diff --git a/.github/workflows/publish-check-compile.yml b/.github/workflows/publish-check-compile.yml deleted file mode 100644 index f20909106a82..000000000000 --- a/.github/workflows/publish-check-compile.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Check publish build - -on: - push: - branches: - - master - pull_request: - types: [opened, synchronize, reopened, ready_for_review] - merge_group: - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - preflight: - uses: ./.github/workflows/reusable-preflight.yml - - check-publish-compile: - timeout-minutes: 90 - needs: [preflight] - runs-on: ${{ needs.preflight.outputs.RUNNER }} - container: - image: ${{ needs.preflight.outputs.IMAGE }} - steps: - - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7 - - - name: Rust Cache - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 - with: - cache-on-failure: true - - - name: install parity-publish - run: | - rustup override set 1.82.0 - cargo install parity-publish@0.10.4 --locked -q - - - name: parity-publish update plan - run: parity-publish --color always plan --skip-check --prdoc prdoc/ - - - name: parity-publish apply plan - run: parity-publish --color always apply --registry - - - name: parity-publish check compile - run: | - packages="$(parity-publish apply --print)" - - if [ -n "$packages" ]; then - cargo --color always check $(printf -- '-p %s ' $packages) - fi diff --git a/prdoc/pr_6689.prdoc b/prdoc/pr_6689.prdoc index 2cbb49cd7dd2..ee02a1d10dd1 100644 --- a/prdoc/pr_6689.prdoc +++ b/prdoc/pr_6689.prdoc @@ -3,7 +3,7 @@ doc: - audience: Runtime Dev description: |- Update the current approach to attach the `ref_time`, `pov` and `deposit` parameters to an Ethereum transaction. -Previously, these three parameters were passed along with the signed payload, and the fees resulting from gas × gas_price were checked to ensure they matched the actual fees paid by the user for the extrinsic + Previously, these three parameters were passed along with the signed payload, and the fees resulting from gas × gas_price were checked to ensure they matched the actual fees paid by the user for the extrinsic This approach unfortunately can be attacked. A malicious actor could force such a transaction to fail by injecting low values for some of these extra parameters as they are not part of the signed payload.