Remove pallet-registry from runtime#2747
Conversation
l0r1s
requested review from
JohnReedV,
evgeny-s,
gztensor,
open-junius and
sam0x17
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| Scheduler: pallet_scheduler = 15, | ||
| Proxy: pallet_proxy = 16, | ||
| Registry: pallet_registry = 17, | ||
| // pallet_registry was 17 |
There was a problem hiding this comment.
[HIGH] Removing Registry leaves existing identity deposits without a release path
Registry::set_identity previously placed balance holds under HoldReason::RegistryIdentity, and Registry::clear_identity was the release path. This PR removes the pallet and its RuntimeHoldReason variant without adding an OnRuntimeUpgrade migration to release any existing Registry holds or prove the storage is empty. Do not assume the public extrinsic was unused from codebase references alone; if any account used it on-chain, its held deposit can become inaccessible or otherwise mishandled after the upgrade. Add a migration/try-state guard that handles Registry::IdentityOf and corresponding balance holds before removing the pallet from the runtime.
🛡️ AI Review — Skeptic (security review)VERDICT: VULNERABLE Baseline scrutiny: l0r1s has write permission, an established account, and substantial prior subtensor PR history; branch remove-registry-pallet -> devnet-ready. No Findings
Other findings
ConclusionThe PR is not malicious, but it is currently vulnerable because it removes a runtime pallet without a state/hold migration and without bumping the runtime # 🔍 AI Review — Auditor (domain review) has not yet run on this PR. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
l0r1s
added
the
skip-cargo-audit
2 participants
Description
Removed the pallet-registry because it's not used in the codebase.