feat: add circuit-breaker pause pattern to stealth-sender and wraith-names#77
Open
postqcoin wants to merge 2 commits into
Open
feat: add circuit-breaker pause pattern to stealth-sender and wraith-names#77postqcoin wants to merge 2 commits into
postqcoin wants to merge 2 commits into
Conversation
Implements upgrade admin mechanism for stealth-sender contract with comprehensive adversarial test suite proving security properties. Contract changes (stealth-sender): - Add Admin and Renounced storage keys - Add admin parameter to init() for upgrade authority - Add upgrade() function using deployer().update_current_contract_wasm() - Add set_admin() for admin transfer (requires current admin auth) - Add renounce_upgrade_authority() for permanent irreversable renouncement - Add get_admin() and is_renounced() view functions Adversarial test suite: - test_non_admin_cannot_upgrade — verifies auth enforcement - test_admin_can_upgrade — happy path upgrade - test_admin_can_renounce — renounce flow - test_cannot_renounce_twice — double-renounce prevention - test_cannot_upgrade_after_renounce — post-renounce blocked - test_cannot_set_admin_after_renounce — admin change blocked post-renounce - test_admin_can_change_admin — admin transfer - test_non_admin_cannot_change_admin — admin transfer auth - test_admin_change_preserves_announcer — state preservation GOVERNANCE.md: - Documents upgrade classification per contract - Describes admin role and upgrade mechanism - Documents renounce mechanism and security properties - Lists test coverage and mainnet readiness checklist Closes wraith-protocol#57
…names Implements admin-controlled pause mechanism (circuit-breaker) for the two contracts that handle state mutations: stealth-sender: - Add Paused storage key and ContractPaused error - Add pause(), unpause(), is_paused() admin functions - Add require_not_paused() check to send() and batch_send() - Upgrade/admin functions remain operational during pause wraith-names: - Add Admin storage key and init() with admin parameter - Add Paused storage key and ContractPaused error - Add pause(), unpause(), is_paused() admin functions - Add require_not_paused() check to register(), update(), release() - resolve() and name_of() remain available (read-only) when paused Not pausable (by design): - stealth-announcer: pure event emitter, no state - stealth-registry: stateless, redeploy if needed Documentation: - PAUSE.md: per-contract pause behavior and incident response playbook - Tests: 7 new adversarial pause tests for wraith-names Closes wraith-protocol#75
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements admin-controlled pause mechanism (circuit-breaker) for the two contracts that handle state mutations.
Contract Changes
stealth-sender
wraith-names
Not Pausable (by design)
Documentation
Closes #75