Vault Security Hardening: Admin Overrides, Investor Caps, Transfer Safety, and Lock-Up Enforcement

[Nanle-code]

Overview

This PR delivers a comprehensive security hardening of the vault system by addressing four critical issues:
Closes #101
Closes #105
Closes #104
Closes #103

The changes introduce:

• Fine-grained admin controls
• Investor participation limits
• Safer cross-contract asset transfers
• Share transfer lock-up enforcement

All enhancements are implemented with backward compatibility preserved.

---

Key Improvements

1. Per-Vault Admin Configuration (Fixes #101)

• Added optional parameters:
  • vault_admin
  • zkme_verifier
  • cooperator
• Updated factory methods:
  • create_single_rwa_vault
  • create_single_rwa_vault_full
  • create_single_rwa_vault_batch
  • batch_create_vaults
• Implemented fallback to factory defaults when overrides are not provided
• Extended VaultCreated event to include admin metadata
• Maintained full backward compatibility

---

2. Investor Count Tracking and Cap Enforcement (Fixes #105)

• Added storage keys:
  • InvCount
  • MaxInvestors
  • DepTimestamp
• Implemented:
  • Increment on first deposit
  • Decrement on full withdrawal/redeem
• Enforced max investor cap in:
  • deposit()
  • mint()
• Added error:
  • MaxInvestorsReached
• Added admin function:
  • set_max_investors()
• Added view functions:
  • investor_count()
  • max_investors()
  • lock_up_remaining()

---

3. Safe Cross-Contract Asset Transfers (Fixes #104)

• Added pre-transfer vault balance validation
• Introduced error:
  • InsufficientVaultBalance
• Added view function:
  • vault_asset_balance()
• Improved failure diagnostics
• Documented atomicity guarantees in transfer flows

---

4. Share Lock-Up Period Enforcement (Fixes #103)

• Added storage:
  • LockUpPeriod
  • Per-user deposit timestamps
• Enforced lock-up in:
  • transfer()
  • transfer_from()
  • withdraw()
  • redeem()
• Excluded redeem_at_maturity() from lock-up restrictions
• Added error:
  • SharesLocked
• Added admin function:
  • set_lock_up_period()
• Added helper function:
  • lock_up_remaining()
• Updated deposit/mint to record timestamps

---

Technical Notes

• Storage schema extended with new keys and serialization mappings
• Event schema enhanced for better observability
• All changes preserve transactional atomicity
• No breaking changes introduced

---

Checklist

• Code compiles successfully
• All targeted issues resolved (Factory Deploys All Vaults with Factory's Own Admin — No Per-Vault Admin Override #101, Implement Investor Participant Counter and Maximum Investor Cap #105, Cross-Contract Asset Transfer Failure Not Handled — Vault State Left Inconsistent #104, Implement Share Transfer Lock-Up Period After Deposit #103)
• Backward compatibility maintained
• Storage updates validated
• Admin and view functions implemented
• Error handling improved
• Events updated accordingly

---

Closes

Closes #101, #105, #104, #103

[Nanle-code]

@Jayy4rl Review this