feat(escrow): enforce liability floor on terminal dust sweep#295
Open
Vvictor-commits wants to merge 1 commit into
Open
feat(escrow): enforce liability floor on terminal dust sweep#295Vvictor-commits wants to merge 1 commit into
Vvictor-commits wants to merge 1 commit into
Conversation
- Restore EscrowError enum, ensure/fail helpers accidentally removed from HEAD - Add EscrowError::SweepExceedsLiabilityFloor = 42 - Add DataKey::DistributedPrincipal: running total of principal returned via refund() - refund(): increment DistributedPrincipal atomically before token transfer - sweep_terminal_dust(): in cancelled (status 4) escrows, assert balance - sweep_amt >= funded_amount - distributed_principal so the sweep can never pull funds owed to unredeemed investors - Add get_distributed_principal() read-only accessor - 6 new tests in escrow/src/tests/external_calls.rs covering: all-refunded allows dust, no-refunds blocks sweep, partial refund allows only surplus, sweep eating outstanding is blocked, zero funded_amount edge case, counter accumulation across refunds - Update ADR-006 with liability floor decision and test table Fixes: sweep_terminal_dust liability floor (issue referenced in task) Refs: ADR-006, docs/escrow-security-checklist.md
|
@Vvictor-commits Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #267
Summary
Implements the on-chain invariant check:
sweep_terminal_dustcan no longer reduce the contract balance below outstanding investor liabilities in cancelled escrows.Problem
In a cancelled escrow (status 4), investors reclaim principal via
refund(). Nothing previously prevented the treasury from callingsweep_terminal_dustand draining tokens still owed to investors who hadn't refunded yet.Also fixes:
EscrowErrorenum,ensure, andfailhelpers were accidentally removed from HEAD — the codebase would not compile.Changes
escrow/src/lib.rsEscrowErrorenum,ensure,fail(accidentally deleted from HEAD)EscrowError::SweepExceedsLiabilityFloor = 42DataKey::DistributedPrincipal— additive key (absent ⇒ 0, backward-compatible per ADR-007)refund()— incrementsDistributedPrincipalatomically before token transfersweep_terminal_dust()— in cancelled (status 4) only, asserts:get_distributed_principal()read-only accessorescrow/src/tests/external_calls.rsSix new tests covering: all-refunded allows dust, no-refunds blocks sweep, partial refund allows only surplus, sweep eating outstanding blocked, zero funded_amount edge case, counter accumulation across refunds.
docs/adr/ADR-006-dust-sweep-and-token-safety.mdUpdated with liability floor decision, scoping rationale, and test table.
Security notes
saturating_sub/saturating_addthroughout — overflow-saferefund()