fix: add missing hotkey guard in handle_pat_check to prevent ValueError DoS#1302
Open
Tet-9 wants to merge 1 commit into
Open
fix: add missing hotkey guard in handle_pat_check to prevent ValueError DoS#1302Tet-9 wants to merge 1 commit into
Tet-9 wants to merge 1 commit into
Conversation
…or DoS handle_pat_check called validator.metagraph.hotkeys.index(hotkey) without first checking if the hotkey is still registered. When a metagraph refresh deregisters a hotkey between the blacklist pass and the handler execution, list.index() raises an uncaught ValueError that crashes the axon coroutine — preventing the validator from serving any further PatCheckSynapse requests until restarted. Every sibling function already guards this correctly with: if hotkey not in validator.metagraph.hotkeys Apply the same guard to handle_pat_check, returning a rejected synapse with rejection_reason='Hotkey not registered on subnet' to match the behavior of handle_pat_broadcast. Fixes entrius#1297
Tet-9
force-pushed
the
fix/1297-handle-pat-check-missing-hotkey-guard
branch
from
0b01875 to
b4488cf
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
handle_pat_checkcalledvalidator.metagraph.hotkeys.index(hotkey)without first verifying the hotkey is still registered. When a
metagraph refresh deregisters a hotkey between the blacklist pass and
handler execution — a real TOCTOU window at epoch boundaries —
list.index()raises an uncaughtValueErrorthat crashes the axoncoroutine. The validator stops processing all
PatCheckSynapserequests until manually restarted.
Root Cause
The axon pipeline runs
blacklist → priority → handleras separateasync calls with no atomic lock over the metagraph. A hotkey that
passes
blacklist_pat_checkcan be deregistered beforehandle_pat_checkexecutes, hitting the unguarded.index()call.Every sibling function in
pat_handler.pyalready guards this:handle_pat_broadcastblacklist_pat_broadcastpriority_pat_broadcastblacklist_pat_checkpriority_pat_checkhandle_pat_checkFix
Apply the same guard already used in
handle_pat_broadcast— checkhotkey not in validator.metagraph.hotkeysbefore calling.index(),and return a rejected synapse with
rejection_reason='Hotkey not registered on subnet'on the missing-hotkey path.Testing
1475 tests passing, no regressions.
Fixes #1297