Skip to content

feat: add upgrade authority enforcement + adversarial test suite#76

Open
postqcoin wants to merge 1 commit into
wraith-protocol:mainfrom
postqcoin:feat/upgrade-authority-test-suite
Open

feat: add upgrade authority enforcement + adversarial test suite#76
postqcoin wants to merge 1 commit into
wraith-protocol:mainfrom
postqcoin:feat/upgrade-authority-test-suite

Conversation

@postqcoin

@postqcoin postqcoin commented Jun 18, 2026

Copy link
Copy Markdown

Summary

Implements upgrade admin mechanism for stealth-sender contract with comprehensive adversarial test suite proving security properties.

Contract Changes (stealth-sender)

  • Add Admin and Renounced storage keys
  • Add admin parameter to init() for upgrade authority
  • Add upgrade() function using deployer().update_current_contract_wasm()
  • Add set_admin() for admin transfer (requires current admin auth)
  • Add renounce_upgrade_authority() for permanent irreversible renouncement
  • Add get_admin() and is_renounced() view functions

Adversarial Test Suite

Test Property Verified
test_non_admin_cannot_upgrade Auth enforcement
test_admin_can_upgrade Happy path upgrade
test_admin_can_renounce Renounce flow
test_cannot_renounce_twice Double-renounce prevention
test_cannot_upgrade_after_renounce Post-renounce upgrade blocked
test_cannot_set_admin_after_renounce Admin change blocked post-renounce
test_admin_can_change_admin Admin transfer
test_non_admin_cannot_change_admin Admin transfer auth enforcement
test_admin_change_preserves_announcer State preservation

GOVERNANCE.md

  • Documents upgrade classification per contract
  • Describes admin role and upgrade mechanism
  • Documents renounce mechanism and security properties
  • Lists test coverage and mainnet readiness checklist

Closes #57

@aglichandrap
feat: add upgrade authority enforcement + adversarial tests
d4601c7 
Implements upgrade admin mechanism for stealth-sender contract with
comprehensive adversarial test suite proving security properties.

Contract changes (stealth-sender):
- Add Admin and Renounced storage keys
- Add admin parameter to init() for upgrade authority
- Add upgrade() function using deployer().update_current_contract_wasm()
- Add set_admin() for admin transfer (requires current admin auth)
- Add renounce_upgrade_authority() for permanent irreversable renouncement
- Add get_admin() and is_renounced() view functions

Adversarial test suite:
- test_non_admin_cannot_upgrade — verifies auth enforcement
- test_admin_can_upgrade — happy path upgrade
- test_admin_can_renounce — renounce flow
- test_cannot_renounce_twice — double-renounce prevention
- test_cannot_upgrade_after_renounce — post-renounce blocked
- test_cannot_set_admin_after_renounce — admin change blocked post-renounce
- test_admin_can_change_admin — admin transfer
- test_non_admin_cannot_change_admin — admin transfer auth
- test_admin_change_preserves_announcer — state preservation

GOVERNANCE.md:
- Documents upgrade classification per contract
- Describes admin role and upgrade mechanism
- Documents renounce mechanism and security properties
- Lists test coverage and mainnet readiness checklist

Closes wraith-protocol#57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Stellar contract upgrade authority enforcement test suite

2 participants

@postqcoin @aglichandrap