Merged
Conversation
- Rename vault.rs to contract.rs (Soroban convention) - Extract VaultOverview and ClaimPreview structs to new types.rs module - Update lib.rs to declare types module and re-export from contract - Update test.rs imports to reference contract module - No logic changes — purely structural refactor Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rename sale.rs to contract.rs (Soroban convention) - Replace string-based storage keys with typed DataKey enum in storage_types.rs - Introduce ContractError enum in error.rs replacing .unwrap() calls - Define and emit BuyEvent in events.rs on successful buy() - Add set_token() function with admin authorization for deployment flow - Constructor now accepts admin parameter (compatible with tokenDeploymentService) - Update lib.rs to declare all new modules with public re-exports - Update test.rs imports and constructor call signature - All 59 tests passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Participation Token: - Replace fragile string-based storage keys with typed DataKey enum - Replace unwrap() calls with proper error handling (ContractError) - Add amount > 0 validation on buy() - Emit buy event for observability - Add tests for zero and negative amount rejection Vault Contract: - Replace all arithmetic with checked_add/checked_mul/checked_sub/checked_div - Replace expect() calls with typed ContractError::NotInitialized - Add ArithmeticOverflow error variant - Extract calculate_usdc_amount() and get_required() helpers Token Factory: - Use checked_add in receive_balance to prevent overflow - Use checked_sub in spend_balance and spend_allowance to prevent underflow All 61 tests pass (escrow: 26, participation-token: 3, token-factory: 9, vault: 23). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Storage & TTL: - Add TTL constants (7-day bump) and extend_ttl on every buy() call - Prevents storage expiration on testnet/mainnet Input validation: - Move USDC address from buy() parameter to constructor storage - Eliminates attack vector where caller could pass a malicious token contract - Constructor now takes: escrow_contract, participation_token, usdc_address External contract interactions: - Extract mint_participation_tokens() helper with documentation - Documents why invoke_contract is used (mint is not part of TokenInterface) Events & observability: - Add events.rs module with typed BuyEvent struct - Structured event data (payer, beneficiary, amount) for indexers Tests: - Add test_buy_payer_different_from_beneficiary (payer != beneficiary scenario) - Update all tests for new constructor signature (3 params → no usdc in buy) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…it report (#5) - Migrate BuyEvent to #[contractevent] macro (removes deprecated API warning) - Add 5 edge case tests for participation-token - Add 10 edge case tests for vault-contract - Add 9 edge case tests for token-factory - Add formal security audit report (security-audit-report-v1.0.0.md) - Scout audit: 0 critical, 0 medium, 0 minor on participation-token Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… and transaction calls
Validate all constructor parameters before storing: - ROI percentage must be in range 0..=10000 - Token and USDC addresses must differ - Add ContractError variants: InvalidRoiPercentage, TokenAndUsdcMustDiffer - Add 5 tests covering valid and invalid constructor inputs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… purchases - Add hard cap and max per investor parameters to ParticipationTokenContract constructor. - Implement validation for hard cap and per-investor cap in the buy function. - Introduce new ContractError variants for HardCapExceeded and InvestorCapExceeded. - Update storage types to include hard cap, max per investor, and total minted. - Enhance tests to cover scenarios for hard cap and per-investor cap limits. All tests passing.
…cked_add (#25, #26) #25: Replace all .expect() calls with typed ContractError variants: - claim(): use .ok_or() for Enabled, RoiPercentage, TokenAddress, UsdcAddress - get_admin, get_roi_percentage, get_token_address, get_usdc_address: change return to Result - get_vault_usdc_balance: use .ok_or() for UsdcAddress - preview_claim, get_vault_overview: change return to Result, use .ok_or() - Add error variants: ArithmeticOverflow, EnabledNotFound, RoiPercentageNotFound, TokenAddressNotFound, UsdcAddressNotFound #26: Use checked_add for total_redeemed + token_balance in claim(), propagating ArithmeticOverflow on overflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…factory, participation token, and vault contract
…entage in vault contract
…ns and using contractevent directly
- Update hard cap validation logic to ensure it only checks against the hard cap if it is greater than zero. - This change prevents unnecessary checks when the hard cap is not set, improving contract robustness.
- Introduce new error variants for TokenAndUsdcCannotBeSame and InvalidAddressConfiguration to enforce address validation. - Update constructor to panic if token and USDC addresses are the same or if admin address matches token or USDC. - Add comprehensive tests to validate constructor behavior for various address configurations. - Enhance documentation with trust assumptions and deployment checklist for better clarity. -27 test succesfully passed (23 alredy exists + 4 new )
…djust buy function parameters
- Implement a flag to prevent re-invocation of the constructor, enhancing contract security. - Introduce a new error variant `AlreadyInitialized` to handle attempts to initialize an already initialized contract. - Update documentation and tests to reflect the new initialization behavior and error handling. - Ensure all tests pass successfully.
- Add validation to the constructor to reject negative ROI percentages, introducing a new error variant `InvalidRoiPercentage`. - Update existing error handling to return appropriate errors for missing storage values, including `EnabledFlagNotFound`, `RoiPercentageNotFound`, `TokenAddressNotFound`, and `UsdcAddressNotFound`. - Modify relevant functions to return `Result` types instead of panicking, improving error management. - Implement new tests to validate the behavior of the constructor with negative ROI and ensure zero ROI is accepted. - All tests passing successfully.
Add tests for security scenarios identified in audit finding F-14: - test_claim_overflow_in_formula: verify checked_mul panics on i128 overflow - test_constructor_rejects_negative_roi: verify negative ROI is rejected - test_double_claim_same_beneficiary: verify second claim fails after burn - test_non_admin_cannot_change_availability: verify auth fails without admin TTL tests omitted — depends on #22 (not yet implemented) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…enization-private-credit into Villarley-fix/scout-findings
Integrate vault constructor validation from CoKeFish PR #24: - Keep our implementation (ROI_MAX=1000 per audit F-02, admin validation, re-init protection) - Add test_constructor_rejects_excessive_roi and test_constructor_accepts_max_roi - Update InvalidRoiPercentage message to 'between 0 and 1000' - Fix should_panic expectations in ROI boundary tests Made-with: Cursor
…teractuar-1stiteration
…D validation + add security tests Made-with: Cursor
… extend_ttl and EnabledFlagNotFound Made-with: Cursor
…actuar-1stiteration
…ep feat/interactuar-1stiteration structure - participation-token: keep contract.rs (escrow, admin, hard_cap), add AmountMustBePositive, #[contractevent], security tests - vault-contract: keep extend_ttl, types module, full errors; add NotInitialized; merge security tests - Remove sale.rs (use contract.rs) Made-with: Cursor
…to participation-token
…n-token deployment
…ation-token handling
… in a single transaction
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (37)
📝 WalkthroughWalkthroughThis PR introduces a comprehensive restructuring of the Soroban smart contracts: bumps dependency versions (soroban-sdk/token-sdk to 25.1.0), adds a new deployer contract orchestrating three-contract deployment, refactors participation-token and vault contracts with Result-based error handling and safety checks, introduces a new token-sale contract, removes the token-factory crate, and adds extensive security audit documentation. Changes
Sequence DiagramsequenceDiagram
participant User as User/Admin
participant Deployer as Deployer Contract
participant TokenSale as Token Sale Contract
participant PartToken as Participation Token Contract
participant Vault as Vault Contract
User->>Deployer: deploy_all(params)
activate Deployer
Note over Deployer: Phase 1: Deploy Token Sale
Deployer->>TokenSale: deploy(salt, escrow, admin)
activate TokenSale
TokenSale-->>Deployer: token_sale_address
deactivate TokenSale
Note over Deployer: Phase 2: Deploy Participation Token
Deployer->>PartToken: deploy(salt, name, symbol, mint_authority=token_sale)
activate PartToken
PartToken-->>Deployer: participation_token_address
deactivate PartToken
Note over Deployer: Phase 3: Wire Token Sale to Participation Token
Deployer->>TokenSale: set_token(participation_token_address)
activate TokenSale
TokenSale-->>Deployer: ok
deactivate TokenSale
Note over Deployer: Phase 4: Transfer Admin Authority
Deployer->>TokenSale: set_admin(final_admin)
activate TokenSale
TokenSale-->>Deployer: ok
deactivate TokenSale
Note over Deployer: Phase 5: Deploy Vault
Deployer->>Vault: deploy(salt, admin, token=participation_token, usdc=usdc)
activate Vault
Vault-->>Deployer: vault_address
deactivate Vault
Deployer-->>User: DeployedContracts {token_sale, participation_token, vault}
deactivate Deployer
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes Possibly related issues
Possibly related PRs
Suggested reviewers
Poem
✨ Finishing Touches
🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Tip CodeRabbit can generate a title for your PR based on the changes.Add |
zkCaleb-dev
approved these changes
Mar 12, 2026
JoelVR17
approved these changes
Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Improvements
Documentation