pezkuwichain/pezkuwi-sdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: presale benchmark missing args + security audit advisory cleanup

Browse Source 
- Fix refund_cancelled_presale benchmark: add missing start_index and
  batch_size arguments (0, 100) to match the 3-param extrinsic signature
- Remove 3 stale RUSTSEC advisories from deny.toml and security-audit.yml
  (RUSTSEC-2023-0071, RUSTSEC-2025-0055, RUSTSEC-2026-0002 no longer in deps)
- Add RUSTSEC-2026-0049 (rustls-webpki) to ignore lists (upstream kube/jsonrpsee
  haven't released compatible versions yet)
This commit is contained in:
Kurdistan Tech Ministry
2026-03-27 09:34:47 +03:00
parent 894617563a
commit fd197ae78f
3 changed files with 6 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/security-audit.yml
+1 -3
View File
@@ -56,9 +56,7 @@ jobs:
--ignore RUSTSEC-2026-0006 \ --ignore RUSTSEC-2026-0006 \
--ignore RUSTSEC-2026-0020 \ --ignore RUSTSEC-2026-0020 \
--ignore RUSTSEC-2026-0021 \ --ignore RUSTSEC-2026-0021 \
--ignore RUSTSEC-2023-0071 \ --ignore RUSTSEC-2026-0049 \
--ignore RUSTSEC-2025-0055 \
--ignore RUSTSEC-2026-0002 \
2>&1 | tee audit-output.txt 2>&1 | tee audit-output.txt
RESULT=${PIPESTATUS[0]} RESULT=${PIPESTATUS[0]}
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
deny.toml
+4 -11
View File
@@ -26,17 +26,10 @@ ignore = [
"RUSTSEC-2026-0020", # wasmtime guest-controlled resource exhaustion "RUSTSEC-2026-0020", # wasmtime guest-controlled resource exhaustion
"RUSTSEC-2026-0021", # wasmtime panic in wasi:http/types.fields "RUSTSEC-2026-0021", # wasmtime panic in wasi:http/types.fields
# rsa 0.9.10: no upstream fix available. Pulled transitively by sqlx-mysql # rustls-webpki 0.101.7 & 0.103.9: pulled transitively by kube (0.87.2) and
# (used in pezpallet-revive-eth-rpc). Not used for cryptographic signing in our chain. # jsonrpsee (0.24.10). Fix requires >=0.103.10 but upstream hasn't released
"RUSTSEC-2023-0071", # rsa Marvin Attack timing sidechannel # compatible versions of kube/jsonrpsee yet.
"RUSTSEC-2026-0049", # rustls-webpki certificate path building panic
# tracing-subscriber 0.2.25: pulled by ark-relations 0.5.1 (latest).
# Upstream arkworks hasn't updated to tracing-subscriber 0.3.x yet.
"RUSTSEC-2025-0055", # tracing-subscriber ANSI log poisoning
# lru 0.12.5: IterMut Stacked Borrows violation. Pulled by smoldot-light.
# 0.12.5 is latest version, no patch available yet.
"RUSTSEC-2026-0002", # lru IterMut internal pointer invalidation
] ]
# License compliance # License compliance
pezcumulus/teyrchains/pezpallets/presale/src/benchmarking.rs
+1 -1
View File
@@ -296,7 +296,7 @@ mod benchmarks {
let _ = Presale::<T>::cancel_presale(RawOrigin::Root.into(), presale_id); let _ = Presale::<T>::cancel_presale(RawOrigin::Root.into(), presale_id);
#[extrinsic_call] #[extrinsic_call]
refund_cancelled_presale(RawOrigin::Signed(caller.clone()), presale_id); refund_cancelled_presale(RawOrigin::Signed(caller.clone()), presale_id, 0, 100);
// Verify refund was processed // Verify refund was processed
let contribution = crate::Contributions::<T>::get(presale_id, &caller).unwrap(); let contribution = crate::Contributions::<T>::get(presale_id, &caller).unwrap();