��# Issue 7: Add Admin Key Rotation Function
Problem
Admin key is locked after initialization. No way to rotate compromised keys or transfer admin rights.
Solution
- Implement
rotate_admin(new_admin: Address) function (lib.rs)
- Only current admin can call it; validates new admin isn't zero address or same as current
- Emits rotation event with old/new admin for audit trail
- TypeScript helper
sorobanRotateAdmin() to invoke from core
Implementation Tasks
Note for Contributors
This issue is independent but should be completed after Issue #1 if metadata storage is enhanced. The rotation is immediate (not time-locked) for MVP simplicity. Store full rotation history in events; external systems will reconstruct admin ownership from the event stream. Use env.ledger().timestamp() for rotation timestamps. Ensure old admin loses all privileges immediately after rotation completes. Test both successful rotations and rejection of invalid rotations (zero address, same admin).
��# Issue 7: Add Admin Key Rotation Function
Problem
Admin key is locked after initialization. No way to rotate compromised keys or transfer admin rights.
Solution
rotate_admin(new_admin: Address)function (lib.rs)sorobanRotateAdmin()to invoke from coreImplementation Tasks
rotate_admin()function in lib.rs with auth guard("admin", "rotated")event with timestampssorobanRotateAdmin()TypeScript helperNote for Contributors
This issue is independent but should be completed after Issue #1 if metadata storage is enhanced. The rotation is immediate (not time-locked) for MVP simplicity. Store full rotation history in events; external systems will reconstruct admin ownership from the event stream. Use
env.ledger().timestamp()for rotation timestamps. Ensure old admin loses all privileges immediately after rotation completes. Test both successful rotations and rejection of invalid rotations (zero address, same admin).