Enforce multi sig upgrades#67
Open
gloskull wants to merge 5 commits into
Open
Conversation
- Implemented VeroCore Soroban contract with multi-sig upgrade logic. - Introduced Proposal FSM: Pending -> Approved -> Executed. - Enforced quorum and timelock for contract upgrades. - Added re-initialization protection to init. - Ensured require_auth on all administrative entry points. - Refactored audit hashing to use env.crypto() for WASM compatibility. - Restored and updated unit tests for all modules. Co-authored-by: gloskull <189399494+gloskull@users.noreply.github.com>
…41329769837677 Enforce Multi-sig Upgrades with Governance FSM
Contributor
|
please resolve conflicts and it will be ready for merge |
…sig-upgrades fix: enforce multi-sig upgrade quorum
Contributor
Author
|
Conflicts resolved. Please review |
Contributor
|
Well done, but it's not complete |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements a secure, multi-signature governance process for the Vero Protocol's contract upgrades.
Key changes:
VeroCore Contract: A new contract entry point in engine-core/src/lib.rs that integrates governance, ZK-audit, and circuit-breaker logic.
Governance FSM: A finite state machine for proposals ensuring they transition from Pending to Approved (on quorum) and finally to Executed (after a timelock).
Upgrade Mechanism: The upgrade function validates the proposal state and uses env.deployer().update_current_contract_wasm() to apply the new code.
Security Gating:
init is now protected against re-initialization.
require_auth() is enforced for all sensitive operations (propose, approve, trip, reset, commit).
The circuit breaker halts all state-mutating transitions when open.
Production Readiness:
Refactored audit.rs to use host-provided crypto instead of external crates, ensuring no_std / WASM compatibility.
Cleaned up Cargo.toml dependencies.
Comprehensive Testing:
Fixed and restored unit tests for audit and circuit_breaker.
Added integration tests in governance_tests.rs covering the full lifecycle and security guards.
Closes gloskull#1