Skip to content

feat(contracts): implement upgradeable smart contract pattern (closes #838)#875

Open
Blaqkenny wants to merge 1 commit into
Fracverse:masterfrom
Blaqkenny:feat/contracts-upgradeable-pattern-838
Open

feat(contracts): implement upgradeable smart contract pattern (closes #838)#875
Blaqkenny wants to merge 1 commit into
Fracverse:masterfrom
Blaqkenny:feat/contracts-upgradeable-pattern-838

Conversation

@Blaqkenny

@Blaqkenny Blaqkenny commented Jun 27, 2026

Copy link
Copy Markdown

Summary

Implements the on-chain upgrade pattern required by Stellar Wave issue #838 on `inheritance-contract`:

  • Admin-gated `upgrade` entrypoint that swaps the deployed WASM hash via `env.deployer().update_current_contract_wasm`.
  • Strict admin credentials: governance mutations require `admin.require_auth()` against the address stored under `InstanceDataKey::Admin` in instance storage.
  • Persistent storage retention: the host wasm swap leaves `DataKey::Plan` storage, claim status, and the instance admin record untouched. Instance TTL is bumped inside `upgrade`, `initialize`, `set_admin`, and `version` so the admin record cannot expire across a swap.
  • Storage layout additions:
    • New exports: `initialize`, `set_admin`, `get_admin`, `upgrade`, `version`.
    • New `Error` variants: `AlreadyInitialized` (9) and `NotInitialized` (10).
    • `CONTRACT_VERSION` is now `pub const` so off-chain clients can pin against it.

Acceptance criteria mapping

Issue #838 requirement Implementation
`upgrade` entrypoint `pub fn upgrade(env: Env, new_wasm_hash: BytesN<32>)` in `InheritanceContract`
WASM swap via Soroban host functions `env.deployer().update_current_contract_wasm(new_wasm_hash)`
Admin credentials protection Stored admin loaded via `authorize_admin` helper which calls `admin.require_auth()` before any state change
Persistent storage retention Storage lives under `contract_id` keys; `update_current_contract_wasm` does not modify storage. Tests assert via `env.as_contract` reads
Tested upgrade scenarios `test_upgrade_uninitialized_fails`, `test_upgrade_unauthorized_panics`, `test_upgrade_succeeds_when_admin_authorizes`, `test_upgrade_preserves_persistent_storage`, `test_upgrade_preserves_admin_in_instance_storage`

Tests

  • 24 `cargo test -p inheritance-contract` cases now pass (was 13). The 11 new tests cover init success / duplicate-init guard / admin rotation / unauthorized `set_admin` / unauthorized `upgrade` / successful `upgrade` / persistent plan retention across `upgrade` / admin retention across `upgrade`.
  • A real pre-built wasm fixture (`contracts/inheritance-contract/testdata/inheritance_contract.wasm`) is included so the host wasm parser accepts the `upload_contract_wasm` test call. Regenerate with:
    `cargo build --target wasm32-unknown-unknown --release -p inheritance-contract`

Files

  • `contracts/inheritance-contract/src/lib.rs` — contract logic
  • `contracts/inheritance-contract/src/test.rs` — tests
  • `contracts/inheritance-contract/testdata/inheritance_contract.wasm` — wasm fixture for upgrade tests

Closes #838

@Blaqkenny
feat(contracts): implement upgradeable smart contract pattern (closes F…
0257dac 
…racverse#838)

Adds the on-chain upgrade pattern required by Stellar Wave issue Fracverse#838:

- New admin-gated entrypoints on inheritance-contract: initialize (one-time
  admin pin), set_admin (admin rotation), get_admin, upgrade (wasm hash swap
  via host deployer), and version (expected bump source for off-chain
  consumers).
- Strict admin credentials: every entrypoint that mutates governance state
  calls addr.require_auth() on the stored InstanceDataKey::Admin. The admin
  is stored in instance storage so it survives across wasm swaps.
- Persistent storage retention: the host update_current_contract_wasm swap
  leaves DataKey::Plan entries and instance storage untouched; instance
  TTL is bumped in upgrade/version/initialize/set_admin so the admin record
  cannot expire between the upgrade committing and the new code taking over.
- New error variants: Error::AlreadyInitialized and Error::NotInitialized.
- Bumps CONTRACT_VERSION (pub const) to 1 so version() is a forward-compatible
  marker for future releases.
- Tests: 11 new cases cover init success/dup, get_admin, admin rotation,
  unauthorized set_admin/upgrade (should_panic), successful upgrade by admin,
  persistent plan retention across upgrade, and admin retention across upgrade.
  Uses a real pre-built wasm fixture at testdata/inheritance_contract.wasm so
  the host wasm parser accepts the upload.
@drips-wave

drips-wave Bot commented Jun 27, 2026

Copy link
Copy Markdown

@Blaqkenny Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@ONEONUORA

ONEONUORA commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

@Blaqkenny
Pls
Run cargo fmt --all -- --check
and clippy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Contracts] Implement Upgradeable Smart Contract pattern

2 participants

@Blaqkenny @ONEONUORA