Fix/issue 19 admin guardian separation#322
Merged
hman38705 merged 4 commits intosolutions-plug:mainfrom Mar 27, 2026
Merged
Conversation
- Replace client.transfer() (host panic) with client.try_transfer() in safe_transfer() so failures are caught as Result instead of crashing the host environment - Map both invocation-level and contract-level errors to ErrorCode::TransferFailed (= 52) - Emit xfer_fail event (topics: [xfer_fail, from, to], data: (token_address, amount)) on failure for indexer observability - Add TransferFailed = 52 to ErrorCode enum - Add test_transfer_failure_returns_error_not_panic to verify a zero-balance bettor returns Err instead of a host panic Closes solutions-plug#11
- Set COOLDOWN_SECONDS to 6 hours (was 1 hour) - Add HALF_OPEN_MAX_OPS=5 to limit probe transactions in HalfOpen - Add DataKey::HalfOpenOps to track ops during HalfOpen - _set_state_internal records OpenedAt on Open, resets HalfOpenOps on HalfOpen - require_closed auto-triggers Open->HalfOpen via maybe_recover on each call - HalfOpen trips back to Open after max ops exceeded - Add tests: auto-recovery after cooldown, re-trip after max ops Closes solutions-plug#12
- Remove duplicate TIMELOCK_DURATION / MAJORITY_THRESHOLD_PERCENT constants - Add TIMELOCK_MIN_SECONDS (6h) and TIMELOCK_MAX_SECONDS (7d) bounds - Add ConfigKey::TimelockDuration for persistent storage override - Add get_timelock_duration() — returns stored value or 48h default - Add set_timelock_duration() — admin-gated, enforces [6h, 7d] range - Update is_timelock_satisfied() to use get_timelock_duration() - Fix duplicate use imports in governance.rs - Tests: early execution after reducing to 6h, out-of-range rejection Closes solutions-plug#13
- add_guardian: reject if guardian.address == admin (Issue solutions-plug#19) - initialize_guardians: reject any guardian whose address matches admin - Tests: add_admin_as_guardian_rejected, initialize_guardians_with_admin_rejected Closes solutions-plug#19
|
@Mystery-CLI Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Title: fix: enforce strict separation between Admin and Guardian identities (#19)
Body:
Summary
Prevents the Admin address from being added to the Guardian set, closing the governance bypass where a single entity
could control both upgrade initiation and voting majority.
Changes
governance.rs
Guardian set before the restriction could be enforced
Tests
returns NotAuthorized
closes #127