This PR adds **static** validation that prevents upload of code that:

1) Contains basic blocks larger than the specified limit (currently
`200`)
2) Contains invalid instructions
3) Uses the `sbrk` instruction

Doing that statically at upload time (instead of at runtime) allows us
to change the basic block limit or add instructions later without
worrying about breaking old code. This is well worth the linear scan of
the whole blob on deployment in my opinion. Please note that those
checks are not applied when existing code is just run (hot path).

Also some drive by fixes:
- Remove superflous `publish = true`
- Abort fixture build on warning and fix existing warnings
- Re-enable optimizations in fixture builds (should be fixed now in
PolkaVM)
- Disable stripping for fixture builds (maybe we can get some line
information on trap via `RUST_LOG`)

---------

Co-authored-by: command-bot <>
Co-authored-by: PG Herveou <[email protected]>

This PR introduces a `VestedTransfer` Trait, which handles making a
transfer while also applying a vesting schedule to that balance.

This can be used in pallets like the Treasury pallet, where now we can
easily introduce a `vested_spend` extrinsic as an alternative to giving
all funds up front.

We implement `()` for the `VestedTransfer` trait, which just returns an
error, and allows anyone to opt out from needing to use or implement
this trait.

This PR also updates the logic of `do_vested_transfer` to remove the
"pre-check" which was needed before we had a default transactional layer
in FRAME.

Finally, I also fixed up some bad formatting in the test.rs file.

---------

Co-authored-by: Guillaume Thiolliere <[email protected]>
Co-authored-by: Bastian Köcher <[email protected]>

This PR adds the ability to start version guarding when performing
standalone relaying of messages and parachains.

## Follow-up
- decouple and simplify `fn start_relay_guards`:
https://github.com/paritytech/polkadot-sdk/issues/5923

---------

Co-authored-by: command-bot <>

closes #5942

Couldn't find any emissions of `Event::Issued` without amount check
other than in this PR.

Currently, we have;


https://github.com/paritytech/polkadot-sdk/blob/4bda956d/substrate/frame/balances/src/impl_currency.rs#L212-L220

and


https://github.com/paritytech/polkadot-sdk/blob/4bda956d/substrate/frame/balances/src/impl_currency.rs#L293-L306

Update try-runtime-cli to 0.8.0 for MBM testing.

---------

Signed-off-by: Oliver Tale-Yazdi <[email protected]>

Seems to also need actions permission otherwise it error when trying to
backport a change to the yml files liker
[here](https://github.com/paritytech/polkadot-sdk/actions/runs/11143649431/job/30969199054).

There are cases during warp sync or re-orgs, where we receive a
notification with a block parent that was not reported in the past. This
PR extends the tracking state to catch those cases and report a `Stop`
event to the user.

This PR adds a new state to the RPC-v2 chainHead to track which blocks
have been reported.

In the past we relied on the pinning mechanism to provide us details if
a block is pinned or not.
However, the pinning state keeps the minimal information around for
pinning. Therefore, unpinning a block will cause the state to disappear.

Closes: https://github.com/paritytech/polkadot-sdk/issues/5761

---------

Signed-off-by: Alexandru Vasile <[email protected]>
Co-authored-by: Sebastian Kunert <[email protected]>

cc https://github.com/paritytech/ci_cd/issues/1039

This PR updates the substrate-relay version for the bridges' Zombienet
tests.

Runtime side of https://github.com/paritytech/polkadot-sdk/issues/5048

Send the core selector ump signal in cumulus. Guarded by a compile time
feature until nodes are upgraded to a version that includes
https://github.com/paritytech/polkadot-sdk/pull/5423 for gracefully
handling ump signals.

---------

Co-authored-by: GitHub Action <[email protected]>

# Description
## What?
Make it possible for other pallets to implement their own logic when a
slash on a balance occurs.

## Why?
In the [introduction of
holds](https://github.com/paritytech/substrate/pull/12951) @gavofyork
said:
> Since Holds are designed to be infallibly slashed, this means that any
logic using a Freeze must handle the possibility of the frozen amount
being reduced, potentially to zero. A permissionless function should be
provided in order to allow bookkeeping to be updated in this instance.

At Polimec we needed to find a way to reduce the vesting schedules of
our users after a slash was made, and after talking to @Kianenigma

 at
the Web3Summit, we realized there was no easy way to implement this with
the current traits, so we came up with this solution.



## How?
- First we abstract the `done_slash` function of holds::Balanced to it's
own trait that any pallet can implement.
- Then we add a config type in pallet-balances that accepts a callback
tuple of all the pallets that implement this trait.
- Finally implement done_slash for pallet-balances such that it calls
the config type.

## Integration
The default implementation of done_slash is still an empty function, and
the new config type of pallet-balances can be set to an empty tuple, so
nothing changes by default.

## Review Notes
- I suggest to focus on the first commit which contains the main logic
changes.
- I also have a working implementation of done_slash for pallet_vesting,
should I add it to this PR?
- If I run `cargo +nightly fmt --all` then I get changes to a lot of
unrelated crates, so not sure if I should run it to avoid the fmt
failure of the CI
- Should I hunt down references to fungible/fungibles documentation and
update it accordingly?

**Polkadot address:** `15fj1UhQp8Xes7y7LSmDYTy349mXvUwrbNmLaP5tQKBxsQY1`

# Checklist

* [x] My PR includes a detailed description as outlined in the
"Description" and its two subsections above.
* [x] My PR follows the [labeling requirements](

https://github.com/paritytech/polkadot-sdk/blob/master/docs/contributor/CONTRIBUTING.md#Process
) of this project (at minimum one label for `T` required)
* External contributors: ask maintainers to put the right label on your
PR.
* [ ] I have made corresponding changes to the documentation (if
applicable)

---------

Co-authored-by: Kian Paimani <[email protected]>
Co-authored-by: command-bot <>
Co-authored-by: Francisco Aguirre <[email protected]>

Closes https://github.com/paritytech/polkadot-sdk/issues/5045 and
https://github.com/paritytech/polkadot-sdk/issues/5046

<del>On top of
https://github.com/paritytech/polkadot-sdk/pull/5362</del>

TODO:
- [x] storage migration for allowed relay parents tracker 
- [x] check session index
- [x] PRdoc
- [x] tests
- [x] ensure UMP queue cannot be abused with this change
- [x] Zombienet runtime upgrade test

---------

Signed-off-by: Andrei Sandu <[email protected]>

Bumps the ci_dependencies group with 1 update:
[docker/build-push-action](https://github.com/docker/build-push-action).

Updates `docker/build-push-action` from 6.7.0 to 6.8.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.8.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.37.1 to 0.38.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1230">docker/build-push-action#1230</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.7.0...v6.8.0">https://github.com/docker/build-push-action/compare/v6.7.0...v6.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/build-push-action/commit/32945a339266b759abcbdc89316275140b...

# Description

Adding Dwellir bootnodes in the `people-polkadot.json` spec file.

This PR adds a new beefy metric to monitor the number of live beefy
peers.

Part of investigation of litep2p request failures:
https://github.com/paritytech/polkadot-sdk/issues/4985

cc @paritytech/networking

---------

Signed-off-by: Alexandru Vasile <[email protected]>

Fixes #5900.

Bump zombienet version. Including fixes for `ci` failures like 

https://gitlab.parity.io/parity/mirrors/polkadot-sdk/-/jobs/7511363
https://gitlab.parity.io/parity/mirrors/polkadot-sdk/-/jobs/7511379

Updated runners for CMD and Docs

This PR introduces the concept of immutable storage data, used for
[Solidity immutable
variables](https://docs.soliditylang.org/en/latest/contracts.html#immutable).

This is a minimal implementation. Immutable data is attached to a
contract; to keep `ContractInfo` fixed in size, we only store the length
there, and store the immutable data in a dedicated storage map instead.
Which comes at the cost of requiring an additional storage read (costly)
for contracts using this feature.

We discussed more optimal solutions not requiring any additional storage
accesses internally, but they turned out to be non-trivial to implement.
Another optimization benefiting multiple calls to the same contract in a
single call stack would be to cache the immutable data in `Stack`.
However, this potential creates a DOS vulnerability (the attack vector
is to call into as many contracts in a single stack as possible, where
they all have maximum immutable data to fill the cache as efficiently as
possible). So this either has to be guaranteed to be a non-issue by
limits, or, more likely, to have some logic to bound the cache.
Eventually, we should think about introducing the concept of warm and
cold storage reads (akin to EVM). Since immutable variables are commonly
used in contracts, this change is blocking our initial launch and we
should only optimize it properly in follow-ups.

This PR also disables the `set_code_hash` API (which isn't usable for
Solidity contracts without pre-compiles anyways). With immutable storage
attached to contracts, we now want to run the constructor of the new
code hash to collect the immutable data during `set_code_hash`. This
will be implemented in a follow up PR.

---------

Signed-off-by: Cyrill Leutwiler <[email protected]>
Signed-off-by: xermicus <[email protected]>
Co-authored-by: command-bot <>
Co-authored-by: Alexander Theißen <[email protected]>
Co-authored-by: PG Herveou <[email protected]>

For permissionless lanes, we add `lane_state` to the `InboundLaneData`
and `OutboundLaneData` structs. However, for a period of time (until
both BHK and BHP are upgraded to the same version), we need the relayer
to function with runtimes where one has been migrated with `lane_state`
and the other has not. This PR addresses the incompatibility by
introducing wrapper structs for decoding without `lane_state`.

The AllowTopLevelPaidExecutionFrom allows ClearOrigin instructions
before the expected BuyExecution instruction, it also allows messages
without any origin altering instructions.

This commit enhances the barrier to also support messages that use
AliasOrigin, or DescendOrigin. This is sometimes desired in asset
transfer XCM programs that need to run the inbound assets instructions
using the origin chain root origin, but then want to drop privileges for
the rest of the program. Currently these programs drop privileges by
clearing the origin completely, but that also unnecessarily limits the
range of actions available to the rest of the program. Using
DescendOrigin or AliasOrigin allows the sending chain to instruct the
receiving chain what the deprivileged real origin is.

See https://github.com/polkadot-fellows/RFCs/pull/109 and
https://github.com/polkadot-fellows/RFCs/pull/122 for more details on
how DescendOrigin and AliasOrigin could be used instead of ClearOrigin.

---------

Signed-off-by: Adrian Catangiu <[email protected]>

# Description

Closes [#5790](https://github.com/paritytech/polkadot-sdk/issues/5790).
Useful for starting nodes based on minimal/solochain when doing
development or for testing omni node with less happy code paths. It is
reusing the presets defined for the nodes chain specs.

## Integration

Specifically useful for development/testing if generating chain-specs
for `minimal` or `solochain` runtimes from `templates` directories.

## Review Notes

Added `genesis_config_presets` modules for both minimal/solochain. I
reused the presets defined in each node `chain_spec` module
correspondingly.

### PRDOC

Not sure who uses templates, maybe node devs and runtime devs at start
of their learning journey, but happy to get some guidance on how to
write the prdoc if needed.

### Thinking out loud

I saw concerns around sharing functionality for such genesis config
presets between the template chains. I think there might be a case for
doing that, on the lines of this comment:
https://github.com/paritytech/polkadot-sdk/pull/4739#issuecomment-2157341035.
I would add that `parachains-common::genesis_config_heleper` contains a
few methods from those mentioned, but I am unsure if using it as a
dependency for templates is correct. Feels like the comment suggests
there should be a `commons` crate concerning just `templates`, which I
agree with to some degree, if we assume `cumulus` needs might be driven
in certain directions that are not relevant to `templates` and vice
versa. However I am not so certain about this, so would welcome some
thoughts, since I am seeing `parachains-common` being used already in a
few runtime implementations:
https://crates.io/crates/parachains-common/reverse_dependencies?page=3,
so might be a good candidate already for the `common` logic.

---------

Signed-off-by: Iulian Barbu <[email protected]>

Jaeger tracing went mostly unused and it created bigger problems like
wasting CPU or memory leaks, so remove it entirely.

Fixes: https://github.com/paritytech/polkadot-sdk/issues/4995

---------

Signed-off-by: Alexandru Gheorghe <[email protected]>

# Description

The EthereumBlobExporter consumes the `dest` parameter when the
destination is not `Here`. Subsequent exporters will receive a `None`
value for the destination instead of the original destination value,
which is incorrect.
 
Closes #5788

## Integration

Minor fix related to the exporter behaviour.

## Review Notes

Verified that tests
`exporter_validate_with_invalid_dest_does_not_alter_destination` and
`exporter_validate_with_invalid_universal_source_does_not_alter_universal_source`
fail without the fix in the exporter.

---------

Co-authored-by: Adrian Catangiu <[email protected]>

Relates to: https://github.com/paritytech/polkadot-sdk/pull/5916
Relates to: https://github.com/polkadot-js/api/pull/5976

---------

Co-authored-by: Javier Viola <[email protected]>

This PR adds the `stableYYMM-rcX` or `stableYYMM-X-rcX` tags to the
docker images, so that they could be published with the new tag naming
scheme.

Closes: https://github.com/paritytech/release-engineering/issues/224

Removing the shell node variant for the polkadot-parachain as discussed
here:
https://github.com/paritytech/polkadot-sdk/pull/5586#discussion_r1752635254

Resolves https://github.com/paritytech/polkadot-sdk/issues/5898

This PR removes the requirement to set the `LaneId` in the relayer CLI
configuration where it was not really necessary.

---------

Co-authored-by: command-bot <>

- update baseline for pallet_revive
- update cmd pipeline name
- Fix compilation after renaming some of benchmarks in pallet_revive.
[Runtime Dev]. Changed the "instr" benchmark so that it should no longer
return to little weight. It is still bogus but at least benchmarking
should not work. (by @athei

 )

---------

Co-authored-by: GitHub Action <[email protected]>
Co-authored-by: Alexander Theißen <[email protected]>
Co-authored-by: Alexander Samusev <[email protected]>
Co-authored-by: command-bot <>

Close https://github.com/paritytech/polkadot-sdk/issues/5589

This PR makes it possible for `rpc_v2::Storage::query_iter_paginated` to
be "backpressured" which is achieved by having a channel where the
result is sent back and when this channel is "full" we pause the
iteration.

The chainHead_follow has an internal channel which doesn't represent the
actual connection and that is set to a very small number (16). Recall
that the JSON-RPC server has a dedicate buffer for each connection by
default of 64.

#### Notes

- Because `archive_storage` also depends on
`rpc_v2::Storage::query_iter_paginated` I had to tweak the method to
support limits as well. The reason is that archive_storage won't get
backpressured properly because it's not an subscription. (it would much
easier if it would be a subscription in rpc v2 spec because nothing
against querying huge amount storage keys)
- `query_iter_paginated` doesn't necessarily return the storage "in
order" such as
- ...

Bump `zombienet` version, including fixes (`ci`) and the latest version
of `pjs` embedded.
Thx!

Resolves https://github.com/paritytech/polkadot-sdk/issues/5026

This PR adds support for starting a dev node with manual seal consensus.
This can be done by using the `--dev-block-time` argument . For example:
```
polkadot-parachain --chain asset-hub-rococo-dev --dev-block-time 5000 --tmp
```

Added `HashedDescription<AccountId,
DescribeFamily<DescribeAllTerminal>>` foreign locations to local
accounts converter to all the parachains.

---------

Co-authored-by: command-bot <>
Co-authored-by: Branislav Kontur <[email protected]>
Co-authored-by: Adrian Catangiu <[email protected]>

Quoting @bkchr (from
[here](https://github.com/paritytech/polkadot-sdk/issues/5334#issuecomment-2383815078)):

> That the hardcoded limit is used there again, is IMO not correct. The
`max_pov_size` should be controlled by the `HostConfiguration` and not
limited by some "random" constant.

This PR aims to change the hard limit to a not-so-random constant,
allowing more room for maneuvering in the future.

Only retry jobs on `runner_system_failure`.
Thx!

Fixes https://github.com/paritytech/polkadot-sdk/issues/5617

Normally, the BEEFY protocol only accepts a single MMR Root entry in a
commitment's payload. But to be extra careful, when validating
equivocation reports, let's check all the MMR roots, if there are more.

---------

Co-authored-by: Adrian Catangiu <[email protected]>

# Description

This PR removes the
`CandidateValidationMessage::ValidateFromChainState`, which was
previously used by backing, but is no longer relevant since initial
async backing implementation
https://github.com/paritytech/polkadot/pull/5557.

Fixes https://github.com/paritytech/polkadot-sdk/issues/5643

## Integration

This change should not affect downstream projects since
`ValidateFromChainState` was already unused.

## Review Notes

- Removed all occurrences of `ValidateFromChainState`.
- Moved utility functions, previously used in candidate validation tests
and malus, exclusively to candidate validation tests as they are no
longer used in malus.
- Deleted the
`polkadot_parachain_candidate_validation_validate_from_chain_state`
metric from Prometheus.
- Removed `Spawner` from `ReplaceValidationResult` in malus’
interceptors.
- `fake_validation_error` was only used for `ValidateFromChainState`
handling, while other cases directly used
`InvalidCandidate::InvalidOutputs`. It has been replaced with
`fake_validation_error`, with a fallback to
`InvalidCandidate::InvalidOutputs`.
- Updated overseer’s minimal example to replace `ValidateFromChainState`
with `ValidateFromExhaustive`.

Bumps the known_good_semver group with 1 update:
[syn](https://github.com/dtolnay/syn).

Updates `syn` from 2.0.77 to 2.0.79
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/syn/releases">syn's
releases</a>.</em></p>
<blockquote>
<h2>2.0.79</h2>
<ul>
<li>Fix infinite loop on parsing chained ranges (<a
href="https://redirect.github.com/dtolnay/syn/issues/1741">#1741</a>)</li>
<li>Fix panic in parsing <code>use</code> items containing absolute
paths (<a
href="https://redirect.github.com/dtolnay/syn/issues/1742">#1742</a>)</li>
</ul>
<h2>2.0.78</h2>
<ul>
<li>Fix infinite loop on chained comparison (<a
href="https://redirect.github.com/dtolnay/syn/issues/1739">#1739</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/syn/commit/732e6e39406538aebe34ed5f5803113a48c28602"><code>732e6e3</code></a>
Release 2.0.79</li>
<li><a
href="https://github.com/dtolnay/syn/commit/af63396422250a1c7c80e6f12da08ce31ea435af"><code>af63396</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1742">#1742</a>
from dtolnay/usecrateroot</li>
<li><a
href="https://github.com/dtolnay/syn/commit/31e863233872eb3f4239a25f42030c369c22d72b"><code>31e8632</code></a>
Fix construction of UseGroup containing crate roots</li>
<li><a
href="https://github.com/dtolnay/syn/commit/037861ac3ca6f91aec7f7c20811535488dafaec4"><code>037861a</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1741">#1741</a>
from dtolnay/binoploop</li>
<li><a
href="https://github.com/dtolnay/syn/commit/8df4dd0fa4c353a2979bd56c34955e9335bb701d"><code>8df4dd0</code></a>
Force cursor to advance in parse_expr calls</li>
<li><a
href="https://github.com/dtolnay/syn/commit/09d020f5a10b3d3e4d54ec03290f773be91b9cac"><code>09d020f</code></a>
Release 2.0.78</li>
<li><a
href="https://github.com/dtolnay/syn/commit/7eaebfbb470fd056ee95ec892fc012ce292e7209"><code>7eaebfb</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1739">#1739</a>
from dtolnay/chainedcomparison</li>
<li><a
href="https://github.com/dtolnay/syn/commit/b3d2886fc9bbff5eb45995c72beec0463a8cec2a"><code>b3d2886</code></a>
Fix infinite loop on chained comparison</li>
<li><a
href="https://github.com/dtolnay/syn/commit/3f3d0c57ac66b4fa42a3f10209dd1fde29c5ce57"><code>3f3d0c5</code></a>
Add regression test for issue 1738</li>
<li><a
href="https://github.com/dtolnay/syn/commit/346efaec55d7a3865a42fcd1007f45a8a7549052"><code>346efae</code></a>
Touch up PR 1737</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/syn/compare/2.0.77...2.0.79">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=syn&package-manager=cargo&previous-version=2.0.77&new-version=2.0.79)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>