record db cost for precompile view functions

[open-junius]

Description

Record the db cost used in the precompile view function.

Related Issue(s)

• Closes AlphaPrecompile view functions perform Substrate work without charging EVM gas #2741

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Other (please describe):

Breaking Change

If this PR introduces a breaking change, please provide a detailed description of the impact and the migration path for existing applications.

Checklist

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have run ./scripts/fix_rust.sh to ensure my code is formatted and linted correctly
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

Screenshots (if applicable)

Please include any relevant screenshots or GIFs that demonstrate the changes made.

Additional Notes

Please provide any additional information or context that may be helpful for reviewers.

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🛡️ AI Review — Skeptic (security review)

VERDICT: VULNERABLE

BASELINE scrutiny: author has write permission and substantive prior contribution history; no Gittensor allowlist hit observed; branch record-db-cost-precompile -> devnet-ready.

No .github review-instruction changes, build-script changes, dependency changes, or lockfile changes were present.

Findings

Sev	File	Finding
MEDIUM	precompiles/src/alpha.rs:120	Simulated tao-for-alpha swap omits rollback-write gas	inline
MEDIUM	precompiles/src/alpha.rs:139	Simulated alpha-for-tao swap omits rollback-write gas	inline

Prior-comment reconciliation

• 47ad6c51: not addressed — Line 120 still records only 9 reads before sim_swap; the rollbacked PalSwap initialization writes remain uncharged.
• 44c0199d: not addressed — Line 139 still records only 9 reads before sim_swap; the rollbacked PalSwap initialization writes remain uncharged.

Conclusion

VULNERABLE because both simulated swap precompile paths can still execute rollbacked PalSwap initialization writes while charging only read gas. I found no malicious indicators.

---

📜 Previous run (superseded)

Sev	File	Finding	Status
MEDIUM	precompiles/src/alpha.rs:120	Simulated tao-for-alpha swap omits rollback-write gas	➡️ Carried forward to current findings Line 120 still records only 9 reads before sim_swap; the rollbacked PalSwap initialization writes remain uncharged.
MEDIUM	precompiles/src/alpha.rs:139	Simulated alpha-for-tao swap omits rollback-write gas	➡️ Carried forward to current findings Line 139 still records only 9 reads before sim_swap; the rollbacked PalSwap initialization writes remain uncharged.

---

🔍 AI Review — Auditor (domain review)

VERDICT: 👎

Gittensor: LIKELY by contribution heuristic; author has write permission and extensive prior subtensor/precompile history. Overlapping PRs #2723, #2685, and #2610 share files but appear unrelated in scope.

The Auditor proposed a replacement PR description, but the current body is non-trivial; not overwriting. Maintainers: ask the Auditor to regenerate if you want it.

The PR body is template-heavy, so I populated proposed_pr_body with a fuller description.

Duplicate-work check: overlapping PRs #2723, #2685, and #2610 do not appear to target this DB-cost accounting fix by title/scope, so I have no close recommendation.

I did not run cargo tests; the blocking issue is visible from the static swap call graph. git diff --check reported no whitespace errors. I could not query the live devnet specVersion from this sandbox due DNS resolution failure, so no spec-version auto-fix was applied.

Findings

Sev	File	Finding
HIGH	precompiles/src/alpha.rs:120	Swap simulation storage work is still undercharged	inline

Prior-comment reconciliation

• 0687d6e4: not addressed — The current diff still charges only record_db_reads::<R>(2) before both sim_swap precompile calls, while the dynamic swap simulation path performs substantially more storage reads and can perform rollback writes during initialization.

Conclusion

Blocking because the prior swap simulation storage-undercharge issue is still present. The simulation precompiles need to charge the full bounded storage footprint, or be refactored into a read-only quote path with gas-accounting tests.

---

📜 Previous run (superseded)

Sev	File	Finding	Status
HIGH	precompiles/src/alpha.rs:120	Swap simulation storage work is still undercharged	➡️ Carried forward to current findings The current diff still charges only record_db_reads::<R>(2) before both sim_swap precompile calls, while the dynamic swap simulation path performs substantially more storage reads and can perform rollback writes during initialization.

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

[MEDIUM] Simulated tao-for-alpha swap omits rollback-write gas

sim_swap runs through SwapEngine::swap(..., should_rollback = true), and swap_inner calls maybe_initialize_palswap before the transaction is rolled back. On a subnet where PalSwapInitialized is false, that path writes SwapBalancer and PalSwapInitialized, but this precompile charges only reads. Because rollback leaves the subnet uninitialized, callers can repeat the undercharged write work through this view call. Charge the rollback writes as well.

Suggested change

	handle.record_db_reads::<R>(9)?;
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

[MEDIUM] Simulated alpha-for-tao swap omits rollback-write gas

This simulation path has the same rollback-write gap: sim_swap can initialize PalSwap inside a rolled-back transaction, writing SwapBalancer and PalSwapInitialized while the precompile records only read gas. Since the rollback means the initialization is not persisted, the write work can be repeatedly forced at a read-only gas price. Charge the two possible rollback writes before entering the simulation.

Suggested change

	handle.record_db_reads::<R>(9)?;
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE

[l0r1s]

Looks good

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

[MEDIUM] Simulated tao-for-alpha swap omits rollback-write gas

sim_swap is not a pure read path for uninitialized PalSwap subnets: it invokes the swap engine with rollback, and maybe_initialize_palswap can write both SwapBalancer and PalSwapInitialized before the transaction rolls back. Charging only reads lets callers make the EVM execute two storage writes without paying write gas. Charge the worst-case rollback writes before the simulated swap.

Suggested change

	handle.record_db_reads::<R>(9)?;
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

[MEDIUM] Simulated alpha-for-tao swap omits rollback-write gas

This simulated swap uses the same rollbacked swap engine path as the tao-for-alpha case. On an uninitialized PalSwap subnet, maybe_initialize_palswap can insert SwapBalancer and PalSwapInitialized before rollback, but this precompile charges only read gas. Charge the two possible rollback writes as well.

Suggested change

	handle.record_db_reads::<R>(9)?;
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

[MEDIUM] Simulated tao-for-alpha swap omits rollback-write gas

sim_swap calls the swap engine with should_rollback = true, but mechanism-1 swaps still run maybe_initialize_palswap inside that rollbacked transaction. On an uninitialized subnet that writes SwapBalancer and PalSwapInitialized, so this precompile path can perform rollbacked storage writes while charging only read gas. Charge the worst-case write cost before entering sim_swap.

Suggested change

	// SubnetMechanism + swap simulation reads
	handle.record_db_reads::<R>(9)?;
	// SubnetMechanism + swap simulation reads + rollbacked PalSwap initialization writes
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

[MEDIUM] Simulated alpha-for-tao swap omits rollback-write gas

This simulation path has the same undercharge as the tao-for-alpha path: sim_swap can initialize PalSwap inside a rollbacked transaction, causing SwapBalancer and PalSwapInitialized writes that are not reflected in the recorded gas. Charge the worst-case write cost before the simulation call.

Suggested change

	// SubnetMechanism + swap simulation reads
	handle.record_db_reads::<R>(9)?;
	// SubnetMechanism + swap simulation reads + rollbacked PalSwap initialization writes
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

[MEDIUM] Simulated tao-for-alpha swap omits rollback-write gas

sim_swap still routes through the dynamic-subnet swap path, where swap_inner calls maybe_initialize_palswap. On an uninitialized subnet that inserts both SwapBalancer and PalSwapInitialized before the surrounding transaction rolls back, so this precompile can perform write-cost storage work while charging only 9 reads. Charge the rollback writes too, or refactor simulation into a strictly read-only quote path.

Suggested change

	handle.record_db_reads::<R>(9)?;
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

[MEDIUM] Simulated alpha-for-tao swap omits rollback-write gas

This path has the same undercharge as simSwapTaoForAlpha: SwapHandler::sim_swap can initialize PalSwap state inside the rollback transaction, writing SwapBalancer and PalSwapInitialized, but the precompile records only read gas before entering the call. Charge those possible writes or make the simulation path read-only.

Suggested change

	handle.record_db_reads::<R>(9)?;
	handle.record_db_reads::<R>(9)?;
	handle.record_db_writes::<R>(2)?;

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE