@layerzerolabs/protocol-stellar-v2 0.2.29 → 0.2.30

package/sdk/test/sac-manager-redistribution.test.ts

@@ -0,0 +1,578 @@
+import {
+    Address,
+    Asset,
+    AuthClawbackEnabledFlag,
+    type AuthFlag,
+    AuthRevocableFlag,
+    BASE_FEE,
+    Keypair,
+    Operation,
+    rpc,
+    TransactionBuilder,
+} from '@stellar/stellar-sdk';
+import path from 'path';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+import { getFullyQualifiedRepoRootPath } from '@layerzerolabs/common-node-utils';
+
+import { Client as SacManagerClient } from '../src/generated/sac_manager';
+import { DEFAULT_DEPLOYER, NETWORK_PASSPHRASE, RPC_URL } from './suites/constants';
+import { deployAssetSac, deployContract } from './suites/deploy';
+import { fundAccount } from './suites/localnet';
+import { getTokenAuthorized, getTokenBalance } from './utils';
+
+// ============================================================================
+// Test Accounts
+// ============================================================================
+
+const TOKEN_ISSUER = Keypair.random();
+const REDISTRIBUTION_ADMIN = Keypair.random();
+const USER_A = Keypair.random();
+const USER_B = Keypair.random();
+const USER_C = Keypair.random();
+
+// Token configuration
+const TOKEN_CODE = 'RTKN';
+let TOKEN_ASSET: Asset;
+
+// Contract addresses
+let sacTokenAddress = '';
+let sacManagerAddress = '';
+
+// Clients
+let sacManagerClient: SacManagerClient;
+
+// Initial token amounts
+const INITIAL_TOKEN_AMOUNT = '1000'; // 1000 tokens
+const TRANSFER_AMOUNT = 100_0000000n; // 100 tokens (7 decimals)
+const REDISTRIBUTE_AMOUNT = 50_0000000n; // 50 tokens (7 decimals)
+
+// ============================================================================
+// Helper Functions
+// ============================================================================
+
+/**
+ * Creates a SacManagerClient with a specific signer
+ */
+function createClientWithSigner(contractId: string, signer: Keypair): SacManagerClient {
+    return new SacManagerClient({
+        contractId,
+        publicKey: signer.publicKey(),
+        signTransaction: async (tx: string) => {
+            const transaction = TransactionBuilder.fromXDR(tx, NETWORK_PASSPHRASE);
+            transaction.sign(signer);
+            return {
+                signedTxXdr: transaction.toXDR(),
+                signerAddress: signer.publicKey(),
+            };
+        },
+        rpcUrl: RPC_URL,
+        networkPassphrase: NETWORK_PASSPHRASE,
+        allowHttp: true,
+    });
+}
+
+// Note: The old executeRedistributeFundsWithAuth function has been removed
+// because we now use the SacManagerClient directly which handles authorization properly
+
+/**
+ * Invokes a SAC contract function using raw transaction building
+ */
+async function invokeSacFunction(
+    sacAddress: string,
+    functionName: string,
+    args: any[],
+    signer: Keypair,
+): Promise<void> {
+    const server = new rpc.Server(RPC_URL, { allowHttp: true });
+    const account = await server.getAccount(signer.publicKey());
+
+    const tx = new TransactionBuilder(account, {
+        fee: BASE_FEE,
+        networkPassphrase: NETWORK_PASSPHRASE,
+    })
+        .addOperation(
+            Operation.invokeContractFunction({
+                contract: sacAddress,
+                function: functionName,
+                args,
+            }),
+        )
+        .setTimeout(30)
+        .build();
+
+    const simulated = await server.simulateTransaction(tx);
+    if (rpc.Api.isSimulationError(simulated)) {
+        throw new Error(`Simulation failed: ${JSON.stringify(simulated)}`);
+    }
+
+    const preparedTx = rpc.assembleTransaction(tx, simulated).build();
+    preparedTx.sign(signer);
+
+    const sendResult = await server.sendTransaction(preparedTx);
+    if (sendResult.status !== 'PENDING') {
+        throw new Error(`Transaction failed to send: ${JSON.stringify(sendResult)}`);
+    }
+
+    const txResult = await server.pollTransaction(sendResult.hash);
+    if (txResult.status !== 'SUCCESS') {
+        throw new Error(`Transaction not successful: ${JSON.stringify(txResult)}`);
+    }
+}
+
+// ============================================================================
+// Test Suite
+// ============================================================================
+
+describe('SAC Manager Redistribution E2E Tests', async () => {
+    const repoRoot = await getFullyQualifiedRepoRootPath();
+    const wasmDir = path.join(
+        repoRoot,
+        'contracts',
+        'protocol',
+        'stellar',
+        'target',
+        'wasm32v1-none',
+        'release',
+    );
+
+    const SAC_MANAGER_WASM_PATH = path.join(wasmDir, 'sac_manager.wasm');
+
+    beforeAll(async () => {
+        console.log('\n====================================');
+        console.log('SAC Manager Redistribution E2E Tests');
+        console.log('====================================\n');
+
+        // Fund test accounts (including DEFAULT_DEPLOYER which is normally funded by globalSetup)
+        console.log('Funding test accounts...');
+        await fundAccount(DEFAULT_DEPLOYER.publicKey());
+        await fundAccount(TOKEN_ISSUER.publicKey());
+        await fundAccount(REDISTRIBUTION_ADMIN.publicKey());
+        await fundAccount(USER_A.publicKey());
+        await fundAccount(USER_B.publicKey());
+        await fundAccount(USER_C.publicKey());
+        console.log('Test accounts funded');
+
+        // Create the token asset
+        TOKEN_ASSET = new Asset(TOKEN_CODE, TOKEN_ISSUER.publicKey());
+    });
+
+    // ========================================================================
+    // Setup SAC Manager with SAC (redistribution enabled at construction)
+    // ========================================================================
+
+    describe('Setup SAC Manager with SAC', () => {
+        it('Set AUTH_REVOCABLE and AUTH_CLAWBACK_ENABLED flags on issuer account', async () => {
+            const server = new rpc.Server(RPC_URL, { allowHttp: true });
+            const issuerAccount = await server.getAccount(TOKEN_ISSUER.publicKey());
+
+            // Set AUTH_REVOCABLE and AUTH_CLAWBACK_ENABLED flags on issuer
+            // AUTH_REVOCABLE allows revoking authorization (blacklisting)
+            // AUTH_CLAWBACK_ENABLED allows clawback operations (required for redistribute_funds)
+            const authFlags = (AuthRevocableFlag | AuthClawbackEnabledFlag) as AuthFlag;
+            const setOptionsTx = new TransactionBuilder(issuerAccount, {
+                fee: BASE_FEE,
+                networkPassphrase: NETWORK_PASSPHRASE,
+            })
+                .addOperation(
+                    Operation.setOptions({
+                        setFlags: authFlags,
+                    }),
+                )
+                .setTimeout(30)
+                .build();
+
+            setOptionsTx.sign(TOKEN_ISSUER);
+
+            const sendResult = await server.sendTransaction(setOptionsTx);
+            if (sendResult.status !== 'PENDING') {
+                throw new Error(`Failed to set auth flags: ${JSON.stringify(sendResult)}`);
+            }
+
+            const txResult = await server.pollTransaction(sendResult.hash);
+            if (txResult.status !== 'SUCCESS') {
+                throw new Error(`Failed to set auth flags: ${JSON.stringify(txResult)}`);
+            }
+
+            console.log('AUTH_REVOCABLE and AUTH_CLAWBACK_ENABLED flags set on issuer');
+        });
+
+        it('Deploy SAC with trustlines and issue tokens', async () => {
+            const server = new rpc.Server(RPC_URL, { allowHttp: true });
+
+            // Create trustlines for all test accounts and issue tokens
+            const issuerAccount = await server.getAccount(TOKEN_ISSUER.publicKey());
+            const issueTx = new TransactionBuilder(issuerAccount, {
+                fee: BASE_FEE,
+                networkPassphrase: NETWORK_PASSPHRASE,
+            })
+                // Trustline for DEFAULT_DEPLOYER (will be the SAC manager admin)
+                .addOperation(
+                    Operation.changeTrust({
+                        asset: TOKEN_ASSET,
+                        source: DEFAULT_DEPLOYER.publicKey(),
+                    }),
+                )
+                // Trustline for REDISTRIBUTION_ADMIN
+                .addOperation(
+                    Operation.changeTrust({
+                        asset: TOKEN_ASSET,
+                        source: REDISTRIBUTION_ADMIN.publicKey(),
+                    }),
+                )
+                // Trustline for USER_A
+                .addOperation(
+                    Operation.changeTrust({
+                        asset: TOKEN_ASSET,
+                        source: USER_A.publicKey(),
+                    }),
+                )
+                // Trustline for USER_B
+                .addOperation(
+                    Operation.changeTrust({
+                        asset: TOKEN_ASSET,
+                        source: USER_B.publicKey(),
+                    }),
+                )
+                // Trustline for USER_C
+                .addOperation(
+                    Operation.changeTrust({
+                        asset: TOKEN_ASSET,
+                        source: USER_C.publicKey(),
+                    }),
+                )
+                // Issue tokens to USER_A (sender)
+                .addOperation(
+                    Operation.payment({
+                        asset: TOKEN_ASSET,
+                        amount: INITIAL_TOKEN_AMOUNT,
+                        destination: USER_A.publicKey(),
+                    }),
+                )
+                // Issue tokens to USER_B (will be blacklisted)
+                .addOperation(
+                    Operation.payment({
+                        asset: TOKEN_ASSET,
+                        amount: INITIAL_TOKEN_AMOUNT,
+                        destination: USER_B.publicKey(),
+                    }),
+                )
+                .setTimeout(30)
+                .build();
+
+            issueTx.sign(
+                TOKEN_ISSUER,
+                DEFAULT_DEPLOYER,
+                REDISTRIBUTION_ADMIN,
+                USER_A,
+                USER_B,
+                USER_C,
+            );
+
+            const sendResult = await server.sendTransaction(issueTx);
+            if (sendResult.status !== 'PENDING') {
+                throw new Error(`Failed to setup trustlines: ${JSON.stringify(sendResult)}`);
+            }
+
+            const txResult = await server.pollTransaction(sendResult.hash);
+            if (txResult.status !== 'SUCCESS') {
+                throw new Error(`Failed to setup trustlines: ${JSON.stringify(txResult)}`);
+            }
+
+            console.log('Trustlines created and tokens issued');
+
+            // Deploy the SAC for the token
+            sacTokenAddress = await deployAssetSac(TOKEN_ASSET);
+            console.log('SAC deployed at:', sacTokenAddress);
+        });
+
+        it('Deploy SAC Manager contract with redistribution enabled', async () => {
+            sacManagerClient = await deployContract<SacManagerClient>(
+                SacManagerClient,
+                SAC_MANAGER_WASM_PATH,
+                {
+                    sac_token: sacTokenAddress,
+                    owner: DEFAULT_DEPLOYER.publicKey(),
+                    redistribution_enabled: true,
+                    supply_control_enabled: false,
+                },
+                DEFAULT_DEPLOYER,
+            );
+
+            sacManagerAddress = sacManagerClient.options.contractId;
+            console.log('SAC Manager deployed at:', sacManagerAddress);
+        });
+
+        it('Set SAC admin to SAC Manager', async () => {
+            // Set the SAC admin to the SAC manager contract
+            // This allows the SAC manager to call clawback, set_authorized, mint, etc.
+            await invokeSacFunction(
+                sacTokenAddress,
+                'set_admin',
+                [Address.fromString(sacManagerAddress).toScVal()],
+                TOKEN_ISSUER,
+            );
+
+            console.log('SAC admin set to SAC Manager');
+        });
+
+        it('Verify redistribution is enabled at construction', async () => {
+            const { result: enabled } = await sacManagerClient.redistribution_enabled();
+            expect(enabled).toBe(true);
+            console.log('Redistribution enabled:', enabled);
+        });
+
+        it('Verify owner (DEFAULT_DEPLOYER) starts with zero balance', async () => {
+            const ownerBalance = await getTokenBalance(
+                DEFAULT_DEPLOYER.publicKey(),
+                sacTokenAddress,
+            );
+            console.log('Owner (DEFAULT_DEPLOYER) balance:', ownerBalance.toString());
+            expect(ownerBalance).toBe(0n);
+        });
+    });
+
+    // ========================================================================
+    // Blacklist Management
+    // ========================================================================
+
+    describe('Blacklist Management', () => {
+        it('Verify all accounts start authorized (AUTH_REQUIRED=false)', async () => {
+            // Check authorization status directly on the SAC
+            const userAAuthorized = await getTokenAuthorized(USER_A.publicKey(), sacTokenAddress);
+            const userBAuthorized = await getTokenAuthorized(USER_B.publicKey(), sacTokenAddress);
+            const userCAuthorized = await getTokenAuthorized(USER_C.publicKey(), sacTokenAddress);
+
+            expect(userAAuthorized).toBe(true);
+            expect(userBAuthorized).toBe(true);
+            expect(userCAuthorized).toBe(true);
+
+            console.log('All users start authorized');
+        });
+
+        it('Blacklist USER_B via set_authorized', async () => {
+            // Use DEFAULT_DEPLOYER (owner) to blacklist USER_B
+            const assembledTx = await sacManagerClient.set_authorized({
+                id: USER_B.publicKey(),
+                authorize: false,
+            });
+
+            await assembledTx.signAndSend();
+            console.log('USER_B blacklisted (authorized=false)');
+        });
+
+        it('Verify USER_B is blacklisted (not authorized on SAC)', async () => {
+            const authorized = await getTokenAuthorized(USER_B.publicKey(), sacTokenAddress);
+            expect(authorized).toBe(false);
+            console.log('USER_B authorized:', authorized);
+        });
+
+        it('Non-admin cannot call set_authorized', async () => {
+            const userClient = createClientWithSigner(sacManagerAddress, USER_A);
+
+            const assembledTx = await userClient.set_authorized({
+                id: USER_C.publicKey(),
+                authorize: false,
+            });
+
+            await expect(assembledTx.signAndSend()).rejects.toThrow();
+            console.log('Non-admin correctly rejected from calling set_authorized');
+        });
+
+        it('Un-blacklist USER_B via set_authorized', async () => {
+            // Re-authorize USER_B
+            const assembledTx = await sacManagerClient.set_authorized({
+                id: USER_B.publicKey(),
+                authorize: true,
+            });
+
+            await assembledTx.signAndSend();
+
+            // Verify
+            const authorized = await getTokenAuthorized(USER_B.publicKey(), sacTokenAddress);
+            expect(authorized).toBe(true);
+
+            const isAuthorized = await getTokenAuthorized(USER_B.publicKey(), sacTokenAddress);
+            expect(isAuthorized).toBe(true);
+
+            console.log('USER_B un-blacklisted');
+        });
+
+        it('Re-blacklist USER_B for mint redirection tests', async () => {
+            const assembledTx = await sacManagerClient.set_authorized({
+                id: USER_B.publicKey(),
+                authorize: false,
+            });
+
+            await assembledTx.signAndSend();
+
+            const isAuthorized = await getTokenAuthorized(USER_B.publicKey(), sacTokenAddress);
+            expect(isAuthorized).toBe(false);
+            console.log('USER_B re-blacklisted for transfer tests');
+        });
+    });
+
+    // ========================================================================
+    // Mint Redirection (redistribution enabled)
+    // ========================================================================
+
+    describe('Mint Redirection', () => {
+        it('Verify initial balances', async () => {
+            const userABalance = await getTokenBalance(USER_A.publicKey(), sacTokenAddress);
+            const userBBalance = await getTokenBalance(USER_B.publicKey(), sacTokenAddress);
+            const userCBalance = await getTokenBalance(USER_C.publicKey(), sacTokenAddress);
+            const ownerBalance = await getTokenBalance(
+                DEFAULT_DEPLOYER.publicKey(),
+                sacTokenAddress,
+            );
+
+            console.log('\nInitial Balances:');
+            console.log(`  USER_A: ${userABalance}`);
+            console.log(`  USER_B: ${userBBalance}`);
+            console.log(`  USER_C: ${userCBalance}`);
+            console.log(`  Owner (DEFAULT_DEPLOYER): ${ownerBalance}`);
+
+            expect(userABalance).toBe(10000000000n); // 1000 tokens
+            expect(userBBalance).toBe(10000000000n); // 1000 tokens
+            expect(userCBalance).toBe(0n);
+            expect(ownerBalance).toBe(0n);
+        });
+
+        it('Admin mint to non-blacklisted address succeeds normally', async () => {
+            const userCBalanceBefore = await getTokenBalance(USER_C.publicKey(), sacTokenAddress);
+
+            const assembledTx = await sacManagerClient.authorized_mint({
+                sender: DEFAULT_DEPLOYER.publicKey(),
+                to: USER_C.publicKey(),
+                amount: TRANSFER_AMOUNT,
+            });
+            await assembledTx.signAndSend();
+
+            // Verify balance increased
+            const userCBalance = await getTokenBalance(USER_C.publicKey(), sacTokenAddress);
+
+            console.log('\nAfter authorized_mint to non-blacklisted (USER_C):');
+            console.log(`  USER_C: ${userCBalance}`);
+
+            expect(userCBalance).toBe(userCBalanceBefore + TRANSFER_AMOUNT);
+        });
+
+        it('Admin mint to blacklisted address redirects to redistribution target (owner)', async () => {
+            const ownerBalanceBefore = await getTokenBalance(
+                DEFAULT_DEPLOYER.publicKey(),
+                sacTokenAddress,
+            );
+            const userBBalanceBefore = await getTokenBalance(USER_B.publicKey(), sacTokenAddress);
+
+            const assembledTx = await sacManagerClient.authorized_mint({
+                sender: DEFAULT_DEPLOYER.publicKey(),
+                to: USER_B.publicKey(), // Blacklisted!
+                amount: TRANSFER_AMOUNT,
+            });
+            await assembledTx.signAndSend();
+
+            // Verify balances - USER_B should not receive, owner should
+            const userBBalance = await getTokenBalance(USER_B.publicKey(), sacTokenAddress);
+            const ownerBalance = await getTokenBalance(
+                DEFAULT_DEPLOYER.publicKey(),
+                sacTokenAddress,
+            );
+
+            console.log('\nAfter authorized_mint to blacklisted (USER_B):');
+            console.log(`  USER_B: ${userBBalance} (unchanged)`);
+            console.log(`  Owner (received redirected): ${ownerBalance}`);
+
+            // USER_B balance should be unchanged
+            expect(userBBalance).toBe(userBBalanceBefore);
+            // Owner should receive the redirected tokens
+            expect(ownerBalance).toBe(ownerBalanceBefore + TRANSFER_AMOUNT);
+        });
+    });
+
+    // ========================================================================
+    // Redistribute Funds
+    // ========================================================================
+
+    describe('Redistribute Funds', () => {
+        it('Redistribute funds from blacklisted account', async () => {
+            const ownerBalanceBefore = await getTokenBalance(
+                DEFAULT_DEPLOYER.publicKey(),
+                sacTokenAddress,
+            );
+            const userBBalanceBefore = await getTokenBalance(USER_B.publicKey(), sacTokenAddress);
+
+            console.log('\nBefore redistribute_blacklisted_funds:');
+            console.log(`  USER_B: ${userBBalanceBefore}`);
+            console.log(`  Owner: ${ownerBalanceBefore}`);
+
+            // Only owner can redistribute - use DEFAULT_DEPLOYER
+            const assembledTx = await sacManagerClient.redistribute_blacklisted_funds({
+                from: USER_B.publicKey(),
+                amount: REDISTRIBUTE_AMOUNT,
+            });
+            await assembledTx.signAndSend();
+
+            // Verify balances
+            const userBBalance = await getTokenBalance(USER_B.publicKey(), sacTokenAddress);
+            const ownerBalance = await getTokenBalance(
+                DEFAULT_DEPLOYER.publicKey(),
+                sacTokenAddress,
+            );
+
+            console.log('\nAfter redistribute_blacklisted_funds:');
+            console.log(`  USER_B: ${userBBalance}`);
+            console.log(`  Owner: ${ownerBalance}`);
+
+            expect(userBBalance).toBe(userBBalanceBefore - REDISTRIBUTE_AMOUNT);
+            expect(ownerBalance).toBe(ownerBalanceBefore + REDISTRIBUTE_AMOUNT);
+        });
+
+        it('Cannot redistribute from non-blacklisted account', async () => {
+            // USER_A is not blacklisted - this should fail even for owner
+            const assembledTx = await sacManagerClient.redistribute_blacklisted_funds({
+                from: USER_A.publicKey(),
+                amount: REDISTRIBUTE_AMOUNT,
+            });
+            await expect(assembledTx.signAndSend()).rejects.toThrow();
+            console.log('Correctly rejected redistribution from non-blacklisted account');
+        });
+
+        it('Non-owner cannot redistribute', async () => {
+            // USER_A is not the owner - this should fail
+            const userClient = createClientWithSigner(sacManagerAddress, USER_A);
+            const assembledTx = await userClient.redistribute_blacklisted_funds({
+                from: USER_B.publicKey(),
+                amount: REDISTRIBUTE_AMOUNT,
+            });
+            await expect(assembledTx.signAndSend()).rejects.toThrow();
+            console.log('Non-owner correctly rejected from redistributing');
+        });
+    });
+
+    // ========================================================================
+    // Final Summary
+    // ========================================================================
+
+    describe('Final Summary', () => {
+        it('Print final balances', async () => {
+            const userABalance = await getTokenBalance(USER_A.publicKey(), sacTokenAddress);
+            const userBBalance = await getTokenBalance(USER_B.publicKey(), sacTokenAddress);
+            const userCBalance = await getTokenBalance(USER_C.publicKey(), sacTokenAddress);
+            const ownerBalance = await getTokenBalance(
+                DEFAULT_DEPLOYER.publicKey(),
+                sacTokenAddress,
+            );
+
+            console.log('\n========================================');
+            console.log('Final Balance Summary');
+            console.log('========================================');
+            console.log(`  USER_A: ${userABalance}`);
+            console.log(`  USER_B (blacklisted): ${userBBalance}`);
+            console.log(`  USER_C: ${userCBalance}`);
+            console.log(`  Owner (redistribution target): ${ownerBalance}`);
+            console.log('========================================\n');
+
+            console.log('SAC Manager Redistribution E2E tests completed successfully!');
+        });
+    });
+});

package/sdk/test/suites/globalSetup.ts

@@ -230,18 +230,12 @@ async function deployChainContracts(eid: number, chainLabel: string): Promise<Ch
 
     // 10. Deploy Executor (supports both ULN302 and SML)
     console.log(`🚀 [${chainLabel}] Deploying Executor...`);
-    const whitelist = [
-        [addresses.executorHelper, 'native_drop_and_execute'],
-        [addresses.executorHelper, 'execute'],
-        [addresses.executorHelper, 'compose'],
-    ];
     const executorClient = await deployContract<ExecutorClient>(
         ExecutorClient,
         path.join(wasmDir, 'executor.wasm'),
         {
             owner: DEFAULT_DEPLOYER.publicKey(),
             endpoint: addresses.endpointV2,
-            whitelist,
             admins: [EXECUTOR_ADMIN.publicKey(), DEFAULT_DEPLOYER.publicKey()],
             message_libs: [addresses.uln302, addresses.sml],
             price_feed: addresses.priceFeed,
@@ -254,6 +248,17 @@ async function deployChainContracts(eid: number, chainLabel: string): Promise<Ch
     addresses.executor = executorClient.options.contractId;
     console.log(`✅ [${chainLabel}] Executor deployed:`, addresses.executor);
 
+    // 11. Register Executor Helper with Executor
+    console.log(`🚀 [${chainLabel}] Registering Executor Helper with Executor...`);
+    await (
+        await executorClient.set_executor_helper({
+            admin: DEFAULT_DEPLOYER.publicKey(),
+            helper: addresses.executorHelper,
+            allowed_functions: ['execute', 'compose', 'native_drop_and_execute'],
+        })
+    ).signAndSend();
+    console.log(`✅ [${chainLabel}] Executor Helper registered`);
+
     const clients: ChainClients = {
         endpointClient,
         uln302Client,