Week 15 Dev Digest: CertiK Bridge Audit Finalized, PoC Priority Gating, Maintenance Exemptions

Highlights

CertiK Ethereum Bridge Audit — Finalized

The long-running CertiK security audit of the Ethereum Bridge reached its conclusion this week. The team closed all five severity-level issues from the preliminary report — one Critical (#754), one Major (#755), one Medium (#756), one Minor (#757), and one Informational (#758). The umbrella finalization issue (#468) was also resolved, marking the audit as complete. This clears a significant security milestone for the bridge infrastructure.

MLNode 3.0.13-alpha: vLLM 0.15.1 Upgrade

The team merged a significant infrastructure upgrade (#1037) that bumps the MLNode base image from 3.0.12-post4 to 3.0.13-alpha, built on vLLM 0.15.1-alpha (up from v0.9.1). Flash-attention was updated from 2.7.4 to 2.8.3 to match the new torch 2.9 base. The Dockerfile was cleaned up with consolidated PYTHONPATH, new environment variables for Triton compatibility, and a logprobs mode switch. This lays the groundwork for upcoming multi-model PoC support currently in draft (#1039).

vLLM: Per-Request Logprobs Mode and PoC Priority Gating

Two important vLLM changes landed this week:

Logprobs mode override (vllm#25): Developers can now set logprobs_mode (raw_logprobs or processed_logprobs) on individual API requests, overriding the deployment-level default. Mixed batches are supported — when requests with different modes land in the same batch, the sampler computes both and merges per row. This gives validators finer control over inference verification without redeploying.

PoC priority gating (vllm#27): When Proof of Compute generation is active, the chat completion endpoint now returns 503 to prevent GPU contention and NCCL deadlocks. The flag lifecycle is managed via add_done_callback, covering normal completion, cancellation, and failure. In-flight inference is drained before PoC GPU work begins. This prevents a class of hard-to-debug hangs under concurrent load.

Maintenance Exemptions in Slashing Module

The Cosmos SDK fork received a MaintenanceChecker interface (cosmos-sdk#12) that exempts participants in scheduled maintenance windows from liveness enforcement. Previously, nodes entering planned maintenance would accumulate missed signatures and risk jailing. The follow-up PR (cosmos-sdk#13) optimized the checker to only fire when a validator is actually absent, added Info-level logging, and introduced two SDK fork tests covering the skip and no-jail scenarios.

Other Closed Issues

• #1032: Clarified path for consumer-grade 16 GB GPUs — currently not supported due to Qwen3-235B memory requirements
• #950: IBC channels setup completed (Priority: High)
• #899: End-to-end inference validation tests added for DevShards (Priority: High)
• #554: Free inference exploit patched (Priority: Low)
• #784: Possible underfunded issues resolved (Priority: Low)
• #985: Unsupported OpenAI-type input bug fixed (P0)
• #966: Validation eligibility and accounting consistency improved

Coming Soon

Several features are actively in development and expected to land in the coming weeks:

Multi-Model Support (#1039): Right now Gonka runs a single AI model across the entire network. The team is building infrastructure to support multiple models simultaneously — meaning the network could serve different AI workloads depending on what users need, from lightweight tasks to heavy reasoning. This is still in early draft stage.

Stronger Proof of Compute Security (#1036): The current random seed used for compute verification relies on only 32 bits of a 256-bit hash, which theoretically allows someone to forge proofs with enough computing power. A fix is being wired through the full stack so it can be activated via governance vote. The same PR also makes MLNode software versions visible on-chain, so anyone can verify what code each node is running.

MLNode dtype=auto (#1040): A quality-of-life update that lets the ML node automatically pick the best numeric precision for the hardware it runs on, instead of requiring manual configuration.

By the Numbers