Skip to content

fix(vault): validate on-ledger token balance during init#217

Merged
greatest0fallt1me merged 3 commits intoCalloraOrg:mainfrom
iammrjude:issue/153-vault-init-token-balance
Mar 31, 2026
Merged

fix(vault): validate on-ledger token balance during init#217
greatest0fallt1me merged 3 commits intoCalloraOrg:mainfrom
iammrjude:issue/153-vault-init-token-balance

Conversation

@iammrjude
Copy link
Copy Markdown
Contributor

@iammrjude iammrjude commented Mar 30, 2026

Summary

Closes #153

This PR updates callora-vault so init now validates the vault's on-ledger USDC balance before accepting a positive initial_balance.

What changed

  • added an on-ledger token balance check in contracts/vault/src/lib.rs
  • init now fails fast with:
    • initial_balance exceeds on-ledger USDC balance
  • only positive initial_balance values trigger the token-balance read
  • added vault tests that cover:
    • successful init when the vault's token balance covers initial_balance
    • failing init when initial_balance exceeds the actual token balance
  • updated existing vault tests that used a positive initial_balance without pre-funding the vault
  • synced INVARIANTS.md so the documented init preconditions match the implementation

Why

INVARIANTS.md already states that when a vault is initialized with an internal starting balance, the contract should already hold at least that much USDC on-ledger. This PR makes that invariant explicit in code.

Validation

Ran locally from the workspace root:

  • cargo fmt --all
  • cargo fmt --all --check
  • cargo clippy --all-targets --all-features -- -D warnings
  • cargo test
  • cargo build --target wasm32-unknown-unknown --release -p callora-vault
  • stellar contract build --package callora-vault
  • cargo tarpaulin --config tarpaulin.toml

Test summary

  • revenue pool: 20 tests passed
  • settlement: 45 tests passed
  • vault: 104 tests passed
  • workspace coverage: 99.00% (596/602)

Security notes

  • prevents the vault from starting with an internal accounting balance that is not backed by real on-ledger USDC
  • preserves fail-fast behavior during initialization
  • keeps zero-balance initialization compatible for tests and deployments that intentionally start empty

Reviewer note

This branch is currently stacked on top of the CI fixes from #138 so that the full validation suite stays green before that PR merges. Once #138 is merged, this PR can be retargeted to main and the diff should reduce to the #153 vault/invariant changes.

@drips-wave
Copy link
Copy Markdown

drips-wave bot commented Mar 30, 2026

@iammrjude Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@iammrjude
Copy link
Copy Markdown
Contributor Author

iammrjude commented Mar 30, 2026

@greatest0fallt1me

I am done.

All checks have passed. Please review and merge.

image

@greatest0fallt1me greatest0fallt1me merged commit fe65505 into CalloraOrg:main Mar 31, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Vault: init validates on-ledger USDC balance vs initial_balance (if required)

2 participants

@iammrjude @greatest0fallt1me