This release contains the changes from polkadot-stable2603-3 to polkadot-stable2603-4.
ℹ️ Please note:
This is a patch release for the latest stable version: stable2603. If your nodes are already running on this stable release,
you should upgrade to this patch version to get the latest fixes.
The tag corresponding to the current patch release polkadot-stable2603-4 and matching the old pattern will be
available under polkadot-v1.22.4.
The node version for this release is: v1.22.4
The following crates were updated to the corresponding versions:
Crates list
Changelog
Changelog for Node Dev
ℹ️ These changes are relevant to: Those who build around the client side code. Alternative client builders, SMOLDOT, those who consume RPCs. These are people who are oblivious to the runtime changes. They only care about the meta-protocol, not the protocol itself.
[#12113]: Aura: Fetch slot duration at parent and not best block
Fetch the slot duration from the parent we are building on top of and not from the best block.
Changelog for Runtime Dev
ℹ️ These changes are relevant to: All of those who rely on the runtime. A parachain team that is using a pallet. A DApp that is using a pallet. These are people who care about the protocol (WASM, not the meta-protocol (client).)
[#11910]: XCM hardening - fix some regressions
This PR fixes some regressions, improves code and adds more defense-in-depth in a couple places.
xcm-executor: drain holdings by ownership in deposit_assets_with_retry
Add AssetsInHolding::into_per_asset_holdings() and use it in deposit_assets_with_retry so each pass consumes the input via owning BTreeMap/BTreeSet iterators instead of assets_iter().collect() + try_take. Per asset this drops one AssetId clone, one or two BTreeMap lookups, one dynamic dispatch on saturating_take, and one internal subsume_assets call; per pass it drops the intermediate Vec<Asset> allocation. Behaviour is unchanged: same iteration order, same partial-failure / retry semantics.
xcm-executor: remove now dead code related do dust deposit errors
deposit_assets_with_retry previously tried to silently drop "dust" (below-minimum) deposit failures, comparing the returned XcmError string against the canonical TokenError::BelowMinimum text. After PR #10384 within FungiblesAdapter::deposit_asset the underlying DispatchError is discarded and the adapter returns XcmError::FailedToTransactAsset("") - an empty string. The dust check never matched, so classifying the error is no longer possible.
Remove the special handling of dust deposit errors (which can no longer be identified from returned error), and treat all errors the same.
xcm-executor: rollback all side-effects of partial instruction execution
Defense-in-depth: higher components in the stack leading up to xcm-executor are already using
transactional layers to discard all state side effects on failed execution, but even so, this
commit adds defense-in-depth by making sure even at the xcm-executor level, side effects are
properly cleaned up on error.
cumulus/utility: fix inverted ED guard in TakeFirstAssetTrader::refund_weight
The else-branch was refunding ED to the user and leaving sub-ED dust for the OnUnbalanced drop handler, the inverse of the intended behavior.
Refund outstanding - ED instead so the handler keeps at least ED (or all of it when outstanding < ED), preventing silent fee burns.
This was actually a bug, but TakeFirstAssetTrader is not used by any production runtimes.
snowbridge: short-circuit on register-token error path
Minor optimization and defense-in-depth - short-circuit on errors and don't directly compare Options.
snowbridge: harden BLS public key deserialisation
Defense-in-depth: validate all cryptographic inputs.
The Merkle proof binding means the public keys must match exactly what the Ethereum beacon chain committed. Since the beacon chain itself enforces G1 subgroup membership for validator keys, invalid subgroup points cannot appear in honest beacon chain state.
An attacker would need to compromise the Merkle proof verification (e.g., via a SHA-256 collision or another bug in the verification chain) to inject a public key that is on the BLS12-381 curve but not in the G1 subgroup.
The performance cost of the subgroup check is a one-time cost during sync committee preparation (512 checks per sync committee period, approximately every 27 hours). This is negligible compared to the BLS signature verification that occurs on every update. So just check it as defense-in-depth.
[#12214]: pallet-beefy-mmr: align ECDSA→ETH failure sentinel between converter and consumer
BeefyEcdsaToEthereum returned an empty Vec on conversion failure, while compute_authority_set counted failures by matching [0u8; 20].
Extract the sentinel into a shared FAILED_BEEFY_TO_ETH_ADDRESS constant referenced by both sites.
Fix mock_beefy_id to derive valid ECDSA keys so tests exercise the happy path as well as the failure branch.
[#12176]: xcmp-queue: Store the bytes in the channel status
This improves the performance of xcmp-queue by not requiring to check all pages individually.
Rust compiler versions
This release was built and tested against the following versions of rustc.
Other versions may work.
- Rust Stable:
1.93.0
Docker images
The docker images for the polkadot node binary and the polkadot-parachain binary can be found at Docker hub (will be available a few minutes after the release has been published):
You may also pull it with:
docker pull parity/polkadot:stable2603-4
or
docker pull parity/polkadot-parachain:stable2603-4