farming-pool: get_admin panics on unwrap if contract is not initialized

[prodbycorne]

Problem

Several private helpers call unwrap() on storage reads that have no fallback:

fn get_admin(env: &Env) -> Address {
    env.storage().instance().get(&DataKey::Admin).unwrap()  // panics if uninitialized
}

fn get_stake_token(env: &Env) -> Address {
    env.storage().instance().get(&DataKey::StakeToken).unwrap()  // panics if uninitialized
}

If any public function (e.g. stake, lock_assets, pause) is called before initialize, the contract panics with an opaque XDR host error instead of returning a typed PoolError::NotInitialized.

This also means any function that calls get_admin or get_stake_token internally has an implicit panic path that is not visible in the function signature.

Impact

• Denial of service: a misconfigured deployment (where init is not called — see issue farming-pool: create_pool deploys contract but never calls initialize #11) causes every subsequent call to panic, and there is no recovery without redeploying
• Poor debuggability: host panics produce opaque error codes; PoolError::NotInitialized produces a readable, matchable error

Fix

Add an initialization guard function and replace all unwrap() in production paths:

fn require_initialized(env: &Env) -> Result<(), PoolError> {
    if !env.storage().instance().has(&DataKey::Admin) {
        return Err(PoolError::NotInitialized);
    }
    Ok(())
}

fn get_admin(env: &Env) -> Result<Address, PoolError> {
    env.storage().instance().get(&DataKey::Admin)
        .ok_or(PoolError::NotInitialized)
}

All public functions should call require_initialized(&env)? as the first line (after auth where applicable).

Acceptance Criteria

• require_initialized guard added
• get_admin and get_stake_token return Result, not T
• Every public function calls require_initialized before any logic
• Test: calling stake on uninitialized contract returns Err(PoolError::NotInitialized)
• Test: calling pause on uninitialized contract returns Err(PoolError::NotInitialized)
• No unwrap() in any non-test code path

[YfengJ]

Hi maintainers, I would like to apply for this issue if it is still available.

If assigned, I will keep the fix focused on the uninitialized state path: add a regression test for calling get_admin before initialization, replace the unwrap panic with the project’s existing error style, and verify initialized behavior remains unchanged.

I will wait for maintainer or GrantFox assignment/confirmation before cloning, implementing, or opening a PR.

[clintjeff2]

Hello, I have 6 years of experience working on tasks like this and handling similar challenges across backend, frontend, and smart-contract development. I have carefully read and fully understood the task requirements, and I am confident I can deliver a clean, efficient, and well-tested solution promptly. I always ensure high-quality implementation, maintainability, and adherence to best practices.

Pull request in 5 hours.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@ProtonsAndElectrons's PR #40 was approved and merged by @prodbycorne.

🏆 @ProtonsAndElectrons: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (140 total points). Track your full progress on GrantFox.

👏 Great work, @ProtonsAndElectrons! Keep contributing to SmartDropLabs.