@layerzerolabs/protocol-stellar-v2 0.2.15 → 0.2.19

package/contracts/workers/executor/src/auth.rs

@@ -1,10 +1,11 @@
 use super::*;
-
+use endpoint_v2::LayerZeroEndpointV2Client;
 use soroban_sdk::{
     address_payload::AddressPayload,
     auth::{Context, CustomAccountInterface},
-    contractimpl, contracttype,
+    contracttype,
     crypto::Hash,
+    Symbol, TryFromVal, Val,
 };
 
 // ============================================================================
@@ -26,7 +27,7 @@ pub struct ExecutorSignature {
 // Custom Account Interface Implementation
 // ============================================================================
 
-#[contractimpl]
+#[contract_impl]
 impl CustomAccountInterface for LzExecutor {
     type Signature = ExecutorSignature;
     type Error = ExecutorError;
@@ -35,7 +36,6 @@ impl CustomAccountInterface for LzExecutor {
     ///
     /// The public key must correspond to a registered admin and must have signed the signature_payload.
     /// Uses Ed25519 signature verification.
-    /// Only whitelisted function calls are authorized.
     fn __check_auth(
         env: Env,
         signature_payload: Hash<32>,
@@ -70,24 +70,88 @@ impl LzExecutor {
         Ok(())
     }
 
-    /// Validates that the first auth context is a whitelisted (contract, function) pair.
-    /// Sub-invocations are trusted since they're controlled by the whitelisted contract.
+    /// Validates auth contexts according to executor rules.
+    ///
+    /// # Design
+    ///
+    /// For `lz_receive`: OApps call `verify_and_clear_payload` (see `oapp_receiver.rs`)
+    /// which requires executor auth and optionally transfers native token from executor to OApp.
+    ///
+    /// For `lz_compose`: Composers follow the same pattern - require executor auth and
+    /// optionally transfer native token from executor to composer.
+    ///
+    /// Both create 1-2 auth contexts depending on whether value == 0:
+    /// - Context 1: `lz_receive`/`lz_compose` on the OApp/Composer (always present)
+    /// - Context 2: `transfer` on native token (only if value != 0)
+    ///
+    /// For `lz_receive_alert`/`lz_compose_alert`: These are called directly on the endpoint
+    /// to record failed executions. Only 1 context on the endpoint is expected.
     fn validate_auth_contexts(env: &Env, contexts: &Vec<Context>) -> Result<(), ExecutorError> {
-        let first_context = contexts.first().ok_or(ExecutorError::UnauthorizedContext)?;
-
-        match first_context {
-            Context::Contract(contract_context) => {
-                // Check if (contract, fn_name) pair is whitelisted
-                if !Self::is_whitelisted_fn(env, &contract_context.contract, &contract_context.fn_name) {
-                    return Err(ExecutorError::UnauthorizedContext);
-                }
+        // Early bounds check: max 2 contexts expected
+        if contexts.len() > 2 {
+            return Err(ExecutorError::UnauthorizedContext);
+        }
+
+        let first_ctx = contexts.first().ok_or(ExecutorError::UnauthorizedContext)?;
+        let Context::Contract(first_ctx) = first_ctx else {
+            return Err(ExecutorError::UnauthorizedContext);
+        };
+
+        let first_fn_name = &first_ctx.fn_name;
+
+        // Alert path: lz_receive_alert or lz_compose_alert (lazy Symbol creation)
+        if *first_fn_name == Symbol::new(env, "lz_receive_alert")
+            || *first_fn_name == Symbol::new(env, "lz_compose_alert")
+        {
+            // Require exactly 1 context and the contract must be the endpoint
+            if contexts.len() != 1 || first_ctx.contract != Self::endpoint(env) {
+                return Err(ExecutorError::UnauthorizedContext);
             }
-            // Contract creation is not allowed
-            Context::CreateContractHostFn(_) | Context::CreateContractWithCtorHostFn(_) => {
+            return Ok(());
+        }
+
+        // Execute path: lz_receive or lz_compose
+        if *first_fn_name != Symbol::new(env, "lz_receive") && *first_fn_name != Symbol::new(env, "lz_compose") {
+            return Err(ExecutorError::UnauthorizedContext);
+        }
+
+        let value = Self::extract_i128(env, first_ctx.args.last())?;
+        if value == 0 {
+            // If value is 0, there should be exactly 1 context
+            if contexts.len() != 1 {
                 return Err(ExecutorError::UnauthorizedContext);
             }
+            return Ok(());
+        }
+
+        // value != 0: validate transfer context (only if there are 2 contexts)
+        if contexts.len() != 2 {
+            return Err(ExecutorError::UnauthorizedContext);
+        }
+
+        // Second context must be the transfer context
+        let Context::Contract(second_ctx) = contexts.get(1).unwrap() else {
+            return Err(ExecutorError::UnauthorizedContext);
+        };
+
+        let native_token = LayerZeroEndpointV2Client::new(env, &Self::endpoint(env)).native_token();
+        let transfer_amount = Self::extract_i128(env, second_ctx.args.get(2))?;
+
+        // Validate transfer context: must be transfer with matching value and native token contract
+        if second_ctx.fn_name != Symbol::new(env, "transfer")
+            || second_ctx.contract != native_token
+            || transfer_amount != value
+        {
+            return Err(ExecutorError::UnauthorizedContext);
         }
 
         Ok(())
     }
+
+    /// Extracts an i128 value from an optional Val.
+    #[inline]
+    fn extract_i128(env: &Env, val: Option<Val>) -> Result<i128, ExecutorError> {
+        let val = val.ok_or(ExecutorError::UnauthorizedContext)?;
+        i128::try_from_val(env, &val).map_err(|_| ExecutorError::UnauthorizedContext)
+    }
 }

package/contracts/workers/executor/src/executor.rs

@@ -5,29 +5,25 @@ use crate::{
     storage::ExecutorStorage,
     NativeDropParams,
 };
-use common_macros::{contract_impl, only_owner, ownable, ttl_configurable, upgradeable};
+use common_macros::{contract_impl, lz_contract};
 use endpoint_v2::{FeeRecipient, LayerZeroEndpointV2Client, Origin};
 use message_lib_common::interfaces::ILayerZeroExecutor;
-use soroban_sdk::{contract, token::TokenClient, vec, Address, Bytes, BytesN, Env, Symbol, Vec};
-use utils::option_ext::OptionExt;
-use utils::upgradeable::UpgradeableInternal;
+use soroban_sdk::{token::TokenClient, vec, Address, Bytes, BytesN, Env, Vec};
+use utils::{option_ext::OptionExt, upgradeable::UpgradeableInternal};
 use worker::{
     assert_acl, assert_not_paused, assert_supported_message_lib, init_worker, require_admin_auth, set_admin_by_owner,
     ExecutorFeeLibClient, FeeParams, Worker,
 };
 
 /// LayerZero Executor contract for cross-chain message execution.
-#[contract]
-#[ttl_configurable]
-#[upgradeable]
-#[ownable]
+#[lz_contract(upgradeable)]
 pub struct LzExecutor;
 
 #[contract_impl]
 impl LzExecutor {
     /// Initializes the executor contract.
     ///
-    /// Sets up ownership, worker configuration, endpoint address, and whitelisted functions.
+    /// Sets up ownership, worker configuration, and endpoint address.
     ///
     /// # Arguments
     /// * `endpoint` - LayerZero Endpoint V2 contract address
@@ -36,7 +32,6 @@ impl LzExecutor {
     /// * `message_libs` - Supported message library addresses (e.g., ULN302)
     /// * `price_feed` - Price feed contract address for fee calculations
     /// * `default_multiplier_bps` - Default fee multiplier in basis points (10000 = 1x)
-    /// * `whitelist` - Initial whitelisted (contract, function) pairs for authorization
     /// * `worker_fee_lib` - Worker fee library contract address
     /// * `deposit_address` - Address to receive fee payments
     pub fn __constructor(
@@ -47,7 +42,6 @@ impl LzExecutor {
         message_libs: &Vec<Address>,
         price_feed: &Address,
         default_multiplier_bps: u32,
-        whitelist: &Vec<(Address, Symbol)>,
         worker_fee_lib: &Address,
         deposit_address: &Address,
     ) {
@@ -62,26 +56,6 @@ impl LzExecutor {
             deposit_address,
         );
         ExecutorStorage::set_endpoint(env, endpoint);
-
-        // Set initial whitelisted functions
-        for (contract, fn_name) in whitelist.iter() {
-            ExecutorStorage::set_whitelisted_fn(env, &contract, &fn_name, &true);
-        }
-    }
-
-    /// Sets whether a (contract, function) pair is whitelisted.
-    /// When `allowed` is false, the entry is removed from storage to save space.
-    ///
-    /// Only the contract owner can call this function.
-    #[only_owner]
-    pub fn set_whitelisted_fn(env: &Env, contract: &Address, fn_name: &Symbol, allowed: bool) {
-        let value = if allowed { Some(true) } else { None };
-        ExecutorStorage::set_or_remove_whitelisted_fn(env, contract, fn_name, &value);
-    }
-
-    /// Returns whether a (contract, function) pair is whitelisted.
-    pub fn is_whitelisted_fn(env: &Env, contract: &Address, fn_name: &Symbol) -> bool {
-        ExecutorStorage::has_whitelisted_fn(env, contract, fn_name)
     }
 
     /// Withdraws a token from the contract to a specified address.

package/contracts/workers/executor/src/storage.rs

@@ -1,12 +1,12 @@
 use common_macros::storage;
-use soroban_sdk::{Address, Symbol};
+use soroban_sdk::Address;
 
 use crate::DstConfig;
 
 /// Storage keys for the Executor contract.
 ///
 /// Manages persistent storage for destination configurations and instance storage
-/// for the endpoint address and whitelisted functions.
+/// for the endpoint address.
 #[storage]
 pub enum ExecutorStorage {
     /// Destination chain configuration indexed by endpoint ID.
@@ -21,11 +21,4 @@ pub enum ExecutorStorage {
     /// Used for receive-flow operations to interact with the endpoint.
     #[instance(Address)]
     Endpoint,
-
-    /// Whitelisted function for a specific contract.
-    ///
-    /// Only whitelisted (contract, function) pairs can trigger Executor authorization.
-    /// This allows fine-grained control over which contracts can call which functions.
-    #[instance(bool)]
-    WhitelistedFn { contract: Address, fn_name: Symbol },
 }

package/contracts/workers/executor-fee-lib/Cargo.toml

@@ -6,7 +6,7 @@ license.workspace = true
 publish = false
 
 [lib]
-crate-type = ["cdylib"]
+crate-type = ["cdylib", "rlib"]
 doctest = false
 
 [dependencies]

package/contracts/workers/executor-fee-lib/src/executor_fee_lib.rs

@@ -1,6 +1,6 @@
 use crate::{errors::ExecutorFeeLibError, executor_option};
-use common_macros::{contract_impl, ownable, ttl_configurable, upgradeable};
-use soroban_sdk::{assert_with_error, contract, Address, Bytes, Env};
+use common_macros::{contract_impl, lz_contract};
+use soroban_sdk::{assert_with_error, Address, Bytes, Env};
 use utils::upgradeable::UpgradeableInternal;
 use worker::{FeeParams, IExecutorFeeLib, LayerZeroPriceFeedClient};
 
@@ -25,10 +25,7 @@ const NATIVE_DECIMALS_RATE: u128 = 10_000_000;
 /// Provides fee calculation logic based on executor options, destination configuration,
 /// and current gas prices from the price feed. Handles fee multipliers, margins, and
 /// native token value conversions.
-#[contract]
-#[ownable]
-#[ttl_configurable]
-#[upgradeable]
+#[lz_contract(upgradeable)]
 pub struct ExecutorFeeLib;
 
 #[contract_impl]

package/contracts/workers/executor-helper/Cargo.toml

@@ -6,7 +6,7 @@ license.workspace = true
 publish = false
 
 [lib]
-crate-type = ["cdylib"]
+crate-type = ["cdylib", "rlib"]
 doctest = false
 
 [dependencies]

package/contracts/workers/executor-helper/src/executor_helper.rs

@@ -1,11 +1,11 @@
 //! ABA-safe entry point for cross-chain message execution on Stellar.
 //! Prevents reentry into the Executor during OApp Atomic Batch Actions.
 
+use common_macros::contract_impl;
 use endpoint_v2::{
     LayerZeroComposerClient, LayerZeroEndpointV2Client, LayerZeroReceiverClient, MessagingComposerClient, Origin,
 };
 use executor::{ExecutorClient, NativeDropParams};
-use common_macros::contract_impl;
 use soroban_sdk::{contract, contracttype, token::TokenClient, Address, Bytes, BytesN, Env, Vec};
 
 /// Parameters for `lz_receive` execution.
@@ -40,28 +40,43 @@ pub struct ExecutorHelper;
 
 #[contract_impl]
 impl ExecutorHelper {
-    /// Executes `lz_receive` on the target OApp; falls back to `lz_receive_alert` on failure.
+    /// Executes `lz_receive` on the target OApp
     pub fn execute(env: &Env, executor: &Address, params: &ExecutionParams, value_payer: &Address) {
-        if params.value > 0 {
-            value_payer.require_auth();
+        if params.value != 0 {
+            transfer_value(env, value_payer, executor, params.value);
         }
-        Self::execute_internal(env, executor, params, value_payer);
+        LayerZeroReceiverClient::new(env, &params.receiver).lz_receive(
+            executor,
+            &params.origin,
+            &params.guid,
+            &params.message,
+            &params.extra_data,
+            &params.value,
+        );
     }
 
-    /// Executes `lz_compose` on the target composer; falls back to `lz_compose_alert` on failure.
-    pub fn compose(env: &Env, executor: &Address, params: &ComposeParams, value_payer: &Address) {
-        executor.require_auth();
-
-        let endpoint = if params.value > 0 {
-            let ep = ExecutorClient::new(env, executor).endpoint();
-            value_payer.require_auth();
-            transfer_value(env, &ep, value_payer, executor, params.value);
-            Some(ep)
-        } else {
-            None
-        };
+    /// Records a failed `lz_receive` execution for off-chain processing.
+    pub fn lz_receive_alert(env: &Env, executor: &Address, params: &ExecutionParams, reason: &Bytes) {
+        let endpoint = ExecutorClient::new(env, executor).endpoint();
+        LayerZeroEndpointV2Client::new(env, &endpoint).lz_receive_alert(
+            executor,
+            &params.origin,
+            &params.receiver,
+            &params.guid,
+            &params.gas_limit,
+            &params.value,
+            &params.message,
+            &params.extra_data,
+            reason,
+        );
+    }
 
-        let result = LayerZeroComposerClient::new(env, &params.to).try_lz_compose(
+    /// Executes `lz_compose` on the target composer
+    pub fn compose(env: &Env, executor: &Address, params: &ComposeParams, value_payer: &Address) {
+        if params.value != 0 {
+            transfer_value(env, value_payer, executor, params.value);
+        }
+        LayerZeroComposerClient::new(env, &params.to).lz_compose(
             executor,
             &params.from,
             &params.guid,
@@ -70,22 +85,23 @@ impl ExecutorHelper {
             &params.extra_data,
             &params.value,
         );
+    }
 
-        if result.is_err() {
-            let ep = endpoint.unwrap_or_else(|| ExecutorClient::new(env, executor).endpoint());
-            MessagingComposerClient::new(env, &ep).lz_compose_alert(
-                executor,
-                &params.from,
-                &params.to,
-                &params.guid,
-                &params.index,
-                &params.gas_limit,
-                &params.value,
-                &params.message,
-                &params.extra_data,
-                &Bytes::new(env),
-            );
-        }
+    /// Records a failed `lz_compose` execution for off-chain processing.
+    pub fn lz_compose_alert(env: &Env, executor: &Address, params: &ComposeParams, reason: &Bytes) {
+        let endpoint = ExecutorClient::new(env, executor).endpoint();
+        MessagingComposerClient::new(env, &endpoint).lz_compose_alert(
+            executor,
+            &params.from,
+            &params.to,
+            &params.guid,
+            &params.index,
+            &params.gas_limit,
+            &params.value,
+            &params.message,
+            &params.extra_data,
+            reason,
+        );
     }
 
     /// Delegates `native_drop` to the executor contract.
@@ -98,7 +114,6 @@ impl ExecutorHelper {
         oapp: &Address,
         params: &Vec<NativeDropParams>,
     ) {
-        admin.require_auth();
         ExecutorClient::new(env, executor).native_drop(admin, origin, &dst_eid, oapp, params);
     }
 
@@ -114,48 +129,13 @@ impl ExecutorHelper {
         execute_params: &ExecutionParams,
     ) {
         Self::native_drop(env, executor, admin, origin, dst_eid, oapp, native_drop_params);
-        Self::execute_internal(env, executor, execute_params, admin); // admin already authed above
-    }
-
-    fn execute_internal(env: &Env, executor: &Address, params: &ExecutionParams, value_payer: &Address) {
-        executor.require_auth();
-
-        let endpoint = if params.value > 0 {
-            let ep = ExecutorClient::new(env, executor).endpoint();
-            transfer_value(env, &ep, value_payer, executor, params.value);
-            Some(ep)
-        } else {
-            None
-        };
-
-        let result = LayerZeroReceiverClient::new(env, &params.receiver).try_lz_receive(
-            executor,
-            &params.origin,
-            &params.guid,
-            &params.message,
-            &params.extra_data,
-            &params.value,
-        );
-
-        if result.is_err() {
-            let ep = endpoint.unwrap_or_else(|| ExecutorClient::new(env, executor).endpoint());
-            LayerZeroEndpointV2Client::new(env, &ep).lz_receive_alert(
-                executor,
-                &params.origin,
-                &params.receiver,
-                &params.guid,
-                &params.gas_limit,
-                &params.value,
-                &params.message,
-                &params.extra_data,
-                &Bytes::new(env),
-            );
-        }
+        Self::execute(env, executor, execute_params, admin);
     }
 }
 
 #[inline]
-fn transfer_value(env: &Env, endpoint: &Address, payer: &Address, executor: &Address, value: i128) {
-    let native_token = LayerZeroEndpointV2Client::new(env, endpoint).native_token();
+fn transfer_value(env: &Env, payer: &Address, executor: &Address, value: i128) {
+    let endpoint = ExecutorClient::new(env, executor).endpoint();
+    let native_token = LayerZeroEndpointV2Client::new(env, &endpoint).native_token();
     TokenClient::new(env, &native_token).transfer(payer, executor, &value);
 }

package/contracts/workers/price-feed/Cargo.toml

@@ -6,7 +6,7 @@ license.workspace = true
 publish = false
 
 [lib]
-crate-type = ["cdylib"]
+crate-type = ["cdylib", "rlib"]
 doctest = false
 
 [dependencies]

package/contracts/workers/price-feed/src/price_feed.rs

@@ -1,5 +1,5 @@
-use common_macros::{contract_impl, only_owner, ownable, ttl_configurable, upgradeable};
-use soroban_sdk::{assert_with_error, contract, panic_with_error, Address, Env, Vec};
+use common_macros::{contract_impl, lz_contract, only_auth};
+use soroban_sdk::{assert_with_error, panic_with_error, Address, Env, Vec};
 use utils::upgradeable::UpgradeableInternal;
 use worker::{FeeEstimate, ILayerZeroPriceFeed, Price};
 
@@ -10,10 +10,7 @@ use crate::{
     types::{ArbitrumPriceExt, ModelType, SetEidToModelTypeParam, UpdatePrice, UpdatePriceExt},
 };
 
-#[contract]
-#[ownable]
-#[ttl_configurable]
-#[upgradeable]
+#[lz_contract(upgradeable)]
 pub struct LzPriceFeed;
 
 #[contract_impl]
@@ -79,7 +76,7 @@ impl LzPriceFeed {
     // ========================================================================
 
     /// Set price updater status (owner only)
-    #[only_owner]
+    #[only_auth]
     pub fn set_price_updater(env: &Env, updater: &Address, active: bool) {
         if active {
             PriceFeedStorage::set_price_updater(env, updater, &true);
@@ -90,20 +87,20 @@ impl LzPriceFeed {
     }
 
     /// Set the price ratio denominator (owner only)
-    #[only_owner]
+    #[only_auth]
     pub fn set_price_ratio_denominator(env: &Env, denominator: u128) {
         assert_with_error!(env, denominator > 0, PriceFeedError::InvalidDenominator);
         PriceFeedStorage::set_price_ratio_denominator(env, &denominator);
     }
 
     /// Set the Arbitrum compression percentage (owner only)
-    #[only_owner]
+    #[only_auth]
     pub fn set_arbitrum_compression_percent(env: &Env, compression_percent: u128) {
         PriceFeedStorage::set_arbitrum_compression_percent(env, &compression_percent);
     }
 
     /// Set the fee model type for destination EIDs (owner only)
-    #[only_owner]
+    #[only_auth]
     pub fn set_eid_to_model_type(env: &Env, params: &Vec<SetEidToModelTypeParam>) {
         for param in params.iter() {
             PriceFeedStorage::set_eid_to_model_type(env, param.dst_eid, &param.model_type);

package/contracts/workers/worker/src/errors.rs

@@ -1,5 +1,9 @@
 use common_macros::contract_error;
 
+// Worker library error codes: 1200-1299
+// See ERROR_SPEC.md for allocation rules
+
+/// WorkerError: 1200-1299
 #[contract_error]
 pub enum WorkerError {
     AdminAlreadyExists = 1200,

package/contracts/workers/worker/src/tests/worker.rs

@@ -1,11 +1,12 @@
 use super::setup::{bare_worker, TestSetup, WorkerTester};
-use crate::events::{
-    Paused, SetAdmin, SetAllowlist, SetDefaultMultiplierBps, SetDenylist, SetDepositAddress, SetPriceFeed,
-    SetSupportedMessageLib, SetSupportedOptionTypes, SetWorkerFeeLib, Unpaused,
+use crate::{
+    events::{
+        Paused, SetAdmin, SetAllowlist, SetDefaultMultiplierBps, SetDenylist, SetDepositAddress, SetPriceFeed,
+        SetSupportedMessageLib, SetSupportedOptionTypes, SetWorkerFeeLib, Unpaused,
+    },
+    init_worker,
 };
-use crate::init_worker;
-use soroban_sdk::testutils::Address as _;
-use soroban_sdk::{vec, Address, Bytes, Env, IntoVal};
+use soroban_sdk::{testutils::Address as _, vec, Address, Bytes, Env, IntoVal};
 use utils::testing_utils::assert_event;
 
 // pause

package/contracts/workers/worker/src/worker.rs

@@ -1,9 +1,3 @@
-use soroban_sdk::{assert_with_error, contracttrait, panic_with_error, Address, Bytes, Env, Vec};
-use utils::{
-    option_ext::OptionExt,
-    ownable::{enforce_owner_auth, require_owner_auth, Ownable},
-};
-
 use crate::{
     errors::WorkerError,
     events::{
@@ -12,10 +6,20 @@ use crate::{
     },
     storage::WorkerStorage,
 };
+use common_macros::contract_trait;
+use soroban_sdk::{assert_with_error, panic_with_error, Address, Bytes, Env, Vec};
+use utils::{
+    auth::{enforce_auth, require_auth, Auth},
+    option_ext::OptionExt,
+};
 
 /// Worker interface providing common functionality for LayerZero workers.
-#[contracttrait]
-pub trait Worker: Ownable {
+///
+/// Requires the `Auth` trait to be implemented, which can be provided by either:
+/// - `#[ownable]` macro for single-owner contracts (e.g., Executor)
+/// - `Multisig` trait for multisig-controlled contracts (e.g., DVN)
+#[contract_trait]
+pub trait Worker: Auth {
     // ========================================================================
     // Manager Functions
     // ========================================================================
@@ -28,14 +32,14 @@ pub trait Worker: Ownable {
     /// # Arguments
     /// * `paused` - `true` to pause, `false` to unpause
     fn set_paused(env: &Env, paused: bool) {
-        let owner = enforce_owner_auth::<Self>(env);
+        let authorizer = enforce_auth::<Self>(env);
         assert_with_error!(env, Self::paused(env) != paused, WorkerError::PauseStatusUnchanged);
 
         WorkerStorage::set_paused(env, &paused);
         if paused {
-            Paused { pauser: owner }.publish(env);
+            Paused { pauser: authorizer }.publish(env);
         } else {
-            Unpaused { unpauser: owner }.publish(env);
+            Unpaused { unpauser: authorizer }.publish(env);
         }
     }
 
@@ -48,7 +52,7 @@ pub trait Worker: Ownable {
     /// * `message_lib` - The message library contract address
     /// * `supported` - `true` to add support, `false` to remove support
     fn set_supported_message_lib(env: &Env, message_lib: &Address, supported: bool) {
-        require_owner_auth::<Self>(env);
+        require_auth::<Self>(env);
         set_message_lib_no_auth::<Self>(env, message_lib, supported);
     }
 
@@ -62,7 +66,7 @@ pub trait Worker: Ownable {
     /// * `oapp` - The OApp contract address
     /// * `allowed` - `true` to add to allowlist, `false` to remove
     fn set_allowlist(env: &Env, oapp: &Address, allowed: bool) {
-        require_owner_auth::<Self>(env);
+        require_auth::<Self>(env);
 
         let is_on_list = Self::is_on_allowlist(env, oapp);
         if allowed {
@@ -92,7 +96,7 @@ pub trait Worker: Ownable {
     /// * `oapp` - The OApp contract address
     /// * `denied` - `true` to add to denylist, `false` to remove
     fn set_denylist(env: &Env, oapp: &Address, denied: bool) {
-        require_owner_auth::<Self>(env);
+        require_auth::<Self>(env);
         let is_on_list = Self::is_on_denylist(env, oapp);
 
         if denied {
@@ -369,13 +373,13 @@ pub fn assert_supported_message_lib<T: Worker>(env: &Env, message_lib: &Address)
 // Admin Setter Functions with authentication
 // ============================================================================================
 
-/// Sets admin status for an address by owner.
+/// Sets admin status for an address by authorizer (owner/multisig).
 ///
 /// # Arguments
 /// * `admin` - The address to set admin status for
 /// * `active` - `true` to add admin, `false` to remove
 pub fn set_admin_by_owner<T: Worker>(env: &Env, admin: &Address, active: bool) {
-    require_owner_auth::<T>(env);
+    require_auth::<T>(env);
     set_admin_no_auth::<T>(env, admin, active);
 }
 

package/package.json

@@ -1,21 +1,23 @@
 {
   "name": "@layerzerolabs/protocol-stellar-v2",
-  "version": "0.2.15",
+  "version": "0.2.19",
   "private": false,
   "devDependencies": {
     "@types/node": "^22.18.6",
     "tsx": "^4.19.3",
     "typescript": "^5.8.2",
-    "@layerzerolabs/common-node-utils": "0.2.15",
-    "@layerzerolabs/vm-tooling-stellar": "0.2.15"
+    "@layerzerolabs/common-node-utils": "0.2.19",
+    "@layerzerolabs/vm-tooling-stellar": "0.2.19"
   },
   "publishConfig": {
     "access": "restricted",
     "registry": "https://registry.npmjs.org/"
   },
   "scripts": {
-    "build": "pnpm build:contracts && pnpm generate:sdk",
-    "build:contracts": "pnpm exec lz-tool stellar contract build",
+    "build": "pnpm build:contracts:sandbox && pnpm generate:sdk",
+    "build:contracts:mainnet": "pnpm exec lz-tool stellar contract build --features mainnet",
+    "build:contracts:sandbox": "pnpm exec lz-tool stellar contract build --features sandbox",
+    "build:contracts:testnet": "pnpm exec lz-tool stellar contract build --features testnet",
     "format": "pnpm exec lz-tool --script \"cargo fmt\" stellar",
     "generate:sdk": "pnpm exec lz-tool --script \"cargo run -p ts-bindings-gen\" stellar",
     "lint": "pnpm exec lz-tool --script \"cargo clippy -- -D warnings\" stellar",