Skip to content

Document subnet owner wallet security#2902

Closed
UnArbosFive wants to merge 3 commits into
RaoFoundation:mainfrom
UnArbosFive:codex/subnet-owner-wallet-security
Closed

Document subnet owner wallet security#2902
UnArbosFive wants to merge 3 commits into
RaoFoundation:mainfrom
UnArbosFive:codex/subnet-owner-wallet-security

Conversation

@UnArbosFive

Copy link
Copy Markdown
Contributor

Summary

  • document a multisig plus scoped Owner proxy setup for subnet owners
  • explain crowdloan ownership for new subnets and coldkey migration for existing owners
  • clarify how transfers, stake transfers, and coldkey swaps affect conviction locks

Why

Subnet owners need concise operational guidance for protecting ownership credentials and migrating an existing owner without losing conviction context.

Validation

  • git diff --check
  • verified internal documentation link targets
  • rendered the affected page with the local documentation preview

@vercel

vercel Bot commented Jul 14, 2026

Copy link
Copy Markdown

@UnArbosFive is attempting to deploy a commit to the RaoFoundation Team on Vercel.

A member of the Team first needs to authorize it.

@UnArbosFive UnArbosFive marked this pull request as ready for review July 14, 2026 15:24

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread docs/guides/subnets.mdx
Comment on lines +49 to +51
[**multisig**](/docs/guides/multisig) from registration, and from it grant a
dedicated operations key the narrow **Owner**
[proxy type](/docs/guides/proxies#proxy-types) for routine changes. The ops

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Security procedure links to nonexistent guides

Neither docs/guides/multisig.mdx nor docs/guides/proxies.mdx exists, and neither page is registered in docs/guides/meta.json. The same missing proxy guide is now referenced from docs/concepts/wallets.mdx. Consequently, subnet owners following this security-sensitive procedure reach 404s instead of the promised setup, migration, delay, and recovery instructions. Add and register both guides in this PR, or point these links to existing complete documentation.

@github-actions

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: VULNERABLE

VERY HIGH account-age scrutiny, mitigated by admin repository permission; no Gittensor association; codex/subnet-owner-wallet-security -> main.

Static analysis found no runtime, dependency, workflow, or trusted review-control changes. The operational claims match the proxy and coldkey-swap implementation, but the proposed security procedure depends on documentation pages that are absent from this PR and the repository.

Findings

Sev File Finding
MEDIUM docs/guides/subnets.mdx:51 Security procedure links to nonexistent guides inline

Conclusion

The documentation-only change introduces broken links at the core of its wallet-security procedure. Add and register the referenced guides, or link to existing complete instructions, before merge.


# 🔍 AI Review — Auditor (domain review) has not yet run on this PR.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@unarbos unarbos left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the docs against the swap/proxy runtime behavior; integrated with the multisig and proxies guides (links resolve once #2898 merges).

@unarbos unarbos left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs content reviewed: security guidance is accurate and consistent with the proxy/multisig material. Note: cross-links target /docs/guides/proxies and /docs/guides/multisig, which land with #2898 — merge after #2898 or the links 404.

@IntiTechnologies

Copy link
Copy Markdown
Contributor

Superseded by #2898 (v431 release): these changes were reviewed and integrated there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants