Skip to content

feat: implement robust access control and security fixes#86

Open
JerryIdoko wants to merge 2 commits into
mericcintosun:mainfrom
JerryIdoko:feat/access-control-security-fix
Open

feat: implement robust access control and security fixes#86
JerryIdoko wants to merge 2 commits into
mericcintosun:mainfrom
JerryIdoko:feat/access-control-security-fix

Conversation

@JerryIdoko

@JerryIdoko JerryIdoko commented Apr 30, 2026

Copy link
Copy Markdown

This PR addresses Issue #50 by implementing a robust administrative access control system for the risk scoring contract.

Key Enhancements:

  1. Access Control: Implemented an \Admin\ role. Only the authorized administrator can call \set_risk_tier\ to assign risk scores to users. This prevents the previous vulnerability where any address could overwrite any user's risk data.
  2. Ownership Management: Added \initialize\ and \set_admin\ functions, allowing for secure contract setup and ownership transfer.
  3. Storage Best Practices: Refactored the contract to use a structured \DataKey\ enum for all storage operations, improving code maintainability and preventing key collisions.
  4. Security Testing: Added a comprehensive suite of 12 unit tests that verify both functional requirements and security constraints (e.g., unauthorized access attempts).
  5. CI/CD Fix: Enabled the \ estutils\ feature in \Cargo.toml\ to resolve compilation errors in the test environment.
  6. Repository Cleanup: Updated .gitignore\ and removed accidentally committed build artifacts (\ arget/\ directory) to keep the repository clean.

Why this is the best solution for #50:

Unlike previous attempts, this PR provides a complete lifecycle for administration (initialization, transfer, and enforcement) and follows modern Soroban patterns. It also fixes the broken build which was preventing other PRs from being properly validated.

Resolves #50

@JerryIdoko
feat: implement comprehensive access control for risk scores
ab5b3ce 
This PR addresses Issue mericcintosun#50 by implementing a robust administrative access control system.

Key Changes:
- Enabled 'testutils' in Cargo.toml to fix broken test builds.
- Implemented 'Admin' authorization for 'set_risk_tier' to prevent unauthorized users from overwriting risk scores.
- Added 'initialize' and 'set_admin' functions for ownership management.
- Refactored storage to use a clean 'DataKey' enum pattern.
- Added a suite of security tests covering authorization and admin transfers.
- Cleaned up repository by removing build artifacts from version control and updating .gitignore.

This fix ensures that only authorized risk engines/administrators can assign risk tiers, while users retain the ability to authorize their own chosen tier updates.
@vercel

vercel Bot commented Apr 30, 2026

Copy link
Copy Markdown

@JerryIdoko is attempting to deploy a commit to the mericcintosun Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] set_risk_tier has no access control — any address can overwrite any user's score

1 participant

@JerryIdoko