feat: SEP-12 storage keys, yield pause guard, anchorpoint admin tests staking metadata admin gate#688
Open
amanosiadnan-cmyk wants to merge 1 commit into
Open
Conversation
…, staking metadata admin gate
|
@amanosiadnan-cmyk Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR description
Summary
This PR closes four related issues across the backend SEP-12 upload flow and three Soroban contracts. It adds deterministic storage key generation, verifies pause protection on yield deposits, adds admin role security tests for the anchorpoint contract, and restricts staking contract metadata updates to the admin.
Changes
[#557] SEP-12 — Deterministic storage key generation
Added generateStorageKey() in backend/src/utils/storage-key.ts with format {account}/{fieldName}/{uploadId}.
Updated upload-store.service.ts to compute the storage key at record creation (no post-create mutation).
Simplified sep12.controller.ts upload-url and upload-confirm flows to use the persisted key directly (removed fallback recompute and KEY_PREFIX hack).
Added unit tests in backend/src/utils/storage-key.test.ts for determinism, uniqueness, and path format.
[#565] Yield contract — Pause check on deposit
Confirmed deposit_rewards already checks the security registry pause flag before processing.
Added test_pause_deposit_rewards with a MockRegistry to assert deposits panic with "contract is paused" when the registry is paused.
[#570] Anchorpoint contract — Admin role security tests
Added contracts/anchorpoint/src/tests/admin_tests.rs covering:
Auth required for update_oracle and set_fee (success with auth, panic without).
Cooldown enforcement after admin actions.
Per-action cooldown independence (SetFee vs UpdateOracle, AddAsset).
24-hour cooldown on UpdateAdmin.
[#580] Staking contract — Metadata updates restricted to admin
Added ContractMetadata struct and ContractMeta storage key.
Initialized empty metadata in initialize().
Added update_contract_meta() (admin-only via require_auth + stored admin check) and get_contract_meta().
Added tests: admin can update metadata; non-admin panics with "only admin can update contract metadata".
Test plan
npx jest backend/src/utils/storage-key.test.ts — 3 tests passing
cargo test --manifest-path contracts/Cargo.toml -p anchorpoint -p yield-distribution -p staking — 23 tests passing
Full npm run test:backend (requires full backend test suite / coverage thresholds)
Full cargo test --manifest-path contracts/Cargo.toml (governance crate has pre-existing compile errors unrelated to this PR)
Closes #557 — [SEP-12] Implement Deterministic Storage Key Generation
closes #565 — Add Check for Pause State in Yield Contract Deposit
closes #570 — Write Security Test Cases for anchorpoint Contract Roles
closes #580 — Verify Contract Metadata Updates are Restricted to Admin