index); + let (netuid, mecid) = Pallet::::get_netuid_and_subid(index) + .unwrap_or((NetUid::ROOT, 0.into())); + let subnet_calls = if mecid == 0.into() { + weight_calls_subnet(grouping) + } else { + weight_calls_mechanism(grouping) + }; for (uid, last_block) in blocks.into_iter().enumerate() { if last_block == 0 { @@ -630,9 +881,14 @@ fn import_last_update_entries( let Ok(uid_u16) = u16::try_from(uid) else { continue; }; - let usage = RateLimitUsageKey::SubnetNeuron { - netuid, - uid: uid_u16, + let usage = if mecid == 0.into() { + RateLimitUsageKey::SubnetNeuron { netuid, uid: uid_u16 } + } else { + RateLimitUsageKey::SubnetMechanismNeuron { + netuid, + mecid, + uid: uid_u16, + } }; for call in &subnet_calls { @@ -649,8 +905,8 @@ fn import_last_update_entries( } fn import_serving_entries( - entries: &mut LastSeenEntries, grouping: &Grouping, + entries: &mut LastSeenEntries, ) -> u64 { let mut reads: u64 = 0; for (netuid, hotkey, axon) in Axons::::iter() { @@ -697,8 +953,8 @@ fn import_serving_entries( } fn import_evm_entries( - entries: &mut LastSeenEntries, grouping: &Grouping, + entries: &mut LastSeenEntries, ) -> u64 { let mut reads: u64 = 0; for (netuid, uid, (_, block)) in AssociatedEvmAddress::::iter() { @@ -716,7 +972,7 @@ fn import_evm_entries( reads } -fn convert_target(target: &RateLimitTarget) -> RateLimitTarget> +fn convert_target(target: &RateLimitTarget) -> RateLimitTarget where T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, @@ -771,7 +1027,7 @@ where ); continue; }; - let group_id = detail.id.saturated_into::>(); + let group_id = detail.id.saturated_into::(); let stored = RateLimitGroup { id: group_id, name: name.clone(), @@ -784,7 +1040,7 @@ where } for (group, members) in &grouping.members { - let group_id = (*group).saturated_into::>(); + let group_id = (*group).saturated_into::(); let Ok(bounded) = GroupMembersOf::::try_from(members.clone()) else { warn!( "rate-limiting migration: group {} has too many members, skipping assignment", @@ -797,7 +1053,7 @@ where } for (identifier, info) in &grouping.assignments { - let group_id = info.id.saturated_into::>(); + let group_id = info.id.saturated_into::(); pallet_rate_limiting::CallGroups::::insert(*identifier, group_id); writes += 1; @@ -807,7 +1063,7 @@ where } } - let next_group_id = grouping.next_group_id.saturated_into::>(); + let next_group_id = grouping.next_group_id.saturated_into::(); pallet_rate_limiting::NextGroupId::::put(next_group_id); writes += 1; @@ -905,7 +1161,6 @@ pub fn identifier_for_hyperparameter(hparam: Hyperparameter) -> Option return None, ServingRateLimit => admin_utils_identifier(3), MaxDifficulty => admin_utils_identifier(5), AdjustmentAlpha => admin_utils_identifier(9), diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs index c513409db7..557fcdd63f 100644 --- a/runtime/tests/rate_limiting_behavior.rs +++ b/runtime/tests/rate_limiting_behavior.rs @@ -87,8 +87,14 @@ fn parity_check( .or_else(|| RuntimeUsageResolver::context(&origin, &call).map(Into::into)); let target = resolve_target(identifier); - let span = pallet_rate_limiting::Pallet::::resolved_limit(&target, &scope) - .unwrap_or_default(); + // Use the runtime-adjusted span (handles tempo scaling for admin-utils). + let span = pallet_rate_limiting::Pallet::::effective_span( + &origin.clone().into(), + &call, + &target, + &scope, + ) + .unwrap_or_default(); let span_u64: u64 = span.saturated_into(); let within = pallet_rate_limiting::Pallet::::is_within_limit( From 09ba8786c1bf06a4aa9f2744c18ff481daf1d8e6 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Thu, 4 Dec 2025 18:58:16 +0300 Subject: [PATCH 35/46] Introduce BypassDesicion in pallet-rate-limiting - fix bypassing in pallet-rate-limiting - fix conditional bypassing for legacy rate-limited calls --- pallets/rate-limiting/src/lib.rs | 30 +++++++---- pallets/rate-limiting/src/mock.rs | 18 +++++-- pallets/rate-limiting/src/tests.rs | 19 +++---- pallets/rate-limiting/src/tx_extension.rs | 66 +++++++++++++++++++++-- pallets/rate-limiting/src/types.rs | 35 ++++++++++-- runtime/src/rate_limiting/migration.rs | 41 +++++++------- runtime/src/rate_limiting/mod.rs | 42 +++++++++++---- 7 files changed, 188 insertions(+), 63 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 8760ce7269..c93397c425 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -97,8 +97,12 @@ //! } //! } //! -//! fn should_bypass(origin: &RuntimeOrigin, _call: &RuntimeCall) -> bool { -//! matches!(origin, RuntimeOrigin::Root) +//! fn should_bypass(origin: &RuntimeOrigin, _call: &RuntimeCall) -> BypassDecision { +//! if matches!(origin, RuntimeOrigin::Root) { +//! BypassDecision::bypass_and_skip() +//! } else { +//! BypassDecision::enforce_and_record() +//! } //! } //! //! fn adjust_span(_origin: &RuntimeOrigin, _call: &RuntimeCall, span: BlockNumber) -> BlockNumber { @@ -140,7 +144,7 @@ pub use benchmarking::BenchmarkHelper; pub use pallet::*; pub use tx_extension::RateLimitTransactionExtension; pub use types::{ - GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitScopeResolver, + BypassDecision, GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitScopeResolver, RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, }; @@ -172,8 +176,8 @@ pub mod pallet { #[cfg(feature = "runtime-benchmarks")] use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; use crate::types::{ - GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitScopeResolver, - RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, + BypassDecision, GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, + RateLimitScopeResolver, RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, }; type GroupNameOf = BoundedVec>::MaxGroupNameLength>; @@ -542,7 +546,9 @@ pub mod pallet { scope: &Option<>::LimitScope>, usage_key: &Option<>::UsageKey>, ) -> Result { - if >::LimitScopeResolver::should_bypass(origin, call) { + let bypass: BypassDecision = + >::LimitScopeResolver::should_bypass(origin, call); + if bypass.bypass_enforcement { return Ok(true); } @@ -571,8 +577,8 @@ pub mod pallet { }) } - /// Resolves the span for a target/scope and applies the configured span adjustment - /// (e.g., tempo scaling) using the pallet's scope resolver. + /// Resolves the span for a target/scope and applies the configured span adjustment (e.g., + /// tempo scaling) using the pallet's scope resolver. pub fn effective_span( origin: &DispatchOriginOf<>::RuntimeCall>, call: &>::RuntimeCall, @@ -594,7 +600,7 @@ pub mod pallet { return true; } - if let Some(last) = LastSeen::::get(target, usage_key.clone()) { + if let Some(last) = LastSeen::::get(target, usage_key) { let current = frame_system::Pallet::::block_number(); let delta = current.saturating_sub(last); if delta < block_span { @@ -753,6 +759,12 @@ pub mod pallet { Ok(()) } + /// Returns true when the call has been registered (either directly or via a group). + pub fn is_registered(identifier: &TransactionIdentifier) -> bool { + let tx_target = RateLimitTarget::Transaction(*identifier); + Limits::::contains_key(tx_target) || CallGroups::::contains_key(identifier) + } + fn call_metadata( identifier: &TransactionIdentifier, ) -> Result<(Vec, Vec), DispatchError> { diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index b643dec64d..a4aefd4357 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -75,11 +75,19 @@ impl pallet_rate_limiting::RateLimitScopeResolver bool { - matches!( - call, - RuntimeCall::RateLimiting(RateLimitingCall::remove_call_from_group { .. }) - ) + fn should_bypass( + _origin: &RuntimeOrigin, + call: &RuntimeCall, + ) -> pallet_rate_limiting::types::BypassDecision { + match call { + RuntimeCall::RateLimiting(RateLimitingCall::remove_call_from_group { .. }) => { + pallet_rate_limiting::types::BypassDecision::bypass_and_skip() + } + RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { .. }) => { + pallet_rate_limiting::types::BypassDecision::bypass_and_record() + } + _ => pallet_rate_limiting::types::BypassDecision::enforce_and_record(), + } } fn adjust_span(_origin: &RuntimeOrigin, call: &RuntimeCall, span: u64) -> u64 { diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index 1b4fc170b4..ecad8a5da8 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -16,7 +16,11 @@ fn remark_call() -> RuntimeCall { } fn scoped_call() -> RuntimeCall { - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 1 }) + RuntimeCall::RateLimiting(RateLimitingCall::set_rate_limit { + target: RateLimitTarget::Transaction(TransactionIdentifier::new(0, 0)), + scope: Some(1), + limit: RateLimitKind::Default, + }) } fn register(call: RuntimeCall, group: Option) -> TransactionIdentifier { @@ -577,7 +581,7 @@ fn is_within_limit_detects_rate_limited_scope() { let tx_target = target(identifier); Limits::::insert( tx_target, - RateLimit::scoped_single(7u16, RateLimitKind::Exact(3)), + RateLimit::scoped_single(1u16, RateLimitKind::Exact(3)), ); LastSeen::::insert(tx_target, Some(1u16), 9); System::set_block_number(11); @@ -585,7 +589,7 @@ fn is_within_limit_detects_rate_limited_scope() { &RuntimeOrigin::signed(1), &call, &identifier, - &Some(7u16), + &Some(1u16), &Some(1u16), ) .expect("ok"); @@ -714,12 +718,9 @@ fn limit_for_call_names_prefers_scoped_value() { target(identifier), RateLimit::scoped_single(9u16, RateLimitKind::Exact(8)), ); - let fetched = RateLimiting::limit_for_call_names( - "RateLimiting", - "set_default_rate_limit", - Some(9u16), - ) - .expect("limit"); + let fetched = + RateLimiting::limit_for_call_names("RateLimiting", "set_rate_limit", Some(9u16)) + .expect("limit"); assert_eq!(fetched, RateLimitKind::Exact(8)); }); } diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index e1ffd4f14f..42737e6fd4 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -117,15 +117,15 @@ where _inherited_implication: &impl Implication, _source: TransactionSource, ) -> ValidateResult>::RuntimeCall> { - if >::LimitScopeResolver::should_bypass(&origin, call) { - return Ok((ValidTransaction::default(), None, origin)); - } - let identifier = match TransactionIdentifier::from_call::(call) { Ok(identifier) => identifier, Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), }; + if !Pallet::::is_registered(&identifier) { + return Ok((ValidTransaction::default(), None, origin)); + } + let scope = >::LimitScopeResolver::context(&origin, call); let usage = >::UsageResolver::context(&origin, call); @@ -133,7 +133,9 @@ where .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; let usage_target = Pallet::::usage_target(&identifier) .map_err(|_| TransactionValidityError::Invalid(InvalidTransaction::Call))?; - let should_record = Pallet::::should_record_usage(&identifier, &usage_target); + let bypass = >::LimitScopeResolver::should_bypass(&origin, call); + let should_record = + bypass.record_usage && Pallet::::should_record_usage(&identifier, &usage_target); let Some(block_span) = Pallet::::effective_span(&origin, call, &config_target, &scope) @@ -141,6 +143,14 @@ where return Ok((ValidTransaction::default(), None, origin)); }; + if bypass.bypass_enforcement { + return Ok(( + ValidTransaction::default(), + should_record.then_some((usage_target, usage, true)), + origin, + )); + } + if block_span.is_zero() { return Ok((ValidTransaction::default(), None, origin)); } @@ -340,6 +350,52 @@ mod tests { }); } + #[test] + fn tx_extension_records_usage_on_bypass() { + new_test_ext().execute_with(|| { + let extension = new_tx_extension(); + let call = RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { + block_span: 2, + }); + let identifier = identifier_for(&call); + let target = RateLimitTarget::Transaction(identifier); + + assert_ok!(RateLimiting::register_call( + RuntimeOrigin::root(), + Box::new(call.clone()), + None, + )); + + System::set_block_number(5); + + let (_valid, val, origin) = + validate_with_tx_extension(&extension, &call).expect("bypass should succeed"); + assert!(val.is_some(), "bypass decision should still record usage"); + + let info = call.get_dispatch_info(); + let len = call.encode().len(); + let pre = extension + .clone() + .prepare(val.clone(), &origin, &call, &info, len) + .expect("prepare succeeds"); + + let mut post = PostDispatchInfo::default(); + RateLimitTransactionExtension::::post_dispatch( + pre, + &info, + &mut post, + len, + &Ok(()), + ) + .expect("post_dispatch succeeds"); + + assert_eq!( + LastSeen::::get(target, Some(2u16)), + Some(5u64.into()) + ); + }); + } + #[test] fn tx_extension_records_last_seen_for_successful_call() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 1faff7c300..deb27598ec 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -11,10 +11,9 @@ pub trait RateLimitScopeResolver { /// limits. fn context(origin: &Origin, call: &Call) -> Option; - /// Returns `true` when the rate limit should be bypassed for the provided origin/call pair. - /// Defaults to `false`. - fn should_bypass(_origin: &Origin, _call: &Call) -> bool { - false + /// Returns how the call should interact with enforcement and usage tracking. + fn should_bypass(_origin: &Origin, _call: &Call) -> BypassDecision { + BypassDecision::enforce_and_record() } /// Optionally adjusts the effective span used during enforcement. Defaults to the original @@ -24,6 +23,34 @@ pub trait RateLimitScopeResolver { } } +/// Controls whether enforcement should run and whether usage should be recorded for a call. +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub struct BypassDecision { + pub bypass_enforcement: bool, + pub record_usage: bool, +} + +impl BypassDecision { + pub const fn new(bypass_enforcement: bool, record_usage: bool) -> Self { + Self { + bypass_enforcement, + record_usage, + } + } + + pub const fn enforce_and_record() -> Self { + Self::new(false, true) + } + + pub const fn bypass_and_record() -> Self { + Self::new(true, true) + } + + pub const fn bypass_and_skip() -> Self { + Self::new(true, false) + } +} + /// Resolves the optional usage tracking key applied when enforcing limits. pub trait RateLimitUsageResolver { /// Returns `Some(usage)` when usage should be tracked per-key, or `None` for global usage diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 47446650aa..9879097561 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -404,10 +404,6 @@ pub fn rate_limited_calls() -> Vec { subtensor_identifier(3), // remove_stake subtensor_identifier(89), // remove_stake_limit subtensor_identifier(103), // remove_stake_full_limit - subtensor_identifier(86), // transfer_stake - subtensor_identifier(85), // move_stake - subtensor_identifier(87), // swap_stake - subtensor_identifier(90), // swap_stake_limit ], legacy: sources(&["TxRateLimit"], &[]), }, @@ -423,7 +419,10 @@ pub fn rate_limited_calls() -> Vec { scope: LimitScopeKind::Global, usage: UsageKind::AccountSubnet, read_only: Vec::new(), - legacy: sources(&["TxChildkeyTakeRateLimit"], &["TransactionKeyLastBlock::SetChildkeyTake"]), + legacy: sources( + &["TxChildkeyTakeRateLimit"], + &["TransactionKeyLastBlock::SetChildkeyTake"], + ), }, RateLimitedCall { target: TargetKind::Standalone(subtensor_identifier(67)), // set_children @@ -462,10 +461,7 @@ pub fn rate_limited_calls() -> Vec { scope: LimitScopeKind::Global, usage: UsageKind::SubnetNeuron, read_only: Vec::new(), - legacy: sources( - &["EvmKeyAssociateRateLimit"], - &["AssociatedEvmAddress"], - ), + legacy: sources(&["EvmKeyAssociateRateLimit"], &["AssociatedEvmAddress"]), }, RateLimitedCall { target: TargetKind::Standalone(admin_utils_identifier(76)), // sudo_set_mechanism_count @@ -548,10 +544,10 @@ type LimitImporter = fn(&Grouping, &mut LimitEntries) -> u64; fn limit_importers() -> [LimitImporter; 4] { [ - import_simple_limits::, // Tx/childkey/delegate/staking lock, register, sudo, evm, children + import_simple_limits::, // Tx/childkey/delegate/staking lock, register, sudo, evm, children import_owner_hparam_limits::, // Owner hyperparams - import_serving_limits::, // Axon/prometheus serving rate limit per subnet - import_weight_limits::, // Weight/commit/reveal per subnet and mechanism + import_serving_limits::, // Axon/prometheus serving rate limit per subnet + import_weight_limits::, // Weight/commit/reveal per subnet and mechanism ] } @@ -581,9 +577,9 @@ fn import_simple_limits( ); } - // Share the TxRateLimit span across staking operations; add_* are marker-only via span tweaks. - if let Some(span) = block_number::(TxRateLimit::::get()) { - if let Some(members) = grouping.members(GROUP_STAKING_OPS) { + // Staking ops are gated to one operation per block in legacy (marker cleared each block). + if let Some(members) = grouping.members(GROUP_STAKING_OPS) { + if let Some(span) = block_number::(1) { for call in members { set_global_limit::(limits, grouping.config_target(*call), span); } @@ -761,9 +757,9 @@ fn last_seen_importers() -> [LastSeenImporter; 5] { [ import_last_rate_limited_blocks::, // LastRateLimitedBlock (tx, delegate, owner hyperparams, sn owner) import_transaction_key_last_blocks::, // TransactionKeyLastBlock (children, version key, mechanisms) - import_last_update_entries::, // LastUpdate (weights/mechanism weights) - import_serving_entries::, // Axons/Prometheus - import_evm_entries::, // AssociatedEvmAddress + import_last_update_entries::, // LastUpdate (weights/mechanism weights) + import_serving_entries::, // Axons/Prometheus + import_evm_entries::, // AssociatedEvmAddress ] } @@ -866,8 +862,8 @@ fn import_last_update_entries( let mut reads: u64 = 0; for (index, blocks) in LastUpdate::::iter() { reads += 1; - let (netuid, mecid) = Pallet::::get_netuid_and_subid(index) - .unwrap_or((NetUid::ROOT, 0.into())); + let (netuid, mecid) = + Pallet::::get_netuid_and_subid(index).unwrap_or((NetUid::ROOT, 0.into())); let subnet_calls = if mecid == 0.into() { weight_calls_subnet(grouping) } else { @@ -882,7 +878,10 @@ fn import_last_update_entries( continue; }; let usage = if mecid == 0.into() { - RateLimitUsageKey::SubnetNeuron { netuid, uid: uid_u16 } + RateLimitUsageKey::SubnetNeuron { + netuid, + uid: uid_u16, + } } else { RateLimitUsageKey::SubnetMechanismNeuron { netuid, diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 535b8e9b60..06b7dbcf3e 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -2,6 +2,7 @@ use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; use frame_support::pallet_prelude::Parameter; use frame_system::RawOrigin; use pallet_admin_utils::Call as AdminUtilsCall; +use pallet_rate_limiting::BypassDecision; use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; use pallet_subtensor::{Call as SubtensorCall, Tempo}; use scale_info::TypeInfo; @@ -79,8 +80,37 @@ impl RateLimitScopeResolver for } } - fn should_bypass(origin: &RuntimeOrigin, _call: &RuntimeCall) -> bool { - matches!(origin.clone().into(), Ok(RawOrigin::Root)) + fn should_bypass(origin: &RuntimeOrigin, call: &RuntimeCall) -> BypassDecision { + if matches!(origin.clone().into(), Ok(RawOrigin::Root)) { + return BypassDecision::bypass_and_skip(); + } + + if let RuntimeCall::SubtensorModule(inner) = call { + match inner { + SubtensorCall::set_childkey_take { + hotkey, + netuid, + take, + .. + } => { + let current = + pallet_subtensor::Pallet::::get_childkey_take(hotkey, *netuid); + return if *take <= current { + BypassDecision::bypass_and_record() + } else { + BypassDecision::enforce_and_record() + }; + } + SubtensorCall::add_stake { .. } + | SubtensorCall::add_stake_limit { .. } + | SubtensorCall::decrease_take { .. } => { + return BypassDecision::bypass_and_record(); + } + _ => {} + } + } + + BypassDecision::enforce_and_record() } fn adjust_span(_origin: &RuntimeOrigin, call: &RuntimeCall, span: BlockNumber) -> BlockNumber { @@ -102,14 +132,6 @@ impl RateLimitScopeResolver for span } } - RuntimeCall::SubtensorModule(inner) => match inner { - // Marker-only staking ops: allow but still record usage. - pallet_subtensor::Call::add_stake { .. } - | pallet_subtensor::Call::add_stake_limit { .. } => BlockNumber::from(0u32), - // Decrease take is marker-only; increase uses configured span. - pallet_subtensor::Call::decrease_take { .. } => BlockNumber::from(0u32), - _ => span, - }, _ => span, } } From 95720cb5ba48cd1fce4023feb33531557ba8bcc8 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 5 Dec 2025 15:36:36 +0300 Subject: [PATCH 36/46] Fix reveal-weights bypassing and transfer stake ops rate-limiting - fix weights grouping (reflect the legacy behavior for config share) - fix serving calls should share config --- runtime/src/rate_limiting/migration.rs | 177 +++++++++++------------- runtime/src/rate_limiting/mod.rs | 50 ++++++- runtime/tests/rate_limiting_behavior.rs | 1 + 3 files changed, 127 insertions(+), 101 deletions(-) diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 9879097561..be504985c7 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -42,28 +42,27 @@ type GroupNameOf = BoundedVec::MaxGro type GroupMembersOf = BoundedBTreeSet::MaxGroupMembers>; -/// Pallet index assigned to `pallet_subtensor` in `construct_runtime!`. +// Pallet index assigned to `pallet_subtensor` in `construct_runtime!`. const SUBTENSOR_PALLET_INDEX: u8 = 7; -/// Pallet index assigned to `pallet_admin_utils` in `construct_runtime!`. +// Pallet index assigned to `pallet_admin_utils` in `construct_runtime!`. const ADMIN_UTILS_PALLET_INDEX: u8 = 19; const SERVE_PROM_IDENTIFIER: TransactionIdentifier = subtensor_identifier(5); -/// Marker stored in `pallet_subtensor::HasMigrationRun` once the migration finishes. +// Marker stored in `pallet_subtensor::HasMigrationRun` once the migration finishes. const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; -/// `set_children` is rate-limited to once every 150 blocks, it's hard-coded in the legacy code. +// `set_children` is rate-limited to once every 150 blocks, it's hard-coded in the legacy code. const SET_CHILDREN_RATE_LIMIT: u64 = 150; -const GROUP_SERVE_AXON: GroupId = 0; +const GROUP_SERVE: GroupId = 0; const GROUP_DELEGATE_TAKE: GroupId = 1; const GROUP_WEIGHTS_SUBNET: GroupId = 2; -const GROUP_WEIGHTS_MECHANISM: GroupId = 3; -const GROUP_REGISTER_NETWORK: GroupId = 4; -const GROUP_OWNER_HPARAMS: GroupId = 5; -const GROUP_STAKING_OPS: GroupId = 6; +const GROUP_REGISTER_NETWORK: GroupId = 3; +const GROUP_OWNER_HPARAMS: GroupId = 4; +const GROUP_STAKING_OPS: GroupId = 5; -/// Hyperparameter extrinsics routed through owner-or-root rate limiting. +// Hyperparameter extrinsics routed through owner-or-root rate limiting. const HYPERPARAMETERS: &[Hyperparameter] = &[ Hyperparameter::ServingRateLimit, Hyperparameter::MaxDifficulty, @@ -91,6 +90,23 @@ const HYPERPARAMETERS: &[Hyperparameter] = &[ Hyperparameter::RecycleOrBurn, ]; +const WEIGHT_CALLS_SUBNET: [TransactionIdentifier; 6] = [ + subtensor_identifier(0), // set_weights + subtensor_identifier(96), // commit_weights + subtensor_identifier(100), // batch_commit_weights + subtensor_identifier(113), // commit_timelocked_weights + subtensor_identifier(97), // reveal_weights + subtensor_identifier(98), // batch_reveal_weights +]; + +const WEIGHT_CALLS_MECHANISM: [TransactionIdentifier; 5] = [ + subtensor_identifier(119), // set_mechanism_weights + subtensor_identifier(115), // commit_mechanism_weights + subtensor_identifier(117), // commit_crv3_mechanism_weights + subtensor_identifier(118), // commit_timelocked_mechanism_weights + subtensor_identifier(116), // reveal_mechanism_weights +]; + /// Identifies whether a rate-limited entry applies to a single call or a named group. #[derive(Clone, Debug, PartialEq, Eq)] pub enum TargetKind { @@ -113,10 +129,11 @@ pub enum LimitScopeKind { /// Describes the shape of the usage key recorded after a call executes. #[derive(Clone, Copy, Debug, PartialEq, Eq)] pub enum UsageKind { - None, Account, Subnet, AccountSubnet, + AccountSubnetAxon, + AccountSubnetPrometheus, ColdkeyHotkeySubnet, SubnetNeuron, SubnetMechanismNeuron, @@ -127,7 +144,8 @@ pub enum UsageKind { pub struct RateLimitedCall { pub target: TargetKind, pub scope: LimitScopeKind, - pub usage: UsageKind, + /// One or more usage shapes this call maps to in the legacy pallet. + pub usage: Vec, /// Calls that should not record usage when dispatched (only relevant for groups). pub read_only: Vec, /// Legacy storage sources used by the migration. @@ -217,24 +235,8 @@ impl Grouping { } fn serve_calls(grouping: &Grouping) -> Vec { - let mut calls = Vec::new(); - if let Some(members) = grouping.members(GROUP_SERVE_AXON) { - calls.extend(members.iter().copied()); - } - calls.push(SERVE_PROM_IDENTIFIER); - calls -} - -fn weight_calls_subnet(grouping: &Grouping) -> Vec { - grouping - .members(GROUP_WEIGHTS_SUBNET) - .map(|m| m.iter().copied().collect()) - .unwrap_or_default() -} - -fn weight_calls_mechanism(grouping: &Grouping) -> Vec { grouping - .members(GROUP_WEIGHTS_MECHANISM) + .members(GROUP_SERVE) .map(|m| m.iter().copied().collect()) .unwrap_or_default() } @@ -270,31 +272,28 @@ fn build_grouping() -> Grouping { } /// Returns a readable listing of all calls covered by the migration. -/// Each entry captures how the call is grouped, scoped, and which legacy -/// storage sources feed its limits and last-seen values. +/// Each entry captures how the call is grouped, scoped, and which legacy storage sources feed its +/// limits and last-seen values. pub fn rate_limited_calls() -> Vec { vec![ RateLimitedCall { target: TargetKind::Group { - id: GROUP_SERVE_AXON, - name: b"serve-axon".to_vec(), + id: GROUP_SERVE, + name: b"serving".to_vec(), sharing: GroupSharing::ConfigAndUsage, members: vec![ subtensor_identifier(4), // serve_axon subtensor_identifier(40), // serve_axon_tls + SERVE_PROM_IDENTIFIER, // serve_prometheus ], }, scope: LimitScopeKind::Netuid, - usage: UsageKind::AccountSubnet, - read_only: Vec::new(), - legacy: sources(&["ServingRateLimit (per netuid)"], &["Axons"]), - }, - RateLimitedCall { - target: TargetKind::Standalone(SERVE_PROM_IDENTIFIER), // serve_prometheus - scope: LimitScopeKind::Netuid, - usage: UsageKind::AccountSubnet, + usage: vec![ + UsageKind::AccountSubnetAxon, + UsageKind::AccountSubnetPrometheus, + ], read_only: Vec::new(), - legacy: sources(&["ServingRateLimit (per netuid)"], &["Prometheus"]), + legacy: sources(&["ServingRateLimit (per netuid)"], &["Axons/Prometheus"]), }, RateLimitedCall { target: TargetKind::Group { @@ -307,46 +306,27 @@ pub fn rate_limited_calls() -> Vec { ], }, scope: LimitScopeKind::Global, - usage: UsageKind::Account, + usage: vec![UsageKind::Account], read_only: Vec::new(), legacy: sources(&["TxDelegateTakeRateLimit"], &["LastTxBlockDelegateTake"]), }, RateLimitedCall { target: TargetKind::Group { id: GROUP_WEIGHTS_SUBNET, - name: b"weights-subnet".to_vec(), + name: b"weights".to_vec(), sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(0), // set_weights - subtensor_identifier(96), // commit_weights - subtensor_identifier(100), // batch_commit_weights - subtensor_identifier(113), // commit_timelocked_weights - subtensor_identifier(97), // reveal_weights - subtensor_identifier(98), // batch_reveal_weights - ], - }, - scope: LimitScopeKind::Netuid, - usage: UsageKind::SubnetNeuron, - read_only: Vec::new(), - legacy: sources(&["SubnetWeightsSetRateLimit"], &["LastUpdate (subnet)"]), - }, - RateLimitedCall { - target: TargetKind::Group { - id: GROUP_WEIGHTS_MECHANISM, - name: b"weights-mechanism".to_vec(), - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(119), // set_mechanism_weights - subtensor_identifier(115), // commit_mechanism_weights - subtensor_identifier(117), // commit_crv3_mechanism_weights - subtensor_identifier(118), // commit_timelocked_mechanism_weights - subtensor_identifier(116), // reveal_mechanism_weights - ], + members: WEIGHT_CALLS_SUBNET + .into_iter() + .chain(WEIGHT_CALLS_MECHANISM) + .collect(), }, scope: LimitScopeKind::Netuid, - usage: UsageKind::SubnetMechanismNeuron, + usage: vec![UsageKind::SubnetNeuron, UsageKind::SubnetMechanismNeuron], read_only: Vec::new(), - legacy: sources(&["SubnetWeightsSetRateLimit"], &["LastUpdate (mechanism)"]), + legacy: sources( + &["SubnetWeightsSetRateLimit"], + &["LastUpdate (subnet/mechanism)"], + ), }, RateLimitedCall { target: TargetKind::Group { @@ -359,7 +339,7 @@ pub fn rate_limited_calls() -> Vec { ], }, scope: LimitScopeKind::Global, - usage: UsageKind::None, + usage: Vec::new(), read_only: Vec::new(), legacy: sources(&["NetworkRateLimit"], &["NetworkLastRegistered"]), }, @@ -374,7 +354,7 @@ pub fn rate_limited_calls() -> Vec { .collect(), }, scope: LimitScopeKind::Netuid, - usage: UsageKind::Subnet, + usage: vec![UsageKind::Subnet], read_only: Vec::new(), legacy: sources( &["OwnerHyperparamRateLimit * tempo"], @@ -399,25 +379,26 @@ pub fn rate_limited_calls() -> Vec { ], }, scope: LimitScopeKind::Global, - usage: UsageKind::ColdkeyHotkeySubnet, + usage: vec![UsageKind::ColdkeyHotkeySubnet], read_only: vec![ subtensor_identifier(3), // remove_stake subtensor_identifier(89), // remove_stake_limit subtensor_identifier(103), // remove_stake_full_limit + subtensor_identifier(86), // transfer_stake ], legacy: sources(&["TxRateLimit"], &[]), }, RateLimitedCall { target: TargetKind::Standalone(subtensor_identifier(70)), // swap_hotkey scope: LimitScopeKind::Global, - usage: UsageKind::Account, + usage: vec![UsageKind::Account], read_only: Vec::new(), legacy: sources(&["TxRateLimit"], &["LastRateLimitedBlock::LastTxBlock"]), }, RateLimitedCall { target: TargetKind::Standalone(subtensor_identifier(75)), // set_childkey_take scope: LimitScopeKind::Global, - usage: UsageKind::AccountSubnet, + usage: vec![UsageKind::AccountSubnet], read_only: Vec::new(), legacy: sources( &["TxChildkeyTakeRateLimit"], @@ -427,7 +408,7 @@ pub fn rate_limited_calls() -> Vec { RateLimitedCall { target: TargetKind::Standalone(subtensor_identifier(67)), // set_children scope: LimitScopeKind::Global, - usage: UsageKind::AccountSubnet, + usage: vec![UsageKind::AccountSubnet], read_only: Vec::new(), legacy: sources( &["SET_CHILDREN_RATE_LIMIT (constant 150)"], @@ -438,7 +419,7 @@ pub fn rate_limited_calls() -> Vec { // sudo_set_weights_version_key target: TargetKind::Standalone(admin_utils_identifier(6)), scope: LimitScopeKind::Netuid, - usage: UsageKind::AccountSubnet, + usage: vec![UsageKind::AccountSubnet], read_only: Vec::new(), legacy: sources( &["WeightsVersionKeyRateLimit * tempo"], @@ -449,7 +430,7 @@ pub fn rate_limited_calls() -> Vec { // sudo_set_sn_owner_hotkey target: TargetKind::Standalone(admin_utils_identifier(67)), scope: LimitScopeKind::Global, - usage: UsageKind::Subnet, + usage: vec![UsageKind::Subnet], read_only: Vec::new(), legacy: sources( &["DefaultSetSNOwnerHotkeyRateLimit"], @@ -459,14 +440,14 @@ pub fn rate_limited_calls() -> Vec { RateLimitedCall { target: TargetKind::Standalone(subtensor_identifier(93)), // associate_evm_key scope: LimitScopeKind::Global, - usage: UsageKind::SubnetNeuron, + usage: vec![UsageKind::SubnetNeuron], read_only: Vec::new(), legacy: sources(&["EvmKeyAssociateRateLimit"], &["AssociatedEvmAddress"]), }, RateLimitedCall { target: TargetKind::Standalone(admin_utils_identifier(76)), // sudo_set_mechanism_count scope: LimitScopeKind::Global, - usage: UsageKind::AccountSubnet, + usage: vec![UsageKind::AccountSubnet], read_only: Vec::new(), legacy: sources( &["MechanismCountSetRateLimit"], @@ -477,7 +458,7 @@ pub fn rate_limited_calls() -> Vec { // sudo_set_mechanism_emission_split target: TargetKind::Standalone(admin_utils_identifier(77)), scope: LimitScopeKind::Global, - usage: UsageKind::AccountSubnet, + usage: vec![UsageKind::AccountSubnet], read_only: Vec::new(), legacy: sources( &["MechanismEmissionRateLimit"], @@ -488,7 +469,7 @@ pub fn rate_limited_calls() -> Vec { // sudo_trim_to_max_allowed_uids target: TargetKind::Standalone(admin_utils_identifier(78)), scope: LimitScopeKind::Global, - usage: UsageKind::AccountSubnet, + usage: vec![UsageKind::AccountSubnet], read_only: Vec::new(), legacy: sources( &["MaxUidsTrimmingRateLimit"], @@ -723,16 +704,14 @@ fn import_weight_limits( let mut reads: u64 = 0; let netuids = Pallet::::get_all_subnet_netuids(); - let subnet_calls = weight_calls_subnet(grouping); - let mechanism_calls = weight_calls_mechanism(grouping); for netuid in &netuids { reads += 1; if let Some(span) = block_number::(Pallet::::get_weights_set_rate_limit(*netuid)) { - for call in &subnet_calls { - set_scoped_limit::(limits, grouping.config_target(*call), *netuid, span); + for call in WEIGHT_CALLS_SUBNET { + set_scoped_limit::(limits, grouping.config_target(call), *netuid, span); } - for call in &mechanism_calls { - set_scoped_limit::(limits, grouping.config_target(*call), *netuid, span); + for call in WEIGHT_CALLS_MECHANISM { + set_scoped_limit::(limits, grouping.config_target(call), *netuid, span); } } } @@ -864,10 +843,10 @@ fn import_last_update_entries( reads += 1; let (netuid, mecid) = Pallet::::get_netuid_and_subid(index).unwrap_or((NetUid::ROOT, 0.into())); - let subnet_calls = if mecid == 0.into() { - weight_calls_subnet(grouping) + let subnet_calls: Vec<_> = if mecid == 0.into() { + WEIGHT_CALLS_SUBNET.to_vec() } else { - weight_calls_mechanism(grouping) + WEIGHT_CALLS_MECHANISM.to_vec() }; for (uid, last_block) in blocks.into_iter().enumerate() { @@ -890,7 +869,7 @@ fn import_last_update_entries( } }; - for call in &subnet_calls { + for call in subnet_calls.iter() { record_last_seen_entry::( entries, grouping.usage_target(*call), @@ -913,12 +892,13 @@ fn import_serving_entries( if axon.block == 0 { continue; } - let usage = RateLimitUsageKey::AccountSubnet { + let usage = RateLimitUsageKey::AccountSubnetServing { account: hotkey.clone(), netuid, + endpoint: crate::rate_limiting::ServingEndpoint::Axon, }; let axon_calls: Vec<_> = grouping - .members(GROUP_SERVE_AXON) + .members(GROUP_SERVE) .map(|m| m.iter().copied().collect()) .unwrap_or_else(|| vec![subtensor_identifier(4), subtensor_identifier(40)]); for call in axon_calls { @@ -936,9 +916,10 @@ fn import_serving_entries( if prom.block == 0 { continue; } - let usage = RateLimitUsageKey::AccountSubnet { + let usage = RateLimitUsageKey::AccountSubnetServing { account: hotkey, netuid, + endpoint: crate::rate_limiting::ServingEndpoint::Prometheus, }; record_last_seen_entry::( entries, @@ -1326,7 +1307,7 @@ mod tests { pallet_rate_limiting::CallGroups::::get(subtensor_identifier(66)), Some(DELEGATE_TAKE_GROUP_ID) ); - assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 7); + assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 6); }); } diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 06b7dbcf3e..1658f03a6b 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -50,6 +50,32 @@ pub enum RateLimitUsageKey { mecid: MechId, uid: u16, }, + AccountSubnetServing { + account: AccountId, + netuid: NetUid, + endpoint: ServingEndpoint, + }, +} + +#[derive( + Serialize, + Deserialize, + Encode, + Decode, + DecodeWithMemTracking, + Clone, + Copy, + PartialEq, + Eq, + PartialOrd, + Ord, + Debug, + TypeInfo, + MaxEncodedLen, +)] +pub enum ServingEndpoint { + Axon, + Prometheus, } #[derive(Default)] @@ -106,6 +132,16 @@ impl RateLimitScopeResolver for | SubtensorCall::decrease_take { .. } => { return BypassDecision::bypass_and_record(); } + SubtensorCall::reveal_weights { netuid, .. } + | SubtensorCall::batch_reveal_weights { netuid, .. } + | SubtensorCall::reveal_mechanism_weights { netuid, .. } => { + if pallet_subtensor::Pallet::::get_commit_reveal_weights_enabled( + *netuid, + ) { + // Legacy: reveals are not rate-limited while commit-reveal is enabled. + return BypassDecision::bypass_and_skip(); + } + } _ => {} } } @@ -185,12 +221,20 @@ impl RateLimitUsageResolver { + | SubtensorCall::serve_axon_tls { netuid, .. } => { let hotkey = signed_origin(origin)?; - Some(RateLimitUsageKey::::AccountSubnet { + Some(RateLimitUsageKey::::AccountSubnetServing { + account: hotkey, + netuid: *netuid, + endpoint: ServingEndpoint::Axon, + }) + } + SubtensorCall::serve_prometheus { netuid, .. } => { + let hotkey = signed_origin(origin)?; + Some(RateLimitUsageKey::::AccountSubnetServing { account: hotkey, netuid: *netuid, + endpoint: ServingEndpoint::Prometheus, }) } SubtensorCall::associate_evm_key { netuid, .. } => { diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs index 557fcdd63f..b9a39814c1 100644 --- a/runtime/tests/rate_limiting_behavior.rs +++ b/runtime/tests/rate_limiting_behavior.rs @@ -327,6 +327,7 @@ fn weights_and_hparam_parity() { let origin = RuntimeOrigin::signed(hot.clone()); let scope = Some(netuid); let usage = Some(UsageKey::SubnetNeuron { netuid, uid }); + let legacy_weights = || SubtensorModule::check_rate_limit(netuid.into(), uid, now); parity_check( now, From 56c1af991e9deca3a661a9cdb3fa72433f1372e3 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 8 Dec 2025 17:59:07 +0300 Subject: [PATCH 37/46] Refactor rate-limiting migration --- pallets/rate-limiting/src/types.rs | 2 + runtime/src/rate_limiting/migration.rs | 1771 ++++++++++------------ runtime/tests/rate_limiting_migration.rs | 39 +- 3 files changed, 787 insertions(+), 1025 deletions(-) diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index deb27598ec..cab93a6b1a 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -90,6 +90,8 @@ pub struct TransactionIdentifier { Copy, PartialEq, Eq, + PartialOrd, + Ord, Encode, Decode, DecodeWithMemTracking, diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index be504985c7..a8466fc782 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -1,8 +1,6 @@ use core::{convert::TryFrom, marker::PhantomData}; -use frame_support::{ - BoundedBTreeSet, BoundedVec, pallet_prelude::Parameter, traits::Get, weights::Weight, -}; +use frame_support::{BoundedBTreeSet, BoundedVec, traits::Get, weights::Weight}; use frame_system::pallet_prelude::BlockNumberFor; use log::{info, warn}; use pallet_rate_limiting::{ @@ -24,20 +22,9 @@ use sp_std::{ }; use subtensor_runtime_common::NetUid; -use super::{RateLimitUsageKey, Runtime}; +use super::{AccountId, RateLimitUsageKey, Runtime}; type GroupId = ::GroupId; -type LimitEntries = Vec<( - RateLimitTarget, - RateLimit>, -)>; -type LastSeenEntries = Vec<( - ( - RateLimitTarget, - Option::AccountId>>, - ), - BlockNumberFor, -)>; type GroupNameOf = BoundedVec::MaxGroupNameLength>; type GroupMembersOf = BoundedBTreeSet::MaxGroupMembers>; @@ -47,21 +34,19 @@ const SUBTENSOR_PALLET_INDEX: u8 = 7; // Pallet index assigned to `pallet_admin_utils` in `construct_runtime!`. const ADMIN_UTILS_PALLET_INDEX: u8 = 19; -const SERVE_PROM_IDENTIFIER: TransactionIdentifier = subtensor_identifier(5); - -// Marker stored in `pallet_subtensor::HasMigrationRun` once the migration finishes. -const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; - -// `set_children` is rate-limited to once every 150 blocks, it's hard-coded in the legacy code. -const SET_CHILDREN_RATE_LIMIT: u64 = 150; +/// Marker stored in `pallet_subtensor::HasMigrationRun` once the migration finishes. +pub const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; const GROUP_SERVE: GroupId = 0; const GROUP_DELEGATE_TAKE: GroupId = 1; const GROUP_WEIGHTS_SUBNET: GroupId = 2; -const GROUP_REGISTER_NETWORK: GroupId = 3; +pub const GROUP_REGISTER_NETWORK: GroupId = 3; const GROUP_OWNER_HPARAMS: GroupId = 4; const GROUP_STAKING_OPS: GroupId = 5; +// `set_children` is rate-limited to once every 150 blocks, it's hard-coded in the legacy code. +const SET_CHILDREN_RATE_LIMIT: u64 = 150; + // Hyperparameter extrinsics routed through owner-or-root rate limiting. const HYPERPARAMETERS: &[Hyperparameter] = &[ Hyperparameter::ServingRateLimit, @@ -90,769 +75,371 @@ const HYPERPARAMETERS: &[Hyperparameter] = &[ Hyperparameter::RecycleOrBurn, ]; -const WEIGHT_CALLS_SUBNET: [TransactionIdentifier; 6] = [ - subtensor_identifier(0), // set_weights - subtensor_identifier(96), // commit_weights - subtensor_identifier(100), // batch_commit_weights - subtensor_identifier(113), // commit_timelocked_weights - subtensor_identifier(97), // reveal_weights - subtensor_identifier(98), // batch_reveal_weights -]; - -const WEIGHT_CALLS_MECHANISM: [TransactionIdentifier; 5] = [ - subtensor_identifier(119), // set_mechanism_weights - subtensor_identifier(115), // commit_mechanism_weights - subtensor_identifier(117), // commit_crv3_mechanism_weights - subtensor_identifier(118), // commit_timelocked_mechanism_weights - subtensor_identifier(116), // reveal_mechanism_weights -]; - -/// Identifies whether a rate-limited entry applies to a single call or a named group. -#[derive(Clone, Debug, PartialEq, Eq)] -pub enum TargetKind { - Standalone(TransactionIdentifier), - Group { - id: GroupId, - name: Vec, - sharing: GroupSharing, - members: Vec, - }, -} - -/// Describes how a limit is scoped in storage. -#[derive(Clone, Copy, Debug, PartialEq, Eq)] -pub enum LimitScopeKind { - Global, - Netuid, -} - -/// Describes the shape of the usage key recorded after a call executes. -#[derive(Clone, Copy, Debug, PartialEq, Eq)] -pub enum UsageKind { - Account, - Subnet, - AccountSubnet, - AccountSubnetAxon, - AccountSubnetPrometheus, - ColdkeyHotkeySubnet, - SubnetNeuron, - SubnetMechanismNeuron, -} - -/// Human-friendly description of a rate-limited call or group. -#[derive(Clone, Debug, PartialEq, Eq)] -pub struct RateLimitedCall { - pub target: TargetKind, - pub scope: LimitScopeKind, - /// One or more usage shapes this call maps to in the legacy pallet. - pub usage: Vec, - /// Calls that should not record usage when dispatched (only relevant for groups). - pub read_only: Vec, - /// Legacy storage sources used by the migration. - pub legacy: LegacySources, -} - -/// Summarizes where legacy limits and last-seen data are sourced from. -#[derive(Clone, Debug, PartialEq, Eq)] -pub struct LegacySources { - pub limits: &'static [&'static str], - pub last_seen: &'static [&'static str], -} - -fn sources(limits: &'static [&'static str], last_seen: &'static [&'static str]) -> LegacySources { - LegacySources { limits, last_seen } -} - -#[derive(Clone, Copy)] -struct GroupInfo { - id: GroupId, - sharing: GroupSharing, -} - -#[derive(Default)] -struct Grouping { - assignments: BTreeMap, - read_only: BTreeMap, - members: BTreeMap>, - details: Vec>>, - next_group_id: GroupId, - max_group_id: Option, -} - -impl Grouping { - fn members(&self, id: GroupId) -> Option<&BTreeSet> { - self.members.get(&id) - } - - fn set_read_only(&mut self, id: TransactionIdentifier, read_only: bool) { - self.read_only.insert(id, read_only); - } - - fn insert_group( - &mut self, - id: GroupId, - name: &[u8], - sharing: GroupSharing, - members: &[TransactionIdentifier], - ) { - let entry = self.members.entry(id).or_insert_with(BTreeSet::new); - for member in members { - self.assignments.insert(*member, GroupInfo { id, sharing }); - entry.insert(*member); - self.read_only.entry(*member).or_insert(false); - } - - self.details.push(RateLimitGroup { - id, - name: name.to_vec(), - sharing, - }); - - self.max_group_id = Some(self.max_group_id.map_or(id, |current| current.max(id))); - } - - fn finalize_next_id(&mut self) { - self.next_group_id = self.max_group_id.map_or(0, |id| id.saturating_add(1)); - } - - fn config_target(&self, identifier: TransactionIdentifier) -> RateLimitTarget { - if let Some(info) = self.assignments.get(&identifier) { - if info.sharing.config_uses_group() { - return RateLimitTarget::Group(info.id); - } - } - RateLimitTarget::Transaction(identifier) - } - - fn usage_target(&self, identifier: TransactionIdentifier) -> RateLimitTarget { - if let Some(info) = self.assignments.get(&identifier) { - if info.sharing.usage_uses_group() { - return RateLimitTarget::Group(info.id); - } - } - RateLimitTarget::Transaction(identifier) - } -} - -fn serve_calls(grouping: &Grouping) -> Vec { - grouping - .members(GROUP_SERVE) - .map(|m| m.iter().copied().collect()) - .unwrap_or_default() -} - -fn build_grouping() -> Grouping { - let mut grouping = Grouping::default(); - - for entry in rate_limited_calls() { - match entry.target { - TargetKind::Group { - id, - name, - sharing, - members, - } => { - grouping.insert_group(id, &name, sharing, &members); - for member in members { - if entry.read_only.contains(&member) { - grouping.set_read_only(member, true); - } - } - } - TargetKind::Standalone(call) => { - if entry.read_only.contains(&call) { - grouping.set_read_only(call, true); - } - } - } - } - - grouping.finalize_next_id(); - grouping -} - -/// Returns a readable listing of all calls covered by the migration. -/// Each entry captures how the call is grouped, scoped, and which legacy storage sources feed its -/// limits and last-seen values. -pub fn rate_limited_calls() -> Vec { - vec![ - RateLimitedCall { - target: TargetKind::Group { - id: GROUP_SERVE, - name: b"serving".to_vec(), - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(4), // serve_axon - subtensor_identifier(40), // serve_axon_tls - SERVE_PROM_IDENTIFIER, // serve_prometheus - ], - }, - scope: LimitScopeKind::Netuid, - usage: vec![ - UsageKind::AccountSubnetAxon, - UsageKind::AccountSubnetPrometheus, - ], - read_only: Vec::new(), - legacy: sources(&["ServingRateLimit (per netuid)"], &["Axons/Prometheus"]), - }, - RateLimitedCall { - target: TargetKind::Group { - id: GROUP_DELEGATE_TAKE, - name: b"delegate-take".to_vec(), - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(66), // increase_take - subtensor_identifier(65), // decrease_take - ], - }, - scope: LimitScopeKind::Global, - usage: vec![UsageKind::Account], - read_only: Vec::new(), - legacy: sources(&["TxDelegateTakeRateLimit"], &["LastTxBlockDelegateTake"]), - }, - RateLimitedCall { - target: TargetKind::Group { - id: GROUP_WEIGHTS_SUBNET, - name: b"weights".to_vec(), - sharing: GroupSharing::ConfigAndUsage, - members: WEIGHT_CALLS_SUBNET - .into_iter() - .chain(WEIGHT_CALLS_MECHANISM) - .collect(), - }, - scope: LimitScopeKind::Netuid, - usage: vec![UsageKind::SubnetNeuron, UsageKind::SubnetMechanismNeuron], - read_only: Vec::new(), - legacy: sources( - &["SubnetWeightsSetRateLimit"], - &["LastUpdate (subnet/mechanism)"], - ), - }, - RateLimitedCall { - target: TargetKind::Group { - id: GROUP_REGISTER_NETWORK, - name: b"register-network".to_vec(), - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(59), // register_network - subtensor_identifier(79), // register_network_with_identity - ], - }, - scope: LimitScopeKind::Global, - usage: Vec::new(), - read_only: Vec::new(), - legacy: sources(&["NetworkRateLimit"], &["NetworkLastRegistered"]), - }, - RateLimitedCall { - target: TargetKind::Group { - id: GROUP_OWNER_HPARAMS, - name: b"owner-hparams".to_vec(), - sharing: GroupSharing::ConfigOnly, - members: HYPERPARAMETERS - .iter() - .filter_map(|h| identifier_for_hyperparameter(*h)) - .collect(), - }, - scope: LimitScopeKind::Netuid, - usage: vec![UsageKind::Subnet], - read_only: Vec::new(), - legacy: sources( - &["OwnerHyperparamRateLimit * tempo"], - &["LastRateLimitedBlock::OwnerHyperparamUpdate"], - ), - }, - RateLimitedCall { - target: TargetKind::Group { - id: GROUP_STAKING_OPS, - name: b"staking-ops".to_vec(), - sharing: GroupSharing::ConfigAndUsage, - members: vec![ - subtensor_identifier(2), // add_stake - subtensor_identifier(88), // add_stake_limit - subtensor_identifier(3), // remove_stake - subtensor_identifier(89), // remove_stake_limit - subtensor_identifier(103), // remove_stake_full_limit - subtensor_identifier(85), // move_stake - subtensor_identifier(86), // transfer_stake - subtensor_identifier(87), // swap_stake - subtensor_identifier(90), // swap_stake_limit - ], - }, - scope: LimitScopeKind::Global, - usage: vec![UsageKind::ColdkeyHotkeySubnet], - read_only: vec![ - subtensor_identifier(3), // remove_stake - subtensor_identifier(89), // remove_stake_limit - subtensor_identifier(103), // remove_stake_full_limit - subtensor_identifier(86), // transfer_stake - ], - legacy: sources(&["TxRateLimit"], &[]), - }, - RateLimitedCall { - target: TargetKind::Standalone(subtensor_identifier(70)), // swap_hotkey - scope: LimitScopeKind::Global, - usage: vec![UsageKind::Account], - read_only: Vec::new(), - legacy: sources(&["TxRateLimit"], &["LastRateLimitedBlock::LastTxBlock"]), - }, - RateLimitedCall { - target: TargetKind::Standalone(subtensor_identifier(75)), // set_childkey_take - scope: LimitScopeKind::Global, - usage: vec![UsageKind::AccountSubnet], - read_only: Vec::new(), - legacy: sources( - &["TxChildkeyTakeRateLimit"], - &["TransactionKeyLastBlock::SetChildkeyTake"], - ), - }, - RateLimitedCall { - target: TargetKind::Standalone(subtensor_identifier(67)), // set_children - scope: LimitScopeKind::Global, - usage: vec![UsageKind::AccountSubnet], - read_only: Vec::new(), - legacy: sources( - &["SET_CHILDREN_RATE_LIMIT (constant 150)"], - &["TransactionKeyLastBlock::SetChildren"], - ), - }, - RateLimitedCall { - // sudo_set_weights_version_key - target: TargetKind::Standalone(admin_utils_identifier(6)), - scope: LimitScopeKind::Netuid, - usage: vec![UsageKind::AccountSubnet], - read_only: Vec::new(), - legacy: sources( - &["WeightsVersionKeyRateLimit * tempo"], - &["TransactionKeyLastBlock::SetWeightsVersionKey"], - ), - }, - RateLimitedCall { - // sudo_set_sn_owner_hotkey - target: TargetKind::Standalone(admin_utils_identifier(67)), - scope: LimitScopeKind::Global, - usage: vec![UsageKind::Subnet], - read_only: Vec::new(), - legacy: sources( - &["DefaultSetSNOwnerHotkeyRateLimit"], - &["LastRateLimitedBlock::SetSNOwnerHotkey"], - ), - }, - RateLimitedCall { - target: TargetKind::Standalone(subtensor_identifier(93)), // associate_evm_key - scope: LimitScopeKind::Global, - usage: vec![UsageKind::SubnetNeuron], - read_only: Vec::new(), - legacy: sources(&["EvmKeyAssociateRateLimit"], &["AssociatedEvmAddress"]), - }, - RateLimitedCall { - target: TargetKind::Standalone(admin_utils_identifier(76)), // sudo_set_mechanism_count - scope: LimitScopeKind::Global, - usage: vec![UsageKind::AccountSubnet], - read_only: Vec::new(), - legacy: sources( - &["MechanismCountSetRateLimit"], - &["TransactionKeyLastBlock::MechanismCountUpdate"], - ), - }, - RateLimitedCall { - // sudo_set_mechanism_emission_split - target: TargetKind::Standalone(admin_utils_identifier(77)), - scope: LimitScopeKind::Global, - usage: vec![UsageKind::AccountSubnet], - read_only: Vec::new(), - legacy: sources( - &["MechanismEmissionRateLimit"], - &["TransactionKeyLastBlock::MechanismEmission"], - ), - }, - RateLimitedCall { - // sudo_trim_to_max_allowed_uids - target: TargetKind::Standalone(admin_utils_identifier(78)), - scope: LimitScopeKind::Global, - usage: vec![UsageKind::AccountSubnet], - read_only: Vec::new(), - legacy: sources( - &["MaxUidsTrimmingRateLimit"], - &["TransactionKeyLastBlock::MaxUidsTrimming"], - ), - }, - ] -} +/// Runtime hook that executes the rate-limiting migration. +pub struct Migration(PhantomData); -pub fn migrate_rate_limiting() -> Weight +impl frame_support::traits::OnRuntimeUpgrade for Migration where T: SubtensorConfig + pallet_rate_limiting::Config, RateLimitUsageKey: Into<::UsageKey>, { - let mut weight = T::DbWeight::get().reads(1); - if HasMigrationRun::::get(MIGRATION_NAME) { + fn on_runtime_upgrade() -> Weight { + migrate_rate_limiting() + } +} + +pub fn migrate_rate_limiting() -> Weight { + let mut weight = ::DbWeight::get().reads(1); + if HasMigrationRun::::get(MIGRATION_NAME) { info!("Rate-limiting migration already executed. Skipping."); return weight; } - let grouping = build_grouping(); - let (limits, limit_reads) = build_limits::(&grouping); - let (last_seen, seen_reads) = build_last_seen::(&grouping); - - let limit_writes = write_limits::(&limits); - let seen_writes = write_last_seen::(&last_seen); - let group_writes = write_groups::(&grouping); - - HasMigrationRun::::insert(MIGRATION_NAME, true); - - weight = weight - .saturating_add(T::DbWeight::get().reads(limit_reads.saturating_add(seen_reads))) - .saturating_add( - T::DbWeight::get().writes( - limit_writes - .saturating_add(seen_writes) - .saturating_add(group_writes) - .saturating_add(1), - ), - ); + let (groups, commits, reads) = commits(); + weight = weight.saturating_add(::DbWeight::get().reads(reads)); - info!( - "Migrated {} rate-limit configs, {} last-seen entries, and {} groups into pallet-rate-limiting", - limits.len(), - last_seen.len(), - grouping.details.len() + let (limit_commits, last_seen_commits) = commits.into_iter().fold( + (Vec::new(), Vec::new()), + |(mut limits, mut seen), commit| { + match commit.kind { + CommitKind::Limit(limit) => limits.push((commit.target, limit)), + CommitKind::LastSeen(ls) => seen.push((commit.target, ls)), + } + (limits, seen) + }, ); - weight -} + let (group_writes, group_count) = migrate_grouping(&groups); + let (limit_writes, limits_len) = migrate_limits(limit_commits); + let (last_seen_writes, last_seen_len) = migrate_last_seen(last_seen_commits); -type LimitImporter = fn(&Grouping, &mut LimitEntries) -> u64; + let mut writes = group_writes + .saturating_add(limit_writes) + .saturating_add(last_seen_writes); -fn limit_importers() -> [LimitImporter; 4] { - [ - import_simple_limits::, // Tx/childkey/delegate/staking lock, register, sudo, evm, children - import_owner_hparam_limits::, // Owner hyperparams - import_serving_limits::, // Axon/prometheus serving rate limit per subnet - import_weight_limits::, // Weight/commit/reveal per subnet and mechanism - ] -} + HasMigrationRun::::insert(MIGRATION_NAME, true); + writes += 1; -fn build_limits(grouping: &Grouping) -> (LimitEntries, u64) { - let mut limits = LimitEntries::::new(); - let mut reads: u64 = 0; + weight = + weight.saturating_add(::DbWeight::get().writes(writes)); - for importer in limit_importers::() { - reads += importer(grouping, &mut limits); - } + info!( + "New migration wrote {} limits, {} last-seen entries, and {} groups into pallet-rate-limiting", + limits_len, last_seen_len, group_count + ); - (limits, reads) + weight } -fn import_simple_limits( - grouping: &Grouping, - limits: &mut LimitEntries, -) -> u64 { +// Main entrypoint: build all groups and commits, along with storage reads. +fn commits() -> (Vec, Vec, u64) { + let mut groups = Vec::new(); + let mut commits = Vec::new(); let mut reads: u64 = 0; - reads += 1; - if let Some(span) = block_number::(TxRateLimit::::get()) { - set_global_limit::( - limits, - grouping.config_target(subtensor_identifier(70)), - span, - ); - } + // grouped + reads += build_serving(&mut groups, &mut commits); + reads += build_delegate_take(&mut groups, &mut commits); + reads += build_weights(&mut groups, &mut commits); + reads += build_register_network(&mut groups, &mut commits); + reads += build_owner_hparams(&mut groups, &mut commits); + reads += build_staking_ops(&mut groups, &mut commits); + + // standalone + reads += build_swap_hotkey(&mut commits); + reads += build_childkey_take(&mut commits); + reads += build_set_children(&mut commits); + reads += build_weights_version_key(&mut commits); + reads += build_sn_owner_hotkey(&mut commits); + reads += build_associate_evm(&mut commits); + reads += build_mechanism_count(&mut commits); + reads += build_mechanism_emission(&mut commits); + reads += build_trim_max_uids(&mut commits); + + (groups, commits, reads) +} - // Staking ops are gated to one operation per block in legacy (marker cleared each block). - if let Some(members) = grouping.members(GROUP_STAKING_OPS) { - if let Some(span) = block_number::(1) { - for call in members { - set_global_limit::(limits, grouping.config_target(*call), span); - } - } - } +fn migrate_grouping(groups: &[GroupConfig]) -> (u64, usize) { + let mut writes: u64 = 0; + let mut max_group_id: Option = None; - reads += 1; - if let Some(span) = block_number::(TxDelegateTakeRateLimit::::get()) { - set_global_limit::( - limits, - grouping.config_target(subtensor_identifier(66)), - span, - ); - } + for group in groups { + let Ok(name) = GroupNameOf::::try_from(group.name.clone()) else { + warn!( + "rate-limiting migration: group name exceeds bounds, skipping id {}", + group.id + ); + continue; + }; - reads += 1; - if let Some(span) = block_number::(TxChildkeyTakeRateLimit::::get()) { - set_global_limit::( - limits, - grouping.config_target(subtensor_identifier(75)), - span, + pallet_rate_limiting::Groups::::insert( + group.id, + RateLimitGroup { + id: group.id, + name: name.clone(), + sharing: group.sharing, + }, ); - } + pallet_rate_limiting::GroupNameIndex::::insert(name, group.id); + writes += 2; - reads += 1; - if let Some(span) = block_number::(NetworkRateLimit::::get()) { - if let Some(members) = grouping.members(GROUP_REGISTER_NETWORK) { - for call in members { - set_global_limit::(limits, grouping.config_target(*call), span); + let mut member_set = BTreeSet::new(); + for call in &group.members { + member_set.insert(call.identifier()); + pallet_rate_limiting::CallGroups::::insert(call.identifier(), group.id); + writes += 1; + if call.read_only { + pallet_rate_limiting::CallReadOnly::::insert(call.identifier(), true); + writes += 1; } } - } + let Ok(bounded) = GroupMembersOf::::try_from(member_set) else { + warn!( + "rate-limiting migration: group {} has too many members, skipping assignment", + group.id + ); + continue; + }; + pallet_rate_limiting::GroupMembers::::insert(group.id, bounded); + writes += 1; - if let Some(span) = block_number::(WeightsVersionKeyRateLimit::::get()) { - set_global_limit::( - limits, - grouping.config_target(admin_utils_identifier(6)), - span, - ); + max_group_id = Some(max_group_id.map_or(group.id, |current| current.max(group.id))); } - if let Some(span) = - block_number::(pallet_subtensor::pallet::DefaultSetSNOwnerHotkeyRateLimit::::get()) - { - set_global_limit::( - limits, - grouping.config_target(admin_utils_identifier(67)), - span, - ); - } + let next_group_id = max_group_id.map_or(0, |id| id.saturating_add(1)); + pallet_rate_limiting::NextGroupId::::put(next_group_id); + writes += 1; - if let Some(span) = block_number::(::EvmKeyAssociateRateLimit::get()) { - set_global_limit::( - limits, - grouping.config_target(subtensor_identifier(93)), - span, - ); - } + (writes, groups.len()) +} - if let Some(span) = block_number::(MechanismCountSetRateLimit::::get()) { - set_global_limit::( - limits, - grouping.config_target(admin_utils_identifier(76)), - span, - ); - } +fn migrate_limits(limit_commits: Vec<(RateLimitTarget, MigratedLimit)>) -> (u64, usize) { + let mut writes: u64 = 0; + let mut limits: BTreeMap, RateLimit>> = + BTreeMap::new(); - if let Some(span) = block_number::(MechanismEmissionRateLimit::::get()) { - set_global_limit::( - limits, - grouping.config_target(admin_utils_identifier(77)), - span, - ); - } + for (target, MigratedLimit { span, scope }) in limit_commits { + let entry = limits.entry(target).or_insert_with(|| match scope { + Some(s) => RateLimit::scoped_single(s, RateLimitKind::Exact(span)), + None => RateLimit::global(RateLimitKind::Exact(span)), + }); - if let Some(span) = block_number::(MaxUidsTrimmingRateLimit::::get()) { - set_global_limit::( - limits, - grouping.config_target(admin_utils_identifier(78)), - span, - ); + if let Some(netuid) = scope { + match entry { + RateLimit::Global(_) => { + *entry = RateLimit::scoped_single(netuid, RateLimitKind::Exact(span)); + } + RateLimit::Scoped(map) => { + map.insert(netuid, RateLimitKind::Exact(span)); + } + } + } else { + *entry = RateLimit::global(RateLimitKind::Exact(span)); + } } - if let Some(span) = block_number::(SET_CHILDREN_RATE_LIMIT) { - set_global_limit::( - limits, - grouping.config_target(subtensor_identifier(67)), - span, - ); + let len = limits.len(); + for (target, limit) in limits { + pallet_rate_limiting::Limits::::insert(target, limit); + writes += 1; } - reads + (writes, len) } -fn import_owner_hparam_limits( - grouping: &Grouping, - limits: &mut LimitEntries, -) -> u64 { - let mut reads: u64 = 0; +fn migrate_last_seen( + last_seen_commits: Vec<(RateLimitTarget, MigratedLastSeen)>, +) -> (u64, usize) { + let mut writes: u64 = 0; + let mut last_seen: BTreeMap< + ( + RateLimitTarget, + Option>, + ), + BlockNumberFor, + > = BTreeMap::new(); + + for (target, MigratedLastSeen { block, usage }) in last_seen_commits { + let key = (target, usage); + last_seen + .entry(key) + .and_modify(|existing| { + if block > *existing { + *existing = block; + } + }) + .or_insert(block); + } - reads += 1; - if let Some(span) = block_number::(u64::from(OwnerHyperparamRateLimit::::get())) { - for hparam in HYPERPARAMETERS { - if let Some(identifier) = identifier_for_hyperparameter(*hparam) { - set_global_limit::(limits, grouping.config_target(identifier), span); - } - } + let len = last_seen.len(); + for ((target, usage), block) in last_seen { + pallet_rate_limiting::LastSeen::::insert(target, usage, block); + writes += 1; } - reads + (writes, len) } -fn import_serving_limits( - grouping: &Grouping, - limits: &mut LimitEntries, -) -> u64 { +// Serving group (config+usage shared). +// scope: netuid +// usage: account+netuid, but different keys (endpoint value) for axon/prometheus +// legacy sources: ServingRateLimit (per netuid), Axons/Prometheus +fn build_serving(groups: &mut Vec, commits: &mut Vec) -> u64 { let mut reads: u64 = 0; - let mut netuids = Pallet::::get_all_subnet_netuids(); - for (netuid, _) in ServingRateLimit::::iter() { + // Create the group with all its members. + groups.push(GroupConfig { + id: GROUP_SERVE, + name: b"serving".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + MigratedCall::subtensor(4, false), // serve_axon + MigratedCall::subtensor(40, false), // serve_axon_tls + MigratedCall::subtensor(5, false), // serve_prometheus + ], + }); + + // Limits per netuid (written to the group target). + reads += 1; + // Merge live subnets (which may rely on default rate-limit values) with any legacy entries that + // exist only in storage, so we migrate both current and previously stored netuids without + // duplicates. + let mut netuids = Pallet::::get_all_subnet_netuids(); + for (netuid, _) in ServingRateLimit::::iter() { if !netuids.contains(&netuid) { netuids.push(netuid); } } - for netuid in netuids { reads += 1; - if let Some(span) = block_number::(Pallet::::get_serving_rate_limit(netuid)) { - for call in serve_calls(grouping) { - set_scoped_limit::(limits, grouping.config_target(call), netuid, span); - } - } + push_limit_commit_if_non_zero( + commits, + RateLimitTarget::Group(GROUP_SERVE), + Pallet::::get_serving_rate_limit(netuid), + Some(netuid), + ); } - reads -} - -fn import_weight_limits( - grouping: &Grouping, - limits: &mut LimitEntries, -) -> u64 { - let mut reads: u64 = 0; - let netuids = Pallet::::get_all_subnet_netuids(); + // Axon last-seen (group-shared usage). + for (netuid, hotkey, axon) in Axons::::iter() { + reads += 1; + if let Some(block) = block_number::(axon.block) { + commits.push(Commit { + target: RateLimitTarget::Group(GROUP_SERVE), + kind: CommitKind::LastSeen(MigratedLastSeen { + block, + usage: Some(RateLimitUsageKey::AccountSubnetServing { + account: hotkey.clone(), + netuid, + endpoint: crate::rate_limiting::ServingEndpoint::Axon, + }), + }), + }); + } + } - for netuid in &netuids { + // Prometheus last-seen (group-shared usage). + for (netuid, hotkey, prom) in Prometheus::::iter() { reads += 1; - if let Some(span) = block_number::(Pallet::::get_weights_set_rate_limit(*netuid)) { - for call in WEIGHT_CALLS_SUBNET { - set_scoped_limit::(limits, grouping.config_target(call), *netuid, span); - } - for call in WEIGHT_CALLS_MECHANISM { - set_scoped_limit::(limits, grouping.config_target(call), *netuid, span); - } + if let Some(block) = block_number::(prom.block) { + commits.push(Commit { + target: RateLimitTarget::Group(GROUP_SERVE), + kind: CommitKind::LastSeen(MigratedLastSeen { + block, + usage: Some(RateLimitUsageKey::AccountSubnetServing { + account: hotkey, + netuid, + endpoint: crate::rate_limiting::ServingEndpoint::Prometheus, + }), + }), + }); } } reads } -fn build_last_seen(grouping: &Grouping) -> (LastSeenEntries, u64) { - let mut last_seen = LastSeenEntries::::new(); +// Delegate take group (config + usage shared). +// usage: account +// legacy sources: TxDelegateTakeRateLimit, LastTxBlockDelegateTake +fn build_delegate_take(groups: &mut Vec, commits: &mut Vec) -> u64 { let mut reads: u64 = 0; + groups.push(GroupConfig { + id: GROUP_DELEGATE_TAKE, + name: b"delegate-take".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + MigratedCall::subtensor(66, false), // increase_take + MigratedCall::subtensor(65, false), // decrease_take + ], + }); + + let target = RateLimitTarget::Group(GROUP_DELEGATE_TAKE); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + TxDelegateTakeRateLimit::::get(), + None, + ); - for importer in last_seen_importers::() { - reads += importer(grouping, &mut last_seen); - } - - (last_seen, reads) -} - -type LastSeenImporter = fn(&Grouping, &mut LastSeenEntries) -> u64; - -fn last_seen_importers() -> [LastSeenImporter; 5] { - [ - import_last_rate_limited_blocks::, // LastRateLimitedBlock (tx, delegate, owner hyperparams, sn owner) - import_transaction_key_last_blocks::, // TransactionKeyLastBlock (children, version key, mechanisms) - import_last_update_entries::, // LastUpdate (weights/mechanism weights) - import_serving_entries::, // Axons/Prometheus - import_evm_entries::, // AssociatedEvmAddress - ] -} - -fn import_last_rate_limited_blocks( - grouping: &Grouping, - entries: &mut LastSeenEntries, -) -> u64 { - let mut reads: u64 = 0; - for (key, block) in LastRateLimitedBlock::::iter() { - reads += 1; - if block == 0 { - continue; - } - match key { - RateLimitKey::SetSNOwnerHotkey(netuid) => { - if let Some(identifier) = - identifier_for_transaction_type(TransactionType::SetSNOwnerHotkey) - { - record_last_seen_entry::( - entries, - grouping.usage_target(identifier), - Some(RateLimitUsageKey::Subnet(netuid)), - block, - ); - } - } - RateLimitKey::OwnerHyperparamUpdate(netuid, hyper) => { - if let Some(identifier) = identifier_for_hyperparameter(hyper) { - record_last_seen_entry::( - entries, - grouping.usage_target(identifier), - Some(RateLimitUsageKey::Subnet(netuid)), - block, - ); + reads += + last_seen_helpers::collect_last_seen_from_last_rate_limited_block( + commits, + |key| match key { + RateLimitKey::LastTxBlockDelegateTake(account) => { + Some((target, Some(RateLimitUsageKey::Account(account)))) } - } - RateLimitKey::LastTxBlock(account) => { - record_last_seen_entry::( - entries, - grouping.usage_target(subtensor_identifier(70)), - Some(RateLimitUsageKey::Account(account.clone())), - block, - ); - } - RateLimitKey::LastTxBlockDelegateTake(account) => { - record_last_seen_entry::( - entries, - grouping.usage_target(subtensor_identifier(66)), - Some(RateLimitUsageKey::Account(account.clone())), - block, - ); - } - RateLimitKey::NetworkLastRegistered => { - record_last_seen_entry::( - entries, - grouping.usage_target(subtensor_identifier(59)), - None, - block, - ); - } - RateLimitKey::LastTxBlockChildKeyTake(_) => { - // Deprecated storage; ignored. - } - } - } + _ => None, + }, + ); + reads } -fn import_transaction_key_last_blocks( - grouping: &Grouping, - entries: &mut LastSeenEntries, -) -> u64 { +// Weights group (config + usage shared). +// scope: netuid +// usage: netuid+neuron/netuid+mechanism+neuron +// legacy source: SubnetWeightsSetRateLimit, LastUpdate (subnet/mechanism) +fn build_weights(groups: &mut Vec, commits: &mut Vec) -> u64 { let mut reads: u64 = 0; - for ((account, netuid, tx_kind), block) in TransactionKeyLastBlock::::iter() { + groups.push(GroupConfig { + id: GROUP_WEIGHTS_SUBNET, + name: b"weights".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + MigratedCall::subtensor(0, false), // set_weights + MigratedCall::subtensor(96, false), // commit_weights + MigratedCall::subtensor(100, false), // batch_commit_weights + MigratedCall::subtensor(113, false), // commit_timelocked_weights + MigratedCall::subtensor(97, false), // reveal_weights + MigratedCall::subtensor(98, false), // batch_reveal_weights + MigratedCall::subtensor(119, false), // set_mechanism_weights + MigratedCall::subtensor(115, false), // commit_mechanism_weights + MigratedCall::subtensor(117, false), // commit_crv3_mechanism_weights + MigratedCall::subtensor(118, false), // commit_timelocked_mechanism_weights + MigratedCall::subtensor(116, false), // reveal_mechanism_weights + ], + }); + + reads += 1; + for netuid in Pallet::::get_all_subnet_netuids() { reads += 1; - if block == 0 { - continue; - } - let tx_type = TransactionType::from(tx_kind); - let Some(identifier) = identifier_for_transaction_type(tx_type) else { - continue; - }; - let Some(usage) = usage_key_from_transaction_type(tx_type, &account, netuid) else { - continue; - }; - record_last_seen_entry::( - entries, - grouping.usage_target(identifier), - Some(usage), - block, + push_limit_commit_if_non_zero( + commits, + RateLimitTarget::Group(GROUP_WEIGHTS_SUBNET), + Pallet::::get_weights_set_rate_limit(netuid), + Some(netuid), ); } - reads -} -fn import_last_update_entries( - grouping: &Grouping, - entries: &mut LastSeenEntries, -) -> u64 { - let mut reads: u64 = 0; - for (index, blocks) in LastUpdate::::iter() { + for (index, blocks) in LastUpdate::::iter() { reads += 1; let (netuid, mecid) = - Pallet::::get_netuid_and_subid(index).unwrap_or((NetUid::ROOT, 0.into())); - let subnet_calls: Vec<_> = if mecid == 0.into() { - WEIGHT_CALLS_SUBNET.to_vec() - } else { - WEIGHT_CALLS_MECHANISM.to_vec() - }; - + Pallet::::get_netuid_and_subid(index).unwrap_or((NetUid::ROOT, 0.into())); for (uid, last_block) in blocks.into_iter().enumerate() { - if last_block == 0 { + let Some(block) = block_number::(last_block) else { continue; - } + }; let Ok(uid_u16) = u16::try_from(uid) else { continue; }; @@ -868,340 +455,495 @@ fn import_last_update_entries( uid: uid_u16, } }; - - for call in subnet_calls.iter() { - record_last_seen_entry::( - entries, - grouping.usage_target(*call), - Some(usage.clone()), - last_block, - ); - } + commits.push(Commit { + target: RateLimitTarget::Group(GROUP_WEIGHTS_SUBNET), + kind: CommitKind::LastSeen(MigratedLastSeen { + block, + usage: Some(usage), + }), + }); } } + reads } -fn import_serving_entries( - grouping: &Grouping, - entries: &mut LastSeenEntries, -) -> u64 { +// Register network group (config + usage shared). +// legacy sources: NetworkRateLimit, NetworkLastRegistered +fn build_register_network(groups: &mut Vec, commits: &mut Vec) -> u64 { let mut reads: u64 = 0; - for (netuid, hotkey, axon) in Axons::::iter() { - reads += 1; - if axon.block == 0 { - continue; - } - let usage = RateLimitUsageKey::AccountSubnetServing { - account: hotkey.clone(), - netuid, - endpoint: crate::rate_limiting::ServingEndpoint::Axon, - }; - let axon_calls: Vec<_> = grouping - .members(GROUP_SERVE) - .map(|m| m.iter().copied().collect()) - .unwrap_or_else(|| vec![subtensor_identifier(4), subtensor_identifier(40)]); - for call in axon_calls { - record_last_seen_entry::( - entries, - grouping.usage_target(call), - Some(usage.clone()), - axon.block, - ); - } - } + groups.push(GroupConfig { + id: GROUP_REGISTER_NETWORK, + name: b"register-network".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + MigratedCall::subtensor(59, false), // register_network + MigratedCall::subtensor(79, false), // register_network_with_identity + ], + }); + + let target = RateLimitTarget::Group(GROUP_REGISTER_NETWORK); + reads += 1; + push_limit_commit_if_non_zero(commits, target, NetworkRateLimit::::get(), None); + + reads += + last_seen_helpers::collect_last_seen_from_last_rate_limited_block( + commits, + |key| match key { + RateLimitKey::NetworkLastRegistered => Some((target, None)), + _ => None, + }, + ); - for (netuid, hotkey, prom) in Prometheus::::iter() { - reads += 1; - if prom.block == 0 { - continue; - } - let usage = RateLimitUsageKey::AccountSubnetServing { - account: hotkey, - netuid, - endpoint: crate::rate_limiting::ServingEndpoint::Prometheus, - }; - record_last_seen_entry::( - entries, - grouping.usage_target(SERVE_PROM_IDENTIFIER), - Some(usage), - prom.block, + reads +} + +// Owner hyperparameter group (config shared, usage per call). +// usage: netuid +// legacy sources: OwnerHyperparamRateLimit * tempo, +// LastRateLimitedBlock per OwnerHyperparamUpdate +fn build_owner_hparams(groups: &mut Vec, commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + groups.push(GroupConfig { + id: GROUP_OWNER_HPARAMS, + name: b"owner-hparams".to_vec(), + sharing: GroupSharing::ConfigOnly, + members: HYPERPARAMETERS + .iter() + .filter_map(|h| identifier_for_hyperparameter(*h)) + .collect(), + }); + + let group_target = RateLimitTarget::Group(GROUP_OWNER_HPARAMS); + reads += 1; + push_limit_commit_if_non_zero( + commits, + group_target, + u64::from(OwnerHyperparamRateLimit::::get()), + None, + ); + + reads += + last_seen_helpers::collect_last_seen_from_last_rate_limited_block( + commits, + |key| match key { + RateLimitKey::OwnerHyperparamUpdate(netuid, hyper) => { + let Some(identifier) = identifier_for_hyperparameter(hyper) else { + return None; + }; + Some(( + RateLimitTarget::Transaction(identifier.identifier()), + Some(RateLimitUsageKey::Subnet(netuid)), + )) + } + _ => None, + }, ); - } reads } -fn import_evm_entries( - grouping: &Grouping, - entries: &mut LastSeenEntries, -) -> u64 { +// Staking ops group (config + usage shared, all ops 1 block). +// usage: coldkey+hotkey+netuid +// legacy sources: TxRateLimit (reset every block for staking ops), StakingOperationRateLimiter +fn build_staking_ops(groups: &mut Vec, commits: &mut Vec) -> u64 { + groups.push(GroupConfig { + id: GROUP_STAKING_OPS, + name: b"staking-ops".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + MigratedCall::subtensor(2, false), // add_stake + MigratedCall::subtensor(88, false), // add_stake_limit + MigratedCall::subtensor(3, true), // remove_stake + MigratedCall::subtensor(89, true), // remove_stake_limit + MigratedCall::subtensor(103, true), // remove_stake_full_limit + MigratedCall::subtensor(85, false), // move_stake + MigratedCall::subtensor(86, true), // transfer_stake + MigratedCall::subtensor(87, false), // swap_stake + MigratedCall::subtensor(90, false), // swap_stake_limit + ], + }); + + push_limit_commit_if_non_zero(commits, RateLimitTarget::Group(GROUP_STAKING_OPS), 1, None); + + // we don't need to migrate last-seen since the limiter is reset every block. + + 0 +} + +// Standalone swap_hotkey. +// usage: account +// legacy sources: TxRateLimit, LastRateLimitedBlock per LastTxBlock +fn build_swap_hotkey(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; - for (netuid, uid, (_, block)) in AssociatedEvmAddress::::iter() { - reads += 1; - if block == 0 { - continue; - } - record_last_seen_entry::( - entries, - grouping.usage_target(subtensor_identifier(93)), - Some(RateLimitUsageKey::SubnetNeuron { netuid, uid }), - block, + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, 70)); + + reads += 1; + push_limit_commit_if_non_zero(commits, target, TxRateLimit::::get(), None); + + reads += + last_seen_helpers::collect_last_seen_from_last_rate_limited_block( + commits, + |key| match key { + RateLimitKey::LastTxBlock(account) => { + Some((target, Some(RateLimitUsageKey::Account(account)))) + } + _ => None, + }, ); - } + reads } -fn convert_target(target: &RateLimitTarget) -> RateLimitTarget -where - T: SubtensorConfig + pallet_rate_limiting::Config, - RateLimitUsageKey: Into<::UsageKey>, -{ - match target { - RateLimitTarget::Transaction(identifier) => RateLimitTarget::Transaction(*identifier), - RateLimitTarget::Group(id) => RateLimitTarget::Group((*id).saturated_into()), - } +// Standalone set_childkey_take. +// usage: account+netuid +// legacy sources: TxChildkeyTakeRateLimit, TransactionKeyLastBlock per SetChildkeyTake +fn build_childkey_take(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, 75)); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + TxChildkeyTakeRateLimit::::get(), + None, + ); + + reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::SetChildkeyTake, + ); + + reads } -fn write_limits(limits: &LimitEntries) -> u64 -where - T: SubtensorConfig + pallet_rate_limiting::Config, - RateLimitUsageKey: Into<::UsageKey>, -{ - let mut writes: u64 = 0; - for (identifier, limit) in limits.iter() { - let target = convert_target::(identifier); - pallet_rate_limiting::Limits::::insert(target, limit.clone()); - writes += 1; - } - writes +// Standalone set_children. +// usage: account+netuid +// legacy sources: SET_CHILDREN_RATE_LIMIT (constant 150), +// TransactionKeyLastBlock per SetChildren +fn build_set_children(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, 67)); + push_limit_commit_if_non_zero(commits, target, SET_CHILDREN_RATE_LIMIT, None); + + reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::SetChildren, + ); + + reads } -fn write_last_seen(entries: &LastSeenEntries) -> u64 -where - T: SubtensorConfig + pallet_rate_limiting::Config, - RateLimitUsageKey: Into<::UsageKey>, -{ - let mut writes: u64 = 0; - for ((identifier, usage), block) in entries.iter() { - let target = convert_target::(identifier); - let usage_key = usage.clone().map(Into::into); - pallet_rate_limiting::LastSeen::::insert(target, usage_key, *block); - writes += 1; - } - writes +// Standalone set_weights_version_key. +// scope: netuid +// usage: account+netuid +// legacy sources: WeightsVersionKeyRateLimit * tempo, +// TransactionKeyLastBlock per SetWeightsVersionKey +fn build_weights_version_key(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 6)); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + WeightsVersionKeyRateLimit::::get(), + None, + ); + + reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::SetWeightsVersionKey, + ); + + reads } -fn write_groups(grouping: &Grouping) -> u64 -where - T: SubtensorConfig + pallet_rate_limiting::Config, - RateLimitUsageKey: Into<::UsageKey>, -{ - let mut writes: u64 = 0; +// Standalone set_sn_owner_hotkey. +// usage: netuid +// legacy sources: DefaultSetSNOwnerHotkeyRateLimit, +// LastRateLimitedBlock per SetSNOwnerHotkey +fn build_sn_owner_hotkey(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 67)); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + pallet_subtensor::pallet::DefaultSetSNOwnerHotkeyRateLimit::::get(), + None, + ); - for detail in &grouping.details { - let Ok(name) = GroupNameOf::::try_from(detail.name.clone()) else { - warn!( - "rate-limiting migration: group name exceeds bounds, skipping id {}", - detail.id - ); - continue; - }; - let group_id = detail.id.saturated_into::(); - let stored = RateLimitGroup { - id: group_id, - name: name.clone(), - sharing: detail.sharing, - }; + reads += + last_seen_helpers::collect_last_seen_from_last_rate_limited_block( + commits, + |key| match key { + RateLimitKey::SetSNOwnerHotkey(netuid) => { + Some((target, Some(RateLimitUsageKey::Subnet(netuid)))) + } + _ => None, + }, + ); - pallet_rate_limiting::Groups::::insert(group_id, stored); - pallet_rate_limiting::GroupNameIndex::::insert(name, group_id); - writes += 2; - } + reads +} - for (group, members) in &grouping.members { - let group_id = (*group).saturated_into::(); - let Ok(bounded) = GroupMembersOf::::try_from(members.clone()) else { - warn!( - "rate-limiting migration: group {} has too many members, skipping assignment", - group - ); +// Standalone associate_evm_key. +// usage: netuid+neuron +// legacy sources: EvmKeyAssociateRateLimit, AssociatedEvmAddress +fn build_associate_evm(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, 93)); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + ::EvmKeyAssociateRateLimit::get(), + None, + ); + + for (netuid, uid, (_, block)) in AssociatedEvmAddress::::iter() { + reads += 1; + let Some(block) = block_number::(block) else { continue; }; - pallet_rate_limiting::GroupMembers::::insert(group_id, bounded); - writes += 1; + commits.push(Commit { + target, + kind: CommitKind::LastSeen(MigratedLastSeen { + block, + usage: Some(RateLimitUsageKey::SubnetNeuron { netuid, uid }), + }), + }); } - for (identifier, info) in &grouping.assignments { - let group_id = info.id.saturated_into::(); - pallet_rate_limiting::CallGroups::::insert(*identifier, group_id); - writes += 1; + reads +} - if grouping.read_only.get(identifier).copied().unwrap_or(false) { - pallet_rate_limiting::CallReadOnly::::insert(*identifier, true); - writes += 1; - } - } +// Standalone mechanism count. +// usage: account+netuid +// legacy sources: MechanismCountSetRateLimit, +// TransactionKeyLastBlock per MechanismCountUpdate +// sudo_set_mechanism_count +fn build_mechanism_count(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 76)); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + MechanismCountSetRateLimit::::get(), + None, + ); - let next_group_id = grouping.next_group_id.saturated_into::(); - pallet_rate_limiting::NextGroupId::::put(next_group_id); - writes += 1; + reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::MechanismCountUpdate, + ); - writes + reads } -fn block_number(value: u64) -> Option> { - if value == 0 { - return None; - } - Some(value.saturated_into::>()) +// Standalone mechanism emission. +// usage: account+netuid +// legacy sources: MechanismEmissionRateLimit, +// TransactionKeyLastBlock per MechanismEmission +// sudo_set_mechanism_emission_split +fn build_mechanism_emission(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 77)); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + MechanismEmissionRateLimit::::get(), + None, + ); + + reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::MechanismEmission, + ); + + reads } -fn set_global_limit( - limits: &mut LimitEntries, - target: RateLimitTarget, - span: BlockNumberFor, -) { - if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == target) { - *config = RateLimit::global(RateLimitKind::Exact(span)); - } else { - limits.push((target, RateLimit::global(RateLimitKind::Exact(span)))); - } +// Standalone trim_to_max_allowed_uids. +// usage: account+netuid +// legacy sources: MaxUidsTrimmingRateLimit, +// TransactionKeyLastBlock per MaxUidsTrimming +// sudo_trim_to_max_allowed_uids +fn build_trim_max_uids(commits: &mut Vec) -> u64 { + let mut reads: u64 = 0; + let target = + RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 78)); + reads += 1; + push_limit_commit_if_non_zero( + commits, + target, + MaxUidsTrimmingRateLimit::::get(), + None, + ); + + reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::MaxUidsTrimming, + ); + + reads } -fn set_scoped_limit( - limits: &mut LimitEntries, +struct Commit { target: RateLimitTarget, - scope: NetUid, - span: BlockNumberFor, -) { - if let Some((_, config)) = limits.iter_mut().find(|(id, _)| *id == target) { - match config { - RateLimit::Global(_) => { - *config = RateLimit::scoped_single(scope, RateLimitKind::Exact(span)); - } - RateLimit::Scoped(map) => { - map.insert(scope, RateLimitKind::Exact(span)); - } - } - } else { - limits.push(( - target, - RateLimit::scoped_single(scope, RateLimitKind::Exact(span)), - )); - } + kind: CommitKind, } -fn record_last_seen_entry( - entries: &mut LastSeenEntries, - target: RateLimitTarget, - usage: Option>, - block: u64, -) { - let Some(block_number) = block_number::(block) else { - return; - }; +enum CommitKind { + Limit(MigratedLimit), + LastSeen(MigratedLastSeen), +} + +struct MigratedLimit { + span: BlockNumberFor, + scope: Option, +} - let key = (target, usage); - if let Some((_, existing)) = entries.iter_mut().find(|(entry_key, _)| *entry_key == key) { - if block_number > *existing { - *existing = block_number; +struct MigratedLastSeen { + block: BlockNumberFor, + usage: Option>, +} + +struct GroupConfig { + id: GroupId, + name: Vec, + sharing: GroupSharing, + members: Vec, +} + +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +struct MigratedCall { + identifier: TransactionIdentifier, + read_only: bool, +} + +impl MigratedCall { + const fn new(pallet_index: u8, call_index: u8, read_only: bool) -> Self { + Self { + identifier: TransactionIdentifier::new(pallet_index, call_index), + read_only, } - } else { - entries.push((key, block_number)); } -} -/// Runtime hook that executes the rate-limiting migration. -pub struct Migration(PhantomData); + const fn subtensor(call_index: u8, read_only: bool) -> Self { + Self::new(SUBTENSOR_PALLET_INDEX, call_index, read_only) + } -impl frame_support::traits::OnRuntimeUpgrade for Migration -where - T: SubtensorConfig + pallet_rate_limiting::Config, - RateLimitUsageKey: Into<::UsageKey>, -{ - fn on_runtime_upgrade() -> Weight { - migrate_rate_limiting::() + const fn admin(call_index: u8, read_only: bool) -> Self { + Self::new(ADMIN_UTILS_PALLET_INDEX, call_index, read_only) } -} -const fn admin_utils_identifier(call_index: u8) -> TransactionIdentifier { - TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, call_index) + pub fn identifier(&self) -> TransactionIdentifier { + self.identifier + } } -const fn subtensor_identifier(call_index: u8) -> TransactionIdentifier { - TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, call_index) +fn push_limit_commit_if_non_zero( + commits: &mut Vec, + target: RateLimitTarget, + span: u64, + scope: Option, +) { + if let Some(span) = block_number::(span) { + commits.push(Commit { + target, + kind: CommitKind::Limit(MigratedLimit { span, scope }), + }); + } } -/// Returns the `TransactionIdentifier` for the admin-utils extrinsic that controls `hparam`. -/// -/// Only hyperparameters that are currently rate-limited (i.e. routed through -/// `ensure_sn_owner_or_root_with_limits`) are mapped; others return `None`. -pub fn identifier_for_hyperparameter(hparam: Hyperparameter) -> Option { - use Hyperparameter::*; +mod last_seen_helpers { + use core::mem::discriminant; - let identifier = match hparam { - ServingRateLimit => admin_utils_identifier(3), - MaxDifficulty => admin_utils_identifier(5), - AdjustmentAlpha => admin_utils_identifier(9), - ImmunityPeriod => admin_utils_identifier(13), - MinAllowedWeights => admin_utils_identifier(14), - MaxAllowedUids => admin_utils_identifier(15), - Kappa => admin_utils_identifier(16), - Rho => admin_utils_identifier(17), - ActivityCutoff => admin_utils_identifier(18), - PowRegistrationAllowed => admin_utils_identifier(20), - MinBurn => admin_utils_identifier(22), - MaxBurn => admin_utils_identifier(23), - BondsMovingAverage => admin_utils_identifier(26), - BondsPenalty => admin_utils_identifier(60), - CommitRevealEnabled => admin_utils_identifier(49), - LiquidAlphaEnabled => admin_utils_identifier(50), - AlphaValues => admin_utils_identifier(51), - WeightCommitInterval => admin_utils_identifier(57), - TransferEnabled => admin_utils_identifier(61), - AlphaSigmoidSteepness => admin_utils_identifier(68), - Yuma3Enabled => admin_utils_identifier(69), - BondsResetEnabled => admin_utils_identifier(70), - ImmuneNeuronLimit => admin_utils_identifier(72), - RecycleOrBurn => admin_utils_identifier(80), - _ => return None, - }; + use super::*; - Some(identifier) -} + pub(super) fn collect_last_seen_from_last_rate_limited_block( + commits: &mut Vec, + map: impl Fn( + RateLimitKey, + ) -> Option<( + RateLimitTarget, + Option>, + )>, + ) -> u64 { + let mut reads: u64 = 0; + + for (key, block) in LastRateLimitedBlock::::iter() { + reads += 1; + let Some((target, usage)) = map(key) else { + continue; + }; + let Some(block) = block_number::(block) else { + continue; + }; + commits.push(Commit { + target, + kind: CommitKind::LastSeen(MigratedLastSeen { block, usage }), + }); + } -/// Returns the `TransactionIdentifier` for the extrinsic associated with the given transaction -/// type, mirroring current rate-limit enforcement. -pub fn identifier_for_transaction_type(tx: TransactionType) -> Option { - use TransactionType::*; - - let identifier = match tx { - SetChildren => subtensor_identifier(67), - SetChildkeyTake => subtensor_identifier(75), - RegisterNetwork => subtensor_identifier(59), - SetWeightsVersionKey => admin_utils_identifier(6), - SetSNOwnerHotkey => admin_utils_identifier(67), - OwnerHyperparamUpdate(hparam) => return identifier_for_hyperparameter(hparam), - MechanismCountUpdate => admin_utils_identifier(76), - MechanismEmission => admin_utils_identifier(77), - MaxUidsTrimming => admin_utils_identifier(78), - Unknown => return None, - _ => return None, - }; + reads + } - Some(identifier) + pub(super) fn collect_last_seen_from_transaction_key_last_block( + commits: &mut Vec, + target: RateLimitTarget, + tx_filter: TransactionType, + ) -> u64 { + let mut reads: u64 = 0; + + for ((account, netuid, tx_kind), block) in TransactionKeyLastBlock::::iter() { + reads += 1; + let tx = TransactionType::from(tx_kind); + if discriminant(&tx) != discriminant(&tx_filter) { + continue; + } + let Some(usage) = usage_key_from_transaction_type(tx, &account, netuid) else { + continue; + }; + let Some(block) = block_number::(block) else { + continue; + }; + commits.push(Commit { + target, + kind: CommitKind::LastSeen(MigratedLastSeen { + block, + usage: Some(usage), + }), + }); + } + + reads + } } -/// Produces the usage key for a `TransactionType` that was stored in `TransactionKeyLastBlock`. -pub fn usage_key_from_transaction_type( +// Produces the usage key for a `TransactionType` that was stored in `TransactionKeyLastBlock`. +fn usage_key_from_transaction_type( tx: TransactionType, account: &AccountId, netuid: NetUid, -) -> Option> -where - AccountId: Parameter + Clone, -{ +) -> Option> { match tx { TransactionType::MechanismCountUpdate | TransactionType::MaxUidsTrimming @@ -1219,13 +961,58 @@ where } } +// Returns the migrated call wrapper for the admin-utils extrinsic that controls `hparam`. +// +// Only hyperparameters that are currently rate-limited (i.e. routed through +// `ensure_sn_owner_or_root_with_limits`) are mapped; others return `None`. +fn identifier_for_hyperparameter(hparam: Hyperparameter) -> Option { + use Hyperparameter::*; + + let identifier = match hparam { + ServingRateLimit => MigratedCall::admin(3, false), + MaxDifficulty => MigratedCall::admin(5, false), + AdjustmentAlpha => MigratedCall::admin(9, false), + ImmunityPeriod => MigratedCall::admin(13, false), + MinAllowedWeights => MigratedCall::admin(14, false), + MaxAllowedUids => MigratedCall::admin(15, false), + Kappa => MigratedCall::admin(16, false), + Rho => MigratedCall::admin(17, false), + ActivityCutoff => MigratedCall::admin(18, false), + PowRegistrationAllowed => MigratedCall::admin(20, false), + MinBurn => MigratedCall::admin(22, false), + MaxBurn => MigratedCall::admin(23, false), + BondsMovingAverage => MigratedCall::admin(26, false), + BondsPenalty => MigratedCall::admin(60, false), + CommitRevealEnabled => MigratedCall::admin(49, false), + LiquidAlphaEnabled => MigratedCall::admin(50, false), + AlphaValues => MigratedCall::admin(51, false), + WeightCommitInterval => MigratedCall::admin(57, false), + TransferEnabled => MigratedCall::admin(61, false), + AlphaSigmoidSteepness => MigratedCall::admin(68, false), + Yuma3Enabled => MigratedCall::admin(69, false), + BondsResetEnabled => MigratedCall::admin(70, false), + ImmuneNeuronLimit => MigratedCall::admin(72, false), + RecycleOrBurn => MigratedCall::admin(80, false), + _ => return None, + }; + + Some(identifier) +} + +fn block_number(value: u64) -> Option> { + if value == 0 { + return None; + } + Some(value.saturated_into::>()) +} + #[cfg(test)] mod tests { use sp_io::TestExternalities; use sp_runtime::traits::{SaturatedConversion, Zero}; use super::*; - use crate::{AccountId, BuildStorage, Runtime}; + use crate::BuildStorage; const ACCOUNT: [u8; 32] = [7u8; 32]; const DELEGATE_TAKE_GROUP_ID: GroupId = GROUP_DELEGATE_TAKE; @@ -1244,20 +1031,11 @@ mod tests { fn maps_hyperparameters() { assert_eq!( identifier_for_hyperparameter(Hyperparameter::ServingRateLimit), - Some(admin_utils_identifier(3)) + Some(MigratedCall::admin(3, false)) ); assert!(identifier_for_hyperparameter(Hyperparameter::MaxWeightLimit).is_none()); } - #[test] - fn maps_transaction_types() { - assert_eq!( - identifier_for_transaction_type(TransactionType::SetChildren), - Some(subtensor_identifier(67)) - ); - assert!(identifier_for_transaction_type(TransactionType::Unknown).is_none()); - } - #[test] fn migration_populates_limits_last_seen_and_groups() { new_test_ext().execute_with(|| { @@ -1271,13 +1049,14 @@ mod tests { 5, ); - let weight = migrate_rate_limiting::(); + let weight = migrate_rate_limiting(); assert!(!weight.is_zero()); assert!(pallet_subtensor::HasMigrationRun::::get( MIGRATION_NAME )); - let tx_target = RateLimitTarget::Transaction(subtensor_identifier(70)); + let tx_target = + RateLimitTarget::Transaction(MigratedCall::subtensor(70, false).identifier()); let delegate_group = RateLimitTarget::Group(DELEGATE_TAKE_GROUP_ID); assert_eq!( @@ -1304,7 +1083,9 @@ mod tests { assert_eq!(group.id, DELEGATE_TAKE_GROUP_ID); assert_eq!(group.name.as_slice(), b"delegate-take"); assert_eq!( - pallet_rate_limiting::CallGroups::::get(subtensor_identifier(66)), + pallet_rate_limiting::CallGroups::::get( + MigratedCall::subtensor(66, false).identifier() + ), Some(DELEGATE_TAKE_GROUP_ID) ); assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 6); @@ -1318,7 +1099,7 @@ mod tests { pallet_subtensor::TxRateLimit::::put(99); let base_weight = ::DbWeight::get().reads(1); - let weight = migrate_rate_limiting::(); + let weight = migrate_rate_limiting(); assert_eq!(weight, base_weight); assert!( diff --git a/runtime/tests/rate_limiting_migration.rs b/runtime/tests/rate_limiting_migration.rs index 40f68151ff..e97beb8fc1 100644 --- a/runtime/tests/rate_limiting_migration.rs +++ b/runtime/tests/rate_limiting_migration.rs @@ -2,19 +2,16 @@ use frame_support::traits::OnRuntimeUpgrade; use frame_system::pallet_prelude::BlockNumberFor; +use pallet_rate_limiting::{RateLimit, RateLimitKind, RateLimitTarget, TransactionIdentifier}; +use pallet_subtensor::{HasMigrationRun, LastRateLimitedBlock, RateLimitKey}; +use sp_runtime::traits::SaturatedConversion; +use subtensor_runtime_common::NetUid; + use node_subtensor_runtime::{ BuildStorage, Runtime, RuntimeGenesisConfig, SubtensorModule, System, rate_limiting, - rate_limiting::migration::{Migration, identifier_for_transaction_type}, + rate_limiting::migration::{GROUP_REGISTER_NETWORK, MIGRATION_NAME, Migration}, }; -use pallet_rate_limiting::{RateLimit, RateLimitKind, RateLimitTarget}; -use pallet_subtensor::{ - HasMigrationRun, LastRateLimitedBlock, RateLimitKey, utils::rate_limiting::TransactionType, -}; -use sp_runtime::traits::SaturatedConversion; -use subtensor_runtime_common::NetUid; -type GroupId = ::GroupId; -const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; type AccountId = ::AccountId; type UsageKey = rate_limiting::RateLimitUsageKey; @@ -28,20 +25,6 @@ fn new_test_ext() -> sp_io::TestExternalities { ext } -fn resolve_target( - identifier: pallet_rate_limiting::TransactionIdentifier, -) -> RateLimitTarget { - if let Some(group) = pallet_rate_limiting::CallGroups::::get(identifier) { - RateLimitTarget::Group(group) - } else { - RateLimitTarget::Transaction(identifier) - } -} - -fn exact_span(span: u64) -> RateLimitKind> { - RateLimitKind::Exact(span.saturated_into()) -} - #[test] fn migrates_global_register_network_last_seen() { new_test_ext().execute_with(|| { @@ -54,9 +37,7 @@ fn migrates_global_register_network_last_seen() { // Run migration. Migration::::on_runtime_upgrade(); - let identifier = - identifier_for_transaction_type(TransactionType::RegisterNetwork).expect("identifier"); - let target = resolve_target(identifier); + let target = RateLimitTarget::Group(GROUP_REGISTER_NETWORK); // LastSeen preserved globally (usage = None). let stored = pallet_rate_limiting::LastSeen::::get(target, None::) @@ -77,13 +58,11 @@ fn sn_owner_hotkey_limit_not_tempo_scaled_and_last_seen_preserved() { Migration::::on_runtime_upgrade(); - let identifier = - identifier_for_transaction_type(TransactionType::SetSNOwnerHotkey).expect("identifier"); - let target = resolve_target(identifier); + let target = RateLimitTarget::Transaction(TransactionIdentifier::new(19, 67)); // Limit should remain the fixed default (50400 blocks), not tempo-scaled. let limit = pallet_rate_limiting::Limits::::get(target).expect("limit stored"); - assert!(matches!(limit, RateLimit::Global(kind) if kind == exact_span(50_400))); + assert!(matches!(limit, RateLimit::Global(kind) if kind == RateLimitKind::Exact(50_400))); // LastSeen preserved per subnet. let usage: Option<::UsageKey> = From 953288fd8aec8e752031a6bb10e8908eb727eba1 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Wed, 10 Dec 2025 17:28:55 +0300 Subject: [PATCH 38/46] Fix swap-keys rate-limiting migration --- pallets/rate-limiting/src/mock.rs | 6 +- pallets/rate-limiting/src/tx_extension.rs | 30 ++++++-- pallets/rate-limiting/src/types.rs | 10 +-- runtime/src/rate_limiting/migration.rs | 27 +++++--- runtime/src/rate_limiting/mod.rs | 84 +++++++++++++++-------- runtime/tests/rate_limiting_behavior.rs | 52 ++++++++------ 6 files changed, 135 insertions(+), 74 deletions(-) diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index a4aefd4357..98769bf6a6 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -105,12 +105,12 @@ impl pallet_rate_limiting::RateLimitScopeResolver for TestUsageResolver { - fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option { + fn context(_origin: &RuntimeOrigin, call: &RuntimeCall) -> Option> { match call { RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span }) => { - (*block_span).try_into().ok() + (*block_span).try_into().ok().map(|key| vec![key]) } - RuntimeCall::RateLimiting(_) => Some(1), + RuntimeCall::RateLimiting(_) => Some(vec![1]), _ => None, } } diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 42737e6fd4..5e5cc45f0c 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -13,7 +13,7 @@ use frame_support::{ }, }; use scale_info::TypeInfo; -use sp_std::{marker::PhantomData, result::Result}; +use sp_std::{marker::PhantomData, result::Result, vec, vec::Vec}; use crate::{ Config, LastSeen, Pallet, @@ -94,12 +94,12 @@ where type Implicit = (); type Val = Option<( RateLimitTarget<>::GroupId>, - Option<>::UsageKey>, + Option>::UsageKey>>, bool, )>; type Pre = Option<( RateLimitTarget<>::GroupId>, - Option<>::UsageKey>, + Option>::UsageKey>>, bool, )>; @@ -155,7 +155,14 @@ where return Ok((ValidTransaction::default(), None, origin)); } - let within_limit = Pallet::::within_span(&usage_target, &usage, block_span); + let usage_keys: Vec>::UsageKey>> = match usage.clone() { + None => vec![None], + Some(keys) => keys.into_iter().map(Some).collect(), + }; + + let within_limit = usage_keys + .iter() + .all(|key| Pallet::::within_span(&usage_target, key, block_span)); if !within_limit { return Err(TransactionValidityError::Invalid( @@ -194,7 +201,18 @@ where return Ok(()); } let block_number = frame_system::Pallet::::block_number(); - LastSeen::::insert(target, usage, block_number); + match usage { + None => LastSeen::::insert( + target, + None::<>::UsageKey>, + block_number, + ), + Some(keys) => { + for key in keys { + LastSeen::::insert(target, Some(key), block_number); + } + } + } } } Ok(()) @@ -253,7 +271,7 @@ mod tests { ) -> Result< ( sp_runtime::transaction_validity::ValidTransaction, - Option<(RateLimitTarget, Option, bool)>, + Option<(RateLimitTarget, Option>, bool)>, RuntimeOrigin, ), TransactionValidityError, diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index cab93a6b1a..c7bc2f91f7 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -2,7 +2,7 @@ use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; use scale_info::TypeInfo; use serde::{Deserialize, Serialize}; -use sp_std::collections::btree_map::BTreeMap; +use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; /// Resolves the optional identifier within which a rate limit applies and can optionally adjust /// enforcement behaviour. @@ -53,9 +53,11 @@ impl BypassDecision { /// Resolves the optional usage tracking key applied when enforcing limits. pub trait RateLimitUsageResolver { - /// Returns `Some(usage)` when usage should be tracked per-key, or `None` for global usage - /// tracking. - fn context(origin: &Origin, call: &Call) -> Option; + /// Returns `Some(keys)` to track usage per key, or `None` for global usage tracking. + /// + /// When multiple keys are returned, the rate limit is enforced against each key and all are + /// recorded on success. + fn context(origin: &Origin, call: &Call) -> Option>; } /// Identifies a runtime call by pallet and extrinsic indices. diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index a8466fc782..3e53916deb 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -43,6 +43,7 @@ const GROUP_WEIGHTS_SUBNET: GroupId = 2; pub const GROUP_REGISTER_NETWORK: GroupId = 3; const GROUP_OWNER_HPARAMS: GroupId = 4; const GROUP_STAKING_OPS: GroupId = 5; +const GROUP_SWAP_KEYS: GroupId = 6; // `set_children` is rate-limited to once every 150 blocks, it's hard-coded in the legacy code. const SET_CHILDREN_RATE_LIMIT: u64 = 150; @@ -144,9 +145,9 @@ fn commits() -> (Vec, Vec, u64) { reads += build_register_network(&mut groups, &mut commits); reads += build_owner_hparams(&mut groups, &mut commits); reads += build_staking_ops(&mut groups, &mut commits); + reads += build_swap_keys(&mut groups, &mut commits); // standalone - reads += build_swap_hotkey(&mut commits); reads += build_childkey_take(&mut commits); reads += build_set_children(&mut commits); reads += build_weights_version_key(&mut commits); @@ -571,14 +572,23 @@ fn build_staking_ops(groups: &mut Vec, commits: &mut Vec) - 0 } -// Standalone swap_hotkey. -// usage: account +// Swap hotkey/coldkey share the lock and usage; swap_coldkey bypasses enforcement but records +// usage. +// usage: account (coldkey) // legacy sources: TxRateLimit, LastRateLimitedBlock per LastTxBlock -fn build_swap_hotkey(commits: &mut Vec) -> u64 { +fn build_swap_keys(groups: &mut Vec, commits: &mut Vec) -> u64 { let mut reads: u64 = 0; - let target = - RateLimitTarget::Transaction(TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, 70)); + groups.push(GroupConfig { + id: GROUP_SWAP_KEYS, + name: b"swap-keys".to_vec(), + sharing: GroupSharing::ConfigAndUsage, + members: vec![ + MigratedCall::subtensor(70, false), // swap_hotkey + MigratedCall::subtensor(71, false), // swap_coldkey + ], + }); + let target = RateLimitTarget::Group(GROUP_SWAP_KEYS); reads += 1; push_limit_commit_if_non_zero(commits, target, TxRateLimit::::get(), None); @@ -1055,8 +1065,7 @@ mod tests { MIGRATION_NAME )); - let tx_target = - RateLimitTarget::Transaction(MigratedCall::subtensor(70, false).identifier()); + let tx_target = RateLimitTarget::Group(GROUP_SWAP_KEYS); let delegate_group = RateLimitTarget::Group(DELEGATE_TAKE_GROUP_ID); assert_eq!( @@ -1088,7 +1097,7 @@ mod tests { ), Some(DELEGATE_TAKE_GROUP_ID) ); - assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 6); + assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 7); }); } diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 1658f03a6b..8b4a07a926 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -7,6 +7,7 @@ use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; use pallet_subtensor::{Call as SubtensorCall, Tempo}; use scale_info::TypeInfo; use serde::{Deserialize, Serialize}; +use sp_std::{vec, vec::Vec}; use subtensor_runtime_common::{BlockNumber, MechId, NetUid}; use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; @@ -107,11 +108,15 @@ impl RateLimitScopeResolver for } fn should_bypass(origin: &RuntimeOrigin, call: &RuntimeCall) -> BypassDecision { - if matches!(origin.clone().into(), Ok(RawOrigin::Root)) { - return BypassDecision::bypass_and_skip(); - } - if let RuntimeCall::SubtensorModule(inner) = call { + if matches!(origin.clone().into(), Ok(RawOrigin::Root)) { + // swap_coldkey should record last-seen but never fail; other root calls skip. + if matches!(inner, SubtensorCall::swap_coldkey { .. }) { + return BypassDecision::bypass_and_record(); + } + return BypassDecision::bypass_and_skip(); + } + match inner { SubtensorCall::set_childkey_take { hotkey, @@ -129,7 +134,8 @@ impl RateLimitScopeResolver for } SubtensorCall::add_stake { .. } | SubtensorCall::add_stake_limit { .. } - | SubtensorCall::decrease_take { .. } => { + | SubtensorCall::decrease_take { .. } + | SubtensorCall::swap_coldkey { .. } => { return BypassDecision::bypass_and_record(); } SubtensorCall::reveal_weights { netuid, .. } @@ -179,21 +185,37 @@ pub struct UsageResolver; impl RateLimitUsageResolver> for UsageResolver { - fn context(origin: &RuntimeOrigin, call: &RuntimeCall) -> Option> { + fn context( + origin: &RuntimeOrigin, + call: &RuntimeCall, + ) -> Option>> { match call { RuntimeCall::SubtensorModule(inner) => match inner { - SubtensorCall::swap_hotkey { .. } => { - signed_origin(origin).map(RateLimitUsageKey::::Account) + SubtensorCall::swap_coldkey { new_coldkey, .. } => { + Some(vec![RateLimitUsageKey::::Account( + new_coldkey.clone(), + )]) + } + SubtensorCall::swap_hotkey { new_hotkey, .. } => { + // Record against the coldkey (enforcement) and the new hotkey to mirror legacy + // writes. + let coldkey = signed_origin(origin)?; + Some(vec![ + RateLimitUsageKey::::Account(coldkey), + RateLimitUsageKey::::Account(new_hotkey.clone()), + ]) } SubtensorCall::increase_take { hotkey, .. } => { - Some(RateLimitUsageKey::::Account(hotkey.clone())) + Some(vec![RateLimitUsageKey::::Account( + hotkey.clone(), + )]) } SubtensorCall::set_childkey_take { hotkey, netuid, .. } | SubtensorCall::set_children { hotkey, netuid, .. } => { - Some(RateLimitUsageKey::::AccountSubnet { + Some(vec![RateLimitUsageKey::::AccountSubnet { account: hotkey.clone(), netuid: *netuid, - }) + }]) } SubtensorCall::set_weights { netuid, .. } | SubtensorCall::commit_weights { netuid, .. } @@ -201,10 +223,10 @@ impl RateLimitUsageResolver { let (_, uid) = neuron_identity(origin, *netuid)?; - Some(RateLimitUsageKey::::SubnetNeuron { + Some(vec![RateLimitUsageKey::::SubnetNeuron { netuid: *netuid, uid, - }) + }]) } // legacy implementation still used netuid only, but it was recalculating it using // mecid, so switching to netuid AND mecid is logical here @@ -214,28 +236,30 @@ impl RateLimitUsageResolver { let (_, uid) = neuron_identity(origin, *netuid)?; - Some(RateLimitUsageKey::::SubnetMechanismNeuron { - netuid: *netuid, - mecid: *mecid, - uid, - }) + Some(vec![ + RateLimitUsageKey::::SubnetMechanismNeuron { + netuid: *netuid, + mecid: *mecid, + uid, + }, + ]) } SubtensorCall::serve_axon { netuid, .. } | SubtensorCall::serve_axon_tls { netuid, .. } => { let hotkey = signed_origin(origin)?; - Some(RateLimitUsageKey::::AccountSubnetServing { + Some(vec![RateLimitUsageKey::::AccountSubnetServing { account: hotkey, netuid: *netuid, endpoint: ServingEndpoint::Axon, - }) + }]) } SubtensorCall::serve_prometheus { netuid, .. } => { let hotkey = signed_origin(origin)?; - Some(RateLimitUsageKey::::AccountSubnetServing { + Some(vec![RateLimitUsageKey::::AccountSubnetServing { account: hotkey, netuid: *netuid, endpoint: ServingEndpoint::Prometheus, - }) + }]) } SubtensorCall::associate_evm_key { netuid, .. } => { let hotkey = signed_origin(origin)?; @@ -243,10 +267,10 @@ impl RateLimitUsageResolver::SubnetNeuron { + Some(vec![RateLimitUsageKey::::SubnetNeuron { netuid: *netuid, uid, - }) + }]) } // Staking calls share a group lock; only add_* write usage, the rest are read-only. // Keep the usage key granular so the lock applies per (coldkey, hotkey, netuid). @@ -276,31 +300,31 @@ impl RateLimitUsageResolver { let coldkey = signed_origin(origin)?; - Some(RateLimitUsageKey::::ColdkeyHotkeySubnet { + Some(vec![RateLimitUsageKey::::ColdkeyHotkeySubnet { coldkey, hotkey: hotkey.clone(), netuid: *netuid, - }) + }]) } _ => None, }, RuntimeCall::AdminUtils(inner) => { if let Some(netuid) = owner_hparam_netuid(inner) { - Some(RateLimitUsageKey::::Subnet(netuid)) + Some(vec![RateLimitUsageKey::::Subnet(netuid)]) } else { match inner { AdminUtilsCall::sudo_set_sn_owner_hotkey { netuid, .. } => { - Some(RateLimitUsageKey::::Subnet(*netuid)) + Some(vec![RateLimitUsageKey::::Subnet(*netuid)]) } AdminUtilsCall::sudo_set_weights_version_key { netuid, .. } | AdminUtilsCall::sudo_set_mechanism_count { netuid, .. } | AdminUtilsCall::sudo_set_mechanism_emission_split { netuid, .. } | AdminUtilsCall::sudo_trim_to_max_allowed_uids { netuid, .. } => { let who = signed_origin(origin)?; - Some(RateLimitUsageKey::::AccountSubnet { + Some(vec![RateLimitUsageKey::::AccountSubnet { account: who, netuid: *netuid, - }) + }]) } _ => None, } diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs index b9a39814c1..e9a76acf1c 100644 --- a/runtime/tests/rate_limiting_behavior.rs +++ b/runtime/tests/rate_limiting_behavior.rs @@ -66,7 +66,7 @@ fn parity_check( now: u64, call: RuntimeCall, origin: RuntimeOrigin, - usage_override: Option, + usage_override: Option>, scope_override: Option, legacy_check: F, ) where @@ -82,9 +82,8 @@ fn parity_check( let identifier = TransactionIdentifier::from_call::(&call).expect("identifier for call"); let scope = scope_override.or_else(|| RuntimeScopeResolver::context(&origin, &call)); - let usage: Option<::UsageKey> = usage_override - .map(Into::into) - .or_else(|| RuntimeUsageResolver::context(&origin, &call).map(Into::into)); + let usage: Option::UsageKey>> = + usage_override.or_else(|| RuntimeUsageResolver::context(&origin, &call)); let target = resolve_target(identifier); // Use the runtime-adjusted span (handles tempo scaling for admin-utils). @@ -97,28 +96,37 @@ fn parity_check( .unwrap_or_default(); let span_u64: u64 = span.saturated_into(); - let within = pallet_rate_limiting::Pallet::::is_within_limit( - &origin.clone().into(), - &call, - &identifier, - &scope, - &usage, - ) - .expect("pallet rate limit result"); + let usage_keys: Vec::UsageKey>> = match usage { + None => vec![None], + Some(keys) => keys.into_iter().map(Some).collect(), + }; + + let within = usage_keys.iter().all(|key| { + pallet_rate_limiting::Pallet::::is_within_limit( + &origin.clone().into(), + &call, + &identifier, + &scope, + key, + ) + .expect("pallet rate limit result") + }); assert_eq!(within, legacy_check(), "parity at now for {:?}", identifier); // Advance beyond the span and re-check (span==0 treated as allow). let advance: BlockNumberFor = span.saturating_add(exact_span(1)); System::set_block_number(System::block_number().saturating_add(advance)); - let within_after = pallet_rate_limiting::Pallet::::is_within_limit( - &origin.into(), - &call, - &identifier, - &scope, - &usage, - ) - .expect("pallet rate limit result (after)"); + let within_after = usage_keys.iter().all(|key| { + pallet_rate_limiting::Pallet::::is_within_limit( + &origin.clone().into(), + &call, + &identifier, + &scope, + key, + ) + .expect("pallet rate limit result (after)") + }); assert!( within_after || span_u64 == 0, "parity after window for {:?}", @@ -326,7 +334,7 @@ fn weights_and_hparam_parity() { }); let origin = RuntimeOrigin::signed(hot.clone()); let scope = Some(netuid); - let usage = Some(UsageKey::SubnetNeuron { netuid, uid }); + let usage = Some(vec![UsageKey::SubnetNeuron { netuid, uid }]); let legacy_weights = || SubtensorModule::check_rate_limit(netuid.into(), uid, now); parity_check( @@ -414,7 +422,7 @@ fn associate_evm_key_parity() { signature: ecdsa::Signature::from_raw([0u8; 65]), }); let origin = RuntimeOrigin::signed(hot.clone()); - let usage = Some(UsageKey::SubnetNeuron { netuid, uid }); + let usage = Some(vec![UsageKey::SubnetNeuron { netuid, uid }]); let scope = Some(netuid); let limit = ::EvmKeyAssociateRateLimit::get(); let legacy = || { From 30d5e324e3cda2baf158b9e988ebd4cb2c8605a2 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Thu, 11 Dec 2025 17:24:08 +0300 Subject: [PATCH 39/46] Decouple rate-limiting migration from legacy types --- runtime/src/rate_limiting/legacy.rs | 305 ++++++++++++++++++++++++ runtime/src/rate_limiting/migration.rs | 309 +++++++++++++------------ runtime/src/rate_limiting/mod.rs | 1 + 3 files changed, 464 insertions(+), 151 deletions(-) create mode 100644 runtime/src/rate_limiting/legacy.rs diff --git a/runtime/src/rate_limiting/legacy.rs b/runtime/src/rate_limiting/legacy.rs new file mode 100644 index 0000000000..5311a982ab --- /dev/null +++ b/runtime/src/rate_limiting/legacy.rs @@ -0,0 +1,305 @@ +use codec::{Decode, Encode}; +use frame_support::{Identity, migration::storage_key_iter}; +use runtime_common::prod_or_fast; +use scale_info::TypeInfo; +use sp_io::{ + hashing::twox_128, + storage::{self as io_storage, next_key}, +}; +use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; +use subtensor_runtime_common::NetUid; + +use super::AccountId; +use crate::{ + SubtensorInitialNetworkRateLimit, SubtensorInitialServingRateLimit, + SubtensorInitialTxChildKeyTakeRateLimit, SubtensorInitialTxDelegateTakeRateLimit, + SubtensorInitialTxRateLimit, +}; + +pub use types::{Hyperparameter, RateLimitKey, TransactionType}; + +const PALLET_PREFIX: &[u8] = b"SubtensorModule"; +const BLAKE2_128_PREFIX_LEN: usize = 16; + +pub mod storage { + use super::*; + + pub fn serving_rate_limits() -> (BTreeMap, u64) { + let items: Vec<_> = + storage_key_iter::(PALLET_PREFIX, b"ServingRateLimit").collect(); + let reads = items.len() as u64; + (items.into_iter().collect(), reads) + } + + pub fn weights_set_rate_limits() -> (BTreeMap, u64) { + let items: Vec<_> = + storage_key_iter::(PALLET_PREFIX, b"WeightsSetRateLimit") + .collect(); + let reads = items.len() as u64; + (items.into_iter().collect(), reads) + } + + pub fn tx_rate_limit() -> (u64, u64) { + value_with_default(b"TxRateLimit", defaults::tx_rate_limit()) + } + + pub fn tx_delegate_take_rate_limit() -> (u64, u64) { + value_with_default( + b"TxDelegateTakeRateLimit", + defaults::tx_delegate_take_rate_limit(), + ) + } + + pub fn tx_childkey_take_rate_limit() -> (u64, u64) { + value_with_default( + b"TxChildkeyTakeRateLimit", + defaults::tx_childkey_take_rate_limit(), + ) + } + + pub fn network_rate_limit() -> (u64, u64) { + value_with_default(b"NetworkRateLimit", defaults::network_rate_limit()) + } + + pub fn owner_hyperparam_rate_limit() -> (u64, u64) { + let (value, reads) = value_with_default::( + b"OwnerHyperparamRateLimit", + defaults::owner_hyperparam_rate_limit(), + ); + (u64::from(value), reads) + } + + pub fn weights_version_key_rate_limit() -> (u64, u64) { + value_with_default( + b"WeightsVersionKeyRateLimit", + defaults::weights_version_key_rate_limit(), + ) + } + + pub fn last_rate_limited_blocks() -> (Vec<(RateLimitKey, u64)>, u64) { + let entries: Vec<_> = storage_key_iter::, u64, Identity>( + PALLET_PREFIX, + b"LastRateLimitedBlock", + ) + .collect(); + let reads = entries.len() as u64; + (entries, reads) + } + + pub fn transaction_key_last_block() -> (Vec<((AccountId, NetUid, u16), u64)>, u64) { + let prefix = storage_prefix(PALLET_PREFIX, b"TransactionKeyLastBlock"); + let mut cursor = prefix.clone(); + let mut entries = Vec::new(); + + while let Some(next) = next_key(&cursor) { + if !next.starts_with(&prefix) { + break; + } + if let Some(value) = io_storage::get(&next) { + let key_bytes = &next[prefix.len()..]; + if let (Some(key), Some(decoded_value)) = ( + decode_transaction_key(key_bytes), + decode_value::(&value), + ) { + entries.push((key, decoded_value)); + } + } + cursor = next; + } + + let reads = entries.len() as u64; + (entries, reads) + } + + fn storage_prefix(pallet: &[u8], storage: &[u8]) -> Vec { + [twox_128(pallet), twox_128(storage)].concat() + } + + fn value_with_default(storage_name: &[u8], default: V) -> (V, u64) { + let key = storage_prefix(PALLET_PREFIX, storage_name); + let value = io_storage::get(&key) + .and_then(|bytes| Decode::decode(&mut &bytes[..]).ok()) + .unwrap_or(default); + (value, 1) + } + + fn decode_value(bytes: &[u8]) -> Option { + Decode::decode(&mut &bytes[..]).ok() + } + + fn decode_transaction_key( + encoded: &[u8], + ) -> Option<(AccountId, NetUid, u16)> { + if encoded.len() < BLAKE2_128_PREFIX_LEN { + return None; + } + let mut slice = &encoded[BLAKE2_128_PREFIX_LEN..]; + let account = AccountId::decode(&mut slice).ok()?; + let netuid = NetUid::decode(&mut slice).ok()?; + let tx_kind = u16::decode(&mut slice).ok()?; + + Some((account, netuid, tx_kind)) + } +} + +pub mod defaults { + use super::*; + + pub fn serving_rate_limit() -> u64 { + SubtensorInitialServingRateLimit::get() + } + + pub fn weights_set_rate_limit() -> u64 { + 100 + } + + pub fn tx_rate_limit() -> u64 { + SubtensorInitialTxRateLimit::get() + } + + pub fn tx_delegate_take_rate_limit() -> u64 { + SubtensorInitialTxDelegateTakeRateLimit::get() + } + + pub fn tx_childkey_take_rate_limit() -> u64 { + SubtensorInitialTxChildKeyTakeRateLimit::get() + } + + pub fn network_rate_limit() -> u64 { + if cfg!(feature = "pow-faucet") { + 0 + } else { + SubtensorInitialNetworkRateLimit::get() + } + } + + pub fn owner_hyperparam_rate_limit() -> u16 { + 2 + } + + pub fn weights_version_key_rate_limit() -> u64 { + 5 + } + + pub fn sn_owner_hotkey_rate_limit() -> u64 { + 50_400 + } + + pub fn mechanism_count_rate_limit() -> u64 { + prod_or_fast!(7_200, 1) + } + + pub fn mechanism_emission_rate_limit() -> u64 { + prod_or_fast!(7_200, 1) + } + + pub fn max_uids_trimming_rate_limit() -> u64 { + prod_or_fast!(30 * 7_200, 1) + } +} + +pub mod types { + use super::*; + + #[derive(Encode, Decode, Clone, PartialEq, Eq, Debug, TypeInfo)] + pub enum RateLimitKey { + #[codec(index = 0)] + SetSNOwnerHotkey(NetUid), + #[codec(index = 1)] + OwnerHyperparamUpdate(NetUid, Hyperparameter), + #[codec(index = 2)] + NetworkLastRegistered, + #[codec(index = 3)] + LastTxBlock(AccountId), + #[codec(index = 4)] + LastTxBlockChildKeyTake(AccountId), + #[codec(index = 5)] + LastTxBlockDelegateTake(AccountId), + } + + #[derive(Clone, Copy, Debug, PartialEq, Eq)] + #[non_exhaustive] + pub enum TransactionType { + SetChildren, + SetChildkeyTake, + Unknown, + RegisterNetwork, + SetWeightsVersionKey, + SetSNOwnerHotkey, + OwnerHyperparamUpdate(Hyperparameter), + MechanismCountUpdate, + MechanismEmission, + MaxUidsTrimming, + } + + impl From for TransactionType { + fn from(value: u16) -> Self { + match value { + 0 => TransactionType::SetChildren, + 1 => TransactionType::SetChildkeyTake, + 3 => TransactionType::RegisterNetwork, + 4 => TransactionType::SetWeightsVersionKey, + 5 => TransactionType::SetSNOwnerHotkey, + 6 => TransactionType::OwnerHyperparamUpdate(Hyperparameter::Unknown), + 7 => TransactionType::MechanismCountUpdate, + 8 => TransactionType::MechanismEmission, + 9 => TransactionType::MaxUidsTrimming, + _ => TransactionType::Unknown, + } + } + } + + impl From for u16 { + fn from(tx_type: TransactionType) -> Self { + match tx_type { + TransactionType::SetChildren => 0, + TransactionType::SetChildkeyTake => 1, + TransactionType::Unknown => 2, + TransactionType::RegisterNetwork => 3, + TransactionType::SetWeightsVersionKey => 4, + TransactionType::SetSNOwnerHotkey => 5, + TransactionType::OwnerHyperparamUpdate(_) => 6, + TransactionType::MechanismCountUpdate => 7, + TransactionType::MechanismEmission => 8, + TransactionType::MaxUidsTrimming => 9, + } + } + } + + #[derive(Encode, Decode, Clone, Copy, PartialEq, Eq, Debug, TypeInfo)] + #[non_exhaustive] + pub enum Hyperparameter { + Unknown = 0, + ServingRateLimit = 1, + MaxDifficulty = 2, + AdjustmentAlpha = 3, + MaxWeightLimit = 4, + ImmunityPeriod = 5, + MinAllowedWeights = 6, + Kappa = 7, + Rho = 8, + ActivityCutoff = 9, + PowRegistrationAllowed = 10, + MinBurn = 11, + MaxBurn = 12, + BondsMovingAverage = 13, + BondsPenalty = 14, + CommitRevealEnabled = 15, + LiquidAlphaEnabled = 16, + AlphaValues = 17, + WeightCommitInterval = 18, + TransferEnabled = 19, + AlphaSigmoidSteepness = 20, + Yuma3Enabled = 21, + BondsResetEnabled = 22, + ImmuneNeuronLimit = 23, + RecycleOrBurn = 24, + MaxAllowedUids = 25, + } + + impl From for TransactionType { + fn from(param: Hyperparameter) -> Self { + Self::OwnerHyperparamUpdate(param) + } + } +} diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index 3e53916deb..ccd3e6402f 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -1,18 +1,14 @@ use core::{convert::TryFrom, marker::PhantomData}; -use frame_support::{BoundedBTreeSet, BoundedVec, traits::Get, weights::Weight}; +use frame_support::{BoundedBTreeSet, BoundedVec, weights::Weight}; use frame_system::pallet_prelude::BlockNumberFor; use log::{info, warn}; use pallet_rate_limiting::{ GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitTarget, TransactionIdentifier, }; use pallet_subtensor::{ - self, AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, - LastRateLimitedBlock, LastUpdate, MaxUidsTrimmingRateLimit, MechanismCountSetRateLimit, - MechanismEmissionRateLimit, NetworkRateLimit, OwnerHyperparamRateLimit, Pallet, Prometheus, - RateLimitKey, ServingRateLimit, TransactionKeyLastBlock, TxChildkeyTakeRateLimit, - TxDelegateTakeRateLimit, TxRateLimit, WeightsVersionKeyRateLimit, - utils::rate_limiting::{Hyperparameter, TransactionType}, + self, AssociatedEvmAddress, Axons, Config as SubtensorConfig, HasMigrationRun, LastUpdate, + Pallet, Prometheus, }; use sp_runtime::traits::SaturatedConversion; use sp_std::{ @@ -22,7 +18,13 @@ use sp_std::{ }; use subtensor_runtime_common::NetUid; -use super::{AccountId, RateLimitUsageKey, Runtime}; +use super::{ + AccountId, RateLimitUsageKey, Runtime, + legacy::{ + Hyperparameter, RateLimitKey, TransactionType, defaults as legacy_defaults, + storage as legacy_storage, + }, +}; type GroupId = ::GroupId; type GroupNameOf = BoundedVec::MaxGroupNameLength>; @@ -136,26 +138,25 @@ pub fn migrate_rate_limiting() -> Weight { fn commits() -> (Vec, Vec, u64) { let mut groups = Vec::new(); let mut commits = Vec::new(); - let mut reads: u64 = 0; // grouped - reads += build_serving(&mut groups, &mut commits); - reads += build_delegate_take(&mut groups, &mut commits); - reads += build_weights(&mut groups, &mut commits); - reads += build_register_network(&mut groups, &mut commits); - reads += build_owner_hparams(&mut groups, &mut commits); - reads += build_staking_ops(&mut groups, &mut commits); - reads += build_swap_keys(&mut groups, &mut commits); + let mut reads = build_serving(&mut groups, &mut commits); + reads = reads.saturating_add(build_delegate_take(&mut groups, &mut commits)); + reads = reads.saturating_add(build_weights(&mut groups, &mut commits)); + reads = reads.saturating_add(build_register_network(&mut groups, &mut commits)); + reads = reads.saturating_add(build_owner_hparams(&mut groups, &mut commits)); + reads = reads.saturating_add(build_staking_ops(&mut groups, &mut commits)); + reads = reads.saturating_add(build_swap_keys(&mut groups, &mut commits)); // standalone - reads += build_childkey_take(&mut commits); - reads += build_set_children(&mut commits); - reads += build_weights_version_key(&mut commits); - reads += build_sn_owner_hotkey(&mut commits); - reads += build_associate_evm(&mut commits); - reads += build_mechanism_count(&mut commits); - reads += build_mechanism_emission(&mut commits); - reads += build_trim_max_uids(&mut commits); + reads = reads.saturating_add(build_childkey_take(&mut commits)); + reads = reads.saturating_add(build_set_children(&mut commits)); + reads = reads.saturating_add(build_weights_version_key(&mut commits)); + reads = reads.saturating_add(build_sn_owner_hotkey(&mut commits)); + reads = reads.saturating_add(build_associate_evm(&mut commits)); + reads = reads.saturating_add(build_mechanism_count(&mut commits)); + reads = reads.saturating_add(build_mechanism_emission(&mut commits)); + reads = reads.saturating_add(build_trim_max_uids(&mut commits)); (groups, commits, reads) } @@ -299,30 +300,35 @@ fn build_serving(groups: &mut Vec, commits: &mut Vec) -> u6 ], }); + let (serving_limits, serving_reads) = legacy_storage::serving_rate_limits(); + reads = reads.saturating_add(serving_reads); // Limits per netuid (written to the group target). - reads += 1; // Merge live subnets (which may rely on default rate-limit values) with any legacy entries that // exist only in storage, so we migrate both current and previously stored netuids without // duplicates. let mut netuids = Pallet::::get_all_subnet_netuids(); - for (netuid, _) in ServingRateLimit::::iter() { + for (&netuid, _) in &serving_limits { if !netuids.contains(&netuid) { netuids.push(netuid); } } + let default_limit = legacy_defaults::serving_rate_limit(); for netuid in netuids { - reads += 1; + reads = reads.saturating_add(1); push_limit_commit_if_non_zero( commits, RateLimitTarget::Group(GROUP_SERVE), - Pallet::::get_serving_rate_limit(netuid), + serving_limits + .get(&netuid) + .copied() + .unwrap_or(default_limit), Some(netuid), ); } // Axon last-seen (group-shared usage). for (netuid, hotkey, axon) in Axons::::iter() { - reads += 1; + reads = reads.saturating_add(1); if let Some(block) = block_number::(axon.block) { commits.push(Commit { target: RateLimitTarget::Group(GROUP_SERVE), @@ -340,7 +346,7 @@ fn build_serving(groups: &mut Vec, commits: &mut Vec) -> u6 // Prometheus last-seen (group-shared usage). for (netuid, hotkey, prom) in Prometheus::::iter() { - reads += 1; + reads = reads.saturating_add(1); if let Some(block) = block_number::(prom.block) { commits.push(Commit { target: RateLimitTarget::Group(GROUP_SERVE), @@ -375,15 +381,11 @@ fn build_delegate_take(groups: &mut Vec, commits: &mut Vec) }); let target = RateLimitTarget::Group(GROUP_DELEGATE_TAKE); - reads += 1; - push_limit_commit_if_non_zero( - commits, - target, - TxDelegateTakeRateLimit::::get(), - None, - ); + let (delegate_take_limit, delegate_reads) = legacy_storage::tx_delegate_take_rate_limit(); + reads = reads.saturating_add(delegate_reads); + push_limit_commit_if_non_zero(commits, target, delegate_take_limit, None); - reads += + reads = reads.saturating_add( last_seen_helpers::collect_last_seen_from_last_rate_limited_block( commits, |key| match key { @@ -392,7 +394,8 @@ fn build_delegate_take(groups: &mut Vec, commits: &mut Vec) } _ => None, }, - ); + ), + ); reads } @@ -422,19 +425,24 @@ fn build_weights(groups: &mut Vec, commits: &mut Vec) -> u6 ], }); - reads += 1; + let (weights_limits, weights_reads) = legacy_storage::weights_set_rate_limits(); + reads = reads.saturating_add(weights_reads); + let default_limit = legacy_defaults::weights_set_rate_limit(); for netuid in Pallet::::get_all_subnet_netuids() { - reads += 1; + reads = reads.saturating_add(1); push_limit_commit_if_non_zero( commits, RateLimitTarget::Group(GROUP_WEIGHTS_SUBNET), - Pallet::::get_weights_set_rate_limit(netuid), + weights_limits + .get(&netuid) + .copied() + .unwrap_or(default_limit), Some(netuid), ); } for (index, blocks) in LastUpdate::::iter() { - reads += 1; + reads = reads.saturating_add(1); let (netuid, mecid) = Pallet::::get_netuid_and_subid(index).unwrap_or((NetUid::ROOT, 0.into())); for (uid, last_block) in blocks.into_iter().enumerate() { @@ -484,25 +492,26 @@ fn build_register_network(groups: &mut Vec, commits: &mut Vec::get(), None); + let (network_rate_limit, network_reads) = legacy_storage::network_rate_limit(); + reads = reads.saturating_add(network_reads); + push_limit_commit_if_non_zero(commits, target, network_rate_limit, None); - reads += + reads = reads.saturating_add( last_seen_helpers::collect_last_seen_from_last_rate_limited_block( commits, |key| match key { RateLimitKey::NetworkLastRegistered => Some((target, None)), _ => None, }, - ); + ), + ); reads } // Owner hyperparameter group (config shared, usage per call). // usage: netuid -// legacy sources: OwnerHyperparamRateLimit * tempo, -// LastRateLimitedBlock per OwnerHyperparamUpdate +// legacy sources: OwnerHyperparamRateLimit * tempo, LastRateLimitedBlock per OwnerHyperparamUpdate fn build_owner_hparams(groups: &mut Vec, commits: &mut Vec) -> u64 { let mut reads: u64 = 0; groups.push(GroupConfig { @@ -516,15 +525,11 @@ fn build_owner_hparams(groups: &mut Vec, commits: &mut Vec) }); let group_target = RateLimitTarget::Group(GROUP_OWNER_HPARAMS); - reads += 1; - push_limit_commit_if_non_zero( - commits, - group_target, - u64::from(OwnerHyperparamRateLimit::::get()), - None, - ); + let (owner_limit, owner_reads) = legacy_storage::owner_hyperparam_rate_limit(); + reads = reads.saturating_add(owner_reads); + push_limit_commit_if_non_zero(commits, group_target, owner_limit, None); - reads += + reads = reads.saturating_add( last_seen_helpers::collect_last_seen_from_last_rate_limited_block( commits, |key| match key { @@ -539,7 +544,8 @@ fn build_owner_hparams(groups: &mut Vec, commits: &mut Vec) } _ => None, }, - ); + ), + ); reads } @@ -589,10 +595,11 @@ fn build_swap_keys(groups: &mut Vec, commits: &mut Vec) -> }); let target = RateLimitTarget::Group(GROUP_SWAP_KEYS); - reads += 1; - push_limit_commit_if_non_zero(commits, target, TxRateLimit::::get(), None); + let (tx_rate_limit, tx_reads) = legacy_storage::tx_rate_limit(); + reads = reads.saturating_add(tx_reads); + push_limit_commit_if_non_zero(commits, target, tx_rate_limit, None); - reads += + reads = reads.saturating_add( last_seen_helpers::collect_last_seen_from_last_rate_limited_block( commits, |key| match key { @@ -601,7 +608,8 @@ fn build_swap_keys(groups: &mut Vec, commits: &mut Vec) -> } _ => None, }, - ); + ), + ); reads } @@ -613,18 +621,16 @@ fn build_childkey_take(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; let target = RateLimitTarget::Transaction(TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, 75)); - reads += 1; - push_limit_commit_if_non_zero( - commits, - target, - TxChildkeyTakeRateLimit::::get(), - None, - ); + let (childkey_limit, childkey_reads) = legacy_storage::tx_childkey_take_rate_limit(); + reads = reads.saturating_add(childkey_reads); + push_limit_commit_if_non_zero(commits, target, childkey_limit, None); - reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( - commits, - target, - TransactionType::SetChildkeyTake, + reads = reads.saturating_add( + last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::SetChildkeyTake, + ), ); reads @@ -632,18 +638,19 @@ fn build_childkey_take(commits: &mut Vec) -> u64 { // Standalone set_children. // usage: account+netuid -// legacy sources: SET_CHILDREN_RATE_LIMIT (constant 150), -// TransactionKeyLastBlock per SetChildren +// legacy sources: SET_CHILDREN_RATE_LIMIT (constant 150), TransactionKeyLastBlock per SetChildren fn build_set_children(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; let target = RateLimitTarget::Transaction(TransactionIdentifier::new(SUBTENSOR_PALLET_INDEX, 67)); push_limit_commit_if_non_zero(commits, target, SET_CHILDREN_RATE_LIMIT, None); - reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( - commits, - target, - TransactionType::SetChildren, + reads = reads.saturating_add( + last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::SetChildren, + ), ); reads @@ -658,18 +665,17 @@ fn build_weights_version_key(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; let target = RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 6)); - reads += 1; - push_limit_commit_if_non_zero( - commits, - target, - WeightsVersionKeyRateLimit::::get(), - None, - ); + let (weights_version_limit, weights_version_reads) = + legacy_storage::weights_version_key_rate_limit(); + reads = reads.saturating_add(weights_version_reads); + push_limit_commit_if_non_zero(commits, target, weights_version_limit, None); - reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( - commits, - target, - TransactionType::SetWeightsVersionKey, + reads = reads.saturating_add( + last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::SetWeightsVersionKey, + ), ); reads @@ -677,21 +683,16 @@ fn build_weights_version_key(commits: &mut Vec) -> u64 { // Standalone set_sn_owner_hotkey. // usage: netuid -// legacy sources: DefaultSetSNOwnerHotkeyRateLimit, -// LastRateLimitedBlock per SetSNOwnerHotkey +// legacy sources: DefaultSetSNOwnerHotkeyRateLimit, LastRateLimitedBlock per SetSNOwnerHotkey fn build_sn_owner_hotkey(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; let target = RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 67)); + let sn_owner_limit = legacy_defaults::sn_owner_hotkey_rate_limit(); reads += 1; - push_limit_commit_if_non_zero( - commits, - target, - pallet_subtensor::pallet::DefaultSetSNOwnerHotkeyRateLimit::::get(), - None, - ); + push_limit_commit_if_non_zero(commits, target, sn_owner_limit, None); - reads += + reads = reads.saturating_add( last_seen_helpers::collect_last_seen_from_last_rate_limited_block( commits, |key| match key { @@ -700,7 +701,8 @@ fn build_sn_owner_hotkey(commits: &mut Vec) -> u64 { } _ => None, }, - ); + ), + ); reads } @@ -721,7 +723,7 @@ fn build_associate_evm(commits: &mut Vec) -> u64 { ); for (netuid, uid, (_, block)) in AssociatedEvmAddress::::iter() { - reads += 1; + reads = reads.saturating_add(1); let Some(block) = block_number::(block) else { continue; }; @@ -739,25 +741,21 @@ fn build_associate_evm(commits: &mut Vec) -> u64 { // Standalone mechanism count. // usage: account+netuid -// legacy sources: MechanismCountSetRateLimit, -// TransactionKeyLastBlock per MechanismCountUpdate +// legacy sources: MechanismCountSetRateLimit, TransactionKeyLastBlock per MechanismCountUpdate // sudo_set_mechanism_count fn build_mechanism_count(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; let target = RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 76)); - reads += 1; - push_limit_commit_if_non_zero( - commits, - target, - MechanismCountSetRateLimit::::get(), - None, - ); + let mechanism_limit = legacy_defaults::mechanism_count_rate_limit(); + push_limit_commit_if_non_zero(commits, target, mechanism_limit, None); - reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( - commits, - target, - TransactionType::MechanismCountUpdate, + reads = reads.saturating_add( + last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::MechanismCountUpdate, + ), ); reads @@ -765,25 +763,21 @@ fn build_mechanism_count(commits: &mut Vec) -> u64 { // Standalone mechanism emission. // usage: account+netuid -// legacy sources: MechanismEmissionRateLimit, -// TransactionKeyLastBlock per MechanismEmission +// legacy sources: MechanismEmissionRateLimit, TransactionKeyLastBlock per MechanismEmission // sudo_set_mechanism_emission_split fn build_mechanism_emission(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; let target = RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 77)); - reads += 1; - push_limit_commit_if_non_zero( - commits, - target, - MechanismEmissionRateLimit::::get(), - None, - ); + let emission_limit = legacy_defaults::mechanism_emission_rate_limit(); + push_limit_commit_if_non_zero(commits, target, emission_limit, None); - reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( - commits, - target, - TransactionType::MechanismEmission, + reads = reads.saturating_add( + last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::MechanismEmission, + ), ); reads @@ -791,25 +785,21 @@ fn build_mechanism_emission(commits: &mut Vec) -> u64 { // Standalone trim_to_max_allowed_uids. // usage: account+netuid -// legacy sources: MaxUidsTrimmingRateLimit, -// TransactionKeyLastBlock per MaxUidsTrimming +// legacy sources: MaxUidsTrimmingRateLimit, TransactionKeyLastBlock per MaxUidsTrimming // sudo_trim_to_max_allowed_uids fn build_trim_max_uids(commits: &mut Vec) -> u64 { let mut reads: u64 = 0; let target = RateLimitTarget::Transaction(TransactionIdentifier::new(ADMIN_UTILS_PALLET_INDEX, 78)); - reads += 1; - push_limit_commit_if_non_zero( - commits, - target, - MaxUidsTrimmingRateLimit::::get(), - None, - ); + let trim_limit = legacy_defaults::max_uids_trimming_rate_limit(); + push_limit_commit_if_non_zero(commits, target, trim_limit, None); - reads += last_seen_helpers::collect_last_seen_from_transaction_key_last_block( - commits, - target, - TransactionType::MaxUidsTrimming, + reads = reads.saturating_add( + last_seen_helpers::collect_last_seen_from_transaction_key_last_block( + commits, + target, + TransactionType::MaxUidsTrimming, + ), ); reads @@ -899,8 +889,9 @@ mod last_seen_helpers { ) -> u64 { let mut reads: u64 = 0; - for (key, block) in LastRateLimitedBlock::::iter() { - reads += 1; + let (entries, iter_reads) = legacy_storage::last_rate_limited_blocks(); + reads = reads.saturating_add(iter_reads); + for (key, block) in entries { let Some((target, usage)) = map(key) else { continue; }; @@ -923,8 +914,9 @@ mod last_seen_helpers { ) -> u64 { let mut reads: u64 = 0; - for ((account, netuid, tx_kind), block) in TransactionKeyLastBlock::::iter() { - reads += 1; + let (entries, iter_reads) = legacy_storage::transaction_key_last_block(); + reads = reads.saturating_add(iter_reads); + for ((account, netuid, tx_kind), block) in entries { let tx = TransactionType::from(tx_kind); if discriminant(&tx) != discriminant(&tx_filter) { continue; @@ -1018,7 +1010,9 @@ fn block_number(value: u64) -> Option> { #[cfg(test)] mod tests { + use codec::Encode; use sp_io::TestExternalities; + use sp_io::{hashing::twox_128, storage}; use sp_runtime::traits::{SaturatedConversion, Zero}; use super::*; @@ -1026,6 +1020,7 @@ mod tests { const ACCOUNT: [u8; 32] = [7u8; 32]; const DELEGATE_TAKE_GROUP_ID: GroupId = GROUP_DELEGATE_TAKE; + const PALLET_PREFIX: &[u8] = b"SubtensorModule"; fn new_test_ext() -> TestExternalities { sp_tracing::try_init_simple(); @@ -1052,12 +1047,9 @@ mod tests { let account: AccountId = ACCOUNT.into(); pallet_subtensor::HasMigrationRun::::remove(MIGRATION_NAME); - pallet_subtensor::TxRateLimit::::put(10); - pallet_subtensor::TxDelegateTakeRateLimit::::put(3); - pallet_subtensor::LastRateLimitedBlock::::insert( - RateLimitKey::LastTxBlock(account.clone()), - 5, - ); + put_legacy_value(b"TxRateLimit", 10u64); + put_legacy_value(b"TxDelegateTakeRateLimit", 3u64); + put_last_rate_limited_block(RateLimitKey::LastTxBlock(account.clone()), 5); let weight = migrate_rate_limiting(); assert!(!weight.is_zero()); @@ -1105,7 +1097,7 @@ mod tests { fn migration_skips_when_already_run() { new_test_ext().execute_with(|| { pallet_subtensor::HasMigrationRun::::insert(MIGRATION_NAME, true); - pallet_subtensor::TxRateLimit::::put(99); + put_legacy_value(b"TxRateLimit", 99u64); let base_weight = ::DbWeight::get().reads(1); let weight = migrate_rate_limiting(); @@ -1123,4 +1115,19 @@ mod tests { ); }); } + + fn put_legacy_value(storage_name: &[u8], value: impl Encode) { + let key = storage_key(storage_name); + storage::set(&key, &value.encode()); + } + + fn put_last_rate_limited_block(key: RateLimitKey, block: u64) { + let mut storage_key = storage_key(b"LastRateLimitedBlock"); + storage_key.extend(key.encode()); + storage::set(&storage_key, &block.encode()); + } + + fn storage_key(storage_name: &[u8]) -> Vec { + [twox_128(PALLET_PREFIX), twox_128(storage_name)].concat() + } } diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 8b4a07a926..5c0b7a8ec1 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -12,6 +12,7 @@ use subtensor_runtime_common::{BlockNumber, MechId, NetUid}; use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; +mod legacy; pub mod migration; #[derive( From 483be0ca1d312262861184111ff246c3c8864cb4 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Fri, 12 Dec 2025 17:34:55 +0300 Subject: [PATCH 40/46] Add rate limiting interface --- Cargo.lock | 12 + Cargo.toml | 1 + common/src/lib.rs | 1 + common/src/rate_limiting.rs | 19 ++ pallets/rate-limiting-interface/Cargo.toml | 24 ++ pallets/rate-limiting-interface/README.md | 3 + pallets/rate-limiting-interface/src/lib.rs | 267 +++++++++++++++++++++ pallets/rate-limiting/Cargo.toml | 2 + pallets/rate-limiting/src/benchmarking.rs | 6 +- pallets/rate-limiting/src/lib.rs | 58 ++++- pallets/rate-limiting/src/mock.rs | 2 +- pallets/rate-limiting/src/tx_extension.rs | 5 +- pallets/rate-limiting/src/types.rs | 158 +----------- runtime/src/lib.rs | 2 +- runtime/src/rate_limiting/migration.rs | 17 +- runtime/tests/rate_limiting_behavior.rs | 6 +- runtime/tests/rate_limiting_migration.rs | 4 +- 17 files changed, 401 insertions(+), 186 deletions(-) create mode 100644 common/src/rate_limiting.rs create mode 100644 pallets/rate-limiting-interface/Cargo.toml create mode 100644 pallets/rate-limiting-interface/README.md create mode 100644 pallets/rate-limiting-interface/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index 5a8f830542..2c85cc1aad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10314,6 +10314,7 @@ dependencies = [ "frame-support", "frame-system", "parity-scale-codec", + "rate-limiting-interface", "scale-info", "serde", "sp-core", @@ -13727,6 +13728,17 @@ dependencies = [ "rand_core 0.9.3", ] +[[package]] +name = "rate-limiting-interface" +version = "0.1.0" +dependencies = [ + "frame-support", + "parity-scale-codec", + "scale-info", + "serde", + "sp-std", +] + [[package]] name = "raw-cpuid" version = "11.6.0" diff --git a/Cargo.toml b/Cargo.toml index 8bc3f488e6..48630c5f1d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -75,6 +75,7 @@ subtensor-runtime-common = { default-features = false, path = "common" } subtensor-swap-interface = { default-features = false, path = "pallets/swap-interface" } subtensor-transaction-fee = { default-features = false, path = "pallets/transaction-fee" } subtensor-chain-extensions = { default-features = false, path = "chain-extensions" } +rate-limiting-interface = { default-features = false, path = "pallets/rate-limiting-interface" } ed25519-dalek = { version = "2.1.0", default-features = false } async-trait = "0.1" diff --git a/common/src/lib.rs b/common/src/lib.rs index 28a33c2ae6..0e4a500d69 100644 --- a/common/src/lib.rs +++ b/common/src/lib.rs @@ -17,6 +17,7 @@ use subtensor_macros::freeze_struct; pub use currency::*; mod currency; +pub mod rate_limiting; /// Balance of an account. pub type Balance = u64; diff --git a/common/src/rate_limiting.rs b/common/src/rate_limiting.rs new file mode 100644 index 0000000000..7051e5aeaa --- /dev/null +++ b/common/src/rate_limiting.rs @@ -0,0 +1,19 @@ +//! Shared rate-limiting types. + +/// Identifier type for rate-limiting groups. +pub type GroupId = u32; + +/// Group id for serving-related calls. +pub const GROUP_SERVE: GroupId = 0; +/// Group id for delegate-take related calls. +pub const GROUP_DELEGATE_TAKE: GroupId = 1; +/// Group id for subnet weight-setting calls. +pub const GROUP_WEIGHTS_SUBNET: GroupId = 2; +/// Group id for network registration calls. +pub const GROUP_REGISTER_NETWORK: GroupId = 3; +/// Group id for owner hyperparameter calls. +pub const GROUP_OWNER_HPARAMS: GroupId = 4; +/// Group id for staking operations. +pub const GROUP_STAKING_OPS: GroupId = 5; +/// Group id for key swap calls. +pub const GROUP_SWAP_KEYS: GroupId = 6; diff --git a/pallets/rate-limiting-interface/Cargo.toml b/pallets/rate-limiting-interface/Cargo.toml new file mode 100644 index 0000000000..8f352d0c58 --- /dev/null +++ b/pallets/rate-limiting-interface/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "rate-limiting-interface" +version = "0.1.0" +edition.workspace = true + +[lints] +workspace = true + +[dependencies] +codec = { workspace = true, features = ["derive"], default-features = false } +frame-support = { workspace = true, default-features = false } +scale-info = { workspace = true, features = ["derive"], default-features = false } +serde = { workspace = true, features = ["derive"], default-features = false } +sp-std = { workspace = true, default-features = false } + +[features] +default = ["std"] +std = [ + "codec/std", + "frame-support/std", + "scale-info/std", + "serde/std", + "sp-std/std", +] diff --git a/pallets/rate-limiting-interface/README.md b/pallets/rate-limiting-interface/README.md new file mode 100644 index 0000000000..d8671fc0ba --- /dev/null +++ b/pallets/rate-limiting-interface/README.md @@ -0,0 +1,3 @@ +# `rate-limiting-interface` + +Small, `no_std`-friendly interface crate that defines [`RateLimitingInfo`](src/lib.rs). diff --git a/pallets/rate-limiting-interface/src/lib.rs b/pallets/rate-limiting-interface/src/lib.rs new file mode 100644 index 0000000000..4bf0dab22f --- /dev/null +++ b/pallets/rate-limiting-interface/src/lib.rs @@ -0,0 +1,267 @@ +#![cfg_attr(not(feature = "std"), no_std)] + +//! Read-only interface for querying rate limits and last-seen usage. + +use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::traits::GetCallMetadata; +use scale_info::TypeInfo; +use serde::{Deserialize, Serialize}; +use sp_std::vec::Vec; + +/// Read-only queries for rate-limiting configuration and usage tracking. +pub trait RateLimitingInfo { + /// Group id type used by rate-limiting targets. + type GroupId; + /// Call type used for name/index resolution. + type CallMetadata: GetCallMetadata; + /// Numeric type used for returned values (commonly a block number / block span type). + type Limit; + /// Optional configuration scope (for example per-network `netuid`). + type Scope; + /// Optional usage key used to refine "last seen" tracking. + type UsageKey; + + /// Returns the configured limit for `target` and optional `scope`. + fn rate_limit(target: TargetArg, scope: Option) -> Option + where + TargetArg: TryIntoRateLimitTarget; + + /// Returns when `target` was last observed for the optional `usage_key`. + fn last_seen( + target: TargetArg, + usage_key: Option, + ) -> Option + where + TargetArg: TryIntoRateLimitTarget; +} + +/// Target identifier for rate limit and usage configuration. +#[derive( + Serialize, + Deserialize, + Clone, + Copy, + PartialEq, + Eq, + PartialOrd, + Ord, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub enum RateLimitTarget { + /// Per-transaction configuration keyed by pallet/extrinsic indices. + Transaction(TransactionIdentifier), + /// Shared configuration for a named group. + Group(GroupId), +} + +impl RateLimitTarget { + /// Returns the transaction identifier when the target represents a single extrinsic. + pub fn as_transaction(&self) -> Option<&TransactionIdentifier> { + match self { + RateLimitTarget::Transaction(identifier) => Some(identifier), + RateLimitTarget::Group(_) => None, + } + } + + /// Returns the group identifier when the target represents a group configuration. + pub fn as_group(&self) -> Option<&GroupId> { + match self { + RateLimitTarget::Transaction(_) => None, + RateLimitTarget::Group(id) => Some(id), + } + } +} + +impl From for RateLimitTarget { + fn from(identifier: TransactionIdentifier) -> Self { + Self::Transaction(identifier) + } +} + +/// Identifies a runtime call by pallet and extrinsic indices. +#[derive( + Serialize, + Deserialize, + Clone, + Copy, + PartialEq, + Eq, + PartialOrd, + Ord, + Encode, + Decode, + DecodeWithMemTracking, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub struct TransactionIdentifier { + /// Pallet variant index. + pub pallet_index: u8, + /// Call variant index within the pallet. + pub extrinsic_index: u8, +} + +impl TransactionIdentifier { + /// Builds a new identifier from pallet/extrinsic indices. + pub const fn new(pallet_index: u8, extrinsic_index: u8) -> Self { + Self { + pallet_index, + extrinsic_index, + } + } + + /// Attempts to build an identifier from a SCALE-encoded call by reading the first two bytes. + pub fn from_call(call: &Call) -> Option { + call.using_encoded(|encoded| { + let pallet_index = *encoded.get(0)?; + let extrinsic_index = *encoded.get(1)?; + Some(Self::new(pallet_index, extrinsic_index)) + }) + } + + /// Resolves pallet/extrinsic names for this identifier using call metadata. + pub fn names(&self) -> Option<(&'static str, &'static str)> { + let modules = Call::get_module_names(); + let pallet_name = *modules.get(self.pallet_index as usize)?; + let call_names = Call::get_call_names(pallet_name); + let extrinsic_name = *call_names.get(self.extrinsic_index as usize)?; + Some((pallet_name, extrinsic_name)) + } + + /// Resolves a pallet/extrinsic name pair into a transaction identifier. + pub fn for_call_names( + pallet_name: &str, + extrinsic_name: &str, + ) -> Option { + let modules = Call::get_module_names(); + let pallet_pos = modules.iter().position(|name| *name == pallet_name)?; + let call_names = Call::get_call_names(pallet_name); + let extrinsic_pos = call_names.iter().position(|name| *name == extrinsic_name)?; + let pallet_index = u8::try_from(pallet_pos).ok()?; + let extrinsic_index = u8::try_from(extrinsic_pos).ok()?; + Some(Self::new(pallet_index, extrinsic_index)) + } +} + +/// Conversion into a concrete [`RateLimitTarget`]. +pub trait TryIntoRateLimitTarget { + type Error; + + fn try_into_rate_limit_target( + self, + ) -> Result, Self::Error>; +} + +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub enum RateLimitTargetConversionError { + InvalidUtf8, + UnknownCall, +} + +impl TryIntoRateLimitTarget for RateLimitTarget { + type Error = core::convert::Infallible; + + fn try_into_rate_limit_target( + self, + ) -> Result, Self::Error> { + Ok(self) + } +} + +impl TryIntoRateLimitTarget for GroupId { + type Error = core::convert::Infallible; + + fn try_into_rate_limit_target( + self, + ) -> Result, Self::Error> { + Ok(RateLimitTarget::Group(self)) + } +} + +impl TryIntoRateLimitTarget for (Vec, Vec) { + type Error = RateLimitTargetConversionError; + + fn try_into_rate_limit_target( + self, + ) -> Result, Self::Error> { + let (pallet, extrinsic) = self; + let pallet_name = sp_std::str::from_utf8(&pallet) + .map_err(|_| RateLimitTargetConversionError::InvalidUtf8)?; + let extrinsic_name = sp_std::str::from_utf8(&extrinsic) + .map_err(|_| RateLimitTargetConversionError::InvalidUtf8)?; + + let identifier = TransactionIdentifier::for_call_names::(pallet_name, extrinsic_name) + .ok_or(RateLimitTargetConversionError::UnknownCall)?; + + Ok(RateLimitTarget::Transaction(identifier)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + use codec::Encode; + use frame_support::traits::CallMetadata; + + #[derive(Clone, Copy, Debug, Encode)] + struct DummyCall(u8, u8); + + impl GetCallMetadata for DummyCall { + fn get_module_names() -> &'static [&'static str] { + &["P0", "P1"] + } + + fn get_call_names(module: &str) -> &'static [&'static str] { + match module { + "P0" => &["C0"], + "P1" => &["C0", "C1", "C2", "C3", "C4"], + _ => &[], + } + } + + fn get_call_metadata(&self) -> CallMetadata { + CallMetadata { + function_name: "unused", + pallet_name: "unused", + } + } + } + + #[test] + fn transaction_identifier_from_call_reads_first_two_bytes() { + let id = TransactionIdentifier::from_call(&DummyCall(1, 4)).expect("identifier"); + assert_eq!(id, TransactionIdentifier::new(1, 4)); + } + + #[test] + fn transaction_identifier_names_resolves_metadata() { + let id = TransactionIdentifier::new(1, 4); + assert_eq!(id.names::(), Some(("P1", "C4"))); + } + + #[test] + fn transaction_identifier_for_call_names_resolves_indices() { + let id = TransactionIdentifier::for_call_names::("P1", "C4").expect("id"); + assert_eq!(id, TransactionIdentifier::new(1, 4)); + } + + #[test] + fn rate_limit_target_accessors_work() { + let tx = RateLimitTarget::::Transaction(TransactionIdentifier::new(1, 4)); + assert!(tx.as_group().is_none()); + assert_eq!( + tx.as_transaction().copied(), + Some(TransactionIdentifier::new(1, 4)) + ); + + let group = RateLimitTarget::::Group(7); + assert!(group.as_transaction().is_none()); + assert_eq!(group.as_group().copied(), Some(7)); + } +} diff --git a/pallets/rate-limiting/Cargo.toml b/pallets/rate-limiting/Cargo.toml index 67e2710f4b..00bae918dd 100644 --- a/pallets/rate-limiting/Cargo.toml +++ b/pallets/rate-limiting/Cargo.toml @@ -18,6 +18,7 @@ scale-info = { workspace = true, features = ["derive"] } serde = { workspace = true, features = ["derive"] } sp-std.workspace = true sp-runtime.workspace = true +rate-limiting-interface.workspace = true subtensor-runtime-common.workspace = true [dev-dependencies] @@ -32,6 +33,7 @@ std = [ "frame-benchmarking?/std", "frame-support/std", "frame-system/std", + "rate-limiting-interface/std", "scale-info/std", "serde/std", "sp-std/std", diff --git a/pallets/rate-limiting/src/benchmarking.rs b/pallets/rate-limiting/src/benchmarking.rs index 38568dea28..265733e113 100644 --- a/pallets/rate-limiting/src/benchmarking.rs +++ b/pallets/rate-limiting/src/benchmarking.rs @@ -40,7 +40,7 @@ fn register_call_with_group( group: Option<::GroupId>, ) -> TransactionIdentifier { let call = sample_call::(); - let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("id"); + let identifier = TransactionIdentifier::from_call(call.as_ref()).expect("id"); Pallet::::register_call(RawOrigin::Root.into(), call, group).expect("registered"); identifier } @@ -53,7 +53,7 @@ mod benchmarks { #[benchmark] fn register_call() { let call = sample_call::(); - let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("id"); + let identifier = TransactionIdentifier::from_call(call.as_ref()).expect("id"); let target = RateLimitTarget::Transaction(identifier); #[extrinsic_call] @@ -65,7 +65,7 @@ mod benchmarks { #[benchmark] fn set_rate_limit() { let call = sample_call::(); - let identifier = TransactionIdentifier::from_call::(call.as_ref()).expect("id"); + let identifier = TransactionIdentifier::from_call(call.as_ref()).expect("id"); let target = RateLimitTarget::Transaction(identifier); Limits::::insert(target, RateLimit::global(RateLimitKind::Default)); diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index c93397c425..339ae3d359 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -6,8 +6,8 @@ //! //! `pallet-rate-limiting` lets a runtime restrict how frequently particular calls can execute. //! Limits are stored on-chain, keyed by explicit [`RateLimitTarget`] values. A target is either a -//! single [`TransactionIdentifier`] (the pallet/extrinsic indices) or a named *group* managed by the -//! admin APIs. Groups provide a way to give multiple calls the same configuration and/or usage +//! single [`TransactionIdentifier`] (the pallet/extrinsic indices) or a named *group* managed by +//! the admin APIs. Groups provide a way to give multiple calls the same configuration and/or usage //! tracking without duplicating storage. Each target entry stores either a global span or a set of //! scoped spans resolved at runtime. The pallet exposes a handful of extrinsics, restricted by //! [`Config::AdminOrigin`], to manage this data: @@ -142,12 +142,57 @@ #[cfg(feature = "runtime-benchmarks")] pub use benchmarking::BenchmarkHelper; pub use pallet::*; +pub use rate_limiting_interface::{RateLimitTarget, TransactionIdentifier}; +pub use rate_limiting_interface::{RateLimitingInfo, TryIntoRateLimitTarget}; pub use tx_extension::RateLimitTransactionExtension; pub use types::{ BypassDecision, GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitScopeResolver, - RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, + RateLimitUsageResolver, }; +impl, I: 'static> RateLimitingInfo for pallet::Pallet { + type GroupId = >::GroupId; + type CallMetadata = >::RuntimeCall; + type Limit = frame_system::pallet_prelude::BlockNumberFor; + type Scope = >::LimitScope; + type UsageKey = >::UsageKey; + + fn rate_limit(target: TargetArg, scope: Option) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + let raw_target = target + .try_into_rate_limit_target::() + .ok()?; + let config_target = match raw_target { + // A transaction identifier may be assigned to a group; resolve the effective storage + // target. + RateLimitTarget::Transaction(identifier) => Self::config_target(&identifier).ok()?, + _ => raw_target, + }; + Self::resolved_limit(&config_target, &scope) + } + + fn last_seen( + target: TargetArg, + usage_key: Option, + ) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + let raw_target = target + .try_into_rate_limit_target::() + .ok()?; + let usage_target = match raw_target { + // A transaction identifier may be assigned to a group; resolve the effective storage + // target. + RateLimitTarget::Transaction(identifier) => Self::usage_target(&identifier).ok()?, + _ => raw_target, + }; + pallet::LastSeen::::get(usage_target, usage_key) + } +} + #[cfg(feature = "runtime-benchmarks")] mod benchmarking; mod tx_extension; @@ -768,7 +813,9 @@ pub mod pallet { fn call_metadata( identifier: &TransactionIdentifier, ) -> Result<(Vec, Vec), DispatchError> { - let (pallet_name, extrinsic_name) = identifier.names::()?; + let (pallet_name, extrinsic_name) = identifier + .names::<>::RuntimeCall>() + .ok_or(Error::::InvalidRuntimeCall)?; Ok(( Vec::from(pallet_name.as_bytes()), Vec::from(extrinsic_name.as_bytes()), @@ -917,7 +964,8 @@ pub mod pallet { T::AdminOrigin::ensure_origin(origin)?; - let identifier = TransactionIdentifier::from_call::(call.as_ref())?; + let identifier = TransactionIdentifier::from_call(call.as_ref()) + .ok_or(Error::::InvalidRuntimeCall)?; Self::ensure_call_unregistered(&identifier)?; let target = RateLimitTarget::Transaction(identifier); diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index 98769bf6a6..d3d486f6a1 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -153,7 +153,7 @@ pub fn new_test_ext() -> TestExternalities { } pub(crate) fn identifier_for(call: &RuntimeCall) -> TransactionIdentifier { - TransactionIdentifier::from_call::(call).expect("identifier for call") + TransactionIdentifier::from_call(call).expect("identifier for call") } pub(crate) fn pop_last_event() -> RuntimeEvent { diff --git a/pallets/rate-limiting/src/tx_extension.rs b/pallets/rate-limiting/src/tx_extension.rs index 5e5cc45f0c..303649c9c9 100644 --- a/pallets/rate-limiting/src/tx_extension.rs +++ b/pallets/rate-limiting/src/tx_extension.rs @@ -117,9 +117,8 @@ where _inherited_implication: &impl Implication, _source: TransactionSource, ) -> ValidateResult>::RuntimeCall> { - let identifier = match TransactionIdentifier::from_call::(call) { - Ok(identifier) => identifier, - Err(_) => return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)), + let Some(identifier) = TransactionIdentifier::from_call(call) else { + return Err(TransactionValidityError::Invalid(InvalidTransaction::Call)); }; if !Pallet::::is_registered(&identifier) { diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index c7bc2f91f7..166c471d7e 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -1,5 +1,5 @@ use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; -use frame_support::{pallet_prelude::DispatchError, traits::GetCallMetadata}; +pub use rate_limiting_interface::{RateLimitTarget, TransactionIdentifier}; use scale_info::TypeInfo; use serde::{Deserialize, Serialize}; use sp_std::{collections::btree_map::BTreeMap, vec::Vec}; @@ -60,72 +60,6 @@ pub trait RateLimitUsageResolver { fn context(origin: &Origin, call: &Call) -> Option>; } -/// Identifies a runtime call by pallet and extrinsic indices. -#[derive( - Serialize, - Deserialize, - Clone, - Copy, - PartialEq, - Eq, - PartialOrd, - Ord, - Encode, - Decode, - DecodeWithMemTracking, - TypeInfo, - MaxEncodedLen, - Debug, -)] -pub struct TransactionIdentifier { - /// Pallet variant index. - pub pallet_index: u8, - /// Call variant index within the pallet. - pub extrinsic_index: u8, -} - -/// Target identifier for rate limit and usage configuration. -#[derive( - Serialize, - Deserialize, - Clone, - Copy, - PartialEq, - Eq, - PartialOrd, - Ord, - Encode, - Decode, - DecodeWithMemTracking, - TypeInfo, - MaxEncodedLen, - Debug, -)] -pub enum RateLimitTarget { - /// Per-transaction configuration keyed by pallet/extrinsic indices. - Transaction(TransactionIdentifier), - /// Shared configuration for a named group. - Group(GroupId), -} - -impl RateLimitTarget { - /// Returns the transaction identifier when the target represents a single extrinsic. - pub fn as_transaction(&self) -> Option<&TransactionIdentifier> { - match self { - RateLimitTarget::Transaction(identifier) => Some(identifier), - RateLimitTarget::Group(_) => None, - } - } - - /// Returns the group identifier when the target represents a group configuration. - pub fn as_group(&self) -> Option<&GroupId> { - match self { - RateLimitTarget::Transaction(_) => None, - RateLimitTarget::Group(id) => Some(id), - } - } -} - /// Sharing mode configured for a group. #[derive( Serialize, @@ -188,55 +122,6 @@ pub struct RateLimitGroup { pub sharing: GroupSharing, } -impl TransactionIdentifier { - /// Builds a new identifier from pallet/extrinsic indices. - pub const fn new(pallet_index: u8, extrinsic_index: u8) -> Self { - Self { - pallet_index, - extrinsic_index, - } - } - - /// Returns the pallet and extrinsic names associated with this identifier. - pub fn names(&self) -> Result<(&'static str, &'static str), DispatchError> - where - T: crate::pallet::Config, - I: 'static, - >::RuntimeCall: GetCallMetadata, - { - let modules = >::RuntimeCall::get_module_names(); - let pallet_name = modules - .get(self.pallet_index as usize) - .copied() - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; - let call_names = >::RuntimeCall::get_call_names(pallet_name); - let extrinsic_name = call_names - .get(self.extrinsic_index as usize) - .copied() - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; - Ok((pallet_name, extrinsic_name)) - } - - /// Builds an identifier from a runtime call by extracting pallet/extrinsic indices. - pub fn from_call( - call: &>::RuntimeCall, - ) -> Result - where - T: crate::pallet::Config, - I: 'static, - { - call.using_encoded(|encoded| { - let pallet_index = *encoded - .get(0) - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; - let extrinsic_index = *encoded - .get(1) - .ok_or(crate::pallet::Error::::InvalidRuntimeCall)?; - Ok(TransactionIdentifier::new(pallet_index, extrinsic_index)) - }) - } -} - /// Policy describing the block span enforced by a rate limit. #[derive( Serialize, @@ -336,44 +221,3 @@ where matches!(self, RateLimit::Scoped(map) if map.is_empty()) } } - -#[cfg(test)] -mod tests { - use sp_runtime::DispatchError; - - use super::*; - use crate::{mock::*, pallet::Error}; - - #[test] - fn transaction_identifier_from_call_matches_expected_indices() { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - - let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); - - // System is the first pallet in the mock runtime, RateLimiting is second. - assert_eq!(identifier.pallet_index, 1); - // set_default_rate_limit has call_index 4. - assert_eq!(identifier.extrinsic_index, 4); - } - - #[test] - fn transaction_identifier_names_matches_call_metadata() { - let call = - RuntimeCall::RateLimiting(RateLimitingCall::set_default_rate_limit { block_span: 0 }); - let identifier = TransactionIdentifier::from_call::(&call).expect("identifier"); - - let (pallet, extrinsic) = identifier.names::().expect("call metadata"); - assert_eq!(pallet, "RateLimiting"); - assert_eq!(extrinsic, "set_default_rate_limit"); - } - - #[test] - fn transaction_identifier_names_error_for_unknown_indices() { - let identifier = TransactionIdentifier::new(99, 0); - - let err = identifier.names::().expect_err("should fail"); - let expected: DispatchError = Error::::InvalidRuntimeCall.into(); - assert_eq!(err, expected); - } -} diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 25943cf4e9..be6617f671 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -1150,7 +1150,7 @@ impl pallet_rate_limiting::Config for Runtime { type LimitScopeResolver = RuntimeScopeResolver; type UsageKey = RateLimitUsageKey; type UsageResolver = RuntimeUsageResolver; - type GroupId = u32; + type GroupId = subtensor_runtime_common::rate_limiting::GroupId; type MaxGroupMembers = RateLimitingMaxGroupMembers; type MaxGroupNameLength = RateLimitingMaxGroupNameLength; #[cfg(feature = "runtime-benchmarks")] diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index ccd3e6402f..f77f6ec2dc 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -16,7 +16,13 @@ use sp_std::{ vec, vec::Vec, }; -use subtensor_runtime_common::NetUid; +use subtensor_runtime_common::{ + NetUid, + rate_limiting::{ + GROUP_DELEGATE_TAKE, GROUP_OWNER_HPARAMS, GROUP_REGISTER_NETWORK, GROUP_SERVE, + GROUP_STAKING_OPS, GROUP_SWAP_KEYS, GROUP_WEIGHTS_SUBNET, GroupId, + }, +}; use super::{ AccountId, RateLimitUsageKey, Runtime, @@ -26,7 +32,6 @@ use super::{ }, }; -type GroupId = ::GroupId; type GroupNameOf = BoundedVec::MaxGroupNameLength>; type GroupMembersOf = BoundedBTreeSet::MaxGroupMembers>; @@ -39,14 +44,6 @@ const ADMIN_UTILS_PALLET_INDEX: u8 = 19; /// Marker stored in `pallet_subtensor::HasMigrationRun` once the migration finishes. pub const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; -const GROUP_SERVE: GroupId = 0; -const GROUP_DELEGATE_TAKE: GroupId = 1; -const GROUP_WEIGHTS_SUBNET: GroupId = 2; -pub const GROUP_REGISTER_NETWORK: GroupId = 3; -const GROUP_OWNER_HPARAMS: GroupId = 4; -const GROUP_STAKING_OPS: GroupId = 5; -const GROUP_SWAP_KEYS: GroupId = 6; - // `set_children` is rate-limited to once every 150 blocks, it's hard-coded in the legacy code. const SET_CHILDREN_RATE_LIMIT: u64 = 150; diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs index e9a76acf1c..38208a3e3c 100644 --- a/runtime/tests/rate_limiting_behavior.rs +++ b/runtime/tests/rate_limiting_behavior.rs @@ -17,10 +17,9 @@ use pallet_subtensor::{ }; use sp_core::{H160, ecdsa}; use sp_runtime::traits::SaturatedConversion; -use subtensor_runtime_common::{NetUid, NetUidStorageIndex}; +use subtensor_runtime_common::{NetUid, NetUidStorageIndex, rate_limiting::GroupId}; type AccountId = ::AccountId; -type GroupId = ::GroupId; type UsageKey = RateLimitUsageKey; const MIGRATION_NAME: &[u8] = b"migrate_rate_limiting"; @@ -79,8 +78,7 @@ fn parity_check( // Run migration to hydrate pallet-rate-limiting state. Migration::::on_runtime_upgrade(); - let identifier = - TransactionIdentifier::from_call::(&call).expect("identifier for call"); + let identifier = TransactionIdentifier::from_call(&call).expect("identifier for call"); let scope = scope_override.or_else(|| RuntimeScopeResolver::context(&origin, &call)); let usage: Option::UsageKey>> = usage_override.or_else(|| RuntimeUsageResolver::context(&origin, &call)); diff --git a/runtime/tests/rate_limiting_migration.rs b/runtime/tests/rate_limiting_migration.rs index e97beb8fc1..378f4c7a73 100644 --- a/runtime/tests/rate_limiting_migration.rs +++ b/runtime/tests/rate_limiting_migration.rs @@ -5,11 +5,11 @@ use frame_system::pallet_prelude::BlockNumberFor; use pallet_rate_limiting::{RateLimit, RateLimitKind, RateLimitTarget, TransactionIdentifier}; use pallet_subtensor::{HasMigrationRun, LastRateLimitedBlock, RateLimitKey}; use sp_runtime::traits::SaturatedConversion; -use subtensor_runtime_common::NetUid; +use subtensor_runtime_common::{NetUid, rate_limiting::GROUP_REGISTER_NETWORK}; use node_subtensor_runtime::{ BuildStorage, Runtime, RuntimeGenesisConfig, SubtensorModule, System, rate_limiting, - rate_limiting::migration::{GROUP_REGISTER_NETWORK, MIGRATION_NAME, Migration}, + rate_limiting::migration::{MIGRATION_NAME, Migration}, }; type AccountId = ::AccountId; From 1228b8a3ed573c13f225c149a018446a4a797239 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 15 Dec 2025 15:05:25 +0300 Subject: [PATCH 41/46] Add rate limiting interface for pallet-subtensor::Config --- Cargo.lock | 4 + chain-extensions/Cargo.toml | 3 + chain-extensions/src/mock.rs | 33 +++++++- common/src/rate_limiting.rs | 91 +++++++++++++++++++++++ pallets/admin-utils/Cargo.toml | 2 + pallets/admin-utils/src/tests/mock.rs | 31 +++++++- pallets/rate-limiting/src/lib.rs | 86 ++++++++++----------- pallets/subtensor/Cargo.toml | 2 + pallets/subtensor/src/macros/config.rs | 12 +++ pallets/subtensor/src/tests/mock.rs | 31 +++++++- pallets/transaction-fee/Cargo.toml | 2 + pallets/transaction-fee/src/tests/mock.rs | 33 +++++++- runtime/src/lib.rs | 4 +- runtime/src/rate_limiting/mod.rs | 90 +++++----------------- runtime/tests/rate_limiting_behavior.rs | 8 +- runtime/tests/rate_limiting_migration.rs | 9 ++- 16 files changed, 317 insertions(+), 124 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d0cefd7d14..351e156aad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8774,6 +8774,7 @@ dependencies = [ "pallet-subtensor", "pallet-subtensor-swap", "parity-scale-codec", + "rate-limiting-interface", "scale-info", "sp-consensus-aura", "sp-consensus-grandpa", @@ -10836,6 +10837,7 @@ dependencies = [ "polkadot-runtime-common", "rand 0.8.5", "rand_chacha 0.3.1", + "rate-limiting-interface", "safe-math", "scale-info", "serde", @@ -18091,6 +18093,7 @@ dependencies = [ "pallet-subtensor-utility", "pallet-timestamp", "parity-scale-codec", + "rate-limiting-interface", "scale-info", "sp-core", "sp-io", @@ -18234,6 +18237,7 @@ dependencies = [ "pallet-subtensor-swap", "pallet-transaction-payment", "parity-scale-codec", + "rate-limiting-interface", "scale-info", "smallvec", "sp-consensus-aura", diff --git a/chain-extensions/Cargo.toml b/chain-extensions/Cargo.toml index 9727439e7a..61ec5b12e6 100644 --- a/chain-extensions/Cargo.toml +++ b/chain-extensions/Cargo.toml @@ -36,6 +36,9 @@ subtensor-swap-interface.workspace = true num_enum.workspace = true substrate-fixed.workspace = true +[dev-dependencies] +rate-limiting-interface.workspace = true + [lints] workspace = true diff --git a/chain-extensions/src/mock.rs b/chain-extensions/src/mock.rs index 98ea096199..53195c6cd9 100644 --- a/chain-extensions/src/mock.rs +++ b/chain-extensions/src/mock.rs @@ -18,6 +18,7 @@ use pallet_contracts::HoldReason as ContractsHoldReason; use pallet_subtensor::*; use pallet_subtensor_proxy as pallet_proxy; use pallet_subtensor_utility as pallet_utility; +use rate_limiting_interface::{RateLimitingInfo, TryIntoRateLimitTarget}; use sp_core::{ConstU64, H256, U256, offchain::KeyTypeId}; use sp_runtime::Perbill; use sp_runtime::{ @@ -25,7 +26,9 @@ use sp_runtime::{ traits::{BlakeTwo256, Convert, IdentityLookup}, }; use sp_std::{cell::RefCell, cmp::Ordering, sync::OnceLock}; -use subtensor_runtime_common::{AlphaCurrency, NetUid, TaoCurrency}; +use subtensor_runtime_common::{ + AlphaCurrency, NetUid, TaoCurrency, rate_limiting::RateLimitUsageKey, +}; type Block = frame_system::mocking::MockBlock; @@ -411,6 +414,7 @@ impl pallet_subtensor::Config for Test { type GetCommitments = (); type MaxImmuneUidsPercentage = MaxImmuneUidsPercentage; type CommitmentsInterface = CommitmentsI; + type RateLimiting = NoRateLimiting; type EvmKeyAssociateRateLimit = EvmKeyAssociateRateLimit; } @@ -449,6 +453,33 @@ impl CommitmentsInterface for CommitmentsI { fn purge_netuid(_netuid: NetUid) {} } +pub struct NoRateLimiting; + +impl RateLimitingInfo for NoRateLimiting { + type GroupId = subtensor_runtime_common::rate_limiting::GroupId; + type CallMetadata = RuntimeCall; + type Limit = BlockNumber; + type Scope = subtensor_runtime_common::NetUid; + type UsageKey = RateLimitUsageKey; + + fn rate_limit(_target: TargetArg, _scope: Option) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } + + fn last_seen( + _target: TargetArg, + _usage_key: Option, + ) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } +} + parameter_types! { pub MaximumSchedulerWeight: Weight = Perbill::from_percent(80) * BlockWeights::get().max_block; diff --git a/common/src/rate_limiting.rs b/common/src/rate_limiting.rs index 7051e5aeaa..20c9e2d629 100644 --- a/common/src/rate_limiting.rs +++ b/common/src/rate_limiting.rs @@ -1,4 +1,26 @@ //! Shared rate-limiting types. +//! +//! Note: `pallet-rate-limiting` supports multiple independent instances, and is intended to be used +//! as “one instance per pallet” with pallet-specific scope/usage-key types and resolvers. +//! +//! The scope/usage-key types in this module are centralized today due to the current state of +//! `pallet-subtensor` (a large, centralized pallet) and its coupling with `pallet-admin-utils`, +//! which share a single `pallet-rate-limiting` instance and resolver implementation in the runtime. +//! +//! For new pallets, it is strongly recommended to: +//! - define their own `LimitScope` and `UsageKey` types (do not extend `RateLimitUsageKey` here), +//! - provide pallet-local scope/usage resolvers, +//! - and use a dedicated `pallet-rate-limiting` instance. +//! +//! Long-term, we should move away from these shared types by refactoring `pallet-subtensor` into +//! smaller pallets with dedicated `pallet-rate-limiting` instances. + +use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::pallet_prelude::Parameter; +use scale_info::TypeInfo; +use serde::{Deserialize, Serialize}; + +use crate::{MechId, NetUid}; /// Identifier type for rate-limiting groups. pub type GroupId = u32; @@ -17,3 +39,72 @@ pub const GROUP_OWNER_HPARAMS: GroupId = 4; pub const GROUP_STAKING_OPS: GroupId = 5; /// Group id for key swap calls. pub const GROUP_SWAP_KEYS: GroupId = 6; + +/// Usage-key type currently shared by the centralized `pallet-subtensor` rate-limiting instance. +/// +/// Do not add new variants for new pallets. Prefer defining pallet-specific types and using a +/// dedicated `pallet-rate-limiting` instance per pallet. +#[derive( + Serialize, + Deserialize, + Encode, + Decode, + DecodeWithMemTracking, + Clone, + PartialEq, + Eq, + PartialOrd, + Ord, + Debug, + TypeInfo, + MaxEncodedLen, +)] +#[scale_info(skip_type_params(AccountId))] +pub enum RateLimitUsageKey { + Account(AccountId), + Subnet(NetUid), + AccountSubnet { + account: AccountId, + netuid: NetUid, + }, + ColdkeyHotkeySubnet { + coldkey: AccountId, + hotkey: AccountId, + netuid: NetUid, + }, + SubnetNeuron { + netuid: NetUid, + uid: u16, + }, + SubnetMechanismNeuron { + netuid: NetUid, + mecid: MechId, + uid: u16, + }, + AccountSubnetServing { + account: AccountId, + netuid: NetUid, + endpoint: ServingEndpoint, + }, +} + +#[derive( + Serialize, + Deserialize, + Encode, + Decode, + DecodeWithMemTracking, + Clone, + Copy, + PartialEq, + Eq, + PartialOrd, + Ord, + Debug, + TypeInfo, + MaxEncodedLen, +)] +pub enum ServingEndpoint { + Axon, + Prometheus, +} diff --git a/pallets/admin-utils/Cargo.toml b/pallets/admin-utils/Cargo.toml index 61cdba4cbf..aa6d7e593c 100644 --- a/pallets/admin-utils/Cargo.toml +++ b/pallets/admin-utils/Cargo.toml @@ -38,6 +38,7 @@ sp-core.workspace = true sp-io.workspace = true sp-tracing.workspace = true sp-consensus-aura.workspace = true +rate-limiting-interface.workspace = true pallet-balances = { workspace = true, features = ["std"] } pallet-scheduler.workspace = true pallet-grandpa.workspace = true @@ -75,6 +76,7 @@ std = [ "substrate-fixed/std", "subtensor-swap-interface/std", "subtensor-runtime-common/std", + "rate-limiting-interface/std", ] runtime-benchmarks = [ "frame-benchmarking/runtime-benchmarks", diff --git a/pallets/admin-utils/src/tests/mock.rs b/pallets/admin-utils/src/tests/mock.rs index 0140808baa..0633109caa 100644 --- a/pallets/admin-utils/src/tests/mock.rs +++ b/pallets/admin-utils/src/tests/mock.rs @@ -8,6 +8,7 @@ use frame_support::{ }; use frame_system::{self as system, offchain::CreateTransactionBase}; use frame_system::{EnsureRoot, limits}; +use rate_limiting_interface::{RateLimitingInfo, TryIntoRateLimitTarget}; use sp_consensus_aura::sr25519::AuthorityId as AuraId; use sp_consensus_grandpa::AuthorityList as GrandpaAuthorityList; use sp_core::U256; @@ -19,7 +20,7 @@ use sp_runtime::{ }; use sp_std::cmp::Ordering; use sp_weights::Weight; -use subtensor_runtime_common::{NetUid, TaoCurrency}; +use subtensor_runtime_common::{NetUid, TaoCurrency, rate_limiting::RateLimitUsageKey}; type Block = frame_system::mocking::MockBlock; // Configure a mock runtime to test the pallet. @@ -224,6 +225,7 @@ impl pallet_subtensor::Config for Test { type GetCommitments = (); type MaxImmuneUidsPercentage = MaxImmuneUidsPercentage; type CommitmentsInterface = CommitmentsI; + type RateLimiting = NoRateLimiting; type EvmKeyAssociateRateLimit = EvmKeyAssociateRateLimit; } @@ -356,6 +358,33 @@ impl pallet_subtensor::CommitmentsInterface for CommitmentsI { fn purge_netuid(_netuid: NetUid) {} } +pub struct NoRateLimiting; + +impl RateLimitingInfo for NoRateLimiting { + type GroupId = subtensor_runtime_common::rate_limiting::GroupId; + type CallMetadata = RuntimeCall; + type Limit = u64; + type Scope = subtensor_runtime_common::NetUid; + type UsageKey = RateLimitUsageKey; + + fn rate_limit(_target: TargetArg, _scope: Option) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } + + fn last_seen( + _target: TargetArg, + _usage_key: Option, + ) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } +} + pub struct GrandpaInterfaceImpl; impl crate::GrandpaInterface for GrandpaInterfaceImpl { fn schedule_change( diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index 339ae3d359..a4af7fc3fd 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -150,49 +150,6 @@ pub use types::{ RateLimitUsageResolver, }; -impl, I: 'static> RateLimitingInfo for pallet::Pallet { - type GroupId = >::GroupId; - type CallMetadata = >::RuntimeCall; - type Limit = frame_system::pallet_prelude::BlockNumberFor; - type Scope = >::LimitScope; - type UsageKey = >::UsageKey; - - fn rate_limit(target: TargetArg, scope: Option) -> Option - where - TargetArg: TryIntoRateLimitTarget, - { - let raw_target = target - .try_into_rate_limit_target::() - .ok()?; - let config_target = match raw_target { - // A transaction identifier may be assigned to a group; resolve the effective storage - // target. - RateLimitTarget::Transaction(identifier) => Self::config_target(&identifier).ok()?, - _ => raw_target, - }; - Self::resolved_limit(&config_target, &scope) - } - - fn last_seen( - target: TargetArg, - usage_key: Option, - ) -> Option - where - TargetArg: TryIntoRateLimitTarget, - { - let raw_target = target - .try_into_rate_limit_target::() - .ok()?; - let usage_target = match raw_target { - // A transaction identifier may be assigned to a group; resolve the effective storage - // target. - RateLimitTarget::Transaction(identifier) => Self::usage_target(&identifier).ok()?, - _ => raw_target, - }; - pallet::LastSeen::::get(usage_target, usage_key) - } -} - #[cfg(feature = "runtime-benchmarks")] mod benchmarking; mod tx_extension; @@ -1332,3 +1289,46 @@ pub mod pallet { } } } + +impl, I: 'static> RateLimitingInfo for pallet::Pallet { + type GroupId = >::GroupId; + type CallMetadata = >::RuntimeCall; + type Limit = frame_system::pallet_prelude::BlockNumberFor; + type Scope = >::LimitScope; + type UsageKey = >::UsageKey; + + fn rate_limit(target: TargetArg, scope: Option) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + let raw_target = target + .try_into_rate_limit_target::() + .ok()?; + let config_target = match raw_target { + // A transaction identifier may be assigned to a group; resolve the effective storage + // target. + RateLimitTarget::Transaction(identifier) => Self::config_target(&identifier).ok()?, + _ => raw_target, + }; + Self::resolved_limit(&config_target, &scope) + } + + fn last_seen( + target: TargetArg, + usage_key: Option, + ) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + let raw_target = target + .try_into_rate_limit_target::() + .ok()?; + let usage_target = match raw_target { + // A transaction identifier may be assigned to a group; resolve the effective storage + // target. + RateLimitTarget::Transaction(identifier) => Self::usage_target(&identifier).ok()?, + _ => raw_target, + }; + pallet::LastSeen::::get(usage_target, usage_key) + } +} diff --git a/pallets/subtensor/Cargo.toml b/pallets/subtensor/Cargo.toml index a7885e32a8..cd9410de8b 100644 --- a/pallets/subtensor/Cargo.toml +++ b/pallets/subtensor/Cargo.toml @@ -56,6 +56,7 @@ rand_chacha.workspace = true pallet-crowdloan.workspace = true pallet-subtensor-proxy.workspace = true pallet-rate-limiting.workspace = true +rate-limiting-interface.workspace = true [dev-dependencies] pallet-balances = { workspace = true, features = ["std"] } @@ -116,6 +117,7 @@ std = [ "pallet-drand/std", "pallet-subtensor-proxy/std", "pallet-rate-limiting/std", + "rate-limiting-interface/std", "pallet-subtensor-swap/std", "subtensor-swap-interface/std", "pallet-subtensor-utility/std", diff --git a/pallets/subtensor/src/macros/config.rs b/pallets/subtensor/src/macros/config.rs index a735bde1e1..f8742087ff 100644 --- a/pallets/subtensor/src/macros/config.rs +++ b/pallets/subtensor/src/macros/config.rs @@ -8,6 +8,7 @@ mod config { use crate::{CommitmentsInterface, GetAlphaForTao, GetTaoForAlpha}; use pallet_commitments::GetCommitments; + use rate_limiting_interface::RateLimitingInfo; use subtensor_swap_interface::{SwapEngine, SwapHandler}; /// Configure the pallet by specifying the parameters and types on which it depends. @@ -56,6 +57,17 @@ mod config { /// Interface to clean commitments on network dissolution. type CommitmentsInterface: CommitmentsInterface; + /// Read-only interface for querying rate limiting configuration and usage. + type RateLimiting: RateLimitingInfo< + GroupId = subtensor_runtime_common::rate_limiting::GroupId, + CallMetadata = ::RuntimeCall, + Limit = BlockNumberFor, + Scope = subtensor_runtime_common::NetUid, + UsageKey = subtensor_runtime_common::rate_limiting::RateLimitUsageKey< + Self::AccountId, + >, + >; + /// Rate limit for associating an EVM key. type EvmKeyAssociateRateLimit: Get; diff --git a/pallets/subtensor/src/tests/mock.rs b/pallets/subtensor/src/tests/mock.rs index 090fcf8f75..161e0e372b 100644 --- a/pallets/subtensor/src/tests/mock.rs +++ b/pallets/subtensor/src/tests/mock.rs @@ -20,6 +20,7 @@ use frame_system as system; use frame_system::{EnsureRoot, RawOrigin, limits, offchain::CreateTransactionBase}; use pallet_subtensor_proxy as pallet_proxy; use pallet_subtensor_utility as pallet_utility; +use rate_limiting_interface::{RateLimitingInfo, TryIntoRateLimitTarget}; use sp_core::{ConstU64, Get, H256, U256, offchain::KeyTypeId}; use sp_runtime::Perbill; use sp_runtime::{ @@ -28,7 +29,7 @@ use sp_runtime::{ }; use sp_std::{cell::RefCell, cmp::Ordering, sync::OnceLock}; use sp_tracing::tracing_subscriber; -use subtensor_runtime_common::{NetUid, TaoCurrency}; +use subtensor_runtime_common::{NetUid, TaoCurrency, rate_limiting::RateLimitUsageKey}; use subtensor_swap_interface::{Order, SwapHandler}; use tracing_subscriber::{EnvFilter, layer::SubscriberExt, util::SubscriberInitExt}; type Block = frame_system::mocking::MockBlock; @@ -298,6 +299,7 @@ impl crate::Config for Test { type GetCommitments = (); type MaxImmuneUidsPercentage = MaxImmuneUidsPercentage; type CommitmentsInterface = CommitmentsI; + type RateLimiting = NoRateLimiting; type EvmKeyAssociateRateLimit = EvmKeyAssociateRateLimit; } @@ -336,6 +338,33 @@ impl CommitmentsInterface for CommitmentsI { fn purge_netuid(_netuid: NetUid) {} } +pub struct NoRateLimiting; + +impl RateLimitingInfo for NoRateLimiting { + type GroupId = subtensor_runtime_common::rate_limiting::GroupId; + type CallMetadata = RuntimeCall; + type Limit = BlockNumber; + type Scope = subtensor_runtime_common::NetUid; + type UsageKey = RateLimitUsageKey; + + fn rate_limit(_target: TargetArg, _scope: Option) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } + + fn last_seen( + _target: TargetArg, + _usage_key: Option, + ) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } +} + parameter_types! { pub MaximumSchedulerWeight: Weight = Perbill::from_percent(80) * BlockWeights::get().max_block; diff --git a/pallets/transaction-fee/Cargo.toml b/pallets/transaction-fee/Cargo.toml index b5f08ac7c3..86bea7c843 100644 --- a/pallets/transaction-fee/Cargo.toml +++ b/pallets/transaction-fee/Cargo.toml @@ -27,6 +27,7 @@ pallet-scheduler = { workspace = true, default-features = false, optional = true [dev-dependencies] frame-executive.workspace = true pallet-evm-chain-id.workspace = true +rate-limiting-interface.workspace = true scale-info.workspace = true sp-consensus-aura.workspace = true sp-consensus-grandpa.workspace = true @@ -56,6 +57,7 @@ std = [ "pallet-subtensor/std", "pallet-subtensor-swap/std", "pallet-transaction-payment/std", + "rate-limiting-interface/std", "scale-info/std", "sp-runtime/std", "sp-std/std", diff --git a/pallets/transaction-fee/src/tests/mock.rs b/pallets/transaction-fee/src/tests/mock.rs index ee5b1693ba..2b25273104 100644 --- a/pallets/transaction-fee/src/tests/mock.rs +++ b/pallets/transaction-fee/src/tests/mock.rs @@ -12,6 +12,7 @@ use frame_system::{ self as system, EnsureRoot, RawOrigin, limits, offchain::CreateTransactionBase, }; pub use pallet_subtensor::*; +use rate_limiting_interface::{RateLimitingInfo, TryIntoRateLimitTarget}; pub use sp_core::U256; use sp_core::{ConstU64, H256}; use sp_runtime::{ @@ -21,7 +22,9 @@ use sp_runtime::{ }; use sp_std::cmp::Ordering; use sp_weights::Weight; -pub use subtensor_runtime_common::{AlphaCurrency, Currency, NetUid, TaoCurrency}; +pub use subtensor_runtime_common::{ + AlphaCurrency, Currency, NetUid, TaoCurrency, rate_limiting::RateLimitUsageKey, +}; use subtensor_swap_interface::{Order, SwapHandler}; use crate::SubtensorTxFeeHandler; @@ -289,6 +292,7 @@ impl pallet_subtensor::Config for Test { type GetCommitments = (); type MaxImmuneUidsPercentage = MaxImmuneUidsPercentage; type CommitmentsInterface = CommitmentsI; + type RateLimiting = NoRateLimiting; type EvmKeyAssociateRateLimit = EvmKeyAssociateRateLimit; } @@ -421,6 +425,33 @@ impl pallet_subtensor::CommitmentsInterface for CommitmentsI { fn purge_netuid(_netuid: NetUid) {} } +pub struct NoRateLimiting; + +impl RateLimitingInfo for NoRateLimiting { + type GroupId = subtensor_runtime_common::rate_limiting::GroupId; + type CallMetadata = RuntimeCall; + type Limit = u64; + type Scope = subtensor_runtime_common::NetUid; + type UsageKey = RateLimitUsageKey; + + fn rate_limit(_target: TargetArg, _scope: Option) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } + + fn last_seen( + _target: TargetArg, + _usage_key: Option, + ) -> Option + where + TargetArg: TryIntoRateLimitTarget, + { + None + } +} + parameter_types! { pub MaximumSchedulerWeight: Weight = Perbill::from_percent(80) * BlockWeights::get().max_block; diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 4a122ef951..8cde7d8999 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -102,11 +102,12 @@ use pallet_commitments::GetCommitments; pub use pallet_timestamp::Call as TimestampCall; use pallet_transaction_payment::{ConstFeeMultiplier, Multiplier}; pub use rate_limiting::{ - RateLimitUsageKey, ScopeResolver as RuntimeScopeResolver, UsageResolver as RuntimeUsageResolver, + ScopeResolver as RuntimeScopeResolver, UsageResolver as RuntimeUsageResolver, }; #[cfg(any(feature = "std", test))] pub use sp_runtime::BuildStorage; pub use sp_runtime::{Perbill, Permill}; +pub use subtensor_runtime_common::rate_limiting::RateLimitUsageKey; // Drand impl pallet_drand::Config for Runtime { @@ -1135,6 +1136,7 @@ impl pallet_subtensor::Config for Runtime { type GetCommitments = GetCommitmentsStruct; type MaxImmuneUidsPercentage = MaxImmuneUidsPercentage; type CommitmentsInterface = CommitmentsI; + type RateLimiting = RateLimiting; type EvmKeyAssociateRateLimit = EvmKeyAssociateRateLimit; } diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index 5c0b7a8ec1..d0b91c34a7 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -1,85 +1,35 @@ -use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; -use frame_support::pallet_prelude::Parameter; +//! Runtime-level rate limiting wiring and resolvers. +//! +//! `pallet-rate-limiting` supports multiple independent instances, and is intended to be deployed +//! as “one instance per pallet” with pallet-specific scope/usage-key types and resolvers. +//! +//! This runtime module is centralized today because `pallet-subtensor` is currently centralized and +//! coupled with `pallet-admin-utils`; both share a single `pallet-rate-limiting` instance and a +//! single resolver implementation. +//! +//! For new pallets, do not reuse or extend the centralized scope/usage-key types or resolvers. +//! Prefer defining pallet-local types/resolvers and using a dedicated `pallet-rate-limiting` +//! instance. +//! +//! Long-term, we should refactor `pallet-subtensor` into smaller pallets and move to dedicated +//! `pallet-rate-limiting` instances per pallet. + use frame_system::RawOrigin; use pallet_admin_utils::Call as AdminUtilsCall; use pallet_rate_limiting::BypassDecision; use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; use pallet_subtensor::{Call as SubtensorCall, Tempo}; -use scale_info::TypeInfo; -use serde::{Deserialize, Serialize}; use sp_std::{vec, vec::Vec}; -use subtensor_runtime_common::{BlockNumber, MechId, NetUid}; +use subtensor_runtime_common::{ + BlockNumber, NetUid, + rate_limiting::{RateLimitUsageKey, ServingEndpoint}, +}; use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; mod legacy; pub mod migration; -#[derive( - Serialize, - Deserialize, - Encode, - Decode, - DecodeWithMemTracking, - Clone, - PartialEq, - Eq, - PartialOrd, - Ord, - Debug, - TypeInfo, - MaxEncodedLen, -)] -#[scale_info(skip_type_params(AccountId))] -pub enum RateLimitUsageKey { - Account(AccountId), - Subnet(NetUid), - AccountSubnet { - account: AccountId, - netuid: NetUid, - }, - ColdkeyHotkeySubnet { - coldkey: AccountId, - hotkey: AccountId, - netuid: NetUid, - }, - SubnetNeuron { - netuid: NetUid, - uid: u16, - }, - SubnetMechanismNeuron { - netuid: NetUid, - mecid: MechId, - uid: u16, - }, - AccountSubnetServing { - account: AccountId, - netuid: NetUid, - endpoint: ServingEndpoint, - }, -} - -#[derive( - Serialize, - Deserialize, - Encode, - Decode, - DecodeWithMemTracking, - Clone, - Copy, - PartialEq, - Eq, - PartialOrd, - Ord, - Debug, - TypeInfo, - MaxEncodedLen, -)] -pub enum ServingEndpoint { - Axon, - Prometheus, -} - #[derive(Default)] pub struct ScopeResolver; diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs index 38208a3e3c..3066125ef6 100644 --- a/runtime/tests/rate_limiting_behavior.rs +++ b/runtime/tests/rate_limiting_behavior.rs @@ -4,8 +4,7 @@ use frame_support::traits::OnRuntimeUpgrade; use frame_system::pallet_prelude::BlockNumberFor; use node_subtensor_runtime::{ BuildStorage, Runtime, RuntimeCall, RuntimeGenesisConfig, RuntimeOrigin, RuntimeScopeResolver, - RuntimeUsageResolver, SubtensorModule, System, rate_limiting::RateLimitUsageKey, - rate_limiting::migration::Migration, + RuntimeUsageResolver, SubtensorModule, System, rate_limiting::migration::Migration, }; use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; use pallet_rate_limiting::{RateLimitTarget, TransactionIdentifier}; @@ -17,7 +16,10 @@ use pallet_subtensor::{ }; use sp_core::{H160, ecdsa}; use sp_runtime::traits::SaturatedConversion; -use subtensor_runtime_common::{NetUid, NetUidStorageIndex, rate_limiting::GroupId}; +use subtensor_runtime_common::{ + NetUid, NetUidStorageIndex, + rate_limiting::{GroupId, RateLimitUsageKey}, +}; type AccountId = ::AccountId; type UsageKey = RateLimitUsageKey; diff --git a/runtime/tests/rate_limiting_migration.rs b/runtime/tests/rate_limiting_migration.rs index 378f4c7a73..9e08f489b9 100644 --- a/runtime/tests/rate_limiting_migration.rs +++ b/runtime/tests/rate_limiting_migration.rs @@ -5,15 +5,18 @@ use frame_system::pallet_prelude::BlockNumberFor; use pallet_rate_limiting::{RateLimit, RateLimitKind, RateLimitTarget, TransactionIdentifier}; use pallet_subtensor::{HasMigrationRun, LastRateLimitedBlock, RateLimitKey}; use sp_runtime::traits::SaturatedConversion; -use subtensor_runtime_common::{NetUid, rate_limiting::GROUP_REGISTER_NETWORK}; +use subtensor_runtime_common::{ + NetUid, + rate_limiting::{GROUP_REGISTER_NETWORK, RateLimitUsageKey}, +}; use node_subtensor_runtime::{ - BuildStorage, Runtime, RuntimeGenesisConfig, SubtensorModule, System, rate_limiting, + BuildStorage, Runtime, RuntimeGenesisConfig, SubtensorModule, System, rate_limiting::migration::{MIGRATION_NAME, Migration}, }; type AccountId = ::AccountId; -type UsageKey = rate_limiting::RateLimitUsageKey; +type UsageKey = RateLimitUsageKey; fn new_test_ext() -> sp_io::TestExternalities { sp_tracing::try_init_simple(); From 0c1c6cb4c1725dd4975507e473d226865d614ff4 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Mon, 15 Dec 2025 17:26:52 +0300 Subject: [PATCH 42/46] Add limit setting rule to pallet-rate-limiting --- pallets/rate-limiting/src/lib.rs | 71 +++++++++++++++++++++++++++--- pallets/rate-limiting/src/mock.rs | 54 ++++++++++++++++++++++- pallets/rate-limiting/src/tests.rs | 44 +++++++++++++++++- pallets/rate-limiting/src/types.rs | 13 ++++++ 4 files changed, 173 insertions(+), 9 deletions(-) diff --git a/pallets/rate-limiting/src/lib.rs b/pallets/rate-limiting/src/lib.rs index a4af7fc3fd..217611c002 100644 --- a/pallets/rate-limiting/src/lib.rs +++ b/pallets/rate-limiting/src/lib.rs @@ -146,8 +146,8 @@ pub use rate_limiting_interface::{RateLimitTarget, TransactionIdentifier}; pub use rate_limiting_interface::{RateLimitingInfo, TryIntoRateLimitTarget}; pub use tx_extension::RateLimitTransactionExtension; pub use types::{ - BypassDecision, GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, RateLimitScopeResolver, - RateLimitUsageResolver, + BypassDecision, EnsureLimitSettingRule, GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, + RateLimitScopeResolver, RateLimitUsageResolver, }; #[cfg(feature = "runtime-benchmarks")] @@ -178,8 +178,9 @@ pub mod pallet { #[cfg(feature = "runtime-benchmarks")] use crate::benchmarking::BenchmarkHelper as BenchmarkHelperTrait; use crate::types::{ - BypassDecision, GroupSharing, RateLimit, RateLimitGroup, RateLimitKind, - RateLimitScopeResolver, RateLimitTarget, RateLimitUsageResolver, TransactionIdentifier, + BypassDecision, EnsureLimitSettingRule, GroupSharing, RateLimit, RateLimitGroup, + RateLimitKind, RateLimitScopeResolver, RateLimitTarget, RateLimitUsageResolver, + TransactionIdentifier, }; type GroupNameOf = BoundedVec>::MaxGroupNameLength>; @@ -205,6 +206,16 @@ pub mod pallet { /// Origin permitted to configure rate limits. type AdminOrigin: EnsureOrigin>; + /// Rule type that decides which origins may call [`Pallet::set_rate_limit`]. + type LimitSettingRule: Parameter + Member + MaxEncodedLen + MaybeSerializeDeserialize; + + /// Default rule applied when a target does not have an explicit entry in + /// [`LimitSettingRules`]. + type DefaultLimitSettingRule: Get; + + /// Origin checker invoked when setting a rate limit, parameterized by the stored rule. + type LimitSettingOrigin: EnsureLimitSettingRule, Self::LimitSettingRule, Self::LimitScope>; + /// Scope identifier used to namespace stored rate limits. type LimitScope: Parameter + Clone + PartialEq + Eq + Ord + MaybeSerializeDeserialize; @@ -259,6 +270,23 @@ pub mod pallet { OptionQuery, >; + #[pallet::type_value] + pub fn DefaultLimitSettingRuleFor, I: 'static>() -> T::LimitSettingRule { + T::DefaultLimitSettingRule::get() + } + + /// Stores the rule used to authorize [`Pallet::set_rate_limit`] per call/group target. + #[pallet::storage] + #[pallet::getter(fn limit_setting_rule)] + pub type LimitSettingRules, I: 'static = ()> = StorageMap< + _, + Blake2_128Concat, + RateLimitTarget<>::GroupId>, + >::LimitSettingRule, + ValueQuery, + DefaultLimitSettingRuleFor, + >; + /// Tracks when a rate-limited target was last observed per usage key. #[pallet::storage] pub type LastSeen, I: 'static = ()> = StorageDoubleMap< @@ -360,6 +388,13 @@ pub mod pallet { /// Extrinsic name associated with the transaction, when available. extrinsic: Option>, }, + /// The rule that authorizes [`Pallet::set_rate_limit`] was updated for a target. + LimitSettingRuleUpdated { + /// Target whose limit-setting rule changed. + target: RateLimitTarget<>::GroupId>, + /// Updated rule. + rule: >::LimitSettingRule, + }, /// A rate-limited call was deregistered or had a scoped entry cleared. CallDeregistered { /// Target whose configuration changed. @@ -978,7 +1013,8 @@ pub mod pallet { scope: Option<>::LimitScope>, limit: RateLimitKind>, ) -> DispatchResult { - T::AdminOrigin::ensure_origin(origin)?; + let rule = LimitSettingRules::::get(&target); + T::LimitSettingOrigin::ensure_origin(origin, &rule, &scope)?; let (transaction, pallet, extrinsic) = match target { RateLimitTarget::Transaction(identifier) => { @@ -1019,6 +1055,31 @@ pub mod pallet { Ok(()) } + /// Sets the rule used to authorize [`Pallet::set_rate_limit`] for the provided target. + #[pallet::call_index(10)] + #[pallet::weight(T::DbWeight::get().reads_writes(2, 1))] + pub fn set_limit_setting_rule( + origin: OriginFor, + target: RateLimitTarget<>::GroupId>, + rule: >::LimitSettingRule, + ) -> DispatchResult { + T::AdminOrigin::ensure_origin(origin)?; + + match target { + RateLimitTarget::Transaction(identifier) => { + Self::ensure_call_registered(&identifier)?; + } + RateLimitTarget::Group(group) => { + Self::ensure_group_details(group)?; + } + } + + LimitSettingRules::::insert(target, rule.clone()); + Self::deposit_event(Event::LimitSettingRuleUpdated { target, rule }); + + Ok(()) + } + /// Assigns a registered call to the specified group and optionally marks it as read-only /// for usage tracking. #[pallet::call_index(2)] diff --git a/pallets/rate-limiting/src/mock.rs b/pallets/rate-limiting/src/mock.rs index d3d486f6a1..16e470be3e 100644 --- a/pallets/rate-limiting/src/mock.rs +++ b/pallets/rate-limiting/src/mock.rs @@ -4,13 +4,15 @@ use core::convert::TryInto; use frame_support::{ derive_impl, + dispatch::DispatchResult, sp_runtime::{ BuildStorage, traits::{BlakeTwo256, IdentityLookup}, }, - traits::{ConstU16, ConstU32, ConstU64, Everything}, + traits::{ConstU16, ConstU32, ConstU64, EnsureOrigin, Everything}, }; -use frame_system::EnsureRoot; +use frame_system::{EnsureRoot, ensure_signed}; +use serde::{Deserialize, Serialize}; use sp_core::H256; use sp_io::TestExternalities; use sp_std::vec::Vec; @@ -59,6 +61,51 @@ pub type LimitScope = u16; pub type UsageKey = u16; pub type GroupId = u32; +#[derive( + codec::Encode, + codec::Decode, + codec::DecodeWithMemTracking, + Serialize, + Deserialize, + Clone, + Copy, + PartialEq, + Eq, + scale_info::TypeInfo, + codec::MaxEncodedLen, + Debug, +)] +pub enum LimitSettingRule { + RootOnly, + AnySigned, +} + +frame_support::parameter_types! { + pub const DefaultLimitSettingRule: LimitSettingRule = LimitSettingRule::RootOnly; +} + +pub struct LimitSettingOrigin; + +impl pallet_rate_limiting::EnsureLimitSettingRule + for LimitSettingOrigin +{ + fn ensure_origin( + origin: RuntimeOrigin, + rule: &LimitSettingRule, + _scope: &Option, + ) -> DispatchResult { + match rule { + LimitSettingRule::RootOnly => EnsureRoot::::ensure_origin(origin) + .map(|_| ()) + .map_err(Into::into), + LimitSettingRule::AnySigned => { + let _ = ensure_signed(origin)?; + Ok(()) + } + } + } +} + pub struct TestScopeResolver; pub struct TestUsageResolver; @@ -123,6 +170,9 @@ impl pallet_rate_limiting::Config for Test { type UsageKey = UsageKey; type UsageResolver = TestUsageResolver; type AdminOrigin = EnsureRoot; + type LimitSettingRule = LimitSettingRule; + type DefaultLimitSettingRule = DefaultLimitSettingRule; + type LimitSettingOrigin = LimitSettingOrigin; type GroupId = GroupId; type MaxGroupMembers = ConstU32<32>; type MaxGroupNameLength = ConstU32<64>; diff --git a/pallets/rate-limiting/src/tests.rs b/pallets/rate-limiting/src/tests.rs index ecad8a5da8..5fc79a9362 100644 --- a/pallets/rate-limiting/src/tests.rs +++ b/pallets/rate-limiting/src/tests.rs @@ -2,8 +2,9 @@ use frame_support::{assert_noop, assert_ok}; use sp_std::vec::Vec; use crate::{ - CallGroups, CallReadOnly, Config, GroupMembers, GroupSharing, LastSeen, Limits, RateLimit, - RateLimitKind, RateLimitTarget, TransactionIdentifier, mock::*, pallet::Error, + CallGroups, CallReadOnly, Config, GroupMembers, GroupSharing, LastSeen, LimitSettingRules, + Limits, RateLimit, RateLimitKind, RateLimitTarget, TransactionIdentifier, mock::*, + pallet::Error, }; use frame_support::traits::Get; @@ -46,6 +47,45 @@ fn last_event() -> RuntimeEvent { pop_last_event() } +#[test] +fn set_rate_limit_respects_limit_setting_rule() { + new_test_ext().execute_with(|| { + let identifier = register(remark_call(), None); + let tx_target = target(identifier); + + // Default rule is root-only. + assert_noop!( + RateLimiting::set_rate_limit( + RuntimeOrigin::signed(1), + tx_target, + None, + RateLimitKind::Exact(1), + ), + sp_runtime::DispatchError::BadOrigin + ); + + // Root updates the limit-setting rule for this transaction target. + assert_ok!(RateLimiting::set_limit_setting_rule( + RuntimeOrigin::root(), + tx_target, + LimitSettingRule::AnySigned, + )); + + assert_eq!( + LimitSettingRules::::get(tx_target), + LimitSettingRule::AnySigned + ); + + // Now any signed origin may set the limit for this target. + assert_ok!(RateLimiting::set_rate_limit( + RuntimeOrigin::signed(1), + tx_target, + None, + RateLimitKind::Exact(7), + )); + }); +} + #[test] fn register_call_seeds_global_limit() { new_test_ext().execute_with(|| { diff --git a/pallets/rate-limiting/src/types.rs b/pallets/rate-limiting/src/types.rs index 166c471d7e..f6f54b472f 100644 --- a/pallets/rate-limiting/src/types.rs +++ b/pallets/rate-limiting/src/types.rs @@ -1,4 +1,5 @@ use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::dispatch::DispatchResult; pub use rate_limiting_interface::{RateLimitTarget, TransactionIdentifier}; use scale_info::TypeInfo; use serde::{Deserialize, Serialize}; @@ -60,6 +61,18 @@ pub trait RateLimitUsageResolver { fn context(origin: &Origin, call: &Call) -> Option>; } +/// Origin check performed when configuring a rate limit. +/// +/// `pallet-rate-limiting` supports configuring a distinct "who may set limits" rule per call/group +/// target. This trait is invoked by [`pallet::Pallet::set_rate_limit`] after loading the rule from +/// storage, allowing runtimes to implement arbitrary permissioning logic. +/// +/// Note: the hook receives the provided `scope` (if any). Some policies (for example "subnet owner") +/// require a scope value (such as `netuid`) in order to validate the caller. +pub trait EnsureLimitSettingRule { + fn ensure_origin(origin: Origin, rule: &Rule, scope: &Option) -> DispatchResult; +} + /// Sharing mode configured for a group. #[derive( Serialize, From ee5bde91af15bf3c94077ac1df7718cdcc3dc480 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 16 Dec 2025 16:08:53 +0300 Subject: [PATCH 43/46] Deprecate serving rate limit --- pallets/admin-utils/src/benchmarking.rs | 12 +++- pallets/admin-utils/src/lib.rs | 31 ++++----- pallets/admin-utils/src/tests/mod.rs | 20 +++--- pallets/subtensor/src/lib.rs | 6 +- pallets/subtensor/src/macros/dispatches.rs | 8 --- pallets/subtensor/src/macros/errors.rs | 1 + pallets/subtensor/src/subnets/serving.rs | 38 ----------- .../subtensor/src/transaction_extension.rs | 3 - pallets/subtensor/src/utils/misc.rs | 12 +++- runtime/src/lib.rs | 3 + runtime/src/rate_limiting/migration.rs | 17 ++++- runtime/src/rate_limiting/mod.rs | 67 ++++++++++++++++++- runtime/tests/rate_limiting_behavior.rs | 26 +++---- 13 files changed, 140 insertions(+), 104 deletions(-) diff --git a/pallets/admin-utils/src/benchmarking.rs b/pallets/admin-utils/src/benchmarking.rs index 7b8124144d..e83d0e222a 100644 --- a/pallets/admin-utils/src/benchmarking.rs +++ b/pallets/admin-utils/src/benchmarking.rs @@ -64,11 +64,19 @@ mod benchmarks { } #[benchmark] + #[allow(deprecated)] fn sudo_set_serving_rate_limit() { // disable admin freeze window pallet_subtensor::Pallet::::set_admin_freeze_window(0); - #[extrinsic_call] - _(RawOrigin::Root, 1u16.into()/*netuid*/, 100u64/*serving_rate_limit*/)/*sudo_set_serving_rate_limit*/; + #[block] + { + #[allow(deprecated)] + let _ = AdminUtils::::sudo_set_serving_rate_limit( + RawOrigin::Root.into(), + 1u16.into(), /*netuid*/ + 100u64, /*serving_rate_limit*/ + ); + } } #[benchmark] diff --git a/pallets/admin-utils/src/lib.rs b/pallets/admin-utils/src/lib.rs index eebefcf3e9..9220c960d0 100644 --- a/pallets/admin-utils/src/lib.rs +++ b/pallets/admin-utils/src/lib.rs @@ -117,6 +117,8 @@ pub mod pallet { MaxAllowedUidsGreaterThanDefaultMaxAllowedUids, /// Bad parameter value InvalidValue, + /// The called extrinsic has been deprecated. + Deprecated, } /// Enum for specifying the type of precompile operation. #[derive( @@ -220,31 +222,22 @@ pub mod pallet { } /// The extrinsic sets the serving rate limit for a subnet. - /// It is only callable by the root account or subnet owner. - /// The extrinsic will call the Subtensor pallet to set the serving rate limit. + /// + /// Deprecated: serving rate limits are now configured via `pallet-rate-limiting` on the + /// serving group target (`GROUP_SERVE`) with `scope = Some(netuid)`. #[pallet::call_index(3)] #[pallet::weight(Weight::from_parts(22_980_000, 0) .saturating_add(::DbWeight::get().reads(2_u64)) .saturating_add(::DbWeight::get().writes(1_u64)))] + #[deprecated( + note = "deprecated: configure via pallet-rate-limiting::set_rate_limit(target=Group(GROUP_SERVE), scope=Some(netuid), ...)" + )] pub fn sudo_set_serving_rate_limit( - origin: OriginFor, - netuid: NetUid, - serving_rate_limit: u64, + _origin: OriginFor, + _netuid: NetUid, + _serving_rate_limit: u64, ) -> DispatchResult { - let maybe_owner = pallet_subtensor::Pallet::::ensure_sn_owner_or_root_with_limits( - origin, - netuid, - &[Hyperparameter::ServingRateLimit.into()], - )?; - pallet_subtensor::Pallet::::ensure_admin_window_open(netuid)?; - pallet_subtensor::Pallet::::set_serving_rate_limit(netuid, serving_rate_limit); - log::debug!("ServingRateLimitSet( serving_rate_limit: {serving_rate_limit:?} ) "); - pallet_subtensor::Pallet::::record_owner_rl( - maybe_owner, - netuid, - &[Hyperparameter::ServingRateLimit.into()], - ); - Ok(()) + Err(Error::::Deprecated.into()) } /// The extrinsic sets the minimum difficulty for a subnet. diff --git a/pallets/admin-utils/src/tests/mod.rs b/pallets/admin-utils/src/tests/mod.rs index 024871e60f..a5fb053806 100644 --- a/pallets/admin-utils/src/tests/mod.rs +++ b/pallets/admin-utils/src/tests/mod.rs @@ -44,26 +44,30 @@ fn test_sudo_set_default_take() { } #[test] +#[allow(deprecated)] fn test_sudo_set_serving_rate_limit() { new_test_ext().execute_with(|| { let netuid = NetUid::from(3); let to_be_set: u64 = 10; let init_value: u64 = SubtensorModule::get_serving_rate_limit(netuid); - assert_eq!( + assert_noop!( AdminUtils::sudo_set_serving_rate_limit( <::RuntimeOrigin>::signed(U256::from(1)), netuid, to_be_set ), - Err(DispatchError::BadOrigin) + Error::::Deprecated + ); + assert_eq!(SubtensorModule::get_serving_rate_limit(netuid), init_value); + assert_noop!( + AdminUtils::sudo_set_serving_rate_limit( + <::RuntimeOrigin>::root(), + netuid, + to_be_set + ), + Error::::Deprecated ); assert_eq!(SubtensorModule::get_serving_rate_limit(netuid), init_value); - assert_ok!(AdminUtils::sudo_set_serving_rate_limit( - <::RuntimeOrigin>::root(), - netuid, - to_be_set - )); - assert_eq!(SubtensorModule::get_serving_rate_limit(netuid), to_be_set); }); } diff --git a/pallets/subtensor/src/lib.rs b/pallets/subtensor/src/lib.rs index a85c5f37d4..c2c210d959 100644 --- a/pallets/subtensor/src/lib.rs +++ b/pallets/subtensor/src/lib.rs @@ -1235,7 +1235,7 @@ pub mod pallet { /// ================== /// ==== Coinbase ==== /// ================== - /// --- ITEM ( global_block_emission ) + /// --- ITEM ( global_block_emission ) #[pallet::storage] pub type BlockEmission = StorageValue<_, u64, ValueQuery, DefaultBlockEmission>; @@ -1275,7 +1275,7 @@ pub mod pallet { #[pallet::storage] pub type TotalStake = StorageValue<_, TaoCurrency, ValueQuery, DefaultZeroTao>; - /// --- ITEM ( moving_alpha ) -- subnet moving alpha. + /// --- ITEM ( moving_alpha ) -- subnet moving alpha. #[pallet::storage] pub type SubnetMovingAlpha = StorageValue<_, I96F32, ValueQuery, DefaultMovingAlpha>; @@ -2434,7 +2434,6 @@ pub enum CustomTransactionError { TransferDisallowed, HotKeyNotRegisteredInNetwork, InvalidIpAddress, - ServingRateLimitExceeded, InvalidPort, BadRequest, ZeroMaxAmount, @@ -2461,7 +2460,6 @@ impl From for u8 { CustomTransactionError::TransferDisallowed => 9, CustomTransactionError::HotKeyNotRegisteredInNetwork => 10, CustomTransactionError::InvalidIpAddress => 11, - CustomTransactionError::ServingRateLimitExceeded => 12, CustomTransactionError::InvalidPort => 13, CustomTransactionError::BadRequest => 255, CustomTransactionError::ZeroMaxAmount => 14, diff --git a/pallets/subtensor/src/macros/dispatches.rs b/pallets/subtensor/src/macros/dispatches.rs index 61d5523285..a17e257039 100644 --- a/pallets/subtensor/src/macros/dispatches.rs +++ b/pallets/subtensor/src/macros/dispatches.rs @@ -814,10 +814,6 @@ mod dispatches { /// /// * 'InvalidIpAddress': /// - The numerically encoded ip address does not resolve to a proper ip. - /// - /// * 'ServingRateLimitExceeded': - /// - Attempting to set prometheus information withing the rate limit min. - /// #[pallet::call_index(4)] #[pallet::weight((Weight::from_parts(33_010_000, 0) .saturating_add(T::DbWeight::get().reads(4)) @@ -898,10 +894,6 @@ mod dispatches { /// /// * 'InvalidIpAddress': /// - The numerically encoded ip address does not resolve to a proper ip. - /// - /// * 'ServingRateLimitExceeded': - /// - Attempting to set prometheus information withing the rate limit min. - /// #[pallet::call_index(40)] #[pallet::weight((Weight::from_parts(32_510_000, 0) .saturating_add(T::DbWeight::get().reads(4)) diff --git a/pallets/subtensor/src/macros/errors.rs b/pallets/subtensor/src/macros/errors.rs index 5a15330075..1330b81738 100644 --- a/pallets/subtensor/src/macros/errors.rs +++ b/pallets/subtensor/src/macros/errors.rs @@ -79,6 +79,7 @@ mod errors { SettingWeightsTooFast, /// A validator is attempting to set weights from a validator with incorrect weight version. IncorrectWeightVersionKey, + /// DEPRECATED /// An axon or prometheus serving exceeded the rate limit for a registered neuron. ServingRateLimitExceeded, /// The caller is attempting to set weights with more UIDs than allowed. diff --git a/pallets/subtensor/src/subnets/serving.rs b/pallets/subtensor/src/subnets/serving.rs index cdaf39e51b..b46f0edf06 100644 --- a/pallets/subtensor/src/subnets/serving.rs +++ b/pallets/subtensor/src/subnets/serving.rs @@ -51,10 +51,6 @@ impl Pallet { /// /// * 'InvalidIpAddress': /// - The numerically encoded ip address does not resolve to a proper ip. - /// - /// * 'ServingRateLimitExceeded': - /// - Attempting to set prometheus information withing the rate limit min. - /// pub fn do_serve_axon( origin: T::RuntimeOrigin, netuid: NetUid, @@ -155,10 +151,6 @@ impl Pallet { /// /// * 'InvalidIpAddress': /// - The numerically encoded ip address does not resolve to a proper ip. - /// - /// * 'ServingRateLimitExceeded': - /// - Attempting to set prometheus information withing the rate limit min. - /// pub fn do_serve_prometheus( origin: T::RuntimeOrigin, netuid: NetUid, @@ -185,11 +177,6 @@ impl Pallet { // We get the previous axon info assoicated with this ( netuid, uid ) let mut prev_prometheus = Self::get_prometheus_info(netuid, &hotkey_id); - let current_block: u64 = Self::get_current_block_as_u64(); - ensure!( - Self::prometheus_passes_rate_limit(netuid, &prev_prometheus, current_block), - Error::::ServingRateLimitExceeded - ); // We insert the prometheus meta. prev_prometheus.block = Self::get_current_block_as_u64(); @@ -220,26 +207,6 @@ impl Pallet { --==[[ Helper functions ]]==-- *********************************/ - pub fn axon_passes_rate_limit( - netuid: NetUid, - prev_axon_info: &AxonInfoOf, - current_block: u64, - ) -> bool { - let rate_limit: u64 = Self::get_serving_rate_limit(netuid); - let last_serve = prev_axon_info.block; - rate_limit == 0 || last_serve == 0 || current_block.saturating_sub(last_serve) >= rate_limit - } - - pub fn prometheus_passes_rate_limit( - netuid: NetUid, - prev_prometheus_info: &PrometheusInfoOf, - current_block: u64, - ) -> bool { - let rate_limit: u64 = Self::get_serving_rate_limit(netuid); - let last_serve = prev_prometheus_info.block; - rate_limit == 0 || last_serve == 0 || current_block.saturating_sub(last_serve) >= rate_limit - } - pub fn get_axon_info(netuid: NetUid, hotkey: &T::AccountId) -> AxonInfoOf { if let Some(axons) = Axons::::get(netuid, hotkey) { axons @@ -345,11 +312,6 @@ impl Pallet { // Get the previous axon information. let mut prev_axon = Self::get_axon_info(netuid, hotkey_id); - let current_block: u64 = Self::get_current_block_as_u64(); - ensure!( - Self::axon_passes_rate_limit(netuid, &prev_axon, current_block), - Error::::ServingRateLimitExceeded - ); // Validate axon data with delegate func prev_axon.block = Self::get_current_block_as_u64(); diff --git a/pallets/subtensor/src/transaction_extension.rs b/pallets/subtensor/src/transaction_extension.rs index cf1d410ea9..e227e2d483 100644 --- a/pallets/subtensor/src/transaction_extension.rs +++ b/pallets/subtensor/src/transaction_extension.rs @@ -70,9 +70,6 @@ where CustomTransactionError::HotKeyNotRegisteredInNetwork.into() } Error::::InvalidIpAddress => CustomTransactionError::InvalidIpAddress.into(), - Error::::ServingRateLimitExceeded => { - CustomTransactionError::ServingRateLimitExceeded.into() - } Error::::InvalidPort => CustomTransactionError::InvalidPort.into(), _ => CustomTransactionError::BadRequest.into(), }) diff --git a/pallets/subtensor/src/utils/misc.rs b/pallets/subtensor/src/utils/misc.rs index 10fc0535f0..70b1defcd7 100644 --- a/pallets/subtensor/src/utils/misc.rs +++ b/pallets/subtensor/src/utils/misc.rs @@ -1,12 +1,15 @@ use super::*; use crate::Error; use crate::system::{ensure_signed, ensure_signed_or_root, pallet_prelude::BlockNumberFor}; +use rate_limiting_interface::RateLimitingInfo; use safe_math::*; use sp_core::Get; use sp_core::U256; -use sp_runtime::Saturating; +use sp_runtime::{SaturatedConversion, Saturating}; use substrate_fixed::types::{I32F32, I64F64, U64F64, U96F32}; -use subtensor_runtime_common::{AlphaCurrency, NetUid, NetUidStorageIndex, TaoCurrency}; +use subtensor_runtime_common::{ + AlphaCurrency, NetUid, NetUidStorageIndex, TaoCurrency, rate_limiting, +}; impl Pallet { pub fn ensure_subnet_owner_or_root( @@ -428,8 +431,11 @@ impl Pallet { } pub fn get_serving_rate_limit(netuid: NetUid) -> u64 { - ServingRateLimit::::get(netuid) + T::RateLimiting::rate_limit(rate_limiting::GROUP_SERVE, Some(netuid)) + .unwrap_or_default() + .saturated_into() } + pub fn set_serving_rate_limit(netuid: NetUid, serving_rate_limit: u64) { ServingRateLimit::::insert(netuid, serving_rate_limit); Self::deposit_event(Event::ServingRateLimitSet(netuid, serving_rate_limit)); diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 8cde7d8999..5a659146ed 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -1148,6 +1148,9 @@ parameter_types! { impl pallet_rate_limiting::Config for Runtime { type RuntimeCall = RuntimeCall; type AdminOrigin = EnsureRoot; + type LimitSettingRule = rate_limiting::LimitSettingRule; + type DefaultLimitSettingRule = rate_limiting::DefaultLimitSettingRule; + type LimitSettingOrigin = rate_limiting::LimitSettingOrigin; type LimitScope = NetUid; type LimitScopeResolver = RuntimeScopeResolver; type UsageKey = RateLimitUsageKey; diff --git a/runtime/src/rate_limiting/migration.rs b/runtime/src/rate_limiting/migration.rs index f77f6ec2dc..360933bb48 100644 --- a/runtime/src/rate_limiting/migration.rs +++ b/runtime/src/rate_limiting/migration.rs @@ -25,7 +25,7 @@ use subtensor_runtime_common::{ }; use super::{ - AccountId, RateLimitUsageKey, Runtime, + AccountId, LimitSettingRule, RateLimitUsageKey, Runtime, legacy::{ Hyperparameter, RateLimitKey, TransactionType, defaults as legacy_defaults, storage as legacy_storage, @@ -117,6 +117,14 @@ pub fn migrate_rate_limiting() -> Weight { .saturating_add(limit_writes) .saturating_add(last_seen_writes); + // Legacy parity: serving-rate-limit configuration is allowed for root OR subnet owner. + // Everything else remains default (`AdminOrigin` / root in this runtime). + pallet_rate_limiting::LimitSettingRules::::insert( + RateLimitTarget::Group(GROUP_SERVE), + LimitSettingRule::RootOrSubnetOwnerAdminWindow, + ); + writes += 1; + HasMigrationRun::::insert(MIGRATION_NAME, true); writes += 1; @@ -1087,6 +1095,13 @@ mod tests { Some(DELEGATE_TAKE_GROUP_ID) ); assert_eq!(pallet_rate_limiting::NextGroupId::::get(), 7); + + let serve_target = RateLimitTarget::Group(GROUP_SERVE); + assert!(pallet_rate_limiting::LimitSettingRules::::contains_key(serve_target)); + assert_eq!( + pallet_rate_limiting::LimitSettingRules::::get(serve_target), + crate::rate_limiting::LimitSettingRule::RootOrSubnetOwnerAdminWindow + ); }); } diff --git a/runtime/src/rate_limiting/mod.rs b/runtime/src/rate_limiting/mod.rs index d0b91c34a7..9b370229fe 100644 --- a/runtime/src/rate_limiting/mod.rs +++ b/runtime/src/rate_limiting/mod.rs @@ -14,11 +14,17 @@ //! Long-term, we should refactor `pallet-subtensor` into smaller pallets and move to dedicated //! `pallet-rate-limiting` instances per pallet. +use codec::{Decode, DecodeWithMemTracking, Encode, MaxEncodedLen}; +use frame_support::traits::Get; use frame_system::RawOrigin; use pallet_admin_utils::Call as AdminUtilsCall; -use pallet_rate_limiting::BypassDecision; -use pallet_rate_limiting::{RateLimitScopeResolver, RateLimitUsageResolver}; +use pallet_rate_limiting::{ + BypassDecision, EnsureLimitSettingRule, RateLimitScopeResolver, RateLimitUsageResolver, +}; use pallet_subtensor::{Call as SubtensorCall, Tempo}; +use scale_info::TypeInfo; +use serde::{Deserialize, Serialize}; +use sp_runtime::DispatchError; use sp_std::{vec, vec::Vec}; use subtensor_runtime_common::{ BlockNumber, NetUid, @@ -30,6 +36,63 @@ use crate::{AccountId, Runtime, RuntimeCall, RuntimeOrigin}; mod legacy; pub mod migration; +/// Authorization rules for configuring rate limits via `pallet-rate-limiting::set_rate_limit`. +/// +/// Legacy note: historically, all rate-limit setters were `Root`-only except +/// `admin-utils::sudo_set_serving_rate_limit` (subnet-owner-or-root). We preserve that behavior by +/// requiring a `scope` value when using the [`LimitSettingRule::RootOrSubnetOwnerAdminWindow`] rule and +/// validating subnet ownership against that `scope` (`netuid`). +#[derive( + Encode, + Decode, + DecodeWithMemTracking, + Serialize, + Deserialize, + Clone, + PartialEq, + Eq, + TypeInfo, + MaxEncodedLen, + Debug, +)] +pub enum LimitSettingRule { + /// Require `Root`. + Root, + /// Allow `Root` or the subnet owner for the provided `netuid` scope. + /// + /// This rule requires `scope == Some(netuid)`. + RootOrSubnetOwnerAdminWindow, +} + +pub struct DefaultLimitSettingRule; + +impl Get for DefaultLimitSettingRule { + fn get() -> LimitSettingRule { + LimitSettingRule::Root + } +} + +pub struct LimitSettingOrigin; + +impl EnsureLimitSettingRule for LimitSettingOrigin { + fn ensure_origin( + origin: RuntimeOrigin, + rule: &LimitSettingRule, + scope: &Option, + ) -> frame_support::dispatch::DispatchResult { + match rule { + LimitSettingRule::Root => frame_system::ensure_root(origin).map_err(Into::into), + LimitSettingRule::RootOrSubnetOwnerAdminWindow => { + let netuid = scope.ok_or(DispatchError::BadOrigin)?; + pallet_subtensor::Pallet::::ensure_admin_window_open(netuid)?; + pallet_subtensor::Pallet::::ensure_subnet_owner_or_root(origin, netuid) + .map(|_| ()) + .map_err(Into::into) + } + } + } +} + #[derive(Default)] pub struct ScopeResolver; diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs index 3066125ef6..0350fa9f11 100644 --- a/runtime/tests/rate_limiting_behavior.rs +++ b/runtime/tests/rate_limiting_behavior.rs @@ -278,14 +278,11 @@ fn serving_parity() { }); let origin = RuntimeOrigin::signed(hot.clone()); let legacy_axon = || { - SubtensorModule::axon_passes_rate_limit( - netuid, - &AxonInfo { - block: now - 1, - ..Default::default() - }, - now, - ) + let info = AxonInfo { + block: now.saturating_sub(1), + ..Default::default() + }; + now.saturating_sub(info.block) >= ServingRateLimit::::get(netuid) }; parity_check(now, axon_call, origin.clone(), None, None, legacy_axon); @@ -298,14 +295,11 @@ fn serving_parity() { ip_type: 4, }); let legacy_prom = || { - SubtensorModule::prometheus_passes_rate_limit( - netuid, - &PrometheusInfo { - block: now - 1, - ..Default::default() - }, - now, - ) + let info = PrometheusInfo { + block: now.saturating_sub(1), + ..Default::default() + }; + now.saturating_sub(info.block) >= ServingRateLimit::::get(netuid) }; parity_check(now, prom_call, origin, None, None, legacy_prom); }); From f1504c650a438bbb0f2c4f2b6d309e239593e978 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 23 Dec 2025 12:28:27 +0100 Subject: [PATCH 44/46] Fix TX-extension type definition --- node/Cargo.toml | 2 ++ node/src/benchmarking.rs | 8 ++++++-- node/src/mev_shield/author.rs | 16 ++++++++++++---- pallets/admin-utils/src/benchmarking.rs | 4 ++-- runtime/src/lib.rs | 17 ++++++++++++----- 5 files changed, 34 insertions(+), 13 deletions(-) diff --git a/node/Cargo.toml b/node/Cargo.toml index 1d2351c265..06b96c0eba 100644 --- a/node/Cargo.toml +++ b/node/Cargo.toml @@ -70,6 +70,7 @@ frame-system.workspace = true pallet-transaction-payment.workspace = true pallet-commitments.workspace = true pallet-drand.workspace = true +pallet-rate-limiting.workspace = true sp-crypto-ec-utils = { workspace = true, default-features = true, features = [ "bls12-381", ] } @@ -173,6 +174,7 @@ runtime-benchmarks = [ "polkadot-sdk/runtime-benchmarks", "pallet-subtensor/runtime-benchmarks", "pallet-shield/runtime-benchmarks", + "pallet-rate-limiting/runtime-benchmarks", ] pow-faucet = [] diff --git a/node/src/benchmarking.rs b/node/src/benchmarking.rs index 5430a75d9e..c8dcc4cef0 100644 --- a/node/src/benchmarking.rs +++ b/node/src/benchmarking.rs @@ -143,8 +143,12 @@ pub fn create_benchmark_extrinsic( pallet_subtensor::transaction_extension::SubtensorTransactionExtension::< runtime::Runtime, >::new(), - pallet_drand::drand_priority::DrandPriority::::new(), - frame_metadata_hash_extension::CheckMetadataHash::::new(true), + // Keep the same order while staying under the 12-item tuple limit. + ( + pallet_drand::drand_priority::DrandPriority::::new(), + frame_metadata_hash_extension::CheckMetadataHash::::new(true), + ), + pallet_rate_limiting::RateLimitTransactionExtension::::new(), ); let raw_payload = runtime::SignedPayload::from_raw( diff --git a/node/src/mev_shield/author.rs b/node/src/mev_shield/author.rs index 99000d4ac6..2501bcec20 100644 --- a/node/src/mev_shield/author.rs +++ b/node/src/mev_shield/author.rs @@ -396,8 +396,12 @@ where pallet_subtensor::transaction_extension::SubtensorTransactionExtension::< runtime::Runtime, >::new(), - pallet_drand::drand_priority::DrandPriority::::new(), - frame_metadata_hash_extension::CheckMetadataHash::::new(false), + // Keep the same order while staying under the 12-item tuple limit. + ( + pallet_drand::drand_priority::DrandPriority::::new(), + frame_metadata_hash_extension::CheckMetadataHash::::new(false), + ), + pallet_rate_limiting::RateLimitTransactionExtension::::new(), ); // 3) Manually construct the `Implicit` tuple that the runtime will also derive. @@ -431,8 +435,12 @@ where (), // ChargeTransactionPaymentWrapper::Implicit = () (), // SudoTransactionExtension::Implicit = () (), // SubtensorTransactionExtension::Implicit = () - (), // DrandPriority::Implicit = () - None, // CheckMetadataHash::Implicit = Option<[u8; 32]> + // Match the nested tuple shape used by TransactionExtensions. + ( + (), // DrandPriority::Implicit = () + None, // CheckMetadataHash::Implicit = Option<[u8; 32]> + ), + (), // RateLimitTransactionExtension::Implicit = () ); // 4) Build the exact signable payload from call + extra + implicit. diff --git a/pallets/admin-utils/src/benchmarking.rs b/pallets/admin-utils/src/benchmarking.rs index e83d0e222a..105a8b8ddb 100644 --- a/pallets/admin-utils/src/benchmarking.rs +++ b/pallets/admin-utils/src/benchmarking.rs @@ -73,8 +73,8 @@ mod benchmarks { #[allow(deprecated)] let _ = AdminUtils::::sudo_set_serving_rate_limit( RawOrigin::Root.into(), - 1u16.into(), /*netuid*/ - 100u64, /*serving_rate_limit*/ + 1u16.into(), /*netuid*/ + 100u64, /*serving_rate_limit*/ ); } } diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index ee2dda35c6..10a0670a0f 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -175,15 +175,17 @@ impl frame_system::offchain::CreateSignedTransaction frame_system::CheckEra::::from(Era::Immortal), check_nonce::CheckNonce::::from(nonce).into(), frame_system::CheckWeight::::new(), - pallet_rate_limiting::RateLimitTransactionExtension::::new(), ChargeTransactionPaymentWrapper::new( pallet_transaction_payment::ChargeTransactionPayment::::from(0), ), SudoTransactionExtension::::new(), pallet_subtensor::transaction_extension::SubtensorTransactionExtension::::new( ), - pallet_drand::drand_priority::DrandPriority::::new(), - frame_metadata_hash_extension::CheckMetadataHash::::new(true), + ( + pallet_drand::drand_priority::DrandPriority::::new(), + frame_metadata_hash_extension::CheckMetadataHash::::new(true), + ), + pallet_rate_limiting::RateLimitTransactionExtension::::new(), ); let raw_payload = SignedPayload::new(call.clone(), extra.clone()).ok()?; @@ -1679,6 +1681,8 @@ pub type Header = generic::Header; // Block type as expected by this runtime. pub type Block = generic::Block; // The extensions to the basic transaction logic. +// Note: The SDK only implements TransactionExtension for tuples up to 12 items, so we nest the last +// two extensions to keep order/encoding while staying under the limit. pub type TransactionExtensions = ( frame_system::CheckNonZeroSender, frame_system::CheckSpecVersion, @@ -1691,8 +1695,11 @@ pub type TransactionExtensions = ( ChargeTransactionPaymentWrapper, SudoTransactionExtension, pallet_subtensor::transaction_extension::SubtensorTransactionExtension, - pallet_drand::drand_priority::DrandPriority, - frame_metadata_hash_extension::CheckMetadataHash, + ( + pallet_drand::drand_priority::DrandPriority, + frame_metadata_hash_extension::CheckMetadataHash, + ), + pallet_rate_limiting::RateLimitTransactionExtension, ); type Migrations = ( From 913ee9724f40ec92ac39a3453e5bc17c06c1a3c0 Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 23 Dec 2025 13:47:14 +0100 Subject: [PATCH 45/46] Deprecate serving rate limit --- Cargo.lock | 2 + chain-extensions/src/mock.rs | 2 - node/src/benchmarking.rs | 2 +- pallets/admin-utils/src/tests/mock.rs | 2 - pallets/subtensor/src/benchmarks.rs | 2 - pallets/subtensor/src/coinbase/root.rs | 1 - pallets/subtensor/src/lib.rs | 11 ----- pallets/subtensor/src/macros/config.rs | 3 -- pallets/subtensor/src/macros/events.rs | 2 +- pallets/subtensor/src/tests/mock.rs | 2 - pallets/subtensor/src/tests/networks.rs | 2 - pallets/subtensor/src/tests/serving.rs | 50 ++++++++++------------- pallets/subtensor/src/utils/misc.rs | 5 --- pallets/transaction-fee/src/tests/mock.rs | 2 - precompiles/Cargo.toml | 2 + precompiles/src/lib.rs | 21 ++++++++-- precompiles/src/subnet.rs | 30 ++++++++++---- runtime/src/lib.rs | 3 -- runtime/src/rate_limiting/legacy.rs | 8 ++-- runtime/tests/rate_limiting_behavior.rs | 19 ++++++--- 20 files changed, 84 insertions(+), 87 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 351e156aad..8bea2f5c3d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8222,6 +8222,7 @@ dependencies = [ "num-traits", "pallet-commitments", "pallet-drand", + "pallet-rate-limiting", "pallet-shield", "pallet-subtensor", "pallet-subtensor-swap-rpc", @@ -18166,6 +18167,7 @@ dependencies = [ "pallet-evm-precompile-modexp", "pallet-evm-precompile-sha3fips", "pallet-evm-precompile-simple", + "pallet-rate-limiting", "pallet-subtensor", "pallet-subtensor-proxy", "pallet-subtensor-swap", diff --git a/chain-extensions/src/mock.rs b/chain-extensions/src/mock.rs index 53195c6cd9..ae99c4031e 100644 --- a/chain-extensions/src/mock.rs +++ b/chain-extensions/src/mock.rs @@ -294,7 +294,6 @@ parameter_types! { pub const InitialMinChildKeyTake: u16 = 0; // 0 %; pub const InitialMaxChildKeyTake: u16 = 11_796; // 18 %; pub const InitialWeightsVersionKey: u16 = 0; - pub const InitialServingRateLimit: u64 = 0; // No limit. pub const InitialTxRateLimit: u64 = 0; // Disable rate limit for testing pub const InitialTxDelegateTakeRateLimit: u64 = 1; // 1 block take rate limit for testing pub const InitialTxChildKeyTakeRateLimit: u64 = 1; // 1 block take rate limit for testing @@ -380,7 +379,6 @@ impl pallet_subtensor::Config for Test { type InitialWeightsVersionKey = InitialWeightsVersionKey; type InitialMaxDifficulty = InitialMaxDifficulty; type InitialMinDifficulty = InitialMinDifficulty; - type InitialServingRateLimit = InitialServingRateLimit; type InitialTxRateLimit = InitialTxRateLimit; type InitialTxDelegateTakeRateLimit = InitialTxDelegateTakeRateLimit; type InitialBurn = InitialBurn; diff --git a/node/src/benchmarking.rs b/node/src/benchmarking.rs index c8dcc4cef0..2f401e3e95 100644 --- a/node/src/benchmarking.rs +++ b/node/src/benchmarking.rs @@ -165,8 +165,8 @@ pub fn create_benchmark_extrinsic( (), (), (), + ((), None), (), - None, ), ); let signature = raw_payload.using_encoded(|e| sender.sign(e)); diff --git a/pallets/admin-utils/src/tests/mock.rs b/pallets/admin-utils/src/tests/mock.rs index 0633109caa..211a72ef08 100644 --- a/pallets/admin-utils/src/tests/mock.rs +++ b/pallets/admin-utils/src/tests/mock.rs @@ -104,7 +104,6 @@ parameter_types! { pub const InitialMinChildKeyTake: u16 = 0; // Allow 0 % pub const InitialMaxChildKeyTake: u16 = 11_796; // 18 %; pub const InitialWeightsVersionKey: u16 = 0; - pub const InitialServingRateLimit: u64 = 0; // No limit. pub const InitialTxRateLimit: u64 = 0; // Disable rate limit for testing pub const InitialTxDelegateTakeRateLimit: u64 = 0; // Disable rate limit for testing pub const InitialTxChildKeyTakeRateLimit: u64 = 0; // Disable rate limit for testing @@ -190,7 +189,6 @@ impl pallet_subtensor::Config for Test { type InitialWeightsVersionKey = InitialWeightsVersionKey; type InitialMaxDifficulty = InitialMaxDifficulty; type InitialMinDifficulty = InitialMinDifficulty; - type InitialServingRateLimit = InitialServingRateLimit; type InitialTxRateLimit = InitialTxRateLimit; type InitialTxDelegateTakeRateLimit = InitialTxDelegateTakeRateLimit; type InitialTxChildKeyTakeRateLimit = InitialTxChildKeyTakeRateLimit; diff --git a/pallets/subtensor/src/benchmarks.rs b/pallets/subtensor/src/benchmarks.rs index 476be905e9..67b7f473b0 100644 --- a/pallets/subtensor/src/benchmarks.rs +++ b/pallets/subtensor/src/benchmarks.rs @@ -157,7 +157,6 @@ mod pallet_benchmarks { netuid, caller.clone() )); - Subtensor::::set_serving_rate_limit(netuid, 0); #[extrinsic_call] _( @@ -195,7 +194,6 @@ mod pallet_benchmarks { netuid, caller.clone() )); - Subtensor::::set_serving_rate_limit(netuid, 0); #[extrinsic_call] _( diff --git a/pallets/subtensor/src/coinbase/root.rs b/pallets/subtensor/src/coinbase/root.rs index 328ce3805c..83ff49abbf 100644 --- a/pallets/subtensor/src/coinbase/root.rs +++ b/pallets/subtensor/src/coinbase/root.rs @@ -325,7 +325,6 @@ impl Pallet { LastAdjustmentBlock::::remove(netuid); // --- 16. Serving / rho / curves, and other per-net controls. - ServingRateLimit::::remove(netuid); Rho::::remove(netuid); AlphaSigmoidSteepness::::remove(netuid); diff --git a/pallets/subtensor/src/lib.rs b/pallets/subtensor/src/lib.rs index 2954b6a7c5..c44381dc2b 100644 --- a/pallets/subtensor/src/lib.rs +++ b/pallets/subtensor/src/lib.rs @@ -908,12 +908,6 @@ pub mod pallet { 0 } - /// Default value for serving rate limit. - #[pallet::type_value] - pub fn DefaultServingRateLimit() -> u64 { - T::InitialServingRateLimit::get() - } - /// Default value for weight commit/reveal enabled. #[pallet::type_value] pub fn DefaultCommitRevealWeightsEnabled() -> bool { @@ -1674,11 +1668,6 @@ pub mod pallet { pub type RecycleOrBurn = StorageMap<_, Identity, NetUid, RecycleOrBurnEnum, ValueQuery, DefaultRecycleOrBurn>; - /// --- MAP ( netuid ) --> serving_rate_limit - #[pallet::storage] - pub type ServingRateLimit = - StorageMap<_, Identity, NetUid, u64, ValueQuery, DefaultServingRateLimit>; - /// --- MAP ( netuid ) --> Rho #[pallet::storage] pub type Rho = StorageMap<_, Identity, NetUid, u16, ValueQuery, DefaultRho>; diff --git a/pallets/subtensor/src/macros/config.rs b/pallets/subtensor/src/macros/config.rs index f8742087ff..b6dc13059d 100644 --- a/pallets/subtensor/src/macros/config.rs +++ b/pallets/subtensor/src/macros/config.rs @@ -183,9 +183,6 @@ mod config { /// Initial weights version key. #[pallet::constant] type InitialWeightsVersionKey: Get; - /// Initial serving rate limit. - #[pallet::constant] - type InitialServingRateLimit: Get; /// Initial transaction rate limit. #[pallet::constant] type InitialTxRateLimit: Get; diff --git a/pallets/subtensor/src/macros/events.rs b/pallets/subtensor/src/macros/events.rs index a06e035d86..baf39b2994 100644 --- a/pallets/subtensor/src/macros/events.rs +++ b/pallets/subtensor/src/macros/events.rs @@ -101,7 +101,7 @@ mod events { MinDifficultySet(NetUid, u64), /// setting max difficulty on a network. MaxDifficultySet(NetUid, u64), - /// setting the prometheus serving rate limit. + /// [DEPRECATED] setting the prometheus serving rate limit. ServingRateLimitSet(NetUid, u64), /// setting burn on a network. BurnSet(NetUid, TaoCurrency), diff --git a/pallets/subtensor/src/tests/mock.rs b/pallets/subtensor/src/tests/mock.rs index 161e0e372b..8cb3478b34 100644 --- a/pallets/subtensor/src/tests/mock.rs +++ b/pallets/subtensor/src/tests/mock.rs @@ -179,7 +179,6 @@ parameter_types! { pub const InitialMinChildKeyTake: u16 = 0; // 0 %; pub const InitialMaxChildKeyTake: u16 = 11_796; // 18 %; pub const InitialWeightsVersionKey: u16 = 0; - pub const InitialServingRateLimit: u64 = 0; // No limit. pub const InitialTxRateLimit: u64 = 0; // Disable rate limit for testing pub const InitialTxDelegateTakeRateLimit: u64 = 1; // 1 block take rate limit for testing pub const InitialTxChildKeyTakeRateLimit: u64 = 1; // 1 block take rate limit for testing @@ -265,7 +264,6 @@ impl crate::Config for Test { type InitialWeightsVersionKey = InitialWeightsVersionKey; type InitialMaxDifficulty = InitialMaxDifficulty; type InitialMinDifficulty = InitialMinDifficulty; - type InitialServingRateLimit = InitialServingRateLimit; type InitialTxRateLimit = InitialTxRateLimit; type InitialTxDelegateTakeRateLimit = InitialTxDelegateTakeRateLimit; type InitialBurn = InitialBurn; diff --git a/pallets/subtensor/src/tests/networks.rs b/pallets/subtensor/src/tests/networks.rs index 8214d58be0..8a8850b178 100644 --- a/pallets/subtensor/src/tests/networks.rs +++ b/pallets/subtensor/src/tests/networks.rs @@ -388,7 +388,6 @@ fn dissolve_clears_all_per_subnet_storages() { PendingOwnerCut::::insert(net, AlphaCurrency::from(1)); BlocksSinceLastStep::::insert(net, 1u64); LastMechansimStepBlock::::insert(net, 1u64); - ServingRateLimit::::insert(net, 1u64); Rho::::insert(net, 1u16); AlphaSigmoidSteepness::::insert(net, 1i16); @@ -548,7 +547,6 @@ fn dissolve_clears_all_per_subnet_storages() { assert!(!PendingOwnerCut::::contains_key(net)); assert!(!BlocksSinceLastStep::::contains_key(net)); assert!(!LastMechansimStepBlock::::contains_key(net)); - assert!(!ServingRateLimit::::contains_key(net)); assert!(!Rho::::contains_key(net)); assert!(!AlphaSigmoidSteepness::::contains_key(net)); diff --git a/pallets/subtensor/src/tests/serving.rs b/pallets/subtensor/src/tests/serving.rs index b52666bf26..d56787cccd 100644 --- a/pallets/subtensor/src/tests/serving.rs +++ b/pallets/subtensor/src/tests/serving.rs @@ -281,23 +281,19 @@ fn test_axon_serving_rate_limit_exceeded() { placeholder1, placeholder2 )); - SubtensorModule::set_serving_rate_limit(netuid, 2); run_to_block(2); // Go to block 2 - // Needs to be 2 blocks apart, we are only 1 block apart - assert_eq!( - SubtensorModule::serve_axon( - <::RuntimeOrigin>::signed(hotkey_account_id), - netuid, - version, - ip, - port, - ip_type, - protocol, - placeholder1, - placeholder2 - ), - Err(Error::::ServingRateLimitExceeded.into()) - ); + // Rate limiting is enforced by the transaction extension, not the pallet call. + assert_ok!(SubtensorModule::serve_axon( + <::RuntimeOrigin>::signed(hotkey_account_id), + netuid, + version, + ip, + port, + ip_type, + protocol, + placeholder1, + placeholder2 + )); }); } @@ -479,19 +475,15 @@ fn test_prometheus_serving_rate_limit_exceeded() { port, ip_type )); - SubtensorModule::set_serving_rate_limit(netuid, 1); - // Same block, need 1 block to pass - assert_eq!( - SubtensorModule::serve_prometheus( - <::RuntimeOrigin>::signed(hotkey_account_id), - netuid, - version, - ip, - port, - ip_type - ), - Err(Error::::ServingRateLimitExceeded.into()) - ); + // Rate limiting is enforced by the transaction extension, not the pallet call. + assert_ok!(SubtensorModule::serve_prometheus( + <::RuntimeOrigin>::signed(hotkey_account_id), + netuid, + version, + ip, + port, + ip_type + )); }); } diff --git a/pallets/subtensor/src/utils/misc.rs b/pallets/subtensor/src/utils/misc.rs index 70b1defcd7..05c1af7d6f 100644 --- a/pallets/subtensor/src/utils/misc.rs +++ b/pallets/subtensor/src/utils/misc.rs @@ -436,11 +436,6 @@ impl Pallet { .saturated_into() } - pub fn set_serving_rate_limit(netuid: NetUid, serving_rate_limit: u64) { - ServingRateLimit::::insert(netuid, serving_rate_limit); - Self::deposit_event(Event::ServingRateLimitSet(netuid, serving_rate_limit)); - } - pub fn get_min_difficulty(netuid: NetUid) -> u64 { MinDifficulty::::get(netuid) } diff --git a/pallets/transaction-fee/src/tests/mock.rs b/pallets/transaction-fee/src/tests/mock.rs index 2b25273104..c5f25b54e8 100644 --- a/pallets/transaction-fee/src/tests/mock.rs +++ b/pallets/transaction-fee/src/tests/mock.rs @@ -171,7 +171,6 @@ parameter_types! { pub const InitialMinChildKeyTake: u16 = 0; // Allow 0 % pub const InitialMaxChildKeyTake: u16 = 11_796; // 18 %; pub const InitialWeightsVersionKey: u16 = 0; - pub const InitialServingRateLimit: u64 = 0; // No limit. pub const InitialTxRateLimit: u64 = 0; // Disable rate limit for testing pub const InitialTxDelegateTakeRateLimit: u64 = 0; // Disable rate limit for testing pub const InitialTxChildKeyTakeRateLimit: u64 = 0; // Disable rate limit for testing @@ -257,7 +256,6 @@ impl pallet_subtensor::Config for Test { type InitialWeightsVersionKey = InitialWeightsVersionKey; type InitialMaxDifficulty = InitialMaxDifficulty; type InitialMinDifficulty = InitialMinDifficulty; - type InitialServingRateLimit = InitialServingRateLimit; type InitialTxRateLimit = InitialTxRateLimit; type InitialTxDelegateTakeRateLimit = InitialTxDelegateTakeRateLimit; type InitialTxChildKeyTakeRateLimit = InitialTxChildKeyTakeRateLimit; diff --git a/precompiles/Cargo.toml b/precompiles/Cargo.toml index 12460dcfbb..599b404350 100644 --- a/precompiles/Cargo.toml +++ b/precompiles/Cargo.toml @@ -34,6 +34,7 @@ substrate-fixed.workspace = true pallet-subtensor.workspace = true pallet-subtensor-swap.workspace = true pallet-admin-utils.workspace = true +pallet-rate-limiting.workspace = true subtensor-swap-interface.workspace = true pallet-crowdloan.workspace = true @@ -50,6 +51,7 @@ std = [ "log/std", "pallet-admin-utils/std", "pallet-balances/std", + "pallet-rate-limiting/std", "pallet-evm-precompile-dispatch/std", "pallet-evm-precompile-modexp/std", "pallet-evm-precompile-sha3fips/std", diff --git a/precompiles/src/lib.rs b/precompiles/src/lib.rs index 8069a1eb92..fe08fbec5a 100644 --- a/precompiles/src/lib.rs +++ b/precompiles/src/lib.rs @@ -66,12 +66,17 @@ where + pallet_subtensor::Config + pallet_subtensor_swap::Config + pallet_proxy::Config - + pallet_crowdloan::Config, + + pallet_crowdloan::Config + + pallet_rate_limiting::Config< + LimitScope = subtensor_runtime_common::NetUid, + GroupId = subtensor_runtime_common::rate_limiting::GroupId, + >, R::AccountId: From<[u8; 32]> + ByteArray + Into<[u8; 32]>, ::RuntimeCall: From> + From> + From> + From> + + From> + From> + GetDispatchInfo + Dispatchable, @@ -93,12 +98,17 @@ where + pallet_subtensor::Config + pallet_subtensor_swap::Config + pallet_proxy::Config - + pallet_crowdloan::Config, + + pallet_crowdloan::Config + + pallet_rate_limiting::Config< + LimitScope = subtensor_runtime_common::NetUid, + GroupId = subtensor_runtime_common::rate_limiting::GroupId, + >, R::AccountId: From<[u8; 32]> + ByteArray + Into<[u8; 32]>, ::RuntimeCall: From> + From> + From> + From> + + From> + From> + GetDispatchInfo + Dispatchable, @@ -149,12 +159,17 @@ where + pallet_subtensor::Config + pallet_subtensor_swap::Config + pallet_proxy::Config - + pallet_crowdloan::Config, + + pallet_crowdloan::Config + + pallet_rate_limiting::Config< + LimitScope = subtensor_runtime_common::NetUid, + GroupId = subtensor_runtime_common::rate_limiting::GroupId, + >, R::AccountId: From<[u8; 32]> + ByteArray + Into<[u8; 32]>, ::RuntimeCall: From> + From> + From> + From> + + From> + From> + GetDispatchInfo + Dispatchable diff --git a/precompiles/src/subnet.rs b/precompiles/src/subnet.rs index b7f5cdb098..bdda32a6ce 100644 --- a/precompiles/src/subnet.rs +++ b/precompiles/src/subnet.rs @@ -4,9 +4,10 @@ use frame_support::dispatch::{GetDispatchInfo, PostDispatchInfo}; use frame_support::traits::ConstU32; use frame_system::RawOrigin; use pallet_evm::{AddressMapping, PrecompileHandle}; +use pallet_rate_limiting::{RateLimitKind, RateLimitTarget}; use precompile_utils::{EvmResult, prelude::BoundedString}; use sp_core::H256; -use sp_runtime::traits::Dispatchable; +use sp_runtime::traits::{Dispatchable, SaturatedConversion}; use sp_std::vec; use subtensor_runtime_common::{Currency, NetUid}; @@ -19,10 +20,15 @@ where R: frame_system::Config + pallet_evm::Config + pallet_subtensor::Config - + pallet_admin_utils::Config, + + pallet_admin_utils::Config + + pallet_rate_limiting::Config< + LimitScope = NetUid, + GroupId = subtensor_runtime_common::rate_limiting::GroupId, + >, R::AccountId: From<[u8; 32]>, ::RuntimeCall: From> + From> + + From> + GetDispatchInfo + Dispatchable, ::AddressMapping: AddressMapping, @@ -36,10 +42,15 @@ where R: frame_system::Config + pallet_evm::Config + pallet_subtensor::Config - + pallet_admin_utils::Config, + + pallet_admin_utils::Config + + pallet_rate_limiting::Config< + LimitScope = NetUid, + GroupId = subtensor_runtime_common::rate_limiting::GroupId, + >, R::AccountId: From<[u8; 32]>, ::RuntimeCall: From> + From> + + From> + GetDispatchInfo + Dispatchable, ::AddressMapping: AddressMapping, @@ -141,9 +152,9 @@ where #[precompile::public("getServingRateLimit(uint16)")] #[precompile::view] fn get_serving_rate_limit(_: &mut impl PrecompileHandle, netuid: u16) -> EvmResult { - Ok(pallet_subtensor::ServingRateLimit::::get(NetUid::from( - netuid, - ))) + Ok(pallet_subtensor::Pallet::::get_serving_rate_limit( + NetUid::from(netuid), + )) } #[precompile::public("setServingRateLimit(uint16,uint64)")] @@ -153,9 +164,10 @@ where netuid: u16, serving_rate_limit: u64, ) -> EvmResult<()> { - let call = pallet_admin_utils::Call::::sudo_set_serving_rate_limit { - netuid: netuid.into(), - serving_rate_limit, + let call = pallet_rate_limiting::Call::::set_rate_limit { + target: RateLimitTarget::Group(subtensor_runtime_common::rate_limiting::GROUP_SERVE), + scope: Some(netuid.into()), + limit: RateLimitKind::Exact(serving_rate_limit.saturated_into()), }; handle.try_dispatch_runtime_call::( diff --git a/runtime/src/lib.rs b/runtime/src/lib.rs index 10a0670a0f..65a61ebfd8 100644 --- a/runtime/src/lib.rs +++ b/runtime/src/lib.rs @@ -1033,7 +1033,6 @@ parameter_types! { pub const SubtensorInitialWeightsVersionKey: u64 = 0; pub const SubtensorInitialMinDifficulty: u64 = 10_000_000; pub const SubtensorInitialMaxDifficulty: u64 = u64::MAX / 4; - pub const SubtensorInitialServingRateLimit: u64 = 50; pub const SubtensorInitialBurn: u64 = 100_000_000; // 0.1 tao pub const SubtensorInitialMinBurn: u64 = 500_000; // 500k RAO pub const SubtensorInitialMaxBurn: u64 = 100_000_000_000; // 100 tao @@ -1106,7 +1105,6 @@ impl pallet_subtensor::Config for Runtime { type InitialWeightsVersionKey = SubtensorInitialWeightsVersionKey; type InitialMaxDifficulty = SubtensorInitialMaxDifficulty; type InitialMinDifficulty = SubtensorInitialMinDifficulty; - type InitialServingRateLimit = SubtensorInitialServingRateLimit; type InitialBurn = SubtensorInitialBurn; type InitialMaxBurn = SubtensorInitialMaxBurn; type InitialMinBurn = SubtensorInitialMinBurn; @@ -1691,7 +1689,6 @@ pub type TransactionExtensions = ( frame_system::CheckEra, check_nonce::CheckNonce, frame_system::CheckWeight, - pallet_rate_limiting::RateLimitTransactionExtension, ChargeTransactionPaymentWrapper, SudoTransactionExtension, pallet_subtensor::transaction_extension::SubtensorTransactionExtension, diff --git a/runtime/src/rate_limiting/legacy.rs b/runtime/src/rate_limiting/legacy.rs index 5311a982ab..cab3d37719 100644 --- a/runtime/src/rate_limiting/legacy.rs +++ b/runtime/src/rate_limiting/legacy.rs @@ -11,9 +11,8 @@ use subtensor_runtime_common::NetUid; use super::AccountId; use crate::{ - SubtensorInitialNetworkRateLimit, SubtensorInitialServingRateLimit, - SubtensorInitialTxChildKeyTakeRateLimit, SubtensorInitialTxDelegateTakeRateLimit, - SubtensorInitialTxRateLimit, + SubtensorInitialNetworkRateLimit, SubtensorInitialTxChildKeyTakeRateLimit, + SubtensorInitialTxDelegateTakeRateLimit, SubtensorInitialTxRateLimit, }; pub use types::{Hyperparameter, RateLimitKey, TransactionType}; @@ -146,7 +145,8 @@ pub mod defaults { use super::*; pub fn serving_rate_limit() -> u64 { - SubtensorInitialServingRateLimit::get() + // SubtensorInitialServingRateLimit::get() + 50 } pub fn weights_set_rate_limit() -> u64 { diff --git a/runtime/tests/rate_limiting_behavior.rs b/runtime/tests/rate_limiting_behavior.rs index 0350fa9f11..132fa1bbe3 100644 --- a/runtime/tests/rate_limiting_behavior.rs +++ b/runtime/tests/rate_limiting_behavior.rs @@ -1,5 +1,6 @@ #![allow(clippy::unwrap_used)] +use codec::Encode; use frame_support::traits::OnRuntimeUpgrade; use frame_system::pallet_prelude::BlockNumberFor; use node_subtensor_runtime::{ @@ -11,10 +12,11 @@ use pallet_rate_limiting::{RateLimitTarget, TransactionIdentifier}; use pallet_subtensor::Call as SubtensorCall; use pallet_subtensor::{ AxonInfo, HasMigrationRun, LastRateLimitedBlock, LastUpdate, NetworksAdded, PrometheusInfo, - RateLimitKey, ServingRateLimit, TransactionKeyLastBlock, WeightsSetRateLimit, - WeightsVersionKeyRateLimit, utils::rate_limiting::TransactionType, + RateLimitKey, TransactionKeyLastBlock, WeightsSetRateLimit, WeightsVersionKeyRateLimit, + utils::rate_limiting::TransactionType, }; use sp_core::{H160, ecdsa}; +use sp_io::{hashing::twox_128, storage}; use sp_runtime::traits::SaturatedConversion; use subtensor_runtime_common::{ NetUid, NetUidStorageIndex, @@ -63,6 +65,13 @@ fn clear_rate_limiting_storage() { pallet_rate_limiting::NextGroupId::::kill(); } +fn set_legacy_serving_rate_limit(netuid: NetUid, span: u64) { + let mut key = twox_128(b"SubtensorModule").to_vec(); + key.extend(twox_128(b"ServingRateLimit")); + key.extend(netuid.encode()); + storage::set(&key, &span.encode()); +} + fn parity_check( now: u64, call: RuntimeCall, @@ -247,7 +256,7 @@ fn serving_parity() { let hot = account(50); let netuid = NetUid::from(3u16); let span = 5u64; - ServingRateLimit::::insert(netuid, span); + set_legacy_serving_rate_limit(netuid, span); pallet_subtensor::Axons::::insert( netuid, hot.clone(), @@ -282,7 +291,7 @@ fn serving_parity() { block: now.saturating_sub(1), ..Default::default() }; - now.saturating_sub(info.block) >= ServingRateLimit::::get(netuid) + now.saturating_sub(info.block) >= span }; parity_check(now, axon_call, origin.clone(), None, None, legacy_axon); @@ -299,7 +308,7 @@ fn serving_parity() { block: now.saturating_sub(1), ..Default::default() }; - now.saturating_sub(info.block) >= ServingRateLimit::::get(netuid) + now.saturating_sub(info.block) >= span }; parity_check(now, prom_call, origin, None, None, legacy_prom); }); From cdd90c17fa60cdcee364b6cc9f8d5bb1f01208de Mon Sep 17 00:00:00 2001 From: Aliaksandr Tsurko Date: Tue, 23 Dec 2025 15:26:44 +0100 Subject: [PATCH 46/46] Update contract tests --- contract-tests/README.md | 3 + contract-tests/package.json | 2 +- .../subnet.precompile.hyperparameter.test.ts | 60 ++++++++++++++++++- contract-tests/test/wasm.contract.test.ts | 18 +++++- 4 files changed, 78 insertions(+), 5 deletions(-) diff --git a/contract-tests/README.md b/contract-tests/README.md index 78294603d3..90068e5553 100644 --- a/contract-tests/README.md +++ b/contract-tests/README.md @@ -36,6 +36,9 @@ npx papi add devnet -w ws://localhost:9944 If the runtime is upgrade, need to get the metadata again. ```bash +cd contract-tests/bittensor +cargo contract build --release +cd .. sh get-metadata.sh ``` diff --git a/contract-tests/package.json b/contract-tests/package.json index 26136346bb..6af55b1d9e 100644 --- a/contract-tests/package.json +++ b/contract-tests/package.json @@ -1,6 +1,6 @@ { "scripts": { - "test": "mocha --timeout 999999 --retries 3 --file src/setup.ts --require ts-node/register test/*test.ts" + "test": "TS_NODE_PREFER_TS_EXTS=1 TS_NODE_TRANSPILE_ONLY=1 mocha --timeout 999999 --retries 3 --file src/setup.ts --require ts-node/register --extension ts \"test/**/*.ts\"" }, "keywords": [], "author": "", diff --git a/contract-tests/test/subnet.precompile.hyperparameter.test.ts b/contract-tests/test/subnet.precompile.hyperparameter.test.ts index 87968b6e9f..aee28708b0 100644 --- a/contract-tests/test/subnet.precompile.hyperparameter.test.ts +++ b/contract-tests/test/subnet.precompile.hyperparameter.test.ts @@ -91,7 +91,65 @@ describe("Test the Subnet precompile contract", () => { const tx = await contract.setServingRateLimit(netuid, newValue); await tx.wait(); - let onchainValue = await api.query.SubtensorModule.ServingRateLimit.getValue(netuid) + const unwrapEnum = (value: unknown): { tag: string; value: unknown } | null => { + if (!value || typeof value !== "object") { + return null; + } + if ("type" in value && "value" in value) { + return { tag: (value as { type: string }).type, value: (value as { value: unknown }).value }; + } + const keys = Object.keys(value); + if (keys.length === 1) { + const key = keys[0]; + return { tag: key, value: (value as Record)[key] }; + } + return null; + }; + + const toNumber = (value: unknown): number | undefined => { + if (typeof value === "number") { + return value; + } + if (typeof value === "bigint") { + return Number(value); + } + if (typeof value === "string") { + const parsed = Number(value); + return Number.isNaN(parsed) ? undefined : parsed; + } + return undefined; + }; + + const extractRateLimit = (limits: unknown, scope: number): number | undefined => { + const decoded = unwrapEnum(limits); + if (!decoded) { + return undefined; + } + if (decoded.tag === "Global") { + const kind = unwrapEnum(decoded.value); + return kind?.tag === "Exact" ? toNumber(kind.value) : undefined; + } + if (decoded.tag !== "Scoped") { + return undefined; + } + const scopedEntries = decoded.value instanceof Map + ? Array.from(decoded.value.entries()) + : Array.isArray(decoded.value) + ? decoded.value + : []; + const entry = scopedEntries.find( + (item: unknown) => + Array.isArray(item) && item.length === 2 && toNumber(item[0]) === scope, + ) as [unknown, unknown] | undefined; + if (!entry) { + return undefined; + } + const kind = unwrapEnum(entry[1]); + return kind?.tag === "Exact" ? toNumber(kind.value) : undefined; + }; + + const limits = await api.query.RateLimiting.Limits.getValue({ Group: 0 } as any); + const onchainValue = extractRateLimit(limits, netuid); let valueFromContract = Number( diff --git a/contract-tests/test/wasm.contract.test.ts b/contract-tests/test/wasm.contract.test.ts index 26d5c87924..c42dbf5555 100644 --- a/contract-tests/test/wasm.contract.test.ts +++ b/contract-tests/test/wasm.contract.test.ts @@ -6,12 +6,23 @@ import { contracts } from "../.papi/descriptors"; import { getInkClient, InkClient, } from "@polkadot-api/ink-contracts" import { forceSetBalanceToSs58Address, startCall, burnedRegister } from "../src/subtensor"; import fs from "fs" +import path from "path"; import { convertPublicKeyToSs58 } from "../src/address-utils"; import { addNewSubnetwork, sendWasmContractExtrinsic } from "../src/subtensor"; import { tao } from "../src/balance-math"; -const bittensorWasmPath = "./bittensor/target/ink/bittensor.wasm" -const bittensorBytecode = fs.readFileSync(bittensorWasmPath) +const bittensorWasmPath = path.resolve(__dirname, "../bittensor/target/ink/bittensor.wasm") +const loadBittensorBytecode = () => { + if (!fs.existsSync(bittensorWasmPath)) { + throw new Error( + `Missing Ink wasm at ${bittensorWasmPath}. Run ` + + "`cd contract-tests/bittensor && cargo contract build --release` to generate it." + ) + } + + return fs.readFileSync(bittensorWasmPath) +} +let bittensorBytecode: Buffer; describe("Test wasm contract", () => { @@ -60,6 +71,7 @@ describe("Test wasm contract", () => { before(async () => { + bittensorBytecode = loadBittensorBytecode() // init variables got from await and async api = await getDevnetApi() @@ -584,4 +596,4 @@ describe("Test wasm contract", () => { assert.ok(result !== undefined) }) -}); \ No newline at end of file +});