feat(vault): implement contract upgradability (#35)#67
Conversation
- Add upgrade_contract() to contract.rs with admin auth gate - Expose upgrade_contract in lib.rs contractimpl - Emit contract_upgraded event in events.rs - Add upgrade tests to test.rs (happy path, auth guard, paused state)
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR adds an admin-only contract upgrade entrypoint to the payment-vault-contract, allowing the vault admin to update the deployed contract WASM hash, emits a contract_upgraded event, and adds tests exercising admin auth, non-admin rejection, and paused-state behavior. ChangesPayment Vault Upgrade
Sequence DiagramsequenceDiagram
actor Admin
participant Contract as PaymentVault Contract
participant Deployer as Soroban Deployer
participant EventLog as Event System
Admin->>Contract: upgrade_contract(new_wasm_hash)
activate Contract
Contract->>Contract: admin.require_auth()
Contract->>Deployer: update_current_contract_wasm(new_wasm_hash)
Deployer-->>Contract: updated
Contract->>EventLog: publish("upgraded", new_wasm_hash)
EventLog-->>Contract: emitted
Contract-->>Admin: Ok(())
deactivate Contract
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related issues
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@contracts/payment-vault-contract/src/test.rs`:
- Around line 1876-1884: Mark the success-path upgrade unit tests that call
try_upgrade_contract (which ultimately triggers update_current_contract_wasm) as
ignored or move them to integration/host tests: add #[ignore] with a brief
comment referencing rs-soroban-env issue `#1089` on each test that builds a zeroed
BytesN<32> wasm hash (the tests around the try_upgrade_contract call and the
later success-path block), or relocate those tests to an integration test suite
that uses Deployer::upload_contract_wasm to obtain a real hash; leave
authorization/error-path tests like test_non_admin_cannot_upgrade_contract as
regular unit tests.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: a34d441f-ac39-4c7e-83b0-5e3f66a716dd
📒 Files selected for processing (4)
contracts/payment-vault-contract/src/contract.rscontracts/payment-vault-contract/src/events.rscontracts/payment-vault-contract/src/lib.rscontracts/payment-vault-contract/src/test.rs
|
please review. |
- Mark test_admin_can_upgrade_contract and test_upgrade_blocked_when_paused as #[ignore] - Add clear comments explaining Soroban SDK limitation (GitHub issue #1089) - update_current_contract_wasm() doesn't work end-to-end in unit tests - Tests would require actual WASM hash from Deployer::upload_contract_wasm() - All 58 tests now pass (56 passed, 2 ignored)
- Clarify that production WASM hash must come from Deployer::upload_contract_wasm() - Update all 3 test comments for consistency
|
Hey maintainer, if there's any conflict give me permission to revolve it. |
2 participants
Closes #35
Summary
Implements upgrade functionality for payment-vault-contract as specified in issue #35.
Changes Made
src/contract.rs: Addedupgrade_contractfunctionadmin.require_auth()env.deployer().update_current_contract_wasm(new_wasm_hash)to update contract WASMsrc/lib.rs: Exposedupgrade_contractin#[contractimpl]blockpub fn upgrade_contract(env: Env, new_wasm_hash: BytesN<32>) -> Result<(), VaultError>src/events.rs: Addedcontract_upgradedevent"upgraded"and new WASM hash as datasrc/test.rs: Added 3 comprehensive teststest_admin_can_upgrade_contract: Verifies admin can upgrade contracttest_non_admin_cannot_upgrade_contract: Ensures non-admin cannot upgradetest_upgrade_blocked_when_paused: Tests upgrade behavior when contract is pausedTesting Notes
update_current_contract_wasm()in the Soroban test environmentupdate_current_contract_wasm()returnsErr(Abort)in tests)Acceptance Criteria Met
upgrade_contractfunctionSecurity Considerations
Summary by CodeRabbit
New Features
Tests