Document subnet owner wallet security#2902
Conversation
|
@UnArbosFive is attempting to deploy a commit to the RaoFoundation Team on Vercel. A member of the Team first needs to authorize it. |
Co-authored-by: Cursor <cursoragent@cursor.com>
| [**multisig**](/docs/guides/multisig) from registration, and from it grant a | ||
| dedicated operations key the narrow **Owner** | ||
| [proxy type](/docs/guides/proxies#proxy-types) for routine changes. The ops |
There was a problem hiding this comment.
[MEDIUM] Security procedure links to nonexistent guides
Neither docs/guides/multisig.mdx nor docs/guides/proxies.mdx exists, and neither page is registered in docs/guides/meta.json. The same missing proxy guide is now referenced from docs/concepts/wallets.mdx. Consequently, subnet owners following this security-sensitive procedure reach 404s instead of the promised setup, migration, delay, and recovery instructions. Add and register both guides in this PR, or point these links to existing complete documentation.
🛡️ AI Review — Skeptic (security review)VERDICT: VULNERABLE VERY HIGH account-age scrutiny, mitigated by admin repository permission; no Gittensor association; codex/subnet-owner-wallet-security -> main. Static analysis found no runtime, dependency, workflow, or trusted review-control changes. The operational claims match the proxy and coldkey-swap implementation, but the proposed security procedure depends on documentation pages that are absent from this PR and the repository. Findings
ConclusionThe documentation-only change introduces broken links at the core of its wallet-security procedure. Add and register the referenced guides, or link to existing complete instructions, before merge. # 🔍 AI Review — Auditor (domain review) has not yet run on this PR. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
Superseded by #2898 (v431 release): these changes were reviewed and integrated there. |
Summary
Why
Subnet owners need concise operational guidance for protecting ownership credentials and migrating an existing owner without losing conviction context.
Validation
git diff --check