Security: opentensor/subtensor
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Per-subnet ChildkeyTake is not migrated during hotkey swap, silently resetting the new hotkey's take to the subnet floorGHSA-wc2g-rc74-vgw3 published
Jun 17, 2026 by sam0x17Low -
StakingColdkeysByIndex / NumStakingColdkeys grow monotonically and are never pruned on full unstake or coldkey swapGHSA-rhmm-mqf8-v6gv published
Jun 17, 2026 by sam0x17Low -
Per-subnet hotkey-swap cooldown (HotkeySwapOnSubnetInterval) is bypassable via the all-subnets swap pathGHSA-vpjj-mhgr-cphg published
Jun 17, 2026 by sam0x17Low -
Root cleanliness gate omits RootClaimed, letting hotkey-swap merge inflate the claimed high-water mark and under-pay future root dividendsGHSA-6c95-q3r3-rgwq published
Jun 17, 2026 by sam0x17Low -
set_weights / commit_weights family is Pays::No with the per-neuron rate limit enforced only in the dispatch body, enabling fee-free block-fill floodingGHSA-h98r-p37h-h4mv published
Jun 17, 2026 by sam0x17Moderate -
Owner proxy except sudo_set_sn_owner_hotkey carve-out is bypassable via the duplicate alias sudo_set_subnet_owner_hotkeyGHSA-xm63-2wwx-pm6w published
Jun 17, 2026 by sam0x17Moderate -
NonFungible proxy denylist omits live swap_hotkey_v2 (call 72), letting a scoped delegate reassign a victim's hotkey identityGHSA-qh57-vpv2-3fvp published
Jun 17, 2026 by sam0x17High -
Restricted proxies (NonTransfer/NonFungible/NonCritical) can take over an entire coldkey via the announce/swap coldkey-swap lifecycleGHSA-m759-m8mv-q3m5 published
Jun 17, 2026 by sam0x17High
Learn more about advisories related to opentensor/subtensor in the GitHub Advisory Database