resolve issues #87, #108, #110: multi-asset tests, reentrancy analysis, api-reference docs#215
Open
Blaqkenny wants to merge 39 commits into
Open
resolve issues #87, #108, #110: multi-asset tests, reentrancy analysis, api-reference docs#215Blaqkenny wants to merge 39 commits into
Blaqkenny wants to merge 39 commits into
Conversation
…Initialization fix(sweep-controller): store creator address during initialization
…erification fix: Implement real Ed25519 signature verification in verify_sweep_authorization()
…ansfers feat: Implement token transfers in SweepController
Integrate-wasm-opt-into-the-build-pip
GitHub-Actions-workflow-contract-build-and-test
implemented the optimize
…pt-into-the-build-pipeline Integrate-wasm-opt-into-the-build-pip
…nto GitHub-Actions-workflow-contract-build-and-test
…orkflow-contract-build-and-test GitHub actions workflow contract build and test
implemented the mutil batch account
auto-deploy-contracts-to-testnet
test: add ephemeral account unit coverage
Experiment: add pre-authorized gas-free claim flow
…eSweepExecution Testnet Deployment Script bridgelet-org#73
…nto auto-deploy-contracts-to-testnet
…racts-to-testnet auto-deploy-contracts-to-testnet
… multi-asset tests, reentrancy analysis, api-reference docs Issue bridgelet-org#110: add dedicated multi-asset record_payment tests - test_multi_asset_record_payment_stores_all_assets: verifies all 3 assets stored - test_multi_asset_sweep_transitions_state_and_emits_all_payments: verifies status - test_multi_asset_no_payment_after_sweep: confirms AlreadySwept blocks replay Issue bridgelet-org#108: reentrancy analysis and tests - docs/reentrancy-analysis.md: documents Soroban single-threaded WASM execution, snapshot-consistent storage, pull-based auth, and CEI pattern in sweep() - test_reentrancy_sweep_blocked_by_already_swept_guard: second sweep returns AlreadySwept - test_reentrancy_record_payment_then_sweep_replay_blocked: record_payment then sweep replay blocked Issue bridgelet-org#87: complete docs/api-reference.md rewrite - all public functions documented with full signatures, params, errors, auth requirements - added missing authorized_controller param to EphemeralAccount::initialize - added authorized_destination param and locked/flexible mode docs for SweepController - added update_authorized_destination, reclaim_reserve and all reserve query functions - complete error code tables for both contracts - usage examples: single-asset, multi-asset, gas-free claim, CLI invocations Closes bridgelet-org#87, bridgelet-org#108, bridgelet-org#110
|
@Blaqkenny Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #87
Closes #108
Closes #110
Issue #110 — Multi-asset
record_paymenttest coverageThe implementation already supported multi-asset payments; this PR adds dedicated tests:
test_multi_asset_record_payment_stores_all_assets: records 3 distinct assets and asserts all appear inget_info()with correct amounts.test_multi_asset_sweep_transitions_state_and_emits_all_payments: records 2 assets, sweeps, and verifies status isSweptand both assets are in the payment list.test_multi_asset_no_payment_after_sweep: confirms that injecting a new asset after sweep and replayingsweep()is blocked byAlreadySwept.Issue #108 — Reentrancy analysis
docs/reentrancy-analysis.mddocumenting the three Soroban properties that prevent reentrancy (single-threaded WASM, atomic storage snapshots, pull-based auth) and the contract-level CEI pattern insweep().test_reentrancy_sweep_blocked_by_already_swept_guard: simulates a double-sweep (reentrant attack) and assertsAlreadySwept.test_reentrancy_record_payment_then_sweep_replay_blocked: simulates injecting a new payment between sweeps; the second sweep is blocked.Issue #87 — Complete
docs/api-reference.mdFull rewrite of the API reference:
initialize,record_payment,sweep,expire,is_expired,get_status,get_info,reclaim_reserve, and all reserve query functions onEphemeralAccount;initialize,execute_sweep,claim,can_sweep,update_authorized_destinationonSweepController.authorized_controllerparameter toEphemeralAccount::initialize.authorized_destinationparameter and locked/flexible mode documentation forSweepController::initialize.execute_sweep.What was tested
mock_all_authspattern used throughout the test suite.try_sweepto assert specific error variants without panicking.