Priority: High
Estimated Time: 2 hours
Description:
Neither the escrow nor oracle contract has a safe admin transfer mechanism. A direct set_admin(new_admin) call risks permanently locking admin access if the wrong address is provided. A two-step transfer (propose → accept) prevents accidental lockout.
Tasks:
- Add
DataKey::PendingAdmin to both contracts
- Add
propose_admin(new_admin: Address) requiring current admin auth
- Add
accept_admin() requiring new admin auth
- Add tests for successful transfer and rejection of unaccepted proposals
Priority: High
Estimated Time: 2 hours
Description:
Neither the escrow nor oracle contract has a safe admin transfer mechanism. A direct
set_admin(new_admin)call risks permanently locking admin access if the wrong address is provided. A two-step transfer (propose → accept) prevents accidental lockout.Tasks:
DataKey::PendingAdminto both contractspropose_admin(new_admin: Address)requiring current admin authaccept_admin()requiring new admin auth