feat(contracts): harden credential upgrade mechanism with admin transfer and state introspection#108
Conversation
|
@Josie123-Dev is attempting to deploy a commit to the Josie's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
Can you walk me through your though process on approaching this task? |
Would gladly Once I understood the baseline, I looked for genuine gaps rather than padding: the magic string "cred_ttl" with Every addition was the minimum to close a real gap: one constant, two functions in upgrade.rs, three entry |
|
@Wilfred007 thank you for your contribution, we will be opened to having you contribute in the future. |
Summary
Builds on the v1 upgrade foundation from #107 to close three gaps that
would make the mechanism unsafe or unusable in production:
transfer_upgrade_adminlets the currentadmin hand off control to a new address. Both parties must co-sign,
preventing accidental lock-out if the wrong address is supplied.
is_migration_completeandget_credential_ttlexpose migration state that was previously writtento instance storage but had no read path on the contract.
"cred_ttl"inrun_migration_v2is replaced with a typedCRED_TTL_KEYconstantand a public
DEFAULT_CRED_TTL_SECONDS(2 592 000 s / 30 days), bothin
upgrade.rs.New contract entry points
transfer_upgrade_admin(current, new)get_credential_ttl()Some(ttl_seconds)after v2 migration,Nonebeforeis_migration_complete()trueoncemigrate_v1_to_v2has runTest plan
test_transfer_admin_updates_admin— new admin recorded correctlytest_new_admin_can_migrate_after_transfer— new admin is fullyoperational post-transfer
test_old_admin_cannot_migrate_after_transfer— old admin isrevoked (should_panic)
test_transfer_admin_non_admin_panics— unauthorised callerrejected (should_panic)
test_transfer_admin_before_init_panics— no admin set yet(should_panic)
test_get_credential_ttl_none_before_migration—Nonebeforemigration
test_get_credential_ttl_set_after_migration— correct 30-dayvalue after migration
test_is_migration_complete_false_before_migrationtest_is_migration_complete_true_after_migrationcargo test --features testutils)