Description
The transfer_component in the Starknet contract has several issues impacting security, functionality, and efficiency. This issue outlines critical problems and proposed fixes.
Problems and Proposed Fixes
No Expiration Handling
Problem: Transfers are not marked as Expired when expires_at is reached, and total_expired_transfers is never updated.
Fix: Add a function to mark expired transfers or check expiration in status-changing functions.
Missing Agent Assignment Logic
Problem: assigned_agent is always zero and lacks assignment logic, limiting cash-out functionality.
Fix: Implement an admin-only function to assign agents to transfers.
Verbose Zero Address Creation
Problem: Uses 0.try_into().unwrap() for zero addresses.
Fix: Replace with Zero::zero() from core::num::traits::Zero.
Inefficient Pagination
Problem: get_transfers_by_sender/get_transfers_by_recipient iterate over indices, which may be gas-intensive.
Fix: Optimize storage or add status-based filtering.
Missing Expiration Checks
Problem: No expiration validation in complete_transfer, partial_complete_transfer, or request_cash_out.
Fix: Add checks to prevent actions on expired transfers.
Unclear Metadata Usage
Problem: metadata is stored but not validated or used.
Fix: Define its purpose or remove if unnecessary.
Statistics Double-Counting
Problem: total_completed_transfers increments for both complete_transfer and complete_cash_out, risking double-counting.
Fix: Use separate counters or clarify counting logic.
Acceptance Criteria
Implement expiration handling for transfers.
Add an admin-only agent assignment function.
Replace zero address creation with Zero::zero().
Optimize pagination for sender/recipient queries.
Add expiration checks in relevant functions.
Define or remove metadata field.
Ensure accurate transfer statistics with clear counting logic.
Include unit tests for all fixes, covering edge cases.
Description
The transfer_component in the Starknet contract has several issues impacting security, functionality, and efficiency. This issue outlines critical problems and proposed fixes.
Problems and Proposed Fixes
No Expiration Handling
Problem: Transfers are not marked as Expired when expires_at is reached, and total_expired_transfers is never updated.
Fix: Add a function to mark expired transfers or check expiration in status-changing functions.
Missing Agent Assignment Logic
Problem: assigned_agent is always zero and lacks assignment logic, limiting cash-out functionality.
Fix: Implement an admin-only function to assign agents to transfers.
Verbose Zero Address Creation
Problem: Uses 0.try_into().unwrap() for zero addresses.
Fix: Replace with Zero::zero() from core::num::traits::Zero.
Inefficient Pagination
Problem: get_transfers_by_sender/get_transfers_by_recipient iterate over indices, which may be gas-intensive.
Fix: Optimize storage or add status-based filtering.
Missing Expiration Checks
Problem: No expiration validation in complete_transfer, partial_complete_transfer, or request_cash_out.
Fix: Add checks to prevent actions on expired transfers.
Unclear Metadata Usage
Problem: metadata is stored but not validated or used.
Fix: Define its purpose or remove if unnecessary.
Statistics Double-Counting
Problem: total_completed_transfers increments for both complete_transfer and complete_cash_out, risking double-counting.
Fix: Use separate counters or clarify counting logic.
Acceptance Criteria
Implement expiration handling for transfers.
Add an admin-only agent assignment function.
Replace zero address creation with Zero::zero().
Optimize pagination for sender/recipient queries.
Add expiration checks in relevant functions.
Define or remove metadata field.
Ensure accurate transfer statistics with clear counting logic.
Include unit tests for all fixes, covering edge cases.