Skip to content

feat: verify WASM hash predecessor in UpgradeManager::apply_upgrade#687

Merged
greatest0fallt1me merged 5 commits into
Predictify-org:masterfrom
Kenlachy:feature/upgrade-hash-chain
Jun 27, 2026
Merged

feat: verify WASM hash predecessor in UpgradeManager::apply_upgrade#687
greatest0fallt1me merged 5 commits into
Predictify-org:masterfrom
Kenlachy:feature/upgrade-hash-chain

Conversation

@Kenlachy

Copy link
Copy Markdown

Add hash chain verification to prevent out-of-order and forked upgrades:

  • Add expected_predecessor field to UpgradeProposal
  • Implement hash chain verification in upgrade_contract
  • Add UpgradeChainMismatch error and event
  • Add view functions for chain history query
  • Add comprehensive tests for hash chain verification

Acceptance criteria met:

  • Out-of-order upgrade rejected with typed error
  • Genesis case handled explicitly (zero hash)
  • Chain history queryable via view functions

Security improvements:

  • Prevents downgrade attacks
  • Blocks forked upgrade chains
  • Ensures linear upgrade progression
  • Audit trail via UpgradeChainMismatchEvent

Pull Request Description

📋 Basic Information

Type of Change

Please select the type of change this PR introduces:

  • 🐛 Bug fix (non-breaking change which fixes an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • 📚 Documentation update
  • 🧪 Test addition/update
  • 🔧 Refactoring (no functional changes)
  • ⚡ Performance improvement
  • 🔒 Security fix
  • 🎨 UI/UX improvement
  • 🚀 Deployment/Infrastructure change

Related Issues

Closes #(issue number)
Fixes #(issue number)
Related to #(issue number)

Priority Level

  • 🔴 Critical (blocking other development)
  • 🟡 High (significant impact)
  • 🟢 Medium (moderate impact)
  • 🔵 Low (minor improvement)

📝 Detailed Description

What does this PR do?

Why is this change needed?

How was this tested?

Alternative Solutions Considered


🏗️ Smart Contract Specific

Contract Changes

Please check all that apply:

  • Core contract logic modified
  • Oracle integration changes (Pyth/Reflector)
  • New functions added
  • Existing functions modified
  • Storage structure changes
  • Events added/modified
  • Error handling improved
  • Gas optimization
  • Access control changes
  • Admin functions modified
  • Fee structure changes

Oracle Integration

  • Pyth oracle integration affected
  • Reflector oracle integration affected
  • Oracle configuration changes
  • Price feed handling modified
  • Oracle fallback mechanisms
  • Price validation logic

Market Resolution Logic

  • Hybrid resolution algorithm changed
  • Dispute mechanism modified
  • Fee structure updated
  • Voting mechanism changes
  • Community weight calculation
  • Oracle weight calculation

Security Considerations

  • Access control reviewed
  • Reentrancy protection
  • Input validation
  • Overflow/underflow protection
  • Oracle manipulation protection

🧪 Testing

Test Coverage

  • Unit tests added/updated
  • Integration tests added/updated
  • All tests passing locally
  • Manual testing completed
  • Oracle integration tested
  • Edge cases covered
  • Error conditions tested
  • Gas usage optimized
  • Cross-contract interactions tested

Test Results

# Paste test output here
cargo test
# Expected output: X tests passed, Y tests failed

Manual Testing Steps


📚 Documentation

Documentation Updates

  • README updated
  • Code comments added/updated
  • API documentation updated
  • Examples updated
  • Deployment instructions updated
  • Contributing guidelines updated
  • Architecture documentation updated

Breaking Changes

Breaking Changes:

Migration Guide:


🔍 Code Quality

Code Review Checklist

  • Code follows Rust/Soroban best practices
  • Self-review completed
  • No unnecessary code duplication
  • Error handling is appropriate
  • Logging/monitoring added where needed
  • Security considerations addressed
  • Performance implications considered
  • Code is readable and well-commented
  • Variable names are descriptive
  • Functions are focused and small

Performance Impact

  • Gas Usage:
  • Storage Impact:
  • Computational Complexity:

Security Review

  • No obvious security vulnerabilities
  • Access controls properly implemented
  • Input validation in place
  • Oracle data properly validated
  • No sensitive data exposed

🚀 Deployment & Integration

Deployment Notes

  • Network: Testnet/Mainnet
  • Contract Address:
  • Migration Required: Yes/No
  • Special Instructions:

Integration Points

  • Frontend integration considered
  • API changes documented
  • Backward compatibility maintained
  • Third-party integrations updated

📊 Impact Assessment

User Impact

  • End Users:
  • Developers:
  • Admins:

Business Impact

  • Revenue:
  • User Experience:
  • Technical Debt:

✅ Final Checklist

Pre-Submission

  • Code follows Rust/Soroban best practices
  • All CI checks passing
  • No breaking changes (or breaking changes are documented)
  • Ready for review
  • PR description is complete and accurate
  • All required sections filled out
  • Test results included
  • Documentation updated

Review Readiness

  • Self-review completed
  • Code is clean and well-formatted
  • Commit messages are clear and descriptive
  • Branch is up to date with main
  • No merge conflicts

📸 Screenshots (if applicable)

🔗 Additional Resources

  • Design Document:
  • Technical Spec:
  • Related Discussion:
  • External Documentation:

💬 Notes for Reviewers

Please pay special attention to:

Questions for reviewers:


Thank you for your contribution to Predictify! 🚀
closes #661

Add hash chain verification to prevent out-of-order and forked upgrades:
- Add expected_predecessor field to UpgradeProposal
- Implement hash chain verification in upgrade_contract
- Add UpgradeChainMismatch error and event
- Add view functions for chain history query
- Add comprehensive tests for hash chain verification

Acceptance criteria met:
- Out-of-order upgrade rejected with typed error
- Genesis case handled explicitly (zero hash)
- Chain history queryable via view functions

Security improvements:
- Prevents downgrade attacks
- Blocks forked upgrade chains
- Ensures linear upgrade progression
- Audit trail via UpgradeChainMismatchEvent
@drips-wave

drips-wave Bot commented Jun 27, 2026

Copy link
Copy Markdown

@Kenlachy Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

github-actions Bot added 4 commits June 27, 2026 11:59
Add missing UpgradeChainMismatch case to description() and code() methods
to resolve non-exhaustive pattern match compilation errors.
Update the public upgrade_contract function signature to include the
expected_predecessor parameter for WASM hash chain verification.
This aligns the public API with the internal UpgradeManager implementation.
Replace Symbol keys exceeding 9 characters with shorter keys:
- 'platform_fee' -> 'plat_fee' (12 -> 8 chars)
- 'allowed_assets' -> 'allowed' (14 -> 7 chars)
- 'Admin' kept as is (5 chars)

Add backwards-compatible read paths for critical keys to preserve
compatibility with already-deployed contracts using legacy keys.

This resolves 'symbol too long' compilation errors.
Remove backwards-compatible read path for legacy long symbol keys since
Soroban restricts symbols to <=9 characters, making it impossible to
read legacy keys created with long symbols.

If migration from old on-chain data is needed, a separate on-chain
storage migration function should be implemented.
@greatest0fallt1me

Copy link
Copy Markdown
Contributor

Merged via direct push to master (admin)

@greatest0fallt1me greatest0fallt1me merged commit 1706655 into Predictify-org:master Jun 27, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add WASM hash chain verifier to UpgradeManager::apply_upgrade

2 participants