Add upgrade entrypoint to farming-pool for WASM hot-swap

[prodbycorne]

Overview

Soroban contracts can upgrade their own WASM at runtime via env.deployer().update_current_contract_wasm(new_hash). The farming-pool contract has no such entrypoint, making bug fixes require deploying an entirely new pool — all staker positions, credits, and lock states are lost.

Design

Add an admin-only upgrade function that replaces the contract WASM in place:

/// Admin: replace this contract's WASM with the implementation at `new_wasm_hash`.
///
/// Storage (positions, stakes, credits) is preserved across upgrades.
/// The new WASM must be installed on-chain before calling this function.
/// Emits a `("pool", "upgraded")` event with the new hash.
pub fn upgrade(env: Env, new_wasm_hash: BytesN<32>) -> Result<(), PoolError> {
    get_admin(&env).require_auth();
    bump_instance(&env);
    env.deployer().update_current_contract_wasm(new_wasm_hash.clone());
    env.events().publish(
        (symbol_short!("pool"), symbol_short!("upgraded")),
        new_wasm_hash,
    );
    Ok(())
}

Also add a corresponding upgrade_pool(pool_id, new_wasm_hash) to the factory that:

1. Verifies the caller is the factory admin
2. Calls the pool's upgrade function via cross-contract invocation
3. Does NOT update the factory's stored WasmHash (pool-by-pool upgrade, not factory-wide)

Migration Safety

The upgrade process requires that the new WASM's storage schema is backwards-compatible with existing DataKey entries. Add a SCHEMA_VERSION constant and a migrate function placeholder for future schema migrations.

Acceptance Criteria

• upgrade function on FarmingPool, admin-only
• upgrade_pool on Factory, factory-admin-only
• upgraded event emitted with new WASM hash
• Non-admin call returns Err(PoolError::Unauthorized)
• Test: upgrade preserves all user stake and position data
• Test: post-upgrade, new contract functions are callable
• SCHEMA_VERSION constant added to lib.rs

[gaiabio12-design]

I've been looking at this issue — the lack of in-place WASM upgrade on FarmingPool is a real gap since Soroban's env.deployer().update_current_contract_wasm() makes this totally doable without losing staker state.

Here's how I'd approach it:

1. Add the upgrade function to contracts/soroban/farming-pool/src/lib.rs with admin-only guard using the existing auth pattern, emit an upgraded event with the new hash, and wire in the SCHEMA_VERSION constant for versioning.

2. Mirror this on Factory with upgrade_pool that's factory-admin-only and enforces the same error handling (PoolError::Unauthorized for non-admins).

3. Write two integration tests in the test suite — one verifying that after upgrade, all Position and Stake storage is preserved and balances match, another confirming the new contract functions are callable post-upgrade.

4. Make sure the upgrade path doesn't touch the existing position/stake structs; I'll keep the storage layout stable so migrations aren't needed.

The repo's got 58 files in soroban/ so there's precedent for these patterns. Can have a PR ready tomorrow.

[gaiabio12-design]

PR opened: #51

Implementation in progress — removing [WIP] once code is ready.