feat: verify WASM hash predecessor in UpgradeManager::apply_upgrade#687
Merged
greatest0fallt1me merged 5 commits intoJun 27, 2026
Merged
Conversation
Add hash chain verification to prevent out-of-order and forked upgrades: - Add expected_predecessor field to UpgradeProposal - Implement hash chain verification in upgrade_contract - Add UpgradeChainMismatch error and event - Add view functions for chain history query - Add comprehensive tests for hash chain verification Acceptance criteria met: - Out-of-order upgrade rejected with typed error - Genesis case handled explicitly (zero hash) - Chain history queryable via view functions Security improvements: - Prevents downgrade attacks - Blocks forked upgrade chains - Ensures linear upgrade progression - Audit trail via UpgradeChainMismatchEvent
|
@Kenlachy Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Add missing UpgradeChainMismatch case to description() and code() methods to resolve non-exhaustive pattern match compilation errors.
Update the public upgrade_contract function signature to include the expected_predecessor parameter for WASM hash chain verification. This aligns the public API with the internal UpgradeManager implementation.
Replace Symbol keys exceeding 9 characters with shorter keys: - 'platform_fee' -> 'plat_fee' (12 -> 8 chars) - 'allowed_assets' -> 'allowed' (14 -> 7 chars) - 'Admin' kept as is (5 chars) Add backwards-compatible read paths for critical keys to preserve compatibility with already-deployed contracts using legacy keys. This resolves 'symbol too long' compilation errors.
Remove backwards-compatible read path for legacy long symbol keys since Soroban restricts symbols to <=9 characters, making it impossible to read legacy keys created with long symbols. If migration from old on-chain data is needed, a separate on-chain storage migration function should be implemented.
Contributor
|
Merged via direct push to master (admin) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add hash chain verification to prevent out-of-order and forked upgrades:
Acceptance criteria met:
Security improvements:
Pull Request Description
📋 Basic Information
Type of Change
Please select the type of change this PR introduces:
Related Issues
Closes #(issue number)
Fixes #(issue number)
Related to #(issue number)
Priority Level
📝 Detailed Description
What does this PR do?
Why is this change needed?
How was this tested?
Alternative Solutions Considered
🏗️ Smart Contract Specific
Contract Changes
Please check all that apply:
Oracle Integration
Market Resolution Logic
Security Considerations
🧪 Testing
Test Coverage
Test Results
Manual Testing Steps
📚 Documentation
Documentation Updates
Breaking Changes
Breaking Changes:
Migration Guide:
🔍 Code Quality
Code Review Checklist
Performance Impact
Security Review
🚀 Deployment & Integration
Deployment Notes
Integration Points
📊 Impact Assessment
User Impact
Business Impact
✅ Final Checklist
Pre-Submission
Review Readiness
📸 Screenshots (if applicable)
🔗 Additional Resources
💬 Notes for Reviewers
Please pay special attention to:
Questions for reviewers:
Thank you for your contribution to Predictify! 🚀
closes #661