Fix CRITICAL/HIGH/MEDIUM issues from round 4 audit#6
Merged
Conversation
CRITICAL fixes: - internet-identity: Remove .unwrap() on StableCell::init() (v0.7 returns Self not Result) - icrc-ledger: Convert icp.json config to icp.yaml (icp-cli uses YAML) - wallet: Fix create_canister → create_canister_with_extra_cycles, fix cycles API paths - evm-rpc: Add deprecation note on call_with_payment128 import path HIGH fixes: - ckbtc: Add transient to actor refs, remove stub getBalance that returned 0 - evm-rpc: Fix CustomRpcService.headers type (struct not tuple), fix transactions_root optionality - asset-canister: Fix AssetManager import to @dfinity/assets (not yet migrated to @icp-sdk) - icrc-ledger: Fix --storage-mode flag to --storage - wallet: Add missing wasm_memory_threshold field to CanisterSettings MEDIUM fixes: - internet-identity: new HttpAgent() → HttpAgent.create() for @icp-sdk/core v5 - asset-canister: new HttpAgent() → HttpAgent.create() - vetkd: Fix stale dfinity/examples reference, update @dfinity/vetkeys to @icp-sdk/vetkeys - sns-launch: Add missing [package] and [lib] sections to Cargo.toml
JoshDFN
requested review from
andreacerulli,
aterga,
bjoernek,
gregorydemay and
raymondk
as code owners
marc0olo
added a commit
that referenced
this pull request
Feb 27, 2026
The "Frontend — Safe Agent Configuration" section used the deprecated @dfinity/agent package and is out of scope for a canister security skill. The fetchRootKey warning remains in pitfall #6.
marc0olo
added a commit
that referenced
this pull request
Mar 31, 2026
- Remove asset-canister-specific content (pitfall #6, .ic-assets.json5 step, Vite directory layouts) from custom-domains skill - Replace with canister-agnostic instructions and scoped notes for asset canister vs custom http_request canisters - Generalize deploy steps to not prescribe specific commands - Rewrite ic-domains eval to be canister-agnostic - Adjust expected behaviors to test for actionable guidance rather than keyword matching
marc0olo
added a commit
that referenced
this pull request
Mar 31, 2026
* Custom domain skill * Add custom-domains.json * chore: make custom-domains canister-agnostic and clean up trigger separation - custom-domains skill now acknowledges it works with any HTTP-serving canister, not just asset canisters - asset-canister description and body trimmed to cross-reference custom-domains instead of duplicating setup instructions - added should_not_trigger entries to both eval files for clean routing * chore: generalize custom-domains skill and refine evals - Remove asset-canister-specific content (pitfall #6, .ic-assets.json5 step, Vite directory layouts) from custom-domains skill - Replace with canister-agnostic instructions and scoped notes for asset canister vs custom http_request canisters - Generalize deploy steps to not prescribe specific commands - Rewrite ic-domains eval to be canister-agnostic - Adjust expected behaviors to test for actionable guidance rather than keyword matching --------- Co-authored-by: Marco Walz <marco.walz@dfinity.org>
sea-snake
added a commit
that referenced
this pull request
May 6, 2026
Replaces the manual Prim.callerInfoSigner / Prim.callerInfoData dance with CallerAttributes.getAttributes<system>() from mo:core (>= 2.5.0). The wrapper bakes in the trusted-signer check via the canister's trusted_attribute_signers env var, so the example no longer hardcodes the II principal in code: it moves to icp.yaml as deploy-time config. Notable changes: - Motoko example now imports mo:core/CallerAttributes (no more mo:prim) and reads time via mo:core/Time (Time.now() : Int) instead of the broken Nat64.toNat(Prim.time()) which had no Nat64 import. - consumePendingNonce stub mirrors the Rust register_finish pattern so the example compiles standalone. - New "Configuring trusted_attribute_signers" subsection shows the icp.yaml settings.environment_variables snippet. - Mistake #9 split per language: Motoko points at the env-var-based check, Rust still requires explicit msg_caller_info_signer. - Prerequisites bumps mo:core minimum to >= 2.5.0. - OpenID scopedKeys example wrapped in an async function to avoid bare top-level await at module scope (fixes the same Vite es2020 failure mode eval #6 already covers). - Eval #9 expected behavior accepts either the explicit Rust signer check or the Motoko env-var check. Rust path is unchanged: there is no ic-cdk wrapper yet.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Round 4 of multi-agent verification audit found and fixed issues across 8 skills.
CRITICAL (4 fixes):
StableCell::init().unwrap()won't compile with ic-stable-structures 0.7 (returnsSelfnotResult)icp.json(JSON) but icp-cli usesicp.yaml(YAML)create_canistercalled with wrong signature; needscreate_canister_with_extra_cyclesmsg_cycles_available128→msg_cycles_available)HIGH (5 fixes):
transienton actor references (upgrade failure), removed stubgetBalancethat returned hardcoded 0CustomRpcService.headersused tuple instead of struct,transactions_rootincorrectlyOptionAssetManagerimport reverted to@dfinity/assets(not yet migrated to@icp-sdk)--storage-mode=plaintext→--storage plaintext(icp-cli flag)CanisterSettingsmissingwasm_memory_thresholdfieldMEDIUM (4 fixes):
new HttpAgent()→HttpAgent.create()for @icp-sdk/core v5dfinity/examplesreference,@dfinity/vetkeys→@icp-sdk/vetkeys[package]and[lib]to Cargo.tomlTest plan
npm run buildpasses