Fix medium and low findings from contract review#180
Merged
Conversation
- Fix #4: Explicitly panic in ChildAccount.setRedeemed when OwnedAccount is not found at expected storage path, preventing silent state inconsistency in the parents map - Fix #5: Remove dead if-branch in publishToParent; the preceding assert already guarantees the storage slot is empty, making the condition always true - Fix #7: Enforce cross-partition exclusivity in CapabilityDelegator.addCapability via pre-conditions, preventing the same capability type from existing in both public and private partitions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
jribbink
approved these changes
Mar 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses three findings from the contract review. All 68 tests pass.
ChildAccount.setRedeemedpreviously used optional chaining (?.setRedeemed) which silently did nothing ifOwnedAccountwas not found at the expected storage path. This could leaveOwnedAccount.parentsstale — the parent would be tracked as active in theManagerbut remain "pending" in the child forever. Now panics explicitly with a descriptive message.publishToParenthad a deadifbranch checking whether the delegator storage slot was empty immediately after anassertthat already guaranteed it was empty. Removed the redundant conditional — the delegator is now created unconditionally (as it always was in practice).CapabilityDelegator.addCapabilityhad no enforcement of the documented invariant that a capability type should exist in at most one partition (public or private). Added pre-conditions to reject additions that would create a cross-partition type collision.🤖 Generated with Claude Code