fix(events): harden cancellation liveness#82
Conversation
|
Important Review skippedToo many files! This PR contains 198 files, which is 98 over the limit of 100. To get a review, narrow the scope: Upgrade to a paid plan to raise the limit. ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (198)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Committed Soroban test snapshots are derived artifacts (cargo test regenerates them from any commit) and are not byte-reproducible across runs, so they churned on every test run and inflated PR diffs past the limits of the security scanners: on PR #82 both Almanax (diff too large) and CodeRabbit (198 files) skipped review of a HIGH-severity contract change because of snapshot noise. Gitignore test_snapshots/, untrack the 238 committed files (kept on disk locally), and update the CLAUDE.md hard rule so contributors inspect regenerated snapshot diffs during review instead of committing them. Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Resolved snapshot file conflicts by accepting upstream deletion (snapshots are gitignored per repo convention). Upstream changes: - chore: stop tracking test snapshots; regenerate locally instead (boundlessfi#84) - test(admin): assert admin auth is actually required, not just mocked (boundlessfi#78) - fix(events): harden cancellation liveness (boundlessfi#82)
Summary
Fix cancellation liveness by removing the unbounded contributor scan and allowing anyone to progress an event after cancellation has started.
Also hardens the mainnet 1.1.0 → 1.2.0 upgrade workflow around the zero-event migration assumption and the existing 2-of-3 multisig.
Changes made
add_funds.start_cancelread the stored total instead of scanning contributors.process_cancel_batchandfinalize_cancelpermissionless while the event isCancelling.boundless-eventsfrom 1.1.0 to 1.2.0.Files changed
contracts/events/src/event_ops.rscontracts/events/src/storage.rscontracts/events/src/types.rscontracts/events/src/errors.rscontracts/events/src/admin.rscontracts/events/src/lib.rscontracts/events/src/tests/cancel_refund.rscontracts/events/src/tests/admin.rscontracts/events/Cargo.tomlCargo.lockdeploy_mainnet.shdocs/mainnet-deploy-runbook.mddocs/scout-audit-report.mddocs/threat-model.mdBACKLOG.mdcontracts/events/test_snapshots/Test coverage
start_cancelhas constant ledger-read usage with 220 contributors.Verification
cargo test -p boundless-events cancel_refund— 18 passedcargo test -p boundless-events— 185 passedcargo test --all— 237 passedcargo fmt --all -- --check— passedgit diff --check— passedbash -n deploy_mainnet.sh— passedabc3e60029ce340a31f66ceb22e92ddcc51ba439fb3447ce1da996c740e2a7b0Mainnet upgrade safety
Closes #69