Validate upgrade_manager migration steps are reversible and authorized before apply

[greatest0fallt1me]

Description

upgrade_manager.rs and versioning.rs drive contract upgrades and storage migrations. Before any migration applies, the manager must verify the caller is an authorized admin, that each step passes Migration::validate, and that irreversible steps are explicitly flagged so an operator cannot accidentally apply a non-reversible migration without acknowledgement.

Requirements and Context

• Audit contracts/predictify-hybrid/src/upgrade_manager.rs apply path for require_auth and step validation.
• Use Migration::is_reversible/validate to gate application and record mark_completed/mark_failed.
• Reject downgrades or version-incompatible migrations using Version::is_compatible_with.
• Must be secure, tested, and documented
• Should be efficient and easy to review

Suggested Execution

1. Fork the repo and create a branch

   git checkout -b task/upgrade-migration-guards

2. Implement changes
   • contracts/predictify-hybrid/src/upgrade_manager.rs, contracts/predictify-hybrid/src/versioning.rs
3. Test and commit
   • cargo test -p predictify-hybrid -- upgrade version
   • Cover edge cases: unauthorized caller, invalid step, downgrade attempt, irreversible step
   • Include test output and notes in the PR

Example commit message

task: enforce auth and validation on upgrade migrations

Acceptance Criteria

• Migration apply requires admin auth
• Each step is validated and irreversible steps are flagged
• Version-incompatible/downgrade migrations are rejected

Guidelines

• Minimum 95% coverage on touched code, validate auth and version-compatibility assumptions
• Clear documentation and inline comments
• Timeframe: 96 hours

[Oluwasuyi-Timilehin]

@Oluwasuyi-Timilehin has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi

I would love to work on this issue and contribute to the project.

I’ve reviewed the details and feel confident that I can investigate and implement a solid solution for this.

If this issue is currently unassigned and open for external contributors, could you please assign it to me? I will get started on a fix right away and submit a Pull Request as soon as it's ready.

Please let me know if there are any specific guidelines or approaches you'd like me to follow for this particular task.

Thanks.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Oluwasuyi-Timilehin to this issue.

[drips-wave]

Congratulations, @Oluwasuyi-Timilehin! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Oluwasuyi-Timilehin: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊