Tempo shipped a critical DEX security fix for stale order cancellation, a new p2p-proxy CLI subcommand for node operators, and hardfork-gating on the dispatch_call precompile.

> impact

**Security Fix: Recipient Auth Check on Payout Token in `cancel_stale_order`** Tempo's DEX module received a security-critical patch (PR #3181) that adds a recipient authorization check on the payout token during stale order cancellation. Previously, the `cancel_stale_order` function did not properly verify that the caller had recipient authority over the payout token, which could have allowed unauthorized actors to redirect token payouts when cleaning up expired orders. If you are integrating with Tempo's on-chain DEX or operating a node that processes order lifecycle events, you should update immediately. This fix tightens the authorization boundary so that only verified recipients can receive tokens from cancelled stale orders. **New `p2p-proxy` Subcommand in Tempo Binary** A new `p2p-proxy` subcommand (PR #2780, authored by Matthias Seitz) has been added directly to the Tempo binary. This means node operators and infrastructure developers no longer need a separate tool or sidecar process to run a P2P proxy — it ships natively with the main binary. This is a meaningful quality-of-life improvement for anyone running relay infrastructure, testing peer connectivity, or building tooling that depends on Tempo's libp2p networking layer. The subcommand is available now via `tempo p2p-proxy` and supports the standard CLI configuration flags. **Hardfork-Gating on `dispatch_call` Precompile** Tempo has introduced hardfork-gating logic to the `dispatch_call` precompile, meaning certain precompile dispatch calls will only activate after a designated hardfork boundary. This is an important infrastructure change for any developer invoking Substrate dispatchables through the EVM precompile interface. Before the hardfork activates, calls that depend on the gated logic will revert or behave as if the functionality does not exist. After activation, the full dispatch surface becomes available. Developers should audit any contracts or off-chain systems that call `dispatch_call` to ensure they handle both pre- and post-hardfork behavior gracefully.

> Try this now

try this

# Walkthrough: Verifying the cancel_stale_order auth fix and exploring the new p2p-proxy subcommand

# 1. Update your Tempo node binary to the latest release
#    Make sure you're pulling in the fix from PR #3181
$ cargo build --release -p tempo

# 2. Verify the security fix is present — the cancel_stale_order
#    extrinsic now checks recipient authority on the payout token.
#    In your integration tests or a local dev chain, try cancelling
#    a stale order where the caller is NOT the authorized recipient:

# // Pseudo-Rust test case (in your runtime integration test suite)
# #[test]
# fn cancel_stale_order_rejects_unauthorized_recipient() {
#     // Setup: create an order with Alice as the payout recipient
#     let order_id = create_test_order(alice_account, token_pair);
#
#     // Fast-forward past the staleness threshold
#     advance_blocks(STALE_THRESHOLD + 1);
#
#     // Attempt cancellation from Bob (not the authorized recipient)
#     assert_noop!(
#         DexModule::cancel_stale_order(Origin::signed(bob_account), order_id),
#         Error::<Runtime>::UnauthorizedRecipient  // <-- This error is new
#     );
# }

# 3. Try the new p2p-proxy subcommand
#    This runs a P2P proxy directly from the Tempo binary:
$ ./target/release/tempo p2p-proxy --help

# Start a proxy pointing at your local or testnet node:
$ ./target/release/tempo p2p-proxy \
    --listen-addr /ip4/0.0.0.0/tcp/30334 \
    --bootstrap /dns/testnet-bootnode.tempo.xyz/tcp/30333/p2p/<PEER_ID>

# 4. Hardfork-gating awareness for dispatch_call precompile
#    If you have Solidity contracts calling the dispatch_call precompile,
#    test on a local dev chain BEFORE and AFTER the hardfork block:

# // Solidity snippet — calling dispatch_call precompile at 0x...
# (bool success, bytes memory result) = DISPATCH_PRECOMPILE.call(
#     abi.encode(pallet_index, call_index, call_data)
# );
# // Before hardfork: this may revert for newly-gated calls
# // After hardfork:  full dispatch surface is available
# require(success, "dispatch_call failed — check hardfork status");