Add whitelist/allowlist mode to farming-pool for permissioned staking

[prodbycorne]

Overview

Some token issuers and airdrop programs require KYC or invite-only access. The farming-pool currently accepts stakes from any address. A whitelist mode would allow the admin to restrict lock_assets and stake to pre-approved addresses.

Design

Whitelist is opt-in — pools without a whitelist behave exactly as today (open access).

// DataKey additions
WhitelistEnabled,
Whitelisted(Address),

// Admin functions
pub fn enable_whitelist(env: Env) -> Result<(), PoolError>    // admin-only
pub fn disable_whitelist(env: Env) -> Result<(), PoolError>   // admin-only
pub fn add_to_whitelist(env: Env, user: Address) -> Result<(), PoolError>
pub fn remove_from_whitelist(env: Env, user: Address) -> Result<(), PoolError>
pub fn is_whitelisted(env: Env, user: Address) -> bool

Guard in stake and lock_assets

if whitelist_enabled(&env) && !is_user_whitelisted(&env, &user) {
    return Err(PoolError::NotWhitelisted);
}

Add NotWhitelisted = 15 to PoolError.

Batch Whitelist

For large airdrops, add a batch function:

pub fn batch_add_to_whitelist(env: Env, users: Vec<Address>) -> Result<(), PoolError>

Cap at 50 addresses per call to stay within Soroban instruction limits.

Storage Considerations

Whitelisted addresses are stored in persistent storage with TTL bumps. The TTL for whitelist entries should match user stake TTL so they do not expire while the user has active positions.

Acceptance Criteria

• WhitelistEnabled and Whitelisted(Address) keys added to DataKey
• All 5 admin whitelist functions implemented
• stake and lock_assets check whitelist when enabled
• Whitelist disabled by default (no behavior change on existing pools)
• batch_add_to_whitelist capped at 50 addresses
• NotWhitelisted error variant in PoolError
• Tests: open pool, whitelist-enabled pool, user added and removed

[whitezaddy]

I have experience for this and have reviewed the code; I can submit a PR within 24hrs.

[yunus-dev-codecrafter]

Hi! I've carefully reviewed the entire task description and fully understand the requirements and expected outcome.
I have experience working on similar tasks and I'm confident I can complete this within about an hour. I'd be happy to take ownership of this issue and submit a clean, well-tested solution promptly.
If it's available, please assign it to me. Thank you!

[Jonbaz32]

This is right up my alley, I've implemented whitelist patterns in staking contracts before. I'll add admin controlled allowlist checks to lock_assets/stake, with tests and events, within an hour. I'd love to knock this out.

[clintjeff2]

Hello, I have 6 years of experience working on tasks like this and handling similar challenges across backend, frontend, and smart-contract development. I have carefully read and fully understood the task requirements, and I am confident I can deliver a clean, efficient, and well-tested solution promptly. I always ensure high-quality implementation, maintainability, and adherence to best practices.

Pull request in 5 hours.

[grantfox-oss]

🦊 GrantFox — @Jonbaz32 has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #38)
2. Your PR will be reviewed by the SmartDropLabs maintainers

Good luck! Track your progress on GrantFox.