test(energy_token): add overflow/underflow test coverage for token arithmetic#4
Open
devnWisdom wants to merge 1 commit into
Open
test(energy_token): add overflow/underflow test coverage for token arithmetic#4devnWisdom wants to merge 1 commit into
devnWisdom wants to merge 1 commit into
Conversation
…oe#559) Adds overflow_tests module with 16 tests covering every i128 arithmetic path in energy_token: Overflow paths: - mint() overflows recipient balance (balance + amount > i128::MAX) - mint() overflows total_minted counter - transfer() overflows recipient balance - transfer_from() overflows recipient balance Underflow / insufficient-funds paths: - burn() amount > balance - burn() on zero balance - burn_from() amount > balance - burn_from() amount > allowance - transfer() amount > sender balance Positive-only / non-negative guards: - mint(0), mint(-1) rejected - burn(0) rejected - transfer(0) rejected - approve(-1) rejected Closes AnnabelJoe#559
🔍 Vercel Preview DeploymentURL: Learn More: https://err.sh/vercel/missing-token-value
|
AnnabelJoe
pushed a commit
that referenced
this pull request
Jun 25, 2026
## [1.16.0](AnnabelJoe/solarproof@v1.15.0...v1.16.0) (2026-06-08) ### Features * add bulk certificate retirement API and UI ([AnnabelJoe#347](AnnabelJoe#347)) ([196ab0c](AnnabelJoe@196ab0c)) * add GET/DELETE /api/meters/:id with admin auth ([AnnabelJoe#269](AnnabelJoe#269)) ([444a447](AnnabelJoe@444a447)) * add input validation and sanitization to all API endpoints ([AnnabelJoe#338](AnnabelJoe#338)) ([964d4b8](AnnabelJoe@964d4b8)) * add loading skeletons for async data fetches ([AnnabelJoe#255](AnnabelJoe#255)) ([3fc2fcd](AnnabelJoe@3fc2fcd)) * add pentest scope and report placeholder ([AnnabelJoe#342](AnnabelJoe#342)) ([d27703e](AnnabelJoe@d27703e)) * add public v1 verify API and OpenAPI spec ([AnnabelJoe#352](AnnabelJoe#352)) ([71dc4a9](AnnabelJoe@71dc4a9)) * admin interface and fractional kWh support ([49bd5fe](AnnabelJoe@49bd5fe)) * **api:** versioning — 301 redirects from /api/* to /api/v1/*, API-Version header ([fa8bf84](AnnabelJoe@fa8bf84)) * **auth:** configure token expiry, rotation, and revocation list ([d4117a7](AnnabelJoe@d4117a7)) * build analytics dashboard for energy generation statistics ([AnnabelJoe#350](AnnabelJoe#350)) ([971c19c](AnnabelJoe@971c19c)) * certificate transfer endpoint and UI ([#1](AnnabelJoe#1)) ([477a577](AnnabelJoe@477a577)) * **ci:** Docker image scanning with Trivy — block on CRITICAL CVEs ([164dbc7](AnnabelJoe@164dbc7)) * **contracts:** add upgrade timelock tests for community_governance ([AnnabelJoe#284](AnnabelJoe#284)) ([79f5662](AnnabelJoe@79f5662)) * **crypto:** add verifyReadingSignature and 100% unit test coverage ([2b79205](AnnabelJoe@2b79205)) * **db:** add perf indexes on readings, certificates, audit_anchors ([7e37584](AnnabelJoe@7e37584)) * **e2e:** add Playwright tests for dashboard, certificate detail, and public verifier ([1ecf24e](AnnabelJoe@1ecf24e)) * enable Turborepo remote caching for all CI steps ([AnnabelJoe#297](AnnabelJoe#297)) ([9385ff4](AnnabelJoe@9385ff4)) * **governance:** add proposed_action field to create proposal form ([515ed8d](AnnabelJoe@515ed8d)) * **governance:** configurable quorum/threshold with admin guard and edge-case tests ([ecda905](AnnabelJoe@ecda905)) * I-REC XML export for certificates ([#4](AnnabelJoe#4)) ([232bf4a](AnnabelJoe@232bf4a)) * implement BullMQ+Redis async job queue for Stellar tx ([AnnabelJoe#272](AnnabelJoe#272)) ([a4b425c](AnnabelJoe@a4b425c)) * implement certificate retirement API endpoint ([AnnabelJoe#270](AnnabelJoe#270)) ([861bcce](AnnabelJoe@861bcce)) * implement cooperative multi-meter management ([AnnabelJoe#351](AnnabelJoe#351)) ([640d0b9](AnnabelJoe@640d0b9)) * implement meter key revocation mechanism ([AnnabelJoe#339](AnnabelJoe#339)) ([ce90af9](AnnabelJoe@ce90af9)) * implement webhook notifications for certificate lifecycle events ([AnnabelJoe#353](AnnabelJoe#353)) ([4205191](AnnabelJoe@4205191)) * **load-test:** add k6 baseline + breakpoint scenarios, p95<500ms threshold ([f019ccc](AnnabelJoe@f019ccc)) * mock Freighter wallet for CI testing ([#2](AnnabelJoe#2)) ([325b565](AnnabelJoe@325b565)) * **notifications:** email alerts for mint, retire, and mint failure ([AnnabelJoe#140](AnnabelJoe#140)) ([7ce4a12](AnnabelJoe@7ce4a12)) * **security:** add HTTP security headers ([AnnabelJoe#129](AnnabelJoe#129)) ([944c5b9](AnnabelJoe@944c5b9)) * **security:** add RLS policies for multi-tenant isolation ([AnnabelJoe#274](AnnabelJoe#274)) ([9b2ce49](AnnabelJoe@9b2ce49)) * **security:** API key auth for meter submissions ([AnnabelJoe#131](AnnabelJoe#131)) ([a437a9b](AnnabelJoe@a437a9b)) * **security:** HTTPS redirect and HSTS headers ([45c9c81](AnnabelJoe@45c9c81)) * **security:** restrict Supabase service role key usage ([AnnabelJoe#134](AnnabelJoe#134)) ([037e825](AnnabelJoe@037e825)) * staging environment deployment pipeline ([AnnabelJoe#295](AnnabelJoe#295)) ([8169df0](AnnabelJoe@8169df0)) * support fractional kWh tokens with 3 decimal places ([84ee9a6](AnnabelJoe@84ee9a6)), closes [AnnabelJoe#354](AnnabelJoe#354) * **testing:** add mutation testing for Rust contracts and TS utilities ([AnnabelJoe#331](AnnabelJoe#331)) ([29135d5](AnnabelJoe@29135d5)) * **web:** real-time energy chart with WebSocket + polling fallback ([AnnabelJoe#260](AnnabelJoe#260)) ([7881a7e](AnnabelJoe@7881a7e)) ### Bug Fixes * **ci:** add dependency license compliance check ([AnnabelJoe#344](AnnabelJoe#344)) ([ab4b39e](AnnabelJoe@ab4b39e)) * resolve conflicts, reconcile retirement model, and fix tests ([a0d4332](AnnabelJoe@a0d4332)) * resolve JSX parse errors in dashboard and verify pages ([a1ec4b7](AnnabelJoe@a1ec4b7)) * resolve residual merge conflict markers ([1c8b371](AnnabelJoe@1c8b371)) * resolve workspace compilation and type errors ([042221a](AnnabelJoe@042221a)) * **security:** add security headers to all HTTP responses ([AnnabelJoe#340](AnnabelJoe#340)) ([1d6db6b](AnnabelJoe@1d6db6b)) * **security:** implement audit logging for sensitive operations ([AnnabelJoe#341](AnnabelJoe#341)) ([34d0971](AnnabelJoe@34d0971)) * **security:** implement CSP headers for Next.js web app ([AnnabelJoe#333](AnnabelJoe#333)) ([2834203](AnnabelJoe@2834203)) ### Documentation * add hardware meter integration guide ([AnnabelJoe#320](AnnabelJoe#320)) ([f5c4b3e](AnnabelJoe@f5c4b3e)) * add inline comments and required/optional markers to .env.example ([AnnabelJoe#318](AnnabelJoe#318)) ([92ea4da](AnnabelJoe@92ea4da)) * add mainnet deployment process and checklist to deployments.md ([AnnabelJoe#285](AnnabelJoe#285)) ([c08ad58](AnnabelJoe@c08ad58)) * add operational runbooks ([AnnabelJoe#315](AnnabelJoe#315)) ([2638a9f](AnnabelJoe@2638a9f)) * add OWASP Top 10 security review and remediate misconfiguration ([AnnabelJoe#334](AnnabelJoe#334)) ([092e901](AnnabelJoe@092e901)) * add SECRETS.md — centralized secrets management guide ([AnnabelJoe#289](AnnabelJoe#289)) ([90eed76](AnnabelJoe@90eed76)) * add Stellar mainnet deployment checklist and go-live plan ([120d730](AnnabelJoe@120d730)), closes [AnnabelJoe#142](AnnabelJoe#142) * add user guide for web dashboard (closes [AnnabelJoe#317](AnnabelJoe#317)) ([eb1a425](AnnabelJoe@eb1a425)) * **audit:** add security audit engagement tracking and remediation policy ([bca11a2](AnnabelJoe@bca11a2)) * **contracts:** add/enhance Rust doc comments on all public functions ([AnnabelJoe#319](AnnabelJoe#319)) ([18c472a](AnnabelJoe@18c472a)) * create SECURITY.md with vulnerability disclosure policy ([AnnabelJoe#314](AnnabelJoe#314)) ([7698660](AnnabelJoe@7698660)) * **performance:** ensure load test baseline + breaking point documentation ([9a0056a](AnnabelJoe@9a0056a)) * standardize CHANGELOG.md and update PR template [AnnabelJoe#312](AnnabelJoe#312) ([8281f08](AnnabelJoe@8281f08))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a dedicated
overflow_testsmodule with 16 tests covering everyi128arithmetic path inenergy_tokenfor overflow and underflow conditions.Tests added
Overflow (addition wraps past
i128::MAX)mint_overflows_recipient_balancebalance + amountinmint()mint_overflows_total_mintedtotal_minted + amountinmint()transfer_overflows_recipient_balancetb + amountinmove_balance()transfer_from_overflows_recipienttransfer_from()Underflow / insufficient funds (subtraction below zero)
burn_underflows_when_amount_exceeds_balancededuct_balance()burn_underflows_on_zero_balancededuct_balance()with no prior mintburn_from_underflows_when_balance_exhausteddeduct_balance()viaburn_from()burn_from_underflows_allowancespend_allowance()transfer_underflows_sendermove_balance()sender sideZero/negative input guards
mint_zero_amount_rejectedamount must be positivemint_negative_amount_rejectedamount must be positiveburn_zero_amount_rejectedamount must be positivetransfer_zero_amount_rejectedamount must be positiveapprove_negative_amount_rejectedamount must be non-negativeCloses AnnabelJoe#559