From 59d8a49044e190170ca3939b74e48cd012ed5a1a Mon Sep 17 00:00:00 2001 From: NightCrawler Date: Wed, 25 Mar 2026 16:48:02 +0000 Subject: [PATCH 1/3] hotfix: temporarily disable audit evidence submissions in SDK and storage challenge - disable SubmitCascadeClientFailureEvidence in SDK adapter (log + no-op) - disable storage challenge failure evidence submission path (log + no-op) - keep runtime behavior explicit with mitigation comments for incident-response rollback clarity --- sdk/adapters/lumera/adapter.go | 38 ++++--------------------- supernode/storage_challenge/service.go | 39 ++++---------------------- 2 files changed, 12 insertions(+), 65 deletions(-) diff --git a/sdk/adapters/lumera/adapter.go b/sdk/adapters/lumera/adapter.go index e7b1e678..8528d210 100644 --- a/sdk/adapters/lumera/adapter.go +++ b/sdk/adapters/lumera/adapter.go @@ -2,13 +2,11 @@ package lumera import ( "context" - "encoding/json" "fmt" "sort" "strings" "time" - audittypes "github.com/LumeraProtocol/lumera/x/audit/v1/types" "github.com/LumeraProtocol/supernode/v2/sdk/log" actiontypes "github.com/LumeraProtocol/lumera/x/action/v1/types" @@ -391,37 +389,13 @@ func (a *Adapter) SubmitCascadeClientFailureEvidence( targetSupernodeAccounts []string, details map[string]string, ) error { - if a.client == nil { - return fmt.Errorf("lumera client is nil") - } - subjectAddress = strings.TrimSpace(subjectAddress) - if subjectAddress == "" { - return fmt.Errorf("subject address cannot be empty") - } - if details == nil { - details = map[string]string{} - } - - meta := audittypes.CascadeClientFailureEvidenceMetadata{ - ReporterComponent: audittypes.CascadeClientFailureReporterComponent_CASCADE_CLIENT_FAILURE_REPORTER_COMPONENT_SDK_GO, - TargetSupernodeAccounts: append([]string(nil), targetSupernodeAccounts...), - Details: details, - } - bz, err := json.Marshal(meta) - if err != nil { - return fmt.Errorf("marshal cascade client failure evidence metadata: %w", err) - } - - _, err = a.client.AuditMsg().SubmitEvidence( - ctx, - subjectAddress, - audittypes.EvidenceType_EVIDENCE_TYPE_CASCADE_CLIENT_FAILURE, - actionID, - string(bz), + // TEMPORARY INCIDENT MITIGATION: + // Disabled per operational directive to prevent cascade client complaint evidence submissions. + a.logger.Warn(ctx, "Cascade client failure evidence submission is temporarily disabled", + "subject_address", strings.TrimSpace(subjectAddress), + "action_id", actionID, + "targets_count", len(targetSupernodeAccounts), ) - if err != nil { - return fmt.Errorf("submit cascade client failure evidence: %w", err) - } return nil } diff --git a/supernode/storage_challenge/service.go b/supernode/storage_challenge/service.go index 7d8e0673..c7f62381 100644 --- a/supernode/storage_challenge/service.go +++ b/supernode/storage_challenge/service.go @@ -583,44 +583,17 @@ func (s *Service) callVerifySliceProof(ctx context.Context, remoteIdentity strin } func (s *Service) maybeSubmitEvidence(ctx context.Context, params audittypes.Params, epochID uint64, challengeID, fileKey, recipient, failureType, transcriptHashHex string) error { - if !s.cfg.SubmitEvidence || !params.ScEnabled { - logtrace.Debug(ctx, "storage challenge: evidence submission skipped", logtrace.Fields{ - "epoch_id": epochID, - "challenge_id": challengeID, - "recipient_id": recipient, - "failure_type": failureType, - "submit_evidence_config": s.cfg.SubmitEvidence, - "sc_enabled_param": params.ScEnabled, - }) - return nil - } - - meta := audittypes.StorageChallengeFailureEvidenceMetadata{ - EpochId: epochID, - ChallengerSupernodeAccount: s.identity, - ChallengedSupernodeAccount: recipient, - ChallengeId: challengeID, - FileKey: fileKey, - FailureType: failureType, - TranscriptHash: transcriptHashHex, - } - bz, err := json.Marshal(meta) - if err != nil { - return err - } - - submitCtx, cancel := context.WithTimeout(ctx, scEvidenceSubmitTimeout) - defer cancel() + _ = params + _ = transcriptHashHex - _, err = s.lumera.AuditMsg().SubmitEvidence(submitCtx, recipient, audittypes.EvidenceType_EVIDENCE_TYPE_STORAGE_CHALLENGE_FAILURE, "", string(bz)) - if err != nil { - return err - } - logtrace.Warn(ctx, "storage challenge failure evidence submitted", logtrace.Fields{ + // TEMPORARY INCIDENT MITIGATION: + // Disabled per operational directive to pause storage challenge evidence submissions. + logtrace.Warn(ctx, "storage challenge: evidence submission temporarily disabled", logtrace.Fields{ "epoch_id": epochID, "challenge_id": challengeID, "recipient_id": recipient, "failure_type": failureType, + "file_key": fileKey, }) return nil } From 5e8f9ac82cb8406967cefea74ddeda1496ee0d77 Mon Sep 17 00:00:00 2001 From: NightCrawler Date: Wed, 25 Mar 2026 16:52:41 +0000 Subject: [PATCH 2/3] hotfix: comment out evidence submit tx lines (keep code paths intact) Per incident directive, preserve evidence construction/validation code and comment out only chain submission calls for: - cascade client complaint evidence (SDK adapter) - storage challenge failure evidence (storage challenge service) --- sdk/adapters/lumera/adapter.go | 42 +++++++++++++++++++++----- supernode/storage_challenge/service.go | 42 ++++++++++++++++++++++---- 2 files changed, 71 insertions(+), 13 deletions(-) diff --git a/sdk/adapters/lumera/adapter.go b/sdk/adapters/lumera/adapter.go index 8528d210..ca32be58 100644 --- a/sdk/adapters/lumera/adapter.go +++ b/sdk/adapters/lumera/adapter.go @@ -2,11 +2,13 @@ package lumera import ( "context" + "encoding/json" "fmt" "sort" "strings" "time" + audittypes "github.com/LumeraProtocol/lumera/x/audit/v1/types" "github.com/LumeraProtocol/supernode/v2/sdk/log" actiontypes "github.com/LumeraProtocol/lumera/x/action/v1/types" @@ -389,13 +391,39 @@ func (a *Adapter) SubmitCascadeClientFailureEvidence( targetSupernodeAccounts []string, details map[string]string, ) error { - // TEMPORARY INCIDENT MITIGATION: - // Disabled per operational directive to prevent cascade client complaint evidence submissions. - a.logger.Warn(ctx, "Cascade client failure evidence submission is temporarily disabled", - "subject_address", strings.TrimSpace(subjectAddress), - "action_id", actionID, - "targets_count", len(targetSupernodeAccounts), - ) + if a.client == nil { + return fmt.Errorf("lumera client is nil") + } + subjectAddress = strings.TrimSpace(subjectAddress) + if subjectAddress == "" { + return fmt.Errorf("subject address cannot be empty") + } + if details == nil { + details = map[string]string{} + } + + meta := audittypes.CascadeClientFailureEvidenceMetadata{ + ReporterComponent: audittypes.CascadeClientFailureReporterComponent_CASCADE_CLIENT_FAILURE_REPORTER_COMPONENT_SDK_GO, + TargetSupernodeAccounts: append([]string(nil), targetSupernodeAccounts...), + Details: details, + } + bz, err := json.Marshal(meta) + if err != nil { + return fmt.Errorf("marshal cascade client failure evidence metadata: %w", err) + } + _ = bz + + // TEMPORARY INCIDENT MITIGATION: chain submission intentionally disabled. + // _, err = a.client.AuditMsg().SubmitEvidence( + // ctx, + // subjectAddress, + // audittypes.EvidenceType_EVIDENCE_TYPE_CASCADE_CLIENT_FAILURE, + // actionID, + // string(bz), + // ) + if err != nil { + return fmt.Errorf("submit cascade client failure evidence: %w", err) + } return nil } diff --git a/supernode/storage_challenge/service.go b/supernode/storage_challenge/service.go index c7f62381..a92e609c 100644 --- a/supernode/storage_challenge/service.go +++ b/supernode/storage_challenge/service.go @@ -583,17 +583,47 @@ func (s *Service) callVerifySliceProof(ctx context.Context, remoteIdentity strin } func (s *Service) maybeSubmitEvidence(ctx context.Context, params audittypes.Params, epochID uint64, challengeID, fileKey, recipient, failureType, transcriptHashHex string) error { - _ = params - _ = transcriptHashHex + if !s.cfg.SubmitEvidence || !params.ScEnabled { + logtrace.Debug(ctx, "storage challenge: evidence submission skipped", logtrace.Fields{ + "epoch_id": epochID, + "challenge_id": challengeID, + "recipient_id": recipient, + "failure_type": failureType, + "submit_evidence_config": s.cfg.SubmitEvidence, + "sc_enabled_param": params.ScEnabled, + }) + return nil + } + + meta := audittypes.StorageChallengeFailureEvidenceMetadata{ + EpochId: epochID, + ChallengerSupernodeAccount: s.identity, + ChallengedSupernodeAccount: recipient, + ChallengeId: challengeID, + FileKey: fileKey, + FailureType: failureType, + TranscriptHash: transcriptHashHex, + } + bz, err := json.Marshal(meta) + if err != nil { + return err + } + + submitCtx, cancel := context.WithTimeout(ctx, scEvidenceSubmitTimeout) + defer cancel() + _ = submitCtx + _ = bz - // TEMPORARY INCIDENT MITIGATION: - // Disabled per operational directive to pause storage challenge evidence submissions. - logtrace.Warn(ctx, "storage challenge: evidence submission temporarily disabled", logtrace.Fields{ + // TEMPORARY INCIDENT MITIGATION: chain submission intentionally disabled. + // _, err = s.lumera.AuditMsg().SubmitEvidence(submitCtx, recipient, audittypes.EvidenceType_EVIDENCE_TYPE_STORAGE_CHALLENGE_FAILURE, "", string(bz)) + if err != nil { + return err + } + logtrace.Warn(ctx, "storage challenge failure evidence submission temporarily disabled", logtrace.Fields{ "epoch_id": epochID, "challenge_id": challengeID, "recipient_id": recipient, "failure_type": failureType, - "file_key": fileKey, }) return nil } From cb29ee561c8cd1d2070c08486ea92de7d5945aa8 Mon Sep 17 00:00:00 2001 From: NightCrawler Date: Wed, 25 Mar 2026 17:55:34 +0000 Subject: [PATCH 3/3] hotfix: resolve PR comments by removing dead err checks in disabled submit paths --- sdk/adapters/lumera/adapter.go | 6 +++--- supernode/storage_challenge/service.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sdk/adapters/lumera/adapter.go b/sdk/adapters/lumera/adapter.go index ca32be58..d0a23cb2 100644 --- a/sdk/adapters/lumera/adapter.go +++ b/sdk/adapters/lumera/adapter.go @@ -421,9 +421,9 @@ func (a *Adapter) SubmitCascadeClientFailureEvidence( // actionID, // string(bz), // ) - if err != nil { - return fmt.Errorf("submit cascade client failure evidence: %w", err) - } + // if err != nil { + // return fmt.Errorf("submit cascade client failure evidence: %w", err) + // } return nil } diff --git a/supernode/storage_challenge/service.go b/supernode/storage_challenge/service.go index a92e609c..c9e972df 100644 --- a/supernode/storage_challenge/service.go +++ b/supernode/storage_challenge/service.go @@ -616,9 +616,9 @@ func (s *Service) maybeSubmitEvidence(ctx context.Context, params audittypes.Par // TEMPORARY INCIDENT MITIGATION: chain submission intentionally disabled. // _, err = s.lumera.AuditMsg().SubmitEvidence(submitCtx, recipient, audittypes.EvidenceType_EVIDENCE_TYPE_STORAGE_CHALLENGE_FAILURE, "", string(bz)) - if err != nil { - return err - } + // if err != nil { + // return err + // } logtrace.Warn(ctx, "storage challenge failure evidence submission temporarily disabled", logtrace.Fields{ "epoch_id": epochID, "challenge_id": challengeID,