Open
Conversation
Add an explicit caller address check to submit_result so that only the registered oracle address can execute it. Previously the function relied solely on oracle.require_auth(), which mock_all_auths() bypasses in tests, leaving the authorization unverifiable. Changes: - submit_result now accepts a caller: Address parameter - Checks caller == oracle before require_auth(); returns Error::Unauthorized immediately if the caller is not the oracle - Follows the same pattern used by cancel_match and deposit - Update all existing submit_result call sites in tests to pass &oracle - Add test_non_oracle_cannot_submit_result: deposits from both players, calls try_submit_result from a random impostor address, asserts Error::Unauthorized is returned, and verifies match state and balances are unchanged - Remove two pre-existing unused token_client compiler warnings - New test snapshot generated
The merge of upstream changes into this branch produced a mangled test block where test_non_oracle_cannot_submit_result and test_cancel_active_match_fails_with_invalid_state were interleaved into a single broken function. Also, test_ttl_extended_on_submit_result was still using the old 2-argument submit_result signature. - Reconstruct both tests as separate, correct functions - Update test_ttl_extended_on_submit_result to pass &oracle as caller - All 22 tests now pass cleanly Closes StellarCheckMate#27
…acle-auth-submit-result feat: enforce strict oracle authorization for submit_result
…atch-test test: add get match match id test
eposit emits no event when match transitions to Active
…-unpause-events fix(escrow): emit events on pause and unpause (StellarCheckMate#84)
- Kept our 5 new tests (non-admin pause/unpause auth, cancel refund scenarios) - Kept main's 2 new tests (pause/unpause event emission) - Applied main's lib.rs changes (pause/unpause now emit events) - All 36 tests pass
Add security and refund coverage tests for escrow contract
…state Add InvalidState guard tests and Match timestamp field
- Add MatchNotExpired = 11 error variant - Add MATCH_TIMEOUT_LEDGERS constant (~24h at 5s/ledger) - Add expire_match() — permissionless, refunds depositor(s) and cancels any Pending match not fully funded within the timeout window - Add 4 tests: early expiry rejected, refund after timeout, expired event emitted, active match cannot be expired
Also fixes get_escrow_balance to return 0 for Completed/Cancelled matches — previously it reported stale deposit flags as live balance.
…tate inconsistency
Creates 3 matches, asserts IDs increment as 0/1/2, and confirms each get_match returns the correct game_id.
…ues-185-192-224-226 Fix/issues 185 192 224 226
…and oracle contracts Both EscrowContract::initialize and OracleContract::initialize now accept a `deployer` parameter that must authorize the call via require_auth(). This prevents any third party from front-running initialization by observing the deployment transaction. - Add `deployer: Address` param to EscrowContract::initialize - Add `deployer: Address` param to OracleContract::initialize - Call deployer.require_auth() as the first statement in both - Add docs/deployment.md documenting the required deployment sequence - Add tests: test_initialize_rejects_unauthorized_caller (escrow + oracle)
…and oracle contracts Both EscrowContract::initialize and OracleContract::initialize now accept a deployer parameter that must authorize the call via require_auth(). This prevents any third party from front-running initialization by observing the deployment transaction. - Add deployer: Address param to EscrowContract::initialize - Add deployer: Address param to OracleContract::initialize - Call deployer.require_auth() as the first statement in both - Update all existing test call sites to pass deployer - Add test_escrow_initialize_rejects_unauthorized_caller - Add test_oracle_initialize_rejects_unauthorized_caller - Add docs/deployment.md documenting the required deployment sequence
…ed/cancelled matches Previously returned Ok(0) for both terminal states and an unfunded match, making them indistinguishable to callers. - Return Err(Error::MatchCompleted) when state == Completed - Return Err(Error::MatchCancelled) when state == Cancelled - Update existing tests that expected Ok(0) for terminal states - Add test_get_escrow_balance_returns_match_completed_for_completed_match - Add test_get_escrow_balance_returns_match_cancelled_for_cancelled_match
…crow_balance reads get_match already extended TTL on read, but is_funded and get_escrow_balance did not. If only these view functions were called, the match entry could expire from persistent storage. - Add extend_ttl call in is_funded after loading the match - Add extend_ttl call in get_escrow_balance after loading the match - Add test_ttl_extended_on_is_funded - Add test_ttl_extended_on_get_escrow_balance
…terface in create_match The token address passed to create_match was stored without validation. Passing an arbitrary address would cause a runtime panic on the first token::Client call with no structured error. - Add Error::InvalidToken = 17 to escrow errors - Probe token.balance() via try_invoke_contract before storing the match - Return Err(Error::InvalidToken) if the probe fails - Add test_create_match_with_invalid_token_returns_invalid_token
…ity-and-bug-fixes Fix/security and bug fixes
…-149-oracle-get-result-game-id test: assert game_id field in test_submit_and_get_result (StellarCheckMate#149)
…field-stored-and-returned test: verify platform field is stored and returned by get_match
…e-emits-event Feat/initialize emits event
…e-179-test-contract-token-balance-is-zero feat: test-contract-token-balance
…e-184-reject-create_match-with-empty-string-game_id feat: Add Test: create_match with empty string game_id should be reje…
…or code reference doc
…l three winner variants
integer-overflow
Fix: expire_match uses MATCH_TTL_LEDGERS as timeout — same constant as storage TTL
…-code-documentation fix(StellarCheckMate#182): add doc comments to error variants and error code reference doc
…e-error-doc-comments fix(StellarCheckMate#183): add doc comments to oracle Error variants
…match-completed-state test(StellarCheckMate#186): assert get_match returns Completed for all three winner variants
…l-match-contract-caller-guard fix(StellarCheckMate#191): guard cancel_match against contract address as caller
…-match-not-found Test/is funded match not found
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix(oracle): extend TTL on get_result reads (#229)
get_result was reading from persistent storage without refreshing the
TTL, allowing entries to expire between submit_result and payout.
successful read in get_result
Closes #229