Skip to content

feat(escrow): integrate proxy manifest, checked arithmetic, and stric…#586

Merged
soomtochukwu merged 4 commits into
DXmakers:mainfrom
Kaycee276:task/SC-ESC-014-upgrade-proxy-manifest
May 27, 2026
Merged

feat(escrow): integrate proxy manifest, checked arithmetic, and stric…#586
soomtochukwu merged 4 commits into
DXmakers:mainfrom
Kaycee276:task/SC-ESC-014-upgrade-proxy-manifest

Conversation

@Kaycee276
Copy link
Copy Markdown
Contributor

@Kaycee276 Kaycee276 commented May 27, 2026

Description

Closes #368 ([SC-ESC-014] Escrow System Optimization and Validation Checkpoint - Step 14)

This PR implements required optimizations and validation enhancements inside the Lance marketplace's Escrow & Token Lockup Soroban smart contract. The primary aim is to integrate the upgradeable proxy manifest properly, guarantee operation bounds with mathematically checked constraints, and ensure authentication is rigorously managed across all state modifications.

Summary of Changes

  • Upgradeable Proxy Manifest:

    • Exposed a new version() getter method as a manifest proxy configuration standard.
    • Implemented get_multisig_config to actively allow off-chain fetching of detailed signers and required signature thresholds directly from persistent storage.

  • Strict Mathematical Boundaries:

    • Replaced hardcoded integer-based time calculations (30 * 24 * 60 * 60 and 7 * 24 * 60 * 60) within create_job and raise_dispute with explicit .checked_mul() iterative chains combined with .checked_add(). This prevents theoretical 64-bit bounds overflow.

  • Strict Authorization Framework:

    • Bound admin.require_auth() directly inside the initialize endpoint setup. This closes potential loop-holes related to unverified caller initialization.

  • Unit Testing:

    • Successfully mapped corresponding Rust unit tests test_version and test_get_multisig_config using the standard Cargo test harness (Env::default(), mocking auth, verifying results) without invoking gas-limit violations.

Type of Change

  • Feature implementation (non-breaking change extending functionality)
  • Security patch (enhancing auth verification and bounds checking)
  • Code refactor (optimization of existing algorithms)

Verification / Acceptance Criteria

  • The contract builds successfully to a highly optimized WASM target.
  • State changes successfully yield strict 401 equivalent errors without proper signatures.
  • Checked logic does not panic for valid inputs.

@Kaycee276
feat(escrow): integrate proxy manifest, checked arithmetic, and stric…
45d934a 
…t auth

- Implement explicit  and  chains for duration calculations
- Enforce  verification within the initialize flow
- Expose  and  getter endpoints for off-chain querying
- Add comprehensive unit tests mapping to the new functions
@Kaycee276 Kaycee276 requested a review from soomtochukwu as a code owner May 27, 2026 14:37
@vercel
Copy link
Copy Markdown

vercel Bot commented May 27, 2026

@Kaycee276 is attempting to deploy a commit to the mAzI's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented May 27, 2026

@Kaycee276 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@soomtochukwu soomtochukwu merged commit e4bfceb into DXmakers:main May 27, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@soomtochukwu soomtochukwu Awaiting requested review from soomtochukwu soomtochukwu is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SC-ESC-014] Escrow System Optimization and Validation Checkpoint - Step 14

2 participants

@Kaycee276 @soomtochukwu