Fix balancer performance

[gztensor]

Description

This hotfix reduces the precision used by the swap balancer exponentiation path and adds a hard guard that rejects swaps whose net input exceeds 1000x the current input-side reserve. The goal is to avoid pathological swap calculations for extremely large inputs while preserving the existing swap behavior for normal-sized orders.

Files of interest:

• pallets/swap/src/pallet/balancer.rs: lowers exponentiation precision and caps positive-delta exponent results.
• pallets/swap/src/pallet/swap_step.rs: makes swap-step construction fallible and enforces the input-vs-reserve limit before and after limit-price adjustment.
• pallets/swap/src/pallet/mod.rs: adds SwapInputTooLarge.
• pallets/swap/src/pallet/tests.rs: adds boundary tests for the 1000x reserve limit in both swap directions.

Runtime impact: swaps above the 1000x input reserve threshold now fail with SwapInputTooLarge; swaps at the threshold remain allowed. This is runtime-affecting and requires a spec_version bump.

Testing: the PR adds unit coverage for rejecting over-limit inputs and allowing exactly-at-limit inputs in both swap directions. The author checklist states ./scripts/fix_rust.sh and unit tests were run locally.

Additional side-effect fix: Enforce atomic add-stake recycle/burn operations by rolling back the initial stake when the recycle or burn leg fails.

[github-actions]

🚨🚨🚨 HOTFIX DETECTED 🚨🚨🚨

It looks like you are trying to merge a hotfix PR into main. If this isn't what you wanted to do, and you just wanted to make a regular PR, please close this PR, base your changes off the devnet-ready branch and open a new PR into devnet ready.

If you are trying to merge a hotfix PR, please complete the following essential steps:

1. go ahead and get this PR into main merged, so we can get the change in as quickly as possible!
2. merge main into testnet, bumping spec_version
3. deploy testnet
4. merge testnet into devnet, bumping spec_version
5. deploy devnet
6. merge devnet into devnet-ready

If you do not complete these steps, your hotfix may be inadvertently removed in the future when branches are promoted to main, so it is essential that you do so.

[github-actions]

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: repo write permission, established contributor history, no trusted Gittensor allowlist match; fix/balancer-performance -> main is labeled and described as a hotfix.

No .github/ai-review/*, .github/copilot-instructions.md, dependency, lockfile, build-script, unsafe, hidden-account, block-height, timestamp, or origin-check changes were present. The direct-to-main target is justified by the hotfix label and PR description.

The prior simulated-swap bypass is addressed: the input-reserve guard now runs before swap_inner inside do_swap, so rollback/simulation calls take the same guard path before reaching balancer exponentiation.

Findings

No findings.

Prior-comment reconciliation

• 4316e208: addressed — do_swap now calls ensure_swap_input_within_reserve_limit before swap_inner, so sim_swap and rollback swaps reject oversized inputs before reaching the balancer exponentiation path.

Conclusion

I did not find malicious intent or a remaining security vulnerability in the latest diff. The previously flagged oversized-input simulation path is now covered.

---

📜 Previous run (superseded)

Sev	File	Finding	Status
HIGH	pallets/swap/src/pallet/impls.rs:166	Apply the oversized-input guard to simulated swaps too	✅ Addressed do_swap now calls ensure_swap_input_within_reserve_limit before swap_inner, so sim_swap and rollback swaps reject oversized inputs before reaching the balancer exponentiation path.

---

🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor: LIKELY by recent subtensor-heavy contribution history; author has write permission and this main-target PR is labeled hotfix.

PR body is substantive, runtime/src/lib.rs bumps spec_version from 423 to 424, and no auto-fix was applied. I ran git diff --check; it passed. I did not run cargo because the prior blocker is covered statically by the updated guard placement and added swap tests. Overlapping open PRs touch swap/runtime-adjacent files, but I did not find a duplicate of this balancer-performance hotfix.

Findings

No findings.

Prior-comment reconciliation

• 4f1c4188: addressed — do_swap now calls ensure_swap_input_within_reserve_limit before swap_inner, so simulated swaps and rollback probes reject oversized inputs before reaching balancer exponentiation.
• be959654: addressed — exp_scaled now clamps only the positive-delta path; negative-delta exponent results remain uncapped.

Conclusion

Approving: the previous simulated-swap bypass is now covered before swap_inner, the max-amount probes no longer send u64::MAX through the balancer, and the side-effect rollback fix is transactionally scoped with regression coverage.

---

📜 Previous run (superseded)

Sev	File	Finding	Status
HIGH	pallets/swap/src/pallet/impls.rs:157	Apply the oversized-input guard to simulated swaps too	✅ Addressed do_swap now calls ensure_swap_input_within_reserve_limit before swap_inner, so simulated swaps and rollback probes reject oversized inputs before reaching balancer exponentiation.

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

[github-actions]

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

[github-actions]

🔄 AI review updated — Skeptic: VULNERABLE

[github-actions]

🔄 AI review updated — Skeptic: SAFE Auditor: 👍