fix: address issues #351, #352, #358, #359#399
Merged
Conversation
- Iris-IV#358: remove first_creator block in contribute; after ownership transfer the original creator is a regular community member - Iris-IV#359: subtract only immediately-released funds from total_raised_global in withdraw_funds (keep reserve in the global), then subtract reserve_amount in withdraw_reserve when it is actually paid out - Iris-IV#351: add require_not_paused to set_vesting_params so vesting parameters cannot be changed silently while the contract is paused - Iris-IV#352: add require_not_paused to update_campaign and update_campaign_description to prevent metadata swaps during a pause
|
@Jayy4rl Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Contributor
|
Auto-review failed (API error). Leaving PR for human review. |
Replace original_creator_cannot_contribute_after_campaign_transfer with original_creator_can_contribute_after_campaign_transfer to reflect the corrected behaviour: after ownership transfer the original creator is a regular community member and must be allowed to contribute.
Contributor
|
Auto-review failed (API error). Leaving PR for human review. |
dmystical-coder
added a commit
that referenced
this pull request
May 30, 2026
The auto-review workflow auto-merges PRs scored confidence>=0.7 by an LLM using `gh pr merge --admin`, bypassing branch protection. This is how PR #399 landed in a non-compiling state (#400, #401, #402). Beyond the --admin bypass, the file has multiple structural problems that cannot be patched without a full rewrite: - System prompt is configured to "APPROVE almost everything" with explicit instructions to ignore missing tests, no error handling, hardcoded values, etc. This framing is incompatible with a smart-contract project that custodies funds. - Runs on `pull_request_target` with `contents: write` permissions, a known supply-chain risk surface. - System prompt still references "Lernza, a hackathon project" (leftover from another repo) and merge commits inject `Co-authored-by: Dopey <hello@sshdopey.com>` on every auto-merge. - `actions/checkout@v6` is unpinned (tag, not SHA). This commit renames the file to `auto-review.yml.disabled` so GitHub Actions stops loading it. The file is preserved in the tree (not deleted) for reference if a future advisory bot is designed from scratch with safer foundations. CI (`ci.yml`) is unaffected. PR review is now fully human-driven. Closes #404
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📌 Description
Provide a clear and concise description of the changes in this PR.
🔗 Related Issues
Use GitHub's auto-close keywords with the
#prefix (one issue per line):Multiple issues can be closed by repeating the keyword on separate lines.
🧪 Changes Made
✅ Checklist
If this PR introduces breaking changes, describe them here.
📸 Screenshots (if applicable)
Add screenshots to help reviewers understand the changes.
🧩 Additional Notes
Anything else reviewers should know.